last executing test programs: 17.515203473s ago: executing program 2 (id=455): ioctl$TUNSETPERSIST(0xffffffffffffffff, 0x400454c9, 0x1) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = socket$inet(0x2, 0x1, 0x0) r1 = socket(0x10, 0x3, 0x0) socket$inet6(0xa, 0x3, 0x66) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x0, 0x0, 0xff, 0x9, 0x5}, {0x12, 0x2, 0x200, 0x401, 0x8001, 0x1400}, 0x0, 0x5, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x34, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffe0, 0xa}, {0x1, 0x10}}, [@qdisc_kind_options=@q_pfifo_fast={0xf}]}, 0x34}, 0x1, 0x0, 0x0, 0x55}, 0x4000) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @empty}, 0x10) 17.177082031s ago: executing program 2 (id=459): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000280)={{0x12, 0x1, 0x141, 0xf2, 0xc5, 0x96, 0x20, 0x16d0, 0x10b8, 0xde8e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x0, 0x2, 0x1, 0x0, 0x83, 0xec, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x1, 0x10}}]}}]}}]}}, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000040)={0x84, &(0x7f0000000000)={0x0, 0x16, 0xc, "00004700000040f400bec073"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000640)={0x44, &(0x7f0000000300)={0x40, 0x14, 0x28, "3cf033c502f001650ceda3698b7d52e3fee78a4c1cbffa474380859b0428375c913384c6fe73c381"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f0000000580)=ANY=[@ANYBLOB="20132800000030a6"], 0x0, 0x0, 0x0, 0x0}) 13.645144946s ago: executing program 2 (id=465): syz_usb_connect(0x3, 0x2d, 0x0, 0x0) r0 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00'}) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="9feb01001800000000000000340000003400000002000000000000000000000d030000000000000000"], 0x0, 0x4e}, 0x28) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={0x0, r3}, 0x18) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x23, 0x0, 0x6, 0x2, &(0x7f0000000640), 0x8, 0x0, 0x0, {0x1}}) r5 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SCSI_IOCTL_GET_PCI(r5, 0x5393, &(0x7f0000000000)) recvmmsg(r4, &(0x7f0000002ec0)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000300)=""/130, 0x82}, {&(0x7f00000004c0)=""/178, 0xb2}, {&(0x7f0000000580)=""/172, 0xac}], 0x3, &(0x7f0000000780)=""/244, 0xf4}, 0x4}, {{&(0x7f0000000640)=@xdp, 0x80, &(0x7f0000000fc0)=[{&(0x7f0000000880)=""/72, 0x48}, {&(0x7f0000000900)=""/160, 0xa0}, {&(0x7f0000001140)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/34, 0x22}, {&(0x7f00000009c0)=""/201, 0xc9}, {&(0x7f0000000b40)=""/210, 0xd2}, {&(0x7f0000000c40)=""/155, 0x9b}, {&(0x7f0000000d40)=""/232, 0xe8}, {&(0x7f0000000e40)=""/199, 0xc7}, {&(0x7f0000000f40)=""/87, 0x57}], 0xa}, 0x3}, {{&(0x7f0000001080)=@rc, 0x80, &(0x7f0000002800)=[{&(0x7f0000002140)=""/222, 0xde}, {&(0x7f0000000280)=""/37, 0x25}, {&(0x7f0000002240)=""/136, 0x88}, {&(0x7f0000002300)=""/206, 0xce}, {&(0x7f0000002400)=""/126, 0x7e}, {&(0x7f0000002480)=""/95, 0x5f}, {&(0x7f0000002500)=""/158, 0x9e}, {&(0x7f00000025c0)=""/174, 0xae}, {&(0x7f0000002680)=""/65, 0x41}, {&(0x7f0000002700)=""/203, 0xcb}], 0xa}, 0xff}, {{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f00000003c0)=""/10, 0xa}, {&(0x7f00000028c0)=""/111, 0x6f}], 0x2, &(0x7f0000002940)=""/106, 0x6a}, 0x4}, {{&(0x7f00000029c0)=@un=@abs, 0x80, &(0x7f0000002d80)=[{&(0x7f0000002a40)=""/157, 0x9d}, {&(0x7f0000002b00)=""/87, 0x57}, {&(0x7f0000002b80)=""/226, 0xe2}, {&(0x7f00000006c0)=""/24, 0x18}, {&(0x7f0000002c80)=""/125, 0x7d}, {&(0x7f0000002d00)=""/110, 0x6e}], 0x6, &(0x7f0000002e00)=""/187, 0xbb}, 0x5}], 0x5, 0x120, &(0x7f0000003040)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000001100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="380000002000010329bd7000100000000200000403000007020000001400110069616376746170300000000000000000080006002503"], 0x38}, 0x1, 0x0, 0x0, 0x240480c4}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="3800000010003704feffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="8b040400000000001800128008000100736974000c00028008000300ff"], 0x38}, 0x1, 0x0, 0x0, 0x4c050}, 0x20000000) 12.409263136s ago: executing program 3 (id=474): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = dup(0xffffffffffffffff) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r4, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) ioctl$SNDRV_TIMER_IOCTL_TREAD_OLD(0xffffffffffffffff, 0x40045402, 0x0) r5 = syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x0) ioctl$I2C_SMBUS(r5, 0x720, &(0x7f0000000000)={0x0, 0x0, 0x3, &(0x7f00000000c0)={0x19, "90f50180e64f61909103f1fbbc2b81c9f144d76e44c700100000e52829e7cb8393"}}) r6 = syz_io_uring_setup(0x318b, &(0x7f00000003c0)={0x0, 0xfec9, 0x8, 0x3}, &(0x7f0000000280), 0x0) io_uring_enter(r6, 0xdb4, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x79, 0x11, 0xa8}, [@ldst={0x5}], {0x95, 0x0, 0x74}}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x94) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)) 10.040715288s ago: executing program 3 (id=477): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) 9.362118193s ago: executing program 0 (id=479): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_RECVRCVINFO(0xffffffffffffffff, 0x84, 0x20, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) syz_open_procfs(0x0, 0x0) r1 = socket$inet6(0xa, 0x80002, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x20088004, &(0x7f0000000280)={0xa, 0x4e20, 0x0, @empty, 0x20000007}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="b4050000200080006110600000000000c60000000000000095000000000000009f33ef60916e6e893f1eeb0be20000d072f5b89c3043c47c896ce0bc8731fa595b6b4d45ef26dcca5582054d54d53cd2b6db714e4b94bdae214fa68a0557eb3c5ca683a4b6fc89398f2b9000f224891060017c4700de60beac671e8e8fdecb03588aa6007e71f871ab5c2ff88afc6002084e5b52710aeee835cf0d78e45f70983826fb8579c1fb47d2c5553d2ccb5fc5b51fe6b174ebd9907dcff414ed55b0d18a93ee341ab59016f81860324b800300000000000092d9c5fe34ccb80a61ffcb3363073fd8962823ee45f5d7394e9510f4a801efdf008499d7aca1afac6c702cfabe8a9c55c8dafcdb110036e14c1035cafdfef6a358cbfadb3579a285580a3c080d4e0a48d7bdc38a0437c8c1b3aa408a"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x12, 0x4, 0x4, 0x12}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000480)={{r2}, &(0x7f0000000340), &(0x7f0000000440)=r1}, 0x20) sendmsg(r1, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x40051) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_mptcp(0xa, 0x1, 0x106) timer_create(0x2, 0x0, 0x0) timer_create(0x2, 0x0, &(0x7f0000000080)=0x0) timer_delete(r3) r4 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000100)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r4, &(0x7f00000000c0)='asymmetric\x00', &(0x7f0000000280)=@chain) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x84, 0x25, 0x0, 0x0) 8.212215936s ago: executing program 3 (id=481): r0 = syz_usb_connect(0x6, 0x0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'default', 0x20, 'trusted:', 's}z', 0x20, 0xfcd}, 0x2f, 0xfffffffffffffffa) syz_open_dev$sndctrl(0x0, 0x3, 0x404002) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000300)="d8000000180081054e81f782db4cb904021d080406037c09e8fe55a10a0015400400142603600e122f00160006000400a8000600200003400700027c035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee", 0xbd}], 0x1, 0x0, 0x0, 0x4a0f0000}, 0xc000) syz_usb_control_io$printer(r0, 0x0, 0x0) 8.15813628s ago: executing program 0 (id=482): r0 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00'}) socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x1, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) bind$netlink(r3, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfa, 0x400000}, 0xc) getsockname$packet(r3, 0x0, &(0x7f0000000080)) sendmsg$nl_route(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c00000010000d042abd70000000000000000000", @ANYRES32, @ANYBLOB="01001400000000001c00128009000100626f6e64000000000c0002800500010004"], 0x3c}, 0x1, 0x0, 0x0, 0x40040}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'bond0\x00'}) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x11, 0x80a, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=r6, @ANYBLOB="00000000000000001c00128009000100626f6e64000000000c0002800800070003"], 0x3c}}, 0x0) r7 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r7, 0x0, 0x0) 7.933331778s ago: executing program 0 (id=485): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x3) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, 0x0) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0x40a85323, &(0x7f0000000380)={{0x3, 0x81}, 'port0\x00', 0x41, 0x20010, 0x2, 0x1ff, 0x8000, 0xfffffffe, 0x8, 0x0, 0x4, 0xf4}) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4000, 0x0, &(0x7f0000389000/0x4000)=nil) syz_emit_ethernet(0x6a, &(0x7f0000000200)=ANY=[@ANYBLOB="ffffffffffffbbbbbbbbbbbb08004500005c0000000000019078ac1e0001ac1414aa05009078e00000e0400000000000000000110000ac1414aa00000000442c00030a0101000000e7b2d60ba30000ac1c14bbff"], 0x0) r2 = syz_open_dev$video4linux(&(0x7f0000000c80), 0x7, 0xc82) ioctl$VIDIOC_SUBDEV_G_FMT(r2, 0xc0585604, &(0x7f0000000cc0)={0x0, 0x0, {0xfffff982, 0x8, 0x300f, 0x3, 0x7, 0x0, 0x2, 0x4}}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000001e40)=ANY=[], 0x48) ioctl$SIOCSIFHWADDR(r3, 0x8b0f, &(0x7f0000000140)={'wlan1\x00', @random="0300000000eb"}) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000040)={0xffffffffffffffff}, 0x106}}, 0x20) r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r5, 0x4008af60, &(0x7f0000000040)={@my=0x1}) socket$vsock_stream(0x28, 0x1, 0x0) shutdown(r3, 0x0) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x4, 0x7fff0000}]}) close_range(r6, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x7, @remote}, r4}}, 0x48) 7.177350239s ago: executing program 2 (id=486): r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180)=0x0, 0x0) syz_io_uring_submit(r3, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r2, 0x2ded, 0xef92, 0x0, 0x0, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff}) vmsplice(r4, &(0x7f0000000180)=[{&(0x7f0000000080)="a1", 0x1}], 0x1, 0x8) 5.761690024s ago: executing program 1 (id=489): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000280)={0x3, 0x40, 0xfa00, {{0xa, 0x4e22, 0x7ff, @empty, 0x1}, {0xa, 0x4e20, 0x17f, @dev={0xfe, 0x80, '\x00', 0xb}, 0x9}, 0xffffffffffffffff, 0xb}}, 0x48) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000000c0)="98a591c65382f702b9eb", 0xa}, {&(0x7f00000006c0)="da467702f9520108dcebc5560e4f93142974b51221138c2cdf5b4d577cb800c423ace69c1eba8d0c505baa2ad7ddff4bc6e17bd735b3576550a4b33160cad82f3df56db53fbf5fbad6125c8b7932af43ba88cd499a6c421696d57ff38d5231dc712a114aaeae7681c19a1975b5ae7a925a7b878d482b1375a1b59f2b669bcf1f5a39f4241eef5d48ba4a16fb354031b55dd5bad3ff8d69fe0a9e54a633953fea9e23fdf840a0b9270d", 0xa9}, {&(0x7f0000000300)="f111f39463acbac94f37eaaa931da78c8c414a4edadbcac605b6a5089e71e9b125f3a628ad2cbfd97cb9ad0e", 0x2c}], 0x3, 0x0, 0x0, 0x4000}, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[], 0x3c}}, 0x44000) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r2, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="a80000"], 0xa8}, 0x1, 0x0, 0x0, 0x4000}, 0x10) r3 = syz_open_dev$media(&(0x7f0000000380), 0x0, 0x0) r4 = syz_open_dev$media(&(0x7f0000001a80), 0x3, 0x0) ioctl$MEDIA_IOC_ENUM_LINKS(r4, 0xc0287c02, &(0x7f00000002c0)={0x80000000, 0x0, &(0x7f0000002c40)=[{{0x80000000, 0x0}}, {{0x80000000}}]}) ioctl$MEDIA_IOC_ENUM_LINKS(r4, 0xc0287c02, &(0x7f0000000400)={r6, &(0x7f00000007c0)=[{0x80000000}], &(0x7f0000000500)=[{{}, {0x80000000}}]}) ioctl$MEDIA_IOC_ENUM_LINKS(r4, 0xc0287c02, &(0x7f0000000280)={r8, 0x0, &(0x7f0000000080)=[{{0x80000000, 0x0}}]}) ioctl$MEDIA_IOC_SETUP_LINK(r3, 0xc0347c03, &(0x7f000000a300)={{r7, r10, 0x0, [0x1, 0x2]}, {r9, r5, 0x0, [0xc1b, 0x8]}, 0x1, [0x1007e, 0x9]}) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a28000000000a030000000000000000000100000908000240000000050900010073797a300000000028000000000a"], 0x78}, 0x1, 0x0, 0x0, 0x890}, 0x0) r11 = socket$alg(0x26, 0x5, 0x0) bind$alg(r11, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58) 5.557972201s ago: executing program 0 (id=490): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) 5.489340186s ago: executing program 2 (id=491): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_RECVRCVINFO(0xffffffffffffffff, 0x84, 0x20, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) syz_open_procfs(0x0, 0x0) r1 = socket$inet6(0xa, 0x80002, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x20088004, &(0x7f0000000280)={0xa, 0x4e20, 0x0, @empty, 0x20000007}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="b4050000200080006110600000000000c60000000000000095000000000000009f33ef60916e6e893f1eeb0be20000d072f5b89c3043c47c896ce0bc8731fa595b6b4d45ef26dcca5582054d54d53cd2b6db714e4b94bdae214fa68a0557eb3c5ca683a4b6fc89398f2b9000f224891060017c4700de60beac671e8e8fdecb03588aa6007e71f871ab5c2ff88afc6002084e5b52710aeee835cf0d78e45f70983826fb8579c1fb47d2c5553d2ccb5fc5b51fe6b174ebd9907dcff414ed55b0d18a93ee341ab59016f81860324b800300000000000092d9c5fe34ccb80a61ffcb3363073fd8962823ee45f5d7394e9510f4a801efdf008499d7aca1afac6c702cfabe8a9c55c8dafcdb110036e14c1035cafdfef6a358cbfadb3579a285580a3c080d4e0a48d7bdc38a0437c8c1b3aa408a"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000480)={{}, &(0x7f0000000340), &(0x7f0000000440)=r1}, 0x20) sendmsg(r1, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x40051) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_mptcp(0xa, 0x1, 0x106) timer_create(0x2, 0x0, 0x0) timer_create(0x2, 0x0, &(0x7f0000000080)=0x0) timer_delete(r2) r3 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000100)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r3, &(0x7f00000000c0)='asymmetric\x00', &(0x7f0000000280)=@chain) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x84, 0x25, 0x0, 0x0) 4.628360056s ago: executing program 3 (id=492): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x1000000) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r1, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x12}) io_uring_enter(0xffffffffffffffff, 0x847ba, 0x0, 0xe, 0x0, 0x0) 4.533625743s ago: executing program 1 (id=493): r0 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00'}) socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x1, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) bind$netlink(r3, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfa, 0x400000}, 0xc) getsockname$packet(r3, 0x0, &(0x7f0000000080)) sendmsg$nl_route(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c00000010000d042abd70000000000000000000", @ANYRES32, @ANYBLOB="01001400000000001c00128009000100626f6e64000000000c0002800500010004"], 0x3c}, 0x1, 0x0, 0x0, 0x40040}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'bond0\x00'}) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x11, 0x80a, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=r6, @ANYBLOB="00000000000000001c00128009000100626f6e64000000000c0002800800070003"], 0x3c}}, 0x0) r7 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r7, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x0) 4.056514762s ago: executing program 2 (id=494): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000083667d1040206402d14e0102030109021b000100000000090400000190f19c00090584"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) r1 = syz_open_dev$I2C(&(0x7f0000000100), 0x2, 0x1) ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000380)={&(0x7f0000000340)=[{0x4, 0x8000, 0x1, &(0x7f0000000200)='\\'}], 0x1}) 3.09118381s ago: executing program 3 (id=495): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0xb5, 0x40, 0x33, 0x40, 0x1a86, 0x7522, 0x3536, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xe4, 0xd6, 0x24}}]}}]}}, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000040)={0x1c, &(0x7f0000000200)={0x40, 0x3}, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) 3.09047435s ago: executing program 0 (id=496): r0 = fsopen(&(0x7f0000000080)='ext3\x00', 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x3, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), r2) getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}, {0x0, 0x1}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000100)='test_dummy_encryption', &(0x7f0000000240)='v2\x00ul\x00\x00\x00\x00\x00loc\x8d\x8b#\xe0\xb9\xbd\"\xeb.\xc7]\xa67\x97 \xc9\xfc|\x85o7Z\xdc}U\x8c\xdd\n\xaa?4\xafq\x1d\xf6(\xe6\x9em_\x1a\xbfDi\x15\x81\xd47\x8e\x86\xa2u~FC\x9c\xe3\x98\x87\x98\xf7\xa2\xb5\x12\x8cv\xe4_\x91\xa8G!mm\f\xcf\xfb[\xd5Qf\x15\xfe\xc80\xad\xaa\xe9', 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) sync() r5 = syz_open_dev$video(&(0x7f0000002440), 0x9, 0x80101) ioctl$VIDIOC_S_PARM(r5, 0xc0cc5616, &(0x7f0000004a80)={0xd, @output={0x0, 0x1, {0x0, 0x2}, 0x101, 0x3}}) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0xfffffffffffffffc, &(0x7f00000005c0), 0x111, 0x9}}, 0x20) 2.977339989s ago: executing program 1 (id=497): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$nl_rdma(0x10, 0x3, 0x14) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$inet_sctp(0x2, 0x5, 0x84) socket$inet6_mptcp(0xa, 0x1, 0x106) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x9}, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000003e000701feffffff00000000017c0000040042800c00018006000600894f0000200002"], 0x44}, 0x1, 0x0, 0x0, 0x40040c0}, 0xc000) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000)) r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCADDRT(r4, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @default, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}) socket(0x2, 0x80805, 0x0) r5 = syz_init_net_socket$rose(0xb, 0x5, 0x0) connect$rose(r5, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c) connect$rose(r5, &(0x7f0000000100)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x0, [@null, @null, @null, @default, @bcast, @default]}, 0x40) sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000001c0)=ANY=[@ANYRES64=r4], 0x18}, 0x1, 0x0, 0x0, 0x4000040}, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000380)={0x0, 0x0, 0x10}, 0xc) 2.087750131s ago: executing program 0 (id=498): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000280)={{0x12, 0x1, 0x141, 0xf2, 0xc5, 0x96, 0x20, 0x16d0, 0x10b8, 0xde8e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x0, 0x2, 0x1, 0x0, 0x83, 0xec, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x1, 0x10}}]}}]}}]}}, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000040)={0x84, &(0x7f0000000000)={0x0, 0x16, 0xc, "00004700000040f400bec073"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000640)={0x44, &(0x7f0000000300)={0x40, 0x14, 0x28, "3cf033c502f001650ceda3698b7d52e3fee78a4c1cbffa474380859b0428375c913384c6fe73c381"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f0000000580)=ANY=[@ANYBLOB="20132800000030a6"], 0x0, 0x0, 0x0, 0x0}) 2.084036132s ago: executing program 1 (id=499): r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, 0x0) io_uring_enter(r2, 0x2ded, 0xef92, 0x0, 0x0, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff}) vmsplice(r5, &(0x7f0000000180)=[{&(0x7f0000000080)="a1", 0x1}], 0x1, 0x8) 1.11734425s ago: executing program 1 (id=500): socket$kcm(0x2, 0x200000000000001, 0x106) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xb, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000}, 0x94) r1 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$TOKEN_CREATE(0x24, &(0x7f0000000340)={0x0, r1}, 0x8) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000940)=@bpf_tracing={0x1a, 0x18, &(0x7f0000000a00)=@raw=[@map_fd={0x18, 0xb, 0x1, 0x0, r1}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff8}, @alu={0x4, 0x0, 0x2, 0x5, 0x1, 0x10, 0xfffffffffffffffc}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}, @ringbuf_query, @jmp={0x5, 0x1, 0x0, 0x2, 0x8, 0x1, 0x1}, @btf_id={0x18, 0xa, 0x3, 0x0, 0x4}], &(0x7f0000000180)='GPL\x00', 0x4, 0xe7, &(0x7f0000000680)=""/231, 0x41000, 0x0, '\x00', 0x0, 0x18, r1, 0x8, &(0x7f0000000200)={0x6, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x2f71b, r0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r1}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000b00)=ANY=[@ANYBLOB="05000000000000006b113600000000008510000002000000850000000500000095003300000000009500a505000000006901ee3d8cf6fbc48bc095b6462f7756"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xb8000000}, 0x70) socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x48) bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r4 = dup(r3) write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff, 0x0, 0xfffffffffffffff1, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, &(0x7f0000000140)={0x1ff, 0x1000000000, 0x5, 0x4, 0x0, 0xfffffffffffffffd, 0x0, 0xfffffffffffffffe}, 0x0, 0x0) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x2, &(0x7f0000000180)=@gcm_256={{0x303}, "c4915c7f49541ce8", "9b84f987950ff3df25fa8f46983d34157e047d27ae4a66a6d15608a32cbaa5bc", '\x00', "be0ea450d5a5fd03"}, 0x38) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000000)={0x0, @in={{0x2, 0x4e22, @empty}}, 0x0, 0xffff}, 0x90) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup_type(r5, &(0x7f0000000100), 0x2, 0x0) write$cgroup_type(r6, &(0x7f0000000280), 0x9) 124.34185ms ago: executing program 1 (id=501): r0 = syz_usb_connect(0x6, 0x0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'default', 0x20, 'trusted:', 's}z', 0x20, 0xfcd}, 0x2f, 0xfffffffffffffffa) syz_open_dev$sndctrl(0x0, 0x3, 0x404002) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000300)="d8000000180081054e81f782db4cb904021d080406037c09e8fe55a10a0015400400142603600e122f00160006000400a8000600200003400700027c035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee", 0xbd}], 0x1, 0x0, 0x0, 0x4a0f0000}, 0xc000) syz_usb_control_io$printer(r0, 0x0, 0x0) 0s ago: executing program 3 (id=502): bind$packet(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000280)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) r2 = getpid() syz_pidfd_open(r2, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x20) syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x141, 0x48, 0x13, 0x44, 0x20, 0x424, 0x7500, 0x69ee, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xb8, 0x7, 0x0, 0x96, 0xd1, 0xca}}]}}]}}, 0x0) read$FUSE(r3, &(0x7f0000005b80)={0x2020}, 0x2020) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=ANY=[@ANYBLOB="1c0000001800ffffffff7bfbfcdbdf250a148000ff01fd07"], 0x1c}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x40d, 0x30bd2c, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8209}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_MODE={0x5, 0x1, 0x5}, @IFLA_BOND_MIIMON={0x8}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x400c}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.11' (ED25519) to the list of known hosts. [ 76.251527][ T5777] cgroup: Unknown subsys name 'net' [ 76.392035][ T5777] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 77.988247][ T5777] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 80.108411][ T5800] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 80.128298][ T5797] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 80.129096][ T5800] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 80.142949][ T5798] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 80.144573][ T5800] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 80.157672][ T5801] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 80.159794][ T5798] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 80.165241][ T5801] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 80.174990][ T5800] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 80.179479][ T5803] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 80.194160][ T5800] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 80.194349][ T5803] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 80.202159][ T5800] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 80.209745][ T5801] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 80.223264][ T5803] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 80.230960][ T5801] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 80.235011][ T5800] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 80.238515][ T5801] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 80.252450][ T5803] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 80.254520][ T5800] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 80.293361][ T5797] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 80.302322][ T50] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 80.310204][ T50] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 80.318348][ T50] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 80.830413][ T5786] chnl_net:caif_netlink_parms(): no params data found [ 80.847932][ T5789] chnl_net:caif_netlink_parms(): no params data found [ 80.873142][ T5787] chnl_net:caif_netlink_parms(): no params data found [ 80.973025][ T5788] chnl_net:caif_netlink_parms(): no params data found [ 81.063261][ T5786] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.070611][ T5786] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.078867][ T5786] bridge_slave_0: entered allmulticast mode [ 81.086285][ T5786] bridge_slave_0: entered promiscuous mode [ 81.129053][ T5786] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.136518][ T5786] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.143629][ T5786] bridge_slave_1: entered allmulticast mode [ 81.151601][ T5786] bridge_slave_1: entered promiscuous mode [ 81.163490][ T5787] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.171062][ T5787] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.178316][ T5787] bridge_slave_0: entered allmulticast mode [ 81.185770][ T5787] bridge_slave_0: entered promiscuous mode [ 81.192934][ T5789] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.200331][ T5789] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.207573][ T5789] bridge_slave_0: entered allmulticast mode [ 81.214787][ T5789] bridge_slave_0: entered promiscuous mode [ 81.252380][ T5787] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.259661][ T5787] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.267160][ T5787] bridge_slave_1: entered allmulticast mode [ 81.274079][ T5787] bridge_slave_1: entered promiscuous mode [ 81.281060][ T5789] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.289922][ T5789] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.297144][ T5789] bridge_slave_1: entered allmulticast mode [ 81.304286][ T5789] bridge_slave_1: entered promiscuous mode [ 81.314104][ T5786] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.351142][ T5786] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.399947][ T5789] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.436285][ T5787] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.448774][ T5789] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.481528][ T5788] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.489718][ T5788] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.497044][ T5788] bridge_slave_0: entered allmulticast mode [ 81.504515][ T5788] bridge_slave_0: entered promiscuous mode [ 81.513919][ T5787] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.550289][ T5786] team0: Port device team_slave_0 added [ 81.561072][ T5786] team0: Port device team_slave_1 added [ 81.567528][ T5788] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.575330][ T5788] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.582496][ T5788] bridge_slave_1: entered allmulticast mode [ 81.590099][ T5788] bridge_slave_1: entered promiscuous mode [ 81.611975][ T5789] team0: Port device team_slave_0 added [ 81.656007][ T5787] team0: Port device team_slave_0 added [ 81.663537][ T5789] team0: Port device team_slave_1 added [ 81.670452][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.677585][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.703569][ T5786] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.717329][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.724481][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.750418][ T5786] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.774346][ T5787] team0: Port device team_slave_1 added [ 81.782594][ T5788] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.828025][ T5788] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.922231][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.929387][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.955425][ T5787] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.968360][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.975787][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.004444][ T5789] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 82.017469][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 82.024695][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.050838][ T5789] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 82.068248][ T5786] hsr_slave_0: entered promiscuous mode [ 82.076429][ T5786] hsr_slave_1: entered promiscuous mode [ 82.087105][ T5788] team0: Port device team_slave_0 added [ 82.093857][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 82.100902][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.128322][ T5787] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 82.166758][ T5788] team0: Port device team_slave_1 added [ 82.305377][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 82.312376][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.339312][ T50] Bluetooth: hci2: command tx timeout [ 82.344246][ T50] Bluetooth: hci0: command tx timeout [ 82.346335][ T5788] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 82.368520][ T5789] hsr_slave_0: entered promiscuous mode [ 82.375368][ T5789] hsr_slave_1: entered promiscuous mode [ 82.381681][ T5789] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 82.390457][ T5789] Cannot create hsr debugfs directory [ 82.396022][ T50] Bluetooth: hci3: command tx timeout [ 82.404119][ T50] Bluetooth: hci1: command tx timeout [ 82.441179][ T5787] hsr_slave_0: entered promiscuous mode [ 82.449713][ T5787] hsr_slave_1: entered promiscuous mode [ 82.461113][ T5787] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 82.468988][ T5787] Cannot create hsr debugfs directory [ 82.481433][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 82.488706][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.515279][ T5788] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 82.615730][ T5788] hsr_slave_0: entered promiscuous mode [ 82.622169][ T5788] hsr_slave_1: entered promiscuous mode [ 82.628570][ T5788] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 82.637036][ T5788] Cannot create hsr debugfs directory [ 82.919097][ T5786] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 82.930601][ T5786] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 82.967243][ T5786] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 82.978229][ T5786] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 83.079694][ T5789] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 83.090745][ T5789] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 83.102054][ T5789] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 83.112301][ T5789] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 83.188283][ T5787] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 83.202092][ T5787] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 83.217359][ T5787] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 83.227814][ T5787] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 83.325914][ T5788] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 83.336174][ T5788] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 83.350235][ T5788] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 83.361088][ T5788] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 83.400339][ T5786] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.453023][ T5786] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.521252][ T5789] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.532228][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.539690][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.549855][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.557026][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.591233][ T5787] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.632393][ T5787] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.666598][ T5789] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.677643][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.684836][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.715012][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.722165][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.733018][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.740150][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.760453][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.767613][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.842463][ T5788] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.915414][ T5788] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.940093][ T5789] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 83.979171][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.986378][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.007764][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.014963][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.342218][ T5786] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.394751][ T5104] Bluetooth: hci2: command tx timeout [ 84.400453][ T50] Bluetooth: hci0: command tx timeout [ 84.412338][ T5787] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.460670][ T5789] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.475576][ T5104] Bluetooth: hci3: command tx timeout [ 84.481097][ T50] Bluetooth: hci1: command tx timeout [ 84.546891][ T5786] veth0_vlan: entered promiscuous mode [ 84.562348][ T5786] veth1_vlan: entered promiscuous mode [ 84.605935][ T5787] veth0_vlan: entered promiscuous mode [ 84.627868][ T5788] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.641626][ T5786] veth0_macvtap: entered promiscuous mode [ 84.653796][ T5786] veth1_macvtap: entered promiscuous mode [ 84.662092][ T5787] veth1_vlan: entered promiscuous mode [ 84.719275][ T5789] veth0_vlan: entered promiscuous mode [ 84.739168][ T5789] veth1_vlan: entered promiscuous mode [ 84.750655][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.780801][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.805880][ T5787] veth0_macvtap: entered promiscuous mode [ 84.825383][ T5788] veth0_vlan: entered promiscuous mode [ 84.833907][ T5786] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.843008][ T5786] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.852004][ T5786] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.860908][ T5786] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.878919][ T5787] veth1_macvtap: entered promiscuous mode [ 84.923093][ T5788] veth1_vlan: entered promiscuous mode [ 84.933266][ T5789] veth0_macvtap: entered promiscuous mode [ 84.961817][ T5789] veth1_macvtap: entered promiscuous mode [ 84.969969][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 84.982268][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.998800][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.010700][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.022115][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.033143][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.076761][ T5787] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.085704][ T5787] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.095702][ T5787] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.105826][ T5787] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.133055][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.145952][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.156193][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.166755][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.178726][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.202179][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.213063][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.223224][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.234251][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.245413][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.297578][ T5789] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.306782][ T5789] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.318969][ T5789] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.327832][ T5789] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.352261][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.354759][ T5788] veth0_macvtap: entered promiscuous mode [ 85.373025][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.409298][ T5788] veth1_macvtap: entered promiscuous mode [ 85.466966][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.479487][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.492508][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.503162][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.504207][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.514601][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.531350][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.545768][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.557273][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.567215][ T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.579152][ T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.602904][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.614515][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.624433][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.634913][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.646029][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.656748][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.668116][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.739144][ T5788] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.750592][ T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.760340][ T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.765965][ T5788] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.777269][ T5788] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.786156][ T5788] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.906865][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.931029][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.204290][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 86.474548][ T50] Bluetooth: hci0: command tx timeout [ 86.475974][ T5104] Bluetooth: hci2: command tx timeout [ 86.564494][ T5104] Bluetooth: hci1: command tx timeout [ 86.570325][ T5104] Bluetooth: hci3: command tx timeout [ 86.724707][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 86.758926][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.819527][ T3505] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.865876][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.940053][ T3505] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.510338][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.595446][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.304066][ T0] NOHZ tick-stop error: local softirq work is pending, handler #142!!! [ 88.313030][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 88.556334][ T50] Bluetooth: hci0: command tx timeout [ 88.556356][ T5104] Bluetooth: hci2: command tx timeout [ 88.603444][ T5917] bpq0: entered allmulticast mode [ 88.635672][ T50] Bluetooth: hci3: command tx timeout [ 88.641363][ T50] Bluetooth: hci1: command tx timeout [ 89.114355][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 89.225692][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 89.430087][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 89.438815][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 89.544401][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 89.634792][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 89.954562][ T5928] netlink: 'syz.3.13': attribute type 10 has an invalid length. [ 90.012389][ T5929] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 90.053146][ T5928] syz_tun: entered promiscuous mode [ 90.086521][ T5928] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 90.498180][ T5934] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 90.608530][ T5936] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0 [ 92.121324][ T5948] mmap: syz.3.17 (5948) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 92.459601][ T8] cfg80211: failed to load regulatory.db [ 93.047500][ T5954] tipc: Enabling of bearer rejected, failed to enable media [ 94.790164][ T5975] netlink: 'syz.0.22': attribute type 21 has an invalid length. [ 94.798361][ T5975] netlink: 128 bytes leftover after parsing attributes in process `syz.0.22'. [ 94.807466][ T5975] netlink: 'syz.0.22': attribute type 4 has an invalid length. [ 94.815178][ T5975] netlink: 3 bytes leftover after parsing attributes in process `syz.0.22'. [ 99.569624][ T6011] syz.3.32[6011]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 100.745922][ T6018] process 'syz.0.33' launched './file0' with NULL argv: empty string added [ 101.414574][ T28] audit: type=1326 audit(1755083879.003:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6021 comm="syz.3.35" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39118ebe9 code=0x7ffc0000 [ 101.473260][ T28] audit: type=1326 audit(1755083879.033:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6021 comm="syz.3.35" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39118ebe9 code=0x7ffc0000 [ 101.540557][ T28] audit: type=1326 audit(1755083879.033:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6021 comm="syz.3.35" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fe39118ebe9 code=0x7ffc0000 [ 101.718390][ T28] audit: type=1326 audit(1755083879.033:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6021 comm="syz.3.35" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fe39118ec23 code=0x7ffc0000 [ 101.752248][ T28] audit: type=1326 audit(1755083879.033:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6021 comm="syz.3.35" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39118ebe9 code=0x7ffc0000 [ 101.779963][ T28] audit: type=1326 audit(1755083879.033:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6021 comm="syz.3.35" exe="/root/syz-executor" sig=0 arch=c000003e syscall=233 compat=0 ip=0x7fe39118ebe9 code=0x7ffc0000 [ 101.912023][ T28] audit: type=1326 audit(1755083879.033:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6021 comm="syz.3.35" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe39118ebe9 code=0x7ffc0000 [ 102.022181][ T28] audit: type=1326 audit(1755083879.033:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6021 comm="syz.3.35" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fe39118ebe9 code=0x7ffc0000 [ 102.045359][ T28] audit: type=1326 audit(1755083879.033:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6021 comm="syz.3.35" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fe39118ec23 code=0x7ffc0000 [ 102.052963][ T6038] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0 [ 102.067910][ T28] audit: type=1326 audit(1755083879.033:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6021 comm="syz.3.35" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fe39118ec23 code=0x7ffc0000 [ 103.804467][ T6046] netlink: 28 bytes leftover after parsing attributes in process `syz.1.41'. [ 103.821138][ T6046] netlink: 'syz.1.41': attribute type 10 has an invalid length. [ 103.829861][ T6046] syz_tun: entered promiscuous mode [ 103.866676][ T6046] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 105.561934][ T50] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 105.572085][ T50] Bluetooth: hci2: Injecting HCI hardware error event [ 105.581118][ T5104] Bluetooth: hci2: hardware error 0x00 [ 106.154157][ T5877] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 106.354117][ T5877] usb 1-1: Using ep0 maxpacket: 32 [ 106.363791][ T5877] usb 1-1: config 0 interface 0 has no altsetting 0 [ 106.373104][ T5877] usb 1-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 106.382745][ T5877] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 106.391015][ T5877] usb 1-1: Product: syz [ 106.397305][ T5877] usb 1-1: Manufacturer: syz [ 106.404155][ T5877] usb 1-1: SerialNumber: syz [ 106.470444][ T5877] usb 1-1: config 0 descriptor?? [ 107.099030][ T6059] syz.3.44 (6059) used greatest stack depth: 20680 bytes left [ 107.268520][ T5877] gs_usb 1-1:0.0: Configuring for 1 interfaces [ 107.684138][ T5104] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 108.059418][ T786] usb 1-1: USB disconnect, device number 2 [ 108.065638][ T6084] netlink: 28 bytes leftover after parsing attributes in process `syz.2.52'. [ 108.100466][ T6082] netlink: 'syz.2.52': attribute type 10 has an invalid length. [ 108.119257][ T6082] syz_tun: entered promiscuous mode [ 108.235869][ T6082] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 108.369431][ T6089] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0 [ 111.217220][ T6124] mkiss: ax0: crc mode is auto. [ 114.494092][ T786] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 114.766870][ T786] usb 4-1: too many configurations: 9, using maximum allowed: 8 [ 114.781165][ T786] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 115.370102][ T786] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 115.423821][ T786] usb 4-1: config 0 interface 0 has no altsetting 0 [ 115.443704][ T786] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 115.463656][ T786] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 115.484230][ T6160] tipc: Started in network mode [ 115.489198][ T6160] tipc: Node identity 9237e8878852, cluster identity 4711 [ 115.499755][ T786] usb 4-1: config 0 interface 0 has no altsetting 0 [ 115.541032][ T786] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 115.555780][ T6160] tipc: Enabled bearer , priority 0 [ 115.564392][ T786] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 115.604032][ T786] usb 4-1: config 0 interface 0 has no altsetting 0 [ 115.613132][ T6160] tipc: Resetting bearer [ 115.615584][ T786] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 115.638266][ T786] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 115.686224][ T6158] tipc: Disabling bearer [ 115.695182][ T786] usb 4-1: config 0 interface 0 has no altsetting 0 [ 115.723935][ T786] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 115.747679][ T786] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 115.782423][ T786] usb 4-1: config 0 interface 0 has no altsetting 0 [ 115.796630][ T786] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 115.814114][ T786] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 115.844087][ T786] usb 4-1: config 0 interface 0 has no altsetting 0 [ 115.863011][ T786] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 115.894702][ T786] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 115.964083][ T786] usb 4-1: config 0 interface 0 has no altsetting 0 [ 115.985573][ T786] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 116.014126][ T786] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 116.040749][ T786] usb 4-1: config 0 interface 0 has no altsetting 0 [ 116.071619][ T786] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 116.081624][ T786] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 116.099837][ T786] usb 4-1: Product: syz [ 116.143670][ T786] usb 4-1: Manufacturer: syz [ 116.177713][ T786] usb 4-1: SerialNumber: syz [ 116.286442][ T786] usb 4-1: config 0 descriptor?? [ 117.056695][ T786] yurex 4-1:0.0: USB YUREX device now attached to Yurex #0 [ 117.122843][ T786] usb 4-1: USB disconnect, device number 2 [ 117.146210][ T786] yurex 4-1:0.0: USB YUREX #0 now disconnected [ 118.268661][ T6200] netlink: 'syz.1.77': attribute type 21 has an invalid length. [ 118.276553][ T6200] netlink: 128 bytes leftover after parsing attributes in process `syz.1.77'. [ 118.286113][ T6200] netlink: 'syz.1.77': attribute type 4 has an invalid length. [ 118.293710][ T6200] netlink: 3 bytes leftover after parsing attributes in process `syz.1.77'. [ 120.253842][ T6208] orangefs_mount: mount request failed with -4 [ 123.809484][ T6242] netlink: 12 bytes leftover after parsing attributes in process `syz.1.88'. [ 123.825598][ T6242] netlink: 'syz.1.88': attribute type 10 has an invalid length. [ 124.220766][ T6246] tipc: Enabled bearer , priority 0 [ 124.256493][ T6246] syzkaller0: entered promiscuous mode [ 124.268849][ T6246] syzkaller0: entered allmulticast mode [ 124.375633][ T6252] Zero length message leads to an empty skb [ 125.123767][ T6252] tipc: Resetting bearer [ 125.152694][ T6245] tipc: Resetting bearer [ 125.181377][ T6245] tipc: Disabling bearer [ 127.483561][ T6276] netlink: 12 bytes leftover after parsing attributes in process `syz.2.99'. [ 127.493641][ T6276] netlink: 'syz.2.99': attribute type 10 has an invalid length. [ 132.464081][ T5875] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 133.128234][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.136476][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.344064][ T5875] usb 2-1: Using ep0 maxpacket: 32 [ 133.370592][ T5875] usb 2-1: config 0 interface 0 has no altsetting 0 [ 133.380045][ T5875] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 133.389713][ T5875] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 133.398419][ T5875] usb 2-1: Product: syz [ 133.406575][ T5875] usb 2-1: Manufacturer: syz [ 133.411219][ T5875] usb 2-1: SerialNumber: syz [ 133.426429][ T5875] usb 2-1: config 0 descriptor?? [ 134.193782][ T5875] gs_usb 2-1:0.0: Configuring for 1 interfaces [ 134.623058][ T5875] usb 2-1: USB disconnect, device number 2 [ 139.162626][ T6381] netlink: 'syz.0.127': attribute type 21 has an invalid length. [ 139.170603][ T6381] netlink: 128 bytes leftover after parsing attributes in process `syz.0.127'. [ 139.180294][ T6381] netlink: 'syz.0.127': attribute type 4 has an invalid length. [ 139.188100][ T6381] netlink: 3 bytes leftover after parsing attributes in process `syz.0.127'. [ 139.877732][ T6380] syz.1.125: attempt to access beyond end of device [ 139.877732][ T6380] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0 [ 139.893111][ T6380] syz.1.125: attempt to access beyond end of device [ 139.893111][ T6380] nbd1: rw=0, sector=120, nr_sectors = 8 limit=0 [ 139.907097][ T6380] Mount JFS Failure: -5 [ 139.931281][ T5875] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 140.145594][ T5875] usb 4-1: Using ep0 maxpacket: 32 [ 140.167519][ T5875] usb 4-1: config 0 interface 0 has no altsetting 0 [ 140.203569][ T5875] usb 4-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 140.253545][ T5875] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 140.263907][ T5875] usb 4-1: Product: syz [ 140.269611][ T5875] usb 4-1: Manufacturer: syz [ 140.279712][ T5875] usb 4-1: SerialNumber: syz [ 140.303562][ T5875] usb 4-1: config 0 descriptor?? [ 140.743076][ T5875] gs_usb 4-1:0.0: Configuring for 1 interfaces [ 140.950524][ T5875] gs_usb 4-1:0.0: Couldn't register candev for channel 0 (-EINVAL) [ 141.070067][ T6389] capability: warning: `syz.1.130' uses deprecated v2 capabilities in a way that may be insecure [ 141.104606][ T5875] gs_usb: probe of 4-1:0.0 failed with error -22 [ 141.191975][ T5875] usb 4-1: USB disconnect, device number 3 [ 141.226330][ T6393] netlink: 40 bytes leftover after parsing attributes in process `syz.1.130'. [ 141.342552][ T6394] syz.1.130 (6394): /proc/6388/oom_adj is deprecated, please use /proc/6388/oom_score_adj instead. [ 142.479697][ T6398] tipc: Started in network mode [ 142.560027][ T6398] tipc: Node identity 624964830c3, cluster identity 4711 [ 142.987570][ T6398] tipc: Enabled bearer , priority 0 [ 143.011358][ T6400] syzkaller0: entered promiscuous mode [ 143.028986][ T6400] syzkaller0: entered allmulticast mode [ 143.153011][ T6398] tipc: Resetting bearer [ 143.259992][ T6397] tipc: Resetting bearer [ 143.452752][ T6397] tipc: Disabling bearer [ 145.562354][ T6414] block device autoloading is deprecated and will be removed. [ 146.947397][ T6433] netlink: 'syz.3.141': attribute type 21 has an invalid length. [ 146.955587][ T6433] netlink: 128 bytes leftover after parsing attributes in process `syz.3.141'. [ 146.965264][ T6433] netlink: 'syz.3.141': attribute type 4 has an invalid length. [ 146.972983][ T6433] netlink: 3 bytes leftover after parsing attributes in process `syz.3.141'. [ 148.604606][ T5875] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 148.658102][ T1197] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 148.947465][ T1197] usb 2-1: Using ep0 maxpacket: 32 [ 148.998312][ T5875] usb 1-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 149.007496][ T5875] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 149.009297][ T1197] usb 2-1: config 0 interface 0 has no altsetting 0 [ 149.015521][ T5875] usb 1-1: Product: syz [ 149.015539][ T5875] usb 1-1: Manufacturer: syz [ 149.015553][ T5875] usb 1-1: SerialNumber: syz [ 149.020435][ T5875] usb 1-1: config 0 descriptor?? [ 149.045863][ T5875] ch341 1-1:0.0: ch341-uart converter detected [ 149.048799][ T1197] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 149.061783][ T1197] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 149.071798][ T1197] usb 2-1: Product: syz [ 149.078446][ T1197] usb 2-1: Manufacturer: syz [ 149.083442][ T1197] usb 2-1: SerialNumber: syz [ 149.094600][ T1197] usb 2-1: config 0 descriptor?? [ 149.197842][ T6443] tipc: Started in network mode [ 149.202798][ T6443] tipc: Node identity 92a56c07ec0c, cluster identity 4711 [ 149.211424][ T6443] tipc: Enabled bearer , priority 0 [ 149.219404][ T6443] syzkaller0: entered promiscuous mode [ 149.225195][ T6443] syzkaller0: entered allmulticast mode [ 149.255467][ T6443] tipc: Resetting bearer [ 149.264700][ T6442] tipc: Resetting bearer [ 149.281213][ T6442] tipc: Disabling bearer [ 149.566834][ T1197] gs_usb 2-1:0.0: Configuring for 1 interfaces [ 150.318631][ T1197] gs_usb 2-1:0.0: Couldn't register candev for channel 0 (-EINVAL) [ 150.334617][ T1197] gs_usb: probe of 2-1:0.0 failed with error -22 [ 150.617055][ T5875] usb 1-1: failed to send control message: -71 [ 150.623692][ T5875] ch341-uart: probe of ttyUSB0 failed with error -71 [ 151.276518][ T5875] usb 1-1: USB disconnect, device number 3 [ 151.284472][ T5875] ch341 1-1:0.0: device disconnected [ 151.339846][ T5877] usb 2-1: USB disconnect, device number 3 [ 152.565318][ T6470] netlink: 24 bytes leftover after parsing attributes in process `syz.0.152'. [ 154.143191][ T6483] netlink: 'syz.3.155': attribute type 21 has an invalid length. [ 154.151569][ T6483] netlink: 128 bytes leftover after parsing attributes in process `syz.3.155'. [ 154.161078][ T6483] netlink: 'syz.3.155': attribute type 4 has an invalid length. [ 154.168844][ T6483] netlink: 3 bytes leftover after parsing attributes in process `syz.3.155'. [ 157.064533][ T6492] tipc: Started in network mode [ 157.103252][ T6492] tipc: Node identity 0225d970dad1, cluster identity 4711 [ 157.119053][ T6492] tipc: Enabled bearer , priority 0 [ 157.158683][ T6492] syzkaller0: entered promiscuous mode [ 157.204046][ T6492] syzkaller0: entered allmulticast mode [ 157.359336][ T6492] tipc: Resetting bearer [ 157.393831][ T6490] tipc: Resetting bearer [ 157.467436][ T6490] tipc: Disabling bearer [ 157.964064][ T5842] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 158.219256][ T5842] usb 2-1: Using ep0 maxpacket: 32 [ 158.253318][ T5842] usb 2-1: config 0 interface 0 has no altsetting 0 [ 158.267325][ T5842] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 158.293243][ T5842] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 158.341969][ T5842] usb 2-1: Product: syz [ 158.364815][ T5842] usb 2-1: Manufacturer: syz [ 159.160040][ T5842] usb 2-1: SerialNumber: syz [ 159.228086][ T5842] usb 2-1: config 0 descriptor?? [ 159.918830][ T5842] gs_usb 2-1:0.0: Configuring for 1 interfaces [ 160.144325][ T5842] gs_usb 2-1:0.0: Couldn't register candev for channel 0 (-EINVAL) [ 160.199264][ T5842] gs_usb: probe of 2-1:0.0 failed with error -22 [ 160.395080][ T5877] usb 2-1: USB disconnect, device number 4 [ 166.616509][ T6567] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6) [ 166.623217][ T6567] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 166.631904][ T6567] vhci_hcd vhci_hcd.0: Device attached [ 166.745770][ T6571] autofs4:pid:6571:autofs_fill_super: called with bogus options [ 166.874824][ T786] vhci_hcd: vhci_device speed not set [ 166.934086][ T5842] usb 3-1: new low-speed USB device number 2 using dummy_hcd [ 166.958797][ T786] usb 37-1: new full-speed USB device number 2 using vhci_hcd [ 167.146641][ T5842] usb 3-1: config 0 has no interfaces? [ 167.155109][ T5842] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 167.176360][ T5842] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 167.193561][ T5842] usb 3-1: config 0 descriptor?? [ 167.358993][ T6584] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0 [ 168.197276][ T6568] vhci_hcd: unknown pdu 2 [ 168.216927][ T6585] 8021q: adding VLAN 0 to HW filter on device bond1 [ 168.262665][ T42] vhci_hcd: stop threads [ 168.269356][ T42] vhci_hcd: release socket [ 168.274665][ T42] vhci_hcd: disconnect device [ 168.324100][ T786] vhci_hcd: vhci_device speed not set [ 168.961673][ T5104] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 168.972975][ T5104] CPU: 1 PID: 5104 Comm: kworker/u5:1 Not tainted 6.6.101-syzkaller #0 [ 168.981264][ T5104] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 168.991345][ T5104] Workqueue: hci1 hci_rx_work [ 168.996089][ T5104] Call Trace: [ 168.999424][ T5104] [ 169.002383][ T5104] dump_stack_lvl+0x16c/0x230 [ 169.007077][ T5104] ? show_regs_print_info+0x20/0x20 [ 169.012283][ T5104] ? load_image+0x3b0/0x3b0 [ 169.016811][ T5104] sysfs_create_dir_ns+0x256/0x280 [ 169.021937][ T5104] ? hci_rx_work+0x43a/0xd80 [ 169.026529][ T5104] ? sysfs_warn_dup+0xa0/0xa0 [ 169.031213][ T5104] ? do_raw_spin_unlock+0x121/0x230 [ 169.036423][ T5104] kobject_add_internal+0x6b8/0xc70 [ 169.041647][ T5104] kobject_add+0x156/0x220 [ 169.046069][ T5104] ? __rwlock_init+0x150/0x150 [ 169.050847][ T5104] ? kobject_init+0x1e0/0x1e0 [ 169.055624][ T5104] ? _raw_spin_unlock+0x28/0x40 [ 169.060498][ T5104] ? get_device_parent+0x366/0x390 [ 169.065627][ T5104] device_add+0x408/0xc20 [ 169.069975][ T5104] hci_conn_add_sysfs+0xd5/0x1e0 [ 169.074929][ T5104] le_conn_complete_evt+0xc37/0x1220 [ 169.080229][ T5104] ? hci_event_packet+0x4a7/0x1210 [ 169.085361][ T5104] ? hci_le_big_info_adv_report_evt+0x8e0/0x8e0 [ 169.091611][ T5104] ? __copy_skb_header+0xa7/0x550 [ 169.096669][ T5104] ? __mutex_unlock_slowpath+0x1a2/0x6a0 [ 169.102329][ T5104] ? skb_pull_data+0xfb/0x200 [ 169.107026][ T5104] hci_le_conn_complete_evt+0x187/0x440 [ 169.112589][ T5104] ? hci_remote_host_features_evt+0x160/0x160 [ 169.118669][ T5104] hci_event_packet+0x795/0x1210 [ 169.123622][ T5104] ? bis_list+0x290/0x290 [ 169.127961][ T5104] ? lockdep_hardirqs_on+0x98/0x150 [ 169.133189][ T5104] ? hci_send_to_monitor+0xd7/0x4f0 [ 169.138398][ T5104] hci_rx_work+0x43a/0xd80 [ 169.142824][ T5104] ? process_scheduled_works+0x957/0x15b0 [ 169.148548][ T5104] process_scheduled_works+0xa45/0x15b0 [ 169.154124][ T5104] ? assign_work+0x400/0x400 [ 169.158812][ T5104] ? assign_work+0x39e/0x400 [ 169.163413][ T5104] worker_thread+0xa55/0xfc0 [ 169.168016][ T5104] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 169.173921][ T5104] ? _raw_spin_unlock+0x40/0x40 [ 169.178788][ T5104] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 169.184707][ T5104] kthread+0x2fa/0x390 [ 169.188818][ T5104] ? pr_cont_work+0x560/0x560 [ 169.193499][ T5104] ? kthread_blkcg+0xd0/0xd0 [ 169.198094][ T5104] ret_from_fork+0x48/0x80 [ 169.202542][ T5104] ? kthread_blkcg+0xd0/0xd0 [ 169.207135][ T5104] ret_from_fork_asm+0x11/0x20 [ 169.211914][ T5104] [ 169.219939][ T5104] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 169.234873][ T5104] Bluetooth: hci1: failed to register connection device [ 169.387848][ T23] usb 3-1: USB disconnect, device number 2 [ 173.136934][ T6623] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 176.347902][ T6659] netlink: 12 bytes leftover after parsing attributes in process `syz.0.202'. [ 178.096776][ T6666] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 183.613562][ T6721] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 186.154235][ T27] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 186.374534][ T27] usb 3-1: Using ep0 maxpacket: 32 [ 186.392975][ T27] usb 3-1: config 0 interface 0 has no altsetting 0 [ 186.411169][ T27] usb 3-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 186.420618][ T27] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 186.435683][ T27] usb 3-1: Product: syz [ 186.439946][ T27] usb 3-1: Manufacturer: syz [ 186.449596][ T27] usb 3-1: SerialNumber: syz [ 186.459503][ T27] usb 3-1: config 0 descriptor?? [ 187.638323][ T27] gs_usb 3-1:0.0: Configuring for 1 interfaces [ 188.149553][ T6755] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 188.777479][ T1189] usb 3-1: USB disconnect, device number 3 [ 189.649114][ T6771] random: crng reseeded on system resumption [ 191.424282][ T8] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 191.494410][ T6796] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 191.501004][ T6796] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 191.509248][ T6796] vhci_hcd vhci_hcd.0: Device attached [ 191.634046][ T8] usb 3-1: Using ep0 maxpacket: 32 [ 191.754299][ T786] vhci_hcd: vhci_device speed not set [ 191.804143][ T6312] usb 2-1: new low-speed USB device number 5 using dummy_hcd [ 191.864203][ T786] usb 35-1: new full-speed USB device number 2 using vhci_hcd [ 192.070959][ T6312] usb 2-1: config 0 has no interfaces? [ 192.126745][ T6312] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 192.198209][ T6312] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 192.352203][ T6312] usb 2-1: config 0 descriptor?? [ 192.412850][ T8] usb 3-1: config 0 has an invalid interface number: 146 but max is 0 [ 192.433998][ T8] usb 3-1: config 0 has no interface number 0 [ 192.440140][ T8] usb 3-1: config 0 interface 146 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 192.462243][ T8] usb 3-1: config 0 interface 146 altsetting 0 has an invalid endpoint with address 0xE3, skipping [ 192.475973][ T8] usb 3-1: config 0 interface 146 altsetting 0 has an invalid endpoint with address 0xF2, skipping [ 192.486823][ T8] usb 3-1: config 0 interface 146 altsetting 0 endpoint 0x1 has invalid maxpacket 19968, setting to 1024 [ 192.498200][ T8] usb 3-1: config 0 interface 146 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024 [ 192.508425][ T8] usb 3-1: config 0 interface 146 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 192.524588][ T8] usb 3-1: New USB device found, idVendor=05da, idProduct=009a, bcdDevice=62.95 [ 192.534935][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 192.542972][ T8] usb 3-1: Product: syz [ 192.548371][ T8] usb 3-1: Manufacturer: syz [ 192.553003][ T8] usb 3-1: SerialNumber: syz [ 192.564231][ T8] usb 3-1: config 0 descriptor?? [ 192.570715][ T6774] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 192.578821][ T6774] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 192.629307][ T8] usb 3-1: can't set config #0, error -71 [ 192.638935][ T6797] vhci_hcd: unknown pdu 2 [ 192.656218][ T8] usb 3-1: USB disconnect, device number 4 [ 192.789578][ T786] vhci_hcd: vhci_device speed not set [ 192.894317][ T786] usb 35-1: device descriptor read/64, error -71 [ 193.244466][ T6813] 8021q: adding VLAN 0 to HW filter on device bond1 [ 193.325477][ T786] vhci_hcd: vhci_device speed not set [ 193.525877][ T1070] vhci_hcd: stop threads [ 193.544251][ T786] usb 35-1: new full-speed USB device number 3 using vhci_hcd [ 193.548421][ T6809] ALSA: mixer_oss: invalid OSS volume '' [ 193.677319][ T6809] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 193.739869][ T1070] vhci_hcd: release socket [ 193.872454][ T1070] vhci_hcd: disconnect device [ 194.584216][ T5842] usb 2-1: USB disconnect, device number 5 [ 194.615006][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.621564][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.877400][ T5835] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 195.144245][ T5835] usb 3-1: Using ep0 maxpacket: 32 [ 195.273573][ T5835] usb 3-1: config 0 interface 0 has no altsetting 0 [ 195.359834][ T5835] usb 3-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 195.371895][ T5835] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 195.382077][ T5835] usb 3-1: Product: syz [ 195.389153][ T5835] usb 3-1: Manufacturer: syz [ 195.393990][ T5835] usb 3-1: SerialNumber: syz [ 195.416783][ T5835] usb 3-1: config 0 descriptor?? [ 195.909971][ T5835] gs_usb 3-1:0.0: Configuring for 1 interfaces [ 196.630658][ T5835] usb 3-1: USB disconnect, device number 5 [ 197.664688][ T6864] random: crng reseeded on system resumption [ 198.097118][ T6878] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6) [ 198.103703][ T6878] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 198.111701][ T6878] vhci_hcd vhci_hcd.0: Device attached [ 198.314210][ T6312] vhci_hcd: vhci_device speed not set [ 198.794290][ T6312] usb 37-1: new full-speed USB device number 3 using vhci_hcd [ 198.804099][ T786] vhci_hcd: vhci_device speed not set [ 199.004234][ T8] usb 3-1: new low-speed USB device number 6 using dummy_hcd [ 199.014226][ T5877] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 199.214407][ T5877] usb 1-1: Using ep0 maxpacket: 32 [ 199.223860][ T8] usb 3-1: config 0 has no interfaces? [ 199.233900][ T8] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 199.254269][ T5877] usb 1-1: config 0 has an invalid interface number: 146 but max is 0 [ 199.272626][ T5877] usb 1-1: config 0 has no interface number 0 [ 199.278883][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 199.287465][ T5877] usb 1-1: config 0 interface 146 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 199.302608][ T5877] usb 1-1: config 0 interface 146 altsetting 0 has an invalid endpoint with address 0xE3, skipping [ 199.315555][ T8] usb 3-1: config 0 descriptor?? [ 199.337509][ T5877] usb 1-1: config 0 interface 146 altsetting 0 has an invalid endpoint with address 0xF2, skipping [ 199.348555][ T5877] usb 1-1: config 0 interface 146 altsetting 0 endpoint 0x1 has invalid maxpacket 19968, setting to 1024 [ 199.360162][ T5877] usb 1-1: config 0 interface 146 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024 [ 199.370592][ T5877] usb 1-1: config 0 interface 146 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 199.396415][ T5877] usb 1-1: New USB device found, idVendor=05da, idProduct=009a, bcdDevice=62.95 [ 199.413600][ T5877] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 199.422069][ T5877] usb 1-1: Product: syz [ 199.426680][ T5877] usb 1-1: Manufacturer: syz [ 199.431312][ T5877] usb 1-1: SerialNumber: syz [ 199.449099][ T5877] usb 1-1: config 0 descriptor?? [ 199.455599][ T6866] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 199.468154][ T6866] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 199.496054][ T5877] microtek usb (rev 0.4.3): expecting 3 got 1 endpoints! Bailing out. [ 199.525069][ T6879] vhci_hcd: cannot find a urb of seqnum 1 max seqnum 2 [ 200.506342][ T6902] 8021q: adding VLAN 0 to HW filter on device bond2 [ 200.670673][ T12] vhci_hcd: stop threads [ 200.682192][ T12] vhci_hcd: release socket [ 200.715787][ T6906] ALSA: mixer_oss: invalid OSS volume '' [ 200.729541][ T6906] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 200.739139][ T12] vhci_hcd: disconnect device [ 201.132996][ T8] usb 1-1: USB disconnect, device number 4 [ 201.359492][ T6915] netlink: 256 bytes leftover after parsing attributes in process `syz.3.255'. [ 201.603835][ T786] usb 3-1: USB disconnect, device number 6 [ 204.044578][ T6312] vhci_hcd: vhci_device speed not set [ 204.919343][ T6948] random: crng reseeded on system resumption [ 204.974068][ T6943] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6) [ 204.980629][ T6943] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 204.988833][ T6943] vhci_hcd vhci_hcd.0: Device attached [ 205.184141][ T8] usb 3-1: new low-speed USB device number 7 using dummy_hcd [ 205.294219][ T6312] vhci_hcd: vhci_device speed not set [ 205.374020][ T6312] usb 37-1: new full-speed USB device number 4 using vhci_hcd [ 205.436337][ T8] usb 3-1: config 0 has no interfaces? [ 205.462517][ T8] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 205.504038][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 205.540415][ T8] usb 3-1: config 0 descriptor?? [ 205.760315][ T6949] vhci_hcd: cannot find a urb of seqnum 1 max seqnum 3 [ 205.969471][ T6946] 8021q: adding VLAN 0 to HW filter on device bond3 [ 206.224622][ T1070] vhci_hcd: stop threads [ 206.254526][ T1070] vhci_hcd: release socket [ 206.297954][ T1070] vhci_hcd: disconnect device [ 206.954350][ T5800] Bluetooth: hci0: command 0x0406 tx timeout [ 206.961651][ T5800] Bluetooth: hci3: command 0x0406 tx timeout [ 206.969565][ T5797] Bluetooth: hci1: command 0x0406 tx timeout [ 207.094035][ T5835] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 207.688313][ T8] usb 3-1: USB disconnect, device number 7 [ 208.695405][ T6980] netlink: 4 bytes leftover after parsing attributes in process `syz.0.276'. [ 208.719533][ T6980] netlink: 'syz.0.276': attribute type 10 has an invalid length. [ 208.739502][ T6980] syz_tun: entered promiscuous mode [ 208.786832][ T6980] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 209.662934][ T6988] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 209.669526][ T6988] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 209.707380][ T6988] vhci_hcd vhci_hcd.0: Device attached [ 209.854051][ T5842] usb 1-1: new low-speed USB device number 5 using dummy_hcd [ 210.069125][ T786] vhci_hcd: vhci_device speed not set [ 210.757940][ T786] usb 33-1: new full-speed USB device number 2 using vhci_hcd [ 210.765617][ T6312] vhci_hcd: vhci_device speed not set [ 210.852751][ T6821] libceph: connect (1)[c::]:6789 error -101 [ 210.875389][ T6821] libceph: mon0 (1)[c::]:6789 connect error [ 210.886607][ T5842] usb 1-1: config 0 has no interfaces? [ 210.892126][ T5842] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 210.933550][ T6821] libceph: connect (1)[c::]:6789 error -101 [ 210.955372][ T5842] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 210.975936][ T5842] usb 1-1: config 0 descriptor?? [ 210.983287][ T6821] libceph: mon0 (1)[c::]:6789 connect error [ 211.015500][ T7002] ceph: No mds server is up or the cluster is laggy [ 211.028624][ T7006] netlink: 4 bytes leftover after parsing attributes in process `syz.3.282'. [ 211.265700][ T6993] vhci_hcd: unknown pdu 2 [ 211.354517][ T786] vhci_hcd: vhci_device speed not set [ 212.053820][ T6992] 8021q: adding VLAN 0 to HW filter on device bond1 [ 212.094030][ T786] usb 33-1: device descriptor read/64, error -71 [ 212.094757][ T3505] vhci_hcd: stop threads [ 212.184063][ T3505] vhci_hcd: release socket [ 212.188662][ T3505] vhci_hcd: disconnect device [ 212.324577][ T786] vhci_hcd: vhci_device speed not set [ 213.482239][ T7021] syz.3.287 (7021) used greatest stack depth: 17672 bytes left [ 217.415011][ T7043] netlink: 'syz.3.295': attribute type 10 has an invalid length. [ 217.417723][ T8] usb 1-1: USB disconnect, device number 5 [ 220.273735][ T7078] netlink: 'syz.3.305': attribute type 10 has an invalid length. [ 220.300747][ T7075] netlink: 12 bytes leftover after parsing attributes in process `syz.1.304'. [ 220.671354][ T7086] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 220.677987][ T7086] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 220.685558][ T7086] vhci_hcd vhci_hcd.0: Device attached [ 220.894504][ T5835] vhci_hcd: vhci_device speed not set [ 220.964234][ T8] usb 1-1: new low-speed USB device number 6 using dummy_hcd [ 220.973418][ T5835] usb 33-1: new full-speed USB device number 4 using vhci_hcd [ 221.876667][ T8] usb 1-1: config 0 has no interfaces? [ 221.958168][ T8] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 221.967714][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 221.998740][ T8] usb 1-1: config 0 descriptor?? [ 222.252345][ T7088] vhci_hcd: cannot find a urb of seqnum 1 max seqnum 2 [ 223.442296][ T7097] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR [ 223.548103][ T8] usb 1-1: USB disconnect, device number 6 [ 223.604020][ T1137] vhci_hcd: stop threads [ 223.609196][ T1137] vhci_hcd: release socket [ 223.625926][ T1137] vhci_hcd: disconnect device [ 225.341506][ T7111] netlink: 'syz.3.315': attribute type 10 has an invalid length. [ 226.235424][ T5835] vhci_hcd: vhci_device speed not set [ 229.035905][ T7142] netlink: 'syz.3.326': attribute type 10 has an invalid length. [ 230.777710][ T7157] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 230.934134][ T1189] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 231.154115][ T1189] usb 2-1: Using ep0 maxpacket: 32 [ 231.187467][ T1189] usb 2-1: config 0 interface 0 has no altsetting 0 [ 231.217072][ T1189] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 231.232461][ T1189] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 231.244449][ T1189] usb 2-1: Product: syz [ 231.248695][ T1189] usb 2-1: Manufacturer: syz [ 231.258800][ T1189] usb 2-1: SerialNumber: syz [ 231.268249][ T1189] usb 2-1: config 0 descriptor?? [ 232.454197][ T1189] gs_usb 2-1:0.0: Configuring for 198 interfaces [ 232.514395][ T1189] gs_usb 2-1:0.0: Driver cannot handle more that 3 CAN interfaces [ 232.522272][ T1189] gs_usb: probe of 2-1:0.0 failed with error -22 [ 233.940299][ T6821] usb 2-1: USB disconnect, device number 6 [ 234.050682][ T7175] netlink: 'syz.0.335': attribute type 10 has an invalid length. [ 239.094395][ T7209] netlink: 28 bytes leftover after parsing attributes in process `syz.3.346'. [ 239.317287][ T7212] netlink: 'syz.3.346': attribute type 10 has an invalid length. [ 242.017913][ T7240] netlink: 'syz.0.353': attribute type 21 has an invalid length. [ 242.034517][ T7240] netlink: 'syz.0.353': attribute type 1 has an invalid length. [ 242.043186][ T7240] netlink: 144 bytes leftover after parsing attributes in process `syz.0.353'. [ 244.177400][ T7246] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 244.189600][ T7246] ubi31: attaching mtd0 [ 244.196608][ T7246] ubi31: scanning is finished [ 244.201318][ T7246] ubi31: empty MTD device detected [ 244.460902][ T7246] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 244.469575][ T7246] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 244.477072][ T7246] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 244.484268][ T7246] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 244.491747][ T7246] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 244.498780][ T7246] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 244.506926][ T7246] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 2897851344 [ 244.517088][ T7246] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 244.552776][ T7247] ubi31: background thread "ubi_bgt31d" started, PID 7247 [ 244.726019][ T7249] netlink: 28 bytes leftover after parsing attributes in process `syz.2.356'. [ 244.857916][ T7249] netlink: 'syz.2.356': attribute type 10 has an invalid length. [ 252.114338][ T6312] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 252.846106][ T1189] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 253.608672][ T1189] usb 4-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 253.638609][ T1189] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 253.723343][ T6312] usb 3-1: Using ep0 maxpacket: 32 [ 253.730419][ T6312] usb 3-1: config index 0 descriptor too short (expected 156, got 27) [ 253.746739][ T6312] usb 3-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 253.757936][ T1189] usb 4-1: Product: syz [ 253.757972][ T1189] usb 4-1: Manufacturer: syz [ 253.758041][ T1189] usb 4-1: SerialNumber: syz [ 253.800805][ T6312] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 253.809623][ T1189] usb 4-1: config 0 descriptor?? [ 253.824260][ T6312] usb 3-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 253.835759][ T1189] ch341 4-1:0.0: ch341-uart converter detected [ 253.856837][ T6312] usb 3-1: config 0 interface 0 has no altsetting 0 [ 253.869003][ T6312] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 253.883564][ T6312] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 253.897487][ T6312] usb 3-1: Product: syz [ 253.901680][ T6312] usb 3-1: Manufacturer: syz [ 253.907726][ T6312] usb 3-1: SerialNumber: syz [ 254.150154][ T6312] usb 3-1: config 0 descriptor?? [ 254.177092][ T6312] ldusb 3-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 254.195002][ T1189] usb 4-1: failed to receive control message: -32 [ 254.467607][ T6312] ldusb 3-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 254.467841][ T1189] ch341-uart: probe of ttyUSB0 failed with error -32 [ 255.111365][ T7332] ALSA: mixer_oss: invalid OSS volume '' [ 255.135054][ T7332] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 256.200945][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.207547][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.654940][ T786] usb 4-1: USB disconnect, device number 5 [ 256.670486][ T1189] usb 3-1: USB disconnect, device number 8 [ 256.702554][ T786] ch341 4-1:0.0: device disconnected [ 256.710587][ T1189] ldusb 3-1:0.0: LD USB Device #0 now disconnected [ 257.110377][ T7342] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 257.129811][ T7342] ubi: mtd0 is already attached to ubi31 [ 261.214189][ T6312] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 261.432626][ T6312] usb 3-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 261.470223][ T6312] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 261.505352][ T6312] usb 3-1: Product: syz [ 261.513821][ T6312] usb 3-1: Manufacturer: syz [ 261.522355][ T6312] usb 3-1: SerialNumber: syz [ 261.695319][ T6312] usb 3-1: config 0 descriptor?? [ 261.900996][ T6312] ch341 3-1:0.0: ch341-uart converter detected [ 262.201143][ T6312] usb 3-1: failed to receive control message: -32 [ 262.210800][ T6312] ch341-uart: probe of ttyUSB0 failed with error -32 [ 263.363855][ T5842] usb 3-1: USB disconnect, device number 9 [ 263.373013][ T5842] ch341 3-1:0.0: device disconnected [ 266.451925][ T6312] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 267.123941][ T6312] usb 3-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 267.143333][ T6312] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 267.174131][ T6312] usb 3-1: Product: syz [ 267.188605][ T6312] usb 3-1: Manufacturer: syz [ 267.193256][ T6312] usb 3-1: SerialNumber: syz [ 267.230516][ T6312] usb 3-1: config 0 descriptor?? [ 267.261843][ T6312] ch341 3-1:0.0: ch341-uart converter detected [ 267.489772][ T6312] usb 3-1: failed to receive control message: -32 [ 267.504486][ T6312] ch341-uart: probe of ttyUSB0 failed with error -32 [ 268.762201][ T8] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 269.011388][ T8] usb 1-1: Using ep0 maxpacket: 32 [ 269.059485][ T8] usb 1-1: config index 0 descriptor too short (expected 156, got 27) [ 269.178727][ T8] usb 1-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 269.197395][ T8] usb 1-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 269.211018][ T8] usb 1-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 269.220258][ T23] usb 3-1: USB disconnect, device number 10 [ 269.232333][ T8] usb 1-1: config 0 interface 0 has no altsetting 0 [ 269.242954][ T23] ch341 3-1:0.0: device disconnected [ 269.268733][ T8] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 269.282436][ T8] usb 1-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 269.295456][ T8] usb 1-1: Product: syz [ 269.299944][ T8] usb 1-1: Manufacturer: syz [ 269.305319][ T8] usb 1-1: SerialNumber: syz [ 269.312852][ T8] usb 1-1: config 0 descriptor?? [ 269.322965][ T8] ldusb 1-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 269.341616][ T8] ldusb 1-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 270.827562][ T1189] usb 1-1: USB disconnect, device number 7 [ 271.438139][ T1189] ldusb 1-1:0.0: LD USB Device #0 now disconnected [ 271.824456][ T5835] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 272.096476][ T5835] usb 2-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 272.189310][ T5835] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 272.296046][ T5835] usb 2-1: Product: syz [ 272.352259][ T5835] usb 2-1: Manufacturer: syz [ 272.411989][ T5835] usb 2-1: SerialNumber: syz [ 272.498831][ T5835] usb 2-1: config 0 descriptor?? [ 272.540966][ T5835] ch341 2-1:0.0: ch341-uart converter detected [ 272.919033][ T5835] usb 2-1: failed to receive control message: -32 [ 273.030776][ T5835] ch341-uart: probe of ttyUSB0 failed with error -32 [ 273.054473][ T786] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 273.265063][ T786] usb 1-1: Using ep0 maxpacket: 32 [ 273.277741][ T786] usb 1-1: config 0 interface 0 has no altsetting 0 [ 273.294950][ T786] usb 1-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 273.312340][ T786] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 273.320503][ T786] usb 1-1: Product: syz [ 273.329344][ T786] usb 1-1: Manufacturer: syz [ 273.334121][ T786] usb 1-1: SerialNumber: syz [ 273.345535][ T786] usb 1-1: config 0 descriptor?? [ 273.361399][ T786] gs_usb 1-1:0.0: Required endpoints not found [ 273.456027][ T7475] netlink: 12 bytes leftover after parsing attributes in process `syz.2.422'. [ 275.005776][ T786] usb 2-1: USB disconnect, device number 7 [ 275.020365][ T786] ch341 2-1:0.0: device disconnected [ 275.608931][ T5835] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 275.954024][ T5835] usb 2-1: Using ep0 maxpacket: 32 [ 275.965335][ T1189] usb 1-1: USB disconnect, device number 8 [ 275.984946][ T5835] usb 2-1: config index 0 descriptor too short (expected 156, got 27) [ 275.995513][ T5835] usb 2-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 276.007846][ T5835] usb 2-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 276.022410][ T5835] usb 2-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 276.037068][ T5835] usb 2-1: config 0 interface 0 has no altsetting 0 [ 276.046571][ T5835] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 276.056156][ T5835] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 276.064731][ T5835] usb 2-1: Product: syz [ 276.069030][ T5835] usb 2-1: Manufacturer: syz [ 276.073724][ T5835] usb 2-1: SerialNumber: syz [ 276.081830][ T5835] usb 2-1: config 0 descriptor?? [ 276.090984][ T5835] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 276.110820][ T5835] ldusb 2-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 276.194542][ T7501] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 277.529319][ T1189] usb 2-1: USB disconnect, device number 8 [ 277.541159][ T1189] ldusb 2-1:0.0: LD USB Device #0 now disconnected [ 278.104148][ T1189] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 278.344025][ T1189] usb 1-1: Using ep0 maxpacket: 32 [ 278.384943][ T1189] usb 1-1: config 0 has an invalid interface number: 184 but max is 0 [ 278.413541][ T1189] usb 1-1: config 0 has no interface number 0 [ 278.478671][ T1189] usb 1-1: config 0 interface 184 has no altsetting 0 [ 278.515000][ T1189] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 278.547383][ T1189] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 278.556045][ T1189] usb 1-1: Product: syz [ 278.563034][ T1189] usb 1-1: Manufacturer: syz [ 278.578884][ T1189] usb 1-1: SerialNumber: syz [ 278.602476][ T1189] usb 1-1: config 0 descriptor?? [ 278.631373][ T1189] smsc75xx v1.0.0 [ 278.641307][ T1189] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 278.666161][ T1189] smsc75xx: probe of 1-1:0.184 failed with error -22 [ 280.403678][ T7532] bond2: entered allmulticast mode [ 280.411180][ T7532] 8021q: adding VLAN 0 to HW filter on device bond2 [ 281.234111][ T1189] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 281.715867][ T1189] usb 2-1: Using ep0 maxpacket: 32 [ 281.850622][ T1189] usb 2-1: config 0 interface 0 has no altsetting 0 [ 281.868206][ T1189] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 281.886160][ T1189] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 281.898835][ T1189] usb 2-1: Product: syz [ 281.903073][ T1189] usb 2-1: Manufacturer: syz [ 281.908211][ T1189] usb 2-1: SerialNumber: syz [ 281.932268][ T1189] usb 2-1: config 0 descriptor?? [ 281.954816][ T1189] gs_usb 2-1:0.0: Required endpoints not found [ 282.506996][ T7545] netlink: 24 bytes leftover after parsing attributes in process `syz.2.442'. [ 282.569100][ T23] usb 1-1: USB disconnect, device number 9 [ 283.524754][ T7545] fscrypt: Error allocating hmac(sha512): -2 [ 283.742901][ T7567] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 284.421887][ T8] usb 2-1: USB disconnect, device number 9 [ 285.024064][ T1189] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 285.314291][ T1189] usb 2-1: Using ep0 maxpacket: 16 [ 285.364798][ T1189] usb 2-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 285.395817][ T1189] usb 2-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 285.456301][ T1189] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 285.594120][ T1189] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 285.625323][ T1189] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 285.721431][ T1189] usb 2-1: Product: syz [ 285.837477][ T1189] usb 2-1: Manufacturer: syz [ 285.843964][ T1189] usb 2-1: SerialNumber: syz [ 288.549928][ T1189] usb 2-1: 0:2 : does not exist [ 288.679556][ T1189] usb 2-1: USB disconnect, device number 10 [ 289.317758][ T5950] udevd[5950]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 289.456780][ T7596] sch_tbf: burst 19360 is lower than device lo mtu (65550) ! [ 289.542078][ T7598] bond0: (slave syz_tun): Releasing backup interface [ 289.569502][ T7598] bridge_slave_0: left allmulticast mode [ 289.580735][ T7598] bridge_slave_0: left promiscuous mode [ 289.606675][ T7598] bridge0: port 1(bridge_slave_0) entered disabled state [ 289.993321][ T7598] bridge_slave_1: left allmulticast mode [ 290.044192][ T7598] bridge_slave_1: left promiscuous mode [ 290.051559][ T7598] bridge0: port 2(bridge_slave_1) entered disabled state [ 290.119478][ T7598] bond0: (slave bond_slave_0): Releasing backup interface [ 290.170152][ T7598] bond0: (slave bond_slave_1): Releasing backup interface [ 290.228585][ T7598] team0: Port device team_slave_0 removed [ 290.258605][ T7598] team0: Port device team_slave_1 removed [ 290.270579][ T7598] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 290.279627][ T7598] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 290.297110][ T7598] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 290.313042][ T7598] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 290.342311][ T7603] team_slave_0: entered promiscuous mode [ 290.348358][ T7603] team_slave_1: entered promiscuous mode [ 290.362730][ T7603] vlan2: entered promiscuous mode [ 290.367953][ T7603] team0: entered promiscuous mode [ 290.421042][ T3505] bond0: (slave bond_slave_0): interface is now down [ 290.428786][ T3505] bond0: (slave bond_slave_1): interface is now down [ 290.439389][ T3505] bond0: (slave syz_tun): interface is now down [ 290.454277][ T1189] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 290.462056][ T3505] bond0: now running without any active interface! [ 290.644195][ T1189] usb 3-1: Using ep0 maxpacket: 32 [ 290.652279][ T1189] usb 3-1: config 0 interface 0 has no altsetting 0 [ 290.661061][ T1189] usb 3-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 290.670188][ T1189] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 290.678676][ T1189] usb 3-1: Product: syz [ 290.682882][ T1189] usb 3-1: Manufacturer: syz [ 290.687670][ T1189] usb 3-1: SerialNumber: syz [ 290.694306][ T1189] usb 3-1: config 0 descriptor?? [ 290.706396][ T1189] gs_usb 3-1:0.0: Required endpoints not found [ 290.804216][ T23] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 291.015066][ T23] usb 1-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 291.046234][ T23] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 291.073343][ T23] usb 1-1: Product: syz [ 291.078933][ T23] usb 1-1: Manufacturer: syz [ 291.083570][ T23] usb 1-1: SerialNumber: syz [ 291.093014][ T23] usb 1-1: config 0 descriptor?? [ 291.106952][ T23] ch341 1-1:0.0: ch341-uart converter detected [ 291.319754][ T23] usb 1-1: failed to receive control message: -121 [ 291.336210][ T23] ch341-uart: probe of ttyUSB0 failed with error -121 [ 293.094532][ T1189] usb 3-1: USB disconnect, device number 11 [ 293.935865][ T8] usb 1-1: USB disconnect, device number 10 [ 293.943145][ T8] ch341 1-1:0.0: device disconnected [ 294.287482][ T7648] netlink: 'syz.1.472': attribute type 6 has an invalid length. [ 294.775542][ T23] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 295.764426][ T23] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 295.793947][ T23] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 295.827417][ T23] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 295.850979][ T23] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 295.877468][ T23] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 296.077589][ T23] usb 1-1: config 0 descriptor?? [ 296.592274][ T23] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 296.601858][ T23] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 296.610379][ T23] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 296.618086][ T23] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 296.626198][ T23] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 296.633624][ T23] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 296.641406][ T23] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 296.649605][ T23] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 296.662997][ T23] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 296.670689][ T23] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 296.678424][ T23] plantronics 0003:047F:FFFF.0001: unbalanced collection at end of report description [ 296.689688][ T23] plantronics 0003:047F:FFFF.0001: parse failed [ 296.696295][ T23] plantronics: probe of 0003:047F:FFFF.0001 failed with error -22 [ 296.797420][ T8] usb 1-1: USB disconnect, device number 11 [ 298.694384][ T3505] bond0: (slave bond_slave_0): interface is now down [ 298.732835][ T3505] bond0: (slave bond_slave_1): interface is now down [ 298.749518][ T3505] bond0: (slave syz_tun): interface is now down [ 298.802636][ T3505] bond0: now running without any active interface! [ 299.551062][ T7687] netlink: 24 bytes leftover after parsing attributes in process `syz.1.484'. [ 299.775942][ T7694] warning: `syz.0.485' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 303.741191][ T7724] netlink: 24 bytes leftover after parsing attributes in process `syz.0.496'. [ 303.848807][ T7728] bpq0: entered promiscuous mode [ 303.853863][ T7728] bpq0: left allmulticast mode [ 303.954008][ T23] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 303.964051][ T1189] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 304.164375][ T23] usb 3-1: Using ep0 maxpacket: 16 [ 304.209287][ T23] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 304.287576][ T23] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 304.339415][ T23] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 304.405612][ T23] usb 3-1: Product: syz [ 304.434218][ T23] usb 3-1: Manufacturer: syz [ 304.468379][ T23] usb 3-1: SerialNumber: syz [ 304.570924][ T23] usb 3-1: config 0 descriptor?? [ 304.630017][ T23] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 304.693964][ T23] em28xx 3-1:0.0: DVB interface 0 found: bulk [ 304.799636][ T1189] usb 4-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 304.812580][ T1189] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 304.821974][ T1189] usb 4-1: Product: syz [ 304.834159][ T1189] usb 4-1: Manufacturer: syz [ 304.838798][ T1189] usb 4-1: SerialNumber: syz [ 304.856831][ T1189] usb 4-1: config 0 descriptor?? [ 304.873390][ T1189] ch341 4-1:0.0: ch341-uart converter detected [ 304.993991][ T5842] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 305.078499][ T1189] usb 4-1: failed to receive control message: -121 [ 305.094258][ T1189] ch341-uart: probe of ttyUSB0 failed with error -121 [ 305.173953][ T5842] usb 1-1: Using ep0 maxpacket: 32 [ 305.180927][ T5842] usb 1-1: config 0 interface 0 has no altsetting 0 [ 305.191699][ T5842] usb 1-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 305.200973][ T5842] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 305.209211][ T5842] usb 1-1: Product: syz [ 305.213444][ T5842] usb 1-1: Manufacturer: syz [ 305.218151][ T5842] usb 1-1: SerialNumber: syz [ 305.225778][ T5842] usb 1-1: config 0 descriptor?? [ 305.232834][ T5842] gs_usb 1-1:0.0: Required endpoints not found [ 305.261589][ T23] em28xx 3-1:0.0: unknown em28xx chip ID (0) [ 305.699970][ T23] em28xx 3-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 305.712682][ T23] em28xx 3-1:0.0: board has no eeprom [ 306.740793][ T5835] usb 4-1: USB disconnect, device number 6 [ 306.758534][ T5835] ch341 4-1:0.0: device disconnected [ 306.890305][ T7719] em28xx 3-1:0.0: writing to i2c device at 0x8 failed (error=-5) [ 307.194756][ C1] ================================================================== [ 307.202877][ C1] BUG: KASAN: slab-use-after-free in rose_timer_expiry+0x46a/0x4b0 [ 307.210773][ C1] Read of size 2 at addr ffff888024311c2a by task syz.1.501/7753 [ 307.218481][ C1] [ 307.220799][ C1] CPU: 1 PID: 7753 Comm: syz.1.501 Not tainted 6.6.101-syzkaller #0 [ 307.228763][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 307.238818][ C1] Call Trace: [ 307.242091][ C1] [ 307.244950][ C1] dump_stack_lvl+0x16c/0x230 [ 307.249648][ C1] ? __lock_acquire+0x7c80/0x7c80 [ 307.254669][ C1] ? show_regs_print_info+0x20/0x20 [ 307.259859][ C1] ? load_image+0x3b0/0x3b0 [ 307.264361][ C1] ? _raw_spin_lock_irqsave+0xb4/0xf0 [ 307.269734][ C1] ? __virt_addr_valid+0x18c/0x540 [ 307.274840][ C1] ? __virt_addr_valid+0x469/0x540 [ 307.279947][ C1] print_report+0xac/0x220 [ 307.284359][ C1] ? rose_timer_expiry+0x46a/0x4b0 [ 307.289480][ C1] kasan_report+0x117/0x150 [ 307.293996][ C1] ? rose_timer_expiry+0x46a/0x4b0 [ 307.299105][ C1] rose_timer_expiry+0x46a/0x4b0 [ 307.304055][ C1] call_timer_fn+0x16e/0x530 [ 307.308653][ C1] ? rose_start_t1timer+0xd0/0xd0 [ 307.313675][ C1] ? call_timer_fn+0xbf/0x530 [ 307.318354][ C1] ? __run_timers+0x7d0/0x7d0 [ 307.323026][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 307.328222][ C1] ? lockdep_hardirqs_on+0x98/0x150 [ 307.333416][ C1] ? rose_start_t1timer+0xd0/0xd0 [ 307.338435][ C1] __run_timers+0x52d/0x7d0 [ 307.342958][ C1] ? detach_timer+0x2b0/0x2b0 [ 307.347637][ C1] ? lock_chain_count+0x20/0x20 [ 307.352481][ C1] run_timer_softirq+0x67/0xf0 [ 307.357235][ C1] handle_softirqs+0x280/0x820 [ 307.361992][ C1] ? __irq_exit_rcu+0xc7/0x190 [ 307.366746][ C1] ? do_softirq+0x180/0x180 [ 307.371252][ C1] __irq_exit_rcu+0xc7/0x190 [ 307.375848][ C1] ? irq_exit_rcu+0x20/0x20 [ 307.380346][ C1] irq_exit_rcu+0x9/0x20 [ 307.384582][ C1] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 307.390214][ C1] [ 307.393151][ C1] [ 307.396085][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 307.402066][ C1] RIP: 0010:__might_resched+0x179/0x610 [ 307.407632][ C1] Code: 03 43 0f b6 04 2c 84 c0 0f 85 45 03 00 00 41 8b 06 c1 e0 08 44 01 f8 3b 44 24 2c 75 61 48 c7 84 24 a0 00 00 00 00 00 00 00 9c <8f> 84 24 a0 00 00 00 f6 84 24 a1 00 00 00 02 74 43 4c 8d 7a 2c 4c [ 307.427232][ C1] RSP: 0018:ffffc9000fccfb18 EFLAGS: 00000246 [ 307.433307][ C1] RAX: 0000000000000000 RBX: 1ffff92001f99f6c RCX: 6aa797a2f8249d00 [ 307.441293][ C1] RDX: ffff888018759e00 RSI: ffffffff8aaacbc0 RDI: ffffffff8afc6780 [ 307.449256][ C1] RBP: ffffc9000fccfc38 R08: ffffc9000fccf687 R09: 1ffff92001f99ed0 [ 307.457218][ C1] R10: dffffc0000000000 R11: fffff52001f99ed1 R12: 1ffff110030eb447 [ 307.465185][ C1] R13: dffffc0000000000 R14: ffff88801875a23c R15: 0000000000000000 [ 307.473157][ C1] ? __might_sleep+0xe0/0xe0 [ 307.477744][ C1] ? __lock_acquire+0x7c80/0x7c80 [ 307.482764][ C1] __might_fault+0x71/0x120 [ 307.487264][ C1] do_recvmmsg+0x389/0x7d0 [ 307.491700][ C1] ? __sys_recvmmsg+0x280/0x280 [ 307.496586][ C1] ? __ia32_sys_get_robust_list+0x90/0x90 [ 307.502300][ C1] ? rcu_read_lock_sched_held+0x8a/0x100 [ 307.507929][ C1] __x64_sys_recvmmsg+0x191/0x240 [ 307.512961][ C1] ? do_recvmmsg+0x7d0/0x7d0 [ 307.517545][ C1] ? lockdep_hardirqs_on+0x98/0x150 [ 307.522745][ C1] do_syscall_64+0x55/0xb0 [ 307.527157][ C1] ? clear_bhb_loop+0x40/0x90 [ 307.531825][ C1] ? clear_bhb_loop+0x40/0x90 [ 307.536492][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 307.542396][ C1] RIP: 0033:0x7fce9658ebe9 [ 307.546830][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 307.566444][ C1] RSP: 002b:00007fce973ee038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 307.574853][ C1] RAX: ffffffffffffffda RBX: 00007fce967b6090 RCX: 00007fce9658ebe9 [ 307.582829][ C1] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000006 [ 307.590793][ C1] RBP: 00007fce96611e19 R08: 0000000000000000 R09: 0000000000000000 [ 307.598771][ C1] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 307.606736][ C1] R13: 00007fce967b6128 R14: 00007fce967b6090 R15: 00007fff40a2ce48 [ 307.614726][ C1] [ 307.617742][ C1] [ 307.620054][ C1] Allocated by task 5917: [ 307.624375][ C1] kasan_set_track+0x4e/0x70 [ 307.628978][ C1] __kasan_kmalloc+0x8f/0xa0 [ 307.633565][ C1] rose_add_node+0x23a/0xdd0 [ 307.638187][ C1] rose_rt_ioctl+0xa42/0xfb0 [ 307.642766][ C1] rose_ioctl+0x3cf/0x8b0 [ 307.647085][ C1] sock_do_ioctl+0xd7/0x2f0 [ 307.651593][ C1] sock_ioctl+0x623/0x7a0 [ 307.655954][ C1] __se_sys_ioctl+0xfd/0x170 [ 307.660539][ C1] do_syscall_64+0x55/0xb0 [ 307.664953][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 307.670843][ C1] [ 307.673160][ C1] Freed by task 7728: [ 307.677123][ C1] kasan_set_track+0x4e/0x70 [ 307.681706][ C1] kasan_save_free_info+0x2e/0x50 [ 307.686729][ C1] ____kasan_slab_free+0x126/0x1e0 [ 307.691831][ C1] slab_free_freelist_hook+0x130/0x1b0 [ 307.697276][ C1] __kmem_cache_free+0xba/0x1f0 [ 307.702161][ C1] rose_rt_device_down+0x43d/0x490 [ 307.707276][ C1] rose_device_event+0x604/0x690 [ 307.712210][ C1] notifier_call_chain+0x197/0x390 [ 307.717312][ C1] __dev_notify_flags+0x18e/0x2e0 [ 307.722329][ C1] dev_change_flags+0xe8/0x1a0 [ 307.727107][ C1] dev_ifsioc+0x6a7/0xe20 [ 307.731425][ C1] dev_ioctl+0x7e2/0x1170 [ 307.735746][ C1] sock_do_ioctl+0x226/0x2f0 [ 307.740350][ C1] sock_ioctl+0x623/0x7a0 [ 307.744681][ C1] __se_sys_ioctl+0xfd/0x170 [ 307.749272][ C1] do_syscall_64+0x55/0xb0 [ 307.753712][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 307.759613][ C1] [ 307.761933][ C1] The buggy address belongs to the object at ffff888024311c00 [ 307.761933][ C1] which belongs to the cache kmalloc-512 of size 512 [ 307.776067][ C1] The buggy address is located 42 bytes inside of [ 307.776067][ C1] freed 512-byte region [ffff888024311c00, ffff888024311e00) [ 307.789777][ C1] [ 307.792093][ C1] The buggy address belongs to the physical page: [ 307.798507][ C1] page:ffffea000090c400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x24310 [ 307.808656][ C1] head:ffffea000090c400 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 307.817585][ C1] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 307.825569][ C1] page_type: 0xffffffff() [ 307.829903][ C1] raw: 00fff00000000840 ffff888017841c80 ffffea000170af00 dead000000000002 [ 307.838499][ C1] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 307.847101][ C1] page dumped because: kasan: bad access detected [ 307.853516][ C1] page_owner tracks the page as allocated [ 307.859234][ C1] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1339, tgid 1339 (kworker/u4:3), ts 9439690449, free_ts 0 [ 307.879641][ C1] post_alloc_hook+0x1cd/0x210 [ 307.884411][ C1] get_page_from_freelist+0x195c/0x19f0 [ 307.889959][ C1] __alloc_pages+0x1e3/0x460 [ 307.894546][ C1] alloc_slab_page+0x5d/0x170 [ 307.899229][ C1] new_slab+0x87/0x2e0 [ 307.903301][ C1] ___slab_alloc+0xc6d/0x12f0 [ 307.907984][ C1] __kmem_cache_alloc_node+0x1a2/0x260 [ 307.913458][ C1] kmalloc_trace+0x2a/0xe0 [ 307.917873][ C1] alloc_bprm+0x56/0x9c0 [ 307.922111][ C1] kernel_execve+0x98/0x9c0 [ 307.926612][ C1] call_usermodehelper_exec_async+0x20b/0x350 [ 307.932677][ C1] ret_from_fork+0x48/0x80 [ 307.937083][ C1] ret_from_fork_asm+0x11/0x20 [ 307.941846][ C1] page_owner free stack trace missing [ 307.947219][ C1] [ 307.949572][ C1] Memory state around the buggy address: [ 307.955222][ C1] ffff888024311b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 307.963294][ C1] ffff888024311b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 307.971350][ C1] >ffff888024311c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 307.979400][ C1] ^ [ 307.984767][ C1] ffff888024311c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 307.992834][ C1] ffff888024311d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 308.000895][ C1] ================================================================== [ 308.008984][ C1] sched: RT throttling activated [ 308.009032][ C1] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 308.021137][ C1] CPU: 1 PID: 7753 Comm: syz.1.501 Not tainted 6.6.101-syzkaller #0 [ 308.029102][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 308.039149][ C1] Call Trace: [ 308.042424][ C1] [ 308.045271][ C1] dump_stack_lvl+0x16c/0x230 [ 308.049951][ C1] ? show_regs_print_info+0x20/0x20 [ 308.055161][ C1] ? load_image+0x3b0/0x3b0 [ 308.059683][ C1] panic+0x2c0/0x710 [ 308.063585][ C1] ? bpf_jit_dump+0xd0/0xd0 [ 308.068128][ C1] ? _raw_spin_unlock_irqrestore+0xa9/0x110 [ 308.074051][ C1] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 308.079942][ C1] ? _raw_spin_unlock+0x40/0x40 [ 308.084788][ C1] ? print_memory_metadata+0x314/0x400 [ 308.090244][ C1] ? rose_timer_expiry+0x46a/0x4b0 [ 308.095355][ C1] check_panic_on_warn+0x84/0xa0 [ 308.100293][ C1] ? rose_timer_expiry+0x46a/0x4b0 [ 308.105403][ C1] end_report+0x6f/0x140 [ 308.109642][ C1] kasan_report+0x128/0x150 [ 308.114159][ C1] ? rose_timer_expiry+0x46a/0x4b0 [ 308.119272][ C1] rose_timer_expiry+0x46a/0x4b0 [ 308.124205][ C1] call_timer_fn+0x16e/0x530 [ 308.128807][ C1] ? rose_start_t1timer+0xd0/0xd0 [ 308.133834][ C1] ? call_timer_fn+0xbf/0x530 [ 308.138518][ C1] ? __run_timers+0x7d0/0x7d0 [ 308.143187][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 308.148384][ C1] ? lockdep_hardirqs_on+0x98/0x150 [ 308.153587][ C1] ? rose_start_t1timer+0xd0/0xd0 [ 308.158610][ C1] __run_timers+0x52d/0x7d0 [ 308.163115][ C1] ? detach_timer+0x2b0/0x2b0 [ 308.167785][ C1] ? lock_chain_count+0x20/0x20 [ 308.172628][ C1] run_timer_softirq+0x67/0xf0 [ 308.177384][ C1] handle_softirqs+0x280/0x820 [ 308.182152][ C1] ? __irq_exit_rcu+0xc7/0x190 [ 308.186914][ C1] ? do_softirq+0x180/0x180 [ 308.191409][ C1] __irq_exit_rcu+0xc7/0x190 [ 308.196016][ C1] ? irq_exit_rcu+0x20/0x20 [ 308.200511][ C1] irq_exit_rcu+0x9/0x20 [ 308.204777][ C1] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 308.210431][ C1] [ 308.213356][ C1] [ 308.216278][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 308.222279][ C1] RIP: 0010:__might_resched+0x179/0x610 [ 308.227845][ C1] Code: 03 43 0f b6 04 2c 84 c0 0f 85 45 03 00 00 41 8b 06 c1 e0 08 44 01 f8 3b 44 24 2c 75 61 48 c7 84 24 a0 00 00 00 00 00 00 00 9c <8f> 84 24 a0 00 00 00 f6 84 24 a1 00 00 00 02 74 43 4c 8d 7a 2c 4c [ 308.247440][ C1] RSP: 0018:ffffc9000fccfb18 EFLAGS: 00000246 [ 308.253499][ C1] RAX: 0000000000000000 RBX: 1ffff92001f99f6c RCX: 6aa797a2f8249d00 [ 308.261467][ C1] RDX: ffff888018759e00 RSI: ffffffff8aaacbc0 RDI: ffffffff8afc6780 [ 308.269434][ C1] RBP: ffffc9000fccfc38 R08: ffffc9000fccf687 R09: 1ffff92001f99ed0 [ 308.277397][ C1] R10: dffffc0000000000 R11: fffff52001f99ed1 R12: 1ffff110030eb447 [ 308.285363][ C1] R13: dffffc0000000000 R14: ffff88801875a23c R15: 0000000000000000 [ 308.293340][ C1] ? __might_sleep+0xe0/0xe0 [ 308.297928][ C1] ? __lock_acquire+0x7c80/0x7c80 [ 308.302949][ C1] __might_fault+0x71/0x120 [ 308.307457][ C1] do_recvmmsg+0x389/0x7d0 [ 308.311873][ C1] ? __sys_recvmmsg+0x280/0x280 [ 308.316723][ C1] ? __ia32_sys_get_robust_list+0x90/0x90 [ 308.322431][ C1] ? rcu_read_lock_sched_held+0x8a/0x100 [ 308.328083][ C1] __x64_sys_recvmmsg+0x191/0x240 [ 308.333105][ C1] ? do_recvmmsg+0x7d0/0x7d0 [ 308.337713][ C1] ? lockdep_hardirqs_on+0x98/0x150 [ 308.342925][ C1] do_syscall_64+0x55/0xb0 [ 308.347343][ C1] ? clear_bhb_loop+0x40/0x90 [ 308.352011][ C1] ? clear_bhb_loop+0x40/0x90 [ 308.356689][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 308.362594][ C1] RIP: 0033:0x7fce9658ebe9 [ 308.367002][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 308.386605][ C1] RSP: 002b:00007fce973ee038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 308.395013][ C1] RAX: ffffffffffffffda RBX: 00007fce967b6090 RCX: 00007fce9658ebe9 [ 308.402978][ C1] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000006 [ 308.410949][ C1] RBP: 00007fce96611e19 R08: 0000000000000000 R09: 0000000000000000 [ 308.418912][ C1] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 308.426889][ C1] R13: 00007fce967b6128 R14: 00007fce967b6090 R15: 00007fff40a2ce48 [ 308.434860][ C1] [ 308.438200][ C1] Kernel Offset: disabled [ 308.442526][ C1] Rebooting in 86400 seconds..