last executing test programs: 10.950449404s ago: executing program 2 (id=147): syz_open_dev$video(&(0x7f0000000140), 0xd, 0x0) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8) sendto$inet6(r0, 0x0, 0x0, 0x4c881, &(0x7f0000000540)={0xa, 0x4e24, 0x0, @mcast2}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000003300)=[{{0x0, 0x0, &(0x7f0000000080)=[{}], 0x1}}], 0x1, 0x400c404) openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0) ioctl$TIOCVHANGUP(r4, 0x5437, 0x2) capset(&(0x7f0000000000)={0x19980330}, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) 9.720063949s ago: executing program 2 (id=152): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000400)=ANY=[@ANYBLOB="12013f00000000407f04ffff0000000000010902240001000000000904000015030000000921", @ANYRES8], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) r1 = add_key$user(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) r2 = add_key$user(0x0, 0x0, &(0x7f00000001c0)="f40f", 0x2, 0xfffffffffffffffb) r3 = add_key$user(&(0x7f00000011c0), &(0x7f0000001200)={'syz', 0x3}, &(0x7f000000a140)='\x00', 0x1, 0xfffffffffffffffe) ioctl$EVIOCRMFF(0xffffffffffffffff, 0x40044581, &(0x7f0000000240)=0x8001) keyctl$dh_compute(0x17, &(0x7f0000000440)={r1, r2, r3}, 0x0, 0x0, 0x0) keyctl$setperm(0x5, r2, 0x110008) r4 = socket$pppl2tp(0x18, 0x1, 0x1) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_trace_dev_match', 0x0, 0x0) read$FUSE(r5, &(0x7f00000034c0)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) ioctl$HIDIOCGFIELDINFO(r5, 0xc038480a, &(0x7f0000000200)={0x2, 0x2, 0xa00000, 0x7, 0xc, 0x932, 0x80000000, 0x7, 0x7f, 0x3, 0xfffffff7, 0x6, 0x8000, 0x7}) ioctl$SIOCSIFMTU(r4, 0x8948, &(0x7f0000000040)={'veth1_to_bridge\x00', 0x200}) socket$packet(0x11, 0x0, 0x300) socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(0xffffffffffffffff, &(0x7f0000000040), 0x10) sched_setattr(r6, 0x0, 0x0) r7 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r8 = syz_pidfd_open(r7, 0x0) r9 = epoll_create1(0x0) waitid(0x0, 0x0, 0x0, 0x4, 0x0) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000000000)={0xe000202b}) io_setup(0x6, &(0x7f0000001380)) 5.359433014s ago: executing program 0 (id=172): r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f0000000140), 0x10) close(r0) 5.22027903s ago: executing program 0 (id=174): r0 = socket$key(0xf, 0x3, 0x2) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x100008b}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x40) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200130002000000da16c167d803f1f805000600200000000a00060000000000ff0000000000000000001ffeff0001000003f1dc7f7c6e7c02"], 0x80}}, 0x0) sendmmsg(r0, &(0x7f0000000180), 0x400008a, 0x0) 5.107250287s ago: executing program 2 (id=175): ioctl$PPPIOCSMAXCID(0xffffffffffffffff, 0x40047451, 0x0) r0 = gettid() timer_create(0xb, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) ioctl$FS_IOC_MEASURE_VERITY(0xffffffffffffffff, 0xc0046686, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = syz_open_dev$cec(&(0x7f0000000240), 0x0, 0x2182) ioctl$CEC_RECEIVE(r1, 0xc0386106, &(0x7f0000000000)={0x0, 0x7, 0x1, 0x0, 0x0, 0x9, '&\x00', 0x0, 0x0, 0x4a, 0x0, 0x0, 0x0, 0xe}) 5.0397803s ago: executing program 0 (id=177): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000780), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_HALT_POLL(r1, 0x4068aea3, &(0x7f0000000000)={0xdf, 0x0, 0x10000}) 4.78738331s ago: executing program 0 (id=178): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[], 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x0, 0x0) 4.056270002s ago: executing program 2 (id=187): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x410002) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) (async) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x400480, 0x0) (async) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x400480, 0x0) ioctl$SNDRV_TIMER_IOCTL_STATUS32(r1, 0x80585414, &(0x7f0000000080)) socket$packet(0x11, 0x3, 0x300) (async) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000000100)=@req3={0x1ff, 0x5, 0xf2969cb0, 0x6, 0x500e4b54, 0xffff1689, 0x7}, 0x1c) sendmsg$RDMA_NLDEV_CMD_STAT_SET(r1, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x28, 0x1410, 0x400, 0x70bd26, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_RES_LQPN={0x8, 0x15, 0x4}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x2}]}, 0x28}, 0x1, 0x0, 0x0, 0x40401c1}, 0x1) (async) sendmsg$RDMA_NLDEV_CMD_STAT_SET(r1, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x28, 0x1410, 0x400, 0x70bd26, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_RES_LQPN={0x8, 0x15, 0x4}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x2}]}, 0x28}, 0x1, 0x0, 0x0, 0x40401c1}, 0x1) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000280)={0x0, 0x0}) sendmsg$nl_netfilter(r1, &(0x7f0000000640)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000600)={&(0x7f0000000300)={0x2cc, 0xe, 0xa, 0x5, 0x70bd2a, 0x25dfdbfc, {0xa, 0x0, 0x2}, [@nested={0x1c6, 0x9, 0x0, 0x1, [@generic="291aa793e5e2b59635ee5a692c9a63f51ed67569b839ffd29c500abc6a4fe9b2714a752bccd24830a2", @generic="003a0a593e63c4ecc64b6dc584092d7f634f99bb1d9389382384a6fd3797159e1e92b4a99c63292012a6938b2cd17638c03fd3deab5317393773a12c19b45b3e4e66abba7c7fba6fd7071e9b1a19ab2e012ff1b01a111625fb5ce978a790556a17346702ae98f27d99b5c2aa30cd5fdd8170a25e52426f2e541ae915709d2b86a8a6f5726679e014c727d21510c776ecf6e04c49e2c21e96b5591cd9a99dbab9135e", @typed={0x12, 0xf9, 0x0, 0x0, @binary="52b462e2dbf0b1a3bb609537b049"}, @typed={0x14, 0x144, 0x0, 0x0, @ipv6=@mcast1}, @nested={0x4, 0x50}, @typed={0x4, 0xb4}, @generic="4b7e71647bdbc066bea9283d678adc72b8e75a2d62d91ea26dbcae2ab8645c1b7c269c05e75ceb4c36c6", @nested={0x4, 0xa5}, @generic="4ba6da9ede8117ba4e69e16715cead7fab1374f8f7af10dffb0848ebcbdc2590a67d01e5f7ad9e185c266beaf0a58c1798e74ce5949100e39090b00cdce9777032afec756f5d00d39f7eb1ea59171c1758bd8cf1030d8136a7974d7691b02f0151052cc987da41bedb5b0a43cf5b6f8d0642eb59e827ca1888ee1a63bfc152c23270502e19ac439fe2786993630bfa70a4f777e54d2409a468"]}, @nested={0x2e, 0xf9, 0x0, 0x1, [@nested={0x4, 0x118}, @typed={0xc, 0x74, 0x0, 0x0, @u64=0x100}, @generic="38fe12603a6e4687908a24f36a589cd954ff0661b8a8dbcb2db1"]}, @typed={0x8, 0x5c, 0x0, 0x0, @pid=r3}, @generic="469f0e0554786f6a9941fd181f559d15b54859b3", @nested={0x94, 0x10, 0x0, 0x1, [@generic="c3cb55217d2d32f681ad3005c5b23bb48e97da1ba9ceb840de4097aac96b24fbfeca7a5dd31231025784edbe0f135b75a59403bce810fa165b376bb51dd07c0ec1b97b81dd9e989798ad081dcf0db6658edb54683e643c29075b72369a58aa7a16ec0cc0b1c26006c3e431341c1c92b1716dd349954c8b03", @typed={0x8, 0xd, 0x0, 0x0, @u32=0x2}, @typed={0x8, 0x13b, 0x0, 0x0, @pid=0xffffffffffffffff}, @nested={0x4, 0x1e}, @nested={0x4, 0xcd}]}, @typed={0xf, 0x94, 0x0, 0x0, @str='/dev/nvram\x00'}]}, 0x2cc}, 0x1, 0x0, 0x0, 0x24000000}, 0x8000) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r1, 0xc0505405, &(0x7f0000000680)={{0x0, 0x0, 0x0, 0x0, 0x200}, 0x3, 0x8, 0x5}) mkdirat$cgroup(r1, &(0x7f0000000700)='syz1\x00', 0x1ff) openat$nvram(0xffffffffffffff9c, &(0x7f0000000740), 0x200, 0x0) (async) r4 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000740), 0x200, 0x0) syz_kvm_setup_cpu$x86(r1, r4, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000800)=[@text64={0x40, &(0x7f0000000780)="0f0748b80c000000000000000f23c80f21f835040050000f23f866450f73d1ef66ba4100ec0109b92d0a0000b809000000ba000000000f3048b877000000000000000f23d00f21f8350000000e0f23f8670f794e7066baf80cb8f5f1818aef66bafc0cb003ee66baf80cb888536184ef66bafc0cec", 0x75}], 0x1, 0x60, &(0x7f0000000840)=[@efer={0x2, 0x1000}], 0x1) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r1, 0x3ba0, &(0x7f0000000880)={0x48, 0x7, r1, 0x0, 0x0, 0x0, 0x3, 0x1a8e22, 0x1d304d}) accept4$unix(r4, &(0x7f0000000900)=@abs, &(0x7f0000000980)=0x6e, 0x80000) (async) r5 = accept4$unix(r4, &(0x7f0000000900)=@abs, &(0x7f0000000980)=0x6e, 0x80000) bind$unix(r5, &(0x7f00000009c0)=@abs={0x0, 0x0, 0x4e23}, 0x6e) syz_genetlink_get_family_id$nl80211(&(0x7f0000000a80), r4) (async) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a80), r4) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000ac0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_GET_MPATH(r1, &(0x7f0000000bc0)={&(0x7f0000000a40)={0x10, 0x0, 0x0, 0x20000090}, 0xc, &(0x7f0000000b80)={&(0x7f0000000b00)={0x70, r6, 0x400, 0x70bd27, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x70}, 0x1, 0x0, 0x0, 0x40}, 0x10) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000c00)={0x7, 0x9, 0x0, 'queue0\x00', 0xffff2ac8}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r4, 0x40505412, &(0x7f0000000cc0)={0x0, 0x8a6, 0xc7, 0x0, 0xf}) close_range(r1, r4, 0x0) syz_usb_connect(0x2, 0x390, &(0x7f0000000d40)={{0x12, 0x1, 0x201, 0xc0, 0x44, 0x1c, 0x8, 0x5ac, 0x24c, 0xb8ae, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x37e, 0x3, 0x7f, 0x40, 0x20, 0x4, [{{0x9, 0x4, 0xfd, 0x8, 0x3, 0x3, 0xf, 0x2, 0x9, [@uac_as={[@format_type_i_continuous={0xe, 0x24, 0x2, 0x1, 0x1, 0x1, 0x40, 0x3, "09d48f", "01b60d"}, @as_header={0x7, 0x24, 0x1, 0x2, 0x8, 0x2}, @as_header={0x7, 0x24, 0x1, 0xd, 0xcc}, @format_type_i_discrete={0x8, 0x24, 0x2, 0x1, 0x3, 0x2, 0x2, 0x49}, @format_type_i_discrete={0x9, 0x24, 0x2, 0x1, 0x5, 0x1, 0x9, 0x9, "b1"}]}, @uac_control={{0xa, 0x24, 0x1, 0x9, 0x7}, [@extension_unit={0xa, 0x24, 0x8, 0x5, 0x2, 0x7, "83ca86"}, @mixer_unit={0x9, 0x24, 0x4, 0x2, 0xdb, "70fb57f0"}]}], [{{0x9, 0x5, 0x4, 0xc, 0x20, 0xd, 0x9, 0x7, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x0, 0xf1}]}}, {{0x9, 0x5, 0x5, 0x10, 0x10, 0x19, 0x9, 0x6, [@generic={0xf2, 0xf, "31a4c87a1f32d343eb0598c25e82921d8d3c20dadf5422dbe0f56fc56d20cf008717123389669047629265b131f6826a9e25d6b98c5ef7bb48abb8755fc84d254ca82ac54b22a5f862962935310625fb73abad5ac7ee0e7992d07eb960ca82ead2a54fff7657664eeb6e541537439d05ee437a292cfc5ebfb2f51981b346dc9638eeda0e14b52b218949cb66e8c918a40c3d7f4ea195260a2a6501d8e9b865b3bebc56b56b0fe253202ee4fca3e28c2e427a1f989c220efbe0048bbb459d764f23d8309fdfdddeebca8447289dfdbaa50714ffafa7707cfb6387d094b9b69ddbd398c333b59fd630875479e6eac33146"}]}}, {{0x9, 0x5, 0x80, 0xc, 0x400, 0xa6, 0x3, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0xf2, 0x8001}]}}]}}, {{0x9, 0x4, 0x2, 0x0, 0x4, 0x6e, 0x3b, 0x7f, 0x3, [@cdc_ncm={{0x5}, {0x5, 0x24, 0x0, 0x9}, {0xd, 0x24, 0xf, 0x1, 0xe1a6, 0x9, 0x4, 0x6}, {0x6, 0x24, 0x1a, 0xc3, 0x10}, [@mdlm={0x15, 0x24, 0x12, 0x4}]}], [{{0x9, 0x5, 0x4, 0x10, 0x20, 0xa, 0x16, 0xc, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x6, 0x30cb}]}}, {{0x9, 0x5, 0xb, 0x2, 0x8, 0x7, 0x4, 0x5, [@generic={0xb, 0x31, "18ba7b083c68aac716"}]}}, {{0x9, 0x5, 0xd, 0x4, 0x10, 0xf, 0x5, 0xbc, [@generic={0x100, 0x6, "b54acf196fa092adbb2b23bd73b8279622651f5285bdd4e6b9f31710022de313e298f8b136ae3e1975965b561a17c68a504f3db79b7fc1d16238c019ad87576c47e5605e99e3ef388126039c4cfb9fe7e8f0415e25001a03f4f47fcba2f48c3f3e62df63a8ff44c431e8d5e13b62e8ac9b63d339a75b625e644595a28da17671a300d2d18f2e55598dd465703d9f5016f0731b6e80e95d1e78a722569c8e7aefb6bab75dac9f24ae31c9024c437efd13ecd2a7a9c56ee14ccae1936c28b47df1426c237c4006abae360b5b2e71077b8c1deb7d4692e7261864632cfef4b46b3174c12fb950a21366cdaba0ff20b4be3e33f9f352362d8c8a8c5f0497f9af"}, @uac_iso={0x7, 0x25, 0x1, 0x81, 0xe, 0x6}]}}, {{0x9, 0x5, 0xc, 0x10, 0x3ff, 0x36, 0xc, 0xb, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x0, 0x7}]}}]}}, {{0x9, 0x4, 0xd8, 0x9, 0x1, 0xab, 0x4e, 0x67, 0x2, [@hid_hid={0x9, 0x21, 0x5, 0x1, 0x1, {0x22, 0xa11}}], [{{0x9, 0x5, 0x4, 0x3, 0x3ff, 0x71, 0x39, 0x40, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x40}, @generic={0x67, 0x22, "484699d8badbe5c783c54f90bdf43b0d95c690db9dbda4e4953468014db39c1372c4c240c1303a78b278fb32a70b879c591651e8c69e4780ad593a4fc4e24049c0ac4ec8a30589fa967d70bf788e0a80bf646b025eafb9259c1261fb41e76667fae696891a"}]}}]}}]}}]}}, &(0x7f00000012c0)={0xa, &(0x7f0000001100)={0xa, 0x6, 0x300, 0x7, 0x8, 0x0, 0x10, 0x9}, 0x3d, &(0x7f0000001140)={0x5, 0xf, 0x3d, 0x2, [@ssp_cap={0x24, 0x10, 0xa, 0xe, 0x6, 0x0, 0xf00, 0x6c68, [0xff30, 0xc0f0, 0xff412e, 0xf, 0x18030, 0xff000f]}, @ssp_cap={0x14, 0x10, 0xa, 0x38, 0x2, 0x1, 0xf, 0x6, [0x0, 0x0]}]}, 0x4, [{0x4, &(0x7f0000001180)=@lang_id={0x4, 0x3, 0x4ac}}, {0x4, &(0x7f00000011c0)=@lang_id={0x4, 0x3, 0x459}}, {0x80, &(0x7f0000001200)=@string={0x80, 0x3, "54ef6dd5a8dd592c876baa769a04b7bd4daa503f37feafc9a90a6d404a27df9624f760763246682c5f891a3327b106681a0f75e8148f102d68c7e353fb9c2c6dd18deef12df321b975e72e381d69656cb2caf3f5a57edc558dda9ece864f4622a4f412d9613f7e2c32e266380e9f85128b99854aa5e8e503457345f6bad2"}}, {0x4, &(0x7f0000001280)=@lang_id={0x4, 0x3, 0x404}}]}) (async) r8 = syz_usb_connect(0x2, 0x390, &(0x7f0000000d40)={{0x12, 0x1, 0x201, 0xc0, 0x44, 0x1c, 0x8, 0x5ac, 0x24c, 0xb8ae, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x37e, 0x3, 0x7f, 0x40, 0x20, 0x4, [{{0x9, 0x4, 0xfd, 0x8, 0x3, 0x3, 0xf, 0x2, 0x9, [@uac_as={[@format_type_i_continuous={0xe, 0x24, 0x2, 0x1, 0x1, 0x1, 0x40, 0x3, "09d48f", "01b60d"}, @as_header={0x7, 0x24, 0x1, 0x2, 0x8, 0x2}, @as_header={0x7, 0x24, 0x1, 0xd, 0xcc}, @format_type_i_discrete={0x8, 0x24, 0x2, 0x1, 0x3, 0x2, 0x2, 0x49}, @format_type_i_discrete={0x9, 0x24, 0x2, 0x1, 0x5, 0x1, 0x9, 0x9, "b1"}]}, @uac_control={{0xa, 0x24, 0x1, 0x9, 0x7}, [@extension_unit={0xa, 0x24, 0x8, 0x5, 0x2, 0x7, "83ca86"}, @mixer_unit={0x9, 0x24, 0x4, 0x2, 0xdb, "70fb57f0"}]}], [{{0x9, 0x5, 0x4, 0xc, 0x20, 0xd, 0x9, 0x7, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x0, 0xf1}]}}, {{0x9, 0x5, 0x5, 0x10, 0x10, 0x19, 0x9, 0x6, [@generic={0xf2, 0xf, "31a4c87a1f32d343eb0598c25e82921d8d3c20dadf5422dbe0f56fc56d20cf008717123389669047629265b131f6826a9e25d6b98c5ef7bb48abb8755fc84d254ca82ac54b22a5f862962935310625fb73abad5ac7ee0e7992d07eb960ca82ead2a54fff7657664eeb6e541537439d05ee437a292cfc5ebfb2f51981b346dc9638eeda0e14b52b218949cb66e8c918a40c3d7f4ea195260a2a6501d8e9b865b3bebc56b56b0fe253202ee4fca3e28c2e427a1f989c220efbe0048bbb459d764f23d8309fdfdddeebca8447289dfdbaa50714ffafa7707cfb6387d094b9b69ddbd398c333b59fd630875479e6eac33146"}]}}, {{0x9, 0x5, 0x80, 0xc, 0x400, 0xa6, 0x3, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0xf2, 0x8001}]}}]}}, {{0x9, 0x4, 0x2, 0x0, 0x4, 0x6e, 0x3b, 0x7f, 0x3, [@cdc_ncm={{0x5}, {0x5, 0x24, 0x0, 0x9}, {0xd, 0x24, 0xf, 0x1, 0xe1a6, 0x9, 0x4, 0x6}, {0x6, 0x24, 0x1a, 0xc3, 0x10}, [@mdlm={0x15, 0x24, 0x12, 0x4}]}], [{{0x9, 0x5, 0x4, 0x10, 0x20, 0xa, 0x16, 0xc, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x6, 0x30cb}]}}, {{0x9, 0x5, 0xb, 0x2, 0x8, 0x7, 0x4, 0x5, [@generic={0xb, 0x31, "18ba7b083c68aac716"}]}}, {{0x9, 0x5, 0xd, 0x4, 0x10, 0xf, 0x5, 0xbc, [@generic={0x100, 0x6, "b54acf196fa092adbb2b23bd73b8279622651f5285bdd4e6b9f31710022de313e298f8b136ae3e1975965b561a17c68a504f3db79b7fc1d16238c019ad87576c47e5605e99e3ef388126039c4cfb9fe7e8f0415e25001a03f4f47fcba2f48c3f3e62df63a8ff44c431e8d5e13b62e8ac9b63d339a75b625e644595a28da17671a300d2d18f2e55598dd465703d9f5016f0731b6e80e95d1e78a722569c8e7aefb6bab75dac9f24ae31c9024c437efd13ecd2a7a9c56ee14ccae1936c28b47df1426c237c4006abae360b5b2e71077b8c1deb7d4692e7261864632cfef4b46b3174c12fb950a21366cdaba0ff20b4be3e33f9f352362d8c8a8c5f0497f9af"}, @uac_iso={0x7, 0x25, 0x1, 0x81, 0xe, 0x6}]}}, {{0x9, 0x5, 0xc, 0x10, 0x3ff, 0x36, 0xc, 0xb, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x0, 0x7}]}}]}}, {{0x9, 0x4, 0xd8, 0x9, 0x1, 0xab, 0x4e, 0x67, 0x2, [@hid_hid={0x9, 0x21, 0x5, 0x1, 0x1, {0x22, 0xa11}}], [{{0x9, 0x5, 0x4, 0x3, 0x3ff, 0x71, 0x39, 0x40, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x40}, @generic={0x67, 0x22, "484699d8badbe5c783c54f90bdf43b0d95c690db9dbda4e4953468014db39c1372c4c240c1303a78b278fb32a70b879c591651e8c69e4780ad593a4fc4e24049c0ac4ec8a30589fa967d70bf788e0a80bf646b025eafb9259c1261fb41e76667fae696891a"}]}}]}}]}}]}}, &(0x7f00000012c0)={0xa, &(0x7f0000001100)={0xa, 0x6, 0x300, 0x7, 0x8, 0x0, 0x10, 0x9}, 0x3d, &(0x7f0000001140)={0x5, 0xf, 0x3d, 0x2, [@ssp_cap={0x24, 0x10, 0xa, 0xe, 0x6, 0x0, 0xf00, 0x6c68, [0xff30, 0xc0f0, 0xff412e, 0xf, 0x18030, 0xff000f]}, @ssp_cap={0x14, 0x10, 0xa, 0x38, 0x2, 0x1, 0xf, 0x6, [0x0, 0x0]}]}, 0x4, [{0x4, &(0x7f0000001180)=@lang_id={0x4, 0x3, 0x4ac}}, {0x4, &(0x7f00000011c0)=@lang_id={0x4, 0x3, 0x459}}, {0x80, &(0x7f0000001200)=@string={0x80, 0x3, "54ef6dd5a8dd592c876baa769a04b7bd4daa503f37feafc9a90a6d404a27df9624f760763246682c5f891a3327b106681a0f75e8148f102d68c7e353fb9c2c6dd18deef12df321b975e72e381d69656cb2caf3f5a57edc558dda9ece864f4622a4f412d9613f7e2c32e266380e9f85128b99854aa5e8e503457345f6bad2"}}, {0x4, &(0x7f0000001280)=@lang_id={0x4, 0x3, 0x404}}]}) syz_usb_control_io$printer(r8, &(0x7f00000014c0)={0x14, &(0x7f0000001340)={0x40, 0x22, 0x92, {0x92, 0x8, "de476a7decfd7a29f69956eed9af35c2d4179a9c809e1ba87dfcc64661133a849a5e7514a0e844f4a8a328ebb36ffc24385cab1e6a6d38b972f59c89a3ccedd8767e41905ecfffd21e58c18752db0b4f7c282050ad60b1bb52872ae673874741f2e78373249e57c50cd2d0ca379cda490a2a6a28a3e391bf77c8a8be8abfcaaa04efc23dfc163d41e2dd98b130232e6f"}}, &(0x7f0000001400)={0x0, 0x3, 0xb7, @string={0xb7, 0x3, "c4492512aba4e5b5b555b140db2ebd3a26d8d70b463bd11b5c28842701d4efa989138e744ea5690335f979ca4d370a5dadcd7f9e17bea7018ed636ee3e88a3567ea45881e5c392646ca1e4e1ffe298344015f2343c977487db6cb10de3cb9acf8d4db7ffef08fdff77531f20c104f7e0b3ddd35607d470317e6aee7685fbf0e70f1fc257e621375379bffa9e64e69a07e39da19a55d70d5d0e07cd52b245307ffab6a5fb4989d61127fc761855dc45fff54956b021"}}}, &(0x7f0000001680)={0x34, &(0x7f0000001500)={0x0, 0x0, 0x11, "d76dded34211f39b5c2616ef87fdcb55dc"}, &(0x7f0000001540)={0x0, 0xa, 0x1, 0x80}, &(0x7f0000001580)={0x0, 0x8, 0x1}, &(0x7f00000015c0)={0x20, 0x0, 0x11, {0xf, "d3ac28e1ffc76bddad014dc168dcd9"}}, &(0x7f0000001600)={0x20, 0x1, 0x1, 0x9}, &(0x7f0000001640)={0x20, 0x0, 0x1, 0x7}}) sendmsg$NL80211_CMD_GET_MPATH(r4, &(0x7f0000001780)={&(0x7f00000016c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000001740)={&(0x7f0000001700)={0x38, r6, 0x20, 0x70bd28, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}]}, 0x38}, 0x1, 0x0, 0x0, 0x48051}, 0x4040) ioctl$KVM_GET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee2, &(0x7f0000001800)=@attr_pmu_filter={0x0, 0x1, 0x1, &(0x7f00000017c0)={0x8000, 0x6}}) (async) ioctl$KVM_GET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee2, &(0x7f0000001800)=@attr_pmu_filter={0x0, 0x1, 0x1, &(0x7f00000017c0)={0x8000, 0x6}}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r1, 0xc018937d, &(0x7f0000001840)={{0x1, 0x1, 0x18, r4, {0x4514}}, './file0\x00'}) (async) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r1, 0xc018937d, &(0x7f0000001840)={{0x1, 0x1, 0x18, r4, {0x4514}}, './file0\x00'}) ioctl$SG_GET_VERSION_NUM(r9, 0x2282, &(0x7f0000001880)) ioctl$KVM_RUN(r4, 0xae80, 0x0) close_range(r4, r4, 0x0) 2.443726294s ago: executing program 1 (id=195): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20020084, &(0x7f00000018c0)={0x2, 0x4e20}, 0x10) r1 = dup2(r0, r0) sendto$inet(r1, &(0x7f0000000040)="e1", 0x1, 0x801, 0x0, 0x0) ioctl$sock_inet_udp_SIOCINQ(r1, 0x8905, &(0x7f0000000580)) (fail_nth: 1) 2.047387031s ago: executing program 1 (id=196): syz_open_dev$vim2m(&(0x7f0000000000), 0x7f, 0x2) (async) syz_open_dev$vim2m(&(0x7f0000000000), 0x7f, 0x2) r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa02, 0x0) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x800) dup(r1) (async) dup(r1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0x45809000) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0x45809000) r2 = syz_open_dev$tty1(0xc, 0x4, 0x2) pwrite64(r2, 0x0, 0x0, 0x5) r3 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000080), &(0x7f00000000c0)=0xe) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) (async) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil) mlock2(&(0x7f00002e5000/0xc00000)=nil, 0xc00000, 0x0) 1.754247009s ago: executing program 0 (id=198): r0 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='.\x00', 0x0, 0x0) renameat(r0, &(0x7f00000004c0)='./cgroup.net/devices.allow\x00', r0, &(0x7f0000000380)='./cgroup.net/cgroup.procs\x00') 1.667426619s ago: executing program 1 (id=199): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), r0) sendmsg$IEEE802154_ADD_IFACE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x28, r1, 0x201, 0x70bd2c, 0x25dfdbff, {}, [@IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy1\x00'}, @IEEE802154_ATTR_DEV_TYPE={0x5}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000000}, 0x40800) 1.656944807s ago: executing program 0 (id=200): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) syz_usb_connect(0x0, 0x24, &(0x7f0000001080)=ANY=[@ANYBLOB="1201000005af9e08d2106528c9a4000000010902120001000000000904"], 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x10, 0x11, 0x0, 0x1, @counter={{0xc}, @void}}]}, @NFT_MSG_NEWSETELEM={0x60, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x34, 0x3, 0x0, 0x1, [{0x30, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPRESSIONS={0x24, 0xb, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @counter={{0xc}, @void}}, {0x10, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0x4}}}]}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0xa, 0x84}}}, 0xf4}, 0x1, 0x0, 0x0, 0xc800}, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="041817aaaaaaaaaa10cb2242c83bf4531f3a7f27d32d67705702"], 0x1a) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, 0x0) r1 = getpid() r2 = syz_pidfd_open(r1, 0x0) setns(r2, 0x24020000) r3 = syz_clone(0x30288000, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r3) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x84, 0x0, 0x0) r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) r6 = socket$inet6_mptcp(0xa, 0x1, 0x106) r7 = syz_open_dev$video4linux(&(0x7f0000000040), 0x0, 0x0) ioctl$VIDIOC_SUBDEV_S_FMT(r7, 0x80085665, &(0x7f0000000080)) getsockopt$IP6T_SO_GET_INFO(r6, 0x29, 0x40, 0x0, 0x0) sendmsg$IPCTNL_MSG_CT_GET(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=ANY=[@ANYBLOB="e80100000001050500000000000000000a0000003c0002802c00018014000300ff01000000000000000000000000000114000400ff0200000000000000000000000000010c00028005000100000000003c0001800c00028005000100000000002c00018014000300ff020d40f799000000000000000000011400040020010000000000000000000000000001080007400000000010000d800c000380060002004e210000080007400000000da800068004000380080002006401010124000380060001004e230000060001004e230000060001004e210000060002004e24000008000200e000000234000380060002004e230000060002004e240000060001004e200000060002004e200000060002004e230000060001004e200000140004000000000000000000000000000000000008000200ac1414aa140005000000000000000000000000000000000008000100e000000284000e801400018008000100ac141409080002000a0101010600034000000000060003400001000006000340000300000c000280050001009f0000000c00028005000100000000002c00018014000300fe80000000000000000000000000002d14000400fc02000000000000000000000000000106000340000300000600034000040000080008"], 0x1e8}}, 0x0) setreuid(0x0, 0xee00) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x22052, r4, 0x2000) 1.308258197s ago: executing program 1 (id=202): open(&(0x7f0000000380)='./bus\x00', 0x0, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, 0xffffffffffffffff, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0x4}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1}) ioctl$vim2m_VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000040)={0x2, 0x0, 0x0, 0x80480}) r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000280)=ANY=[@ANYBLOB]) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000004c0)={0x48, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}]}, 0x48}}, 0x0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000740)={0x40, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x18, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty=0xfffffffe}}, @IPSET_ATTR_CIDR={0x5, 0x3, 0x8}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084) openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/cgroup.procs\x00', &(0x7f0000000040)={0x107342, 0x0, 0x39}, 0x18) r9 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4) dup(r9) r10 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000002fc0), 0x242002, 0x0) fcntl$setstatus(r10, 0x403, 0x44400) openat$sndtimer(0xffffffffffffff9c, &(0x7f00000003c0), 0x80002) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) 1.247304892s ago: executing program 3 (id=203): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00') pread64(r2, &(0x7f0000000200)=""/102400, 0x19000, 0x1000000000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) r3 = syz_clone(0x20300000, 0x0, 0x0, 0x0, 0x0, 0x0) syz_open_procfs(r3, &(0x7f0000000140)='net/anycast6\x00') r4 = getpgrp(0x0) tkill(r4, 0x0) move_pages(r4, 0x1, &(0x7f0000000000)=[&(0x7f0000ffd000/0x3000)=nil], &(0x7f0000000080), &(0x7f0000000080), 0xe) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) 1.004272037s ago: executing program 1 (id=204): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000fc0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DEL_KEY(r2, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000180)={0x30, r1, 0x1, 0x70bd2e, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x2}]}, 0x30}, 0x1, 0x0, 0x0, 0x818}, 0x2004000) 798.33648ms ago: executing program 2 (id=205): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000fc0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DEL_KEY(r2, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000180)={0x30, r1, 0x1, 0x70bd2e, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x2}]}, 0x30}, 0x1, 0x0, 0x0, 0x818}, 0x2004000) (fail_nth: 1) 721.023678ms ago: executing program 1 (id=206): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[], 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x0, 0x0) 575.186705ms ago: executing program 2 (id=207): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYRES16=0x0, @ANYRES16=0x0], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000001540)={0x24, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00220f0000005b574e69622bf85eda07b3"], 0x0}, 0x0) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000000), 0x40003, 0x0) (async) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000000), 0x40003, 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r1, 0x40505331, &(0x7f0000000380)={{0x0, 0x3}, {0x6}, 0x9, 0x5, 0x2}) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x1c0) mknodat(0xffffffffffffff9c, &(0x7f0000000200)='./file1/file4/file5\x00', 0x81c0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file1/file4/file7\x00', 0x1c0) r2 = landlock_create_ruleset(&(0x7f00000002c0)={0xa494, 0x0, 0x1}, 0x18, 0x0) r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x200000, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r2, 0x1, &(0x7f0000000340)={0x2000, r3}, 0x0) landlock_restrict_self(r2, 0x0) (async) landlock_restrict_self(r2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) linkat(0xffffffffffffff9c, &(0x7f0000000500)='./file1/file4/file5\x00', 0xffffffffffffff9c, &(0x7f0000000540)='./file1/file4/file7/file5\x00', 0x0) syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) (async) r4 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000007c0)) (async) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000007c0)={0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000f00)={'dummy0\x00', &(0x7f0000000180)=@ethtool_perm_addr={0x4b, 0x27, "4372070000001000476fb2940acfbe4c0e24fa98ddf306e50000b646376f385355617a34d3b53d"}}) ioctl$HIDIOCGUCODE(r4, 0xc018480d, &(0x7f00000011c0)={0x3, 0x100, 0x300, 0x8000005, 0x590f, 0x9}) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r6, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r6, 0x84, 0x15, &(0x7f0000000040)={0x3}, 0x1) (async) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r6, 0x84, 0x15, &(0x7f0000000040)={0x3}, 0x1) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c) (async) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c) sendto$inet6(r6, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) (async) sendto$inet6(r6, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) mmap(&(0x7f00000ee000/0x2000)=nil, 0x2000, 0x3000001, 0x40010, 0xffffffffffffffff, 0x45809000) (async) mmap(&(0x7f00000ee000/0x2000)=nil, 0x2000, 0x3000001, 0x40010, 0xffffffffffffffff, 0x45809000) 471.254718ms ago: executing program 3 (id=208): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000fc0)={'wlan1\x00'}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000001300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DEL_PMKSA(r4, &(0x7f0000001440)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000000280)={0x30, r2, 0x1, 0x0, 0x100000, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_PMKID={0x14, 0x55, "677a747f68d5bc46961888b601453dd5"}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000094}, 0x0) sendmsg$NL80211_CMD_DEL_KEY(r0, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={0x30, r1, 0x1, 0x70bd2e, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x818}, 0x2004000) 391.160803ms ago: executing program 3 (id=209): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x1, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) getsockopt$bt_BT_CHANNEL_POLICY(r0, 0x112, 0x4, 0x0, &(0x7f0000000080)) 338.774361ms ago: executing program 3 (id=210): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SG_IO(r1, 0x2285, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1400000010000106"], 0x7c}}, 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000004c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r4, @ANYBLOB="08002700851600000a00180000000000000000001c005a8018000180140003"], 0x4c}}, 0x4000804) r5 = fcntl$dupfd(r1, 0x0, r1) write$sndseq(r5, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}], 0x38) write$sndseq(r5, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {0x8}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @tick, {0xa}, {0x0, 0x5}, @addr}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32={[0x0, 0x8, 0xf]}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw32={[0x0, 0x101]}}, {0x1, 0x0, 0x0, 0x0, @tick, {0x0, 0x40}, {}, @connect}, {0x0, 0x4, 0x3, 0x80, @tick=0xfffffffa, {}, {}, @control={0x6, 0x7fff, 0x8}}, {0x0, 0x0, 0x0, 0x0, @time={0xffffff85}, {}, {}, @time=@time}], 0xc4) write$sndseq(r5, &(0x7f0000002840)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @addr}], 0x54) write$sndseq(r5, &(0x7f0000000300)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @result}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time}, {0x0, 0x0, 0x0, 0x0, @tick=0x6, {}, {}, @connect={{0x8}}}, {0x0, 0x0, 0x0, 0x0, @tick=0xfffffffc, {0x6}, {}, @control}], 0xc4) write$sndseq(r5, &(0x7f0000000a40)=[{0x0, 0x0, 0x0, 0x0, @time, {0x0, 0x8}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {0x0, 0x20}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @queue}], 0x8c) write$sndseq(r1, &(0x7f0000000c00)=[{0x0, 0x0, 0x0, 0x0, @time={0x9, 0xefa}, {}, {}, @addr}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32={[0x0, 0x0, 0x800]}}, {0x0, 0x0, 0x2, 0x6, @time, {}, {}, @control}], 0x54) syz_clone(0x100411, 0x0, 0x0, 0x0, 0x0, 0x0) sendfile(r0, r0, 0x0, 0x7ffff000) 11.516855ms ago: executing program 3 (id=211): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), r0) sendmsg$IEEE802154_ADD_IFACE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x2c, r1, 0x201, 0x70bd2c, 0x25dfdbff, {}, [@IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy1\x00'}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0302}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x40800) 0s ago: executing program 3 (id=212): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x1, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) getsockopt$bt_BT_CHANNEL_POLICY(r0, 0x112, 0x4, 0x0, &(0x7f0000000080)) (fail_nth: 2) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.251' (ED25519) to the list of known hosts. [ 84.601726][ T5821] cgroup: Unknown subsys name 'net' [ 84.752849][ T5821] cgroup: Unknown subsys name 'cpuset' [ 84.762621][ T5821] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 86.446437][ T5821] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 90.250342][ T5833] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 90.259136][ T5833] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 90.266954][ T5833] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 90.275768][ T5833] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 90.283628][ T5833] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 90.350905][ T5833] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 90.362088][ T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 90.369657][ T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 90.377839][ T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 90.386574][ T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 90.394850][ T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 90.433933][ T5839] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 90.441993][ T5839] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 90.455969][ T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 90.464435][ T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 90.473397][ T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 90.482538][ T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 90.491925][ T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 90.501720][ T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 90.509702][ T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 90.992770][ T5830] chnl_net:caif_netlink_parms(): no params data found [ 91.123793][ T5835] chnl_net:caif_netlink_parms(): no params data found [ 91.156529][ T5834] chnl_net:caif_netlink_parms(): no params data found [ 91.311175][ T5842] chnl_net:caif_netlink_parms(): no params data found [ 91.329708][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.336964][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.346040][ T5830] bridge_slave_0: entered allmulticast mode [ 91.354185][ T5830] bridge_slave_0: entered promiscuous mode [ 91.404275][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.411557][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.418823][ T5830] bridge_slave_1: entered allmulticast mode [ 91.426123][ T5830] bridge_slave_1: entered promiscuous mode [ 91.464125][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.471304][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.478624][ T5835] bridge_slave_0: entered allmulticast mode [ 91.485862][ T5835] bridge_slave_0: entered promiscuous mode [ 91.548599][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.555809][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.563548][ T5835] bridge_slave_1: entered allmulticast mode [ 91.570986][ T5835] bridge_slave_1: entered promiscuous mode [ 91.593616][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.606435][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.615906][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.623224][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.630829][ T5834] bridge_slave_0: entered allmulticast mode [ 91.638068][ T5834] bridge_slave_0: entered promiscuous mode [ 91.683462][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.690771][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.698106][ T5834] bridge_slave_1: entered allmulticast mode [ 91.705643][ T5834] bridge_slave_1: entered promiscuous mode [ 91.720678][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.733750][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.796311][ T5830] team0: Port device team_slave_0 added [ 91.805739][ T5830] team0: Port device team_slave_1 added [ 91.868123][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.882136][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.891781][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.892073][ T1223] cfg80211: failed to load regulatory.db [ 91.899121][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.911916][ T5842] bridge_slave_0: entered allmulticast mode [ 91.922461][ T5842] bridge_slave_0: entered promiscuous mode [ 91.932190][ T5835] team0: Port device team_slave_0 added [ 91.938339][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.946520][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.954300][ T5842] bridge_slave_1: entered allmulticast mode [ 91.962579][ T5842] bridge_slave_1: entered promiscuous mode [ 92.003108][ T5835] team0: Port device team_slave_1 added [ 92.036014][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.043324][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.069664][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.102985][ T5834] team0: Port device team_slave_0 added [ 92.136953][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.144227][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.170371][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.183582][ T5834] team0: Port device team_slave_1 added [ 92.190600][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.197611][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.224482][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.238409][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.278299][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.285390][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.311697][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.334210][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.359262][ T5839] Bluetooth: hci0: command tx timeout [ 92.408723][ T5830] hsr_slave_0: entered promiscuous mode [ 92.415214][ T5830] hsr_slave_1: entered promiscuous mode [ 92.436466][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.444086][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.471033][ T5839] Bluetooth: hci1: command tx timeout [ 92.475097][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.489655][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.496635][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.522693][ T5839] Bluetooth: hci2: command tx timeout [ 92.523328][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.569023][ T5842] team0: Port device team_slave_0 added [ 92.580581][ T5835] hsr_slave_0: entered promiscuous mode [ 92.587722][ T5835] hsr_slave_1: entered promiscuous mode [ 92.594260][ T5835] debugfs: 'hsr0' already exists in 'hsr' [ 92.600426][ T5839] Bluetooth: hci3: command tx timeout [ 92.606186][ T5835] Cannot create hsr debugfs directory [ 92.620698][ T5842] team0: Port device team_slave_1 added [ 92.704043][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.711219][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.737635][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.784571][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.791769][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.817958][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.876075][ T5834] hsr_slave_0: entered promiscuous mode [ 92.883109][ T5834] hsr_slave_1: entered promiscuous mode [ 92.889464][ T5834] debugfs: 'hsr0' already exists in 'hsr' [ 92.895238][ T5834] Cannot create hsr debugfs directory [ 93.050208][ T5842] hsr_slave_0: entered promiscuous mode [ 93.056650][ T5842] hsr_slave_1: entered promiscuous mode [ 93.064006][ T5842] debugfs: 'hsr0' already exists in 'hsr' [ 93.070073][ T5842] Cannot create hsr debugfs directory [ 93.368859][ T5830] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 93.397983][ T5830] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 93.423372][ T5830] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 93.450243][ T5830] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 93.486995][ T5834] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 93.511057][ T5834] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 93.532089][ T5834] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 93.551587][ T5834] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 93.587484][ T5835] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 93.597954][ T5835] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 93.616956][ T5835] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 93.633569][ T5835] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 93.762266][ T5842] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 93.776418][ T5842] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 93.795722][ T5842] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 93.807453][ T5842] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 93.943641][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.966831][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.012613][ T5834] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.043790][ T1168] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.051210][ T1168] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.066000][ T5830] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.083997][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.095497][ T1168] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.102697][ T1168] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.124880][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.151281][ T1146] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.158887][ T1146] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.181786][ T5835] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.191740][ T1146] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.198928][ T1146] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.222084][ T5842] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.271561][ T1168] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.278728][ T1168] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.290096][ T1168] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.297256][ T1168] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.324069][ T1168] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.331226][ T1168] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.345032][ T1146] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.352222][ T1146] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.441348][ T5839] Bluetooth: hci0: command tx timeout [ 94.519036][ T5839] Bluetooth: hci1: command tx timeout [ 94.556019][ T5842] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 94.569701][ T5842] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 94.601924][ T5839] Bluetooth: hci2: command tx timeout [ 94.679161][ T5839] Bluetooth: hci3: command tx timeout [ 94.835644][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.979214][ T5834] veth0_vlan: entered promiscuous mode [ 95.026874][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.043013][ T5834] veth1_vlan: entered promiscuous mode [ 95.091302][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.138143][ T5830] veth0_vlan: entered promiscuous mode [ 95.167821][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.194617][ T5830] veth1_vlan: entered promiscuous mode [ 95.215609][ T5842] veth0_vlan: entered promiscuous mode [ 95.240896][ T5834] veth0_macvtap: entered promiscuous mode [ 95.254647][ T5834] veth1_macvtap: entered promiscuous mode [ 95.272441][ T5842] veth1_vlan: entered promiscuous mode [ 95.313019][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.337409][ T5830] veth0_macvtap: entered promiscuous mode [ 95.364629][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.380662][ T5830] veth1_macvtap: entered promiscuous mode [ 95.390810][ T5835] veth0_vlan: entered promiscuous mode [ 95.419967][ T1152] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.431493][ T1152] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.443601][ T1152] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.463061][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.474907][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.485874][ T5835] veth1_vlan: entered promiscuous mode [ 95.493401][ T1152] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.526417][ T37] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.551829][ T37] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.562895][ T37] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.580068][ T37] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.621555][ T5842] veth0_macvtap: entered promiscuous mode [ 95.643897][ T5835] veth0_macvtap: entered promiscuous mode [ 95.658073][ T5842] veth1_macvtap: entered promiscuous mode [ 95.704969][ T5835] veth1_macvtap: entered promiscuous mode [ 95.723621][ T1168] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.732302][ T1168] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.781185][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.800929][ T1168] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.810755][ T1168] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.816652][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.850885][ T1168] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.860835][ T1168] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.874451][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.888133][ T37] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.897262][ T37] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.949923][ T37] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.985224][ T5834] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 95.986047][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.016913][ T37] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.031809][ T1146] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.040077][ T1146] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.070250][ T37] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.094646][ T37] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.157255][ T37] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.192011][ T37] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.218982][ T1168] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.230937][ T1168] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.316157][ T1152] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.333587][ T1152] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.446298][ T1152] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.479127][ T1152] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.513798][ T1168] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.534844][ T5839] Bluetooth: hci0: command tx timeout [ 96.536463][ T1168] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.600586][ T5839] Bluetooth: hci1: command tx timeout [ 96.689584][ T5839] Bluetooth: hci2: command tx timeout [ 96.762922][ T5839] Bluetooth: hci3: command tx timeout [ 96.832392][ T5935] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 96.925475][ T5934] sp0: Synchronizing with TNC [ 97.167085][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 97.177178][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 97.187643][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 97.197788][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 97.739001][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 97.909084][ T979] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 97.931130][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.093400][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 98.153614][ T979] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 98.193777][ T979] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 98.275815][ T979] usb 3-1: config 0 descriptor?? [ 98.281954][ T5839] Bluetooth: hci3: Malformed Event: 0x02 [ 98.418631][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 98.449012][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 98.498829][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 98.599052][ T5839] Bluetooth: hci0: command tx timeout [ 98.679066][ T5839] Bluetooth: hci1: command tx timeout [ 98.759692][ T5839] Bluetooth: hci2: command tx timeout [ 98.838752][ T5839] Bluetooth: hci3: command tx timeout [ 99.416555][ T979] ath6kl: Failed to submit usb control message: -110 [ 99.423608][ T979] ath6kl: unable to send the bmi data to the device: -110 [ 100.168639][ T979] ath6kl: Unable to send get target info: -110 [ 100.200420][ T979] ath6kl: Failed to init ath6kl core: -110 [ 100.207716][ T979] ath6kl_usb 3-1:0.0: probe with driver ath6kl_usb failed with error -110 [ 100.340940][ T979] usb 3-1: USB disconnect, device number 2 [ 100.820020][ T6013] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 101.426234][ T6028] Zero length message leads to an empty skb [ 101.442238][ T6024] syz.0.26 (6024) used greatest stack depth: 19496 bytes left [ 101.738541][ T9] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 101.939604][ T9] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 102.033074][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.275346][ T9] usb 4-1: config 0 descriptor?? [ 102.914576][ T9] ath6kl: Failed to submit usb control message: -71 [ 103.204730][ T9] ath6kl: unable to send the bmi data to the device: -71 [ 103.224944][ T9] ath6kl: Unable to send get target info: -71 [ 103.249635][ T9] ath6kl: Failed to init ath6kl core: -71 [ 103.290371][ T9] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 103.389536][ T9] usb 4-1: USB disconnect, device number 2 [ 104.981643][ T6101] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 106.052452][ T6122] netlink: 8 bytes leftover after parsing attributes in process `syz.2.66'. [ 106.092413][ T6126] netlink: 12 bytes leftover after parsing attributes in process `syz.1.68'. [ 107.119794][ T1223] IPVS: starting estimator thread 0... [ 107.213840][ T6146] IPVS: using max 24 ests per chain, 57600 per kthread [ 108.971428][ T30] audit: type=1800 audit(1751579672.243:2): pid=6168 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz.0.85" name="/newroot/23/memory.stat" dev="tmpfs" ino=133 res=0 errno=0 [ 111.978538][ T979] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 112.179367][ T979] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 112.240830][ T979] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 112.526682][ T979] usb 3-1: config 0 descriptor?? [ 113.018064][ T979] ath6kl: Failed to submit usb control message: -71 [ 113.071006][ T979] ath6kl: unable to send the bmi data to the device: -71 [ 113.139069][ T979] ath6kl: Unable to send get target info: -71 [ 113.186665][ T6266] process 'syz.0.106' launched './file0' with NULL argv: empty string added [ 113.199567][ T979] ath6kl: Failed to init ath6kl core: -71 [ 113.339218][ T979] ath6kl_usb 3-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 113.605979][ T979] usb 3-1: USB disconnect, device number 3 [ 114.138777][ T979] usb 3-1: new full-speed USB device number 4 using dummy_hcd [ 115.050694][ T979] usb 3-1: config 8 has an invalid interface number: 223 but max is 0 [ 115.068361][ T979] usb 3-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config [ 115.135915][ T979] usb 3-1: config 8 has no interface number 0 [ 115.208565][ T979] usb 3-1: config 8 interface 223 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 115.237991][ T979] usb 3-1: config 8 interface 223 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 115.272182][ T979] usb 3-1: New USB device found, idVendor=a6da, idProduct=7458, bcdDevice=2d.4d [ 115.284059][ T979] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 115.295019][ T979] usb 3-1: Product: syz [ 115.301855][ T979] usb 3-1: Manufacturer: syz [ 115.306642][ T979] usb 3-1: SerialNumber: syz [ 115.596539][ T6306] capability: warning: `syz.0.122' uses 32-bit capabilities (legacy support in use) [ 116.240563][ T979] usb 3-1: USB disconnect, device number 4 [ 116.435395][ T6312] netlink: 'syz.0.124': attribute type 1 has an invalid length. [ 116.443362][ T6312] netlink: 16150 bytes leftover after parsing attributes in process `syz.0.124'. [ 117.388527][ T979] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 117.543145][ T6328] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 117.568802][ T979] usb 1-1: Using ep0 maxpacket: 8 [ 117.583162][ T979] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 117.591832][ T979] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 117.609199][ T979] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 117.622044][ T979] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 117.633594][ T979] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 117.681997][ T979] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 117.692011][ T979] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 117.744106][ T979] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 117.821633][ T979] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 117.916475][ T979] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 117.959273][ T979] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 117.968358][ T979] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 118.020182][ T979] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 118.141673][ T30] audit: type=1800 audit(1751579681.403:3): pid=6335 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.133" name="bus" dev="overlay" ino=147 res=0 errno=0 [ 118.708462][ T979] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 118.848965][ T979] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 118.885182][ T979] usb 1-1: string descriptor 0 read error: -22 [ 119.156887][ T6339] netlink: 'syz.1.135': attribute type 10 has an invalid length. [ 119.789506][ T979] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 119.803331][ T979] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 119.897749][ T979] adutux 1-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 119.954329][ T6339] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 120.084248][ T6320] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 120.093819][ T6320] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 120.176757][ T982] usb 1-1: USB disconnect, device number 2 [ 124.165012][ T6391] netlink: 24 bytes leftover after parsing attributes in process `syz.0.153'. [ 124.298942][ T5919] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 125.232008][ T979] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 125.428681][ T979] usb 2-1: device descriptor read/64, error -71 [ 125.448293][ T5919] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 125.624878][ T5919] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 125.847865][ T5919] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 125.868544][ T979] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 125.932541][ T5919] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 125.996732][ T5919] usb 3-1: config 0 descriptor?? [ 126.035700][ T5919] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 126.058691][ T979] usb 2-1: device descriptor read/64, error -71 [ 126.171358][ T979] usb usb2-port1: attempt power cycle [ 126.699648][ T979] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 126.792230][ T979] usb 2-1: device descriptor read/8, error -71 [ 127.082176][ T979] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 127.109951][ T979] usb 2-1: device descriptor read/8, error -71 [ 127.223414][ T979] usb usb2-port1: unable to enumerate USB device [ 128.605971][ T982] usb 3-1: USB disconnect, device number 5 [ 129.095773][ T6469] ieee802154 phy0 wpan0: encryption failed: -22 [ 129.188515][ T24] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 129.329808][ T24] usb 1-1: device descriptor read/64, error -71 [ 129.380120][ T6477] FAULT_INJECTION: forcing a failure. [ 129.380120][ T6477] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 129.394938][ T6477] CPU: 1 UID: 0 PID: 6477 Comm: syz.1.183 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 129.394967][ T6477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 129.394988][ T6477] Call Trace: [ 129.394996][ T6477] [ 129.395005][ T6477] dump_stack_lvl+0x189/0x250 [ 129.395040][ T6477] ? __pfx____ratelimit+0x10/0x10 [ 129.395066][ T6477] ? __pfx_dump_stack_lvl+0x10/0x10 [ 129.395088][ T6477] ? __pfx__printk+0x10/0x10 [ 129.395111][ T6477] ? __might_fault+0xb0/0x130 [ 129.395146][ T6477] should_fail_ex+0x414/0x560 [ 129.395183][ T6477] _copy_from_user+0x2d/0xb0 [ 129.395204][ T6477] do_sock_getsockopt+0x1cd/0x650 [ 129.395240][ T6477] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 129.395270][ T6477] ? do_syscall_64+0x60/0x3b0 [ 129.395296][ T6477] ? __fget_files+0x3a0/0x420 [ 129.395323][ T6477] ? __fget_files+0x2a/0x420 [ 129.395357][ T6477] __x64_sys_getsockopt+0x1a5/0x250 [ 129.395388][ T6477] ? do_syscall_64+0x60/0x3b0 [ 129.395416][ T6477] ? do_syscall_64+0x60/0x3b0 [ 129.395446][ T6477] do_syscall_64+0xfa/0x3b0 [ 129.395471][ T6477] ? lockdep_hardirqs_on+0x9c/0x150 [ 129.395496][ T6477] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.395515][ T6477] ? clear_bhb_loop+0x60/0xb0 [ 129.395540][ T6477] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.395559][ T6477] RIP: 0033:0x7fe01598e929 [ 129.395593][ T6477] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 129.395610][ T6477] RSP: 002b:00007fe016795038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 129.395639][ T6477] RAX: ffffffffffffffda RBX: 00007fe015bb5fa0 RCX: 00007fe01598e929 [ 129.395654][ T6477] RDX: 0000000000000004 RSI: 0000000000000112 RDI: 0000000000000004 [ 129.395666][ T6477] RBP: 00007fe016795090 R08: 0000200000000080 R09: 0000000000000000 [ 129.395683][ T6477] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 129.395695][ T6477] R13: 0000000000000000 R14: 00007fe015bb5fa0 R15: 00007ffd66620888 [ 129.395726][ T6477] [ 129.721392][ T6483] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 129.727038][ T6486] wlan1 speed is unknown, defaulting to 1000 [ 129.734308][ T6483] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 129.739509][ T6486] wlan1 speed is unknown, defaulting to 1000 [ 129.753376][ T6486] wlan1 speed is unknown, defaulting to 1000 [ 129.764078][ T6486] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 129.779577][ T6486] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 129.815056][ T6486] wlan1 speed is unknown, defaulting to 1000 [ 129.823725][ T6486] wlan1 speed is unknown, defaulting to 1000 [ 129.834879][ T6486] wlan1 speed is unknown, defaulting to 1000 [ 129.838671][ T24] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 129.849053][ T6486] wlan1 speed is unknown, defaulting to 1000 [ 129.924541][ T6488] FAULT_INJECTION: forcing a failure. [ 129.924541][ T6488] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 129.937964][ T6488] CPU: 0 UID: 0 PID: 6488 Comm: syz.1.188 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 129.937991][ T6488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 129.938004][ T6488] Call Trace: [ 129.938014][ T6488] [ 129.938024][ T6488] dump_stack_lvl+0x189/0x250 [ 129.938044][ T6488] ? __pfx____ratelimit+0x10/0x10 [ 129.938064][ T6488] ? __pfx_dump_stack_lvl+0x10/0x10 [ 129.938080][ T6488] ? __pfx__printk+0x10/0x10 [ 129.938096][ T6488] ? __might_fault+0xb0/0x130 [ 129.938120][ T6488] should_fail_ex+0x414/0x560 [ 129.938147][ T6488] _copy_from_user+0x2d/0xb0 [ 129.938162][ T6488] ___sys_sendmsg+0x158/0x2a0 [ 129.938179][ T6488] ? __pfx____sys_sendmsg+0x10/0x10 [ 129.938219][ T6488] ? __fget_files+0x2a/0x420 [ 129.938238][ T6488] ? __fget_files+0x3a0/0x420 [ 129.938265][ T6488] __x64_sys_sendmsg+0x19b/0x260 [ 129.938288][ T6488] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 129.938309][ T6488] ? __pfx_ksys_write+0x10/0x10 [ 129.938325][ T6488] ? rcu_is_watching+0x15/0xb0 [ 129.938343][ T6488] ? do_syscall_64+0xbe/0x3b0 [ 129.938365][ T6488] do_syscall_64+0xfa/0x3b0 [ 129.938383][ T6488] ? lockdep_hardirqs_on+0x9c/0x150 [ 129.938406][ T6488] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.938428][ T6488] ? clear_bhb_loop+0x60/0xb0 [ 129.938451][ T6488] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.938469][ T6488] RIP: 0033:0x7fe01598e929 [ 129.938487][ T6488] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 129.938502][ T6488] RSP: 002b:00007fe016795038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 129.938522][ T6488] RAX: ffffffffffffffda RBX: 00007fe015bb5fa0 RCX: 00007fe01598e929 [ 129.938537][ T6488] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000003 [ 129.938549][ T6488] RBP: 00007fe016795090 R08: 0000000000000000 R09: 0000000000000000 [ 129.938561][ T6488] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 129.938573][ T6488] R13: 0000000000000000 R14: 00007fe015bb5fa0 R15: 00007ffd66620888 [ 129.938604][ T6488] [ 129.998676][ T24] usb 1-1: device descriptor read/64, error -71 [ 130.005594][ T982] usb 3-1: new full-speed USB device number 6 using dummy_hcd [ 130.149157][ T24] usb usb1-port1: attempt power cycle [ 130.320788][ T982] usb 3-1: not running at top speed; connect to a high speed hub [ 130.330141][ T982] usb 3-1: config 127 has an invalid interface number: 253 but max is 2 [ 130.338703][ T982] usb 3-1: config 127 has an invalid descriptor of length 229, skipping remainder of the config [ 130.351061][ T982] usb 3-1: config 127 has 1 interface, different from the descriptor's value: 3 [ 130.360559][ T982] usb 3-1: config 127 has no interface number 0 [ 130.366865][ T982] usb 3-1: config 127 interface 253 altsetting 8 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 130.380366][ T982] usb 3-1: config 127 interface 253 has no altsetting 0 [ 130.528841][ T24] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 130.560866][ T24] usb 1-1: device descriptor read/8, error -71 [ 130.798592][ T24] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 130.819179][ T24] usb 1-1: device descriptor read/8, error -71 [ 130.928819][ T24] usb usb1-port1: unable to enumerate USB device [ 131.116777][ T6498] ieee802154 phy0 wpan0: encryption failed: -22 [ 131.338038][ T6505] FAULT_INJECTION: forcing a failure. [ 131.338038][ T6505] name failslab, interval 1, probability 0, space 0, times 1 [ 131.351063][ T6505] CPU: 1 UID: 0 PID: 6505 Comm: syz.1.195 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 131.351090][ T6505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 131.351102][ T6505] Call Trace: [ 131.351110][ T6505] [ 131.351117][ T6505] dump_stack_lvl+0x189/0x250 [ 131.351145][ T6505] ? __pfx____ratelimit+0x10/0x10 [ 131.351170][ T6505] ? __pfx_dump_stack_lvl+0x10/0x10 [ 131.351192][ T6505] ? __pfx__printk+0x10/0x10 [ 131.351231][ T6505] ? __pfx___might_resched+0x10/0x10 [ 131.351250][ T6505] ? fs_reclaim_acquire+0x7d/0x100 [ 131.351280][ T6505] should_fail_ex+0x414/0x560 [ 131.351316][ T6505] should_failslab+0xa8/0x100 [ 131.351341][ T6505] __kmalloc_noprof+0xcb/0x4f0 [ 131.351362][ T6505] ? kfree+0x4d/0x440 [ 131.351378][ T6505] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 131.351406][ T6505] tomoyo_realpath_from_path+0xe3/0x5d0 [ 131.351431][ T6505] ? tomoyo_domain+0xd9/0x130 [ 131.351459][ T6505] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 131.351508][ T6505] tomoyo_path_number_perm+0x1e8/0x5a0 [ 131.351542][ T6505] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 131.351592][ T6505] ? __lock_acquire+0xab9/0xd20 [ 131.351644][ T6505] ? __fget_files+0x2a/0x420 [ 131.351676][ T6505] ? __fget_files+0x2a/0x420 [ 131.351701][ T6505] ? __fget_files+0x3a0/0x420 [ 131.351727][ T6505] ? __fget_files+0x2a/0x420 [ 131.351759][ T6505] security_file_ioctl+0xcb/0x2d0 [ 131.351791][ T6505] __se_sys_ioctl+0x47/0x170 [ 131.351816][ T6505] do_syscall_64+0xfa/0x3b0 [ 131.351842][ T6505] ? lockdep_hardirqs_on+0x9c/0x150 [ 131.351867][ T6505] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.351886][ T6505] ? clear_bhb_loop+0x60/0xb0 [ 131.351910][ T6505] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.351930][ T6505] RIP: 0033:0x7fe01598e929 [ 131.351948][ T6505] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 131.351964][ T6505] RSP: 002b:00007fe016795038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 131.351985][ T6505] RAX: ffffffffffffffda RBX: 00007fe015bb5fa0 RCX: 00007fe01598e929 [ 131.352000][ T6505] RDX: 0000200000000580 RSI: 0000000000008905 RDI: 0000000000000003 [ 131.352013][ T6505] RBP: 00007fe016795090 R08: 0000000000000000 R09: 0000000000000000 [ 131.352025][ T6505] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 131.352036][ T6505] R13: 0000000000000000 R14: 00007fe015bb5fa0 R15: 00007ffd66620888 [ 131.352068][ T6505] [ 131.352077][ T6505] ERROR: Out of memory at tomoyo_realpath_from_path. [ 132.172650][ T6521] FAULT_INJECTION: forcing a failure. [ 132.172650][ T6521] name failslab, interval 1, probability 0, space 0, times 0 [ 132.190345][ T6521] CPU: 1 UID: 0 PID: 6521 Comm: syz.3.201 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 132.190372][ T6521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 132.190384][ T6521] Call Trace: [ 132.190391][ T6521] [ 132.190399][ T6521] dump_stack_lvl+0x189/0x250 [ 132.190426][ T6521] ? __pfx____ratelimit+0x10/0x10 [ 132.190451][ T6521] ? __pfx_dump_stack_lvl+0x10/0x10 [ 132.190473][ T6521] ? __pfx__printk+0x10/0x10 [ 132.190499][ T6521] ? __pfx___might_resched+0x10/0x10 [ 132.190515][ T6521] ? fs_reclaim_acquire+0x7d/0x100 [ 132.190543][ T6521] should_fail_ex+0x414/0x560 [ 132.190578][ T6521] should_failslab+0xa8/0x100 [ 132.190604][ T6521] kmem_cache_alloc_noprof+0x73/0x3c0 [ 132.190625][ T6521] ? getname_flags+0xb8/0x540 [ 132.190656][ T6521] getname_flags+0xb8/0x540 [ 132.190687][ T6521] __x64_sys_renameat+0x97/0xd0 [ 132.190715][ T6521] do_syscall_64+0xfa/0x3b0 [ 132.190740][ T6521] ? lockdep_hardirqs_on+0x9c/0x150 [ 132.190764][ T6521] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.190782][ T6521] ? clear_bhb_loop+0x60/0xb0 [ 132.190805][ T6521] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 132.190823][ T6521] RIP: 0033:0x7f8e0d58e929 [ 132.190857][ T6521] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 132.190873][ T6521] RSP: 002b:00007f8e0e348038 EFLAGS: 00000246 ORIG_RAX: 0000000000000108 [ 132.190894][ T6521] RAX: ffffffffffffffda RBX: 00007f8e0d7b5fa0 RCX: 00007f8e0d58e929 [ 132.190909][ T6521] RDX: 0000000000000003 RSI: 00002000000004c0 RDI: 0000000000000003 [ 132.190922][ T6521] RBP: 00007f8e0e348090 R08: 0000000000000000 R09: 0000000000000000 [ 132.190934][ T6521] R10: 0000200000000380 R11: 0000000000000246 R12: 0000000000000001 [ 132.190946][ T6521] R13: 0000000000000000 R14: 00007f8e0d7b5fa0 R15: 00007ffcfc5b8b18 [ 132.190976][ T6521] [ 132.558710][ T979] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 132.709072][ T979] usb 1-1: Using ep0 maxpacket: 8 [ 132.723780][ T979] usb 1-1: New USB device found, idVendor=10d2, idProduct=2865, bcdDevice=a4.c9 [ 132.768562][ T982] usb 3-1: New USB device found, idVendor=05ac, idProduct=024c, bcdDevice=b8.ae [ 132.777665][ T982] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 132.844369][ T1308] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.854039][ T1308] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.880474][ T982] usb 3-1: can't set config #127, error -71 [ 132.896960][ T982] usb 3-1: USB disconnect, device number 6 [ 132.976311][ T6531] FAULT_INJECTION: forcing a failure. [ 132.976311][ T6531] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 132.989761][ T979] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 133.018825][ T6531] CPU: 0 UID: 0 PID: 6531 Comm: syz.2.205 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 133.018854][ T6531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 133.018866][ T6531] Call Trace: [ 133.018874][ T6531] [ 133.018882][ T6531] dump_stack_lvl+0x189/0x250 [ 133.018908][ T6531] ? __pfx____ratelimit+0x10/0x10 [ 133.018930][ T6531] ? __pfx_dump_stack_lvl+0x10/0x10 [ 133.018950][ T6531] ? __pfx__printk+0x10/0x10 [ 133.018968][ T6531] ? __might_fault+0xb0/0x130 [ 133.019000][ T6531] should_fail_ex+0x414/0x560 [ 133.019037][ T6531] _copy_from_user+0x2d/0xb0 [ 133.019058][ T6531] ___sys_sendmsg+0x158/0x2a0 [ 133.019080][ T6531] ? __pfx____sys_sendmsg+0x10/0x10 [ 133.019137][ T6531] ? __fget_files+0x2a/0x420 [ 133.019163][ T6531] ? __fget_files+0x3a0/0x420 [ 133.019199][ T6531] __x64_sys_sendmsg+0x19b/0x260 [ 133.019221][ T6531] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 133.019250][ T6531] ? __pfx_ksys_write+0x10/0x10 [ 133.019270][ T6531] ? rcu_is_watching+0x15/0xb0 [ 133.019294][ T6531] ? do_syscall_64+0xbe/0x3b0 [ 133.019323][ T6531] do_syscall_64+0xfa/0x3b0 [ 133.019347][ T6531] ? lockdep_hardirqs_on+0x9c/0x150 [ 133.019380][ T6531] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.019398][ T6531] ? clear_bhb_loop+0x60/0xb0 [ 133.019421][ T6531] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.019439][ T6531] RIP: 0033:0x7fcf9978e929 [ 133.019457][ T6531] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 133.019472][ T6531] RSP: 002b:00007fcf9a567038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 133.019493][ T6531] RAX: ffffffffffffffda RBX: 00007fcf999b5fa0 RCX: 00007fcf9978e929 [ 133.019506][ T6531] RDX: 0000000002004000 RSI: 00002000000010c0 RDI: 0000000000000004 [ 133.019519][ T6531] RBP: 00007fcf9a567090 R08: 0000000000000000 R09: 0000000000000000 [ 133.019530][ T6531] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 133.019541][ T6531] R13: 0000000000000000 R14: 00007fcf999b5fa0 R15: 00007ffd459489e8 [ 133.019570][ T6531] [ 133.019705][ T979] usb 1-1: config 0 descriptor?? [ 133.249612][ T979] usblcd 1-1:0.0: USBLCD model not supported. [ 133.309925][ T6537] netlink: 12 bytes leftover after parsing attributes in process `syz.3.208'. [ 133.458568][ T982] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 133.468690][ T10] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 133.484964][ T6520] netlink: 8 bytes leftover after parsing attributes in process `syz.0.200'. [ 133.658615][ T10] usb 3-1: device descriptor read/64, error -71 [ 133.665005][ T982] usb 2-1: device descriptor read/64, error -71 [ 133.763503][ T6547] FAULT_INJECTION: forcing a failure. [ 133.763503][ T6547] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 133.781526][ T6547] CPU: 0 UID: 0 PID: 6547 Comm: syz.3.212 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 133.781555][ T6547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 133.781567][ T6547] Call Trace: [ 133.781575][ T6547] [ 133.781583][ T6547] dump_stack_lvl+0x189/0x250 [ 133.781611][ T6547] ? __pfx____ratelimit+0x10/0x10 [ 133.781637][ T6547] ? __pfx_dump_stack_lvl+0x10/0x10 [ 133.781659][ T6547] ? __pfx__printk+0x10/0x10 [ 133.781694][ T6547] should_fail_ex+0x414/0x560 [ 133.781730][ T6547] _copy_to_user+0x31/0xb0 [ 133.781750][ T6547] l2cap_sock_getsockopt+0xf32/0x1490 [ 133.781768][ T6547] ? __pfx_l2cap_sock_getsockopt+0x10/0x10 [ 133.781794][ T6547] do_sock_getsockopt+0x35d/0x650 [ 133.781819][ T6547] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 133.781841][ T6547] ? do_syscall_64+0x60/0x3b0 [ 133.781860][ T6547] ? __fget_files+0x3a0/0x420 [ 133.781880][ T6547] ? __fget_files+0x2a/0x420 [ 133.781904][ T6547] __x64_sys_getsockopt+0x1a5/0x250 [ 133.781926][ T6547] ? do_syscall_64+0x60/0x3b0 [ 133.781946][ T6547] ? do_syscall_64+0x60/0x3b0 [ 133.781968][ T6547] do_syscall_64+0xfa/0x3b0 [ 133.781986][ T6547] ? lockdep_hardirqs_on+0x9c/0x150 [ 133.782004][ T6547] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.782017][ T6547] ? clear_bhb_loop+0x60/0xb0 [ 133.782035][ T6547] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.782049][ T6547] RIP: 0033:0x7f8e0d58e929 [ 133.782061][ T6547] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 133.782074][ T6547] RSP: 002b:00007f8e0e348038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 133.782089][ T6547] RAX: ffffffffffffffda RBX: 00007f8e0d7b5fa0 RCX: 00007f8e0d58e929 [ 133.782100][ T6547] RDX: 0000000000000004 RSI: 0000000000000112 RDI: 0000000000000004 [ 133.782108][ T6547] RBP: 00007f8e0e348090 R08: 0000200000000080 R09: 0000000000000000 [ 133.782117][ T6547] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 133.782125][ T6547] R13: 0000000000000000 R14: 00007f8e0d7b5fa0 R15: 00007ffcfc5b8b18 [ 133.782147][ T6547] [ 133.996553][ C0] ================================================================== [ 134.004646][ C0] BUG: KASAN: slab-use-after-free in flush_tlb_func+0x23d/0x6c0 [ 134.012292][ C0] Write of size 8 at addr ffff888025385540 by task swapper/0/0 [ 134.019869][ C0] [ 134.022226][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 134.022255][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 134.022269][ C0] Call Trace: [ 134.022278][ C0] [ 134.022287][ C0] dump_stack_lvl+0x189/0x250 [ 134.022322][ C0] ? __virt_addr_valid+0x1c8/0x5c0 [ 134.022345][ C0] ? rcu_is_watching+0x15/0xb0 [ 134.022365][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 134.022386][ C0] ? rcu_is_watching+0x15/0xb0 [ 134.022404][ C0] ? lock_release+0x4b/0x3e0 [ 134.022435][ C0] ? __virt_addr_valid+0x1c8/0x5c0 [ 134.022457][ C0] ? __virt_addr_valid+0x4a5/0x5c0 [ 134.022481][ C0] print_report+0xd2/0x2b0 [ 134.022507][ C0] ? flush_tlb_func+0x23d/0x6c0 [ 134.022530][ C0] kasan_report+0x118/0x150 [ 134.022555][ C0] ? flush_tlb_func+0x23d/0x6c0 [ 134.022582][ C0] kasan_check_range+0x2b0/0x2c0 [ 134.022608][ C0] flush_tlb_func+0x23d/0x6c0 [ 134.022634][ C0] ? sched_clock+0x3f/0x60 [ 134.022661][ C0] ? __pfx_flush_tlb_func+0x10/0x10 [ 134.022687][ C0] ? __pfx_flush_tlb_func+0x10/0x10 [ 134.022711][ C0] __flush_smp_call_function_queue+0x370/0xaa0 [ 134.022732][ C0] ? __pfx_flush_tlb_func+0x10/0x10 [ 134.022758][ C0] __sysvec_call_function_single+0xa8/0x3d0 [ 134.022784][ C0] sysvec_call_function_single+0x4f/0xc0 [ 134.022808][ C0] asm_sysvec_call_function_single+0x1a/0x20 [ 134.022830][ C0] RIP: 0010:handle_softirqs+0x1b0/0x870 [ 134.022850][ C0] Code: 89 64 24 30 0f b7 db 48 c7 c7 a0 99 89 8b e8 87 55 f1 09 65 66 c7 05 c5 4e 3e 11 00 00 e8 f8 55 42 00 fb 49 c7 c7 c0 c0 00 8e ff ff ff ff 0f bc c3 41 89 c5 41 ff c5 0f 84 c2 03 00 00 89 5c [ 134.022867][ C0] RSP: 0018:ffffc90000007e40 EFLAGS: 00000286 [ 134.022887][ C0] RAX: 36c55d9c823cf500 RBX: 0000000000000382 RCX: 36c55d9c823cf500 [ 134.022901][ C0] RDX: 0000000000000000 RSI: ffffffff8da6993f RDI: ffffffff8be4b100 [ 134.022915][ C0] RBP: ffffc90000007f50 R08: ffffffff8fc29e37 R09: 1ffffffff1f853c6 [ 134.022930][ C0] R10: dffffc0000000000 R11: fffffbfff1f853c7 R12: 000000000000000a [ 134.022944][ C0] R13: 0000000000000000 R14: dffffc0000000000 R15: ffffffff8e00c0c0 [ 134.022967][ C0] ? lapic_next_event+0x11/0x20 [ 134.022986][ C0] ? clockevents_program_event+0x24d/0x360 [ 134.023012][ C0] ? __irq_exit_rcu+0xca/0x1f0 [ 134.023032][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 134.023052][ C0] ? irqtime_account_irq+0xb6/0x1c0 [ 134.023078][ C0] __irq_exit_rcu+0xca/0x1f0 [ 134.023096][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 134.023118][ C0] irq_exit_rcu+0x9/0x30 [ 134.023134][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 134.023158][ C0] [ 134.023165][ C0] [ 134.023172][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 134.023192][ C0] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 134.023216][ C0] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 83 86 11 00 f3 0f 1e fa fb f4 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 134.023232][ C0] RSP: 0018:ffffffff8e007d80 EFLAGS: 000002c6 [ 134.023249][ C0] RAX: 36c55d9c823cf500 RBX: ffffffff81971188 RCX: 36c55d9c823cf500 [ 134.023263][ C0] RDX: 0000000000000001 RSI: ffffffff8da6993f RDI: ffffffff8be4b100 [ 134.023277][ C0] RBP: ffffffff8e007ea8 R08: ffff8880b8632f1b R09: 1ffff110170c65e3 [ 134.023291][ C0] R10: dffffc0000000000 R11: ffffed10170c65e4 R12: ffffffff8fc29e30 [ 134.023306][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1c12a50 [ 134.023328][ C0] ? do_idle+0x1e8/0x510 [ 134.023352][ C0] default_idle+0x13/0x20 [ 134.023378][ C0] default_idle_call+0x74/0xb0 [ 134.023406][ C0] do_idle+0x1e8/0x510 [ 134.023427][ C0] ? __pfx_do_idle+0x10/0x10 [ 134.023453][ C0] cpu_startup_entry+0x44/0x60 [ 134.023472][ C0] rest_init+0x2de/0x300 [ 134.023489][ C0] ? __pfx_x86_late_time_init+0x10/0x10 [ 134.023512][ C0] start_kernel+0x47d/0x500 [ 134.023541][ C0] x86_64_start_reservations+0x24/0x30 [ 134.023561][ C0] x86_64_start_kernel+0x143/0x1c0 [ 134.023580][ C0] common_startup_64+0x13e/0x147 [ 134.023613][ C0] [ 134.023620][ C0] [ 134.424144][ C0] Allocated by task 5842: [ 134.428469][ C0] kasan_save_track+0x3e/0x80 [ 134.433153][ C0] __kasan_slab_alloc+0x6c/0x80 [ 134.438002][ C0] kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 134.443465][ C0] copy_mm+0xdb/0x4b0 [ 134.447448][ C0] copy_process+0x1706/0x3c00 [ 134.452118][ C0] kernel_clone+0x21e/0x870 [ 134.456616][ C0] __x64_sys_clone+0x18b/0x1e0 [ 134.461377][ C0] do_syscall_64+0xfa/0x3b0 [ 134.465880][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 134.471764][ C0] [ 134.474092][ C0] Freed by task 6546: [ 134.478061][ C0] kasan_save_track+0x3e/0x80 [ 134.482736][ C0] kasan_save_free_info+0x46/0x50 [ 134.487769][ C0] __kasan_slab_free+0x62/0x70 [ 134.492612][ C0] kmem_cache_free+0x18f/0x400 [ 134.497371][ C0] exit_mm+0x1da/0x2c0 [ 134.501437][ C0] do_exit+0x648/0x2300 [ 134.505587][ C0] do_group_exit+0x21c/0x2d0 [ 134.510173][ C0] __x64_sys_exit_group+0x3f/0x40 [ 134.515198][ C0] x64_sys_call+0x21f7/0x2200 [ 134.519895][ C0] do_syscall_64+0xfa/0x3b0 [ 134.524401][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 134.530287][ C0] [ 134.532610][ C0] The buggy address belongs to the object at ffff888025384b40 [ 134.532610][ C0] which belongs to the cache mm_struct of size 2584 [ 134.546568][ C0] The buggy address is located 2560 bytes inside of [ 134.546568][ C0] freed 2584-byte region [ffff888025384b40, ffff888025385558) [ 134.560537][ C0] [ 134.562868][ C0] The buggy address belongs to the physical page: [ 134.569360][ C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x25380 [ 134.578118][ C0] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 134.586809][ C0] memcg:ffff888078b6d901 [ 134.591136][ C0] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 134.598713][ C0] page_type: f5(slab) [ 134.602700][ C0] raw: 00fff00000000040 ffff88801a84bb40 ffffea00019c8800 dead000000000004 [ 134.611282][ C0] raw: 0000000000000000 00000000800b000b 00000000f5000000 ffff888078b6d901 [ 134.619897][ C0] head: 00fff00000000040 ffff88801a84bb40 ffffea00019c8800 dead000000000004 [ 134.628564][ C0] head: 0000000000000000 00000000800b000b 00000000f5000000 ffff888078b6d901 [ 134.637227][ C0] head: 00fff00000000003 ffffea000094e001 00000000ffffffff 00000000ffffffff [ 134.645893][ C0] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 134.654559][ C0] page dumped because: kasan: bad access detected [ 134.660978][ C0] page_owner tracks the page as allocated [ 134.666685][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5205, tgid 5205 (udevd), ts 34674045720, free_ts 34645029978 [ 134.687434][ C0] post_alloc_hook+0x240/0x2a0 [ 134.692211][ C0] get_page_from_freelist+0x21e4/0x22c0 [ 134.697757][ C0] __alloc_frozen_pages_noprof+0x181/0x370 [ 134.703567][ C0] alloc_pages_mpol+0x232/0x4a0 [ 134.708420][ C0] allocate_slab+0x8a/0x370 [ 134.712940][ C0] ___slab_alloc+0xbeb/0x1410 [ 134.717622][ C0] kmem_cache_alloc_noprof+0x283/0x3c0 [ 134.723171][ C0] copy_mm+0xdb/0x4b0 [ 134.727235][ C0] copy_process+0x1706/0x3c00 [ 134.731920][ C0] kernel_clone+0x21e/0x870 [ 134.736443][ C0] __x64_sys_clone+0x18b/0x1e0 [ 134.741208][ C0] do_syscall_64+0xfa/0x3b0 [ 134.745799][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 134.751686][ C0] page last free pid 5205 tgid 5205 stack trace: [ 134.758007][ C0] __free_frozen_pages+0xb80/0xd80 [ 134.763146][ C0] __put_partials+0x156/0x1a0 [ 134.767848][ C0] put_cpu_partial+0x17c/0x250 [ 134.772617][ C0] __slab_free+0x2d5/0x3c0 [ 134.777034][ C0] qlist_free_all+0x97/0x140 [ 134.781625][ C0] kasan_quarantine_reduce+0x148/0x160 [ 134.787178][ C0] __kasan_slab_alloc+0x22/0x80 [ 134.792131][ C0] __kmalloc_noprof+0x224/0x4f0 [ 134.796989][ C0] tomoyo_realpath_from_path+0xe3/0x5d0 [ 134.802539][ C0] tomoyo_path_perm+0x213/0x4b0 [ 134.807403][ C0] security_inode_getattr+0x12f/0x330 [ 134.812785][ C0] __x64_sys_newfstat+0xfc/0x200 [ 134.817734][ C0] do_syscall_64+0xfa/0x3b0 [ 134.822247][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 134.828149][ C0] [ 134.830470][ C0] Memory state around the buggy address: [ 134.836099][ C0] ffff888025385400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 134.844264][ C0] ffff888025385480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 134.852336][ C0] >ffff888025385500: fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc [ 134.860398][ C0] ^ [ 134.866549][ C0] ffff888025385580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 134.874605][ C0] ffff888025385600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 134.882661][ C0] ================================================================== [ 134.890727][ C0] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 134.898013][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 134.909127][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 134.919201][ C0] Call Trace: [ 134.922622][ C0] [ 134.925477][ C0] dump_stack_lvl+0x99/0x250 [ 134.930095][ C0] ? __asan_memcpy+0x40/0x70 [ 134.934687][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 134.939889][ C0] ? __pfx__printk+0x10/0x10 [ 134.944486][ C0] panic+0x2db/0x790 [ 134.948383][ C0] ? __pfx_panic+0x10/0x10 [ 134.952808][ C0] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 134.958738][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 134.965067][ C0] ? print_memory_metadata+0x314/0x400 [ 134.970530][ C0] ? flush_tlb_func+0x23d/0x6c0 [ 134.975383][ C0] check_panic_on_warn+0x89/0xb0 [ 134.980323][ C0] ? flush_tlb_func+0x23d/0x6c0 [ 134.985176][ C0] end_report+0x78/0x160 [ 134.989440][ C0] kasan_report+0x129/0x150 [ 134.994049][ C0] ? flush_tlb_func+0x23d/0x6c0 [ 134.998916][ C0] kasan_check_range+0x2b0/0x2c0 [ 135.003859][ C0] flush_tlb_func+0x23d/0x6c0 [ 135.008544][ C0] ? sched_clock+0x3f/0x60 [ 135.012965][ C0] ? __pfx_flush_tlb_func+0x10/0x10 [ 135.018168][ C0] ? __pfx_flush_tlb_func+0x10/0x10 [ 135.023367][ C0] __flush_smp_call_function_queue+0x370/0xaa0 [ 135.029544][ C0] ? __pfx_flush_tlb_func+0x10/0x10 [ 135.034919][ C0] __sysvec_call_function_single+0xa8/0x3d0 [ 135.040813][ C0] sysvec_call_function_single+0x4f/0xc0 [ 135.046447][ C0] asm_sysvec_call_function_single+0x1a/0x20 [ 135.052424][ C0] RIP: 0010:handle_softirqs+0x1b0/0x870 [ 135.057980][ C0] Code: 89 64 24 30 0f b7 db 48 c7 c7 a0 99 89 8b e8 87 55 f1 09 65 66 c7 05 c5 4e 3e 11 00 00 e8 f8 55 42 00 fb 49 c7 c7 c0 c0 00 8e ff ff ff ff 0f bc c3 41 89 c5 41 ff c5 0f 84 c2 03 00 00 89 5c [ 135.077626][ C0] RSP: 0018:ffffc90000007e40 EFLAGS: 00000286 [ 135.083809][ C0] RAX: 36c55d9c823cf500 RBX: 0000000000000382 RCX: 36c55d9c823cf500 [ 135.091896][ C0] RDX: 0000000000000000 RSI: ffffffff8da6993f RDI: ffffffff8be4b100 [ 135.099876][ C0] RBP: ffffc90000007f50 R08: ffffffff8fc29e37 R09: 1ffffffff1f853c6 [ 135.108042][ C0] R10: dffffc0000000000 R11: fffffbfff1f853c7 R12: 000000000000000a [ 135.116061][ C0] R13: 0000000000000000 R14: dffffc0000000000 R15: ffffffff8e00c0c0 [ 135.124144][ C0] ? lapic_next_event+0x11/0x20 [ 135.129017][ C0] ? clockevents_program_event+0x24d/0x360 [ 135.134828][ C0] ? __irq_exit_rcu+0xca/0x1f0 [ 135.139702][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 135.144989][ C0] ? irqtime_account_irq+0xb6/0x1c0 [ 135.150372][ C0] __irq_exit_rcu+0xca/0x1f0 [ 135.154976][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 135.160181][ C0] irq_exit_rcu+0x9/0x30 [ 135.164424][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 135.170069][ C0] [ 135.173003][ C0] [ 135.175954][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 135.182052][ C0] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 135.187782][ C0] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 83 86 11 00 f3 0f 1e fa fb f4 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 135.207395][ C0] RSP: 0018:ffffffff8e007d80 EFLAGS: 000002c6 [ 135.213478][ C0] RAX: 36c55d9c823cf500 RBX: ffffffff81971188 RCX: 36c55d9c823cf500 [ 135.221564][ C0] RDX: 0000000000000001 RSI: ffffffff8da6993f RDI: ffffffff8be4b100 [ 135.229538][ C0] RBP: ffffffff8e007ea8 R08: ffff8880b8632f1b R09: 1ffff110170c65e3 [ 135.237511][ C0] R10: dffffc0000000000 R11: ffffed10170c65e4 R12: ffffffff8fc29e30 [ 135.245488][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1c12a50 [ 135.253475][ C0] ? do_idle+0x1e8/0x510 [ 135.257746][ C0] default_idle+0x13/0x20 [ 135.262086][ C0] default_idle_call+0x74/0xb0 [ 135.266860][ C0] do_idle+0x1e8/0x510 [ 135.270931][ C0] ? __pfx_do_idle+0x10/0x10 [ 135.275525][ C0] cpu_startup_entry+0x44/0x60 [ 135.280371][ C0] rest_init+0x2de/0x300 [ 135.284608][ C0] ? __pfx_x86_late_time_init+0x10/0x10 [ 135.290159][ C0] start_kernel+0x47d/0x500 [ 135.294671][ C0] x86_64_start_reservations+0x24/0x30 [ 135.300138][ C0] x86_64_start_kernel+0x143/0x1c0 [ 135.305251][ C0] common_startup_64+0x13e/0x147 [ 135.310194][ C0] [ 135.313678][ C0] Kernel Offset: disabled [ 135.318042][ C0] Rebooting in 86400 seconds..