last executing test programs: 5.243616029s ago: executing program 1 (id=3802): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000000c0)=@newtaction={0x68, 0x30, 0x871a15abc695fa3d, 0x0, 0x0, {}, [{0x54, 0x1, [@m_ctinfo={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_CTINFO_PARMS_DSCP_MASK={0x8, 0x5, 0x3f04}, @TCA_CTINFO_ACT={0x18, 0x3, {0x0, 0x1, 0xffffffffffffffff, 0x100}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x440c0}, 0x0) 5.032188292s ago: executing program 1 (id=3806): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e22, 0x9, @loopback, 0x6}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000040)=0x42, 0x4) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x23, @loopback, 0x23}, 0x1c) sendmmsg$inet6(r0, &(0x7f00000008c0)=[{{0x0, 0x0, &(0x7f0000003640)=[{&(0x7f0000002440)="4137a29b582bd471798f15f967e7f8118e1abf61ebd7d146a12a42f6ffd2340daaa8dcf6da818cc0efac75e8c35abbde7a18e0226b424f5557c71db5d327baccef203377178ddb12221cdaf45711a2535ae87e6ab62ccba71b6f2ac0f6c9ead0ec52116d305204537900daaad0d6e4dd9d3ad654711b72964f28b8b5d231d709bf3cd4a0477ef446e7da5eaa15cc39e9c57d89217e33a93e0132269c182e5d0186448a8e871cf560229a3cc36317ac47bae1596458badc9ebde2c707dea2e18f859e20f7595cce0a88485e5223b2c8fc383e37cbbfe8353e2a8eb6dc65d76746a31d8f206f3152176a502d3e582a3193f93b5e3e40cff645d93afca045741f99af1cba5b3b6dd6c2edd5e6c4505ae594aa23cbc8a143512180028d9b3984a2517ac9a15154460ff0f654df3f8cf1c13455cb5f440a67de7a6dad269c76e2625c35222985a47aa3b920d97dea05c43bc937361d33781f8057097ca11a9d90eea3d8ae56f0e57f3a6f32f8786e165305301a3d86367337d2651a27b8c222f349491648ba165a6ed9a1e5e5397a1ee963651c2d9c79d6d5b34941375b6b53abcc7882c4e57a63de2e32c30e41030f24ae6efee9e3446eab3b5407cc20f581095dde95241e3853c4864ea7ecd07888956d9375b9ef74be4454d7693b53ed6bd0644cd93945b2eb35a6ac7c34aa11facf27ca4463e2bb1eef7126a982f0de190d54bd6f6c2c9fecf37053894f4b8001fa9902cb9544f8394c96faa2767c0af169cf7c3e0c49d962d47061f788999120bc2144d3bdd4cd8dc5c6f00b10958416318ef9ea", 0x241}], 0x1}}, {{&(0x7f0000000380)={0xa, 0x4e24, 0xfffffff7, @mcast1, 0xbb}, 0x1c, &(0x7f00000003c0)=[{&(0x7f00000006c0)="04124c7f5b7e0e0b4a0c6c61", 0xc}], 0x1}}], 0x2, 0x4000001) r1 = dup(r0) read$FUSE(r1, 0x0, 0x0) 4.400098205s ago: executing program 3 (id=3816): socket$inet(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffeda}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1f}, 0x94) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$TCFLSH(0xffffffffffffffff, 0x400455c8, 0x2) bind$bt_hci(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) setgroups(0x0, 0x0) r4 = socket$netlink(0x10, 0x3, 0x4) writev(r4, &(0x7f00000005c0)=[{&(0x7f0000000000)="580000001400192340834b80040d8c560a11820fffff5bab4e210000000058000b4824ca945f6400940f6a0325010ebc000000000000008000f0fffeffe809005300fff5dd000002100001000a0c10000000e6ff224e0000", 0x58}], 0x1) lseek(0xffffffffffffffff, 0x10000000005, 0x0) socket$nl_route(0x10, 0x3, 0x0) openat$ppp(0xffffffffffffff9c, 0x0, 0xc0802, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB], 0xd) 4.368135554s ago: executing program 2 (id=3817): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=@newsa={0x158, 0x10, 0x413, 0x70bd28, 0x0, {{@in=@local, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x0, 0x0, 0x4e24, 0x0, 0x2, 0x20, 0x20}, {@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x32}, @in=@private=0xa010100, {0x4, 0x7, 0x0, 0x40000000000004, 0xffffffffffffffff, 0x6, 0x7f}, {0x0, 0xffffffffffffffff, 0x4}, {0xf6, 0x4, 0x4}, 0x0, 0x0, 0x2, 0x1, 0xfe}, [@algo_aead={0x67, 0x12, {{'rfc4309(ccm(aes))\x00'}, 0xd8, 0x60, "6fc3070b4f8f7330202b93875f2d67a6a77871db764ec62c9599d2"}}]}, 0x158}}, 0x804) 4.176122722s ago: executing program 4 (id=3819): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xd, &(0x7f00000004c0)=ANY=[@ANYBLOB="18020000000000000000000000000000850000002000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000009800000095"], &(0x7f0000000680)='syzkaller\x00'}, 0x6b) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 4.060478605s ago: executing program 0 (id=3820): bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000940)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_kthread_work_queue_work\x00', r1}, 0x10) socketpair(0x11, 0xa, 0x0, &(0x7f0000001080)) 3.445853078s ago: executing program 1 (id=3821): sendmsg$inet(0xffffffffffffffff, 0x0, 0x4008804) socket$kcm(0x10, 0x2, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ab4000000060a01040000000000000000020000280900010073797a30000000000900020073797a320000000088000480100001800c000100636f756e7465720014000180090001006d617371"], 0xdc}}, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x100) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001900)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00010000850000000d000000b7000000000000009500000000000000496cf2827fb43a431ca711fcc9cdfa146ec56175037958e271f60d25b7937f02c8695e5a1b2cdf41dc10d1e8bf076d83923dd29c034055b67dafe6c8dc3d5d78c07fa1f7e4d5b318e2ec0e0700897a74a0091ff110026e6d2ef831ab7ea0c34f17e3ad6ef3bb622003b538dfd8e012e79578e51bc53099e90fbdb2ca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e060e3670ef0e789f93781965f1328d6704902cbe0002476619f28d99cd0aa7b73340cc2160a1fe3c184b751c51160fbce841f8a97be6148ba532e6ea097a75dfebd31a08b32808b80200000000009dd27080e71113610e10d859e8327ef03fb6c86adac12233f9a1fb9c2aec61ce63a3462fd50117b89a9ab759b4eeb8cb000067d42b4e54861d0227dbfd2ed8576a3f7f3deadd7130856f756436303767d2e24f29e5dad9796edb697a6ea0180aabc18cae2ed4b4390af9a9ceafd07ed0030000002cab154ad029a119ca3c972780870014605c83d7d11c3c975d5aec84222fff0d7216fdb0d3a0ec4bfae563112f4b391aafe2348754000000000000007642d3e5a815212f5e16c1b30c3a2a71bc85018e5ff2c910496f18afc9ffc2cc5a788bee1b47683db01a46939868d75211bbae0e7313bff5d4c391ddece00fc772dd6b4d4d0a917b239fe12280fc92c88c5b8dcdcc22ee1747790a8992533ac2a9f5a699593f084419cae0b4183fb01c73f99857399537f5dc2acb72c7eae993fc9eb22d130665b6341da114f08cd0509d380578673fffffff7f23877a6b24db0e067345560942fa629fbef2461c96a08707671215c302fae29187d4f5c06a960fd37c10223fdae7ed04935c3c90d3add8eebc8619d73415e6adcda2130f5011e42e50adab988dd8e12baf5cc9398c88607a08009c2977aab37d9a44cfc1c7b4000000000000fa47742f6c5b9c4b11e7d7262a1457c39495c826b956ba859adfe38f01001bd7d5ca1664fe2f3ced8468911806e8916dc15e21644db60c2499d5d16d7d915836ab26c169482008ef069dc42749289f854797f2f900c2a12d8c38a967c1bbe09315c29877a331bc0004c3addb08141bdee5d27874b2f663ddeef0005b3d96c7aae73835d5a3cda9e90d76c1993e0799d4894ee7f8249dc1e3428d2129369ee1b85afa1a5be5f6eb2eea0d0df414b315f65112412392191fa83ee830548f11e1038debd64cbe359454a3f2239cfe35f81b7aded448859968ff0e90500d0b07c0dd00490f167e6d5c1109681739dc33f75b20428d6474a0a91ee90b8de802c6b538622e6bbcb80f87b4150900000000000000f75409000000000000001d695c4559b82cabac3cccadc1e1c19af4e03020abf5ff0433d660f20898d2a045d009a0ffb20a77c9af2b80c05184a66d30bbea2ca45a4d6d6d1e6e79aef42355a500587b603306a5af8d867d80a07f10d82eafb03062e95196d5e3ff010000000000000be959096ea948cfa8e7194123e918914a71ad5a8521fb9553bc60f7d9719b55b3abb6bba3d113a680a8d46fe074c83fbe378a3889e8145b2eaceab05ef932c6e4f8ef0ed0d818a7b76d839cf3c63ebb4380b168c38fa32e49563cfee3a7f0fc18bfa32c418cef875fb49e2989177a30280bc586e79a5dd8076c248e7d6e97b3ce267dd4e27b6ef206660090bb2164474cef378f97ca33fc03000000000000001547053453d0c9aec91a24079b21d52fb5516bf0c28ef37aa76442f6083dc99cd61afaf6be45d7b00d3639f2f10ac2d5c759c3e5468f5874c24411d415b6b085fb73a2c7c3852e0e658ffeb4e863428a792bee94f6cd895424360e0464f9d7ea425f2fa6aac029d15af607ad83532ff181c985f54b39370c06e63055b4d6a36fa98a44e379d28307c9912fb097601f3f88a2ca6fd1f9320cfe7fc8e9f7f15f02e177ce23f43a154b42e26f037e8a013709003f509e6e540c9ba9c2a589ac5d8ad67a65e9a44c576dc24452eaa9d819e2b04bdd1c000000070000000000000000000000005333c6199c12dcd926891927a7267c47cf897853d160100b39b613faefe16bed1fc105dddd77ab929b837d54aa17eb9fbdc2bdc0e98ae2c3f23a6131e2879f04ff01000030b92dd493be66c2242f8184733b80ba28e8ffffff7f00000000bb2f89049c5f6d63d56995747639964217aacfe548bc869098aa0500e51dbc9e2d4db3c5f79fd355222ec2a00cf7f2ccd6dd6d2dc2a815d8314221a5472f1318a9dfbec5a759579caf3262129b14e99040b5d91398e17df85c25ccae973eecc7d18716975c9cd848d566cc17587641ed01889c927da38d83314480b15e23138c5b877a72bd4cf74a299df4fbfc8e6ea96939f15d254d9033c5a45706bda78ab60200000000000000000000000000000000000000706f78f0a2ea9667fb5b951808545a46830970c2dfae01adbda7d29bf1f7abdaf52e0de6f9d7150808ed086642e64ebf98762b34338b80e41b704c3eefaf0bb5f7d895de17a10b0a0ea15ccc0d7a830b6eb33b6b61675511d693ef5e3c44bbf71cabc5175d879e7499f8baae2a1a09cf38da73297764fbc0e723e1cc3abb12e3076982ed32c94a2ce3e6f37c47e983da4ca5c96187db5a2a2e1742bc93a65d7187126126b3a80f17dd2f7dbbe82d104ede9ba6925afc2ee6cb94f56f1363cad635abf8f9836faa292c49c0ebf5005154c7b58a3a2a2e5a00d2f953a86d2fd92b8661264f781e3fb02d05a28f3f17b64d0258853d45cb5ebde10cd3d82eeed2f1ed925b7cf400304932c5ed0a362b235ce37e1f17700f7d1fecf8be8a2c5d25a9c60657560d05441387ff158a018d19a286c56d0886eb59d509ee63ba54e4153c132d0366a9660000000000000009c1aaec93ec0f925921fb2e9eb202a29bef28224dbabe723de5c584bc398a8792e493048c87f60a51a391e95921218149403558fd13c649f90b0911d57eeb298b590581eba1ce383b539ab80fd15445987b1bb4eb512545e1ab65fef310e10b1ee362b51c72f82edf2f502ddf52567775e34a56d1be892f1e62b08950d517fa6fb1b0ef2edf1b67f8644786116b037d4a36fdd30b000063e58c856ec44cbbc2d370553f832af9480215e09aaa3843fe360b1c293a14627f2cfbe278f31d0abc0f5aaa10926dbbfe8a4b131c13a73d4e6d065c2c0fed3ab8442520ce0e0ad7d2d177377ab197ace3ef8b1c24ceb0bdee84bd6e6317633938dd19dc42de7f8f860eca6d9c11465fcd3497526df4c13e3ba5f0d75365a4542ae9440d2fede416d618cdaaf7e038879c5d177b3876fda4121e15a00adb976064a93e8d000000000000903350932d3eef7fdada20c19807066e2c72d0d816eb9fa50be213bf6bbb7ccb9f2e8a153e6ced68f192ebed6e86af0f2cec7335fa8039fd6eb025440bc2a34d071f0a0e6774308a2c5986aa9200a1306ffa5a71ca69e89a6980612b35fc858f37c2c398515a910a35e22ab0573c10b85df4c2972a2fb8b9c080fbb41a753791df727fdeadc5cf218a6eda31312256191c620cce34d1e3bf40a4a207ab1575b399eb8155781bfc7cb5920b49c039935a888d77041814f60fbbcafa487ee96b368e8769da90b44190e569fe8b1d155d0765baaca5c5548b5a78bb43e5d9e47a1d5809bb178184b5672d08e29aecf1f572ac1e6cab7e820751e95999b7532603494d37a2bff300"/2742], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0xe80, 0x0, &(0x7f0000000100)="b9ff030f6044238cb89e14f088a81bff803500004000638477fbac14142ce934a0a662079f4b4d2f87e56dca6aab055013f208001a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000}, 0x2c) 3.366327819s ago: executing program 3 (id=3822): bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000580)=ANY=[], 0x48) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="4c00000002060108000034e4000000000000000005000100060000000500040000000000"], 0x4c}}, 0x2) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x54, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x2c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x84}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e22}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) 3.2384292s ago: executing program 4 (id=3823): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0x10}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, 0x0, 0x20000000) 3.238294406s ago: executing program 0 (id=3824): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x18, 0x140b, 0xe74f62710fc42ba3, 0x70bd28, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x18}, 0x1, 0x0, 0x0, 0x20001010}, 0x4000800) 3.237570759s ago: executing program 2 (id=3825): bpf$PROG_LOAD(0x5, 0x0, 0x0) socketpair(0x1, 0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xc, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060"], 0xb8}}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0x2, 0x0, 0x25dfdbfe, {{@in6=@private0, @in=@remote, 0x0, 0x4, 0x0, 0x0, 0xa, 0x60, 0x60, 0x3b, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {}, 0x9, 0x0, 0x0, 0x0, 0x2}}, 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x50) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9"], 0xb8}}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x40}, {0x1, 0x0, 0x9}, {0x0, 0x5}}}, 0xb8}}, 0x4000) 3.076225513s ago: executing program 3 (id=3826): bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0700000004000000000100000500000028000000", @ANYRES32, @ANYBLOB="0000d0bbe88c"], 0x50) 3.076093129s ago: executing program 0 (id=3827): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r2, 0x0, 0x39000, 0x0) splice(r1, 0x0, r0, 0x0, 0x408cd, 0x8) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 3.07472948s ago: executing program 1 (id=3828): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, 0x4, 0x6, 0x181, 0x0, 0x0, {0x3, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x8000) 3.009186516s ago: executing program 2 (id=3829): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r0 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r0, &(0x7f00000000c0), 0x12) readv(r0, &(0x7f0000000440)=[{&(0x7f0000000240)=""/74, 0x4a}], 0x1) 2.907671533s ago: executing program 4 (id=3830): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f0000000080), 0x1) sendto$inet6(r0, &(0x7f0000000040)='l', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f00000007c0)="87", 0x1, 0x4000, 0x0, 0xfffffffffffffe00) sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 2.896585856s ago: executing program 1 (id=3831): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e22, 0x9, @loopback, 0x6}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000040)=0x42, 0x4) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x23, @loopback, 0x23}, 0x1c) sendmmsg$inet6(r0, &(0x7f00000008c0)=[{{0x0, 0x0, &(0x7f0000003640)=[{&(0x7f0000002440)="4137a29b582bd471798f15f967e7f8118e1abf61ebd7d146a12a42f6ffd2340daaa8dcf6da818cc0efac75e8c35abbde7a18e0226b424f5557c71db5d327baccef203377178ddb12221cdaf45711a2535ae87e6ab62ccba71b6f2ac0f6c9ead0ec52116d305204537900daaad0d6e4dd9d3ad654711b72964f28b8b5d231d709bf3cd4a0477ef446e7da5eaa15cc39e9c57d89217e33a93e0132269c182e5d0186448a8e871cf560229a3cc36317ac47bae1596458badc9ebde2c707dea2e18f859e20f7595cce0a88485e5223b2c8fc383e37cbbfe8353e2a8eb6dc65d76746a31d8f206f3152176a502d3e582a3193f93b5e3e40cff645d93afca045741f99af1cba5b3b6dd6c2edd5e6c4505ae594aa23cbc8a143512180028d9b3984a2517ac9a15154460ff0f654df3f8cf1c13455cb5f440a67de7a6dad269c76e2625c35222985a47aa3b920d97dea05c43bc937361d33781f8057097ca11a9d90eea3d8ae56f0e57f3a6f32f8786e165305301a3d86367337d2651a27b8c222f349491648ba165a6ed9a1e5e5397a1ee963651c2d9c79d6d5b34941375b6b53abcc7882c4e57a63de2e32c30e41030f24ae6efee9e3446eab3b5407cc20f581095dde95241e3853c4864ea7ecd07888956d9375b9ef74be4454d7693b53ed6bd0644cd93945b2eb35a6ac7c34aa11facf27ca4463e2bb1eef7126a982f0de190d54bd6f6c2c9fecf37053894f4b8001fa9902cb9544f8394c96faa2767c0af169cf7c3e0c49d962d47061f788999120bc2144d3bdd4cd8dc5c6f00b10958416318ef9ea", 0x241}], 0x1}}, {{&(0x7f0000000380)={0xa, 0x4e24, 0xfffffff7, @mcast1, 0xbb}, 0x1c, &(0x7f00000003c0)=[{&(0x7f00000006c0)="04124c7f5b7e0e0b4a0c6c61", 0xc}], 0x1}}], 0x2, 0x4000001) r1 = dup(r0) read$FUSE(r1, 0x0, 0x0) 2.896492462s ago: executing program 3 (id=3832): ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, 0x0) keyctl$clear(0x3, 0xfffffffffffffffd) 2.844254692s ago: executing program 2 (id=3833): r0 = socket$l2tp6(0xa, 0x2, 0x73) sendmmsg$inet6(r0, &(0x7f0000000280)=[{{&(0x7f0000003e80)={0xa, 0x4e22, 0x5, @mcast1}, 0x1c, 0x0}}, {{&(0x7f0000000000)={0xa, 0x4e22, 0x8, @mcast2, 0x70fd}, 0x1c, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1400000001000000370000003c000000000000002000"], 0x34}}], 0x2, 0x4008810) 2.776558727s ago: executing program 2 (id=3834): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000740)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64-generic\x00'}, 0x58) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x9) r1 = accept4(r0, 0x0, 0x0, 0x0) sendto$packet(r1, &(0x7f00000002c0)='H5', 0x2, 0x20000001, 0x0, 0x0) 2.760069354s ago: executing program 3 (id=3835): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000003a80)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x5c, 0x3, 0xa, 0x301, 0x0, 0x0, {0x5}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x3}, @NFTA_CHAIN_HOOK={0x28, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_HOOK_HOOKNUM={0x8}, @NFTA_HOOK_DEV={0xc, 0x3, 'netdevsim0\x00'}]}]}], {0x14}}, 0xa4}, 0x1, 0x1000000}, 0x0) 2.660220351s ago: executing program 4 (id=3836): socket$kcm(0xa, 0x2, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8916, &(0x7f0000000040)={'veth1_macvtap\x00', @random="0200ac7f7f00"}) sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000011008188e6b62aa73f72cc9f0ba1f8483d0000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0) 2.636463084s ago: executing program 3 (id=3837): sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x4000010, 0xffffffffffffffff, 0x0) r0 = socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, r0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x2000000000000, 0xfffffdfffffffffe, 0xfa11, 0xffffffff}, 0x0) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[@ANYBLOB="9400000009060101000000000000000003000004740008800c00078008000a4000000433100007800a001100aaaaaaaaaabb00001c0007801800148014000240ff0100000000000000000000010000010c00078008001c4000000005100007800c0002800800014064010101100007800c00184000000000000000080c00078008001c4000000ec30c000780060004404e200000"], 0x94}, 0x1, 0x0, 0x0, 0x40000}, 0x8) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x4, &(0x7f00000001c0)={0xffffffffffffffff}, 0x13f, 0x1}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, &(0x7f0000000240)={0xe, 0x18, 0xfa00, @id_resuseaddr={0x0, r3}}, 0x20) quotactl_fd$Q_GETFMT(r2, 0xffffffff80000402, 0x0, &(0x7f00000000c0)) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) r4 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_int(r4, 0x29, 0x19, &(0x7f0000000000)=0x84, 0xfde1) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) socket$nl_xfrm(0x10, 0x3, 0x6) 2.102602209s ago: executing program 0 (id=3838): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000003b810000850000007d000000850000005000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000100)='sys_exit\x00', r0}, 0x10) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r1, 0x0, &(0x7f0000000040)) 1.928229055s ago: executing program 4 (id=3839): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=@ipv6_newrule={0x38, 0x20, 0x1, 0x0, 0x0, {0xa, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x17}, [@FIB_RULE_POLICY=@FRA_DPORT_RANGE={0x8, 0x18, {0x4e22, 0x4e22}}, @FRA_DST={0x14, 0x1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}]}, 0x38}}, 0x40000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000002c0)=@newlink={0x5c, 0x10, 0x439, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x3c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x2c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @IFLA_IPTUN_LOCAL={0x14, 0x2, @private2}]}}}]}, 0x5c}}, 0x0) 1.842383264s ago: executing program 1 (id=3840): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0x10}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, 0x0, 0x20000000) 1.831067452s ago: executing program 0 (id=3841): r0 = syz_open_dev$video(&(0x7f0000000080), 0x7, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x31424752, 0x18dc78d2, 0xffff8000, 0x3, @stepwise={{0xd, 0x6}, {0x9}, {0xae79, 0x6}}}) 1.698997732s ago: executing program 4 (id=3842): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/custom1\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="07000000040000002000", @ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/21], 0x50) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) ioctl$TUNSETOWNER(r2, 0x400454cc, 0xffffffffffffffff) bpf$BPF_GET_MAP_INFO(0x3, &(0x7f00000006c0)={r1, 0x58, &(0x7f0000000100)}, 0x87) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn']) renameat2(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000600)='./file5\x00', 0x2) r3 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r3, &(0x7f00000000c0)={0x1d, r4}, 0x18) userfaultfd(0x400) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a00100000000280", 0x2a}, {&(0x7f0000000400)="6a6f8e5e", 0x4}], 0x2}, 0x0) r6 = mq_open(&(0x7f0000000000)='eth0\x00', 0x42, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r6, &(0x7f0000000080)) r7 = mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x11, 0x0) r8 = syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x41c3, 0x800, 0x0, 0x335}, &(0x7f0000000080)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r9, r10, &(0x7f0000000300)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r6, 0x3, 0x0}) io_uring_enter(r8, 0x47ba, 0x98f1, 0x20, 0x0, 0x0) mq_timedsend(r7, 0x0, 0x0, 0x6, 0x0) 1.536165313s ago: executing program 0 (id=3843): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r0 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r0, &(0x7f00000000c0), 0x12) readv(r0, &(0x7f0000000440)=[{&(0x7f0000000240)=""/74, 0x4a}], 0x1) 0s ago: executing program 2 (id=3844): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40000000010800034000000014480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c0003801800008008000340000000020c0004400000000000000c7f14000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) kernel console output (not intermixed with test programs): _SYSCALL_64_after_hwframe+0x77/0x7f [ 933.574724][T12735] RIP: 0033:0x7fde6998ebe9 [ 933.574753][T12735] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 933.574778][T12735] RSP: 002b:00007fde6a88b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 933.574808][T12735] RAX: ffffffffffffffda RBX: 00007fde69bb6090 RCX: 00007fde6998ebe9 [ 933.574828][T12735] RDX: 0000000020004840 RSI: 0000200000000040 RDI: 0000000000000004 [ 933.574847][T12735] RBP: 00007fde69a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 933.574865][T12735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 933.574883][T12735] R13: 00007fde69bb6128 R14: 00007fde69bb6090 R15: 00007fff4c410d28 [ 933.574929][T12735] [ 934.048083][ T5931] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 934.057150][ T8461] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 934.066223][ T8461] usb 3-1: Manufacturer: syz [ 934.074639][ T8461] usb 3-1: config 0 descriptor?? [ 934.273548][ T5931] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 934.302473][ T5931] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 934.382153][ T5931] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 934.444697][ T5931] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 934.512384][ T5931] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 934.527229][ T5931] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 934.541361][ T5931] usb 4-1: Manufacturer: syz [ 934.708879][ T5931] usb 4-1: config 0 descriptor?? [ 934.752300][ T8461] appleir 0003:05AC:8243.0021: unknown main item tag 0x0 [ 934.918469][ T8461] appleir 0003:05AC:8243.0021: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0 [ 935.147900][ T5931] appleir 0003:05AC:8243.0022: unknown main item tag 0x0 [ 935.186462][ T5931] appleir 0003:05AC:8243.0022: hiddev1,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0 [ 936.100108][T12750] netlink: 304 bytes leftover after parsing attributes in process `syz.3.1795'. [ 936.626305][ T10] usb 3-1: reset high-speed USB device number 16 using dummy_hcd [ 936.786250][T12726] netlink: 304 bytes leftover after parsing attributes in process `syz.2.1794'. [ 936.863893][T12755] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 937.093404][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 937.112082][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 937.271937][T12755] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 937.437733][T12744] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 937.453559][T12744] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 937.966962][ T9041] usb 4-1: USB disconnect, device number 24 [ 938.609446][ T9631] usb 3-1: USB disconnect, device number 16 [ 939.376941][T12781] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$ULvyآDUDw}zR3p' [ 939.387719][T12781] CPU: 0 UID: 0 PID: 12781 Comm: syz.3.1806 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 939.387752][T12781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 939.387768][T12781] Call Trace: [ 939.387782][T12781] [ 939.387795][T12781] dump_stack_lvl+0x189/0x250 [ 939.387835][T12781] ? __pfx_dump_stack_lvl+0x10/0x10 [ 939.387871][T12781] ? __pfx__printk+0x10/0x10 [ 939.387904][T12781] ? kernfs_path_from_node+0x2c/0x260 [ 939.387936][T12781] ? kernfs_path_from_node+0x2c/0x260 [ 939.387963][T12781] ? kernfs_path_from_node+0x2c/0x260 [ 939.387997][T12781] ? kernfs_path_from_node+0x22c/0x260 [ 939.388026][T12781] ? kernfs_path_from_node+0x2c/0x260 [ 939.388059][T12781] sysfs_warn_dup+0x8e/0xa0 [ 939.388087][T12781] sysfs_do_create_link_sd+0xc0/0x110 [ 939.388118][T12781] device_add_class_symlinks+0x1cf/0x240 [ 939.388162][T12781] device_add+0x475/0xb50 [ 939.388204][T12781] wiphy_register+0x199a/0x26b0 [ 939.388259][T12781] ? __pfx_wiphy_register+0x10/0x10 [ 939.388289][T12781] ? minstrel_ht_alloc+0x6dd/0x7e0 [ 939.388333][T12781] ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0 [ 939.388374][T12781] ieee80211_register_hw+0x33e1/0x4120 [ 939.388432][T12781] ? ieee80211_register_hw+0x1471/0x4120 [ 939.388479][T12781] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 939.388521][T12781] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 939.388570][T12781] ? __hrtimer_setup+0x187/0x210 [ 939.388595][T12781] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 939.388640][T12781] mac80211_hwsim_new_radio+0x2f0e/0x5340 [ 939.388711][T12781] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 939.388745][T12781] ? trace_kmalloc+0x1f/0xd0 [ 939.388768][T12781] ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0 [ 939.388793][T12781] ? kstrndup+0xbf/0x160 [ 939.388837][T12781] hwsim_new_radio_nl+0xea4/0x1b10 [ 939.388886][T12781] ? __pfx___nla_validate_parse+0x10/0x10 [ 939.388936][T12781] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 939.388990][T12781] ? __nla_parse+0x40/0x60 [ 939.389024][T12781] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 939.389065][T12781] genl_family_rcv_msg_doit+0x215/0x300 [ 939.389100][T12781] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 939.389143][T12781] ? bpf_lsm_capable+0x9/0x20 [ 939.389173][T12781] ? security_capable+0x7e/0x2e0 [ 939.389213][T12781] genl_rcv_msg+0x60e/0x790 [ 939.389247][T12781] ? __pfx_genl_rcv_msg+0x10/0x10 [ 939.389272][T12781] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 939.389325][T12781] netlink_rcv_skb+0x205/0x470 [ 939.389360][T12781] ? __pfx_genl_rcv_msg+0x10/0x10 [ 939.389387][T12781] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 939.389442][T12781] ? down_read+0x1ad/0x2e0 [ 939.389474][T12781] genl_rcv+0x28/0x40 [ 939.389497][T12781] netlink_unicast+0x75c/0x8e0 [ 939.389542][T12781] netlink_sendmsg+0x805/0xb30 [ 939.389589][T12781] ? __pfx_netlink_sendmsg+0x10/0x10 [ 939.389633][T12781] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 939.389656][T12781] ? __pfx_netlink_sendmsg+0x10/0x10 [ 939.389692][T12781] __sock_sendmsg+0x21c/0x270 [ 939.389725][T12781] ____sys_sendmsg+0x505/0x830 [ 939.389771][T12781] ? __pfx_____sys_sendmsg+0x10/0x10 [ 939.389820][T12781] ? import_iovec+0x74/0xa0 [ 939.389859][T12781] ___sys_sendmsg+0x21f/0x2a0 [ 939.389906][T12781] ? __pfx____sys_sendmsg+0x10/0x10 [ 939.389993][T12781] ? __fget_files+0x2a/0x420 [ 939.390020][T12781] ? __fget_files+0x3a0/0x420 [ 939.390060][T12781] __x64_sys_sendmsg+0x19b/0x260 [ 939.390101][T12781] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 939.390152][T12781] ? rcu_is_watching+0x15/0xb0 [ 939.390185][T12781] ? do_syscall_64+0xbe/0x3b0 [ 939.390217][T12781] do_syscall_64+0xfa/0x3b0 [ 939.390243][T12781] ? lockdep_hardirqs_on+0x9c/0x150 [ 939.390267][T12781] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 939.390292][T12781] ? clear_bhb_loop+0x60/0xb0 [ 939.390323][T12781] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 939.390348][T12781] RIP: 0033:0x7f0d19b8ebe9 [ 939.390372][T12781] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 939.390396][T12781] RSP: 002b:00007f0d17db4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 939.390425][T12781] RAX: ffffffffffffffda RBX: 00007f0d19db6180 RCX: 00007f0d19b8ebe9 [ 939.390445][T12781] RDX: 0000000020004840 RSI: 0000200000000040 RDI: 0000000000000004 [ 939.390462][T12781] RBP: 00007f0d19c11e19 R08: 0000000000000000 R09: 0000000000000000 [ 939.390478][T12781] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 939.390493][T12781] R13: 00007f0d19db6218 R14: 00007f0d19db6180 R15: 00007fff968348e8 [ 939.390532][T12781] [ 940.250949][T12790] binder: 12783:12790 ioctl 4018620d 0 returned -22 [ 940.270576][T12790] binder: 12783:12790 ioctl c0306201 0 returned -14 [ 942.852546][T12807] netlink: 208 bytes leftover after parsing attributes in process `syz.3.1813'. [ 944.638202][T12807] syz.3.1813 (12807): drop_caches: 2 [ 948.116845][ T9631] usb 3-1: new full-speed USB device number 17 using dummy_hcd [ 949.248137][ T9631] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 949.266120][ T9631] usb 3-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 950.266386][ T9631] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 951.080647][ T9631] usb 3-1: config 0 descriptor?? [ 951.786543][ T9631] usb 3-1: can't set config #0, error -71 [ 951.841332][ T9631] usb 3-1: USB disconnect, device number 17 [ 952.056101][T12756] usb 4-1: new full-speed USB device number 25 using dummy_hcd [ 952.218428][T12756] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 952.263149][T12756] usb 4-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 952.375673][T12756] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 952.553520][T12756] usb 4-1: config 0 descriptor?? [ 952.605426][T12856] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 953.883507][T12756] elan 0003:04F3:0755.0023: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.3-1/input0 [ 954.766617][T12884] kAFS: Can only specify source 'none' with -o dyn [ 955.206266][ T5849] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 955.796123][ T5849] usb 3-1: Using ep0 maxpacket: 16 [ 955.805242][ T5849] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 955.816461][ T5849] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 955.826442][ T5849] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 955.839710][ T5849] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 955.849256][ T5849] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 955.860997][ T5849] usb 3-1: config 0 descriptor?? [ 956.140682][ T9631] usb 4-1: USB disconnect, device number 25 [ 956.280095][ T5849] microsoft 0003:045E:07DA.0024: unknown main item tag 0x1 [ 956.291767][ T5849] microsoft 0003:045E:07DA.0024: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 956.306271][ T5849] microsoft 0003:045E:07DA.0024: no inputs found [ 956.313296][ T5849] microsoft 0003:045E:07DA.0024: could not initialize ff, continuing anyway [ 956.487543][T12892] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 956.496777][T12892] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 958.247706][ T9631] usb 3-1: USB disconnect, device number 18 [ 985.981212][T12911] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1839'. [ 986.036054][T12913] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$ULvyآDUDw}zR3p' [ 986.047066][T12913] CPU: 1 UID: 0 PID: 12913 Comm: syz.1.1838 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 986.047099][T12913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 986.047116][T12913] Call Trace: [ 986.047130][T12913] [ 986.047143][T12913] dump_stack_lvl+0x189/0x250 [ 986.047182][T12913] ? __pfx_dump_stack_lvl+0x10/0x10 [ 986.047211][T12913] ? __pfx__printk+0x10/0x10 [ 986.047243][T12913] ? kernfs_path_from_node+0x2c/0x260 [ 986.047273][T12913] ? kernfs_path_from_node+0x2c/0x260 [ 986.047300][T12913] ? kernfs_path_from_node+0x2c/0x260 [ 986.047342][T12913] ? kernfs_path_from_node+0x22c/0x260 [ 986.047370][T12913] ? kernfs_path_from_node+0x2c/0x260 [ 986.047406][T12913] sysfs_warn_dup+0x8e/0xa0 [ 986.047436][T12913] sysfs_do_create_link_sd+0xc0/0x110 [ 986.047486][T12913] device_add_class_symlinks+0x1cf/0x240 [ 986.047530][T12913] device_add+0x475/0xb50 [ 986.047572][T12913] wiphy_register+0x199a/0x26b0 [ 986.047626][T12913] ? __pfx_wiphy_register+0x10/0x10 [ 986.047657][T12913] ? minstrel_ht_alloc+0x6dd/0x7e0 [ 986.047700][T12913] ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0 [ 986.047741][T12913] ieee80211_register_hw+0x33e1/0x4120 [ 986.047799][T12913] ? ieee80211_register_hw+0x1471/0x4120 [ 986.047847][T12913] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 986.047889][T12913] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 986.047938][T12913] ? __hrtimer_setup+0x187/0x210 [ 986.047963][T12913] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 986.048005][T12913] mac80211_hwsim_new_radio+0x2f0e/0x5340 [ 986.048078][T12913] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 986.048111][T12913] ? trace_kmalloc+0x1f/0xd0 [ 986.048131][T12913] ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0 [ 986.048156][T12913] ? kstrndup+0xbf/0x160 [ 986.048198][T12913] hwsim_new_radio_nl+0xea4/0x1b10 [ 986.048238][T12913] ? __pfx___nla_validate_parse+0x10/0x10 [ 986.048285][T12913] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 986.048345][T12913] ? __nla_parse+0x40/0x60 [ 986.048381][T12913] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 986.048421][T12913] genl_family_rcv_msg_doit+0x215/0x300 [ 986.048459][T12913] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 986.048505][T12913] ? bpf_lsm_capable+0x9/0x20 [ 986.048534][T12913] ? security_capable+0x7e/0x2e0 [ 986.048574][T12913] genl_rcv_msg+0x60e/0x790 [ 986.048609][T12913] ? __pfx_genl_rcv_msg+0x10/0x10 [ 986.048634][T12913] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 986.048687][T12913] netlink_rcv_skb+0x205/0x470 [ 986.048721][T12913] ? __pfx_genl_rcv_msg+0x10/0x10 [ 986.048749][T12913] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 986.048813][T12913] ? down_read+0x1ad/0x2e0 [ 986.048849][T12913] genl_rcv+0x28/0x40 [ 986.048872][T12913] netlink_unicast+0x75c/0x8e0 [ 986.048919][T12913] netlink_sendmsg+0x805/0xb30 [ 986.048967][T12913] ? __pfx_netlink_sendmsg+0x10/0x10 [ 986.049022][T12913] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 986.049047][T12913] ? __pfx_netlink_sendmsg+0x10/0x10 [ 986.049084][T12913] __sock_sendmsg+0x21c/0x270 [ 986.049119][T12913] ____sys_sendmsg+0x505/0x830 [ 986.049166][T12913] ? __pfx_____sys_sendmsg+0x10/0x10 [ 986.049217][T12913] ? import_iovec+0x74/0xa0 [ 986.049256][T12913] ___sys_sendmsg+0x21f/0x2a0 [ 986.049297][T12913] ? __pfx____sys_sendmsg+0x10/0x10 [ 986.049390][T12913] ? __fget_files+0x2a/0x420 [ 986.049419][T12913] ? __fget_files+0x3a0/0x420 [ 986.049460][T12913] __x64_sys_sendmsg+0x19b/0x260 [ 986.049503][T12913] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 986.049557][T12913] ? rcu_is_watching+0x15/0xb0 [ 986.049591][T12913] ? do_syscall_64+0xbe/0x3b0 [ 986.049624][T12913] do_syscall_64+0xfa/0x3b0 [ 986.049650][T12913] ? lockdep_hardirqs_on+0x9c/0x150 [ 986.049674][T12913] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 986.049699][T12913] ? clear_bhb_loop+0x60/0xb0 [ 986.049728][T12913] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 986.049752][T12913] RIP: 0033:0x7fb95938ebe9 [ 986.049774][T12913] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 986.049808][T12913] RSP: 002b:00007fb95a1d7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 986.049834][T12913] RAX: ffffffffffffffda RBX: 00007fb9595b6090 RCX: 00007fb95938ebe9 [ 986.049854][T12913] RDX: 0000000020004840 RSI: 0000200000000040 RDI: 0000000000000004 [ 986.049872][T12913] RBP: 00007fb959411e19 R08: 0000000000000000 R09: 0000000000000000 [ 986.049888][T12913] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 986.049904][T12913] R13: 00007fb9595b6128 R14: 00007fb9595b6090 R15: 00007ffeefc24888 [ 986.049945][T12913] [ 987.488752][ T5931] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 987.654600][T12922] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1842'. [ 987.739369][ T5931] usb 5-1: Using ep0 maxpacket: 16 [ 987.829620][ T5931] usb 5-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 987.872665][ T5931] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 987.898942][ T5931] usb 5-1: Product: syz [ 987.915836][ T5931] usb 5-1: Manufacturer: syz [ 987.923098][T12924] wg1 speed is unknown, defaulting to 1000 [ 987.929363][ T5931] usb 5-1: SerialNumber: syz [ 987.954424][ T5931] usb 5-1: config 0 descriptor?? [ 987.966935][ T5931] visor 5-1:0.0: Sony Clie 3.5 converter detected [ 988.301332][T12931] netlink: 'syz.0.1846': attribute type 10 has an invalid length. [ 988.387857][T12931] team0: Device hsr_slave_0 failed to register rx_handler [ 988.799262][T12931] syz.0.1846 (12931) used greatest stack depth: 18760 bytes left [ 988.914013][ T5931] usb 5-1: Sony Clie 3.5 converter now attached to ttyUSB0 [ 989.958995][ T9631] usb 5-1: USB disconnect, device number 29 [ 989.992032][ T9631] clie_3.5 ttyUSB0: Sony Clie 3.5 converter now disconnected from ttyUSB0 [ 990.001967][ T9631] visor 5-1:0.0: device disconnected [ 998.532519][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 998.539490][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 1004.308701][ T6008] usb 2-1: new full-speed USB device number 34 using dummy_hcd [ 1004.531730][T12948] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$ULvyآDUDw}zR3p' [ 1004.543117][T12948] CPU: 0 UID: 0 PID: 12948 Comm: syz.0.1847 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 1004.543142][T12948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1004.543154][T12948] Call Trace: [ 1004.543167][T12948] [ 1004.543177][T12948] dump_stack_lvl+0x189/0x250 [ 1004.543207][T12948] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1004.543227][T12948] ? __pfx__printk+0x10/0x10 [ 1004.543250][T12948] ? kernfs_path_from_node+0x2c/0x260 [ 1004.543273][T12948] ? kernfs_path_from_node+0x2c/0x260 [ 1004.543292][T12948] ? kernfs_path_from_node+0x2c/0x260 [ 1004.543314][T12948] ? kernfs_path_from_node+0x22c/0x260 [ 1004.543333][T12948] ? kernfs_path_from_node+0x2c/0x260 [ 1004.543356][T12948] sysfs_warn_dup+0x8e/0xa0 [ 1004.543405][T12948] sysfs_do_create_link_sd+0xc0/0x110 [ 1004.543427][T12948] device_add_class_symlinks+0x1cf/0x240 [ 1004.543458][T12948] device_add+0x475/0xb50 [ 1004.543486][T12948] wiphy_register+0x199a/0x26b0 [ 1004.543524][T12948] ? __pfx_wiphy_register+0x10/0x10 [ 1004.543544][T12948] ? minstrel_ht_alloc+0x6dd/0x7e0 [ 1004.543575][T12948] ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0 [ 1004.543604][T12948] ieee80211_register_hw+0x33e1/0x4120 [ 1004.543649][T12948] ? ieee80211_register_hw+0x1471/0x4120 [ 1004.543681][T12948] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 1004.543710][T12948] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1004.543746][T12948] ? __hrtimer_setup+0x187/0x210 [ 1004.543763][T12948] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 1004.543793][T12948] mac80211_hwsim_new_radio+0x2f0e/0x5340 [ 1004.543843][T12948] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1004.543866][T12948] ? trace_kmalloc+0x1f/0xd0 [ 1004.543882][T12948] ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0 [ 1004.543899][T12948] ? kstrndup+0xbf/0x160 [ 1004.543930][T12948] hwsim_new_radio_nl+0xea4/0x1b10 [ 1004.543957][T12948] ? __pfx___nla_validate_parse+0x10/0x10 [ 1004.543990][T12948] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1004.544025][T12948] ? __nla_parse+0x40/0x60 [ 1004.544048][T12948] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 1004.544075][T12948] genl_family_rcv_msg_doit+0x215/0x300 [ 1004.544099][T12948] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1004.544131][T12948] ? bpf_lsm_capable+0x9/0x20 [ 1004.544153][T12948] ? security_capable+0x7e/0x2e0 [ 1004.544181][T12948] genl_rcv_msg+0x60e/0x790 [ 1004.544204][T12948] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1004.544222][T12948] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1004.544257][T12948] netlink_rcv_skb+0x205/0x470 [ 1004.544281][T12948] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1004.544300][T12948] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1004.544338][T12948] ? down_read+0x1ad/0x2e0 [ 1004.544359][T12948] genl_rcv+0x28/0x40 [ 1004.544383][T12948] netlink_unicast+0x75c/0x8e0 [ 1004.544415][T12948] netlink_sendmsg+0x805/0xb30 [ 1004.544448][T12948] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1004.544479][T12948] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1004.544496][T12948] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1004.544521][T12948] __sock_sendmsg+0x21c/0x270 [ 1004.544544][T12948] ____sys_sendmsg+0x505/0x830 [ 1004.544575][T12948] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1004.544609][T12948] ? import_iovec+0x74/0xa0 [ 1004.544635][T12948] ___sys_sendmsg+0x21f/0x2a0 [ 1004.544663][T12948] ? __pfx____sys_sendmsg+0x10/0x10 [ 1004.544720][T12948] ? __fget_files+0x2a/0x420 [ 1004.544739][T12948] ? __fget_files+0x3a0/0x420 [ 1004.544766][T12948] __x64_sys_sendmsg+0x19b/0x260 [ 1004.544794][T12948] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1004.544835][T12948] ? do_syscall_64+0xbe/0x3b0 [ 1004.544858][T12948] do_syscall_64+0xfa/0x3b0 [ 1004.544876][T12948] ? lockdep_hardirqs_on+0x9c/0x150 [ 1004.544893][T12948] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1004.544909][T12948] ? clear_bhb_loop+0x60/0xb0 [ 1004.544929][T12948] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1004.544947][T12948] RIP: 0033:0x7fadb2f8ebe9 [ 1004.544966][T12948] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1004.544981][T12948] RSP: 002b:00007fadb11f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1004.545002][T12948] RAX: ffffffffffffffda RBX: 00007fadb31b6090 RCX: 00007fadb2f8ebe9 [ 1004.545015][T12948] RDX: 0000000020004840 RSI: 0000200000000040 RDI: 0000000000000004 [ 1004.545027][T12948] RBP: 00007fadb3011e19 R08: 0000000000000000 R09: 0000000000000000 [ 1004.545037][T12948] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1004.545047][T12948] R13: 00007fadb31b6128 R14: 00007fadb31b6090 R15: 00007fff30927f68 [ 1004.545074][T12948] [ 1005.575488][ T6008] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 1005.984751][ T6008] usb 2-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 1006.022348][ T6008] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1006.238211][ T6008] usb 2-1: config 0 descriptor?? [ 1006.253718][T12943] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1006.275193][T12956] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$ULvyآDUDw}zR3p' [ 1006.286678][T12956] CPU: 1 UID: 0 PID: 12956 Comm: syz.0.1852 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 1006.286704][T12956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1006.286716][T12956] Call Trace: [ 1006.286725][T12956] [ 1006.286733][T12956] dump_stack_lvl+0x189/0x250 [ 1006.286762][T12956] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1006.286782][T12956] ? __pfx__printk+0x10/0x10 [ 1006.286807][T12956] ? kernfs_path_from_node+0x2c/0x260 [ 1006.286829][T12956] ? kernfs_path_from_node+0x2c/0x260 [ 1006.286848][T12956] ? kernfs_path_from_node+0x2c/0x260 [ 1006.286871][T12956] ? kernfs_path_from_node+0x22c/0x260 [ 1006.286890][T12956] ? kernfs_path_from_node+0x2c/0x260 [ 1006.286912][T12956] sysfs_warn_dup+0x8e/0xa0 [ 1006.286931][T12956] sysfs_do_create_link_sd+0xc0/0x110 [ 1006.286952][T12956] device_add_class_symlinks+0x1cf/0x240 [ 1006.286990][T12956] device_add+0x475/0xb50 [ 1006.287017][T12956] wiphy_register+0x199a/0x26b0 [ 1006.287055][T12956] ? __pfx_wiphy_register+0x10/0x10 [ 1006.287076][T12956] ? minstrel_ht_alloc+0x6dd/0x7e0 [ 1006.287107][T12956] ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0 [ 1006.287137][T12956] ieee80211_register_hw+0x33e1/0x4120 [ 1006.287178][T12956] ? ieee80211_register_hw+0x1471/0x4120 [ 1006.287211][T12956] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 1006.287247][T12956] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1006.287290][T12956] ? __hrtimer_setup+0x187/0x210 [ 1006.287308][T12956] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 1006.287340][T12956] mac80211_hwsim_new_radio+0x2f0e/0x5340 [ 1006.287389][T12956] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1006.287413][T12956] ? trace_kmalloc+0x1f/0xd0 [ 1006.287427][T12956] ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0 [ 1006.287445][T12956] ? kstrndup+0xbf/0x160 [ 1006.287475][T12956] hwsim_new_radio_nl+0xea4/0x1b10 [ 1006.287502][T12956] ? __pfx___nla_validate_parse+0x10/0x10 [ 1006.287535][T12956] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1006.287562][T12956] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 1006.287597][T12956] ? __nla_parse+0x40/0x60 [ 1006.287621][T12956] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 1006.287647][T12956] genl_family_rcv_msg_doit+0x215/0x300 [ 1006.287672][T12956] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1006.287701][T12956] ? bpf_lsm_capable+0x9/0x20 [ 1006.287724][T12956] ? security_capable+0x7e/0x2e0 [ 1006.287753][T12956] genl_rcv_msg+0x60e/0x790 [ 1006.287776][T12956] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1006.287794][T12956] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1006.287830][T12956] netlink_rcv_skb+0x205/0x470 [ 1006.287854][T12956] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1006.287873][T12956] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1006.287910][T12956] ? down_read+0x1ad/0x2e0 [ 1006.287932][T12956] genl_rcv+0x28/0x40 [ 1006.287948][T12956] netlink_unicast+0x75c/0x8e0 [ 1006.288062][T12956] netlink_sendmsg+0x805/0xb30 [ 1006.288101][T12956] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1006.288134][T12956] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1006.288152][T12956] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1006.288178][T12956] __sock_sendmsg+0x21c/0x270 [ 1006.288206][T12956] ____sys_sendmsg+0x505/0x830 [ 1006.288242][T12956] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1006.288277][T12956] ? import_iovec+0x74/0xa0 [ 1006.288304][T12956] ___sys_sendmsg+0x21f/0x2a0 [ 1006.288333][T12956] ? __pfx____sys_sendmsg+0x10/0x10 [ 1006.288390][T12956] ? __fget_files+0x2a/0x420 [ 1006.288408][T12956] ? __fget_files+0x3a0/0x420 [ 1006.288437][T12956] __x64_sys_sendmsg+0x19b/0x260 [ 1006.288465][T12956] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1006.288507][T12956] ? do_syscall_64+0xbe/0x3b0 [ 1006.288530][T12956] do_syscall_64+0xfa/0x3b0 [ 1006.288548][T12956] ? lockdep_hardirqs_on+0x9c/0x150 [ 1006.288565][T12956] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1006.288581][T12956] ? clear_bhb_loop+0x60/0xb0 [ 1006.288602][T12956] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1006.288619][T12956] RIP: 0033:0x7fadb2f8ebe9 [ 1006.288638][T12956] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1006.288653][T12956] RSP: 002b:00007fadb11f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1006.288672][T12956] RAX: ffffffffffffffda RBX: 00007fadb31b6090 RCX: 00007fadb2f8ebe9 [ 1006.288685][T12956] RDX: 0000000020004840 RSI: 0000200000000040 RDI: 0000000000000004 [ 1006.288697][T12956] RBP: 00007fadb3011e19 R08: 0000000000000000 R09: 0000000000000000 [ 1006.288708][T12956] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1006.288718][T12956] R13: 00007fadb31b6128 R14: 00007fadb31b6090 R15: 00007fff30927f68 [ 1006.288747][T12956] [ 1007.751771][ T6008] elan 0003:04F3:0755.0025: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.1-1/input0 [ 1008.447382][T12964] kAFS: Can only specify source 'none' with -o dyn [ 1009.292383][ T6008] usb 2-1: USB disconnect, device number 34 [ 1009.746596][ T30] kauditd_printk_skb: 31 callbacks suppressed [ 1009.746619][ T30] audit: type=1326 audit(1755705636.215:364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12972 comm="syz.0.1859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadb2f8ebe9 code=0x7ffc0000 [ 1010.199167][ T30] audit: type=1326 audit(1755705636.215:365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12972 comm="syz.0.1859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadb2f8ebe9 code=0x7ffc0000 [ 1010.240265][ T30] audit: type=1326 audit(1755705636.215:366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12972 comm="syz.0.1859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=120 compat=0 ip=0x7fadb2f8ebe9 code=0x7ffc0000 [ 1010.257214][T12982] binder: 12981:12982 unknown command 0 [ 1010.292614][ T30] audit: type=1326 audit(1755705636.215:367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12972 comm="syz.0.1859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadb2f8ebe9 code=0x7ffc0000 [ 1010.312885][T12982] binder: 12981:12982 ioctl c0306201 200000000080 returned -22 [ 1010.324902][ T30] audit: type=1326 audit(1755705636.215:368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12972 comm="syz.0.1859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadb2f8ebe9 code=0x7ffc0000 [ 1010.348156][ T30] audit: type=1326 audit(1755705636.215:369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12972 comm="syz.0.1859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7fadb2f8ebe9 code=0x7ffc0000 [ 1010.604996][ T30] audit: type=1326 audit(1755705636.215:370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12972 comm="syz.0.1859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadb2f8ebe9 code=0x7ffc0000 [ 1010.627444][ T30] audit: type=1326 audit(1755705636.215:371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12972 comm="syz.0.1859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadb2f8ebe9 code=0x7ffc0000 [ 1010.705438][T12990] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$ULvyآDUDw}zR3p' [ 1010.716522][T12990] CPU: 1 UID: 0 PID: 12990 Comm: syz.4.1863 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 1010.716559][T12990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1010.716577][T12990] Call Trace: [ 1010.716590][T12990] [ 1010.716602][T12990] dump_stack_lvl+0x189/0x250 [ 1010.716644][T12990] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1010.716673][T12990] ? __pfx__printk+0x10/0x10 [ 1010.716707][T12990] ? kernfs_path_from_node+0x2c/0x260 [ 1010.716748][T12990] ? kernfs_path_from_node+0x2c/0x260 [ 1010.716777][T12990] ? kernfs_path_from_node+0x2c/0x260 [ 1010.716809][T12990] ? kernfs_path_from_node+0x22c/0x260 [ 1010.716839][T12990] ? kernfs_path_from_node+0x2c/0x260 [ 1010.716873][T12990] sysfs_warn_dup+0x8e/0xa0 [ 1010.716903][T12990] sysfs_do_create_link_sd+0xc0/0x110 [ 1010.716936][T12990] device_add_class_symlinks+0x1cf/0x240 [ 1010.716979][T12990] device_add+0x475/0xb50 [ 1010.717020][T12990] wiphy_register+0x199a/0x26b0 [ 1010.717075][T12990] ? __pfx_wiphy_register+0x10/0x10 [ 1010.717105][T12990] ? minstrel_ht_alloc+0x6dd/0x7e0 [ 1010.717149][T12990] ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0 [ 1010.717190][T12990] ieee80211_register_hw+0x33e1/0x4120 [ 1010.717248][T12990] ? ieee80211_register_hw+0x1471/0x4120 [ 1010.717295][T12990] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 1010.717338][T12990] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1010.717388][T12990] ? __hrtimer_setup+0x187/0x210 [ 1010.717413][T12990] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 1010.717456][T12990] mac80211_hwsim_new_radio+0x2f0e/0x5340 [ 1010.717561][T12990] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1010.717595][T12990] ? trace_kmalloc+0x1f/0xd0 [ 1010.717617][T12990] ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0 [ 1010.717642][T12990] ? kstrndup+0xbf/0x160 [ 1010.717687][T12990] hwsim_new_radio_nl+0xea4/0x1b10 [ 1010.717726][T12990] ? __pfx___nla_validate_parse+0x10/0x10 [ 1010.717784][T12990] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1010.717837][T12990] ? __nla_parse+0x40/0x60 [ 1010.717871][T12990] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 1010.717912][T12990] genl_family_rcv_msg_doit+0x215/0x300 [ 1010.717948][T12990] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1010.717992][T12990] ? bpf_lsm_capable+0x9/0x20 [ 1010.718022][T12990] ? security_capable+0x7e/0x2e0 [ 1010.718064][T12990] genl_rcv_msg+0x60e/0x790 [ 1010.718099][T12990] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1010.718124][T12990] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1010.718177][T12990] netlink_rcv_skb+0x205/0x470 [ 1010.718213][T12990] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1010.718241][T12990] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1010.718297][T12990] ? down_read+0x1ad/0x2e0 [ 1010.718330][T12990] genl_rcv+0x28/0x40 [ 1010.718351][T12990] netlink_unicast+0x75c/0x8e0 [ 1010.718397][T12990] netlink_sendmsg+0x805/0xb30 [ 1010.718444][T12990] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1010.718490][T12990] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1010.718513][T12990] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1010.718549][T12990] __sock_sendmsg+0x21c/0x270 [ 1010.718582][T12990] ____sys_sendmsg+0x505/0x830 [ 1010.718628][T12990] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1010.718678][T12990] ? import_iovec+0x74/0xa0 [ 1010.718716][T12990] ___sys_sendmsg+0x21f/0x2a0 [ 1010.718770][T12990] ? __pfx____sys_sendmsg+0x10/0x10 [ 1010.718855][T12990] ? __fget_files+0x2a/0x420 [ 1010.718883][T12990] ? __fget_files+0x3a0/0x420 [ 1010.718929][T12990] __x64_sys_sendmsg+0x19b/0x260 [ 1010.718971][T12990] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1010.719023][T12990] ? rcu_is_watching+0x15/0xb0 [ 1010.719057][T12990] ? do_syscall_64+0xbe/0x3b0 [ 1010.719091][T12990] do_syscall_64+0xfa/0x3b0 [ 1010.719117][T12990] ? lockdep_hardirqs_on+0x9c/0x150 [ 1010.719142][T12990] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1010.719167][T12990] ? clear_bhb_loop+0x60/0xb0 [ 1010.719197][T12990] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1010.719221][T12990] RIP: 0033:0x7fde6998ebe9 [ 1010.719244][T12990] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1010.719267][T12990] RSP: 002b:00007fde6a86a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1010.719295][T12990] RAX: ffffffffffffffda RBX: 00007fde69bb6180 RCX: 00007fde6998ebe9 [ 1010.719313][T12990] RDX: 0000000020004840 RSI: 0000200000000040 RDI: 0000000000000004 [ 1010.719330][T12990] RBP: 00007fde69a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 1010.719346][T12990] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1010.719362][T12990] R13: 00007fde69bb6218 R14: 00007fde69bb6180 R15: 00007fff4c410d28 [ 1010.719401][T12990] [ 1010.725802][ T30] audit: type=1326 audit(1755705636.215:372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12972 comm="syz.0.1859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fadb2f8d550 code=0x7ffc0000 [ 1011.156367][T12756] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 1011.670177][ T30] audit: type=1326 audit(1755705636.215:373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12972 comm="syz.0.1859" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadb2f8ebe9 code=0x7ffc0000 [ 1011.693794][ C1] vkms_vblank_simulate: vblank timer overrun [ 1012.389581][T12756] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 1012.975048][T12756] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1013.046380][T12756] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1013.063534][T13003] binder: 12998:13003 unknown command 0 [ 1013.070262][T13003] binder: 12998:13003 ioctl c0306201 200000000080 returned -22 [ 1013.262554][T12756] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 1014.073376][T12756] usb 4-1: string descriptor 0 read error: -71 [ 1014.084828][T12756] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 1014.116146][T12756] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 1014.177703][T12756] usb 4-1: config 0 descriptor?? [ 1014.258949][T12756] usb 4-1: can't set config #0, error -71 [ 1014.269664][T12756] usb 4-1: USB disconnect, device number 26 [ 1016.288456][T12756] usb 4-1: new full-speed USB device number 27 using dummy_hcd [ 1017.384087][T12756] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 1017.409709][T12756] usb 4-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 1017.421310][T12756] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1017.470888][T12756] usb 4-1: config 0 descriptor?? [ 1017.529611][T13023] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1017.557511][T13036] binder: 13035:13036 unknown command 0 [ 1017.577336][T13036] binder: 13035:13036 ioctl c0306201 200000000080 returned -22 [ 1017.903367][T13040] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1875'. [ 1018.259248][T12756] elan 0003:04F3:0755.0026: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.3-1/input0 [ 1019.866423][T13049] kAFS: Can only specify source 'none' with -o dyn [ 1020.466091][T13056] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1021.068380][T13060] netlink: 'syz.4.1881': attribute type 3 has an invalid length. [ 1021.246292][ T6008] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 1021.336533][T12756] usb 4-1: USB disconnect, device number 27 [ 1021.934720][ T6008] usb 1-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 1022.130861][ T6008] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1022.215448][ T6008] usb 1-1: Product: syz [ 1022.250036][ T6008] usb 1-1: Manufacturer: syz [ 1022.293231][ T6008] usb 1-1: SerialNumber: syz [ 1022.450322][ T6008] usb 1-1: config 0 descriptor?? [ 1022.460289][ T6008] ch341 1-1:0.0: ch341-uart converter detected [ 1022.517429][T13075] binder: 13074:13075 unknown command 0 [ 1022.523543][T13075] binder: 13074:13075 ioctl c0306201 200000000080 returned -22 [ 1024.546633][ T6008] usb 1-1: failed to send control message: -110 [ 1024.553970][ T6008] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -110 [ 1024.812758][T13089] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1889'. [ 1024.918365][T13095] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1889'. [ 1026.506991][ T6008] usb 1-1: USB disconnect, device number 31 [ 1026.594631][ T6008] ch341 1-1:0.0: device disconnected [ 1027.222079][T13104] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1028.599159][ T6008] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 1028.848913][ T6008] usb 4-1: config 0 has an invalid interface number: 168 but max is 0 [ 1028.943893][ T6008] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1029.069020][ T6008] usb 4-1: config 0 has no interface number 0 [ 1029.079596][ T6008] usb 4-1: config 0 interface 168 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1029.172832][ T6008] usb 4-1: config 0 interface 168 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 16 [ 1029.211542][ T6008] usb 4-1: New USB device found, idVendor=0959, idProduct=2bd0, bcdDevice=48.98 [ 1029.228273][ T6008] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1029.330309][ T6008] usb 4-1: config 0 descriptor?? [ 1029.731572][ T6008] HFC-S_USB 4-1:0.168: probe with driver HFC-S_USB failed with error -5 [ 1030.306426][T13127] vivid-002: disconnect [ 1030.558090][T13127] vivid-002: reconnect [ 1030.703100][T12756] usb 4-1: USB disconnect, device number 28 [ 1032.388892][T13144] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$ULvyآDUDw}zR3p' [ 1032.399999][T13144] CPU: 1 UID: 0 PID: 13144 Comm: syz.1.1902 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 1032.400036][T13144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1032.400055][T13144] Call Trace: [ 1032.400070][T13144] [ 1032.400083][T13144] dump_stack_lvl+0x189/0x250 [ 1032.400124][T13144] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1032.400154][T13144] ? __pfx__printk+0x10/0x10 [ 1032.400192][T13144] ? __rcu_read_unlock+0x84/0xe0 [ 1032.400226][T13144] ? kernfs_path_from_node+0x2c/0x260 [ 1032.400270][T13144] ? kernfs_path_from_node+0x22c/0x260 [ 1032.400298][T13144] ? kernfs_path_from_node+0x2c/0x260 [ 1032.400333][T13144] sysfs_warn_dup+0x8e/0xa0 [ 1032.400363][T13144] sysfs_do_create_link_sd+0xc0/0x110 [ 1032.400397][T13144] device_add_class_symlinks+0x1cf/0x240 [ 1032.400440][T13144] device_add+0x475/0xb50 [ 1032.400482][T13144] wiphy_register+0x199a/0x26b0 [ 1032.400515][T13144] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 1032.400560][T13144] ? __pfx_wiphy_register+0x10/0x10 [ 1032.400614][T13144] ieee80211_register_hw+0x33e1/0x4120 [ 1032.400674][T13144] ? ieee80211_register_hw+0x1471/0x4120 [ 1032.400722][T13144] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 1032.400766][T13144] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1032.400814][T13144] ? __hrtimer_setup+0x187/0x210 [ 1032.400838][T13144] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 1032.400881][T13144] mac80211_hwsim_new_radio+0x2f0e/0x5340 [ 1032.400957][T13144] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1032.400998][T13144] ? hwsim_new_radio_nl+0xe8d/0x1b10 [ 1032.401040][T13144] hwsim_new_radio_nl+0xea4/0x1b10 [ 1032.401081][T13144] ? __pfx___nla_validate_parse+0x10/0x10 [ 1032.401132][T13144] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1032.401186][T13144] ? __nla_parse+0x40/0x60 [ 1032.401222][T13144] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 1032.401267][T13144] genl_family_rcv_msg_doit+0x215/0x300 [ 1032.401315][T13144] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1032.401360][T13144] ? bpf_lsm_capable+0x9/0x20 [ 1032.401392][T13144] ? security_capable+0x7e/0x2e0 [ 1032.401434][T13144] genl_rcv_msg+0x60e/0x790 [ 1032.401480][T13144] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1032.401505][T13144] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1032.401546][T13144] ? irqentry_exit+0x74/0x90 [ 1032.401587][T13144] netlink_rcv_skb+0x205/0x470 [ 1032.401623][T13144] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1032.401651][T13144] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1032.401681][T13144] ? lock_acquire+0x175/0x360 [ 1032.401727][T13144] ? down_read+0x1ad/0x2e0 [ 1032.401759][T13144] genl_rcv+0x28/0x40 [ 1032.401783][T13144] netlink_unicast+0x75c/0x8e0 [ 1032.401828][T13144] netlink_sendmsg+0x805/0xb30 [ 1032.401875][T13144] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1032.401920][T13144] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1032.401949][T13144] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1032.401985][T13144] __sock_sendmsg+0x21c/0x270 [ 1032.402020][T13144] ____sys_sendmsg+0x505/0x830 [ 1032.402067][T13144] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1032.402117][T13144] ? import_iovec+0x74/0xa0 [ 1032.402156][T13144] ___sys_sendmsg+0x21f/0x2a0 [ 1032.402197][T13144] ? __pfx____sys_sendmsg+0x10/0x10 [ 1032.402286][T13144] ? __fget_files+0x2a/0x420 [ 1032.402313][T13144] ? __fget_files+0x3a0/0x420 [ 1032.402354][T13144] __x64_sys_sendmsg+0x19b/0x260 [ 1032.402396][T13144] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1032.402447][T13144] ? rcu_is_watching+0x15/0xb0 [ 1032.402481][T13144] ? do_syscall_64+0xbe/0x3b0 [ 1032.402514][T13144] do_syscall_64+0xfa/0x3b0 [ 1032.402543][T13144] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1032.402567][T13144] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 1032.402590][T13144] ? clear_bhb_loop+0x60/0xb0 [ 1032.402620][T13144] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1032.402645][T13144] RIP: 0033:0x7fb95938ebe9 [ 1032.402667][T13144] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1032.402691][T13144] RSP: 002b:00007fb95a1b6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1032.402718][T13144] RAX: ffffffffffffffda RBX: 00007fb9595b6180 RCX: 00007fb95938ebe9 [ 1032.402736][T13144] RDX: 0000000020004840 RSI: 0000200000000040 RDI: 0000000000000004 [ 1032.402753][T13144] RBP: 00007fb959411e19 R08: 0000000000000000 R09: 0000000000000000 [ 1032.402769][T13144] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1032.402784][T13144] R13: 00007fb9595b6218 R14: 00007fb9595b6180 R15: 00007ffeefc24888 [ 1032.402823][T13144] [ 1032.845441][ C1] vkms_vblank_simulate: vblank timer overrun [ 1033.729451][T13143] netlink: 'syz.0.1905': attribute type 10 has an invalid length. [ 1033.738321][T13143] team0: Device hsr_slave_0 failed to register rx_handler [ 1034.995385][T13157] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1039.034672][T13185] binder: 13177:13185 unknown command 0 [ 1039.040958][T13185] binder: 13177:13185 ioctl c0306201 200000000080 returned -22 [ 1039.087260][T13185] binder: BINDER_SET_CONTEXT_MGR already set [ 1039.093529][T13185] binder: 13177:13185 ioctl 4018620d 200000000040 returned -16 [ 1040.263471][T13195] overlayfs: failed to resolve './file1': -2 [ 1040.273812][T13193] syz_tun: entered promiscuous mode [ 1040.288058][T13193] batadv_slave_0: entered promiscuous mode [ 1040.299979][T13193] hsr1: entered allmulticast mode [ 1040.305412][T13193] syz_tun: entered allmulticast mode [ 1040.321066][T13193] batadv_slave_0: entered allmulticast mode [ 1043.232240][T13237] netlink: 'syz.1.1930': attribute type 9 has an invalid length. [ 1043.276592][T13243] syzkaller0: entered promiscuous mode [ 1043.283790][T13243] syzkaller0: entered allmulticast mode [ 1043.739624][T13254] netlink: 'syz.2.1938': attribute type 10 has an invalid length. [ 1043.764932][T13254] syz_tun: entered promiscuous mode [ 1043.891537][T13254] : (slave syz_tun): Enslaving as an active interface with an up link [ 1044.982218][T13287] netlink: 204 bytes leftover after parsing attributes in process `syz.1.1950'. [ 1045.830897][T13319] syzkaller0: entered promiscuous mode [ 1045.839428][T13319] syzkaller0: entered allmulticast mode [ 1046.454631][T13340] usb usb9: usbfs: process 13340 (syz.0.1968) did not claim interface 1 before use [ 1046.566753][T13345] netlink: 'syz.0.1970': attribute type 10 has an invalid length. [ 1046.774993][T13355] binder: 13354:13355 ioctl c0306201 200000000080 returned -14 [ 1046.805224][T13355] binder: 13354:13355 ioctl c0306201 200000000180 returned -14 [ 1046.886046][ T5849] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 1046.896181][ T6008] usb 3-1: new low-speed USB device number 19 using dummy_hcd [ 1047.060844][ T5849] usb 2-1: Using ep0 maxpacket: 32 [ 1047.075416][ T6008] usb 3-1: config 0 has an invalid interface number: 55 but max is 0 [ 1047.083022][ T5849] usb 2-1: config index 0 descriptor too short (expected 29220, got 36) [ 1047.098827][ T6008] usb 3-1: config 0 has no interface number 0 [ 1047.104726][ T5849] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 1047.105021][ T6008] usb 3-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1047.131074][ T5849] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 1047.152575][ T6008] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 1047.155829][ T5849] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1047.164502][ T6008] usb 3-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 1047.174798][ T5849] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 1047.196599][ T6008] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 1047.197765][ T5849] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 1047.221359][ T6008] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 1047.221405][ T6008] usb 3-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 1047.221462][ T6008] usb 3-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 1047.221489][ T6008] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1047.225141][ T6008] usb 3-1: config 0 descriptor?? [ 1047.236483][ T5849] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 1047.272891][T13350] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 1047.315784][T13350] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 1047.338740][ T5849] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1047.349511][T13370] netlink: 'syz.0.1981': attribute type 7 has an invalid length. [ 1047.363170][T13370] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1981'. [ 1047.367764][ T5849] usb 2-1: config 0 descriptor?? [ 1047.392704][ T6008] ldusb 3-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 1047.436873][T13375] overlayfs: upper fs does not support file handles, falling back to index=off. [ 1047.601898][ T6008] usb 3-1: USB disconnect, device number 19 [ 1047.616556][ T6008] ldusb 3-1:0.55: LD USB Device #0 now disconnected [ 1047.643879][ T5849] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 35 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 1047.678801][ T5849] usb 2-1: USB disconnect, device number 35 [ 1047.714114][ T5849] usblp0: removed [ 1048.186036][ T5849] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 1048.350926][ T5849] usb 2-1: Using ep0 maxpacket: 32 [ 1048.374497][ T5849] usb 2-1: config index 0 descriptor too short (expected 29220, got 36) [ 1048.388033][ T5849] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 1048.397215][ T5849] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 1048.406792][ T5849] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1048.446205][ T5849] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 1048.479289][ T5849] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 1048.519522][ T5849] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 1048.540948][ T5849] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1048.558149][ T5849] usb 2-1: config 0 descriptor?? [ 1048.993873][ T5849] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 36 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 1049.174691][T13428] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2005'. [ 1049.205296][ T5849] usb 2-1: USB disconnect, device number 36 [ 1049.225587][ T5849] usblp0: removed [ 1049.278039][T13430] 9pnet: p9_errstr2errno: server reported unknown error ?n [ 1049.278039][T13430] kl [ 1049.580528][T13446] syz_tun: entered allmulticast mode [ 1049.653741][T13445] syz_tun: left allmulticast mode [ 1049.701973][T13451] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 1049.718148][T13451] VFS: Can't find a romfs filesystem on dev nullb0. [ 1049.718148][T13451] [ 1049.946821][T11251] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 1050.106190][T11251] usb 3-1: Using ep0 maxpacket: 8 [ 1050.114343][T11251] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1050.123757][T11251] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 1050.136682][T11251] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1050.157124][T11251] usb 3-1: config 0 descriptor?? [ 1050.233779][T13473] loop6: detected capacity change from 0 to 2560 [ 1050.558583][T13453] block device autoloading is deprecated and will be removed. [ 1050.592952][T11251] mcp2221 0003:04D8:00DD.0027: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.2-1/input0 [ 1050.828473][ T5849] usb 3-1: USB disconnect, device number 20 [ 1051.007677][ T13] bond0: (slave bond_slave_0): interface is now down [ 1051.034296][ T13] bond0: (slave bond_slave_1): interface is now down [ 1051.050737][ T13] bond0: (slave wlan1): interface is now down [ 1051.065212][ T13] bond0: now running without any active interface! [ 1051.627898][ T79] bond0: (slave bond_slave_0): interface is now down [ 1051.627985][ T79] bond0: (slave bond_slave_1): interface is now down [ 1051.628003][ T79] bond0: (slave team0): interface is now down [ 1051.652020][ T79] bond0: now running without any active interface! [ 1051.850713][T13525] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 1052.152126][T13529] wg1 speed is unknown, defaulting to 1000 [ 1052.479238][T13550] syzkaller1: entered promiscuous mode [ 1052.485209][T13550] syzkaller1: entered allmulticast mode [ 1054.292999][T13595] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1055.325181][T13606] netlink: 'syz.2.2076': attribute type 1 has an invalid length. [ 1055.496332][T13610] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2076'. [ 1059.199127][T13606] workqueue: Failed to create a rescuer kthread for wq "bond0": -EINTR [ 1059.201717][T13605] workqueue: Failed to create a rescuer kthread for wq "bond0": -EINTR [ 1059.966634][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 1059.994091][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 1060.426646][ T5930] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 1060.599159][ T5930] usb 5-1: too many configurations: 9, using maximum allowed: 8 [ 1060.617861][ T5930] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1060.631046][ T5930] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1060.652907][ T5930] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1060.697474][ T5930] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1060.714551][ T5930] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1060.736206][ T5930] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1060.751302][ T5930] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1060.766401][ T5930] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1060.782715][ T5930] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1060.811075][ T5930] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1060.824810][ T5930] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1060.886069][ T5930] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1060.900010][ T5930] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1060.927246][ T5930] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1060.954631][ T5930] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1060.977874][ T5930] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1060.993973][ T5930] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1061.024515][ T5930] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1061.048324][ T5930] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1061.067354][ T5930] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1061.103347][ T5930] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1061.123155][ T5930] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1061.153432][ T5930] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1061.185493][ T5930] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1061.204049][ T5930] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 1061.228095][ T5930] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 1061.257508][ T5930] usb 5-1: Product: syz [ 1061.269988][ T5930] usb 5-1: Manufacturer: syz [ 1061.279469][ T5930] usb 5-1: SerialNumber: syz [ 1061.299544][ T5930] usb 5-1: config 0 descriptor?? [ 1061.312610][T13714] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2117'. [ 1061.332390][ T5930] yurex 5-1:0.0: USB YUREX device now attached to Yurex #0 [ 1061.552652][T13720] sctp: [Deprecated]: syz.2.2118 (pid 13720) Use of int in max_burst socket option. [ 1061.552652][T13720] Use struct sctp_assoc_value instead [ 1061.665342][ T6008] usb 5-1: USB disconnect, device number 30 [ 1061.676509][ T6008] yurex 5-1:0.0: USB YUREX #0 now disconnected [ 1064.034925][T13797] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1064.851298][T13823] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2153'. [ 1065.827333][T13861] netlink: del zone limit has 4 unknown bytes [ 1066.011624][T13867] syzkaller0: entered promiscuous mode [ 1066.029005][T13867] syzkaller0: entered allmulticast mode [ 1066.058208][T13872] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2169'. [ 1066.715637][T13889] kvm: vcpu 0: requested 1664 ns lapic timer period limited to 200000 ns [ 1068.533671][T13981] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2216'. [ 1068.836203][ T5854] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 1069.310905][T14019] kvm: pic: non byte write [ 1069.875674][T14045] netlink: 'syz.1.2242': attribute type 3 has an invalid length. [ 1069.906539][T14045] netlink: 'syz.1.2242': attribute type 3 has an invalid length. [ 1070.832056][T14088] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1072.379414][ T8461] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 1072.570367][ T8461] usb 4-1: Using ep0 maxpacket: 8 [ 1072.597886][ T8461] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 1072.605498][ T8461] usb 4-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 1072.642246][ T8461] usb 4-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 1072.687004][ T8461] usb 4-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1072.727897][ T8461] usb 4-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1072.749561][ T8461] usb 4-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1072.772797][ T8461] usb 4-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 1072.790854][ T8461] usb 4-1: config 168 interface 0 has no altsetting 0 [ 1072.800558][ T8461] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 1072.812512][ T8461] usb 4-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 1072.824019][ T8461] usb 4-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 1072.843909][ T8461] usb 4-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1072.879922][ T8461] usb 4-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1072.910542][ T8461] usb 4-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1072.946240][ T8461] usb 4-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 1073.001958][ T8461] usb 4-1: config 168 interface 0 has no altsetting 0 [ 1073.023884][ T8461] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 1073.041968][ T8461] usb 4-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 1073.077072][ T8461] usb 4-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 1073.118518][ T8461] usb 4-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1073.160881][ T8461] usb 4-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1073.202904][ T8461] usb 4-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1073.245481][ T8461] usb 4-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 1073.299636][ T8461] usb 4-1: config 168 interface 0 has no altsetting 0 [ 1073.335188][ T8461] usb 4-1: string descriptor 0 read error: -22 [ 1073.352072][ T8461] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 1073.391600][ T8461] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1073.429710][ T8461] adutux 4-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 1073.642909][ T8461] usb 4-1: USB disconnect, device number 29 [ 1074.768763][T14180] netlink: 'syz.0.2299': attribute type 10 has an invalid length. [ 1075.122897][T14182] syzkaller0: entered promiscuous mode [ 1075.151445][T14182] syzkaller0: entered allmulticast mode [ 1075.696188][T14194] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2305'. [ 1076.046033][T14207] overlayfs: failed to resolve './file1': -2 [ 1076.533975][T14226] netlink: 9896 bytes leftover after parsing attributes in process `syz.3.2319'. [ 1076.683729][T14232] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2321'. [ 1076.717784][T14229] syzkaller0: entered promiscuous mode [ 1076.723546][T14229] syzkaller0: entered allmulticast mode [ 1077.032192][T14242] overlayfs: failed to resolve './file1': -2 [ 1077.082089][T14244] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2326'. [ 1077.284750][T14245] syzkaller0: create flow: hash 927219590 index 1 [ 1077.334833][T14240] syzkaller0: entered promiscuous mode [ 1077.366157][T14240] syzkaller0: entered allmulticast mode [ 1077.385788][ T3453] syzkaller0: tun_net_xmit 48 [ 1077.596209][T14238] syzkaller0: delete flow: hash 927219590 index 1 [ 1082.784069][T14341] wg1 speed is unknown, defaulting to 1000 [ 1082.784262][T14347] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2365'. [ 1083.021182][T14355] binder: 14353:14355 ioctl 4018620d 0 returned -22 [ 1084.375261][T14391] overlayfs: failed to resolve './file1': -2 [ 1084.580590][T14399] binder: BINDER_SET_CONTEXT_MGR already set [ 1084.602483][T14399] binder: 14396:14399 ioctl 4018620d 200000004a80 returned -16 [ 1085.333317][T14440] binder: BINDER_SET_CONTEXT_MGR already set [ 1085.346167][T14440] binder: 14438:14440 ioctl 4018620d 200000004a80 returned -16 [ 1085.622536][T14449] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2402'. [ 1085.628169][T14450] overlayfs: failed to resolve './file0': -2 [ 1087.191223][T14480] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2414'. [ 1087.242609][T14482] overlayfs: failed to resolve './file0': -2 [ 1089.716962][T14575] binder: 14574:14575 ioctl c0306201 0 returned -14 [ 1089.820378][T14583] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2453'. [ 1092.723547][T14710] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2503'. [ 1092.909785][T14714] ref_ctr increment failed for inode: 0xa37 offset: 0x5 ref_ctr_offset: 0x1000 of mm: 0xffff888051128000 [ 1093.758509][T14758] ref_ctr increment failed for inode: 0xa4f offset: 0x5 ref_ctr_offset: 0x1000 of mm: 0xffff888027dd3200 [ 1095.209588][T14824] syzkaller0: entered promiscuous mode [ 1095.222447][T14824] syzkaller0: entered allmulticast mode [ 1095.288285][T14832] 9pnet: p9_errstr2errno: server reported unknown error  [ 1098.575036][T14872] team0: Port device team_slave_0 removed [ 1099.554544][ T30] kauditd_printk_skb: 7 callbacks suppressed [ 1099.554567][ T30] audit: type=1326 audit(1755705726.125:381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14912 comm="syz.2.2585" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6690d8ebe9 code=0x0 [ 1100.635499][T14957] kvm: pic: single mode not supported [ 1100.640005][T14957] kvm: pic: non byte write [ 1100.681256][T14957] kvm: pic: non byte write [ 1100.695030][T14957] kvm: pic: non byte write [ 1100.699959][T14957] kvm: pic: non byte write [ 1100.926352][T14967] overlayfs: failed to resolve './file1': -2 [ 1101.073142][T14968] syzkaller0: entered promiscuous mode [ 1101.096197][T14968] syzkaller0: entered allmulticast mode [ 1102.048375][T14987] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2614'. [ 1105.046907][T14991] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1105.783260][T15042] overlayfs: missing 'lowerdir' [ 1106.994747][T15076] overlayfs: missing 'lowerdir' [ 1108.837716][ T30] audit: type=1326 audit(1755705735.415:382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15062 comm="syz.2.2643" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6690d8ebe9 code=0x0 [ 1109.243577][ T30] audit: type=1326 audit(1755705735.815:383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15119 comm="syz.1.2665" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb95938ebe9 code=0x0 [ 1109.951366][T15154] autofs: Bad value for 'fd' [ 1110.980126][T15197] kvm: pic: non byte write [ 1112.226085][ T5930] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 1112.418584][ T5930] usb 4-1: Using ep0 maxpacket: 32 [ 1112.442912][ T5930] usb 4-1: config 0 has an invalid interface number: 247 but max is 0 [ 1112.452336][ T5930] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1112.521006][ T5930] usb 4-1: config 0 has no interface number 0 [ 1112.528849][ T5930] usb 4-1: config 0 interface 247 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1112.565636][ T5930] usb 4-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=62.9b [ 1112.580438][ T5930] usb 4-1: New USB device strings: Mfr=1, Product=3, SerialNumber=0 [ 1112.594650][ T5930] usb 4-1: Product: syz [ 1112.610392][ T5930] usb 4-1: Manufacturer: syz [ 1112.628956][ T5930] usb 4-1: config 0 descriptor?? [ 1112.848465][ T5930] usb 4-1: USB disconnect, device number 30 [ 1114.297087][T15307] overlayfs: missing 'workdir' [ 1115.016801][T12756] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 1115.217656][T12756] usb 1-1: Using ep0 maxpacket: 32 [ 1115.226705][T12756] usb 1-1: config 0 has an invalid interface number: 247 but max is 0 [ 1115.236816][T12756] usb 1-1: config 0 has no interface number 0 [ 1115.243217][T12756] usb 1-1: config 0 interface 247 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1115.262976][T12756] usb 1-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=62.9b [ 1115.272503][T12756] usb 1-1: New USB device strings: Mfr=1, Product=3, SerialNumber=0 [ 1115.281423][T12756] usb 1-1: Product: syz [ 1115.289524][T12756] usb 1-1: Manufacturer: syz [ 1115.297713][T12756] usb 1-1: config 0 descriptor?? [ 1115.520381][ T6008] usb 1-1: USB disconnect, device number 32 [ 1116.533788][T15332] overlayfs: missing 'workdir' [ 1116.996171][ T6008] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 1117.199923][ T6008] usb 1-1: Using ep0 maxpacket: 32 [ 1117.217932][ T6008] usb 1-1: config 0 has an invalid interface number: 247 but max is 0 [ 1117.236402][ T6008] usb 1-1: config 0 has no interface number 0 [ 1117.242882][ T6008] usb 1-1: config 0 interface 247 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1117.300603][ T6008] usb 1-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=62.9b [ 1117.321786][ T6008] usb 1-1: New USB device strings: Mfr=1, Product=3, SerialNumber=0 [ 1117.340053][ T6008] usb 1-1: Product: syz [ 1117.350434][ T6008] usb 1-1: Manufacturer: syz [ 1117.385788][ T6008] usb 1-1: config 0 descriptor?? [ 1117.470015][T15369] overlayfs: missing 'lowerdir' [ 1117.492259][T15361] process '/newroot/559/file0' started with executable stack [ 1117.620020][ T5930] usb 1-1: USB disconnect, device number 33 [ 1118.892858][T15430] syzkaller0: entered promiscuous mode [ 1118.928365][T15430] syzkaller0: entered allmulticast mode [ 1119.875052][ T5856] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1119.893919][ T5856] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1119.912076][ T5856] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1119.950132][ T5856] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1119.982251][ T5856] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1120.011000][ T5854] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1120.026829][ T5854] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1120.053594][ T5854] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1120.068835][ T5854] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1120.082060][ T5854] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1121.413512][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 1121.420024][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 1122.211298][ T5856] Bluetooth: hci4: command tx timeout [ 1122.521548][T15454] wg1 speed is unknown, defaulting to 1000 [ 1122.673844][T15490] overlayfs: missing 'lowerdir' [ 1123.012098][T15454] chnl_net:caif_netlink_parms(): no params data found [ 1123.433445][T15454] bridge0: port 1(bridge_slave_0) entered blocking state [ 1123.456091][T15454] bridge0: port 1(bridge_slave_0) entered disabled state [ 1123.484118][T15454] bridge_slave_0: entered allmulticast mode [ 1123.505421][T15454] bridge_slave_0: entered promiscuous mode [ 1123.554403][T15527] overlayfs: missing 'lowerdir' [ 1123.610965][T15517] syzkaller0: entered promiscuous mode [ 1123.646313][T15517] syzkaller0: entered allmulticast mode [ 1123.666125][T15454] bridge0: port 2(bridge_slave_1) entered blocking state [ 1123.698929][T15454] bridge0: port 2(bridge_slave_1) entered disabled state [ 1123.705064][T15532] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2825'. [ 1123.723732][T15454] bridge_slave_1: entered allmulticast mode [ 1123.738973][T15454] bridge_slave_1: entered promiscuous mode [ 1124.286203][ T5856] Bluetooth: hci4: command tx timeout [ 1126.360947][ T5856] Bluetooth: hci4: command tx timeout [ 1126.784628][T15454] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1126.842242][T15454] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1126.956300][ T30] audit: type=1326 audit(1755705753.525:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15576 comm="syz.1.2843" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb95938ebe9 code=0x0 [ 1126.999077][T15454] team0: Port device team_slave_0 added [ 1127.051869][T15454] team0: Port device team_slave_1 added [ 1127.176213][T15454] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1127.198580][T15454] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1127.252978][T15454] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1127.277754][T15454] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1127.285369][T15454] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1127.317007][T15454] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1127.484607][T15454] hsr_slave_0: entered promiscuous mode [ 1127.501443][T15454] hsr_slave_1: entered promiscuous mode [ 1127.517793][T15454] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1127.526994][T15454] Cannot create hsr debugfs directory [ 1128.020691][T15454] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1128.177172][T15454] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1128.383192][T15454] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1128.436394][ T5856] Bluetooth: hci4: command tx timeout [ 1128.561219][T15454] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1128.869392][T15454] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1128.930791][T15454] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1128.964768][T15454] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1128.995523][T15454] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1129.010071][T15647] bridge0: port 2(bridge_slave_1) entered disabled state [ 1129.018987][T15647] bridge0: port 1(bridge_slave_0) entered disabled state [ 1129.225415][T15454] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1129.273416][T15454] 8021q: adding VLAN 0 to HW filter on device team0 [ 1129.305030][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 1129.312751][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1129.360093][ T3492] bridge0: port 2(bridge_slave_1) entered blocking state [ 1129.367422][ T3492] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1129.651178][T15674] No control pipe specified [ 1129.856883][T15454] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1130.003787][T15454] veth0_vlan: entered promiscuous mode [ 1130.040865][T15454] veth1_vlan: entered promiscuous mode [ 1130.153564][T15454] veth0_macvtap: entered promiscuous mode [ 1130.175233][T15454] veth1_macvtap: entered promiscuous mode [ 1130.243859][T15454] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1130.313747][T15454] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1130.352132][T15454] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1130.371075][T15454] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1130.409574][T15454] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1130.426623][T15454] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1130.765626][ T79] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1130.799658][ T79] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1130.935484][ T3453] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1130.962066][ T3453] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1132.205794][T15768] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1132.215651][T15768] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1132.443078][T15776] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2922'. [ 1133.113337][T15798] fuse: Bad value for 'fd' [ 1133.300644][T15800] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2933'. [ 1133.817328][ T5854] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1133.836267][ T5854] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1133.846320][ T5854] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1133.863995][ T5854] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1133.875583][ T5854] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1134.015079][T15815] wg1 speed is unknown, defaulting to 1000 [ 1134.565303][T15815] chnl_net:caif_netlink_parms(): no params data found [ 1134.635829][T15848] overlayfs: failed to clone upperpath [ 1134.905285][T15815] bridge0: port 1(bridge_slave_0) entered blocking state [ 1134.932375][T15815] bridge0: port 1(bridge_slave_0) entered disabled state [ 1134.956223][T15815] bridge_slave_0: entered allmulticast mode [ 1134.971785][T15815] bridge_slave_0: entered promiscuous mode [ 1134.993583][T15815] bridge0: port 2(bridge_slave_1) entered blocking state [ 1135.026250][T15815] bridge0: port 2(bridge_slave_1) entered disabled state [ 1135.033676][T15815] bridge_slave_1: entered allmulticast mode [ 1135.051050][T15815] bridge_slave_1: entered promiscuous mode [ 1135.173019][T15815] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1135.209918][T15815] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1135.448170][T15815] team0: Port device team_slave_0 added [ 1135.464234][T15815] team0: Port device team_slave_1 added [ 1135.544441][ T30] audit: type=1326 audit(1755705762.115:385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15883 comm="syz.0.2967" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6514b8ebe9 code=0x0 [ 1135.570725][T15815] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1135.580003][ T9631] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 1135.598285][T15815] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1135.641540][T15815] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1135.671675][T15815] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1135.682102][T15815] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1135.709672][T15815] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1135.742858][T15890] sctp: [Deprecated]: syz.2.2970 (pid 15890) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1135.742858][T15890] Use struct sctp_sack_info instead [ 1135.771611][ T9631] usb 5-1: Using ep0 maxpacket: 32 [ 1135.792217][ T9631] usb 5-1: config 0 has an invalid interface number: 247 but max is 0 [ 1135.809756][ T9631] usb 5-1: config 0 has no interface number 0 [ 1135.823928][ T9631] usb 5-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=62.9b [ 1135.834905][ T9631] usb 5-1: New USB device strings: Mfr=1, Product=3, SerialNumber=0 [ 1135.844463][ T9631] usb 5-1: Product: syz [ 1135.865758][ T9631] usb 5-1: Manufacturer: syz [ 1135.880474][ T9631] usb 5-1: config 0 descriptor?? [ 1135.914287][T15815] hsr_slave_0: entered promiscuous mode [ 1135.937640][T15815] hsr_slave_1: entered promiscuous mode [ 1135.948819][T15815] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1135.958541][ T5854] Bluetooth: hci1: command tx timeout [ 1135.966295][T15815] Cannot create hsr debugfs directory [ 1136.106483][ T9631] usb 5-1: USB disconnect, device number 31 [ 1136.324927][T15815] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1136.509684][T15815] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1136.752371][T15815] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1136.958361][T15815] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1137.402960][T15815] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1137.450399][T15815] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1137.497911][T15815] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1137.528786][T15815] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1137.921478][T15815] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1138.023047][T15815] 8021q: adding VLAN 0 to HW filter on device team0 [ 1138.039510][ T5854] Bluetooth: hci1: command tx timeout [ 1138.084573][ T3492] bridge0: port 1(bridge_slave_0) entered blocking state [ 1138.091894][ T3492] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1138.139621][T15973] fuse: Bad value for 'fd' [ 1138.209653][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 1138.217091][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1138.472055][T15981] kvm: pic: non byte write [ 1138.765196][T15815] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1138.912124][T15815] veth0_vlan: entered promiscuous mode [ 1138.944946][T15815] veth1_vlan: entered promiscuous mode [ 1139.080543][T15815] veth0_macvtap: entered promiscuous mode [ 1139.123294][T15815] veth1_macvtap: entered promiscuous mode [ 1139.216017][T16012] overlayfs: missing 'workdir' [ 1139.302742][T15815] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1139.307231][T16015] overlayfs: upper fs does not support file handles, falling back to index=off. [ 1139.353628][T15815] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1139.904086][T16040] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3023'. [ 1139.971018][T16042] overlayfs: missing 'workdir' [ 1140.014800][T16045] overlayfs: upper fs does not support file handles, falling back to index=off. [ 1140.117100][ T5856] Bluetooth: hci1: command tx timeout [ 1140.919998][T16059] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3031'. [ 1142.202412][ T5856] Bluetooth: hci1: command tx timeout [ 1142.445635][T15815] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1142.473801][T15815] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1142.485156][T15815] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1142.504914][T15815] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1142.742903][T16079] overlayfs: missing 'workdir' [ 1142.780112][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1142.808914][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1142.898209][ T6536] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1142.922595][ T6536] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1144.242905][ T5854] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1144.254812][ T5854] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1144.263472][ T5854] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1144.273585][ T5854] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1144.282518][ T5854] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1144.338926][T16124] wg1 speed is unknown, defaulting to 1000 [ 1144.540594][ T1101] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1144.551708][ T1101] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1144.679035][ T1101] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1144.689315][ T1101] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1144.780426][ T1101] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1144.822322][ T1101] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1144.937172][ T1101] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1144.950454][ T1101] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1145.339776][ T1101] bridge_slave_1: left allmulticast mode [ 1145.354216][ T1101] bridge_slave_1: left promiscuous mode [ 1145.373427][ T1101] bridge0: port 2(bridge_slave_1) entered disabled state [ 1145.400691][ T1101] bridge_slave_0: left allmulticast mode [ 1145.406960][ T1101] bridge_slave_0: left promiscuous mode [ 1145.413021][ T1101] bridge0: port 1(bridge_slave_0) entered disabled state [ 1146.382939][ T5856] Bluetooth: hci0: command tx timeout [ 1147.053411][ T1101] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1147.069281][ T1101] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1147.085503][ T1101] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 1147.096422][ T1101] bond0 (unregistering): Released all slaves [ 1147.252235][ T1101] bond1 (unregistering): Released all slaves [ 1147.306581][T16124] chnl_net:caif_netlink_parms(): no params data found [ 1147.431845][ T1101] tipc: Left network mode [ 1147.987818][T16124] bridge0: port 1(bridge_slave_0) entered blocking state [ 1148.008553][T16124] bridge0: port 1(bridge_slave_0) entered disabled state [ 1148.023677][T16124] bridge_slave_0: entered allmulticast mode [ 1148.042747][T16124] bridge_slave_0: entered promiscuous mode [ 1148.120453][ T1101] hsr_slave_0: left promiscuous mode [ 1148.163205][ T1101] hsr_slave_1: left promiscuous mode [ 1148.168870][ T6008] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 1148.190779][ T1101] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1148.211733][ T1101] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1148.224787][ T1101] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1148.238602][ T1101] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1148.285579][ T1101] veth1_macvtap: left promiscuous mode [ 1148.295414][ T1101] veth0_macvtap: left promiscuous mode [ 1148.301489][ T1101] veth1_vlan: left promiscuous mode [ 1148.308731][ T1101] veth0_vlan: left promiscuous mode [ 1148.358086][ T6008] usb 1-1: Using ep0 maxpacket: 8 [ 1148.371438][ T6008] usb 1-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config [ 1148.393903][ T6008] usb 1-1: config 168 has 0 interfaces, different from the descriptor's value: 1 [ 1148.420605][ T6008] usb 1-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config [ 1148.435521][ T6008] usb 1-1: config 168 has 0 interfaces, different from the descriptor's value: 1 [ 1148.437118][ T5856] Bluetooth: hci0: command tx timeout [ 1148.470444][ T6008] usb 1-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config [ 1148.496060][ T6008] usb 1-1: config 168 has 0 interfaces, different from the descriptor's value: 1 [ 1148.524055][ T6008] usb 1-1: string descriptor 0 read error: -22 [ 1148.539704][ T6008] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 1148.574752][ T6008] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1148.608866][ T6008] usb 1-1: rejected 3 configurations due to insufficient available bus power [ 1148.624198][ T6008] usb 1-1: no configuration chosen from 3 choices [ 1149.347309][ T1101] team0 (unregistering): Port device team_slave_1 removed [ 1150.028392][T16124] bridge0: port 2(bridge_slave_1) entered blocking state [ 1150.035739][T16124] bridge0: port 2(bridge_slave_1) entered disabled state [ 1150.059738][T16124] bridge_slave_1: entered allmulticast mode [ 1150.073648][T16124] bridge_slave_1: entered promiscuous mode [ 1150.233758][T16124] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1150.298026][T16124] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1150.516523][ T5856] Bluetooth: hci0: command tx timeout [ 1150.519279][T16124] team0: Port device team_slave_0 added [ 1150.568409][T16124] team0: Port device team_slave_1 added [ 1150.618326][T16258] overlayfs: failed to clone upperpath [ 1150.697634][T16124] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1150.720093][T16124] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1150.751734][T16124] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1150.785045][T16124] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1150.827768][T16124] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1150.855779][T16124] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1150.939720][ T8461] usb 1-1: USB disconnect, device number 34 [ 1151.077347][T16124] hsr_slave_0: entered promiscuous mode [ 1151.095596][T16124] hsr_slave_1: entered promiscuous mode [ 1151.107419][T16124] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1151.126852][T16124] Cannot create hsr debugfs directory [ 1151.991450][T16287] overlayfs: failed to clone upperpath [ 1152.125647][T16289] kvm: pic: level sensitive irq not supported [ 1152.127190][T16289] kvm: pic: non byte write [ 1152.139382][T16289] kvm: pic: non byte write [ 1152.144412][T16289] kvm: pic: non byte write [ 1152.150340][T16289] kvm: pic: non byte write [ 1152.355906][ T6008] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 1152.546245][ T6008] usb 1-1: Using ep0 maxpacket: 8 [ 1152.573592][ T6008] usb 1-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config [ 1152.590416][ T6008] usb 1-1: config 168 has 0 interfaces, different from the descriptor's value: 1 [ 1152.596684][ T5856] Bluetooth: hci0: command tx timeout [ 1152.635009][T16124] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1152.646620][ T6008] usb 1-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config [ 1152.650492][T16124] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1152.680014][T16124] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1152.687464][ T6008] usb 1-1: config 168 has 0 interfaces, different from the descriptor's value: 1 [ 1152.689295][ T6008] usb 1-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config [ 1152.741727][ T6008] usb 1-1: config 168 has 0 interfaces, different from the descriptor's value: 1 [ 1152.743828][T16124] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1152.762491][ T6008] usb 1-1: string descriptor 0 read error: -22 [ 1152.796438][ T6008] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 1152.823626][ T6008] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1152.851815][ T6008] usb 1-1: rejected 3 configurations due to insufficient available bus power [ 1152.873081][ T6008] usb 1-1: no configuration chosen from 3 choices [ 1153.102837][T16124] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1153.148051][T16124] 8021q: adding VLAN 0 to HW filter on device team0 [ 1153.170971][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 1153.178963][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1153.227335][ T6536] bridge0: port 2(bridge_slave_1) entered blocking state [ 1153.234699][ T6536] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1153.773420][T16124] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1153.882898][T16356] kvm: pic: level sensitive irq not supported [ 1153.883228][T16356] kvm: pic: non byte write [ 1153.897254][T16124] veth0_vlan: entered promiscuous mode [ 1153.909686][T16356] kvm: pic: non byte write [ 1153.916843][T16356] kvm: pic: non byte write [ 1153.928677][T16356] kvm: pic: non byte write [ 1153.950415][T16124] veth1_vlan: entered promiscuous mode [ 1154.013837][T16124] veth0_macvtap: entered promiscuous mode [ 1154.026729][T16124] veth1_macvtap: entered promiscuous mode [ 1154.074764][T16124] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1154.098669][T16124] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1154.120771][T16124] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1154.133574][T16124] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1154.145568][T16124] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1154.167794][T16124] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1154.369908][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1154.378817][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1154.442434][ T6536] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1154.458632][ T6536] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1154.648083][T16377] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3041'. [ 1154.948979][T16380] syzkaller0: entered promiscuous mode [ 1154.965345][T16380] syzkaller0: entered allmulticast mode [ 1155.126275][ T6008] usb 1-1: USB disconnect, device number 35 [ 1156.496587][ T5854] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1156.517677][ T5854] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1156.556862][ T5854] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1156.586315][ T5854] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1156.601957][ T5854] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1158.680734][ T5854] Bluetooth: hci3: command tx timeout [ 1160.330742][ T5840] : (slave syz_tun): Releasing backup interface [ 1160.443345][T16404] wg1 speed is unknown, defaulting to 1000 [ 1160.508821][T16457] fuse: Bad value for 'fd' [ 1160.580200][ T30] audit: type=1326 audit(1755705787.155:386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16458 comm="syz.0.3173" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6514b8ebe9 code=0x0 [ 1160.756724][ T5854] Bluetooth: hci3: command tx timeout [ 1161.255370][T16404] chnl_net:caif_netlink_parms(): no params data found [ 1161.422579][T16489] fuse: Bad value for 'fd' [ 1161.625118][T16404] bridge0: port 1(bridge_slave_0) entered blocking state [ 1161.634383][T16404] bridge0: port 1(bridge_slave_0) entered disabled state [ 1161.642955][T16404] bridge_slave_0: entered allmulticast mode [ 1161.651657][T16404] bridge_slave_0: entered promiscuous mode [ 1161.662156][T16404] bridge0: port 2(bridge_slave_1) entered blocking state [ 1161.671207][T16404] bridge0: port 2(bridge_slave_1) entered disabled state [ 1161.680058][T16404] bridge_slave_1: entered allmulticast mode [ 1161.688868][T16404] bridge_slave_1: entered promiscuous mode [ 1161.822666][T16404] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1161.872638][T16404] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1162.127945][T16404] team0: Port device team_slave_0 added [ 1162.164377][T16404] team0: Port device team_slave_1 added [ 1162.459770][T16509] syzkaller0: create flow: hash 927219590 index 1 [ 1163.156547][ T5854] Bluetooth: hci3: command tx timeout [ 1163.900244][T16513] syzkaller0: entered promiscuous mode [ 1163.932607][T16513] syzkaller0: entered allmulticast mode [ 1164.177460][T16506] syzkaller0: delete flow: hash 927219590 index 1 [ 1165.236347][ T5854] Bluetooth: hci3: command tx timeout [ 1167.489518][T16404] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1167.496647][T16404] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1167.522947][T16404] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1167.564543][T16404] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1167.589159][T16404] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1167.662265][T16404] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1167.790973][T16574] fuse: root generation should be zero [ 1167.884152][T16404] hsr_slave_0: entered promiscuous mode [ 1167.901480][T16404] hsr_slave_1: entered promiscuous mode [ 1167.914064][T16404] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1167.940644][T16404] Cannot create hsr debugfs directory [ 1168.112553][T16590] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3223'. [ 1168.222700][T16592] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1168.295781][T16597] syzkaller0: create flow: hash 927219590 index 1 [ 1168.307258][T16595] syzkaller0: entered promiscuous mode [ 1168.312994][T16595] syzkaller0: entered allmulticast mode [ 1168.352162][ T1101] syzkaller0: tun_net_xmit 48 [ 1168.553323][T16594] syzkaller0: delete flow: hash 927219590 index 1 [ 1168.817747][T16613] af_packet: tpacket_rcv: packet too big, clamped from 60 to 4294967272. macoff=96 [ 1171.431005][T16404] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1171.457031][T16404] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1171.673111][T16404] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1171.677219][T16638] fuse: Bad value for 'fd' [ 1171.706465][T16404] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1171.944168][T16404] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1171.954837][T16646] syz.4.3243 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 1171.977474][T16404] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1172.195113][T16404] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1172.220824][T16404] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1172.466641][T16654] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1172.700656][T16404] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1172.730349][T16404] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1172.759912][T16404] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1172.775510][T16673] overlayfs: failed to clone upperpath [ 1172.794476][T16404] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1173.042933][T16404] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1173.078959][T16404] 8021q: adding VLAN 0 to HW filter on device team0 [ 1173.093839][ T6708] bridge0: port 1(bridge_slave_0) entered blocking state [ 1173.101323][ T6708] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1173.138448][ T34] bridge0: port 2(bridge_slave_1) entered blocking state [ 1173.145770][ T34] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1173.275536][T16404] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1173.955190][T16404] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1174.140797][T16404] veth0_vlan: entered promiscuous mode [ 1174.180287][T16404] veth1_vlan: entered promiscuous mode [ 1174.269598][T16404] veth0_macvtap: entered promiscuous mode [ 1174.317808][T16404] veth1_macvtap: entered promiscuous mode [ 1174.397581][T16404] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1174.437943][T16404] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1174.468365][T16404] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1174.486707][T16404] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1174.522418][T16404] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1174.547008][T16404] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1174.591740][T16745] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3280'. [ 1174.870557][ T34] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1174.905480][ T34] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1175.007073][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1175.022955][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1175.141338][T16763] overlayfs: failed to clone upperpath [ 1176.409478][T16799] overlayfs: failed to clone upperpath [ 1176.881829][ T5856] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1176.894113][ T5856] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1176.906233][ T5856] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1176.922289][ T5856] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1176.934889][ T5856] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1177.052547][T16807] wg1 speed is unknown, defaulting to 1000 [ 1177.934268][T16807] chnl_net:caif_netlink_parms(): no params data found [ 1178.254826][T16854] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3325'. [ 1178.339393][T16807] bridge0: port 1(bridge_slave_0) entered blocking state [ 1178.384045][T16807] bridge0: port 1(bridge_slave_0) entered disabled state [ 1178.407378][T16807] bridge_slave_0: entered allmulticast mode [ 1178.415638][T16807] bridge_slave_0: entered promiscuous mode [ 1178.447587][T16807] bridge0: port 2(bridge_slave_1) entered blocking state [ 1178.476084][T16807] bridge0: port 2(bridge_slave_1) entered disabled state [ 1178.483844][T16807] bridge_slave_1: entered allmulticast mode [ 1178.504499][T16807] bridge_slave_1: entered promiscuous mode [ 1178.944331][T16807] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1178.998966][ T5856] Bluetooth: hci2: command tx timeout [ 1179.050695][T16807] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1179.303513][T16807] team0: Port device team_slave_0 added [ 1179.438334][T16807] team0: Port device team_slave_1 added [ 1179.614022][T16807] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1179.644112][T16807] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1179.685451][T16807] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1179.780662][T16807] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1179.817256][T16807] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1179.876048][T16807] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1180.090155][T16807] hsr_slave_0: entered promiscuous mode [ 1180.119635][T16807] hsr_slave_1: entered promiscuous mode [ 1180.130766][T16807] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1180.150471][T16807] Cannot create hsr debugfs directory [ 1181.076465][ T5856] Bluetooth: hci2: command tx timeout [ 1182.848560][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 1182.861752][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 1183.159152][ T5856] Bluetooth: hci2: command tx timeout [ 1184.478844][T16807] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1184.517555][T16807] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1184.678119][T16807] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1184.701963][T16807] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1184.947438][T16807] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1184.986564][T16807] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1185.236459][ T5856] Bluetooth: hci2: command tx timeout [ 1185.277833][T16807] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1185.277933][T17036] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3399'. [ 1185.290638][T16807] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1185.729533][T16807] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1185.791841][T16807] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1185.903708][T16807] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1185.959838][T16807] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1186.371941][T16807] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1186.480179][T16807] 8021q: adding VLAN 0 to HW filter on device team0 [ 1186.562873][ T1101] bridge0: port 1(bridge_slave_0) entered blocking state [ 1186.570262][ T1101] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1186.631755][ T34] bridge0: port 2(bridge_slave_1) entered blocking state [ 1186.639343][ T34] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1187.646016][ T9041] usb 3-1: new full-speed USB device number 21 using dummy_hcd [ 1187.693084][T16807] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1187.858075][ T9041] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 1187.882711][ T9041] usb 3-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 1187.926104][ T9041] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1187.974133][ T9041] usb 3-1: config 0 descriptor?? [ 1187.990300][T17099] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1188.443636][ T9041] elan 0003:04F3:0755.0028: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.2-1/input0 [ 1188.637742][ T9041] usb 3-1: USB disconnect, device number 21 [ 1189.214824][T17124] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3429'. [ 1189.283899][T16807] veth0_vlan: entered promiscuous mode [ 1189.324860][T16807] veth1_vlan: entered promiscuous mode [ 1189.457072][T16807] veth0_macvtap: entered promiscuous mode [ 1189.678346][T16807] veth1_macvtap: entered promiscuous mode [ 1191.063947][T16807] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1191.078629][T16807] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1191.092716][T16807] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1191.117345][T16807] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1191.205945][T16807] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1191.214879][T16807] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1193.674461][T17210] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1193.687932][T17211] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1193.697202][T17210] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1193.706893][T17211] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1199.110979][T17264] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3463'. [ 1199.769021][ T30] audit: type=1326 audit(1755705826.345:387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17275 comm="syz.4.3469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f584c18ebe9 code=0x7ffc0000 [ 1199.985943][ T30] audit: type=1326 audit(1755705826.375:388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17275 comm="syz.4.3469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f584c18ebe9 code=0x7ffc0000 [ 1200.024652][ T30] audit: type=1326 audit(1755705826.375:389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17275 comm="syz.4.3469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f584c18ebe9 code=0x7ffc0000 [ 1200.808475][ T30] audit: type=1326 audit(1755705826.385:390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17275 comm="syz.4.3469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f584c18ebe9 code=0x7ffc0000 [ 1201.106118][ T30] audit: type=1326 audit(1755705826.385:391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17275 comm="syz.4.3469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f584c18ebe9 code=0x7ffc0000 [ 1201.227991][ T30] audit: type=1326 audit(1755705826.385:392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17275 comm="syz.4.3469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f584c18ebe9 code=0x7ffc0000 [ 1201.361942][ T30] audit: type=1326 audit(1755705826.385:393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17275 comm="syz.4.3469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f584c18ebe9 code=0x7ffc0000 [ 1201.459361][ T30] audit: type=1326 audit(1755705826.385:394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17275 comm="syz.4.3469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f584c18ebe9 code=0x7ffc0000 [ 1201.521671][ T30] audit: type=1326 audit(1755705826.385:395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17275 comm="syz.4.3469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f584c18ebe9 code=0x7ffc0000 [ 1201.818976][ T30] audit: type=1326 audit(1755705826.385:396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17275 comm="syz.4.3469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f584c18ebe9 code=0x7ffc0000 [ 1202.225286][T17315] fuse: Bad value for 'fd' [ 1204.759854][T17356] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3495'. [ 1204.791220][T17356] netlink: 59 bytes leftover after parsing attributes in process `syz.3.3495'. [ 1204.872551][T17356] netlink: 59 bytes leftover after parsing attributes in process `syz.3.3495'. [ 1206.846079][ T9041] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 1207.088104][ T5856] Bluetooth: hci3: connection err: -111 [ 1207.860464][ T9041] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 1207.880584][ T9041] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1207.911309][ T9041] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 1207.956277][ T9041] usb 5-1: config 1 has no interface number 1 [ 1207.962508][ T9041] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1208.015691][ T9041] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1208.102760][ T9041] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1208.132555][ T9041] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1208.362266][ T9041] usb 5-1: Product: syz [ 1208.367311][ T9041] usb 5-1: Manufacturer: syz [ 1208.372067][ T9041] usb 5-1: SerialNumber: syz [ 1208.409472][T17409] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3517'. [ 1209.722308][ T9041] usb 5-1: 2:1 : no or invalid class specific endpoint descriptor [ 1209.739964][ T9041] usb 5-1: 2:1: invalid format type 0x1001 is detected, processed as PCM [ 1209.840807][ T5856] Bluetooth: hci1: connection err: -111 [ 1209.925195][ T9041] usb 5-1: USB disconnect, device number 32 [ 1210.106268][T17428] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3524'. [ 1210.141327][T17428] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3524'. [ 1214.261228][ T5930] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 1215.153252][ T5930] usb 3-1: Using ep0 maxpacket: 8 [ 1215.163959][ T5930] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 1215.187224][ T5930] usb 3-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 1215.226028][ T5930] usb 3-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 1215.240700][ T5930] usb 3-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1215.254186][ T5930] usb 3-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1215.318603][ T5930] usb 3-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1215.404331][ T5930] usb 3-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 1215.466132][ T5930] usb 3-1: config 168 interface 0 has no altsetting 0 [ 1215.504652][ T5930] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 1215.534148][ T5930] usb 3-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 1215.588942][ T5930] usb 3-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 1215.686798][ T5930] usb 3-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1215.748106][ T5930] usb 3-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1215.801788][ T5930] usb 3-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1215.852042][T17488] : renamed from veth0_to_batadv (while UP) [ 1215.858636][ T5930] usb 3-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 1215.858751][ T5930] usb 3-1: config 168 interface 0 has no altsetting 0 [ 1215.909819][ T5930] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 1215.918898][ T5930] usb 3-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 1215.947710][ T5930] usb 3-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 1215.960977][ T5930] usb 3-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1215.973816][ T5930] usb 3-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1216.040529][ T5930] usb 3-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1216.054166][ T5930] usb 3-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 1216.076530][ T5930] usb 3-1: config 168 interface 0 has no altsetting 0 [ 1216.088601][ T5930] usb 3-1: string descriptor 0 read error: -22 [ 1216.095257][ T5930] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 1216.111148][ T5930] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1217.102915][ T5930] usb 3-1: can't set config #168, error -71 [ 1217.146494][ T5930] usb 3-1: USB disconnect, device number 22 [ 1218.826592][ T5930] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 1219.297018][ T5930] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1219.349784][ T5930] usb 5-1: New USB device found, idVendor=046d, idProduct=c71f, bcdDevice= 0.00 [ 1219.385477][ T30] kauditd_printk_skb: 19 callbacks suppressed [ 1219.385504][ T30] audit: type=1326 audit(1755705845.955:416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17527 comm="syz.0.3557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6514b8ebe9 code=0x7ffc0000 [ 1219.388281][ T5930] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1219.422761][ T30] audit: type=1326 audit(1755705845.955:417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17527 comm="syz.0.3557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6514b8ebe9 code=0x7ffc0000 [ 1219.488101][ T30] audit: type=1326 audit(1755705845.955:418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17527 comm="syz.0.3557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f6514b8ebe9 code=0x7ffc0000 [ 1219.575962][ T30] audit: type=1326 audit(1755705845.955:419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17527 comm="syz.0.3557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6514b8ebe9 code=0x7ffc0000 [ 1219.576155][ T5930] usb 5-1: config 0 descriptor?? [ 1219.692987][ T30] audit: type=1326 audit(1755705845.955:420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17527 comm="syz.0.3557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6514b8ebe9 code=0x7ffc0000 [ 1219.733981][ T30] audit: type=1326 audit(1755705845.995:421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17527 comm="syz.0.3557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f6514b8ebe9 code=0x7ffc0000 [ 1219.765865][ T30] audit: type=1326 audit(1755705845.995:422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17527 comm="syz.0.3557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6514b8ebe9 code=0x7ffc0000 [ 1219.849385][ T30] audit: type=1326 audit(1755705845.995:423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17527 comm="syz.0.3557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6514b8ebe9 code=0x7ffc0000 [ 1219.925941][ T30] audit: type=1326 audit(1755705845.995:424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17527 comm="syz.0.3557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f6514b8ebe9 code=0x7ffc0000 [ 1220.000900][ T30] audit: type=1326 audit(1755705845.995:425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17527 comm="syz.0.3557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6514b8ebe9 code=0x7ffc0000 [ 1220.192381][T17542] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3565'. [ 1220.204842][ T5930] logitech-djreceiver 0003:046D:C71F.0029: hidraw0: USB HID v0.00 Device [HID 046d:c71f] on usb-dummy_hcd.4-1/input0 [ 1220.996475][ T5930] usb 5-1: USB disconnect, device number 33 [ 1221.014065][T17551] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3568'. [ 1221.098871][T17557] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3568'. [ 1228.045981][ T30] kauditd_printk_skb: 15 callbacks suppressed [ 1228.046037][ T30] audit: type=1326 audit(1755705854.615:441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17686 comm="syz.3.3628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f497098ebe9 code=0x7fc00000 [ 1228.708989][ T30] audit: type=1326 audit(1755705855.275:442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17686 comm="syz.3.3628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f497098ebe9 code=0x7fc00000 [ 1229.554621][T17716] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1229.650568][T17725] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3641'. [ 1230.041475][T17742] netlink: 52 bytes leftover after parsing attributes in process `syz.0.3647'. [ 1230.777693][T17765] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1231.678026][T17803] team_slave_0: entered promiscuous mode [ 1231.685747][T17803] team_slave_1: entered promiscuous mode [ 1231.699630][T17803] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 1231.708480][T17803] team0: Device macvtap1 is already an upper device of the team interface [ 1231.736993][T17803] team_slave_0: left promiscuous mode [ 1231.743172][T17803] team_slave_1: left promiscuous mode [ 1234.307269][T17884] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3701'. [ 1235.118220][T17908] 9pnet_fd: Insufficient options for proto=fd [ 1235.864435][T17904] syzkaller0: entered promiscuous mode [ 1235.896260][T17904] syzkaller0: entered allmulticast mode [ 1235.979676][T17919] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3715'. [ 1236.708626][ T30] audit: type=1326 audit(1755705863.275:443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17932 comm="syz.1.3721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddc7f8ebe9 code=0x7ffc0000 [ 1236.803232][ T30] audit: type=1326 audit(1755705863.305:444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17932 comm="syz.1.3721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddc7f8ebe9 code=0x7ffc0000 [ 1236.853045][ T30] audit: type=1326 audit(1755705863.305:445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17932 comm="syz.1.3721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fddc7f8ebe9 code=0x7ffc0000 [ 1236.876764][ T30] audit: type=1326 audit(1755705863.315:446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17932 comm="syz.1.3721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddc7f8ebe9 code=0x7ffc0000 [ 1236.921262][ T30] audit: type=1326 audit(1755705863.315:447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17932 comm="syz.1.3721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddc7f8ebe9 code=0x7ffc0000 [ 1236.986307][ T30] audit: type=1326 audit(1755705863.315:448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17932 comm="syz.1.3721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=328 compat=0 ip=0x7fddc7f8ebe9 code=0x7ffc0000 [ 1237.057785][ T30] audit: type=1326 audit(1755705863.315:449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17932 comm="syz.1.3721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddc7f8ebe9 code=0x7ffc0000 [ 1237.094434][ T30] audit: type=1326 audit(1755705863.315:450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17932 comm="syz.1.3721" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fddc7f8ebe9 code=0x7ffc0000 [ 1237.184597][ T30] audit: type=1804 audit(1755705863.755:451): pid=17946 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.2.3725" name="file0" dev="ramfs" ino=66124 res=1 errno=0 [ 1239.559497][T17959] syz_tun: entered promiscuous mode [ 1239.565521][T17959] macvtap1: entered promiscuous mode [ 1239.580911][T17959] syz_tun: left promiscuous mode [ 1240.209095][T18001] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3749'. [ 1240.359269][T18010] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3752'. [ 1240.388758][T18010] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3752'. [ 1240.424189][T18010] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3752'. [ 1240.794490][T18032] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1241.108219][T18045] netlink: 14 bytes leftover after parsing attributes in process `syz.2.3767'. [ 1241.396895][T18059] netlink: 'syz.4.3774': attribute type 4 has an invalid length. [ 1241.408506][T18061] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3771'. [ 1241.427192][T18061] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3771'. [ 1241.436619][T18059] netlink: 'syz.4.3774': attribute type 11 has an invalid length. [ 1241.444778][T18059] netlink: 199820 bytes leftover after parsing attributes in process `syz.4.3774'. [ 1241.467979][T18056] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3771'. [ 1241.790537][T18074] netlink: 208344 bytes leftover after parsing attributes in process `syz.2.3780'. [ 1241.956138][T18080] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3781'. [ 1242.166440][T18092] netlink: 'syz.4.3789': attribute type 1 has an invalid length. [ 1242.219993][T18095] netlink: 'syz.0.3788': attribute type 1 has an invalid length. [ 1242.245756][T18095] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3788'. [ 1243.223152][T18145] netlink: 'syz.3.3810': attribute type 2 has an invalid length. [ 1243.246070][T18145] netlink: 'syz.3.3810': attribute type 1 has an invalid length. [ 1243.415388][T18150] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3811'. [ 1243.446596][T18149] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3811'. [ 1244.296470][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 1244.303533][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 1245.374808][T18208] netlink: 'syz.4.3836': attribute type 10 has an invalid length. [ 1245.551083][ T30] audit: type=1326 audit(1755705872.125:452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18209 comm="syz.3.3837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f497098ebe9 code=0x7ffc0000 [ 1245.580402][ T30] audit: type=1326 audit(1755705872.125:453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18209 comm="syz.3.3837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f497098ebe9 code=0x7ffc0000 [ 1245.635964][ T30] audit: type=1326 audit(1755705872.125:454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18209 comm="syz.3.3837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f497098ebe9 code=0x7ffc0000 [ 1245.666369][ T30] audit: type=1326 audit(1755705872.125:455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18209 comm="syz.3.3837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f497098ebe9 code=0x7ffc0000 [ 1245.801434][ T30] audit: type=1326 audit(1755705872.125:456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18209 comm="syz.3.3837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f497098ebe9 code=0x7ffc0000 [ 1245.830528][ T30] audit: type=1326 audit(1755705872.125:457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18209 comm="syz.3.3837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f497098ebe9 code=0x7ffc0000 [ 1245.931465][ T30] audit: type=1326 audit(1755705872.125:458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18209 comm="syz.3.3837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f497098ebe9 code=0x7ffc0000 [ 1246.017703][ T30] audit: type=1326 audit(1755705872.125:459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18209 comm="syz.3.3837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f497098ebe9 code=0x7ffc0000 [ 1246.139756][ T30] audit: type=1326 audit(1755705872.125:460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18209 comm="syz.3.3837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f497098ebe9 code=0x7ffc0000 [ 1246.235442][ T30] audit: type=1326 audit(1755705872.125:461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18209 comm="syz.3.3837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=443 compat=0 ip=0x7f497098ebe9 code=0x7ffc0000 [ 1246.358238][ T5854] Bluetooth: hci4: command 0x0406 tx timeout [ 1246.562025][T18230] netlink: 'syz.4.3842': attribute type 10 has an invalid length. [ 1247.821202][T18230] team0: Port device netdevsim0 added [ 1248.339872][T17204] [ 1248.342281][T17204] ====================================================== [ 1248.349446][T17204] WARNING: possible circular locking dependency detected [ 1248.356596][T17204] 6.16.0-syzkaller #0 Not tainted [ 1248.361837][T17204] ------------------------------------------------------ [ 1248.368904][T17204] kworker/u8:18/17204 is trying to acquire lock: [ 1248.375260][T17204] ffff88801beb8e00 (team->team_lock_key#10){+.+.}-{4:4}, at: team_device_event+0x544/0xa20 [ 1248.386052][T17204] [ 1248.386052][T17204] but task is already holding lock: [ 1248.393461][T17204] ffff8880538f0d30 (&dev_instance_lock_key#20){+.+.}-{4:4}, at: __linkwatch_run_queue+0x4a0/0x7e0 [ 1248.404407][T17204] [ 1248.404407][T17204] which lock already depends on the new lock. [ 1248.404407][T17204] [ 1248.415061][T17204] [ 1248.415061][T17204] the existing dependency chain (in reverse order) is: [ 1248.424112][T17204] [ 1248.424112][T17204] -> #1 (&dev_instance_lock_key#20){+.+.}-{4:4}: [ 1248.432777][T17204] lock_acquire+0x120/0x360 [ 1248.437938][T17204] __mutex_lock+0x182/0xe80 [ 1248.443001][T17204] dev_set_mtu+0x10e/0x260 [ 1248.448068][T17204] team_add_slave+0x8b8/0x2840 [ 1248.453398][T17204] do_set_master+0x530/0x6d0 [ 1248.458565][T17204] do_setlink+0xcf0/0x41c0 [ 1248.463542][T17204] rtnl_newlink+0x160b/0x1c70 [ 1248.469051][T17204] rtnetlink_rcv_msg+0x7cc/0xb70 [ 1248.474645][T17204] netlink_rcv_skb+0x205/0x470 [ 1248.479977][T17204] netlink_unicast+0x75c/0x8e0 [ 1248.485313][T17204] netlink_sendmsg+0x805/0xb30 [ 1248.490646][T17204] __sock_sendmsg+0x21c/0x270 [ 1248.495891][T17204] ____sys_sendmsg+0x505/0x830 [ 1248.501313][T17204] ___sys_sendmsg+0x21f/0x2a0 [ 1248.506641][T17204] __x64_sys_sendmsg+0x19b/0x260 [ 1248.512139][T17204] do_syscall_64+0xfa/0x3b0 [ 1248.517198][T17204] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1248.523776][T17204] [ 1248.523776][T17204] -> #0 (team->team_lock_key#10){+.+.}-{4:4}: [ 1248.532320][T17204] validate_chain+0xb9b/0x2140 [ 1248.537837][T17204] __lock_acquire+0xab9/0xd20 [ 1248.543162][T17204] lock_acquire+0x120/0x360 [ 1248.548304][T17204] __mutex_lock+0x182/0xe80 [ 1248.553454][T17204] team_device_event+0x544/0xa20 [ 1248.559041][T17204] notifier_call_chain+0x1b3/0x3e0 [ 1248.564810][T17204] netif_state_change+0x284/0x3a0 [ 1248.570453][T17204] linkwatch_do_dev+0x117/0x170 [ 1248.576045][T17204] __linkwatch_run_queue+0x56d/0x7e0 [ 1248.582039][T17204] linkwatch_event+0x4c/0x60 [ 1248.587305][T17204] process_scheduled_works+0xade/0x17b0 [ 1248.593640][T17204] worker_thread+0x8a0/0xda0 [ 1248.598793][T17204] kthread+0x70e/0x8a0 [ 1248.603461][T17204] ret_from_fork+0x3fc/0x770 [ 1248.608869][T17204] ret_from_fork_asm+0x1a/0x30 [ 1248.614213][T17204] [ 1248.614213][T17204] other info that might help us debug this: [ 1248.614213][T17204] [ 1248.624655][T17204] Possible unsafe locking scenario: [ 1248.624655][T17204] [ 1248.632354][T17204] CPU0 CPU1 [ 1248.637755][T17204] ---- ---- [ 1248.643148][T17204] lock(&dev_instance_lock_key#20); [ 1248.648665][T17204] lock(team->team_lock_key#10); [ 1248.656361][T17204] lock(&dev_instance_lock_key#20); [ 1248.664418][T17204] lock(team->team_lock_key#10); [ 1248.669551][T17204] [ 1248.669551][T17204] *** DEADLOCK *** [ 1248.669551][T17204] [ 1248.677736][T17204] 4 locks held by kworker/u8:18/17204: [ 1248.683232][T17204] #0: ffff88801a489148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 1248.695050][T17204] #1: ffffc9000b5f7bc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 1248.706526][T17204] #2: ffffffff8f509f08 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 1248.715658][T17204] #3: ffff8880538f0d30 (&dev_instance_lock_key#20){+.+.}-{4:4}, at: __linkwatch_run_queue+0x4a0/0x7e0 [ 1248.727312][T17204] [ 1248.727312][T17204] stack backtrace: [ 1248.733402][T17204] CPU: 0 UID: 0 PID: 17204 Comm: kworker/u8:18 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 1248.733424][T17204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1248.733438][T17204] Workqueue: events_unbound linkwatch_event [ 1248.733460][T17204] Call Trace: [ 1248.733469][T17204] [ 1248.733478][T17204] dump_stack_lvl+0x189/0x250 [ 1248.733500][T17204] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1248.733518][T17204] ? __pfx__printk+0x10/0x10 [ 1248.733539][T17204] ? print_lock_name+0xde/0x100 [ 1248.733561][T17204] print_circular_bug+0x2ee/0x310 [ 1248.733582][T17204] check_noncircular+0x134/0x160 [ 1248.733603][T17204] validate_chain+0xb9b/0x2140 [ 1248.733621][T17204] ? __schedule+0x16c8/0x4c90 [ 1248.733645][T17204] __lock_acquire+0xab9/0xd20 [ 1248.733662][T17204] ? team_device_event+0x544/0xa20 [ 1248.733677][T17204] lock_acquire+0x120/0x360 [ 1248.733691][T17204] ? team_device_event+0x544/0xa20 [ 1248.733711][T17204] __mutex_lock+0x182/0xe80 [ 1248.733729][T17204] ? team_device_event+0x544/0xa20 [ 1248.733748][T17204] ? team_device_event+0x544/0xa20 [ 1248.733761][T17204] ? lockdep_hardirqs_on+0x9c/0x150 [ 1248.733778][T17204] ? __pfx___mutex_lock+0x10/0x10 [ 1248.733806][T17204] team_device_event+0x544/0xa20 [ 1248.733822][T17204] notifier_call_chain+0x1b3/0x3e0 [ 1248.733844][T17204] netif_state_change+0x284/0x3a0 [ 1248.733870][T17204] ? __pfx_netif_state_change+0x10/0x10 [ 1248.733897][T17204] ? dev_deactivate+0x129/0x1b0 [ 1248.733924][T17204] ? nsim_get_iflink+0x20/0x280 [ 1248.733948][T17204] ? rfc2863_policy+0x1c6/0x3e0 [ 1248.733963][T17204] linkwatch_do_dev+0x117/0x170 [ 1248.733978][T17204] __linkwatch_run_queue+0x56d/0x7e0 [ 1248.733996][T17204] ? __pfx___linkwatch_run_queue+0x10/0x10 [ 1248.734013][T17204] ? process_scheduled_works+0x9ef/0x17b0 [ 1248.734030][T17204] ? process_scheduled_works+0x9ef/0x17b0 [ 1248.734046][T17204] linkwatch_event+0x4c/0x60 [ 1248.734066][T17204] process_scheduled_works+0xade/0x17b0 [ 1248.734093][T17204] ? __pfx_process_scheduled_works+0x10/0x10 [ 1248.734117][T17204] worker_thread+0x8a0/0xda0 [ 1248.734144][T17204] kthread+0x70e/0x8a0 [ 1248.734166][T17204] ? __pfx_worker_thread+0x10/0x10 [ 1248.734183][T17204] ? __pfx_kthread+0x10/0x10 [ 1248.734203][T17204] ? _raw_spin_unlock_irq+0x23/0x50 [ 1248.734218][T17204] ? lockdep_hardirqs_on+0x9c/0x150 [ 1248.734233][T17204] ? __pfx_kthread+0x10/0x10 [ 1248.734254][T17204] ret_from_fork+0x3fc/0x770 [ 1248.734270][T17204] ? __pfx_ret_from_fork+0x10/0x10 [ 1248.734287][T17204] ? __switch_to_asm+0x39/0x70 [ 1248.734306][T17204] ? __switch_to_asm+0x33/0x70 [ 1248.734325][T17204] ? __pfx_kthread+0x10/0x10 [ 1248.734346][T17204] ret_from_fork_asm+0x1a/0x30 [ 1248.734372][T17204] [ 1256.597503][ T5854] Bluetooth: hci1: command 0x0406 tx timeout