last executing test programs: 7.485811392s ago: executing program 2 (id=2482): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="d400000000020104000000000000000900000000240002801400018008000100e000000108000200ac1e00010c000280050001de0000000009000600736e6d7000000000900001800c000280050001002100000006000340000000002c00018014000300fe8000000000000000000000000000161400040020010000000000a076dd24bb0000000000000000020c00028005000100110000002c000180140003002001000000000000000000000000000214000400fe8000000000000000000000000000aa1400018008000100ac1414bb080002"], 0xd4}}, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000000000085804115001000000000109022400010000000009040000ff03000000092100000001080000000581030000000000"], 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x3, 0x0}, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{0x0}, {&(0x7f0000000000)=""/13, 0xd}], 0x2}, 0x40000002) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0203060910"], 0x80}}, 0x0) sendmmsg(r1, &(0x7f0000000180), 0x400000000000117, 0x0) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="02c9300c00084005001600040005002b0c"], 0x11) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/bus/input/devices\x00', 0x0, 0x0) preadv(r5, &(0x7f0000002480)=[{0x0}], 0x1, 0x0, 0x0) setsockopt$MRT_PIM(r5, 0x0, 0xcf, &(0x7f0000000400), 0x4) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000380)={'wlan0\x00', 0x0}) r8 = syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_FEATURES_GET(r2, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x20, r8, 0x4, 0x70bd2c, 0x25dfdbfe, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x1) sendmsg$NL80211_CMD_SET_STATION(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES16=r6, @ANYBLOB="010000000000000000001200000008000300", @ANYRES32=r7, @ANYBLOB="0a000600ffffffffffff00000500130100000000"], 0x30}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=ANY=[@ANYBLOB="d0000000", @ANYRES16=r3, @ANYBLOB="05000000000000000000ba96000008000300", @ANYRES32=r9, @ANYBLOB="0a00e800ffffffffffff00000a00e8000802110000000000140017800400060004000500040001000400010008001780040002002c0017800400010004000500040002000400020004000100040002000400060004000200040005000400040018001780040002000400050004000500040005000400010020001780040004000400030004000500040001000400020004000500040005001c001780040004000400050004000300040002000400030004000500"], 0xd0}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r10 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00') writev(r10, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1) r11 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r11, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) 5.01568878s ago: executing program 2 (id=2498): r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000003c0)}], 0x1}, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r2 = socket$unix(0x1, 0x5, 0x0) r3 = dup2(r2, r1) close_range(r3, 0xffffffffffffffff, 0x0) 4.755138771s ago: executing program 2 (id=2502): r0 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000080)={0x41, 0x0, 0x2}, 0x10) socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000000)={0x2041, 0xfffffffd, 0x2}, 0x10) sendmsg$tipc(r0, &(0x7f0000000140)={&(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x0, {0x0, 0x3, 0x4}}, 0x10, 0x0}, 0x0) 4.577869402s ago: executing program 0 (id=2503): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs2/binder0\x00', 0x0, 0x0) r1 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000001300), 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f0000001340)={0x0, 0x0, 0x0, {0x6, @sdr}}) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) r2 = socket$inet6(0xa, 0x5, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) setsockopt$inet_int(r2, 0x0, 0xf, &(0x7f0000000340)=0xfffffffffffffff9, 0x4) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000002080)=[@in6={0xa, 0x0, 0x0, @mcast2, 0x40}], 0x1c) r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) fcntl$setlease(r4, 0x400, 0x0) r5 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fcntl$setlease(r5, 0x400, 0x0) r6 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r6, 0x107, 0xf, &(0x7f0000000000), 0x4) sendmsg$kcm(r6, &(0x7f0000000040)={&(0x7f0000001340)=@hci={0x1f, 0x0, 0x2}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000740)="62042700590200000000002f1eafbcf706e12b30087f5c582d26116642c47a5f8786ee601e65ab3c06d4b8bf4a81cb3e247345af215542f41d80ac0010134fa54a0186cee8441e2305e495d04ad68ab8fef69df82de645bef7a447286737a525eef9fc6fbb48b63f60c8c9097be968ea872c4801e5d0711b4373c7224ed7a9cbd49d40f82bdb6afc0036824be26fc96e49a70e90797e6caa1b38ddacb3cb2b3eac7c068a185b644582f25edfa3d6a46e2a894ca809a422a6a29bd7145bb6e7992570484d6a710292ea0c34a7af9eab48f2ca2d74d9a4de33", 0xcc}, {&(0x7f0000000c00)="294f28dfe56d2c8ba23606bc7ecd1f634665cb5bed07bac5684da6eb21da1d6926910c5a0c653b0106869a804dd2a44ce42557b2e32e2bd367e9d01a5e7380cc4fc8e7c9044cc4115b978ca7427d749beaefdf2e48b369cb169ad7b1ced26bb161297c7e56a3e83e91b379c179017f8b4657d1b22eca6bca33036d33e1a684059c53cea91ca6637ac780ab2bcfc22a666cd4e5876f11e9aee4724b7cb59731c97e70ebd7f7483994eb07de2f3c6a9448c3206cff6d290b433f331c2399e99ee3bdecf5689eddc3e549966c1106a933bbc47b65ca6e9d7efbee6e3b1dbe87313111e85336d6890002db17751b6044f964dc90ea466f90856112be7f0a54b39a3f66cc4c39544300093158af39cdde429f50d8c750", 0xfe98}, {&(0x7f0000000080)="0a985d7879f1bbff16c7d66e33657e452299fd0ef8c2afda588eb05891b7da030e01452a7986bea19b59c98dc2996c0ea09604d00ea48336d0c813d83025aca8623a5915ddddce2c11c5e374f2e0f387d2398fe0b899ff60dc7a73addcf253cf32aafbe2b9f90799e7fc583bdd9b564697ba988080270bdceb4714219a2d4c229fffb0d86fb286e3553a8b3ac02badc66ada5fceabe5f63c79da96e641a45901128063d6e1e31b11bcfbc3e70bd3c8c6c0be9f653f977f16", 0xb8}, {&(0x7f0000000840)="6f4720baeb54", 0x6}], 0x4}, 0x0) r7 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fcntl$setlease(r7, 0x400, 0x0) fcntl$setlease(r7, 0x400, 0x2) creat(&(0x7f0000000080)='./file0\x00', 0x40) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0xa60a, 0x3}, 0x48) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r8, 0x0, &(0x7f0000001700)=""/53}, 0x20) read$FUSE(r3, &(0x7f00000020c0)={0x2020}, 0x2020) socket$key(0xf, 0x3, 0x2) 4.461753015s ago: executing program 2 (id=2504): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0) unshare(0x68040200) r1 = socket$netlink(0x10, 0x3, 0x0) writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000080)="290000001600190f00003fffffffda060200000000e80003dd0000040d001800ea11c21d0005000000", 0x29}], 0x1) r2 = syz_open_dev$ndb(&(0x7f00000002c0), 0x0, 0x0) ioctl$NBD_SET_SIZE_BLOCKS(r2, 0xab07, 0x5) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7b, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000080)=0x3, 0x4) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_conn_request={{0x4, 0xa}, {@any, "546792"}}}, 0xd) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="042c119080"], 0x14) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000240)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x51}, "ee3ccd5e284f0a98a290ea0f60f30dba637d51b622d428e11bbac658d0d18c9bc63ec6307d7938406546ffb7e3489c37ed856faa10454366ff9fe0ea477dc270e98a7faf0669c29dea5c5febb8955a70e4"}, 0x55) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @local}, 0x10) r3 = syz_open_dev$video(&(0x7f0000000300), 0x0, 0x1000) ioctl$VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f0000000440)={0x8, @win={{0x0, 0x1, 0x4, 0x20}, 0x0, 0x0, &(0x7f00000003c0)={{0x5, 0x40, 0x2, 0x3}, &(0x7f0000000380)={{0x5, 0x0, 0x6, 0x5}, &(0x7f0000000340)={{0xdb25, 0x80000001, 0x5, 0x8}}}}, 0x0, &(0x7f0000000400)="de6860463ea78103f1dbbd3492339e15f87ba51e080ad377c7bfe803806f40c7b561daf1ba1226191d38018ae4b257c6df771911", 0x1}}) r4 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$l2tp(&(0x7f00000000c0), 0xffffffffffffffff) r7 = socket$pppl2tp(0x18, 0x1, 0x1) r8 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r7, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r8, {0x2, 0x0, @dev}, 0x2}}, 0x2e) sendmsg$L2TP_CMD_SESSION_GET(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="0100000000000000000006000000140008"], 0x28}}, 0x0) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000100)={0x0, 0x26, "ff340e2aa6c97dfb5d85838c72060d96979533d7357c6eed70fcdb9d47d21e46e792a151322f"}, &(0x7f0000000140)=0x2e) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000180)={r9, @in={{0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}}, 0x6a90c6a6, 0x6, 0x3, 0x7, 0x0, 0x4, 0x6}, 0x9c) fcntl$setstatus(r0, 0x4, 0x42000) sendto$inet(r0, &(0x7f00000005c0)="0c268a927f1f6588b96748f3bc4d0805b1e4e6f1c0822e581241ba78600a34f65ac618ded897488fabeaf489bb614e1ce790df05ef6d6285710000010022b3496ed0d7bb52fdf8ffffffffffffff2bd67aa03859bcecc7a95425a3a07e758044ab4ea6e9ae55d88f90d35bc0f8974af5cec9d97c73936c4a13cf3f8297c2f24d0bcd2bdbd664fc888b8c0000000000000000000000e98c1876f8734c9caacbf90aadf4eb0c9aae33bef78239f7a9f530461945401c214f643ce3857a9f49d86e5e86c562d478c8386affb05801de88dcb3ee9cc87ad8293a13b8d5f914437f3db67fb38575e0ef446a7e11629b9b12c09d1a43ad3e11c61312", 0xb8, 0x20000880, 0x0, 0x0) 4.195581958s ago: executing program 1 (id=2507): ioctl$FAT_IOCTL_SET_ATTRIBUTES(0xffffffffffffffff, 0x40047211, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000001800), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000000)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r1, 0x54a2) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r1, 0x54a3) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mkdirat(r1, &(0x7f0000000400)='./file0\x00', 0xc4) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_GET_DAEMON(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="0b0700000000000000800b000000c37ca812c88d76bda89bf6bcecb0cdef6f34acd8ed980b418308b41d75"], 0x14}}, 0x0) r3 = syz_io_uring_setup(0x6908, &(0x7f0000000440)={0x0, 0x0, 0x10100}, &(0x7f0000000200), &(0x7f0000000100)=0x0) syz_io_uring_setup(0x1868, &(0x7f00000003c0), &(0x7f0000000280)=0x0, &(0x7f0000000240)) syz_io_uring_submit(r5, r4, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54}) io_uring_enter(r3, 0x184d, 0x13d8, 0x12, 0x0, 0x0) r6 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB="880000000314000029bd700040000000c9ff020073797a320000000008004100727865001400330076657468305f746f5f7465616d0000000900020073797a3000000000080041007278650014003300776c616e390000000000000000000000b7ff020073797a3200000000080041007369770014003300726f73653000000000000000000000002aff020073797a310000000029004100727865000000330076657468305f6d616376746170000000"], 0x88}, 0x1, 0x0, 0x0, 0x1}, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$sock_buf(r8, 0x1, 0x1c, &(0x7f0000000180)=""/10, &(0x7f00000001c0)=0xa) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r7, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r9, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r10, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) r11 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r11, 0xc018935c, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f0000000100), 0xffffffffffffffff) 3.952565748s ago: executing program 2 (id=2509): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="d400000000020104000000000000000900000000240002801400018008000100e000000108000200ac1e00010c000280050001de0000000009000600736e6d7000000000900001800c000280050001002100000006000340000000002c00018014000300fe8000000000000000000000000000161400040020010000000000a076dd24bb0000000000000000020c00028005000100110000002c000180140003002001000000000000000000000000000214000400fe8000000000000000000000000000aa1400018008000100ac1414bb080002"], 0xd4}}, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000000000085804115001000000000109022400010000000009040000ff03000000092100000001080000000581030000000000"], 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x3, 0x0}, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{0x0}, {&(0x7f0000000000)=""/13, 0xd}], 0x2}, 0x40000002) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0203060910"], 0x80}}, 0x0) sendmmsg(r1, &(0x7f0000000180), 0x400000000000117, 0x0) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="02c9300c00084005001600040005002b0c"], 0x11) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/bus/input/devices\x00', 0x0, 0x0) preadv(r5, &(0x7f0000002480)=[{0x0}], 0x1, 0x0, 0x0) setsockopt$MRT_PIM(r5, 0x0, 0xcf, &(0x7f0000000400), 0x4) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000380)={'wlan0\x00', 0x0}) r8 = syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_FEATURES_GET(r2, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x20, r8, 0x4, 0x70bd2c, 0x25dfdbfe, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x1) sendmsg$NL80211_CMD_SET_STATION(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES16=r6, @ANYBLOB="010000000000000000001200000008000300", @ANYRES32=r7, @ANYBLOB="0a000600ffffffffffff00000500130100000000"], 0x30}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=ANY=[@ANYBLOB="d0000000", @ANYRES16=r3, @ANYBLOB="05000000000000000000ba96000008000300", @ANYRES32=r9, @ANYBLOB="0a00e800ffffffffffff00000a00e8000802110000000000140017800400060004000500040001000400010008001780040002002c0017800400010004000500040002000400020004000100040002000400060004000200040005000400040018001780040002000400050004000500040005000400010020001780040004000400030004000500040001000400020004000500040005001c001780040004000400050004000300040002000400030004000500"], 0xd0}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r10 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00') writev(r10, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1) r11 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r11, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) 3.773811905s ago: executing program 3 (id=2510): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x10, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x15) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x30, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xf}]}, @NFT_MSG_NEWSETELEM={0x24, 0xc, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_ELEMENTS={0x4}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10}}, 0x9c}}, 0x0) io_setup(0xff, &(0x7f0000000000)) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000003c0)={{{@in6=@private0, @in6=@local}, {}, {}, 0x0, 0x40000000}, {{@in6=@remote}, 0x0, @in6=@local}}, 0x121) syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00') connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) 3.671132184s ago: executing program 1 (id=2512): r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000003c0)}], 0x1}, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r2 = socket$unix(0x1, 0x5, 0x0) r3 = dup2(r2, r1) close_range(r3, 0xffffffffffffffff, 0x0) 3.498519411s ago: executing program 0 (id=2513): syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0019030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0) (async) r0 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f0000000040)={0x3, @pix_mp={0x80, 0x3ff, 0x3436324d, 0x3, 0xa, [{0x7f, 0x8}, {0x7, 0x5}, {0x4, 0x1}, {0x2, 0xffffd8f4}, {0xb3ed, 0x8}, {0x4ba0, 0x1000}, {0xfffff325, 0x8000}, {0x1, 0x7ff}], 0x59, 0x81, 0x2, 0x2}}) r1 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x58, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}]}, @qdisc_kind_options=@q_blackhole={0xe}]}, 0x58}}, 0x0) (async) r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) pread64(r4, 0x0, 0x0, 0x0) 3.497576689s ago: executing program 1 (id=2514): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000040)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200067e001009058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000680)={0x84, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0xa7, &(0x7f0000000380)=ANY=[@ANYBLOB="0702009f3a815a31b23bafc0a2095e557de416c7a55a1211d829338698cacb30fb3390f45091a935a9efca6f4e7c662b622cb235db162aba29aef5e100d4c8833edaa2fe95ea9c025c5fcc5ed29e58860e731335a9ef71fc4aa1e3a7b928b131b6b01c476641eee6629f8eb01466abd6139e4f8ca3dbc78214de177c80ff7467a3ff151291c45cfefaf56d04b6fd0ed378a3f1f3f8087f608aed41e7bb3423dd4fc696e4ec08f9cf7d57640d796ffd1b15dc8319f1791dcae95a9d13ae0351eba8acd2ad7f85e2863f5a6e871a7bad358af11dffeaed3cd131ec7ad55ad323e4466450ee5e13b32330d54f98594dc91b7111a1bc91f1014d864812757d4586"]) (async) r1 = socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 32) r2 = socket$inet6_udp(0xa, 0x2, 0x0) (async, rerun: 32) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) (async) r4 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r4, &(0x7f0000000040), 0xc) (async) r5 = socket$qrtr(0x2a, 0x2, 0x0) recvmmsg(r4, &(0x7f0000000ac0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) (async) connect$qrtr(r5, &(0x7f0000000040)={0x2a, 0x1, 0x4000}, 0xc) ioctl$sock_qrtr_TIOCINQ(r4, 0x5411, &(0x7f0000000840)) writev(r5, &(0x7f0000000340)=[{&(0x7f0000000080)='~', 0x1}], 0x1) (async) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000000800000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r6}, 0x10) mkdirat(r6, &(0x7f0000000000)='./file0\x00', 0x32) (async) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000840)=@newqdisc={0x80, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x50, 0x2, {{}, [@TCA_NETEM_LOSS={0x34, 0x5, 0x0, 0x1, [@NETEM_LOSS_GI={0x18}, @NETEM_LOSS_GI={0x4}]}]}}}]}, 0x80}}, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/timer_list\x00', 0x0, 0x0) (async) r8 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r8, &(0x7f0000000080)='!', 0xffffff56) 3.082866098s ago: executing program 4 (id=2516): r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) ioctl$USBDEVFS_FREE_STREAMS(r0, 0x802c550a, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000580)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd70a5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c707647fa8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f9429ef295ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa60e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e0300d37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe0245330e88c0c41dfee5fc9400784fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f95007000000000000be290159f6bcd75f0dda9de5532e71ae9e1f00000054a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468bb928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b0a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10139d902b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000080000f841b35af2e300000000000000000000000000002a2942a2916f337ce28139c6107e21037db166473609738d0ad78870bd77f7c5fed3945f41fac70f6136f083c96efae97d618cb8f49f28b8171d887c4aa5826420cc5701b593e86422dd8711981836bff97b5f369946bd04ab54b9ed9c2417a0c3c015054da1a89aafbf02092004c81898a9aa48a7504f0b5a0f3e18ee9eb852df9632970fc0e1e3216a0f871a6c2e751b141d2e7ead0e238a247873e87592c0ff06c63ad39a4c6498a8d357b641c7e66b2c3ac2745898d09788132c1745c5d885b7e050a80ba22e3c8ac8d808948f8326907f1cc4930f9fe183f78ee54463102a7de241b807d0b38cd2499a8dc8d3e966d2b69b04480ef672f658e60bcc78f9d6dd46605f5680885bfa305914ec0aec185d7086ba5243c6586d863f1b162e2cad8ba298e79eb8cc152c6d21eb39cd61f9082a9be84346c1925979c713fd56bba8c728f4fc28293835a6c4061dac77bbc86fa470222dcbb67ad4402ac11d0e9a37c4031e9a0815d71219b8c83a2b55d66fec348ac8a6f9fe0d3730ce0667"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000540)='rcu_utilization\x00', r1}, 0x10) ioctl$USBDEVFS_CONTROL(r0, 0x10, 0x0) 2.817782511s ago: executing program 4 (id=2517): r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00006dbffc), 0x4) bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000003c0)="fe", 0x1}, {&(0x7f0000001240)="1eac4d20f8509e2139d2842c8faedef008bcac1025cbc63d2bfe0c7bbe51c5bf73985d5106bf5b5e7e5761716e35b468ea79633c916c4a8026f9408d056b8977df67c0e6fd0b1b3da5de5d003382ac95eade5dadad870ce3749452d2c1c3651ffff244be3078fdbfeb97d093bba60131e733d91c4ad38e7b52aa7afa9cb8e2351bd3f8a7a2a0425b071f6790992b8c2a51d944b0161c5c97fcdc19c2ef7c66ccc23c77a28a34b216c429444343ea056f171399dc03d56a1131ba74d31fc1012d3deff0e43309fc9e3b88bec90a7680aa74ccd581e02eb436a0009fa62097513d0c9533256d81978fae39288edcb833739d2988ccf5a564bc00edd1ab0853b873cbab3ef227f11325d72dbe2f435351610d01d0f74e180df6eaa94651336e7713414e499586edd5693e587a186fcb68a973e823e61a072aaa4fb9e3a03ff4c17c9e343684255efba0d1b149b22c2d81f1ac5eaccaab01ab108178e97eb8a45d5d6cdeca0d6b9af9f88cfee58935be6902ac7c6915d60548367d164990b142d472b9b5700191b1f978fb36bcde646385dcf5cb7adf1ec70baef4061d2da93d2f5eefae1081374d58ab54532755c1b8bf303584296145e9aad2e3ccef93f30da9c102db5cfe346baba2fd3f157cb6e825e607365ff8c6187e216dc4072e582874ce63166405e21644015f99d5713165a377bfdc3143928e8469b4e312ce1f9dff83fe7c8d9fca791af2b46f1650e3937c9ab589d5f93fb578503aa64042c66571649844d93257489c1b658140e4c194c329a1a2c0117d123a45b213a118dd608bd6bdb2e0a6782f785321ff48eac4158ad9efb3737a6cfbb21d0dba732558493aa09dfa7fa41b4922e4e205a4792c9694661a18eff0d932d824f6987aa3dafa7ddc9b0acd70d43263c78dde88b7c665abbeec1cf1016ddc321f713cc3c149eeda6443b5b278eb3a05b08d510650b055d3193c4d5bbe084431cc40a626e81827d8bf2379435ada42a99569b35faa3af53f90f4dcf7a7d1c2e6fe4d7739b135981d40ba00de019909748640d554a159e552c6a7a7c77b213fad40dd785cc4ee983266b3377fbc7845a44992f82656b8240c169697599074348a4bac29423612e4c0ba89a66d08033b54b4d8f8704ab9470fe6316dc6ba610b7f3c1b0428607b13d2cfbed5c82d9214a1e97edaa27ed011d42800467fd54cddec7841f2aa513e7c8956842ea69b6b80208a4acbe9b678a9ab48a26df1cebd283f0d8e2956d8e8a4aad5b563ae75ddaf9b167d70b0e96f42a4f1c5bef1e777fedcb380707fc7ac87e249f322a01660687c04d1bbeeefeecadf86c3ef805d79964a862877cfbff40eb340f7065bc759013cbdcb25305ba6812a853b8d8e1960227826acb24311ed0e67f84565dd8858ca3be23409569e15ba75120c35dffdc8a4b7688d5d02fedf88434274b828fec979ea029405cd1e7cadc867ebdc98c4a523178715828c1a6361e60ff1f2968efc20d6888ac2a6f81e37cbc7f1e89f3421825cc2", 0x438}], 0x2}, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r2 = socket$unix(0x1, 0x5, 0x0) r3 = dup2(r2, r1) close_range(r3, 0xffffffffffffffff, 0x0) 2.74409808s ago: executing program 4 (id=2518): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x18, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="1800"/13], &(0x7f0000000440)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r0}, 0x10) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000400)=[{&(0x7f0000009900)=""/102400, 0x19000}, {&(0x7f0000000140)=""/10, 0xa}, {&(0x7f00000004c0)=""/201, 0xc9}, {&(0x7f00000005c0)=""/201, 0xc9}], 0x4, 0x0, 0x105) ioctl$FS_IOC_SETFSLABEL(r1, 0x41009432, 0x0) ioctl$SG_BLKTRACETEARDOWN(r1, 0x1276, 0x0) r2 = io_uring_setup(0x771, &(0x7f0000000040)={0x0, 0x80000000, 0x0, 0x2, 0x0, 0x0, r1}) r3 = syz_open_dev$dmmidi(&(0x7f00000000c0), 0x2, 0x0) readv(r3, &(0x7f0000000280)=[{&(0x7f0000000100)=""/114, 0x72}], 0x1) close_range(r2, 0xffffffffffffffff, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r4 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_DELLINK(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000002080)=ANY=[@ANYBLOB="18000000041401"], 0x18}}, 0x0) 2.261333537s ago: executing program 4 (id=2519): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0) unshare(0x68040200) r1 = socket$netlink(0x10, 0x3, 0x0) writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000080)="290000001600190f00003fffffffda060200000000e80003dd0000040d001800ea11c21d0005000000", 0x29}], 0x1) syz_open_dev$ndb(&(0x7f00000002c0), 0x0, 0x2000) ioctl$NBD_SET_SIZE_BLOCKS(0xffffffffffffffff, 0xab07, 0x5) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7b, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000080)=0x3, 0x4) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_conn_request={{0x4, 0xa}, {@any, "546792"}}}, 0xd) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="042c119080"], 0x14) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000240)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x51}, "ee3ccd5e284f0a98a290ea0f60f30dba637d51b622d428e11bbac658d0d18c9bc63ec6307d7938406546ffb7e3489c37ed856faa10454366ff9fe0ea477dc270e98a7faf0669c29dea5c5febb8955a70e4"}, 0x55) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @local}, 0x10) r2 = syz_open_dev$video(&(0x7f0000000300), 0x0, 0x1000) ioctl$VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f0000000440)={0x8, @win={{0x0, 0x1, 0x4, 0x20}, 0x0, 0x0, &(0x7f00000003c0)={{0x5, 0x40, 0x2, 0x3}, &(0x7f0000000380)={{0x5, 0x0, 0x6, 0x5}, &(0x7f0000000340)={{0xdb25, 0x80000001, 0x5, 0x8}}}}, 0x0, &(0x7f0000000400)="de6860463ea78103f1dbbd3492339e15f87ba51e080ad377c7bfe803806f40c7b561daf1ba1226191d38018ae4b257c6df771911", 0x1}}) r3 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$l2tp(&(0x7f00000000c0), 0xffffffffffffffff) r6 = socket$pppl2tp(0x18, 0x1, 0x1) r7 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r6, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r7, {0x2, 0x0, @dev}, 0x2}}, 0x2e) sendmsg$L2TP_CMD_SESSION_GET(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0100000000000000000006000000140008"], 0x28}}, 0x0) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000100)={0x0, 0x26, "ff340e2aa6c97dfb5d85838c72060d96979533d7357c6eed70fcdb9d47d21e46e792a151322f"}, &(0x7f0000000140)=0x2e) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000180)={r8, @in={{0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}}, 0x6a90c6a6, 0x6, 0x3, 0x7, 0x0, 0x4, 0x6}, 0x9c) fcntl$setstatus(r0, 0x4, 0x42000) sendto$inet(r0, &(0x7f00000005c0)="0c268a927f1f6588b96748f3bc4d0805b1e4e6f1c0822e581241ba78600a34f65ac618ded897488fabeaf489bb614e1ce790df05ef6d6285710000010022b3496ed0d7bb52fdf8ffffffffffffff2bd67aa03859bcecc7a95425a3a07e758044ab4ea6e9ae55d88f90d35bc0f8974af5cec9d97c73936c4a13cf3f8297c2f24d0bcd2bdbd664fc888b8c0000000000000000000000e98c1876f8734c9caacbf90aadf4eb0c9aae33bef78239f7a9f530461945401c214f643ce3857a9f49d86e5e86c562d478c8386affb05801de88dcb3ee9cc87ad8293a13b8d5f914437f3db67fb38575e0ef446a7e11629b9b12c09d1a43ad3e11c61312", 0xb8, 0x20000880, 0x0, 0x0) 2.259384199s ago: executing program 3 (id=2520): r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendto$packet(r0, 0x0, 0x3580, 0x0, &(0x7f0000000040)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @broadcast}, 0x14) 2.053993408s ago: executing program 3 (id=2521): mknod$loop(0x0, 0x1fff, 0x0) io_uring_setup(0x3e79, &(0x7f0000000000)) creat(0x0, 0x0) mkdir(&(0x7f0000000000)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) sendto(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000240)=@xdp, 0x12) chdir(&(0x7f0000000080)='./file1\x00') mkdir(&(0x7f0000000000)='./file0\x00', 0x0) 2.037912547s ago: executing program 1 (id=2522): ioctl$FAT_IOCTL_SET_ATTRIBUTES(0xffffffffffffffff, 0x40047211, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000001800), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000000)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r1, 0x54a2) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r1, 0x54a3) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mkdirat(r1, &(0x7f0000000400)='./file0\x00', 0xc4) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$IPVS_CMD_GET_DAEMON(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="14000000", @ANYRES16=r2, @ANYBLOB="0b0700000000000000800b000000c37ca812c88d76bda89bf6bcecb0cdef6f34acd8ed980b418308b41d75"], 0x14}}, 0x0) r3 = syz_io_uring_setup(0x6908, &(0x7f0000000440)={0x0, 0x0, 0x10100}, &(0x7f0000000200), &(0x7f0000000100)=0x0) syz_io_uring_setup(0x1868, &(0x7f00000003c0), &(0x7f0000000280)=0x0, &(0x7f0000000240)) syz_io_uring_submit(r5, r4, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54}) io_uring_enter(r3, 0x184d, 0x13d8, 0x12, 0x0, 0x0) r6 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB="880000000314000029bd700040000000c9ff020073797a320000000008004100727865001400330076657468305f746f5f7465616d0000000900020073797a3000000000080041007278650014003300776c616e390000000000000000000000b7ff020073797a3200000000080041007369770014003300726f73653000000000000000000000002aff020073797a310000000029004100727865000000330076657468305f6d616376746170000000"], 0x88}, 0x1, 0x0, 0x0, 0x1}, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$sock_buf(r8, 0x1, 0x1c, &(0x7f0000000180)=""/10, &(0x7f00000001c0)=0xa) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r7, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r9, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r10, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) r11 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r11, 0xc018935c, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f0000000100), 0xffffffffffffffff) 1.970853619s ago: executing program 3 (id=2523): r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) getsockopt$inet_mreqn(r0, 0x0, 0x24, &(0x7f00000000c0)={@remote, @multicast1}, &(0x7f00000001c0)=0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r5 = inotify_init() inotify_add_watch(r5, &(0x7f00000001c0)='./file0\x00', 0x6000400) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) write$9p(r4, &(0x7f0000001400)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949ccc6e2e54c2d5c8f0b7932b69797f217168b0c1feb128ae34f0daf487a70b5c117acd43725fe17993634f1695dabd7f998cd55e9d5bd911e86aa7a4ad75a574bb96951d6018b25d942a9544bca1ebb0e8d10c092cdcb85797673972099e4041aaf8d636f66cb1103ef2050ad28fabaed33d6927889d97f4b5ce0de71d3fd832980f4f088d0d824e20549b4bbd906ffa51ce9de54d779eb4de462faac20a3ab0ed9934373ca22cea5454f4c2a740cd461e39956bb5f98df2aebc60cf32623adbffbcc378fa7250b6a3fc863dadcf6d4f8b855c4e70f0796eee6218445dad2811dd6b540ff52efa2f167dd9c1b8b016268d37db430983fefc0645d20614c8df2eb0872c58e09664e672b0b6a9970fec199257e1c606ec3e364c66a0f4d258c74accd43b987c756d602fd8787fed3aa43fd8d84e9656d4a413fa9a423bc54b873583d6d497005e54712fafc71384988d80134fbf84f53fdd74b354848006b8b5b67e7cc5a472475d3ae545ca1fcf7628b873e31ba83a98a7ad5b0cfbe9711b517a9a1388ad0efa2a3b4e22152021d631b731e2e100a9831111db7acce948bb5deeea260463c140ac929e77c58402776caf85d4569a75dde2f64c4491508afb541ed9b2c81fc95c06706235f383e31cf662c95b1e49cfd94871e22720a41535756e419b271276941692bd023dd9c9dbec4f7db1e5c00d8b3be7b8e826a6aadd001edd0dfeb00f8048442b5c48456fd642e629dcb2ff55592665ff491cd832672ce4d999da186db2c3a1f8b6b1f7d3750d7cdb3097954e6e14fb2183ad662c63d4ce8b82dc2487f0fe2ea2827b53a7c6dcced878d2fb29c1d3ff583570e7bc172d1a5c716e0447cb08ce3c468ffdf975da372f3f3eb455aaf5822bc04a51b6cad24a2331369df81c123b009a2381b42e9aeb077f621608d81c12a5f5c6c295d74afd4dd5c051296be0b54c70bf899b347c36bff62f313079983409d7f9cf1242c917985c1b5d0736fe21f8514f63d0369a374c42da40bd5140bc3e602d00c3cb4f8e621863ab47422778d67d72de34753fd72cef80649a1548e4e8dcbcffe4054cc9d8a1f922623a75904cbdaacde768131e587269a4a99d82f7009c1b8ab79aa232a2fd45ad71b603803123f6ba979fa6a87525884b08d721a21400fb1f950b96ead82f408cc4388d3b78fb456616429a520656d5e5a876fd04748498902c86f58d45f4c1b3919eb846a00edf07e7a830bf723e4774f085f15534dd3b5246c0c0970b5ad7bb39b30b156a9430378c5b0aab1261c78d72ac301cd552d5e8dd4b642ec1dc0672745d593bb26d095b5b23576e3cfd6ab580f6e09419d0f0c64250fafaa3759aa1888da48d89c3f7c9454b0b3d0ab40445f5bed4493ef43ab08f31b1345ac4ffd94ad79c9eee53904ed6f572817153190d2e6863f2e39356bb99926419fd314341a536b7e76cae60bf7750a4c29e3f4c7f005530b1d4ee0e25b93b76fcc1108222f0b00de52cf4100e97adfd7b9db1370586ba27e1e183299be00d0df8439c380edf2f79deb441eac59b814b04accdff5e17f02046139f91f0332661676ff506e575f0cb2850bcc9f8666f6d1f69f8f4271cb804a79fccd7016f049d1a494c26a527c437fa0be6d51ec7543d9bd7a2f016194ebe3c99080a6c9b5119863dfe865f8e60cae29f50b67dbfaa0a3c9794d73034485ca1613344c572783db3dfab01b28089c51cda99cefa4c1c881a29e229f04c7e0fd04dc425ae8417852e6e31520c6207e9d4e35285feef2a2cb8a3bceb08a166fa4284a516362621e2c06731a442791f1db063a32cf1f005c914102c7273cb4d7ab1bf567d72f230783d2ea99c43a60e8729132441ee6c5362c33f9b613f84417c3c5549f4e3d9e73c6f83f16c8e57ae22fe5f54515e111fe43ad7c400d214281452bb6141cecad84b23a695f061988d906d03be5d89584634b9e9d9a9b072f8e7cbb47c47719318a2001cafa665dd2c82672d16877ea115bd023fc1975f7c59664bfb06f66a1a5e3f05cb283fb45ea67a2727ee6e10bf35b31fdd03d43ec67b753f6737e0d2f4a5275031595878cefc8f0ca", 0x600) chown(&(0x7f0000000000)='./file0\x00', 0x0, 0xee01) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r6) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket$netlink(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) r8 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/wakeup_count', 0x0, 0x0) r9 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/wakeup_count', 0x101a02, 0x0) sendfile(r9, r8, 0x0, 0x6) connect$inet(r8, &(0x7f0000000140)={0x2, 0x4e21, @loopback}, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) socket$inet6_tcp(0xa, 0x1, 0x0) 1.956224285s ago: executing program 4 (id=2524): bind$unix(0xffffffffffffffff, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r0 = socket$unix(0x1, 0x2, 0x0) connect$unix(r0, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r1 = socket$netlink(0x10, 0x3, 0x4) write(r1, &(0x7f00000002c0)="29000000140005b7ff00000004eabdeb0101b6ff02159f7e5520756b0f33b49db96ad24d12595fbea5", 0x29) 1.901943181s ago: executing program 0 (id=2525): r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000003c0)="fe", 0x1}], 0x1}, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) r3 = dup2(r2, r1) close_range(r3, 0xffffffffffffffff, 0x0) 1.714502893s ago: executing program 4 (id=2526): r0 = socket(0x10, 0x3, 0x0) (async) r1 = syz_io_uring_setup(0x318c, &(0x7f00000006c0)={0x0, 0x0, 0x10100}, &(0x7f0000000200), &(0x7f0000000100)) syz_io_uring_setup(0x1868, &(0x7f0000000140), &(0x7f00000000c0), &(0x7f0000000240)) (async, rerun: 64) io_uring_enter(r1, 0x184c, 0x0, 0x0, 0x0, 0x0) (async, rerun: 64) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x1c, 0x5e, 0x4101, 0x0, 0x0, {}, [@typed={0x8, 0x0, 0x0, 0x0, @fd}]}, 0x1c}}, 0x0) 1.119427983s ago: executing program 1 (id=2527): r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) ioctl$USBDEVFS_FREE_STREAMS(r0, 0x802c550a, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000580)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd70a5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c707647fa8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f9429ef295ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa60e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e0300d37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe0245330e88c0c41dfee5fc9400784fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f95007000000000000be290159f6bcd75f0dda9de5532e71ae9e1f00000054a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468bb928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b0a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10139d902b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000080000f841b35af2e300000000000000000000000000002a2942a2916f337ce28139c6107e21037db166473609738d0ad78870bd77f7c5fed3945f41fac70f6136f083c96efae97d618cb8f49f28b8171d887c4aa5826420cc5701b593e86422dd8711981836bff97b5f369946bd04ab54b9ed9c2417a0c3c015054da1a89aafbf02092004c81898a9aa48a7504f0b5a0f3e18ee9eb852df9632970fc0e1e3216a0f871a6c2e751b141d2e7ead0e238a247873e87592c0ff06c63ad39a4c6498a8d357b641c7e66b2c3ac2745898d09788132c1745c5d885b7e050a80ba22e3c8ac8d808948f8326907f1cc4930f9fe183f78ee54463102a7de241b807d0b38cd2499a8dc8d3e966d2b69b04480ef672f658e60bcc78f9d6dd46605f5680885bfa305914ec0aec185d7086ba5243c6586d863f1b162e2cad8ba298e79eb8cc152c6d21eb39cd61f9082a9be84346c1925979c713fd56bba8c728f4fc28293835a6c4061dac77bbc86fa470222dcbb67ad4402ac11d0e9a37c4031e9a0815d71219b8c83a2b55d66fec348ac8a6f9fe0d3730ce0667"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000540)='rcu_utilization\x00', r1}, 0x10) ioctl$USBDEVFS_CONTROL(r0, 0x10, 0x0) 881.909001ms ago: executing program 0 (id=2528): r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00006dbffc), 0x4) bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000003c0)="fe", 0x1}, {&(0x7f0000001240)="1eac4d20f8509e2139d2842c8faedef008bcac1025cbc63d2bfe0c7bbe51c5bf73985d5106bf5b5e7e5761716e35b468ea79633c916c4a8026f9408d056b8977df67c0e6fd0b1b3da5de5d003382ac95eade5dadad870ce3749452d2c1c3651ffff244be3078fdbfeb97d093bba60131e733d91c4ad38e7b52aa7afa9cb8e2351bd3f8a7a2a0425b071f6790992b8c2a51d944b0161c5c97fcdc19c2ef7c66ccc23c77a28a34b216c429444343ea056f171399dc03d56a1131ba74d31fc1012d3deff0e43309fc9e3b88bec90a7680aa74ccd581e02eb436a0009fa62097513d0c9533256d81978fae39288edcb833739d2988ccf5a564bc00edd1ab0853b873cbab3ef227f11325d72dbe2f435351610d01d0f74e180df6eaa94651336e7713414e499586edd5693e587a186fcb68a973e823e61a072aaa4fb9e3a03ff4c17c9e343684255efba0d1b149b22c2d81f1ac5eaccaab01ab108178e97eb8a45d5d6cdeca0d6b9af9f88cfee58935be6902ac7c6915d60548367d164990b142d472b9b5700191b1f978fb36bcde646385dcf5cb7adf1ec70baef4061d2da93d2f5eefae1081374d58ab54532755c1b8bf303584296145e9aad2e3ccef93f30da9c102db5cfe346baba2fd3f157cb6e825e607365ff8c6187e216dc4072e582874ce63166405e21644015f99d5713165a377bfdc3143928e8469b4e312ce1f9dff83fe7c8d9fca791af2b46f1650e3937c9ab589d5f93fb578503aa64042c66571649844d93257489c1b658140e4c194c329a1a2c0117d123a45b213a118dd608bd6bdb2e0a6782f785321ff48eac4158ad9efb3737a6cfbb21d0dba732558493aa09dfa7fa41b4922e4e205a4792c9694661a18eff0d932d824f6987aa3dafa7ddc9b0acd70d43263c78dde88b7c665abbeec1cf1016ddc321f713cc3c149eeda6443b5b278eb3a05b08d510650b055d3193c4d5bbe084431cc40a626e81827d8bf2379435ada42a99569b35faa3af53f90f4dcf7a7d1c2e6fe4d7739b135981d40ba00de019909748640d554a159e552c6a7a7c77b213fad40dd785cc4ee983266b3377fbc7845a44992f82656b8240c169697599074348a4bac29423612e4c0ba89a66d08033b54b4d8f8704ab9470fe6316dc6ba610b7f3c1b0428607b13d2cfbed5c82d9214a1e97edaa27ed011d42800467fd54cddec7841f2aa513e7c8956842ea69b6b80208a4acbe9b678a9ab48a26df1cebd283f0d8e2956d8e8a4aad5b563ae75ddaf9b167d70b0e96f42a4f1c5bef1e777fedcb380707fc7ac87e249f322a01660687c04d1bbeeefeecadf86c3ef805d79964a862877cfbff40eb340f7065bc759013cbdcb25305ba6812a853b8d8e1960227826acb24311ed0e67f84565dd8858ca3be23409569e15ba75120c35dffdc8a4b7688d5d02fedf88434274b828fec979ea029405cd1e7cadc867ebdc98c4a523178715828c1a6361e60ff1f2968efc20d6888ac2a6f81e37cbc7f1e89f3421825cc2", 0x438}], 0x2}, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r2 = socket$unix(0x1, 0x5, 0x0) r3 = dup2(r2, r1) close_range(r3, 0xffffffffffffffff, 0x0) 461.156327ms ago: executing program 3 (id=2529): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x3}, 0x1c, &(0x7f0000000300)=[{&(0x7f0000000180)="d7", 0x1}], 0x1}}], 0x1, 0x0) shutdown(r0, 0x1) setsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x14, &(0x7f00000001c0), 0x8) 316.634868ms ago: executing program 0 (id=2530): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x2, &(0x7f00000002c0)={0x0, @in={{0x2, 0x0, @dev}}}, &(0x7f0000000380)=0x9c) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r2, 0x84, 0x2, &(0x7f0000000180)={r1}, 0x8) 265.836369ms ago: executing program 1 (id=2531): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0x7, &(0x7f0000000140)=ANY=[@ANYBLOB="08000000000000000000000000000000851000000200000006000000000000009500007b000000008500000013000000b200000000000000"], &(0x7f0000000040)='GPL\x00', 0x4}, 0x90) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r2 = accept4$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @private}, &(0x7f0000000140)=0x10, 0x800) setsockopt$inet_mtu(r2, 0x0, 0xa, &(0x7f0000000180)=0x4, 0x4) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r3, 0x0, 0x2a, &(0x7f0000000000)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) setsockopt$inet_MCAST_MSFILTER(r3, 0x0, 0x30, &(0x7f0000000980)=ANY=[@ANYBLOB="020000000000000002000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000300000002000000ac1414bb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000002000000ac1414bb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002"], 0x210) r4 = socket$inet_udp(0x2, 0x2, 0x0) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001600), 0x0, 0x0) ioctl$TCSBRKP(r5, 0x5425, 0x0) r6 = io_uring_setup(0x2ad5, &(0x7f00000001c0)) close(r6) ioctl$TCSETSW2(r5, 0x5425, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r4, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) socket$inet6_sctp(0xa, 0x0, 0x84) r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r7, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="02c8000c00080002"], 0x11) close_range(r3, 0xffffffffffffffff, 0x0) r8 = fanotify_init(0x0, 0x0) fanotify_mark(r8, 0x105, 0x4800003a, r1, 0x0) pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r10 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000100), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r10}, 0x2c, {'wfdno', 0x3d, r9}}) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000540)={r0, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff01, 0x0, 0x8, 0x0, 0x0}}, 0x10) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000004a80)={[{0x0, 'freezer'}]}, 0x9) 190.923795ms ago: executing program 3 (id=2532): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="9feb01008818000000000000001000000010000000070000000400000000e4ff0d000000000000f2ff00000000"], 0x0, 0x2f}, 0x20) socket$netlink(0x10, 0x3, 0x0) bind$netlink(0xffffffffffffffff, 0x0, 0x0) close(0xffffffffffffffff) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = socket$inet6_sctp(0xa, 0x0, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xd, 0x0, &(0x7f0000000240)) r2 = socket$rds(0x15, 0x5, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, &(0x7f0000000140)) fstat(0xffffffffffffffff, &(0x7f0000000300)) ppoll(&(0x7f00000001c0)=[{r2}], 0x1, 0x0, 0x0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000040)={@local, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x1, 0x0, @rand_addr, @local}, @time_exceeded={0xb, 0x0, 0x0, 0x3, 0x0, 0x0, {0x8, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @private, @local, {[@lsrr={0x83, 0xb, 0x0, [@dev, @multicast2]}]}}}}}}}, 0x0) bind$rds(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x11, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], &(0x7f0000000140)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sys_exit\x00', r3}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x7, 0x4, 0x8, 0x1}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x7, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xfffffffd}, 0x48) fcntl$lock(0xffffffffffffffff, 0x26, &(0x7f0000000000)={0x0, 0x0, 0x6}) r4 = syz_usb_connect(0x0, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="120100004f92b90857152077ebb7000000010902120001000000000904"], 0x0) syz_usb_control_io(r4, 0x0, &(0x7f0000000f80)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000e00)={0x40, 0x13, 0x6, @local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r4, 0x0, &(0x7f0000000580)={0x2c, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r4, 0x0, 0x0) syz_usb_control_io(r4, 0x0, 0x0) syz_usb_control_io$printer(r4, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) 142.718396ms ago: executing program 0 (id=2533): r0 = socket(0x21, 0x2, 0x2) setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f0000000000)=0x97bb, 0x4) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000080)={0x60179e0f}) ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4b72, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)="387ed7626d850509a2d6c1aa38f15cd00f85c263cb226db671261fff7ce9c555f189afae3530db6dd493f28fd988721b9ae21b3e3b4523ae2594f47d8f62b480c4160b1f90ac9c41fae6ab12ac4c113fef588684ef495689092883b902a41cd75387ef6f7bc7d460d5e665f398ff95596dc94ec97003a3db08e500c2fb07e11aa4031a61c51caf7a65a2b613bda33f3eaeae635d7cd81761e74c38a7695800a15516eb337056e02335f9a7d10aa2eaf7beb7e1f7a1e850ecb3421143c5c4ded0f083a0c524dcf320827266819b6a952db5bc96141b26c54db857edbcbbc81c7af7aadf50bc549974b6401a19cdb130282b955592efa94242065a4c8d695a2cdd9ada350defd58c775b92d348305774d3a256c7520b285d8da0dbf5e20d604413ed2ddf9bcbf881caf811852806175d63892a15234fbcd7a88a2a0aea45d19148f0e7dada7d6d0d77881387fdeaa02863be90b88dfff412bff40c31c6415c54ae3335e54a49d315851feffe30d999c36def4df7df747695ef060000001bbe1b649f42f310859122c0d2c1e558dc6586958a28374f386ecf369274e43003a09b5159ea515eb44521901ef0d00baa91c10a8e44a76aac3468a15bd3d45ad389977467f306f9bcde071b30769795eed2f1580414d168f557cd90040c4bd2a3d6bc509254a12cece59181fcb5bad8c24bd9f8f78d17ab01831325501e80d899e9252f99d3a2666343392fda115048e4f4dd9f45657f8224fc78eb1168fe0527fac33466aadf48f16994d29a47778566e0f3945b2bf36b6eecc7fa18914beb66ac9e519bd3330000000000000009a3237aebbe3bed781e39d5a0fb0cdc60e196f2261305feb596b5b66ab89d2d6333f699b16db68986ab3eee7b199fefb5f79ffb2d1050e46982af1c14a88dd9b647ba812f56a8404755c73e74bb90e64bab9647c70ed5afca1c3d87907d14df8aa9df6f40a80ace2bb8a2aad3b0c66915927db4173181943d88c0c76d5969e2043db5bd77fd60ba0f012139929ccfec965c1f769785a4d23332d71f0875e3146afef5b20cc306d3ecee65944fe9829e0ad0c3f6bb2fdc1bc31152538db50f47dc38ba908a0d808687e478a609fe0daa0000000000000000e7f2e98597e27f3e1dba9c3c16e9fab3bda6ed33cb1c75513e2264b69d4794ded98eff9aa53d22eb77c9d93169c04ab2490bf28106f770e07eb7a9e8fd4e71929f918b98c4cbfcb11a90139264a9ee807c973167f493760278df0cc34be9e8f86f948d9a62e63ad6ca9d174d2465380b1a00ddc42915e4f3a5db640600000095a3d63904c9ecd1c313c08e29b814bd8fed1ab6d2846c73345962895d289ac77152cac2e04c93a5470774975b42091f218dd1e68a15f8226577bf9481ae0555db64a717eb23a811356d00000000ddffffff00"}) syz_emit_vhci(&(0x7f00000003c0)=ANY=[@ANYBLOB="040e0620120c"], 0x9) openat$vim2m(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r2 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$CAPI_GET_SERIAL(r2, 0xc0044308, &(0x7f0000000080)) syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) writev(r3, &(0x7f0000000040)=[{&(0x7f0000000180)="290000002000190f00003fffffffda060200000000e80001dd0000040d001800ea11c21d0005000000", 0x29}], 0x1) bpf$MAP_CREATE(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r5 = dup(0xffffffffffffffff) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x1) write$sndseq(r6, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x10, @tick, {}, {0x0, 0xb7}, @raw32={[0x4]}}], 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r6, 0x4040534e, &(0x7f00000000c0)={0x312, @tick=0xc0010020}) syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) r7 = syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x201) pwritev2(r7, &(0x7f0000001b00)=[{&(0x7f00000000c0)='h', 0x1}], 0x2, 0x0, 0x0, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c0000001000ac69677e000000ffff0000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000001c00128009000100626f6e64000000000c00028008001e0000000000"], 0x3c}}, 0x0) ioctl$PPPOEIOCSFWD(r5, 0x4008b100, &(0x7f0000000100)={0x18, 0x0, {0x4, @broadcast, 'nr0\x00'}}) 0s ago: executing program 2 (id=2534): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0) unshare(0x68040200) r1 = socket$netlink(0x10, 0x3, 0x0) writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000080)="290000001600190f00003fffffffda060200000000e80003dd0000040d001800ea11c21d0005000000", 0x29}], 0x1) syz_open_dev$ndb(&(0x7f00000002c0), 0x0, 0x2000) ioctl$NBD_SET_SIZE_BLOCKS(0xffffffffffffffff, 0xab07, 0x5) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7b, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000080)=0x3, 0x4) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) syz_emit_vhci(&(0x7f0000000180)=@HCI_EVENT_PKT={0x4, @hci_ev_conn_request={{0x4, 0xa}, {@any, "546792"}}}, 0xd) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="042c119080"], 0x14) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000240)=@HCI_SCODATA_PKT={0x3, {0xc8, 0x51}, "ee3ccd5e284f0a98a290ea0f60f30dba637d51b622d428e11bbac658d0d18c9bc63ec6307d7938406546ffb7e3489c37ed856faa10454366ff9fe0ea477dc270e98a7faf0669c29dea5c5febb8955a70e4"}, 0x55) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @local}, 0x10) r2 = syz_open_dev$video(&(0x7f0000000300), 0x0, 0x1000) ioctl$VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f0000000440)={0x8, @win={{0x0, 0x1, 0x4, 0x20}, 0x0, 0x0, &(0x7f00000003c0)={{0x5, 0x40, 0x2, 0x3}, &(0x7f0000000380)={{0x5, 0x0, 0x6, 0x5}, &(0x7f0000000340)={{0xdb25, 0x80000001, 0x5, 0x8}}}}, 0x0, &(0x7f0000000400)="de6860463ea78103f1dbbd3492339e15f87ba51e080ad377c7bfe803806f40c7b561daf1ba1226191d38018ae4b257c6df771911", 0x1}}) r3 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$l2tp(&(0x7f00000000c0), 0xffffffffffffffff) r6 = socket$pppl2tp(0x18, 0x1, 0x1) r7 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r6, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r7, {0x2, 0x0, @dev}, 0x2}}, 0x2e) sendmsg$L2TP_CMD_SESSION_GET(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0100000000000000000006000000140008"], 0x28}}, 0x0) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000100)={0x0, 0x26, "ff340e2aa6c97dfb5d85838c72060d96979533d7357c6eed70fcdb9d47d21e46e792a151322f"}, &(0x7f0000000140)=0x2e) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000180)={r8, @in={{0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}}, 0x6a90c6a6, 0x6, 0x3, 0x7, 0x0, 0x4, 0x6}, 0x9c) fcntl$setstatus(r0, 0x4, 0x42000) sendto$inet(r0, &(0x7f00000005c0)="0c268a927f1f6588b96748f3bc4d0805b1e4e6f1c0822e581241ba78600a34f65ac618ded897488fabeaf489bb614e1ce790df05ef6d6285710000010022b3496ed0d7bb52fdf8ffffffffffffff2bd67aa03859bcecc7a95425a3a07e758044ab4ea6e9ae55d88f90d35bc0f8974af5cec9d97c73936c4a13cf3f8297c2f24d0bcd2bdbd664fc888b8c0000000000000000000000e98c1876f8734c9caacbf90aadf4eb0c9aae33bef78239f7a9f530461945401c214f643ce3857a9f49d86e5e86c562d478c8386affb05801de88dcb3ee9cc87ad8293a13b8d5f914437f3db67fb38575e0ef446a7e11629b9b12c09d1a43ad3e11c61312", 0xb8, 0x20000880, 0x0, 0x0) kernel console output (not intermixed with test programs): parsing attributes in process `syz.0.1978'. [ 483.164426][ T5136] usb 3-1: config 64 interface 51 altsetting 128 has a duplicate endpoint with address 0x7, skipping [ 483.192212][ T5136] usb 3-1: config 64 interface 51 altsetting 128 has a duplicate endpoint with address 0xD, skipping [ 483.358176][ T5136] usb 3-1: config 64 interface 51 has no altsetting 0 [ 483.375818][ T5136] usb 3-1: New USB device found, idVendor=0bc2, idProduct=2300, bcdDevice=52.ce [ 483.384928][T12123] hub 6-0:1.0: USB hub found [ 483.389964][ T5136] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 483.390082][T12123] hub 6-0:1.0: 1 port detected [ 483.403191][ T5136] usb 3-1: Product: syz [ 483.403410][T12117] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1978'. [ 483.432430][ T5136] usb 3-1: Manufacturer: ౱ [ 483.438699][ T5136] usb 3-1: SerialNumber: syz [ 483.447155][T12104] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 483.955469][ T5136] usb-storage 3-1:64.51: USB Mass Storage device detected [ 483.977403][ T5136] usb-storage 3-1:64.51: Quirks match for vid 0bc2 pid 2300: 200000 [ 484.055867][ T5136] usb 3-1: USB disconnect, device number 40 [ 484.220074][T12135] loop0: detected capacity change from 0 to 16384 [ 484.303031][T12140] ALSA: mixer_oss: invalid OSS volume '' [ 484.342110][ T98] I/O error, dev loop0, sector 512 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 484.359861][ T98] Buffer I/O error on dev loop0, logical block 64, lost async page write [ 484.401710][T12138] I/O error, dev loop0, sector 520 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 484.403962][T12135] I/O error, dev loop0, sector 3840 op 0x0:(READ) flags 0x80700 phys_seg 11 prio class 0 [ 484.411550][T12138] Buffer I/O error on dev loop0, logical block 65, lost async page write [ 484.644030][ T5137] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 484.675573][T12149] netlink: 11 bytes leftover after parsing attributes in process `syz.3.1989'. [ 484.698728][ T29] kauditd_printk_skb: 66 callbacks suppressed [ 484.698745][ T29] audit: type=1800 audit(1719656373.236:142): pid=12151 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.2.1988" name="bus" dev="sda1" ino=2005 res=0 errno=0 [ 485.046410][ T5137] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 485.441701][ C0] vxcan0: j1939_tp_rxtimer: 0xffff88802edb2400: rx timeout, send abort [ 485.450415][ C0] vxcan0: j1939_tp_rxtimer: 0xffff88802edb1c00: rx timeout, send abort [ 485.459618][ C0] vxcan0: j1939_xtp_rx_abort_one: 0xffff88802edb2400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 485.474197][ C0] vxcan0: j1939_xtp_rx_abort_one: 0xffff88802edb1c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 485.796145][ T5137] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 485.818104][ T5137] usb 2-1: New USB device found, idVendor=046d, idProduct=c219, bcdDevice= 0.00 [ 485.828243][ T5137] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 485.876022][T12170] loop7: detected capacity change from 0 to 16384 [ 485.892161][ T5137] usb 2-1: config 0 descriptor?? [ 486.162480][T12172] hub 6-0:1.0: USB hub found [ 486.170382][T12175] ALSA: mixer_oss: invalid OSS volume '' [ 486.173038][T12172] hub 6-0:1.0: 1 port detected [ 486.312861][ T5137] logitech 0003:046D:C219.0011: item fetching failed at offset 5/7 [ 486.399885][ T5137] logitech 0003:046D:C219.0011: parse failed [ 486.419591][ T5137] logitech 0003:046D:C219.0011: probe with driver logitech failed with error -22 [ 487.831292][T12196] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 487.917967][T12201] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 487.927026][T12201] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 488.343893][ T5137] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 489.280961][T12223] ALSA: mixer_oss: invalid OSS volume '' [ 489.369791][ T7949] usb 2-1: USB disconnect, device number 35 [ 489.666224][T11677] Bluetooth: hci4: ACL packet for unknown connection handle 2248 [ 489.715685][T12242] hub 6-0:1.0: USB hub found [ 489.723879][T12242] hub 6-0:1.0: 1 port detected [ 490.022679][ T29] audit: type=1326 audit(1719656378.556:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12237 comm="syz.1.2012" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0534575b99 code=0x7ffc0000 [ 490.047169][ T50] usb 5-1: new high-speed USB device number 59 using dummy_hcd [ 490.063699][ T29] audit: type=1326 audit(1719656378.556:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12237 comm="syz.1.2012" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0534575b99 code=0x7ffc0000 [ 490.138809][T12247] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2012'. [ 490.169052][T12247] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2012'. [ 490.295596][ T50] usb 5-1: Using ep0 maxpacket: 8 [ 490.333309][ T50] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 490.367931][ T50] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 490.400491][ T50] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 490.443671][ T50] usb 5-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.01 [ 490.463925][ T50] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 490.486323][ T50] usb 5-1: config 0 descriptor?? [ 490.525248][ T50] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 490.633364][T12262] loop7: detected capacity change from 0 to 16384 [ 491.065348][T11038] usb 5-1: USB disconnect, device number 59 [ 491.293106][T12274] ALSA: mixer_oss: invalid OSS volume '' [ 491.674056][ T29] audit: type=1800 audit(1719656380.196:145): pid=12280 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.0.2022" name="file1" dev="sda1" ino=2016 res=0 errno=0 [ 492.579388][T12291] hub 6-0:1.0: USB hub found [ 492.586834][T12291] hub 6-0:1.0: 1 port detected [ 492.681983][T12295] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2029'. [ 492.783994][T11038] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 492.830599][T12295] hsr_slave_0 (unregistering): left promiscuous mode [ 492.997001][T11038] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 493.018964][T11038] usb 1-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config [ 493.035819][T11038] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 493.053968][T11038] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 12336, setting to 64 [ 493.097239][T11038] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 493.115644][T11038] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 493.146357][T11038] usb 1-1: Product: syz [ 493.155894][T11038] usb 1-1: Manufacturer: syz [ 493.187852][T11038] cdc_wdm 1-1:1.0: skipping garbage [ 493.212098][T11038] cdc_wdm 1-1:1.0: skipping garbage [ 493.227013][T11038] cdc_wdm 1-1:1.0: probe with driver cdc_wdm failed with error -22 [ 493.474105][T12307] ALSA: mixer_oss: invalid OSS volume '' [ 493.599616][T11038] usb 1-1: USB disconnect, device number 27 [ 493.693934][T11677] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 493.703349][T11677] Bluetooth: hci4: Injecting HCI hardware error event [ 493.713220][ T53] Bluetooth: hci4: hardware error 0x00 [ 493.893903][ T5209] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 494.084083][ T5209] usb 3-1: Using ep0 maxpacket: 16 [ 494.091554][ T5209] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 494.123713][ T5209] usb 3-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 494.141341][ T5209] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 494.152487][ T5209] usb 3-1: config 0 descriptor?? [ 494.173170][ T5209] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 494.607261][T12329] netlink: 'syz.3.2038': attribute type 10 has an invalid length. [ 494.614389][T12326] ɶƣ0G0w: entered promiscuous mode [ 494.825816][T12336] hub 6-0:1.0: USB hub found [ 494.840270][T12336] hub 6-0:1.0: 1 port detected [ 494.924058][T11038] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 494.971788][T12316] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 494.980891][T12316] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 495.070622][T12316] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 495.145451][T11038] usb 1-1: Using ep0 maxpacket: 8 [ 495.163408][T11038] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 495.175398][T11038] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 495.203089][T11038] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 495.225137][T11038] usb 1-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.01 [ 495.245650][T11038] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 495.279290][T11038] usb 1-1: config 0 descriptor?? [ 495.291060][T11038] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 495.744458][T12344] ALSA: mixer_oss: invalid OSS volume '' [ 495.784194][ T53] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 496.194453][ T50] usb 1-1: USB disconnect, device number 28 [ 496.725033][ T5137] usb 3-1: USB disconnect, device number 42 [ 496.744614][T12370] hub 6-0:1.0: USB hub found [ 496.749635][T12370] hub 6-0:1.0: 1 port detected [ 496.938092][T12377] hub 6-0:1.0: USB hub found [ 496.944285][T12376] ALSA: mixer_oss: invalid OSS volume '' [ 496.954163][T12377] hub 6-0:1.0: 1 port detected [ 497.191688][T12383] sctp: [Deprecated]: syz.0.2056 (pid 12383) Use of struct sctp_assoc_value in delayed_ack socket option. [ 497.191688][T12383] Use struct sctp_sack_info instead [ 497.258991][ T29] audit: type=1800 audit(1719656385.796:146): pid=12383 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.0.2056" name="bus" dev="sda1" ino=2020 res=0 errno=0 [ 497.332520][T12386] bond0: (slave bond_slave_1): Releasing backup interface [ 497.759633][T12398] syz.2.2060 uses obsolete (PF_INET,SOCK_PACKET) [ 497.963882][ T5136] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 498.273428][ T5136] usb 4-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=14.d4 [ 498.299120][ T5136] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 498.315451][ T5136] usb 4-1: config 0 descriptor?? [ 498.352619][T12411] ALSA: mixer_oss: invalid OSS volume '' [ 498.359707][T12407] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2063'. [ 498.603490][T12419] loop0: detected capacity change from 0 to 16384 [ 498.816079][T12394] capability: warning: `syz.3.2058' uses deprecated v2 capabilities in a way that may be insecure [ 498.833743][T12419] I/O error, dev loop0, sector 3072 op 0x0:(READ) flags 0x80700 phys_seg 8 prio class 0 [ 498.865412][ T29] audit: type=1326 audit(1719656387.386:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12414 comm="syz.2.2066" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f26a2175b99 code=0x0 [ 498.886540][ C1] vkms_vblank_simulate: vblank timer overrun [ 498.945421][T12420] I/O error, dev loop0, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 499.062719][T12420] Buffer I/O error on dev loop0, logical block 0, lost async page write [ 499.503940][ T5136] gs_usb 4-1:0.0: Configuring for 1 interfaces [ 499.515270][ T5136] gs_usb 4-1:0.0: Couldn't get bit timing const for channel 0 (-EPROTO) [ 499.524063][ T5136] gs_usb 4-1:0.0: probe with driver gs_usb failed with error -71 [ 499.534933][ T5136] usb 4-1: USB disconnect, device number 39 [ 499.699343][T12433] hub 6-0:1.0: USB hub found [ 499.719883][T12433] hub 6-0:1.0: 1 port detected [ 499.730964][T12434] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 499.763336][T12429] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 499.795488][T12429] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 499.815667][T12440] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 499.870275][T12431] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 499.928940][T12442] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 500.001324][ T29] audit: type=1326 audit(1719656388.536:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12443 comm="syz.1.2074" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0534575b99 code=0x7ffc0000 [ 500.022873][ C1] vkms_vblank_simulate: vblank timer overrun [ 500.036849][ T29] audit: type=1326 audit(1719656388.536:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12443 comm="syz.1.2074" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0534575b99 code=0x7ffc0000 [ 500.060374][ T29] audit: type=1326 audit(1719656388.536:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12443 comm="syz.1.2074" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f0534575b99 code=0x7ffc0000 [ 500.086467][ T29] audit: type=1326 audit(1719656388.536:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12443 comm="syz.1.2074" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0534575b99 code=0x7ffc0000 [ 500.110779][ T29] audit: type=1326 audit(1719656388.576:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12443 comm="syz.1.2074" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f0534575b99 code=0x7ffc0000 [ 500.133406][ T29] audit: type=1326 audit(1719656388.576:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12443 comm="syz.1.2074" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0534575b99 code=0x7ffc0000 [ 500.158404][ T29] audit: type=1326 audit(1719656388.576:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12443 comm="syz.1.2074" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7f0534575b99 code=0x7ffc0000 [ 500.184135][ T29] audit: type=1326 audit(1719656388.576:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12443 comm="syz.1.2074" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0534575b99 code=0x7ffc0000 [ 500.205678][ C1] vkms_vblank_simulate: vblank timer overrun [ 500.345311][T12446] ALSA: mixer_oss: invalid OSS volume '' [ 500.440591][T12448] ALSA: mixer_oss: invalid OSS volume '' [ 500.538323][ T5137] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 500.560000][ T5137] hid-generic 0000:0000:0000.0012: hidraw0: HID v0.00 Device [syz0] on syz1 [ 500.581941][T12456] netlink: 'syz.3.2080': attribute type 3 has an invalid length. [ 500.677239][T12454] binder: 12453:12454 unknown command 0 [ 500.682883][T12454] binder: 12453:12454 ioctl c0306201 20000a80 returned -22 [ 500.784327][T12464] loop0: detected capacity change from 0 to 16384 [ 500.879596][T12467] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 500.912346][ T57] I/O error, dev loop0, sector 768 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 500.922094][ T57] Buffer I/O error on dev loop0, logical block 96, lost async page write [ 500.956847][T12464] I/O error, dev loop0, sector 1792 op 0x0:(READ) flags 0x80700 phys_seg 22 prio class 0 [ 500.957026][T12465] I/O error, dev loop0, sector 776 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 500.994304][T12465] Buffer I/O error on dev loop0, logical block 97, lost async page write [ 501.153277][ T2881] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 501.261492][T12473] input: syz1 as /devices/virtual/input/input21 [ 501.306563][ T2881] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 501.338691][T12475] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 501.400614][ T2881] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 501.404145][T12475] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 501.567665][ T2881] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 501.616780][ T1246] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.620705][T12479] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 501.623389][ T1246] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.671897][T12479] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 501.744643][T11677] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 501.752241][ T2881] bridge_slave_1: left allmulticast mode [ 501.755371][T11677] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 501.765573][ T2881] bridge_slave_1: left promiscuous mode [ 501.767251][T11677] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 501.781995][T11677] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 501.784236][ T2881] bridge0: port 2(bridge_slave_1) entered disabled state [ 501.790441][T11677] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 501.797165][T12479] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 501.804749][T11677] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 501.851701][ T2881] bridge_slave_0: left allmulticast mode [ 501.868038][ T2881] bridge_slave_0: left promiscuous mode [ 501.874072][ T2881] bridge0: port 1(bridge_slave_0) entered disabled state [ 501.953874][ T50] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 502.145770][ T50] usb 4-1: Using ep0 maxpacket: 8 [ 502.161744][ T50] usb 4-1: too many configurations: 93, using maximum allowed: 8 [ 502.177879][ T50] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 502.193973][ T50] usb 4-1: can't read configurations, error -61 [ 502.361190][ T50] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 502.401144][ T2881] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 502.422727][ T2881] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 502.439148][ T2881] bond0 (unregistering): Released all slaves [ 502.461029][T12486] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2091'. [ 502.565136][ T50] usb 4-1: Using ep0 maxpacket: 8 [ 502.584769][ T50] usb 4-1: too many configurations: 93, using maximum allowed: 8 [ 502.627303][ T50] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 502.644857][ T50] usb 4-1: can't read configurations, error -61 [ 502.654501][ T50] usb usb4-port1: attempt power cycle [ 502.667400][T12491] netlink: 'syz.2.2093': attribute type 3 has an invalid length. [ 502.874121][ T2881] hsr_slave_0: left promiscuous mode [ 502.881950][ T2881] hsr_slave_1: left promiscuous mode [ 502.919542][ T2881] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 502.935900][ T2881] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 502.944941][ T2881] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 502.952588][ T2881] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 502.960505][T12497] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 503.027868][ T2881] veth1_macvtap: left promiscuous mode [ 503.064017][ T50] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 503.077054][ T2881] veth0_macvtap: left promiscuous mode [ 503.105281][ T2881] veth1_vlan: left promiscuous mode [ 503.105663][ T50] usb 4-1: Using ep0 maxpacket: 8 [ 503.128794][ T2881] veth0_vlan: left promiscuous mode [ 503.140517][ T50] usb 4-1: too many configurations: 93, using maximum allowed: 8 [ 503.155395][ T50] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 503.190354][ T50] usb 4-1: can't read configurations, error -61 [ 503.364224][ T50] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 503.386012][T12502] loop0: detected capacity change from 0 to 16384 [ 503.426953][ T50] usb 4-1: Using ep0 maxpacket: 8 [ 503.441218][ T50] usb 4-1: too many configurations: 93, using maximum allowed: 8 [ 503.480768][ T50] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 503.498328][ T50] usb 4-1: can't read configurations, error -61 [ 503.528001][ T98] I/O error, dev loop0, sector 256 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 503.532380][ T50] usb usb4-port1: unable to enumerate USB device [ 503.540307][ T98] Buffer I/O error on dev loop0, logical block 32, lost async page write [ 503.572574][T12503] I/O error, dev loop0, sector 264 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 503.573897][T12502] I/O error, dev loop0, sector 2048 op 0x0:(READ) flags 0x80700 phys_seg 17 prio class 0 [ 503.582889][T12503] Buffer I/O error on dev loop0, logical block 33, lost async page write [ 503.651847][ T53] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 503.666425][ T53] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 503.676297][ T53] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 503.696199][ T53] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 503.713981][ T53] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 503.730841][ T53] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 503.780616][ T29] kauditd_printk_skb: 97 callbacks suppressed [ 503.780632][ T29] audit: type=1326 audit(1719656392.316:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12507 comm="syz.0.2099" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66ce175b99 code=0x7ffc0000 [ 503.832335][ T29] audit: type=1326 audit(1719656392.316:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12507 comm="syz.0.2099" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66ce175b99 code=0x7ffc0000 [ 503.854851][ T53] Bluetooth: hci4: command tx timeout [ 503.874236][ T29] audit: type=1326 audit(1719656392.316:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12507 comm="syz.0.2099" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f66ce175b99 code=0x7ffc0000 [ 503.901784][ T29] audit: type=1326 audit(1719656392.316:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12507 comm="syz.0.2099" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66ce175b99 code=0x7ffc0000 [ 503.923512][ T29] audit: type=1326 audit(1719656392.326:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12507 comm="syz.0.2099" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f66ce175b99 code=0x7ffc0000 [ 503.952797][ T29] audit: type=1326 audit(1719656392.326:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12507 comm="syz.0.2099" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66ce175b99 code=0x7ffc0000 [ 503.983697][ T29] audit: type=1326 audit(1719656392.326:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12507 comm="syz.0.2099" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7f66ce175b99 code=0x7ffc0000 [ 504.005264][ C1] vkms_vblank_simulate: vblank timer overrun [ 504.021296][ T29] audit: type=1326 audit(1719656392.326:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12507 comm="syz.0.2099" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66ce175b99 code=0x7ffc0000 [ 504.043800][ T29] audit: type=1326 audit(1719656392.326:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12507 comm="syz.0.2099" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66ce175b99 code=0x7ffc0000 [ 504.065608][ T29] audit: type=1326 audit(1719656392.326:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12507 comm="syz.0.2099" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f66ce175b99 code=0x7ffc0000 [ 504.087173][ C1] vkms_vblank_simulate: vblank timer overrun [ 504.335710][ T2881] team0 (unregistering): Port device team_slave_1 removed [ 504.401564][ T2881] team0 (unregistering): Port device team_slave_0 removed [ 504.521353][T12511] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 504.592507][T12512] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 504.983355][T12514] netlink: 'syz.3.2101': attribute type 10 has an invalid length. [ 505.016369][T12514] bond0: (slave macvlan0): Enslaving as an active interface with an up link [ 505.250716][T12483] chnl_net:caif_netlink_parms(): no params data found [ 505.326477][T12525] loop0: detected capacity change from 0 to 16384 [ 505.420985][T12483] bridge0: port 1(bridge_slave_0) entered blocking state [ 505.436474][T12483] bridge0: port 1(bridge_slave_0) entered disabled state [ 505.443721][T12483] bridge_slave_0: entered allmulticast mode [ 505.458668][T12483] bridge_slave_0: entered promiscuous mode [ 505.479670][ T2881] IPVS: stop unused estimator thread 0... [ 505.498663][ T98] I/O error, dev loop0, sector 8 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 505.508782][ T98] Buffer I/O error on dev loop0, logical block 1, lost async page write [ 505.524270][ T98] I/O error, dev loop0, sector 16 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 505.535057][T12483] bridge0: port 2(bridge_slave_1) entered blocking state [ 505.542197][T12483] bridge0: port 2(bridge_slave_1) entered disabled state [ 505.549361][ T98] Buffer I/O error on dev loop0, logical block 2, lost async page write [ 505.557826][ T98] I/O error, dev loop0, sector 24 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 505.567620][ T98] Buffer I/O error on dev loop0, logical block 3, lost async page write [ 505.577089][ T98] I/O error, dev loop0, sector 32 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 505.586628][ T98] Buffer I/O error on dev loop0, logical block 4, lost async page write [ 505.596662][ T98] I/O error, dev loop0, sector 40 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 505.606691][ T98] Buffer I/O error on dev loop0, logical block 5, lost async page write [ 505.612370][T12483] bridge_slave_1: entered allmulticast mode [ 505.615173][ T98] I/O error, dev loop0, sector 48 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 505.615202][ T98] Buffer I/O error on dev loop0, logical block 6, lost async page write [ 505.615238][ T98] I/O error, dev loop0, sector 56 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 505.615263][ T98] Buffer I/O error on dev loop0, logical block 7, lost async page write [ 505.640934][T12483] bridge_slave_1: entered promiscuous mode [ 505.649291][ T98] I/O error, dev loop0, sector 64 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 505.673384][ T98] Buffer I/O error on dev loop0, logical block 8, lost async page write [ 505.681794][ T98] I/O error, dev loop0, sector 72 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 505.693127][ T98] Buffer I/O error on dev loop0, logical block 9, lost async page write [ 505.701541][ T98] I/O error, dev loop0, sector 80 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 505.711099][ T98] Buffer I/O error on dev loop0, logical block 10, lost async page write [ 505.774106][ T53] Bluetooth: hci1: command tx timeout [ 505.911653][T12483] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 505.913298][T12539] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 505.940879][ T53] Bluetooth: hci4: command tx timeout [ 505.972153][T12483] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 506.111435][T12546] loop0: detected capacity change from 0 to 16384 [ 506.132304][T12483] team0: Port device team_slave_0 added [ 506.146042][T12505] chnl_net:caif_netlink_parms(): no params data found [ 506.162863][T12483] team0: Port device team_slave_1 added [ 506.279241][T12483] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 506.279260][T12483] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 506.279290][T12483] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 506.281427][T12483] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 506.281443][T12483] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 506.281470][T12483] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 506.440414][ C1] vkms_vblank_simulate: vblank timer overrun [ 506.591592][T12505] bridge0: port 1(bridge_slave_0) entered blocking state [ 506.599149][T12505] bridge0: port 1(bridge_slave_0) entered disabled state [ 506.599314][T12505] bridge_slave_0: entered allmulticast mode [ 506.600813][T12505] bridge_slave_0: entered promiscuous mode [ 506.606639][T12505] bridge0: port 2(bridge_slave_1) entered blocking state [ 506.606736][T12505] bridge0: port 2(bridge_slave_1) entered disabled state [ 506.606870][T12505] bridge_slave_1: entered allmulticast mode [ 506.608187][T12505] bridge_slave_1: entered promiscuous mode [ 506.676916][T12483] hsr_slave_0: entered promiscuous mode [ 506.692724][T12483] hsr_slave_1: entered promiscuous mode [ 506.693615][T12483] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 506.693739][T12483] Cannot create hsr debugfs directory [ 506.756332][T12505] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 506.932634][T12505] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 507.190203][T12505] team0: Port device team_slave_0 added [ 507.257101][T12505] team0: Port device team_slave_1 added [ 507.319528][T12557] loop7: detected capacity change from 0 to 16384 [ 507.558202][T12505] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 507.583859][T12505] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 507.609790][ C1] vkms_vblank_simulate: vblank timer overrun [ 507.653831][T12505] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 507.693012][T12505] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 507.717909][T12505] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 507.743798][ C1] vkms_vblank_simulate: vblank timer overrun [ 507.752629][T12505] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 507.854340][ T53] Bluetooth: hci1: command tx timeout [ 507.994922][T12573] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 508.011845][T12570] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 508.014210][ T53] Bluetooth: hci4: command tx timeout [ 508.027542][T12505] hsr_slave_0: entered promiscuous mode [ 508.045025][T12505] hsr_slave_1: entered promiscuous mode [ 508.053161][T12505] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 508.071163][T12505] Cannot create hsr debugfs directory [ 508.105421][T12574] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 508.134815][ T5209] usb 4-1: new high-speed USB device number 44 using dummy_hcd [ 508.311311][T12483] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 508.327126][T12483] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 508.334874][ T5209] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 255, changing to 11 [ 508.350755][ T5209] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024 [ 508.362725][ T5209] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 508.382343][ T5209] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 508.391608][ T5209] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 508.408083][ T5209] usb 4-1: config 0 descriptor?? [ 508.414090][T12567] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 508.416507][T12505] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 508.452774][T12483] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 508.479269][T12483] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 508.538630][T12505] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 508.659089][T12505] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 508.768358][T12583] loop7: detected capacity change from 0 to 16384 [ 508.825566][T12505] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 508.992770][T12483] 8021q: adding VLAN 0 to HW filter on device bond0 [ 509.050846][ T5209] usbhid 4-1:0.0: can't add hid device: -71 [ 509.061013][ T5209] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 509.078183][ T5209] usb 4-1: USB disconnect, device number 44 [ 509.151885][T12483] 8021q: adding VLAN 0 to HW filter on device team0 [ 509.162853][T12586] hub 6-0:1.0: USB hub found [ 509.175015][T12586] hub 6-0:1.0: 1 port detected [ 509.199365][T12505] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 509.239157][T12505] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 509.281641][ T7949] bridge0: port 1(bridge_slave_0) entered blocking state [ 509.288918][ T7949] bridge0: port 1(bridge_slave_0) entered forwarding state [ 509.311040][T12505] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 509.354366][ T7949] bridge0: port 2(bridge_slave_1) entered blocking state [ 509.361581][ T7949] bridge0: port 2(bridge_slave_1) entered forwarding state [ 509.394736][T12505] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 509.718655][T12595] loop0: detected capacity change from 0 to 16384 [ 509.795877][T12505] 8021q: adding VLAN 0 to HW filter on device bond0 [ 509.925510][T12483] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 509.938923][ T53] Bluetooth: hci1: command tx timeout [ 510.041951][T12505] 8021q: adding VLAN 0 to HW filter on device team0 [ 510.074736][ T7949] bridge0: port 1(bridge_slave_0) entered blocking state [ 510.081860][ T7949] bridge0: port 1(bridge_slave_0) entered forwarding state [ 510.095532][T11677] Bluetooth: hci4: command tx timeout [ 510.200943][ T7949] bridge0: port 2(bridge_slave_1) entered blocking state [ 510.208245][ T7949] bridge0: port 2(bridge_slave_1) entered forwarding state [ 510.338064][T12483] veth0_vlan: entered promiscuous mode [ 510.388948][T12483] veth1_vlan: entered promiscuous mode [ 510.525399][T12483] veth0_macvtap: entered promiscuous mode [ 510.552940][T12483] veth1_macvtap: entered promiscuous mode [ 510.626468][T12483] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 510.664790][T12483] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 510.704840][T12483] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 510.742488][T12483] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 510.763566][ T29] kauditd_printk_skb: 155 callbacks suppressed [ 510.763582][ T29] audit: type=1326 audit(1719656399.276:418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12610 comm="syz.0.2126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66ce175b99 code=0x7ffc0000 [ 510.798494][T12483] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 510.812176][T12483] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 510.822516][T12483] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 510.838428][ T29] audit: type=1326 audit(1719656399.276:419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12610 comm="syz.0.2126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66ce175b99 code=0x7ffc0000 [ 510.863798][T12483] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 510.873992][ T29] audit: type=1326 audit(1719656399.296:420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12610 comm="syz.0.2126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f66ce175b99 code=0x7ffc0000 [ 510.885475][T12483] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 510.908397][ T29] audit: type=1326 audit(1719656399.296:421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12610 comm="syz.0.2126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66ce175b99 code=0x7ffc0000 [ 510.926992][T12483] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 510.941821][ T29] audit: type=1326 audit(1719656399.296:422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12610 comm="syz.0.2126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f66ce175b99 code=0x7ffc0000 [ 510.964328][T12483] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 510.970671][ T29] audit: type=1326 audit(1719656399.296:423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12610 comm="syz.0.2126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66ce175b99 code=0x7ffc0000 [ 510.995751][T12483] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 510.995772][T12483] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 510.995786][T12483] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 510.995801][T12483] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 510.995815][T12483] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 510.995829][T12483] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 510.997599][T12483] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 511.013571][ T29] audit: type=1326 audit(1719656399.296:424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12610 comm="syz.0.2126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7f66ce175b99 code=0x7ffc0000 [ 511.089166][ T29] audit: type=1326 audit(1719656399.296:425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12610 comm="syz.0.2126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66ce175b99 code=0x7ffc0000 [ 511.112093][ T29] audit: type=1326 audit(1719656399.296:426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12610 comm="syz.0.2126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f66ce175b99 code=0x7ffc0000 [ 511.123437][T12483] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 511.177448][ T29] audit: type=1326 audit(1719656399.296:427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12610 comm="syz.0.2126" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f66ce175b99 code=0x7ffc0000 [ 511.183328][T12483] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 511.234417][T12483] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 511.257028][T12483] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 511.370429][T12617] loop7: detected capacity change from 0 to 16384 [ 511.434910][T12505] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 511.543476][ T66] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 511.571529][ T66] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 511.632761][ T66] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 511.646879][ T66] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 511.837268][T12637] bridge0: port 3(gretap0) entered blocking state [ 511.854015][ T5135] usb 3-1: new high-speed USB device number 43 using dummy_hcd [ 511.861937][T12637] bridge0: port 3(gretap0) entered disabled state [ 511.882404][T12637] gretap0: entered allmulticast mode [ 511.891808][T12637] gretap0: entered promiscuous mode [ 511.902590][T12637] bridge0: port 3(gretap0) entered blocking state [ 511.909260][T12637] bridge0: port 3(gretap0) entered forwarding state [ 512.011852][T12505] veth0_vlan: entered promiscuous mode [ 512.014604][T11677] Bluetooth: hci1: command tx timeout [ 512.025664][T12505] veth1_vlan: entered promiscuous mode [ 512.063932][ T5135] usb 3-1: Using ep0 maxpacket: 32 [ 512.081936][ T5135] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 512.137608][T12505] veth0_macvtap: entered promiscuous mode [ 512.146569][ T5135] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 512.162422][T12505] veth1_macvtap: entered promiscuous mode [ 512.171383][ T5135] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 512.188141][ T5135] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 512.209375][T12505] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 512.223864][T12505] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 512.238903][ T5135] hub 3-1:4.0: USB hub found [ 512.243671][T12505] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 512.260370][ T5136] usb 4-1: new high-speed USB device number 45 using dummy_hcd [ 512.268789][T12505] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 512.280115][T12505] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 512.291009][T12505] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 512.301043][T12505] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 512.311819][T12505] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 512.321702][T12505] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 512.332291][T12505] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 512.346573][T12505] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 512.361824][T12505] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 512.375489][T12505] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 512.386382][T12505] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 512.397051][T12505] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 512.407026][T12505] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 512.420443][T12505] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 512.430418][T12505] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 512.442907][T12505] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 512.454285][T12505] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 512.465153][T12505] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 512.477629][T12505] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 512.497996][T12505] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 512.513966][ T5136] usb 4-1: Using ep0 maxpacket: 32 [ 512.519712][T12505] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 512.526003][ T5136] usb 4-1: New USB device found, idVendor=0458, idProduct=7006, bcdDevice=69.91 [ 512.546813][T12505] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 512.553933][ T5136] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 512.564138][T12505] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 512.589519][T12652] loop0: detected capacity change from 0 to 16384 [ 512.597975][ T5136] usb 4-1: config 0 descriptor?? [ 512.629305][ T5136] gspca_main: sunplus-2.14.0 probing 0458:7006 [ 512.644073][T12654] loop7: detected capacity change from 0 to 16384 [ 512.716461][ T2881] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 512.731426][ T2881] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 512.825964][ T66] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 512.847251][ T5136] gspca_sunplus: reg_w_riv err -71 [ 512.863119][ T5136] sunplus 4-1:0.0: probe with driver sunplus failed with error -71 [ 512.871344][ T66] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 512.889878][ T5136] usb 4-1: USB disconnect, device number 45 [ 513.015558][ T5135] hub 3-1:4.0: config failed, can't read hub descriptor (err -22) [ 513.067797][ T5135] usb 3-1: USB disconnect, device number 43 [ 513.147353][T12666] hub 6-0:1.0: USB hub found [ 513.153003][T12666] hub 6-0:1.0: 1 port detected [ 513.209353][T12670] nullb0: AHDI p1 [ 514.453903][ T7949] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 514.697678][ T7949] usb 1-1: config 36 has an invalid interface number: 77 but max is 0 [ 514.708139][ T7949] usb 1-1: config 36 has no interface number 0 [ 514.716964][ T5137] usb 4-1: new high-speed USB device number 46 using dummy_hcd [ 514.733696][ T7949] usb 1-1: config 36 interface 77 altsetting 0 endpoint 0xC has invalid maxpacket 1024, setting to 64 [ 514.748266][T12692] loop7: detected capacity change from 0 to 16384 [ 514.766009][ T7949] usb 1-1: New USB device found, idVendor=19d2, idProduct=ff63, bcdDevice=40.3a [ 514.775270][ T7949] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 514.783278][ T7949] usb 1-1: Product: syz [ 514.788002][ T7949] usb 1-1: Manufacturer: syz [ 514.792612][ T7949] usb 1-1: SerialNumber: syz [ 514.933981][ T5137] usb 4-1: Using ep0 maxpacket: 32 [ 514.945540][ T5137] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 514.962644][ T5137] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 514.993874][ T5137] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 515.023667][ T5137] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 515.033012][ T7949] option 1-1:36.77: GSM modem (1-port) converter detected [ 515.085957][ T7949] usb 1-1: USB disconnect, device number 29 [ 515.101888][ T5137] hub 4-1:4.0: USB hub found [ 515.117547][ T7949] option 1-1:36.77: device disconnected [ 515.584789][ T5137] hub 4-1:4.0: config failed, hub doesn't have any ports! (err -19) [ 515.912625][T12719] hub 6-0:1.0: USB hub found [ 515.930684][T12719] hub 6-0:1.0: 1 port detected [ 516.025556][ T5087] usb 4-1: USB disconnect, device number 46 [ 516.031999][T12727] loop0: detected capacity change from 0 to 7 [ 516.062611][T12727] Dev loop0: unable to read RDB block 7 [ 516.075997][T12727] loop0: unable to read partition table [ 516.097709][T12727] loop0: partition table beyond EOD, truncated [ 516.127261][T12727] loop_reread_partitions: partition scan of loop0 (被xڬdƤݡ [ 516.127261][T12727] ) failed (rc=-5) [ 516.169935][T12732] loop7: detected capacity change from 0 to 16384 [ 516.635039][T12746] loop7: detected capacity change from 0 to 16384 [ 517.294063][T11677] Bluetooth: hci1: command tx timeout [ 517.433984][T11963] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 517.670456][T11963] usb 1-1: config 0 has no interfaces? [ 517.686851][T11963] usb 1-1: New USB device found, idVendor=056a, idProduct=4001, bcdDevice= 0.00 [ 517.719934][T11963] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 517.748881][T12780] loop7: detected capacity change from 0 to 16384 [ 517.756605][T11963] usb 1-1: config 0 descriptor?? [ 518.017544][ T5137] usb 1-1: USB disconnect, device number 30 [ 518.266322][T12794] loop7: detected capacity change from 0 to 16384 [ 518.486226][T12811] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 518.843290][T12817] loop7: detected capacity change from 0 to 16384 [ 520.424511][T12847] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2192'. [ 520.505314][T12857] netlink: 'syz.0.2195': attribute type 4 has an invalid length. [ 520.679700][ T5137] usb 4-1: new high-speed USB device number 47 using dummy_hcd [ 520.907496][ T5137] usb 4-1: config 0 has no interfaces? [ 520.915190][ T5137] usb 4-1: New USB device found, idVendor=056a, idProduct=4001, bcdDevice= 0.00 [ 520.954001][ T5137] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 520.965254][ T5137] usb 4-1: config 0 descriptor?? [ 521.193334][ T5087] usb 4-1: USB disconnect, device number 47 [ 521.393996][T11963] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 521.617279][T11963] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7 [ 521.632457][T11963] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xFF has invalid wMaxPacketSize 0 [ 521.642324][T11963] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 521.655505][T11963] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 521.664699][T11963] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 521.683053][T11963] usb 1-1: config 0 descriptor?? [ 522.135293][T11677] Bluetooth: hci1: command tx timeout [ 522.217970][T12898] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present! [ 522.260009][T12901] loop7: detected capacity change from 0 to 16384 [ 522.391542][T12905] ALSA: mixer_oss: invalid OSS volume '' [ 522.399116][T12901] blk_print_req_error: 8 callbacks suppressed [ 522.399136][T12901] I/O error, dev loop7, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 522.416004][T12901] buffer_io_error: 7 callbacks suppressed [ 522.416024][T12901] Buffer I/O error on dev loop7, logical block 1, async page read [ 522.437803][T12901] Dev loop7: unable to read RDB block 8 [ 522.443745][T12901] loop7: unable to read partition table [ 522.454569][T12901] loop7: partition table beyond EOD, truncated [ 522.460900][T12901] loop_reread_partitions: partition scan of loop7 () failed (rc=-5) [ 522.545244][ T7949] usb 4-1: new high-speed USB device number 48 using dummy_hcd [ 522.557965][T11963] usbhid 1-1:0.0: can't add hid device: -71 [ 522.564886][T11963] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 522.577752][T11963] usb 1-1: USB disconnect, device number 31 [ 522.715986][ T7949] usb 4-1: device descriptor read/64, error -71 [ 522.974563][T11677] Bluetooth: hci2: command tx timeout [ 522.985152][ T7949] usb 4-1: new high-speed USB device number 49 using dummy_hcd [ 523.145061][ T7949] usb 4-1: device descriptor read/64, error -71 [ 523.274732][ T7949] usb usb4-port1: attempt power cycle [ 523.293968][ T5137] usb 3-1: new high-speed USB device number 44 using dummy_hcd [ 523.419225][ T29] kauditd_printk_skb: 35 callbacks suppressed [ 523.419245][ T29] audit: type=1800 audit(1719656411.956:463): pid=12933 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.4.2219" name="bus" dev="sda1" ino=2032 res=0 errno=0 [ 523.477600][ T5137] usb 3-1: config 0 has no interfaces? [ 523.477638][ T5137] usb 3-1: New USB device found, idVendor=056a, idProduct=4001, bcdDevice= 0.00 [ 523.477729][ T5137] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 523.506088][ T5137] usb 3-1: config 0 descriptor?? [ 523.684584][ T7949] usb 4-1: new high-speed USB device number 50 using dummy_hcd [ 523.734607][ T7949] usb 4-1: device descriptor read/8, error -71 [ 523.756281][T11963] usb 3-1: USB disconnect, device number 44 [ 524.016220][ T7949] usb 4-1: new high-speed USB device number 51 using dummy_hcd [ 524.070964][ T7949] usb 4-1: device descriptor read/8, error -71 [ 524.135280][T12942] loop7: detected capacity change from 0 to 16384 [ 524.173863][T11677] Bluetooth: hci1: command tx timeout [ 524.214102][ T7949] usb usb4-port1: unable to enumerate USB device [ 524.254034][T12942] I/O error, dev loop7, sector 5376 op 0x0:(READ) flags 0x80700 phys_seg 5 prio class 0 [ 524.408279][T12945] binder: 12944:12945 ioctl 4018620d 0 returned -22 [ 524.526793][ T29] audit: type=1804 audit(1719656413.066:464): pid=12949 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.2.2224" name="/root/syzkaller.LjZKHf/66/bus" dev="sda1" ino=2033 res=1 errno=0 [ 524.623210][T12951] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2226'. [ 524.638723][T12951] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2226'. [ 524.784122][ T5136] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 524.974000][ T5136] usb 1-1: Using ep0 maxpacket: 8 [ 524.981822][ T5136] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 524.992131][ T5136] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 525.002955][ T5136] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 525.016129][ T5136] usb 1-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.01 [ 525.025212][ T5136] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 525.037393][ T5136] usb 1-1: config 0 descriptor?? [ 525.048878][ T5136] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 525.054914][T11677] Bluetooth: hci2: command tx timeout [ 525.275182][T11677] Bluetooth: Unexpected start frame (len 12) [ 525.759124][T11963] usb 1-1: USB disconnect, device number 32 [ 526.023931][ T5136] usb 3-1: new high-speed USB device number 45 using dummy_hcd [ 526.210151][ T5136] usb 3-1: config 0 has no interfaces? [ 526.220338][ T5136] usb 3-1: New USB device found, idVendor=056a, idProduct=4001, bcdDevice= 0.00 [ 526.231903][ T5136] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 526.246966][ T5136] usb 3-1: config 0 descriptor?? [ 526.493223][T11963] usb 3-1: USB disconnect, device number 45 [ 527.566266][ T29] audit: type=1804 audit(1719656416.096:465): pid=13002 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.2240" name="/root/syzkaller.M10TS0/304/file0" dev="sda1" ino=2032 res=1 errno=0 [ 527.694107][ T5209] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 527.885603][ T5209] usb 1-1: Using ep0 maxpacket: 16 [ 527.912955][ T5209] usb 1-1: too many configurations: 84, using maximum allowed: 8 [ 527.933175][ T5209] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 527.945080][ T5209] usb 1-1: can't read configurations, error -61 [ 528.114297][ T5209] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 528.323933][ T5209] usb 1-1: Using ep0 maxpacket: 16 [ 528.367875][ T5209] usb 1-1: too many configurations: 84, using maximum allowed: 8 [ 528.454169][ T5209] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 528.496537][ T5209] usb 1-1: can't read configurations, error -61 [ 528.536694][ T5209] usb usb1-port1: attempt power cycle [ 529.099587][ T5209] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 529.145427][ T5209] usb 1-1: Using ep0 maxpacket: 16 [ 529.765282][ T7949] usb 5-1: new high-speed USB device number 60 using dummy_hcd [ 529.784889][ T5209] usb 1-1: unable to get BOS descriptor set [ 529.790925][ T5209] usb 1-1: too many configurations: 84, using maximum allowed: 8 [ 529.802869][ T5209] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 529.811106][ T5209] usb 1-1: can't read configurations, error -71 [ 530.024502][ T7949] usb 5-1: Using ep0 maxpacket: 8 [ 530.039533][ T7949] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 530.060240][T13044] netlink: 'syz.3.2251': attribute type 10 has an invalid length. [ 530.068604][ T7949] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 530.081479][ T7949] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 530.115609][ T7949] usb 5-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.01 [ 530.132225][T13044] team0: Device ipvlan1 failed to register rx_handler [ 530.139228][ T7949] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 530.152451][ T7949] usb 5-1: config 0 descriptor?? [ 530.153969][T11963] usb 3-1: new high-speed USB device number 46 using dummy_hcd [ 530.173407][T13047] overlayfs: failed to resolve './file1': -2 [ 530.194705][ T7949] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 530.257298][T13046] overlayfs: conflicting lowerdir path [ 530.365833][T11963] usb 3-1: config 0 has no interfaces? [ 530.373907][T11963] usb 3-1: New USB device found, idVendor=056a, idProduct=4001, bcdDevice= 0.00 [ 530.383103][T11963] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 530.421211][T11963] usb 3-1: config 0 descriptor?? [ 530.526120][T13053] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2254'. [ 530.545822][T13053] ======================================================= [ 530.545822][T13053] WARNING: The mand mount option has been deprecated and [ 530.545822][T13053] and is ignored by this kernel. Remove the mand [ 530.545822][T13053] option from the mount to silence this warning. [ 530.545822][T13053] ======================================================= [ 530.698280][ T7949] usb 3-1: USB disconnect, device number 46 [ 530.860578][T13054] bond0: entered promiscuous mode [ 530.872963][T13054] bond_slave_0: entered promiscuous mode [ 531.251749][ T7949] usb 5-1: USB disconnect, device number 60 [ 531.544439][T13070] loop0: detected capacity change from 0 to 6 [ 531.583742][T13070] Dev loop0: unable to read RDB block 6 [ 531.609171][T13070] loop0: unable to read partition table [ 531.622685][ T53] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 531.635688][ T53] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 531.644834][ T53] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 531.653080][ T53] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 531.661486][ T53] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 531.661606][T13070] loop0: partition table beyond EOD, [ 531.669372][ T53] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 531.671542][T13070] truncated [ 531.709000][T13070] loop_reread_partitions: partition scan of loop0 (被xڬdƤݡ [ 531.709000][T13070] ) failed (rc=-5) [ 532.786835][T13095] netlink: 'syz.4.2267': attribute type 1 has an invalid length. [ 532.816244][T13073] chnl_net:caif_netlink_parms(): no params data found [ 532.976242][T13109] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2269'. [ 533.198031][T13120] bond0: entered promiscuous mode [ 533.203359][T13120] bond_slave_0: entered promiscuous mode [ 533.209747][T13120] bond_slave_1: entered promiscuous mode [ 533.244780][T13125] team0: entered promiscuous mode [ 533.270089][T13125] team_slave_0: entered promiscuous mode [ 533.286320][T13125] team_slave_1: entered promiscuous mode [ 533.296460][T13073] bridge0: port 1(bridge_slave_0) entered blocking state [ 533.303677][T13073] bridge0: port 1(bridge_slave_0) entered disabled state [ 533.337760][T13073] bridge_slave_0: entered allmulticast mode [ 533.348698][T13073] bridge_slave_0: entered promiscuous mode [ 533.359790][T13073] bridge0: port 2(bridge_slave_1) entered blocking state [ 533.367504][T13073] bridge0: port 2(bridge_slave_1) entered disabled state [ 533.374755][T13073] bridge_slave_1: entered allmulticast mode [ 533.381640][T13073] bridge_slave_1: entered promiscuous mode [ 533.389204][T13124] team0: left promiscuous mode [ 533.394540][T13124] team_slave_0: left promiscuous mode [ 533.400592][T13124] team_slave_1: left promiscuous mode [ 533.456259][T13073] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 533.469856][T13073] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 533.508766][T13073] team0: Port device team_slave_0 added [ 533.520376][T13073] team0: Port device team_slave_1 added [ 533.580733][T13073] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 533.591666][T13073] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 533.624553][T13073] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 533.636864][T13073] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 533.643957][T13073] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 533.673326][T13073] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 533.734578][T13073] hsr_slave_0: entered promiscuous mode [ 533.749428][T13073] hsr_slave_1: entered promiscuous mode [ 533.760642][T13073] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 533.772562][T13073] Cannot create hsr debugfs directory [ 533.815989][T13078] Bluetooth: hci3: command tx timeout [ 533.821538][T13078] Bluetooth: hci4: command tx timeout [ 535.135669][T13073] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 535.299853][T13073] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 535.702721][T13073] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 535.726761][T13168] loop0: detected capacity change from 0 to 6 [ 535.737049][T13168] Dev loop0: unable to read RDB block 6 [ 535.743115][T13168] loop0: unable to read partition table [ 535.759282][T13168] loop0: partition table beyond EOD, truncated [ 535.773848][T13168] loop_reread_partitions: partition scan of loop0 (被xڬdƤݡ [ 535.773848][T13168] ) failed (rc=-5) [ 535.835319][T13073] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 535.854286][ T5089] Bluetooth: hci4: command tx timeout [ 536.291205][T13073] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 536.429390][T13073] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 536.456082][T13073] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 536.649329][T13073] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 537.061653][T13189] netlink: 'syz.3.2290': attribute type 21 has an invalid length. [ 537.379599][T13073] 8021q: adding VLAN 0 to HW filter on device bond0 [ 537.448044][T13073] 8021q: adding VLAN 0 to HW filter on device team0 [ 537.468552][ T7949] bridge0: port 1(bridge_slave_0) entered blocking state [ 537.475747][ T7949] bridge0: port 1(bridge_slave_0) entered forwarding state [ 537.495507][T11038] bridge0: port 2(bridge_slave_1) entered blocking state [ 537.502772][T11038] bridge0: port 2(bridge_slave_1) entered forwarding state [ 537.536840][T13201] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2293'. [ 537.934139][ T5089] Bluetooth: hci4: command tx timeout [ 537.986126][T11038] usb 4-1: new high-speed USB device number 52 using dummy_hcd [ 538.007426][ T29] audit: type=1800 audit(2000000004.670:466): pid=13210 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.4.2295" name="file1" dev="sda1" ino=2034 res=0 errno=0 [ 538.039495][ T29] audit: type=1804 audit(2000000004.670:467): pid=13210 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.2295" name="/root/syzkaller.fhHrqM/43/file1" dev="sda1" ino=2034 res=1 errno=0 [ 538.195324][T11038] usb 4-1: Using ep0 maxpacket: 32 [ 538.211707][T11038] usb 4-1: New USB device found, idVendor=05ac, idProduct=023f, bcdDevice=e0.d8 [ 538.230441][T11038] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 538.250700][T11038] usb 4-1: config 0 descriptor?? [ 538.278027][T11038] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input23 [ 538.382084][T13073] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 538.534162][T13073] veth0_vlan: entered promiscuous mode [ 538.620229][T13073] veth1_vlan: entered promiscuous mode [ 538.733604][T13073] veth0_macvtap: entered promiscuous mode [ 538.763631][T13073] veth1_macvtap: entered promiscuous mode [ 538.811591][T13073] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 538.829893][T13073] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 538.842913][T13073] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 538.877395][T13073] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 538.892105][T13073] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 538.912577][T13073] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 538.922723][T13073] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 538.941327][T13073] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 538.952666][T13073] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 538.963578][T13073] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 538.977377][T13073] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 538.988097][T13073] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 539.001278][T13073] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 539.050019][T13073] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 539.088063][T13073] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 539.114896][T13073] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 539.126681][T13073] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 539.137078][T13073] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 539.147802][T13073] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 539.158231][T13073] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 539.170563][T13073] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 539.262891][T13073] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 539.294145][ T5089] Bluetooth: hci1: command tx timeout [ 539.299454][T13073] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 539.329073][T13073] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 539.353708][T13073] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 539.416636][T13073] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 539.440005][T13073] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 539.456045][ T4520] bcm5974 4-1:0.0: could not read from device [ 539.481059][T13073] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 539.496231][T13073] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 539.513876][T13073] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 539.545228][T11038] usb 4-1: USB disconnect, device number 52 [ 539.820249][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 539.853120][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 539.953112][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 539.996038][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 540.056876][ T5089] Bluetooth: hci4: command tx timeout [ 540.277545][T13225] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2300'. [ 540.541201][T13241] overlayfs: failed to resolve './file1': -2 [ 540.564920][T13241] overlayfs: conflicting lowerdir path [ 540.644481][ T5209] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 540.834001][ T5209] usb 3-1: Using ep0 maxpacket: 32 [ 540.861265][ T5209] usb 3-1: New USB device found, idVendor=093a, idProduct=2601, bcdDevice=98.d2 [ 540.870527][ T5209] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 540.878925][ T5209] usb 3-1: Product: syz [ 540.890717][ T5209] usb 3-1: Manufacturer: syz [ 540.895935][ T5209] usb 3-1: SerialNumber: syz [ 540.898400][ T5209] usb 3-1: config 0 descriptor?? [ 540.908069][ T5089] Bluetooth: hci2: command tx timeout [ 540.918763][ T5209] gspca_main: pac7311-2.14.0 probing 093a:2601 [ 541.501505][ T5209] gspca_pac7311: reg_w() failed index 0x78, value 0x40, error -71 [ 542.255586][ T5209] pac7311 3-1:0.0: probe with driver pac7311 failed with error -71 [ 542.275699][ T5209] usb 3-1: USB disconnect, device number 47 [ 542.317194][T13263] Device name cannot be null; rc = [-22] [ 542.525698][T13269] syz.4.2311[13269] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 542.525854][T13269] syz.4.2311[13269] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 542.564248][T13272] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2314'. [ 542.674675][T13273] loop0: detected capacity change from 0 to 7 [ 542.684205][T13269] 9pnet_fd: Insufficient options for proto=fd [ 542.691700][T13273] Dev loop0: unable to read RDB block 7 [ 542.705993][T13273] loop0: unable to read partition table [ 542.728910][T13273] loop0: partition table beyond EOD, truncated [ 542.749980][T13273] loop_reread_partitions: partition scan of loop0 (被xڬdƤݡ [ 542.749980][T13273] ) failed (rc=-5) [ 542.903905][ T5135] usb 4-1: new high-speed USB device number 53 using dummy_hcd [ 543.042688][T13279] bond0: (slave bond_slave_1): Releasing backup interface [ 543.075358][T13078] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 543.086245][T13078] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 543.088833][T13279] bond_slave_1 (unregistering): left promiscuous mode [ 543.094563][T13078] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 543.100836][ T5135] usb 4-1: Using ep0 maxpacket: 16 [ 543.137431][T13078] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 543.156870][T13078] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 543.160516][ T5135] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 543.166040][T13078] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 543.210413][ T5135] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 543.232896][ T5135] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 543.294805][ T5089] Bluetooth: hci1: command tx timeout [ 543.458494][ T5135] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 543.469562][ T5135] usb 4-1: config 0 descriptor?? [ 543.501838][T13288] chnl_net:caif_netlink_parms(): no params data found [ 543.684938][ T5135] usbhid 4-1:0.0: can't add hid device: -71 [ 543.699841][ T5135] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 543.721013][ T5135] usb 4-1: USB disconnect, device number 53 [ 543.780217][T13288] bridge0: port 1(bridge_slave_0) entered blocking state [ 543.794724][T13288] bridge0: port 1(bridge_slave_0) entered disabled state [ 543.814448][T13288] bridge_slave_0: entered allmulticast mode [ 543.835544][T13288] bridge_slave_0: entered promiscuous mode [ 543.863600][T13288] bridge0: port 2(bridge_slave_1) entered blocking state [ 543.872052][T13288] bridge0: port 2(bridge_slave_1) entered disabled state [ 543.882698][T13288] bridge_slave_1: entered allmulticast mode [ 543.910179][T13311] Context (ID=0x4da) not attached to queue pair (handle=0x0:0x0) [ 543.921069][T13288] bridge_slave_1: entered promiscuous mode [ 544.047544][T13288] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 544.119904][T13288] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 544.621880][T13288] team0: Port device team_slave_0 added [ 544.675192][T13288] team0: Port device team_slave_1 added [ 544.764387][T13323] ALSA: mixer_oss: invalid OSS volume '' [ 545.025365][T13288] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 545.032382][T13288] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 545.058314][ C1] vkms_vblank_simulate: vblank timer overrun [ 545.059237][ T5089] Bluetooth: hci2: command tx timeout [ 545.272972][T13288] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 545.295707][ T5089] Bluetooth: hci3: command tx timeout [ 545.334169][T13288] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 545.364329][T13288] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 545.390255][ C1] vkms_vblank_simulate: vblank timer overrun [ 545.415895][T13288] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 545.748644][T13288] hsr_slave_0: entered promiscuous mode [ 545.765990][T13288] hsr_slave_1: entered promiscuous mode [ 545.773586][T13288] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 545.792052][T13288] Cannot create hsr debugfs directory [ 546.523538][T13288] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 546.686086][T13288] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 547.042039][T13288] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 547.147702][T13288] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 547.283950][ T7949] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 547.316929][T13288] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 547.326824][T13288] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 547.338050][T13288] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 547.348542][T13288] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 547.384185][ T5089] Bluetooth: hci1: command tx timeout [ 547.384195][T13078] Bluetooth: hci3: command tx timeout [ 547.456099][T13370] ALSA: mixer_oss: invalid OSS volume '' [ 547.468672][T13288] 8021q: adding VLAN 0 to HW filter on device bond0 [ 547.494490][T13288] 8021q: adding VLAN 0 to HW filter on device team0 [ 547.502104][ T7949] usb 2-1: unable to get BOS descriptor or descriptor too short [ 547.526382][ T5209] bridge0: port 1(bridge_slave_0) entered blocking state [ 547.533576][ T5209] bridge0: port 1(bridge_slave_0) entered forwarding state [ 547.648152][ T7949] usb 2-1: config 0 has no interfaces? [ 547.657026][ T7949] usb 2-1: New USB device found, idVendor=07da, idProduct=104d, bcdDevice=e5.48 [ 547.669409][ T5209] bridge0: port 2(bridge_slave_1) entered blocking state [ 547.676598][ T5209] bridge0: port 2(bridge_slave_1) entered forwarding state [ 547.686336][ T7949] usb 2-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 547.691827][T13376] loop7: detected capacity change from 0 to 16384 [ 547.696266][ T7949] usb 2-1: Product: syz [ 547.708726][ T7949] usb 2-1: SerialNumber: syz [ 547.721191][ T7949] usb 2-1: config 0 descriptor?? [ 547.854596][ T57] I/O error, dev loop7, sector 384 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 547.864430][ T57] Buffer I/O error on dev loop7, logical block 48, lost async page write [ 547.891053][T13376] I/O error, dev loop7, sector 6912 op 0x0:(READ) flags 0x80700 phys_seg 3 prio class 0 [ 547.902480][T13378] I/O error, dev loop7, sector 392 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 547.934058][T13378] Buffer I/O error on dev loop7, logical block 49, lost async page write [ 547.962862][ T29] audit: type=1326 audit(2000000014.620:468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13357 comm="syz.1.2335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec84175b99 code=0x7ffc0000 [ 548.022303][ T29] audit: type=1326 audit(2000000014.620:469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13357 comm="syz.1.2335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec84175b99 code=0x7ffc0000 [ 548.061538][ T29] audit: type=1326 audit(2000000014.630:470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13357 comm="syz.1.2335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fec84175b99 code=0x7ffc0000 [ 548.084452][ T29] audit: type=1326 audit(2000000014.630:471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13357 comm="syz.1.2335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec84175b99 code=0x7ffc0000 [ 548.090837][T13358] pimreg: entered allmulticast mode [ 548.106001][ C1] vkms_vblank_simulate: vblank timer overrun [ 548.110316][ T29] audit: type=1326 audit(2000000014.640:472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13357 comm="syz.1.2335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec84175b99 code=0x7ffc0000 [ 548.139201][ C1] vkms_vblank_simulate: vblank timer overrun [ 548.156065][ T29] audit: type=1326 audit(2000000014.640:473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13357 comm="syz.1.2335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=221 compat=0 ip=0x7fec84175b99 code=0x7ffc0000 [ 548.178379][T13384] pimreg: left allmulticast mode [ 548.193974][ T29] audit: type=1326 audit(2000000014.640:474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13357 comm="syz.1.2335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec84175b99 code=0x7ffc0000 [ 548.238791][ T29] audit: type=1326 audit(2000000014.640:475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13357 comm="syz.1.2335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec84175b99 code=0x7ffc0000 [ 548.267115][ T29] audit: type=1326 audit(2000000014.640:476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13357 comm="syz.1.2335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fec84175b99 code=0x7ffc0000 [ 548.278039][T13288] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 548.288591][ C1] vkms_vblank_simulate: vblank timer overrun [ 548.315050][ T29] audit: type=1326 audit(2000000014.650:477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13357 comm="syz.1.2335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec84175b99 code=0x7ffc0000 [ 548.336603][ C1] vkms_vblank_simulate: vblank timer overrun [ 548.355113][ T7949] usb 2-1: USB disconnect, device number 36 [ 548.530427][T13288] veth0_vlan: entered promiscuous mode [ 548.571613][T13288] veth1_vlan: entered promiscuous mode [ 548.747584][T13288] veth0_macvtap: entered promiscuous mode [ 548.794756][T13288] veth1_macvtap: entered promiscuous mode [ 548.966444][T13288] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 548.996487][T13288] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 549.014104][T13288] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 549.033643][T13288] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 549.045163][T13288] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 549.055985][T13288] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 549.065914][T13288] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 549.077156][T13288] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 549.087059][T13288] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 549.099822][T13288] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 549.120322][T13288] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 549.132014][T13288] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 549.142080][T13288] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 549.152587][T13288] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 549.171646][T13288] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 549.207892][T13405] netlink: 'syz.3.2346': attribute type 16 has an invalid length. [ 549.264018][T13405] netlink: 'syz.3.2346': attribute type 17 has an invalid length. [ 549.347315][T13288] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 549.383834][T13288] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 549.393710][T13288] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 549.421504][T13288] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 549.439707][T13288] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 549.452558][T13288] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 549.462613][T13078] Bluetooth: hci3: command tx timeout [ 549.483008][T13288] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 549.504207][T13288] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 549.523075][T13288] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 549.533588][T13288] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 549.566218][T13288] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 549.599608][T13288] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 549.704580][T13288] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 549.742662][T13288] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 549.775236][T13288] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 549.853456][T13288] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 549.941464][T13288] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 549.950448][T13288] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 549.967359][T13288] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 550.089927][ T5089] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 550.101512][ T5089] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 550.118795][ T5089] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 550.128250][ T5089] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 550.143254][ T5089] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 550.151805][ T5089] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 550.172841][ T1081] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 550.304408][ T1081] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 550.336446][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 550.360950][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 550.416527][ T1081] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 550.568750][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 550.586285][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 550.617038][ T1081] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 550.713971][T13433] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 550.791687][T13433] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 550.927990][ T1081] bridge_slave_1: left allmulticast mode [ 550.934461][ T1081] bridge_slave_1: left promiscuous mode [ 550.941483][ T1081] bridge0: port 2(bridge_slave_1) entered disabled state [ 550.950886][ T1081] bridge_slave_0: left allmulticast mode [ 550.957396][ T1081] bridge_slave_0: left promiscuous mode [ 550.963120][ T1081] bridge0: port 1(bridge_slave_0) entered disabled state [ 551.379369][ T1081] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 551.409343][ T1081] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 551.434308][ T1081] bond0 (unregistering): Released all slaves [ 551.525301][T13422] chnl_net:caif_netlink_parms(): no params data found [ 551.540190][ T5089] Bluetooth: hci3: command tx timeout [ 551.958106][T13422] bridge0: port 1(bridge_slave_0) entered blocking state [ 551.974507][T13422] bridge0: port 1(bridge_slave_0) entered disabled state [ 551.983582][T13422] bridge_slave_0: entered allmulticast mode [ 551.991172][T13422] bridge_slave_0: entered promiscuous mode [ 552.004250][ T50] usb 5-1: new high-speed USB device number 61 using dummy_hcd [ 552.019164][ T1081] hsr_slave_0: left promiscuous mode [ 552.044299][ T1081] hsr_slave_1: left promiscuous mode [ 552.052339][ T1081] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 552.059852][ T1081] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 552.078042][ T1081] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 552.089361][ T1081] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 552.125610][ T1081] veth1_macvtap: left promiscuous mode [ 552.131878][ T1081] veth0_macvtap: left promiscuous mode [ 552.138254][ T1081] veth1_vlan: left promiscuous mode [ 552.143789][ T1081] veth0_vlan: left promiscuous mode [ 552.204153][ T50] usb 5-1: Using ep0 maxpacket: 32 [ 552.214719][ T50] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 552.225997][ T50] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 552.253072][ T50] usb 5-1: New USB device found, idVendor=0421, idProduct=00a0, bcdDevice=c8.e1 [ 552.264507][ T5089] Bluetooth: hci4: command tx timeout [ 552.272743][ T50] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 552.287548][ T50] usb 5-1: config 0 descriptor?? [ 552.297940][ T50] usb 5-1: bad CDC descriptors [ 552.303234][ T50] cdc_acm 5-1:0.0: Zero length descriptor references [ 552.324319][ T50] cdc_acm 5-1:0.0: probe with driver cdc_acm failed with error -22 [ 552.342273][ T5089] Bluetooth: hci1: command tx timeout [ 552.518523][ T50] usb 5-1: USB disconnect, device number 61 [ 552.748541][ T1081] team0 (unregistering): Port device team_slave_1 removed [ 552.791417][ T1081] team0 (unregistering): Port device team_slave_0 removed [ 553.373135][T13422] bridge0: port 2(bridge_slave_1) entered blocking state [ 553.380758][T13422] bridge0: port 2(bridge_slave_1) entered disabled state [ 553.473655][T13422] bridge_slave_1: entered allmulticast mode [ 553.521076][T13422] bridge_slave_1: entered promiscuous mode [ 553.623919][ T5089] Bluetooth: hci3: command tx timeout [ 554.121364][T13470] tap0: tun_chr_ioctl cmd 1074025677 [ 554.131739][T13470] tap0: linktype set to 769 [ 554.306782][T13422] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 554.320110][T13422] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 554.334273][ T5089] Bluetooth: hci4: command tx timeout [ 554.626773][T13422] team0: Port device team_slave_0 added [ 554.663056][T13482] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2367'. [ 554.735483][T13422] team0: Port device team_slave_1 added [ 555.097237][T13078] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 555.111809][T13422] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 555.119533][T13078] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 555.128179][T13078] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 555.141214][T13078] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 555.148362][T13422] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 555.189222][T13490] UBIFS error (pid: 13490): cannot open "./file0", error -22 [ 555.195793][ T53] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 555.209736][T13422] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 555.223279][ T53] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 555.244865][T13422] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 555.251855][T13422] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 555.277738][ C1] vkms_vblank_simulate: vblank timer overrun [ 555.395585][T13422] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 555.639590][T13422] hsr_slave_0: entered promiscuous mode [ 555.646589][T13422] hsr_slave_1: entered promiscuous mode [ 555.653149][T13422] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 555.661307][T13422] Cannot create hsr debugfs directory [ 556.417490][ T5089] Bluetooth: hci4: command tx timeout [ 557.031311][ T7949] usb 5-1: new high-speed USB device number 62 using dummy_hcd [ 557.088209][T13486] chnl_net:caif_netlink_parms(): no params data found [ 557.206289][T13486] bridge0: port 1(bridge_slave_0) entered blocking state [ 557.213641][T13486] bridge0: port 1(bridge_slave_0) entered disabled state [ 557.222891][T13486] bridge_slave_0: entered allmulticast mode [ 557.230380][ T7949] usb 5-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 557.240994][T13486] bridge_slave_0: entered promiscuous mode [ 557.246910][ T7949] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 557.258868][ T7949] usb 5-1: config 0 descriptor?? [ 557.274616][T13486] bridge0: port 2(bridge_slave_1) entered blocking state [ 557.281781][T13486] bridge0: port 2(bridge_slave_1) entered disabled state [ 557.304903][T13486] bridge_slave_1: entered allmulticast mode [ 557.323961][T13486] bridge_slave_1: entered promiscuous mode [ 557.374265][ T5089] Bluetooth: hci2: command tx timeout [ 557.485136][ T7949] pegasus 5-1:0.0: probe with driver pegasus failed with error -71 [ 557.501909][ T7949] usb 5-1: USB disconnect, device number 62 [ 557.551200][T13486] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 557.597666][T13486] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 557.786008][T13486] team0: Port device team_slave_0 added [ 557.816853][T13486] team0: Port device team_slave_1 added [ 557.943046][T13486] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 557.950503][T13486] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 557.976385][ C1] vkms_vblank_simulate: vblank timer overrun [ 557.982772][T13486] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 558.061876][T13537] Cannot find set identified by id 0 to match [ 558.108564][T13539] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2384'. [ 558.186738][T13486] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 558.193710][T13486] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 558.240086][ C1] vkms_vblank_simulate: vblank timer overrun [ 558.261816][T13486] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 558.328613][T13422] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 558.351216][T13544] af_packet: tpacket_rcv: packet too big, clamped from 3152 to 4294967272. macoff=96 [ 558.410845][T13486] hsr_slave_0: entered promiscuous mode [ 558.435787][T13486] hsr_slave_1: entered promiscuous mode [ 558.452513][T13486] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 558.470643][T13486] Cannot create hsr debugfs directory [ 558.492859][T13422] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 558.499966][ T5089] Bluetooth: hci4: command tx timeout [ 558.532467][T13422] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 558.607102][T13422] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 558.793935][ T5135] usb 4-1: new high-speed USB device number 54 using dummy_hcd [ 558.824202][ T5089] Bluetooth: hci3: command tx timeout [ 558.948725][T13486] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 559.007890][ T5135] usb 4-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 255 [ 559.068247][ T5135] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 559.101232][ T5135] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 559.128323][T13486] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 559.145165][ T5135] usb 4-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00 [ 559.158091][ T5135] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 559.205065][ T5135] usb 4-1: config 0 descriptor?? [ 559.222844][ T5135] usb-storage 4-1:0.0: USB Mass Storage device detected [ 559.265861][ T5135] usb-storage 4-1:0.0: Quirks match for vid 1908 pid 1315: 20000 [ 559.312946][T13486] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 559.388745][T13422] 8021q: adding VLAN 0 to HW filter on device bond0 [ 559.417117][ T7949] usb 4-1: USB disconnect, device number 54 [ 559.456466][ T5089] Bluetooth: hci2: command tx timeout [ 559.465829][T13486] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 559.560168][T13422] 8021q: adding VLAN 0 to HW filter on device team0 [ 559.607400][ T5137] bridge0: port 1(bridge_slave_0) entered blocking state [ 559.614550][ T5137] bridge0: port 1(bridge_slave_0) entered forwarding state [ 559.675463][ T50] bridge0: port 2(bridge_slave_1) entered blocking state [ 559.682703][ T50] bridge0: port 2(bridge_slave_1) entered forwarding state [ 559.864499][T13571] loop7: detected capacity change from 0 to 16384 [ 559.999636][T13486] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 560.030928][ T98] I/O error, dev loop7, sector 256 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 560.041189][ T98] Buffer I/O error on dev loop7, logical block 32, lost async page write [ 560.057481][T13486] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 560.078065][T13571] I/O error, dev loop7, sector 1792 op 0x0:(READ) flags 0x80700 phys_seg 2 prio class 0 [ 560.091126][T13577] I/O error, dev loop7, sector 264 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 560.102397][T13577] Buffer I/O error on dev loop7, logical block 33, lost async page write [ 560.146230][T13486] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 560.201135][T13486] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 560.390026][T13591] loop0: detected capacity change from 0 to 7 [ 560.412734][T13591] Dev loop0: unable to read RDB block 7 [ 560.442819][T13591] loop0: AHDI p2 [ 560.451604][T13591] loop0: partition table partially beyond EOD, truncated [ 560.499618][T13422] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 560.624375][T13486] 8021q: adding VLAN 0 to HW filter on device bond0 [ 560.648058][T13486] 8021q: adding VLAN 0 to HW filter on device team0 [ 560.856586][T11963] bridge0: port 1(bridge_slave_0) entered blocking state [ 560.863856][T11963] bridge0: port 1(bridge_slave_0) entered forwarding state [ 560.897013][ T5089] Bluetooth: hci3: command tx timeout [ 560.922215][T13422] veth0_vlan: entered promiscuous mode [ 560.990758][ T50] bridge0: port 2(bridge_slave_1) entered blocking state [ 560.997983][ T50] bridge0: port 2(bridge_slave_1) entered forwarding state [ 561.085376][T13422] veth1_vlan: entered promiscuous mode [ 561.515577][T13621] loop7: detected capacity change from 0 to 16384 [ 561.534445][ T5089] Bluetooth: hci2: command tx timeout [ 561.630002][T13422] veth0_macvtap: entered promiscuous mode [ 561.682517][T13422] veth1_macvtap: entered promiscuous mode [ 561.716504][ T98] I/O error, dev loop7, sector 256 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 561.727103][ T98] Buffer I/O error on dev loop7, logical block 32, lost async page write [ 561.737582][ T98] I/O error, dev loop7, sector 264 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 561.747933][ T98] Buffer I/O error on dev loop7, logical block 33, lost async page write [ 561.756802][ T98] I/O error, dev loop7, sector 272 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 561.766502][ T98] Buffer I/O error on dev loop7, logical block 34, lost async page write [ 561.776190][ T98] I/O error, dev loop7, sector 280 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 561.786081][ T98] Buffer I/O error on dev loop7, logical block 35, lost async page write [ 561.794803][ T98] I/O error, dev loop7, sector 288 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 561.804411][ T98] Buffer I/O error on dev loop7, logical block 36, lost async page write [ 561.816214][ T98] I/O error, dev loop7, sector 296 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 561.825974][ T98] Buffer I/O error on dev loop7, logical block 37, lost async page write [ 561.836368][ T98] I/O error, dev loop7, sector 304 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 561.846222][ T98] Buffer I/O error on dev loop7, logical block 38, lost async page write [ 561.890228][T13623] Buffer I/O error on dev loop7, logical block 39, lost async page write [ 561.979391][T13422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 562.044129][T13422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 562.063351][T13422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 562.094576][T13422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 562.131470][T13422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 562.152010][T13422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 562.167656][T13631] futex_wake_op: syz.0.2410 tries to shift op by 32; fix this program [ 562.183858][T13422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 562.223708][T13422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 562.237448][T13422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 562.248481][T13422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 562.249165][T13633] loop0: detected capacity change from 0 to 7 [ 562.258680][T13422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 562.258738][T13422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 562.285444][T13422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 562.288167][T13633] Dev loop0: unable to read RDB block 7 [ 562.296006][T13422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 562.297974][T13422] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 562.310652][T13633] loop0: AHDI p2 [ 562.360732][T13486] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 562.374414][T13633] loop0: partition table partially beyond EOD, truncated [ 562.393664][T13422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 562.416844][T13422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 562.484836][T13422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 562.517645][T13422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 562.528597][T13422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 562.539455][T13422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 562.549595][T13422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 562.583598][T13422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 562.603642][T13422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 562.631346][T13422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 562.653514][T13422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 562.686257][T13422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 562.701030][T13422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 562.711893][T13422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 562.725832][T13422] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 562.974299][ T5089] Bluetooth: hci3: command tx timeout [ 563.138426][ T1246] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.144886][ T1246] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.491167][T13422] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 563.535968][T13422] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 563.687469][T13422] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 563.696789][ T5089] Bluetooth: hci2: command tx timeout [ 563.734320][T13422] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 563.829717][T13486] veth0_vlan: entered promiscuous mode [ 564.051307][T13486] veth1_vlan: entered promiscuous mode [ 564.250268][ T2881] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 564.262757][ T2881] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 564.330998][ T1081] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 564.348374][ T1081] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 564.372024][T13486] veth0_macvtap: entered promiscuous mode [ 564.458391][T13486] veth1_macvtap: entered promiscuous mode [ 564.483164][T13656] ALSA: mixer_oss: invalid OSS volume '' [ 564.514377][T13486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 564.539239][T13486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 564.577711][T13486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 564.615433][T13486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 564.638510][T13486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 564.661809][T13662] loop7: detected capacity change from 0 to 16384 [ 564.668269][T13486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 564.668290][T13486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 564.668307][T13486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 564.668326][T13486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 564.668341][T13486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 564.668356][T13486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 564.670186][T13486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 564.753806][T13486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 564.765565][T13486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 564.775419][T13486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 564.788617][T13486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 564.806269][T13486] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 564.952008][T13486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 564.985671][T13486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 565.035014][T13486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 565.065845][ T5089] Bluetooth: hci3: command tx timeout [ 565.084365][T13486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 565.096712][T13486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 565.133866][T13486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 565.173035][T13486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 565.232310][T13486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 565.249232][T13486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 565.272019][T13486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 565.294141][T13486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 565.306324][T13486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 565.316403][T13486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 565.327020][T13486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 565.336946][T13486] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 565.347500][T13486] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 565.380573][T13486] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 565.452694][T13486] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 565.464454][T13486] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 565.474883][T13486] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 565.491306][T13486] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 565.714101][ T784] usb 4-1: new high-speed USB device number 55 using dummy_hcd [ 565.866399][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 565.899376][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 565.919454][ T956] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 565.936248][ T784] usb 4-1: Using ep0 maxpacket: 16 [ 565.957974][ T784] usb 4-1: config 1 has an invalid interface number: 15 but max is 0 [ 565.961371][ T956] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 565.985034][ T784] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 1 [ 566.004538][ T784] usb 4-1: config 1 has no interface number 1 [ 566.013281][ T784] usb 4-1: config 1 interface 15 altsetting 1 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 566.090635][ T784] usb 4-1: config 1 interface 15 has no altsetting 0 [ 566.105294][ T784] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 566.133966][ T784] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 566.142024][ T784] usb 4-1: SerialNumber: syz [ 566.180626][ T784] cdc_acm 4-1:1.0: Control and data interfaces are not separated! [ 566.210576][T13678] ax25_connect(): syz.1.2423 uses autobind, please contact jreuter@yaina.de [ 566.304549][ T5089] Bluetooth: hci1: command tx timeout [ 566.334481][ T784] cdc_acm 4-1:1.0: This needs exactly 3 endpoints [ 566.341090][ T784] cdc_acm 4-1:1.0: probe with driver cdc_acm failed with error -22 [ 566.531043][ T25] usb 4-1: USB disconnect, device number 55 [ 567.133899][ T5089] Bluetooth: hci3: command tx timeout [ 567.158732][T13708] loop7: detected capacity change from 0 to 16384 [ 567.282042][ T98] blk_print_req_error: 2 callbacks suppressed [ 567.282061][ T98] I/O error, dev loop7, sector 496 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 567.299622][ T98] Buffer I/O error on dev loop7, logical block 62, lost async page write [ 567.337478][T13708] I/O error, dev loop7, sector 3840 op 0x0:(READ) flags 0x80700 phys_seg 3 prio class 0 [ 567.347997][T13711] I/O error, dev loop7, sector 504 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 567.394919][T13711] Buffer I/O error on dev loop7, logical block 63, lost async page write [ 567.868882][T13737] hub 6-0:1.0: USB hub found [ 567.874212][T13737] hub 6-0:1.0: 1 port detected [ 567.974069][ T929] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 568.186781][ T929] usb 1-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 568.204937][ T929] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 568.253082][ T929] usb 1-1: config 0 descriptor?? [ 568.394225][ T50] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 568.498372][ T929] pegasus 1-1:0.0: probe with driver pegasus failed with error -71 [ 568.538236][ T929] usb 1-1: USB disconnect, device number 37 [ 568.604980][ T50] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 568.659482][ T50] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 568.783541][ T5089] Bluetooth: hci4: command tx timeout [ 568.806726][ T50] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 568.844055][T11963] usb 5-1: new high-speed USB device number 63 using dummy_hcd [ 568.853870][ T50] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 568.872812][ T50] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 568.889634][ T50] usb 2-1: config 0 descriptor?? [ 569.112361][T11963] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 569.157139][T11963] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 569.204182][T11963] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 569.217241][ T5089] Bluetooth: hci3: command tx timeout [ 569.260265][T11963] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 569.304332][T11963] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 569.329572][T11963] usb 5-1: config 0 descriptor?? [ 569.366948][ T50] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0 [ 569.397396][ T50] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0 [ 569.425909][ T50] plantronics 0003:047F:FFFF.0013: No inputs registered, leaving [ 569.494526][ T50] plantronics 0003:047F:FFFF.0013: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 569.683220][ T5136] usb 2-1: USB disconnect, device number 37 [ 569.697574][T13769] netlink: 'syz.0.2453': attribute type 1 has an invalid length. [ 569.773859][ T5089] Bluetooth: hci1: command tx timeout [ 569.787836][T11963] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0 [ 569.807061][T11963] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0 [ 569.824860][T11963] plantronics 0003:047F:FFFF.0014: No inputs registered, leaving [ 569.851082][T11963] plantronics 0003:047F:FFFF.0014: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 570.059582][ T50] usb 5-1: USB disconnect, device number 63 [ 570.694122][ T50] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 570.746119][T13787] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2459'. [ 570.755782][ T7949] usb 3-1: new high-speed USB device number 48 using dummy_hcd [ 570.773954][ T5136] usb 1-1: new high-speed USB device number 38 using dummy_hcd [ 570.894086][ T50] usb 2-1: Using ep0 maxpacket: 32 [ 570.901394][ T50] usb 2-1: config 0 has no interfaces? [ 570.912671][ T50] usb 2-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 570.924039][ T50] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 570.932070][ T50] usb 2-1: Product: syz [ 570.937256][ T50] usb 2-1: Manufacturer: syz [ 570.942104][ T50] usb 2-1: SerialNumber: syz [ 570.949568][ T50] usb 2-1: config 0 descriptor?? [ 570.954729][ T7949] usb 3-1: Using ep0 maxpacket: 8 [ 570.962386][ T7949] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 570.988430][ T7949] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 571.003870][ T5136] usb 1-1: Using ep0 maxpacket: 32 [ 571.009731][ T7949] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 571.026161][ T5136] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 571.035290][ T7949] usb 3-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.01 [ 571.038860][ T5136] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 571.060497][ T7949] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 571.061637][ T5136] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 571.082850][ T7949] usb 3-1: config 0 descriptor?? [ 571.091349][ T5136] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 571.107868][ T7949] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 571.128376][ T5136] usb 1-1: config 0 descriptor?? [ 571.136267][ T5136] hub 1-1:0.0: USB hub found [ 571.220002][ T29] kauditd_printk_skb: 59 callbacks suppressed [ 571.220021][ T29] audit: type=1800 audit(2000000037.880:537): pid=13800 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.3.2464" name="memory.events" dev="sda1" ino=2058 res=0 errno=0 [ 571.249330][ T29] audit: type=1804 audit(2000000037.920:538): pid=13800 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.3.2464" name="/root/syzkaller.M10TS0/369/memory.events" dev="sda1" ino=2058 res=1 errno=0 [ 571.271301][ C1] vkms_vblank_simulate: vblank timer overrun [ 571.287271][ T29] audit: type=1804 audit(2000000037.920:539): pid=13800 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.3.2464" name="/root/syzkaller.M10TS0/369/memory.events" dev="sda1" ino=2058 res=1 errno=0 [ 571.450155][ T5136] hub 1-1:0.0: config failed, can't read hub descriptor (err -22) [ 571.471366][ T5136] usbhid 1-1:0.0: can't add hid device: -71 [ 571.483091][ T5136] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 571.525184][ T5136] usb 1-1: USB disconnect, device number 38 [ 571.999382][T13804] netlink: 'syz.3.2465': attribute type 10 has an invalid length. [ 572.227000][T11963] usb 3-1: USB disconnect, device number 48 [ 572.256895][ T5089] Bluetooth: hci3: command tx timeout [ 572.795707][ T29] audit: type=1326 audit(2000000039.450:540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13820 comm="syz.0.2470" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5a34b75b99 code=0x0 [ 573.134091][ T7949] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 573.305663][ T7949] usb 1-1: device descriptor read/64, error -71 [ 573.369741][ T5136] usb 2-1: USB disconnect, device number 38 [ 573.533634][T13836] loop7: detected capacity change from 0 to 16384 [ 573.594410][ T7949] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 573.673036][ T57] I/O error, dev loop7, sector 256 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 573.682862][ T57] Buffer I/O error on dev loop7, logical block 32, lost async page write [ 573.715529][T13836] I/O error, dev loop7, sector 3584 op 0x0:(READ) flags 0x80700 phys_seg 8 prio class 0 [ 573.725643][ T57] I/O error, dev loop7, sector 264 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 573.735610][ T57] Buffer I/O error on dev loop7, logical block 33, lost async page write [ 573.754092][ T7949] usb 1-1: device descriptor read/64, error -71 [ 573.874029][T11963] usb 5-1: new high-speed USB device number 64 using dummy_hcd [ 573.874393][ T7949] usb usb1-port1: attempt power cycle [ 574.085629][T11963] usb 5-1: Using ep0 maxpacket: 32 [ 574.102415][T11963] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 574.130003][T11963] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 574.150383][T11963] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 574.168871][T11963] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 574.186212][T11963] usb 5-1: config 0 descriptor?? [ 574.194900][T11963] hub 5-1:0.0: USB hub found [ 574.283920][ T929] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 574.335282][ T7949] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 574.343049][ T5089] Bluetooth: hci3: command tx timeout [ 574.384922][ T7949] usb 1-1: device descriptor read/8, error -71 [ 574.474350][ T929] usb 3-1: Using ep0 maxpacket: 8 [ 574.502084][ T929] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 574.531055][T11963] hub 5-1:0.0: config failed, can't read hub descriptor (err -22) [ 574.539264][ T929] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 574.552521][ T929] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 574.566271][ T929] usb 3-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.01 [ 574.577256][ T929] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 574.588718][T11963] usbhid 5-1:0.0: can't add hid device: -71 [ 574.605165][T11963] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 574.619206][ T929] usb 3-1: config 0 descriptor?? [ 574.630575][ T929] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 574.647760][T11963] usb 5-1: USB disconnect, device number 64 [ 574.654109][ T7949] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 574.698952][ T7949] usb 1-1: device descriptor read/8, error -71 [ 574.828718][ T7949] usb usb1-port1: unable to enumerate USB device [ 574.850562][ T5089] Bluetooth: Unexpected start frame (len 12) [ 575.341239][ T7949] usb 3-1: USB disconnect, device number 49 [ 575.773916][ T5089] Bluetooth: hci2: command tx timeout [ 576.817168][T13909] loop0: detected capacity change from 0 to 7 [ 576.835949][T13909] Dev loop0: unable to read RDB block 7 [ 576.841903][T13909] loop0: unable to read partition table [ 576.849386][T13909] loop0: partition table beyond EOD, truncated [ 576.862186][T13909] loop_reread_partitions: partition scan of loop0 (被xڬdƤݡ [ 576.862186][T13909] ) failed (rc=-5) [ 577.027770][T13908] "syz.1.2501" (13908) uses obsolete ecb(arc4) skcipher [ 577.137508][T13920] loop0: detected capacity change from 0 to 7 [ 577.164979][T13920] Dev loop0: unable to read RDB block 7 [ 577.185241][T13920] loop0: unable to read partition table [ 577.197946][T13920] loop0: partition table beyond EOD, truncated [ 577.215727][T13920] loop_reread_partitions: partition scan of loop0 (被xڬdƤݡ [ 577.215727][T13920] ) failed (rc=-5) [ 577.697367][ T5089] Bluetooth: hci4: command tx timeout [ 577.902034][ T29] audit: type=1804 audit(2000000044.560:541): pid=13916 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.0.2503" name="/root/syzkaller.jzcZRx/37/file0" dev="sda1" ino=2051 res=1 errno=0 [ 578.033891][ T929] usb 3-1: new high-speed USB device number 50 using dummy_hcd [ 578.233848][ T929] usb 3-1: Using ep0 maxpacket: 8 [ 578.255444][ T929] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 578.265862][ T929] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 578.296148][ T929] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 578.323823][ T929] usb 3-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.01 [ 578.332945][ T929] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 578.344065][ T25] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 578.351903][ T7949] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 578.352379][ T929] usb 3-1: config 0 descriptor?? [ 578.368391][ T929] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 578.534077][ T25] usb 2-1: Using ep0 maxpacket: 8 [ 578.539410][ T7949] usb 1-1: Using ep0 maxpacket: 32 [ 578.551533][ T25] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 578.575834][ T25] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 578.587330][ T7949] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 578.603425][ T25] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 578.607271][ T7949] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 578.614043][ T5089] Bluetooth: Unexpected start frame (len 12) [ 578.626532][ T25] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 578.654572][ T7949] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 578.685641][ T7949] usb 1-1: Product: syz [ 578.706362][ T7949] usb 1-1: Manufacturer: syz [ 578.736348][ T7949] usb 1-1: SerialNumber: syz [ 578.746383][ T25] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 578.769560][ T7949] usb 1-1: config 0 descriptor?? [ 578.782942][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 578.795951][T13944] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 578.977558][T13961] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2518'. [ 579.007308][T11963] usb 1-1: USB disconnect, device number 43 [ 579.028839][ T25] usb 2-1: GET_CAPABILITIES returned 0 [ 579.048681][ T25] usbtmc 2-1:16.0: can't read capabilities [ 579.295577][ T5089] Bluetooth: hci2: command tx timeout [ 579.449698][ T7949] usb 2-1: USB disconnect, device number 39 [ 579.613956][ T784] usb 3-1: USB disconnect, device number 50 [ 580.225006][ T29] audit: type=1804 audit(2000000046.520:542): pid=13985 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.2523" name="/root/syzkaller.M10TS0/388/file0" dev="sda1" ino=2036 res=1 errno=0 [ 581.455948][ T5089] Bluetooth: hci1: command tx timeout [ 581.505479][ T5089] Oops: general protection fault, probably for non-canonical address 0xdffffc000000002e: 0000 [#1] PREEMPT SMP KASAN PTI [ 581.518224][ T5089] KASAN: null-ptr-deref in range [0x0000000000000170-0x0000000000000177] [ 581.526651][ T5089] CPU: 1 PID: 5089 Comm: kworker/u9:3 Not tainted 6.10.0-rc5-syzkaller-00243-g6c0483dbfe72 #0 [ 581.536995][ T5089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 581.547060][ T5089] Workqueue: hci4 hci_rx_work [ 581.551754][ T5089] RIP: 0010:l2cap_sock_recv_cb+0x1af/0x4f0 [ 581.557612][ T5089] Code: 80 3c 07 00 74 08 4c 89 ef e8 3d 6b 7c f7 4d 8b 7d 00 49 8d bf 74 01 00 00 48 89 f8 48 c1 e8 03 49 bd 00 00 00 00 00 fc ff df <42> 0f b6 04 28 84 c0 0f 85 b5 02 00 00 41 8b 9f 74 01 00 00 49 81 [ 581.577252][ T5089] RSP: 0018:ffffc900036cf3c8 EFLAGS: 00010207 [ 581.583325][ T5089] RAX: 000000000000002e RBX: ffff88806d4b7000 RCX: 0000000000040000 [ 581.591295][ T5089] RDX: ffffc90012718000 RSI: 0000000000000d58 RDI: 0000000000000174 [ 581.599290][ T5089] RBP: ffff88806d4b0000 R08: ffffffff8944f190 R09: 1ffff1100da96e0c [ 581.607268][ T5089] R10: dffffc0000000000 R11: ffffed100da96e0d R12: 1ffff1100da96005 [ 581.615298][ T5089] R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000 [ 581.623295][ T5089] FS: 0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 581.632221][ T5089] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 581.638798][ T5089] CR2: 00007f5a34d05aa8 CR3: 0000000053fa8000 CR4: 00000000003506f0 [ 581.646805][ T5089] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 581.654769][ T5089] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 581.662738][ T5089] Call Trace: [ 581.666018][ T5089] [ 581.668944][ T5089] ? __die_body+0x88/0xe0 [ 581.673302][ T5089] ? die_addr+0x108/0x140 [ 581.677642][ T5089] ? exc_general_protection+0x3dd/0x5d0 [ 581.683195][ T5089] ? asm_exc_general_protection+0x26/0x30 [ 581.688918][ T5089] ? __sock_queue_rcv_skb+0x5d0/0x9b0 [ 581.694301][ T5089] ? l2cap_sock_recv_cb+0x1af/0x4f0 [ 581.699499][ T5089] ? l2cap_sock_recv_cb+0x177/0x4f0 [ 581.704711][ T5089] l2cap_recv_frame+0x8d47/0x107d0 [ 581.709828][ T5089] ? __read_once_word_nocheck+0x9/0x20 [ 581.715307][ T5089] ? validate_chain+0x11e/0x5900 [ 581.720251][ T5089] ? validate_chain+0x11e/0x5900 [ 581.725187][ T5089] ? deref_stack_reg+0x1c7/0x260 [ 581.730159][ T5089] ? validate_chain+0x11e/0x5900 [ 581.735098][ T5089] ? validate_chain+0x11e/0x5900 [ 581.740041][ T5089] ? validate_chain+0x11e/0x5900 [ 581.745071][ T5089] ? __pfx_validate_chain+0x10/0x10 [ 581.750273][ T5089] ? __pfx_validate_chain+0x10/0x10 [ 581.755472][ T5089] ? __pfx_validate_chain+0x10/0x10 [ 581.760739][ T5089] ? __pfx_l2cap_recv_frame+0x10/0x10 [ 581.766156][ T5089] ? validate_chain+0x11e/0x5900 [ 581.771117][ T5089] ? __pfx_validate_chain+0x10/0x10 [ 581.776322][ T5089] ? stack_trace_save+0x118/0x1d0 [ 581.781531][ T5089] ? __pfx_validate_chain+0x10/0x10 [ 581.786754][ T5089] ? __pfx_validate_chain+0x10/0x10 [ 581.791988][ T5089] ? __pfx_validate_chain+0x10/0x10 [ 581.797201][ T5089] ? mark_lock+0x9a/0x350 [ 581.801531][ T5089] ? __lock_acquire+0x1346/0x1fd0 [ 581.806558][ T5089] ? mark_lock+0x9a/0x350 [ 581.810925][ T5089] ? hci_rx_work+0x4e7/0xca0 [ 581.815524][ T5089] ? __pfx_lock_release+0x10/0x10 [ 581.820588][ T5089] ? __mutex_unlock_slowpath+0x21d/0x750 [ 581.826261][ T5089] ? __pfx_lock_release+0x10/0x10 [ 581.831282][ T5089] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 581.837262][ T5089] ? hci_conn_enter_active_mode+0x260/0x370 [ 581.843175][ T5089] ? l2cap_recv_acldata+0x48e/0x1550 [ 581.848465][ T5089] ? hci_conn_hash_lookup_handle+0x21/0x240 [ 581.854373][ T5089] ? hci_conn_hash_lookup_handle+0x226/0x240 [ 581.860360][ T5089] hci_rx_work+0x50f/0xca0 [ 581.864802][ T5089] ? process_scheduled_works+0x945/0x1830 [ 581.870550][ T5089] process_scheduled_works+0xa2c/0x1830 [ 581.876137][ T5089] ? __pfx_process_scheduled_works+0x10/0x10 [ 581.882140][ T5089] ? assign_work+0x364/0x3d0 [ 581.886737][ T5089] worker_thread+0x86d/0xd50 [ 581.891333][ T5089] ? __kthread_parkme+0x169/0x1d0 [ 581.896359][ T5089] ? __pfx_worker_thread+0x10/0x10 [ 581.901467][ T5089] kthread+0x2f0/0x390 [ 581.905535][ T5089] ? __pfx_worker_thread+0x10/0x10 [ 581.910641][ T5089] ? __pfx_kthread+0x10/0x10 [ 581.915231][ T5089] ret_from_fork+0x4b/0x80 [ 581.919651][ T5089] ? __pfx_kthread+0x10/0x10 [ 581.924241][ T5089] ret_from_fork_asm+0x1a/0x30 [ 581.929010][ T5089] [ 581.932045][ T5089] Modules linked in: [ 581.935996][ C1] vkms_vblank_simulate: vblank timer overrun [ 581.950771][ T5089] ---[ end trace 0000000000000000 ]--- [ 581.956317][ T5089] RIP: 0010:l2cap_sock_recv_cb+0x1af/0x4f0 [ 581.962213][ T5089] Code: 80 3c 07 00 74 08 4c 89 ef e8 3d 6b 7c f7 4d 8b 7d 00 49 8d bf 74 01 00 00 48 89 f8 48 c1 e8 03 49 bd 00 00 00 00 00 fc ff df <42> 0f b6 04 28 84 c0 0f 85 b5 02 00 00 41 8b 9f 74 01 00 00 49 81 [ 581.982851][ T5089] RSP: 0018:ffffc900036cf3c8 EFLAGS: 00010207 [ 581.989010][ T5089] RAX: 000000000000002e RBX: ffff88806d4b7000 RCX: 0000000000040000 [ 581.997113][ T5089] RDX: ffffc90012718000 RSI: 0000000000000d58 RDI: 0000000000000174 [ 582.005889][ T5089] RBP: ffff88806d4b0000 R08: ffffffff8944f190 R09: 1ffff1100da96e0c [ 582.014321][ T5089] R10: dffffc0000000000 R11: ffffed100da96e0d R12: 1ffff1100da96005 [ 582.022328][ T5089] R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000 [ 582.030357][ T5089] FS: 0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 582.040068][ T5089] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 582.047415][ T5089] CR2: 00007f5a35944d58 CR3: 000000002d23a000 CR4: 00000000003506f0 [ 582.056688][ T5089] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 582.064760][ T5089] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 582.073295][ T5089] Kernel panic - not syncing: Fatal exception [ 582.079679][ T5089] Kernel Offset: disabled [ 582.084016][ T5089] Rebooting in 86400 seconds..