last executing test programs: 6m59.882828753s ago: executing program 3 (id=130): r0 = socket$inet6(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'sit0\x00'}) ioctl$sock_inet6_SIOCSIFDSTADDR(r0, 0x8918, 0x0) 6m59.850462799s ago: executing program 3 (id=131): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x7fff}}, 0x40) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xfffffff9) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/56, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/231, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/70, 0x100000}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0x73, &(0x7f00000001c0)=""/115}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xa}, 0x94) 6m59.227882205s ago: executing program 3 (id=134): r0 = socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) ioctl$USBDEVFS_REAPURBNDELAY(0xffffffffffffffff, 0x4004550c, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x2}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000080)={0x20, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}, {{0xa, 0x20, 0x0, @remote}}}, 0xfffffffffffffdcc) bpf$PROG_LOAD(0x5, 0x0, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2b, 0x0, 0x0) close(0xffffffffffffffff) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000001600)={0x5, 0x10, 0xfffffffb}) r3 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x25, &(0x7f0000000080)=[@in={0x2, 0x0, @dev}], 0xffe2) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000012c0)='/proc/cpuinfo\x00', 0x0, 0x0) read$hiddev(r4, &(0x7f00000000c0)=""/4092, 0xffc) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000007c0)=ANY=[@ANYBLOB="280300002d00090027bd"], 0x328}}, 0x84) bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) openat$tun(0xffffffffffffff9c, 0x0, 0x20000, 0x0) 6m55.391931889s ago: executing program 3 (id=143): connect$unix(0xffffffffffffffff, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$inet6(0xa, 0x805, 0x0) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x4e20, @loopback}, 0x10) socket$nl_route(0x10, 0x3, 0x0) pipe(0x0) syz_pidfd_open(0x0, 0x0) r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000000c0)={'pcl726\x00', [0x4f29, 0x0, 0xc139, 0x4, 0x5, 0xafa0, 0x0, 0x4, 0x54c6cff3, 0xfd, 0x2, 0x1, 0x1, 0x9, 0x6, 0x101, 0xfffffffe, 0xffff, 0x3, 0x40000003, 0x89, 0xcaa3, 0x1000, 0x20001e5b, 0x8000003, 0xe69, 0x3, 0x8, 0x4086, 0x0, 0xfffffff8]}) prlimit64(0x0, 0xc, &(0x7f0000000140)={0x40000000000000, 0x88}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = signalfd(0xffffffffffffffff, 0x0, 0x0) r3 = io_uring_setup(0x1fce, &(0x7f0000000240)={0x0, 0x2326, 0x2, 0x2, 0x14e, 0x0, r2}) io_uring_enter(r3, 0x139c, 0x6481, 0x0, &(0x7f0000000180)={[0x4]}, 0x8) setpgid(r1, 0x0) setpgid(0x0, r1) mount$9p_fd(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x10000, 0x0) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) socket(0x3e5d78e09dacfce8, 0x2, 0x5) r4 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$AUTOFS_IOC_READY(r4, 0x9360, 0x800000000000001) 6m53.906053833s ago: executing program 3 (id=146): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket(0x28, 0x5, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000900)={0x8, 0x3, &(0x7f00000000c0)=@framed, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x61e5cc96}, 0x90) connect$vsock_stream(r1, 0x0, 0x0) listen(r1, 0x8b) ioctl$sock_qrtr_TIOCINQ(r1, 0x541b, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00'}) accept4(r2, 0x0, &(0x7f0000000000), 0x800) mmap$xdp(&(0x7f0000016000/0x4000)=nil, 0x4000, 0x700000d, 0x811, 0xffffffffffffffff, 0x180000000) r3 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r4, 0x0, 0x0) r5 = socket$inet6(0xa, 0x80003, 0x6) connect$inet6(r5, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f0000000340)={{{@in=@broadcast, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x4}, {0x0, 0x4, 0x0, 0xa78a}, 0xfffffffe, 0x0, 0x1}, {{@in=@private, 0x0, 0x33}, 0x0, @in=@rand_addr=0x64010101, 0x0, 0x3, 0x1, 0x7}}, 0xe8) sendmmsg(r5, &(0x7f0000000480), 0x2e9, 0x0) r6 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r6, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000540)={0x2, 0x6, 0x2, 0x0, 0x2, 0x0, 0x2}, 0x10}}, 0x0) r7 = syz_open_dev$video4linux(0x0, 0x5, 0x1a9a00) ioctl$VIDIOC_SUBDEV_S_FMT(r7, 0xc0585605, &(0x7f0000000080)={0x1, 0x0, {0x1, 0x5, 0x3009, 0xb, 0x1, 0xc, 0x2, 0x310}}) connect$inet6(r5, &(0x7f0000000180)={0xa, 0x4e20, 0xffffffff, @empty, 0x5}, 0x1c) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'lo\x00'}) r8 = syz_usb_connect$lan78xx(0x5, 0x3f, &(0x7f0000000dc0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0x424, 0x7850, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0) syz_usb_control_io$lan78xx(r8, 0x0, 0x0) 6m50.09262628s ago: executing program 3 (id=154): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x4) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newtfilter={0x38, 0x2c, 0xd3f, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0xb, 0xfff3}, {}, {0x8, 0x300}}, [@filter_kind_options=@f_basic={{0xa}, {0x8, 0x2, [@TCA_BASIC_EMATCHES={0x4}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x0) 6m49.506101437s ago: executing program 32 (id=154): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x4) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newtfilter={0x38, 0x2c, 0xd3f, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0xb, 0xfff3}, {}, {0x8, 0x300}}, [@filter_kind_options=@f_basic={{0xa}, {0x8, 0x2, [@TCA_BASIC_EMATCHES={0x4}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x0) 6m34.410711692s ago: executing program 1 (id=196): syz_open_dev$video4linux(&(0x7f0000000040), 0x7fff, 0x48b03) 6m34.126711861s ago: executing program 1 (id=198): bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e00000008000000000018000380140003801000018004000300080001"], 0x44}}, 0x20008000) 6m32.489512293s ago: executing program 1 (id=201): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x6}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xe}}]}, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000cc0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x8, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000200)='fdb_delete\x00', r1}, 0x18) socket$l2tp6(0xa, 0x2, 0x73) socket$l2tp6(0xa, 0x2, 0x73) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000180), 0xfea7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000007580), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f0000007680)={0x0, 0x0, &(0x7f0000007640)={&(0x7f0000000000)=ANY=[@ANYBLOB="46040000", @ANYRES16=r7, @ANYBLOB="ff830500000700ffffff", @ANYRES8=r2], 0x4}}, 0x0) sendfile(r6, r5, 0x0, 0x100000002) 6m32.164041645s ago: executing program 1 (id=206): connect$unix(0xffffffffffffffff, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$inet6(0xa, 0x805, 0x0) connect$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x4e20, @loopback}, 0x10) socket$nl_route(0x10, 0x3, 0x0) pipe(0x0) syz_pidfd_open(0x0, 0x0) r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000000c0)={'pcl726\x00', [0x4f29, 0x0, 0xc139, 0x4, 0x5, 0xafa0, 0x0, 0x4, 0x54c6cff3, 0xfd, 0x2, 0x1, 0x1, 0x9, 0x6, 0x101, 0xfffffffe, 0xffff, 0x3, 0x40000003, 0x89, 0xcaa3, 0x1000, 0x20001e5b, 0x8000003, 0xe69, 0x3, 0x8, 0x4086, 0x0, 0xfffffff8]}) prlimit64(0x0, 0xc, &(0x7f0000000140)={0x40000000000000, 0x88}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = signalfd(0xffffffffffffffff, 0x0, 0x0) r3 = io_uring_setup(0x1fce, &(0x7f0000000240)={0x0, 0x2326, 0x2, 0x2, 0x14e, 0x0, r2}) io_uring_enter(r3, 0x139c, 0x6481, 0x0, &(0x7f0000000180)={[0x4]}, 0x8) setpgid(r1, 0x0) setpgid(0x0, r1) r4 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$AUTOFS_IOC_READY(r4, 0x9360, 0x800000000000001) 6m31.821290174s ago: executing program 1 (id=209): socket$inet_sctp(0x2, 0x5, 0x84) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x101000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42042, 0x14a) socket$inet6_sctp(0xa, 0x5, 0x84) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000400)={r3, r5, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x5, 0x0, 0x1}}, 0x40) syz_emit_ethernet(0x4e, &(0x7f0000000800)=ANY=[], 0x0) 6m21.997128128s ago: executing program 1 (id=230): socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x1c5ed000) userfaultfd(0x1) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15) 6m20.664935753s ago: executing program 33 (id=230): socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x1c5ed000) userfaultfd(0x1) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15) 15.783008322s ago: executing program 4 (id=795): syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=@gettaction={0x50, 0x32, 0x100, 0x70bd25, 0x25dfdbfe, {}, [@action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0x1b, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x20, 0x1, [{0x10, 0x14, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0xc, 0x17, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x5}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x8000}, 0x4048801) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70fd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x0, 0x3}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x8040}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x4, 0x80000000, 0x0, {0x0, 0x0, 0x0, 0x0, {0x3, 0x6}, {0xa, 0xffe0}, {0x0, 0x1}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_BYTEMODE={0x8, 0xb, 0x1}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040000}, 0x80) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) socket$netlink(0x10, 0x3, 0x0) r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) lsetxattr$security_evm(&(0x7f0000000580)='./cgroup\x00', &(0x7f00000005c0), 0x0, 0x0, 0x0) setns(r1, 0x24020000) syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0) 15.610731632s ago: executing program 2 (id=796): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) recvmmsg(r0, &(0x7f0000001e00)=[{{0x0, 0x0, 0x0}, 0xa}], 0x1, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x48}}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d80000001c0081044e81f782db44b9040a1d08030e000000e8fea4a1180015000600142603600e1208000f1000810401a80016000a0001", 0x37}], 0x1, 0x0, 0x0, 0x7400}, 0x10) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce620300fe"], 0xfe1b) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001800599c6d0eab070004000523"], 0xfe33) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfe33) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00'}, 0x18) r1 = socket(0x400000000010, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x1c, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x0, {}, [@NHA_BLACKHOLE={0x4}]}, 0x1c}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0xfffffffffffffda3, &(0x7f0000000180)={&(0x7f0000000200)=@delnexthop={0x20, 0x69, 0xb, 0x0, 0x0, {}, [{0x8, 0x1, 0x1}]}, 0x20}}, 0x4000000) 15.11799672s ago: executing program 2 (id=798): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000380)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) r1 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r1, 0x0, 0x0) signalfd4(r1, &(0x7f0000000000)={[0x9]}, 0x8, 0x80000) socket$kcm(0x10, 0x2, 0x0) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) socket$vsock_stream(0x28, 0x1, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10) ppoll(&(0x7f0000000500)=[{r2}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0x8000000000}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0xfffffffffffffffc}, 0x0, 0x0) 13.888738581s ago: executing program 4 (id=799): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x4, 0x4, 0xbf22}, 0x50) bpf$MAP_CREATE(0x0, 0x0, 0x50) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b00"/12], 0x48) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r3, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r3, &(0x7f0000007fc0), 0x800001d, 0xf000000) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000280)={0x100000011, @multicast2, 0x0, 0x0, 'nq\x00', 0x0, 0x2, 0x2a}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xc, 0x16, &(0x7f0000000340)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000003d0301000000000095000000000000006926000000000000bf67000000000000570600000fff07006706000002000000070600000ee60000bf150000000000003d6500000000000065070000021c0000070700004c0000001f7500000000000061540000000000000704"], 0x0}, 0x94) socket$nl_generic(0x10, 0x3, 0x10) 11.888359213s ago: executing program 4 (id=801): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 11.795992212s ago: executing program 4 (id=803): syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4048801) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x8040}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x4, 0x80000000, 0x0, {0x0, 0x0, 0x0, 0x0, {0x3, 0x6}, {0xa, 0xffe0}, {0x0, 0x1}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_BYTEMODE={0x8, 0xb, 0x1}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040000}, 0x80) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c61"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) socket$netlink(0x10, 0x3, 0x0) r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) lsetxattr$security_evm(&(0x7f0000000580)='./cgroup\x00', &(0x7f00000005c0), 0x0, 0x0, 0x0) setns(r1, 0x24020000) syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0) 11.69976729s ago: executing program 2 (id=804): r0 = socket$inet_udp(0x2, 0x2, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3}, 0x94) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) recvmmsg(r0, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000000340)=""/158, 0x9e}], 0x1}, 0xff}], 0x1, 0x0, 0x0) 11.393609367s ago: executing program 0 (id=805): socket$inet6_sctp(0xa, 0x1, 0x84) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x1494c0, 0x189) r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYRES8=r0], 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r1, &(0x7f0000000000), 0xd) 10.48294969s ago: executing program 4 (id=806): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c30000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800"/12], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r3, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x4000001}, 0x8000) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x10, 0x3, 0x0) r7 = socket(0x10, 0x803, 0x2) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r7) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route_sched(r6, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {0x0, 0x6}, {0xffff, 0xffff}, {0x0, 0x10}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000003200)=@newtfilter={0x34, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r8}, [@filter_kind_options=@f_basic={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x40000000000009f, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x3f, &(0x7f00000001c0)={&(0x7f0000000000)=@delchain={0x24, 0x11, 0x1, 0x1f, 0x0, {0x0, 0x0, 0x0, r4}}, 0x24}, 0x1, 0x0, 0x0, 0x4008000}, 0x0) r9 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48) r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000e00)={0x11, 0xd, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r10}, 0x10) statx(0xffffffffffffffff, 0x0, 0x6000, 0x8, 0x0) r11 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r11}, 0x10) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000240)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0xe, 0x7fff0000}]}) r12 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r12, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c0000001000010700020100000000000a0000000600010016"], 0x1c}}, 0x0) 10.303154046s ago: executing program 0 (id=807): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r4 = openat$dma_heap(0xffffffffffffff9c, 0x0, 0x20000, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r4, 0xc0184800, 0x0) setfsgid(0xee00) r5 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_SET(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="20000000021401002abd700001dcdf250800010000"], 0x20}, 0x1, 0x0, 0x0, 0x4000801}, 0x40810) fchdir(0xffffffffffffffff) syz_clone(0x2180, 0x0, 0x0, 0x0, 0x0, 0x0) syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NLBL_CALIPSO_C_LIST(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="080027bd27c9770fed6526230000080102dc0200000008000100000000000800010000000000"], 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) 8.842266713s ago: executing program 0 (id=808): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000580)='vegas', 0x5) sendto$inet(r3, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x11) recvfrom$inet(r3, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x700, 0x0, 0xfffffffffffffd25) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001140)={0x11, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000180)) 8.821844784s ago: executing program 2 (id=809): syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4048801) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8040}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x4, 0x80000000, 0x0, {0x0, 0x0, 0x0, 0x0, {0x3, 0x6}, {0xa, 0xffe0}, {0x0, 0x1}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_BYTEMODE={0x8, 0xb, 0x1}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040000}, 0x80) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c61"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) socket$netlink(0x10, 0x3, 0x0) r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) lsetxattr$security_evm(&(0x7f0000000580)='./cgroup\x00', &(0x7f00000005c0), 0x0, 0x0, 0x0) setns(r1, 0x24020000) syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0) 7.508870735s ago: executing program 2 (id=810): openat$adsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$swradio(0x0, 0x1, 0x2) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x2}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d031, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$sock_inet_udp_SIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, 0x0) setpriority(0x0, 0x0, 0x9) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, 0x0, &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195}, 0x94) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r6 = socket(0xa, 0x3, 0x87) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'bond0\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r6, 0x8916, &(0x7f0000000000)={@dev={0xfe, 0x80, '\x00', 0x2f}, 0x40, r7}) ioctl$KVM_CAP_SPLIT_IRQCHIP(r5, 0x4068aea3, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1) r8 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="180000001600010a"], 0x78}, 0x1, 0x0, 0x0, 0x8000}, 0x0) recvmmsg(r8, &(0x7f0000002a40)=[{{}, 0x9}], 0x1, 0x40002000, 0x0) r9 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_VIF(r9, 0x0, 0xca, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x0, @vifc_lcl_addr=@rand_addr=0xc0586300, @private=0xffffffff}, 0x10) recvmmsg(r8, &(0x7f0000002840)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000340)=""/139, 0x8b}, {&(0x7f0000000440)=""/203, 0xcb}], 0x2, &(0x7f0000000600)=""/86, 0x56}, 0x2}, {{0x0, 0x0, &(0x7f0000001900)=[{&(0x7f0000000680)=""/4096, 0x1000}, {&(0x7f0000001680)=""/219, 0xdb}, {&(0x7f0000001780)=""/205, 0xcd}, {&(0x7f0000000180)=""/62, 0x3e}], 0x4, &(0x7f0000001980)=""/147, 0x93}, 0xe}, {{&(0x7f0000001a40)=@rc={0x1f, @fixed}, 0x80, &(0x7f0000001ac0)=[{0x0}], 0x1}, 0xffffff80}, {{0x0, 0x0, &(0x7f0000002000)=[{&(0x7f0000001b80)=""/16, 0x10}, {0x0}, {&(0x7f0000001cc0)=""/88, 0x58}, {0x0}, {&(0x7f0000001e40)=""/31, 0x1f}, {&(0x7f0000003a80)=""/165, 0xa5}, {&(0x7f0000001f40)=""/4, 0x4}], 0x7, &(0x7f0000002080)=""/66, 0x42}, 0xfffffff9}, {{&(0x7f0000002100)=@ieee802154, 0x80, 0x0}}, {{&(0x7f0000002500)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @multicast1}}, 0x80, &(0x7f0000002700)=[{&(0x7f00000029c0)=""/93, 0x5d}, {&(0x7f0000002680)=""/82, 0x52}], 0x2}, 0x2}], 0x6, 0x60, 0x0) 6.16393295s ago: executing program 0 (id=811): openat$sequencer2(0xffffffffffffff9c, &(0x7f00000005c0), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) ioctl$EVIOCREVOKE(0xffffffffffffffff, 0x40044591, &(0x7f0000000080)=0x7fffffff) setrlimit(0x8, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_open_dev$sg(0x0, 0x0, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x400448c9, &(0x7f00000000c0)={'wlan0\x00', 0x1}) openat$vimc2(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) 1.283128724s ago: executing program 0 (id=812): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000380)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) r1 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r1, 0x0, 0x0) signalfd4(r1, &(0x7f0000000000)={[0x9]}, 0x8, 0x80000) socket$kcm(0x10, 0x2, 0x0) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) socket$vsock_stream(0x28, 0x1, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10) ppoll(&(0x7f0000000500)=[{r2}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0x8000000000}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0xfffffffffffffffc}, 0x0, 0x0) 1.157138294s ago: executing program 4 (id=813): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d00000085"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r5 = openat$dma_heap(0xffffffffffffff9c, 0x0, 0x20000, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r5, 0xc0184800, 0x0) setfsgid(0xee00) r6 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_SET(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="20000000021401002abd700001dcdf250800010000"], 0x20}, 0x1, 0x0, 0x0, 0x4000801}, 0x40810) fchdir(0xffffffffffffffff) syz_clone(0x2180, 0x0, 0x0, 0x0, 0x0, 0x0) syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0) r7 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="0100000000000000000001000000080001003f0000000c000200700f00000000ffff0c00060003000000000000000a000a00272d5d29212b0000140007"], 0x6c}}, 0x0) 1.085095699s ago: executing program 2 (id=814): syz_io_uring_setup(0x1e1e, 0x0, &(0x7f0000002000), &(0x7f0000000000)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 0s ago: executing program 0 (id=815): bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x48}}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d80000001c0081044e81f782db44b9040a1d08030e000000e8fea4a1180015000600142603600e1208000f1000810401a80016000a0001", 0x37}], 0x1, 0x0, 0x0, 0x7400}, 0x10) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce620300fe"], 0xfe1b) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001800599c6d0eab070004000523"], 0xfe33) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfe33) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00'}, 0x18) r0 = socket(0x400000000010, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x1c, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x0, {}, [@NHA_BLACKHOLE={0x4}]}, 0x1c}}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0xfffffffffffffda3, &(0x7f0000000180)={&(0x7f0000000200)=@delnexthop={0x20, 0x69, 0xb, 0x0, 0x0, {}, [{0x8, 0x1, 0x1}]}, 0x20}}, 0x4000000) kernel console output (not intermixed with test programs): [ T7109] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 239.852704][ C1] vkms_vblank_simulate: vblank timer overrun [ 240.881568][ C1] vkms_vblank_simulate: vblank timer overrun [ 241.122130][ C1] vkms_vblank_simulate: vblank timer overrun [ 241.447362][ C1] vkms_vblank_simulate: vblank timer overrun [ 241.568464][ T7128] netlink: 8 bytes leftover after parsing attributes in process `syz.4.323'. [ 242.343494][ C1] vkms_vblank_simulate: vblank timer overrun [ 242.603235][ T5802] Bluetooth: hci2: unexpected event for opcode 0x202d [ 242.704766][ T5998] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 242.863231][ T5998] usb 5-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 242.863263][ T5998] usb 5-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 242.863321][ T5998] usb 5-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 242.863360][ T5998] usb 5-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 242.863372][ T5998] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 242.905653][ T7134] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 243.133602][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 243.226007][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 243.253293][ T13] bond0 (unregistering): Released all slaves [ 243.894780][ T13] hsr_slave_0: left promiscuous mode [ 243.914985][ T13] hsr_slave_1: left promiscuous mode [ 243.918473][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 243.940731][ T5998] aiptek 5-1:17.0: Aiptek using 400 ms programming speed [ 243.948378][ T5998] input: Aiptek as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:17.0/input/input20 [ 243.981626][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 244.179164][ T5998] usb 5-1: USB disconnect, device number 12 [ 244.179254][ C1] aiptek 5-1:17.0: aiptek_irq - usb_submit_urb failed with result -19 [ 244.548933][ T7152] netlink: 24 bytes leftover after parsing attributes in process `syz.2.329'. [ 244.782350][ T7158] netlink: 4 bytes leftover after parsing attributes in process `syz.2.329'. [ 244.874762][ T10] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 245.027779][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 245.043898][ T10] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 245.043925][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 245.043944][ T10] usb 5-1: Product: syz [ 245.043957][ T10] usb 5-1: Manufacturer: syz [ 245.043971][ T10] usb 5-1: SerialNumber: syz [ 245.084503][ T10] usb 5-1: config 0 descriptor?? [ 245.235538][ T13] team0 (unregistering): Port device team_slave_1 removed [ 245.294856][ T10] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 245.477064][ T13] team0 (unregistering): Port device team_slave_0 removed [ 245.910681][ T10] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 245.938536][ T10] usb 5-1: USB disconnect, device number 13 [ 247.841755][ T7165] netlink: 4 bytes leftover after parsing attributes in process `syz.4.332'. [ 248.344241][ T6978] bridge0: port 1(bridge_slave_0) entered blocking state [ 248.354994][ T6978] bridge0: port 1(bridge_slave_0) entered disabled state [ 248.355243][ T6978] bridge_slave_0: entered allmulticast mode [ 248.362062][ T6978] bridge_slave_0: entered promiscuous mode [ 248.402229][ T6978] bridge0: port 2(bridge_slave_1) entered blocking state [ 248.403021][ T6978] bridge0: port 2(bridge_slave_1) entered disabled state [ 248.403209][ T6978] bridge_slave_1: entered allmulticast mode [ 248.429597][ T6978] bridge_slave_1: entered promiscuous mode [ 248.785675][ T6978] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 248.817924][ T6731] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 248.871380][ T6978] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 249.544420][ T7194] netlink: 8 bytes leftover after parsing attributes in process `syz.4.337'. [ 250.050138][ T5802] Bluetooth: hci4: unexpected event for opcode 0x202d [ 250.575505][ T6978] team0: Port device team_slave_0 added [ 250.629659][ T6978] team0: Port device team_slave_1 added [ 253.054736][ T10] usb 5-1: new full-speed USB device number 14 using dummy_hcd [ 253.072936][ T6978] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 253.072953][ T6978] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 253.072978][ T6978] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 253.143265][ T6978] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 253.143281][ T6978] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 253.143304][ T6978] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 253.239843][ T10] usb 5-1: config 0 has an invalid interface number: 92 but max is 0 [ 253.239871][ T10] usb 5-1: config 0 has an invalid descriptor of length 196, skipping remainder of the config [ 253.239888][ T10] usb 5-1: config 0 has no interface number 0 [ 253.239937][ T10] usb 5-1: config 0 interface 92 altsetting 243 endpoint 0xF has invalid maxpacket 1023, setting to 64 [ 253.239962][ T10] usb 5-1: config 0 interface 92 altsetting 243 endpoint 0x6 has invalid wMaxPacketSize 0 [ 253.239983][ T10] usb 5-1: config 0 interface 92 altsetting 243 endpoint 0xE has invalid maxpacket 63913, setting to 64 [ 253.240008][ T10] usb 5-1: config 0 interface 92 altsetting 243 has 4 endpoint descriptors, different from the interface descriptor's value: 5 [ 253.240031][ T10] usb 5-1: config 0 interface 92 has no altsetting 0 [ 253.255217][ T10] usb 5-1: New USB device found, idVendor=1199, idProduct=0024, bcdDevice=83.4b [ 253.255244][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 253.255262][ T10] usb 5-1: Product: syz [ 253.255275][ T10] usb 5-1: Manufacturer: syz [ 253.255287][ T10] usb 5-1: SerialNumber: syz [ 253.395899][ T10] usb 5-1: config 0 descriptor?? [ 253.410818][ T7215] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 253.504006][ T10] sierra 5-1:0.92: Sierra USB modem converter detected [ 254.048500][ T10] usb 5-1: Sierra USB modem converter now attached to ttyUSB0 [ 254.090582][ T62] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 254.108890][ T62] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 254.112210][ T62] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 254.114079][ T10] usb 5-1: USB disconnect, device number 14 [ 254.150355][ T62] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 254.152656][ T62] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 254.218692][ T10] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0 [ 254.219144][ T10] sierra 5-1:0.92: device disconnected [ 254.358576][ T6978] hsr_slave_0: entered promiscuous mode [ 254.360930][ T6978] hsr_slave_1: entered promiscuous mode [ 254.361881][ T6978] debugfs: 'hsr0' already exists in 'hsr' [ 254.361904][ T6978] Cannot create hsr debugfs directory [ 255.730587][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.730657][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.833539][ T7242] netlink: 4 bytes leftover after parsing attributes in process `syz.0.346'. [ 256.284826][ T5802] Bluetooth: hci1: command tx timeout [ 256.415940][ T7255] 9pnet_virtio: no channels available for device [ 257.820404][ T37] audit: type=1326 audit(1760712380.294:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7260 comm="syz.0.350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f999bfeefc9 code=0x7ffc0000 [ 257.820775][ T37] audit: type=1326 audit(1760712380.304:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7260 comm="syz.0.350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f999bfeefc9 code=0x7ffc0000 [ 257.821786][ T37] audit: type=1326 audit(1760712380.304:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7260 comm="syz.0.350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f999bfeefc9 code=0x7ffc0000 [ 257.822513][ T37] audit: type=1326 audit(1760712380.304:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7260 comm="syz.0.350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f999bfeefc9 code=0x7ffc0000 [ 257.822806][ T37] audit: type=1326 audit(1760712380.304:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7260 comm="syz.0.350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f999bfeefc9 code=0x7ffc0000 [ 257.823233][ T37] audit: type=1326 audit(1760712380.304:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7260 comm="syz.0.350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f999bfeefc9 code=0x7ffc0000 [ 257.823717][ T37] audit: type=1326 audit(1760712380.304:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7260 comm="syz.0.350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f999bfeefc9 code=0x7ffc0000 [ 257.824225][ T37] audit: type=1326 audit(1760712380.304:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7260 comm="syz.0.350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f999bfeefc9 code=0x7ffc0000 [ 258.005124][ T37] audit: type=1326 audit(1760712380.494:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7260 comm="syz.0.350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f999bfeefc9 code=0x7ffc0000 [ 258.007354][ T37] audit: type=1326 audit(1760712380.494:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7260 comm="syz.0.350" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f999bfe5e67 code=0x7ffc0000 [ 258.364941][ T5802] Bluetooth: hci1: command tx timeout [ 259.374810][ T31] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 259.526975][ T31] usb 3-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 259.527006][ T31] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 259.527019][ T31] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 259.527042][ T31] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 259.527053][ T31] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 259.565792][ T7275] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 260.473833][ T5802] Bluetooth: hci1: command tx timeout [ 260.474355][ T31] aiptek 3-1:17.0: Aiptek using 400 ms programming speed [ 260.482027][ T31] input: Aiptek as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:17.0/input/input21 [ 260.589916][ T7293] netlink: 8 bytes leftover after parsing attributes in process `syz.4.353'. [ 260.775838][ T996] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 261.065432][ T996] usb 1-1: Using ep0 maxpacket: 8 [ 261.071259][ T996] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 261.071288][ T996] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 261.071306][ T996] usb 1-1: Product: syz [ 261.071320][ T996] usb 1-1: Manufacturer: syz [ 261.071334][ T996] usb 1-1: SerialNumber: syz [ 261.304716][ T996] usb 1-1: config 0 descriptor?? [ 261.468062][ T31] usb 3-1: USB disconnect, device number 13 [ 261.468144][ C1] aiptek 3-1:17.0: aiptek_irq - usb_submit_urb failed with result -19 [ 261.510283][ T996] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 262.613472][ C0] raw-gadget.0 gadget.0: ignoring, device is not running [ 262.613898][ C0] raw-gadget.0 gadget.0: ignoring, device is not running [ 262.614115][ T996] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 262.647915][ T5802] Bluetooth: hci1: command tx timeout [ 262.662972][ T996] usb 1-1: USB disconnect, device number 14 [ 262.685987][ T7220] chnl_net:caif_netlink_parms(): no params data found [ 266.121313][ T3585] bridge_slave_1: left allmulticast mode [ 266.121339][ T3585] bridge_slave_1: left promiscuous mode [ 266.121592][ T3585] bridge0: port 2(bridge_slave_1) entered disabled state [ 266.236232][ T3585] bridge_slave_0: left allmulticast mode [ 266.236258][ T3585] bridge_slave_0: left promiscuous mode [ 266.236514][ T3585] bridge0: port 1(bridge_slave_0) entered disabled state [ 266.363770][ T7341] netlink: 8 bytes leftover after parsing attributes in process `syz.2.364'. [ 268.944739][ T6002] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 269.104711][ T6002] usb 5-1: Using ep0 maxpacket: 8 [ 269.110825][ T6002] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 269.110853][ T6002] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 269.110872][ T6002] usb 5-1: Product: syz [ 269.110886][ T6002] usb 5-1: Manufacturer: syz [ 269.110900][ T6002] usb 5-1: SerialNumber: syz [ 269.154323][ T6002] usb 5-1: config 0 descriptor?? [ 269.357981][ T6002] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 269.636665][ T3585] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 269.675491][ T3585] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 269.697653][ T3585] bond0 (unregistering): Released all slaves [ 269.736449][ T7341] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12 [ 269.736487][ T7341] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12 [ 269.736504][ T7341] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 270.016765][ T6002] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 270.033735][ T6002] usb 5-1: USB disconnect, device number 15 [ 273.818120][ T7384] netlink: 24 bytes leftover after parsing attributes in process `syz.0.377'. [ 274.377024][ T7397] netlink: 8 bytes leftover after parsing attributes in process `syz.2.378'. [ 274.838476][ T7401] netlink: 4 bytes leftover after parsing attributes in process `syz.0.377'. [ 275.248557][ T3585] hsr_slave_0: left promiscuous mode [ 275.284836][ T3585] hsr_slave_1: left promiscuous mode [ 275.285867][ T3585] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 275.335908][ T3585] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 275.584741][ T6002] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 275.754963][ T6002] usb 3-1: Using ep0 maxpacket: 8 [ 275.762774][ T6002] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 275.762878][ T6002] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 275.762891][ T6002] usb 3-1: Product: syz [ 275.762898][ T6002] usb 3-1: Manufacturer: syz [ 275.762905][ T6002] usb 3-1: SerialNumber: syz [ 275.768647][ T6002] usb 3-1: config 0 descriptor?? [ 275.998216][ T6002] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 276.365758][ T3585] team0 (unregistering): Port device team_slave_1 removed [ 276.604859][ T6002] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 276.612692][ T6002] usb 3-1: USB disconnect, device number 14 [ 276.665220][ T3585] team0 (unregistering): Port device team_slave_0 removed [ 282.083844][ T7220] bridge0: port 1(bridge_slave_0) entered blocking state [ 282.084049][ T7220] bridge0: port 1(bridge_slave_0) entered disabled state [ 282.084285][ T7220] bridge_slave_0: entered allmulticast mode [ 282.087382][ T7220] bridge_slave_0: entered promiscuous mode [ 282.125266][ T7220] bridge0: port 2(bridge_slave_1) entered blocking state [ 282.125402][ T7220] bridge0: port 2(bridge_slave_1) entered disabled state [ 282.125624][ T7220] bridge_slave_1: entered allmulticast mode [ 282.129135][ T7220] bridge_slave_1: entered promiscuous mode [ 285.057996][ T62] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 285.186817][ T62] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 285.192592][ T62] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 285.193824][ T62] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 285.202400][ T62] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 285.619399][ T7220] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 286.883818][ T7220] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 287.343461][ T5802] Bluetooth: hci5: command tx timeout [ 288.598250][ T7220] team0: Port device team_slave_0 added [ 288.613201][ T7220] team0: Port device team_slave_1 added [ 290.063077][ T5802] Bluetooth: hci5: command tx timeout [ 290.773567][ T7220] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 290.773582][ T7220] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 290.773607][ T7220] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 290.895548][ T7220] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 290.895560][ T7220] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 290.895573][ T7220] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 293.202299][ T7522] netlink: 8 bytes leftover after parsing attributes in process `syz.4.406'. [ 293.554985][ T7522] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12 [ 293.555027][ T7522] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12 [ 293.555045][ T7522] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 293.558662][ T7220] hsr_slave_0: entered promiscuous mode [ 293.559867][ T7220] hsr_slave_1: entered promiscuous mode [ 293.560760][ T7220] debugfs: 'hsr0' already exists in 'hsr' [ 293.560779][ T7220] Cannot create hsr debugfs directory [ 296.254647][ T5802] Bluetooth: hci5: command tx timeout [ 297.761525][ T3585] bridge_slave_1: left allmulticast mode [ 297.761553][ T3585] bridge_slave_1: left promiscuous mode [ 297.761804][ T3585] bridge0: port 2(bridge_slave_1) entered disabled state [ 297.848092][ T3585] bridge_slave_0: left allmulticast mode [ 297.848120][ T3585] bridge_slave_0: left promiscuous mode [ 297.848372][ T3585] bridge0: port 1(bridge_slave_0) entered disabled state [ 298.081137][ T62] Bluetooth: hci0: unexpected event for opcode 0x202d [ 298.284770][ T62] Bluetooth: hci5: command tx timeout [ 298.625698][ T3585] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 298.746332][ T3585] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 298.808210][ T3585] bond0 (unregistering): Released all slaves [ 299.840881][ T7574] dvmrp0: entered allmulticast mode [ 302.031149][ T3585] hsr_slave_0: left promiscuous mode [ 302.146485][ T3585] hsr_slave_1: left promiscuous mode [ 302.147154][ T3585] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 302.216126][ T3585] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 302.555323][ T7597] netlink: 8 bytes leftover after parsing attributes in process `syz.2.418'. [ 303.592773][ T7604] netlink: 8 bytes leftover after parsing attributes in process `syz.2.419'. [ 305.030228][ T7611] netlink: 8 bytes leftover after parsing attributes in process `syz.0.421'. [ 305.755383][ T3585] team0 (unregistering): Port device team_slave_1 removed [ 305.876391][ T3585] team0 (unregistering): Port device team_slave_0 removed [ 306.356265][ T7604] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12 [ 306.356293][ T7604] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12 [ 306.356304][ T7604] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 306.404370][ T7463] chnl_net:caif_netlink_parms(): no params data found [ 307.202364][ T7630] netlink: 8 bytes leftover after parsing attributes in process `syz.0.425'. [ 309.217884][ T7463] bridge0: port 1(bridge_slave_0) entered blocking state [ 309.218096][ T7463] bridge0: port 1(bridge_slave_0) entered disabled state [ 309.218309][ T7463] bridge_slave_0: entered allmulticast mode [ 309.222606][ T7463] bridge_slave_0: entered promiscuous mode [ 309.464716][ T10] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 309.554581][ T7649] netlink: 8 bytes leftover after parsing attributes in process `syz.2.430'. [ 310.294685][ T10] usb 1-1: Using ep0 maxpacket: 8 [ 310.300117][ T10] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 310.300144][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 310.300162][ T10] usb 1-1: Product: syz [ 310.300175][ T10] usb 1-1: Manufacturer: syz [ 310.300189][ T10] usb 1-1: SerialNumber: syz [ 310.307465][ T10] usb 1-1: config 0 descriptor?? [ 310.540819][ T7657] netlink: 8 bytes leftover after parsing attributes in process `syz.2.432'. [ 311.304686][ T10] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 311.378019][ T7657] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12 [ 311.378062][ T7657] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12 [ 311.378080][ T7657] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 311.468007][ T7463] bridge0: port 2(bridge_slave_1) entered blocking state [ 311.468258][ T7463] bridge0: port 2(bridge_slave_1) entered disabled state [ 311.468612][ T7463] bridge_slave_1: entered allmulticast mode [ 311.498942][ T7463] bridge_slave_1: entered promiscuous mode [ 312.311427][ T7668] netlink: 8 bytes leftover after parsing attributes in process `syz.2.434'. [ 313.225305][ T10] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 313.234809][ T10] usb 1-1: USB disconnect, device number 15 [ 314.578814][ T5802] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 314.583159][ T5802] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 314.586457][ T5802] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 314.617350][ T5802] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 314.618751][ T5802] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 315.509416][ T7689] Bluetooth: MGMT ver 1.23 [ 315.686240][ C1] vkms_vblank_simulate: vblank timer overrun [ 315.840915][ T7698] netlink: 8 bytes leftover after parsing attributes in process `syz.0.440'. [ 316.558222][ C1] vkms_vblank_simulate: vblank timer overrun [ 316.755622][ C1] vkms_vblank_simulate: vblank timer overrun [ 316.961285][ C1] vkms_vblank_simulate: vblank timer overrun [ 317.538039][ C1] vkms_vblank_simulate: vblank timer overrun [ 317.552489][ T5802] Bluetooth: hci3: command tx timeout [ 317.566089][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.566133][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.897672][ T7707] netlink: 8 bytes leftover after parsing attributes in process `syz.0.443'. [ 317.975711][ C1] vkms_vblank_simulate: vblank timer overrun [ 319.040470][ C1] vkms_vblank_simulate: vblank timer overrun [ 319.078603][ C1] vkms_vblank_simulate: vblank timer overrun [ 319.284162][ C1] vkms_vblank_simulate: vblank timer overrun [ 319.541623][ C1] vkms_vblank_simulate: vblank timer overrun [ 319.811524][ C1] vkms_vblank_simulate: vblank timer overrun [ 320.120348][ C1] vkms_vblank_simulate: vblank timer overrun [ 320.358545][ T5802] Bluetooth: hci3: command tx timeout [ 320.425573][ T7463] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 320.447695][ T7463] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 320.848956][ C1] vkms_vblank_simulate: vblank timer overrun [ 321.750637][ C1] vkms_vblank_simulate: vblank timer overrun [ 322.018313][ T7731] netlink: 8 bytes leftover after parsing attributes in process `syz.2.449'. [ 322.019414][ C1] vkms_vblank_simulate: vblank timer overrun [ 322.621793][ C1] vkms_vblank_simulate: vblank timer overrun [ 322.760407][ C1] vkms_vblank_simulate: vblank timer overrun [ 322.808018][ T5802] Bluetooth: hci3: command tx timeout [ 322.886423][ T7731] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12 [ 322.886449][ T7731] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12 [ 322.886460][ T7731] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 322.917959][ C1] vkms_vblank_simulate: vblank timer overrun [ 322.934755][ T996] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 323.080618][ T7463] team0: Port device team_slave_0 added [ 323.091517][ T996] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 323.091535][ T996] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 323.091546][ T996] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 323.091568][ T996] usb 1-1: New USB device found, idVendor=20d6, idProduct=cb17, bcdDevice= 0.00 [ 323.091580][ T996] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 323.096910][ T996] usb 1-1: config 0 descriptor?? [ 323.122105][ T7463] team0: Port device team_slave_1 added [ 323.610198][ T996] input: THQ uDraw Game Tablet for PS3 Joypad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:20D6:CB17.0004/input/input22 [ 323.633731][ T996] input: THQ uDraw Game Tablet for PS3 Touchpad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:20D6:CB17.0004/input/input23 [ 323.803897][ T996] input: THQ uDraw Game Tablet for PS3 Pen as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:20D6:CB17.0004/input/input24 [ 323.936311][ T996] input: THQ uDraw Game Tablet for PS3 Accelerometer as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:20D6:CB17.0004/input/input25 [ 323.974097][ T996] hid-udraw 0003:20D6:CB17.0004: hidraw0: USB HID v0.00 Device [HID 20d6:cb17] on usb-dummy_hcd.0-1/input0 [ 323.983734][ T996] usb 1-1: USB disconnect, device number 16 [ 324.111778][ T7463] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 324.111795][ T7463] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 324.111822][ T7463] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 324.159501][ T7463] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 324.159516][ T7463] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 324.159538][ T7463] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 324.475639][ C1] vkms_vblank_simulate: vblank timer overrun [ 325.491678][ T5802] Bluetooth: hci3: command tx timeout [ 325.494413][ C1] vkms_vblank_simulate: vblank timer overrun [ 325.576807][ C1] vkms_vblank_simulate: vblank timer overrun [ 325.621698][ T7740] fido_id[7740]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory [ 325.694863][ C1] vkms_vblank_simulate: vblank timer overrun [ 327.426460][ T62] Bluetooth: hci0: unexpected event for opcode 0x202d [ 328.883264][ T7463] hsr_slave_0: entered promiscuous mode [ 328.884064][ T7463] hsr_slave_1: entered promiscuous mode [ 328.901860][ T7463] debugfs: 'hsr0' already exists in 'hsr' [ 328.901879][ T7463] Cannot create hsr debugfs directory [ 329.300151][ T62] Bluetooth: hci2: unexpected event for opcode 0x202d [ 329.366104][ T151] bridge_slave_1: left allmulticast mode [ 329.366131][ T151] bridge_slave_1: left promiscuous mode [ 329.366286][ T151] bridge0: port 2(bridge_slave_1) entered disabled state [ 329.489268][ T151] bridge_slave_0: left allmulticast mode [ 329.489289][ T151] bridge_slave_0: left promiscuous mode [ 329.489495][ T151] bridge0: port 1(bridge_slave_0) entered disabled state [ 331.176314][ T37] kauditd_printk_skb: 310 callbacks suppressed [ 331.176332][ T37] audit: type=1326 audit(1760712453.654:545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7793 comm="syz.4.459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8a5f1efc9 code=0x7ffc0000 [ 331.176379][ T37] audit: type=1326 audit(1760712453.654:546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7793 comm="syz.4.459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8a5f1efc9 code=0x7ffc0000 [ 331.176967][ T37] audit: type=1326 audit(1760712453.654:547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7793 comm="syz.4.459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff8a5f1efc9 code=0x7ffc0000 [ 331.182040][ T37] audit: type=1326 audit(1760712453.664:548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7793 comm="syz.4.459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8a5f1efc9 code=0x7ffc0000 [ 331.182094][ T37] audit: type=1326 audit(1760712453.664:549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7793 comm="syz.4.459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7ff8a5f1efc9 code=0x7ffc0000 [ 331.182136][ T37] audit: type=1326 audit(1760712453.664:550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7793 comm="syz.4.459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8a5f1efc9 code=0x7ffc0000 [ 331.182177][ T37] audit: type=1326 audit(1760712453.664:551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7793 comm="syz.4.459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8a5f1efc9 code=0x7ffc0000 [ 331.182469][ T37] audit: type=1326 audit(1760712453.664:552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7793 comm="syz.4.459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7ff8a5f1efc9 code=0x7ffc0000 [ 331.182900][ T37] audit: type=1326 audit(1760712453.664:553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7793 comm="syz.4.459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8a5f1efc9 code=0x7ffc0000 [ 331.183435][ T37] audit: type=1326 audit(1760712453.664:554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7793 comm="syz.4.459" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7ff8a5f1efc9 code=0x7ffc0000 [ 331.896683][ T151] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 331.995587][ T151] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 332.079792][ T151] bond0 (unregistering): Released all slaves [ 332.137555][ T62] Bluetooth: hci2: unexpected event for opcode 0x202d [ 334.935106][ T7810] 9pnet_virtio: no channels available for device [ 338.327315][ T151] hsr_slave_0: left promiscuous mode [ 339.072784][ T151] hsr_slave_1: left promiscuous mode [ 339.073397][ T151] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 339.137370][ T151] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 339.620651][ T7829] netlink: 8 bytes leftover after parsing attributes in process `syz.0.466'. [ 341.142388][ T7843] netlink: 8 bytes leftover after parsing attributes in process `syz.2.471'. [ 342.130839][ T62] Bluetooth: hci4: unexpected event for opcode 0x202d [ 342.195076][ T151] team0 (unregistering): Port device team_slave_1 removed [ 342.365410][ T151] team0 (unregistering): Port device team_slave_0 removed [ 342.796218][ T7843] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12 [ 342.796263][ T7843] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12 [ 342.796274][ T7843] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 344.612205][ T5802] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 344.639269][ T5802] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 344.640570][ T5802] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 344.642977][ T5802] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 344.666316][ T5802] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 344.671157][ T7863] netlink: 24 bytes leftover after parsing attributes in process `syz.2.475'. [ 344.704722][ T996] usb 5-1: new full-speed USB device number 16 using dummy_hcd [ 344.895174][ T996] usb 5-1: config 0 has an invalid interface number: 92 but max is 0 [ 344.895192][ T996] usb 5-1: config 0 has an invalid descriptor of length 196, skipping remainder of the config [ 344.895202][ T996] usb 5-1: config 0 has no interface number 0 [ 344.895232][ T996] usb 5-1: config 0 interface 92 altsetting 243 endpoint 0xF has invalid maxpacket 1023, setting to 64 [ 344.895245][ T996] usb 5-1: config 0 interface 92 altsetting 243 endpoint 0x6 has invalid wMaxPacketSize 0 [ 344.895256][ T996] usb 5-1: config 0 interface 92 altsetting 243 endpoint 0xE has invalid maxpacket 63913, setting to 64 [ 344.895269][ T996] usb 5-1: config 0 interface 92 altsetting 243 has 4 endpoint descriptors, different from the interface descriptor's value: 5 [ 344.895281][ T996] usb 5-1: config 0 interface 92 has no altsetting 0 [ 344.907967][ T996] usb 5-1: New USB device found, idVendor=1199, idProduct=0024, bcdDevice=83.4b [ 344.907993][ T996] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 344.908011][ T996] usb 5-1: Product: syz [ 344.908024][ T996] usb 5-1: Manufacturer: syz [ 344.908037][ T996] usb 5-1: SerialNumber: syz [ 344.927443][ T996] usb 5-1: config 0 descriptor?? [ 344.928598][ T7856] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 344.945268][ T996] sierra 5-1:0.92: Sierra USB modem converter detected [ 345.293382][ T7869] netlink: 4 bytes leftover after parsing attributes in process `syz.2.475'. [ 345.459342][ T7678] chnl_net:caif_netlink_parms(): no params data found [ 345.707923][ T7872] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 346.790132][ T5802] Bluetooth: hci1: command tx timeout [ 347.815755][ T996] usb 5-1: Sierra USB modem converter now attached to ttyUSB0 [ 347.829624][ T996] usb 5-1: USB disconnect, device number 16 [ 347.911498][ T996] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0 [ 347.912335][ T996] sierra 5-1:0.92: device disconnected [ 348.661417][ T7902] netlink: 8 bytes leftover after parsing attributes in process `syz.2.481'. [ 348.858634][ T5802] Bluetooth: hci1: command tx timeout [ 349.549539][ T7902] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12 [ 349.549566][ T7902] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12 [ 349.549576][ T7902] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 350.182691][ T7917] netlink: 'syz.2.484': attribute type 1 has an invalid length. [ 350.182713][ T7917] netlink: 'syz.2.484': attribute type 4 has an invalid length. [ 350.182725][ T7917] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.484'. [ 350.332812][ T7678] bridge0: port 1(bridge_slave_0) entered blocking state [ 350.333044][ T7678] bridge0: port 1(bridge_slave_0) entered disabled state [ 350.333188][ T7678] bridge_slave_0: entered allmulticast mode [ 350.335737][ T7678] bridge_slave_0: entered promiscuous mode [ 350.366903][ T7678] bridge0: port 2(bridge_slave_1) entered blocking state [ 350.366984][ T7678] bridge0: port 2(bridge_slave_1) entered disabled state [ 350.367117][ T7678] bridge_slave_1: entered allmulticast mode [ 350.368862][ T7678] bridge_slave_1: entered promiscuous mode [ 350.514062][ T7923] netlink: 8 bytes leftover after parsing attributes in process `syz.4.485'. [ 350.934905][ T5802] Bluetooth: hci1: command tx timeout [ 351.537103][ T7923] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12 [ 351.537145][ T7923] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12 [ 351.537164][ T7923] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 352.935765][ T151] bridge_slave_1: left allmulticast mode [ 352.935793][ T151] bridge_slave_1: left promiscuous mode [ 352.936042][ T151] bridge0: port 2(bridge_slave_1) entered disabled state [ 353.013644][ T5802] Bluetooth: hci1: command tx timeout [ 353.044124][ T151] bridge_slave_0: left allmulticast mode [ 353.044154][ T151] bridge_slave_0: left promiscuous mode [ 353.044423][ T151] bridge0: port 1(bridge_slave_0) entered disabled state [ 353.406018][ T7946] netlink: 8 bytes leftover after parsing attributes in process `syz.4.490'. [ 354.781536][ T151] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 354.856386][ T151] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 354.901414][ T151] bond0 (unregistering): Released all slaves [ 354.941552][ T7946] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12 [ 354.941596][ T7946] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12 [ 354.941615][ T7946] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 354.952385][ T7678] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 355.100577][ T7678] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 355.324340][ T7965] netlink: 28 bytes leftover after parsing attributes in process `syz.4.494'. [ 355.459681][ T7678] team0: Port device team_slave_0 added [ 355.576647][ T151] hsr_slave_0: left promiscuous mode [ 355.614759][ T151] hsr_slave_1: left promiscuous mode [ 355.615692][ T151] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 355.646503][ T151] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 355.792169][ T7973] netlink: 'syz.4.495': attribute type 1 has an invalid length. [ 355.792191][ T7973] netlink: 'syz.4.495': attribute type 4 has an invalid length. [ 355.792203][ T7973] netlink: 9462 bytes leftover after parsing attributes in process `syz.4.495'. [ 356.665124][ T7985] netlink: 24 bytes leftover after parsing attributes in process `syz.2.496'. [ 356.725594][ T151] team0 (unregistering): Port device team_slave_1 removed [ 356.838945][ T151] team0 (unregistering): Port device team_slave_0 removed [ 356.881780][ T7989] netlink: 4 bytes leftover after parsing attributes in process `syz.2.496'. [ 357.307792][ T7678] team0: Port device team_slave_1 added [ 358.514766][ T9] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 358.534444][ T5802] Bluetooth: hci0: unexpected event for opcode 0x202d [ 358.667571][ T9] usb 1-1: config 17 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 358.667598][ T9] usb 1-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 358.667610][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 358.692156][ T9] aiptek 1-1:17.0: interface has no int in endpoints, but must have minimum 1 [ 359.341750][ T8006] netlink: 8 bytes leftover after parsing attributes in process `syz.2.500'. [ 359.384349][ T8006] netlink: 20 bytes leftover after parsing attributes in process `syz.2.500'. [ 360.252907][ T5802] Bluetooth: hci2: unexpected event for opcode 0x202d [ 360.276645][ T7678] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 360.276661][ T7678] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 360.276683][ T7678] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 360.344745][ T7678] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 360.344761][ T7678] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 360.344788][ T7678] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 360.534326][ T996] usb 1-1: USB disconnect, device number 17 [ 361.049866][ T7678] hsr_slave_0: entered promiscuous mode [ 361.063257][ T7678] hsr_slave_1: entered promiscuous mode [ 361.072047][ T7678] debugfs: 'hsr0' already exists in 'hsr' [ 361.072076][ T7678] Cannot create hsr debugfs directory [ 361.118427][ T7857] chnl_net:caif_netlink_parms(): no params data found [ 361.290228][ T8024] netlink: 28 bytes leftover after parsing attributes in process `syz.4.503'. [ 361.806953][ T10] usb 1-1: new full-speed USB device number 18 using dummy_hcd [ 361.936814][ T8033] netlink: 8 bytes leftover after parsing attributes in process `syz.4.505'. [ 361.973325][ T10] usb 1-1: config 0 has an invalid interface number: 92 but max is 0 [ 361.973342][ T10] usb 1-1: config 0 has an invalid descriptor of length 196, skipping remainder of the config [ 361.973352][ T10] usb 1-1: config 0 has no interface number 0 [ 361.973379][ T10] usb 1-1: config 0 interface 92 altsetting 243 endpoint 0xF has invalid maxpacket 1023, setting to 64 [ 361.973393][ T10] usb 1-1: config 0 interface 92 altsetting 243 endpoint 0x6 has invalid wMaxPacketSize 0 [ 361.973404][ T10] usb 1-1: config 0 interface 92 altsetting 243 endpoint 0xE has invalid maxpacket 63913, setting to 64 [ 361.973417][ T10] usb 1-1: config 0 interface 92 altsetting 243 has 4 endpoint descriptors, different from the interface descriptor's value: 5 [ 361.973431][ T10] usb 1-1: config 0 interface 92 has no altsetting 0 [ 362.056209][ T10] usb 1-1: New USB device found, idVendor=1199, idProduct=0024, bcdDevice=83.4b [ 362.056236][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 362.056255][ T10] usb 1-1: Product: syz [ 362.056268][ T10] usb 1-1: Manufacturer: syz [ 362.056281][ T10] usb 1-1: SerialNumber: syz [ 362.113827][ T10] usb 1-1: config 0 descriptor?? [ 362.117137][ T8027] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 362.155246][ T10] sierra 1-1:0.92: Sierra USB modem converter detected [ 362.598501][ T7857] bridge0: port 1(bridge_slave_0) entered blocking state [ 362.598606][ T7857] bridge0: port 1(bridge_slave_0) entered disabled state [ 362.598793][ T7857] bridge_slave_0: entered allmulticast mode [ 362.601912][ T7857] bridge_slave_0: entered promiscuous mode [ 363.501382][ T7857] bridge0: port 2(bridge_slave_1) entered blocking state [ 363.501515][ T7857] bridge0: port 2(bridge_slave_1) entered disabled state [ 363.504338][ T7857] bridge_slave_1: entered allmulticast mode [ 363.523794][ T7857] bridge_slave_1: entered promiscuous mode [ 364.650941][ T10] usb 1-1: Sierra USB modem converter now attached to ttyUSB0 [ 364.672661][ T10] usb 1-1: USB disconnect, device number 18 [ 364.726933][ T10] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0 [ 364.727707][ T10] sierra 1-1:0.92: device disconnected [ 366.464713][ T5998] usb 3-1: new full-speed USB device number 15 using dummy_hcd [ 366.588032][ T7857] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 366.639403][ T5998] usb 3-1: config 0 has an invalid interface number: 92 but max is 0 [ 366.639430][ T5998] usb 3-1: config 0 has an invalid descriptor of length 196, skipping remainder of the config [ 366.639449][ T5998] usb 3-1: config 0 has no interface number 0 [ 366.639497][ T5998] usb 3-1: config 0 interface 92 altsetting 243 endpoint 0xF has invalid maxpacket 1023, setting to 64 [ 366.639524][ T5998] usb 3-1: config 0 interface 92 altsetting 243 endpoint 0x6 has invalid wMaxPacketSize 0 [ 366.639545][ T5998] usb 3-1: config 0 interface 92 altsetting 243 endpoint 0xE has invalid maxpacket 63913, setting to 64 [ 366.639570][ T5998] usb 3-1: config 0 interface 92 altsetting 243 has 4 endpoint descriptors, different from the interface descriptor's value: 5 [ 366.639597][ T5998] usb 3-1: config 0 interface 92 has no altsetting 0 [ 366.647025][ T5998] usb 3-1: New USB device found, idVendor=1199, idProduct=0024, bcdDevice=83.4b [ 366.647061][ T5998] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 366.647079][ T5998] usb 3-1: Product: syz [ 366.647092][ T5998] usb 3-1: Manufacturer: syz [ 366.647106][ T5998] usb 3-1: SerialNumber: syz [ 366.671431][ T5998] usb 3-1: config 0 descriptor?? [ 366.684303][ T8049] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 366.692279][ T7857] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 366.722260][ T5998] sierra 3-1:0.92: Sierra USB modem converter detected [ 368.538808][ T8062] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 369.142847][ T5802] Bluetooth: hci4: unexpected event for opcode 0x202d [ 369.295113][ T7857] team0: Port device team_slave_0 added [ 369.300899][ T7857] team0: Port device team_slave_1 added [ 369.955064][ T5998] usb 3-1: Sierra USB modem converter now attached to ttyUSB0 [ 370.038087][ T5998] usb 3-1: USB disconnect, device number 15 [ 370.075719][ T7857] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 370.075737][ T7857] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 370.075768][ T7857] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 370.130774][ T7857] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 370.130791][ T7857] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 370.130815][ T7857] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 370.194958][ T5998] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0 [ 370.195877][ T5998] sierra 3-1:0.92: device disconnected [ 371.529024][ T5802] Bluetooth: hci0: unexpected event for opcode 0x202d [ 371.940602][ T7857] hsr_slave_0: entered promiscuous mode [ 371.987999][ T7857] hsr_slave_1: entered promiscuous mode [ 372.022880][ T7857] debugfs: 'hsr0' already exists in 'hsr' [ 372.022911][ T7857] Cannot create hsr debugfs directory [ 372.178304][ T62] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 372.189106][ T62] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 372.190358][ T62] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 372.206989][ T62] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 372.216387][ T62] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 374.294993][ T62] Bluetooth: hci5: command tx timeout [ 374.434671][ T5998] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 374.574687][ T5998] usb 5-1: device descriptor read/64, error -71 [ 374.836052][ T5998] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 375.004744][ T5998] usb 5-1: device descriptor read/64, error -71 [ 375.115014][ T5998] usb usb5-port1: attempt power cycle [ 375.307275][ T8132] Bluetooth: hci0: unsupported parameter 255 [ 375.307296][ T8132] Bluetooth: hci0: invalid length 0, exp 2 for type 0 [ 375.474654][ T5998] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 375.495383][ T5998] usb 5-1: device descriptor read/8, error -71 [ 375.848864][ T5998] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 375.865483][ T5998] usb 5-1: device descriptor read/8, error -71 [ 376.023896][ T5998] usb usb5-port1: unable to enumerate USB device [ 376.761815][ T62] Bluetooth: hci5: command tx timeout [ 376.761915][ C0] vkms_vblank_simulate: vblank timer overrun [ 377.113073][ T8089] chnl_net:caif_netlink_parms(): no params data found [ 377.130066][ T7857] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 377.398855][ C0] vkms_vblank_simulate: vblank timer overrun [ 377.399729][ T7857] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 377.523841][ T8157] netlink: 20 bytes leftover after parsing attributes in process `syz.0.527'. [ 377.529071][ C0] vkms_vblank_simulate: vblank timer overrun [ 377.958672][ C0] vkms_vblank_simulate: vblank timer overrun [ 378.192970][ T7857] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 378.693553][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.693622][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.764718][ T62] Bluetooth: hci5: command tx timeout [ 378.891304][ C0] vkms_vblank_simulate: vblank timer overrun [ 379.043820][ T8165] netlink: 8 bytes leftover after parsing attributes in process `syz.0.528'. [ 379.126179][ T8165] netlink: 20 bytes leftover after parsing attributes in process `syz.0.528'. [ 379.246176][ C0] vkms_vblank_simulate: vblank timer overrun [ 379.340706][ C0] vkms_vblank_simulate: vblank timer overrun [ 380.019899][ T7857] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 380.651697][ T8181] dvmrp0: entered allmulticast mode [ 380.846693][ T62] Bluetooth: hci5: command tx timeout [ 384.916727][ T8089] bridge0: port 1(bridge_slave_0) entered blocking state [ 384.916851][ T8089] bridge0: port 1(bridge_slave_0) entered disabled state [ 384.917241][ T8089] bridge_slave_0: entered allmulticast mode [ 384.919990][ T8089] bridge_slave_0: entered promiscuous mode [ 384.965702][ T8089] bridge0: port 2(bridge_slave_1) entered blocking state [ 384.965846][ T8089] bridge0: port 2(bridge_slave_1) entered disabled state [ 384.966078][ T8089] bridge_slave_1: entered allmulticast mode [ 384.976051][ T8089] bridge_slave_1: entered promiscuous mode [ 385.044728][ T31] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 385.197055][ T31] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 385.197086][ T31] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 385.197111][ T31] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121 [ 385.614461][ T8225] netlink: 8 bytes leftover after parsing attributes in process `syz.4.539'. [ 386.054798][ T8228] netlink: 20 bytes leftover after parsing attributes in process `syz.4.539'. [ 386.343281][ T138] bridge_slave_1: left allmulticast mode [ 386.343308][ T138] bridge_slave_1: left promiscuous mode [ 386.343553][ T138] bridge0: port 2(bridge_slave_1) entered disabled state [ 386.366437][ T8229] netlink: 20 bytes leftover after parsing attributes in process `syz.2.538'. [ 386.396371][ T31] usb 1-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 386.396402][ T31] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 386.396421][ T31] usb 1-1: Product: syz [ 386.396436][ T31] usb 1-1: Manufacturer: syz [ 386.396450][ T31] usb 1-1: SerialNumber: syz [ 386.402463][ T31] usb 1-1: config 0 descriptor?? [ 386.529784][ T8213] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 386.550639][ T8213] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 386.553075][ T31] usb 1-1: ucan: probing device on interface #0 [ 386.701002][ T138] bridge_slave_0: left allmulticast mode [ 386.701031][ T138] bridge_slave_0: left promiscuous mode [ 386.701289][ T138] bridge0: port 1(bridge_slave_0) entered disabled state [ 386.774808][ T31] usb 1-1: ucan: could not read protocol version, ret=0 [ 386.774832][ T31] usb 1-1: ucan: probe failed; try to update the device firmware [ 386.987023][ T31] usb 1-1: USB disconnect, device number 19 [ 389.931296][ T8254] netlink: 24 bytes leftover after parsing attributes in process `syz.0.543'. [ 392.765263][ T138] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 392.836231][ T8277] netlink: 8 bytes leftover after parsing attributes in process `syz.2.547'. [ 393.825564][ T138] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 393.886159][ T138] bond0 (unregistering): Released all slaves [ 394.303234][ T8089] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 394.425618][ T138] hsr_slave_0: left promiscuous mode [ 394.703539][ T138] hsr_slave_1: left promiscuous mode [ 394.705261][ T138] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 395.671736][ T138] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 398.824734][ T9] usb 1-1: new full-speed USB device number 20 using dummy_hcd [ 398.989605][ T9] usb 1-1: config 0 has an invalid interface number: 92 but max is 0 [ 398.989632][ T9] usb 1-1: config 0 has an invalid descriptor of length 196, skipping remainder of the config [ 398.989651][ T9] usb 1-1: config 0 has no interface number 0 [ 398.989702][ T9] usb 1-1: config 0 interface 92 altsetting 243 endpoint 0xF has invalid maxpacket 1023, setting to 64 [ 398.989729][ T9] usb 1-1: config 0 interface 92 altsetting 243 endpoint 0x6 has invalid wMaxPacketSize 0 [ 398.989751][ T9] usb 1-1: config 0 interface 92 altsetting 243 endpoint 0xE has invalid maxpacket 63913, setting to 64 [ 398.989775][ T9] usb 1-1: config 0 interface 92 altsetting 243 has 4 endpoint descriptors, different from the interface descriptor's value: 5 [ 398.989800][ T9] usb 1-1: config 0 interface 92 has no altsetting 0 [ 398.993424][ T9] usb 1-1: New USB device found, idVendor=1199, idProduct=0024, bcdDevice=83.4b [ 398.993451][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 398.993470][ T9] usb 1-1: Product: syz [ 398.993490][ T9] usb 1-1: Manufacturer: syz [ 398.993503][ T9] usb 1-1: SerialNumber: syz [ 399.122842][ T9] usb 1-1: config 0 descriptor?? [ 399.131823][ T8302] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 399.291278][ T9] sierra 1-1:0.92: Sierra USB modem converter detected [ 401.557557][ T138] team0 (unregistering): Port device team_slave_1 removed [ 401.915637][ T138] team0 (unregistering): Port device team_slave_0 removed [ 404.694815][ T9] usb 1-1: Sierra USB modem converter now attached to ttyUSB0 [ 407.023449][ T8089] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 407.142058][ T6002] usb 1-1: USB disconnect, device number 20 [ 407.163487][ T6002] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0 [ 407.164153][ T6002] sierra 1-1:0.92: device disconnected [ 407.686386][ T8343] netlink: 20 bytes leftover after parsing attributes in process `syz.0.562'. [ 408.540027][ T8337] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 408.542375][ T8337] team0: Port device batadv1 added [ 408.600493][ T5802] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 408.619418][ T5802] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 408.623966][ T5802] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 408.736148][ T5802] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 408.758590][ T5802] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 408.886999][ T8089] team0: Port device team_slave_0 added [ 408.913979][ T8089] team0: Port device team_slave_1 added [ 409.919858][ C0] vkms_vblank_simulate: vblank timer overrun [ 410.144222][ C0] vkms_vblank_simulate: vblank timer overrun [ 410.286816][ C0] vkms_vblank_simulate: vblank timer overrun [ 410.738732][ C0] vkms_vblank_simulate: vblank timer overrun [ 410.911689][ T5802] Bluetooth: hci3: command tx timeout [ 411.036124][ C0] vkms_vblank_simulate: vblank timer overrun [ 411.119407][ C0] vkms_vblank_simulate: vblank timer overrun [ 411.196202][ C0] vkms_vblank_simulate: vblank timer overrun [ 411.220790][ T8378] netlink: 8 bytes leftover after parsing attributes in process `syz.0.568'. [ 411.910949][ C0] vkms_vblank_simulate: vblank timer overrun [ 411.970111][ T8378] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12 [ 411.970157][ T8378] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12 [ 411.970177][ T8378] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 412.344701][ T31] usb 3-1: new full-speed USB device number 16 using dummy_hcd [ 412.500633][ C0] vkms_vblank_simulate: vblank timer overrun [ 412.648226][ T31] usb 3-1: config 0 has an invalid interface number: 92 but max is 0 [ 412.648244][ T31] usb 3-1: config 0 has an invalid descriptor of length 196, skipping remainder of the config [ 412.648254][ T31] usb 3-1: config 0 has no interface number 0 [ 412.648286][ T31] usb 3-1: config 0 interface 92 altsetting 243 endpoint 0xF has invalid maxpacket 1023, setting to 64 [ 412.648339][ T31] usb 3-1: config 0 interface 92 altsetting 243 endpoint 0x6 has invalid wMaxPacketSize 0 [ 412.648351][ T31] usb 3-1: config 0 interface 92 altsetting 243 endpoint 0xE has invalid maxpacket 63913, setting to 64 [ 412.648363][ T31] usb 3-1: config 0 interface 92 altsetting 243 has 4 endpoint descriptors, different from the interface descriptor's value: 5 [ 412.648377][ T31] usb 3-1: config 0 interface 92 has no altsetting 0 [ 412.651517][ T31] usb 3-1: New USB device found, idVendor=1199, idProduct=0024, bcdDevice=83.4b [ 412.651535][ T31] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 412.651545][ T31] usb 3-1: Product: syz [ 412.651552][ T31] usb 3-1: Manufacturer: syz [ 412.651559][ T31] usb 3-1: SerialNumber: syz [ 412.791824][ T31] usb 3-1: config 0 descriptor?? [ 412.801713][ T8381] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 412.825008][ T8089] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 412.825024][ T8089] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 412.825048][ T8089] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 412.889275][ C0] vkms_vblank_simulate: vblank timer overrun [ 412.924818][ T5802] Bluetooth: hci3: command tx timeout [ 413.027513][ T31] sierra 3-1:0.92: Sierra USB modem converter detected [ 413.290364][ T8089] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 413.290377][ T8089] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 413.290392][ T8089] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 413.417255][ C0] vkms_vblank_simulate: vblank timer overrun [ 415.004789][ T5802] Bluetooth: hci3: command tx timeout [ 417.088777][ T5802] Bluetooth: hci3: command tx timeout [ 417.090504][ T31] usb 3-1: Sierra USB modem converter now attached to ttyUSB0 [ 417.135991][ T31] usb 3-1: USB disconnect, device number 16 [ 417.235677][ T31] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0 [ 417.240547][ T31] sierra 3-1:0.92: device disconnected [ 417.282025][ T8089] hsr_slave_0: entered promiscuous mode [ 417.283530][ T8089] hsr_slave_1: entered promiscuous mode [ 417.298101][ T8089] debugfs: 'hsr0' already exists in 'hsr' [ 417.298136][ T8089] Cannot create hsr debugfs directory [ 417.864094][ T8421] netlink: 8 bytes leftover after parsing attributes in process `syz.2.574'. [ 418.178818][ T8424] netlink: 8 bytes leftover after parsing attributes in process `syz.0.576'. [ 418.802926][ T8411] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 418.807731][ T8411] team0: Port device batadv1 added [ 419.093515][ T8441] netlink: 8 bytes leftover after parsing attributes in process `syz.4.579'. [ 420.081592][ T37] kauditd_printk_skb: 170 callbacks suppressed [ 420.081609][ T37] audit: type=1326 audit(1760712542.564:725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8444 comm="syz.4.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8a5f1efc9 code=0x7ffc0000 [ 420.081654][ T37] audit: type=1326 audit(1760712542.564:726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8444 comm="syz.4.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8a5f1efc9 code=0x7ffc0000 [ 420.081695][ T37] audit: type=1326 audit(1760712542.564:727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8444 comm="syz.4.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff8a5f1efc9 code=0x7ffc0000 [ 420.081734][ T37] audit: type=1326 audit(1760712542.564:728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8444 comm="syz.4.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8a5f1efc9 code=0x7ffc0000 [ 420.081776][ T37] audit: type=1326 audit(1760712542.564:729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8444 comm="syz.4.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8a5f1efc9 code=0x7ffc0000 [ 420.081816][ T37] audit: type=1326 audit(1760712542.564:730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8444 comm="syz.4.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7ff8a5f1efc9 code=0x7ffc0000 [ 420.081855][ T37] audit: type=1326 audit(1760712542.564:731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8444 comm="syz.4.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8a5f1efc9 code=0x7ffc0000 [ 420.081903][ T37] audit: type=1326 audit(1760712542.564:732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8444 comm="syz.4.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7ff8a5f1efc9 code=0x7ffc0000 [ 420.081942][ T37] audit: type=1326 audit(1760712542.564:733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8444 comm="syz.4.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8a5f1efc9 code=0x7ffc0000 [ 420.081983][ T37] audit: type=1326 audit(1760712542.564:734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8444 comm="syz.4.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7ff8a5f1efc9 code=0x7ffc0000 [ 420.484824][ T996] usb 1-1: new full-speed USB device number 21 using dummy_hcd [ 420.639681][ T996] usb 1-1: config 0 has an invalid interface number: 92 but max is 0 [ 420.639708][ T996] usb 1-1: config 0 has an invalid descriptor of length 196, skipping remainder of the config [ 420.639728][ T996] usb 1-1: config 0 has no interface number 0 [ 420.639776][ T996] usb 1-1: config 0 interface 92 altsetting 243 endpoint 0xF has invalid maxpacket 1023, setting to 64 [ 420.639803][ T996] usb 1-1: config 0 interface 92 altsetting 243 endpoint 0x6 has invalid wMaxPacketSize 0 [ 420.639825][ T996] usb 1-1: config 0 interface 92 altsetting 243 endpoint 0xE has invalid maxpacket 63913, setting to 64 [ 420.639850][ T996] usb 1-1: config 0 interface 92 altsetting 243 has 4 endpoint descriptors, different from the interface descriptor's value: 5 [ 420.639884][ T996] usb 1-1: config 0 interface 92 has no altsetting 0 [ 420.642822][ T996] usb 1-1: New USB device found, idVendor=1199, idProduct=0024, bcdDevice=83.4b [ 420.642850][ T996] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 420.642869][ T996] usb 1-1: Product: syz [ 420.642882][ T996] usb 1-1: Manufacturer: syz [ 420.642895][ T996] usb 1-1: SerialNumber: syz [ 420.770689][ T996] usb 1-1: config 0 descriptor?? [ 420.772177][ T8455] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 420.791359][ T996] sierra 1-1:0.92: Sierra USB modem converter detected [ 423.453654][ T996] usb 1-1: Sierra USB modem converter now attached to ttyUSB0 [ 423.490216][ T996] usb 1-1: USB disconnect, device number 21 [ 423.534578][ T31] usb 5-1: new full-speed USB device number 21 using dummy_hcd [ 423.642060][ T8475] netlink: 8 bytes leftover after parsing attributes in process `syz.2.586'. [ 423.801759][ T996] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0 [ 423.922532][ T996] sierra 1-1:0.92: device disconnected [ 424.437123][ T31] usb 5-1: config 0 has an invalid interface number: 92 but max is 0 [ 424.437154][ T31] usb 5-1: config 0 has an invalid descriptor of length 196, skipping remainder of the config [ 424.437174][ T31] usb 5-1: config 0 has no interface number 0 [ 424.437225][ T31] usb 5-1: config 0 interface 92 altsetting 243 endpoint 0xF has invalid maxpacket 1023, setting to 64 [ 424.437250][ T31] usb 5-1: config 0 interface 92 altsetting 243 endpoint 0x6 has invalid wMaxPacketSize 0 [ 424.437272][ T31] usb 5-1: config 0 interface 92 altsetting 243 endpoint 0xE has invalid maxpacket 63913, setting to 64 [ 424.437297][ T31] usb 5-1: config 0 interface 92 altsetting 243 has 4 endpoint descriptors, different from the interface descriptor's value: 5 [ 424.437322][ T31] usb 5-1: config 0 interface 92 has no altsetting 0 [ 424.440305][ T31] usb 5-1: New USB device found, idVendor=1199, idProduct=0024, bcdDevice=83.4b [ 424.440332][ T31] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 424.440351][ T31] usb 5-1: Product: syz [ 424.440365][ T31] usb 5-1: Manufacturer: syz [ 424.440378][ T31] usb 5-1: SerialNumber: syz [ 424.490410][ T31] usb 5-1: config 0 descriptor?? [ 424.495537][ T8468] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 424.499031][ T31] sierra 5-1:0.92: Sierra USB modem converter detected [ 425.769906][ T8487] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 426.661177][ T8349] chnl_net:caif_netlink_parms(): no params data found [ 427.112738][ T8494] netlink: 20 bytes leftover after parsing attributes in process `syz.0.591'. [ 427.877171][ T31] usb 5-1: Sierra USB modem converter now attached to ttyUSB0 [ 427.950000][ T31] usb 5-1: USB disconnect, device number 21 [ 427.992792][ T31] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0 [ 428.008019][ T31] sierra 5-1:0.92: device disconnected [ 428.944709][ T31] usb 1-1: new full-speed USB device number 22 using dummy_hcd [ 429.723074][ T31] usb 1-1: config 0 has an invalid interface number: 92 but max is 0 [ 429.723102][ T31] usb 1-1: config 0 has an invalid descriptor of length 196, skipping remainder of the config [ 429.723129][ T31] usb 1-1: config 0 has no interface number 0 [ 429.723176][ T31] usb 1-1: config 0 interface 92 altsetting 243 endpoint 0xF has invalid maxpacket 1023, setting to 64 [ 429.723201][ T31] usb 1-1: config 0 interface 92 altsetting 243 endpoint 0x6 has invalid wMaxPacketSize 0 [ 429.723221][ T31] usb 1-1: config 0 interface 92 altsetting 243 endpoint 0xE has invalid maxpacket 63913, setting to 64 [ 429.723244][ T31] usb 1-1: config 0 interface 92 altsetting 243 has 4 endpoint descriptors, different from the interface descriptor's value: 5 [ 429.723268][ T31] usb 1-1: config 0 interface 92 has no altsetting 0 [ 429.805305][ T31] usb 1-1: New USB device found, idVendor=1199, idProduct=0024, bcdDevice=83.4b [ 429.805333][ T31] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 429.805352][ T31] usb 1-1: Product: syz [ 429.805365][ T31] usb 1-1: Manufacturer: syz [ 429.805378][ T31] usb 1-1: SerialNumber: syz [ 429.849947][ T31] usb 1-1: config 0 descriptor?? [ 429.853797][ T8507] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 429.955186][ T31] sierra 1-1:0.92: Sierra USB modem converter detected [ 431.876118][ T8349] bridge0: port 1(bridge_slave_0) entered blocking state [ 431.877389][ T8349] bridge0: port 1(bridge_slave_0) entered disabled state [ 431.877747][ T8349] bridge_slave_0: entered allmulticast mode [ 431.886801][ T8349] bridge_slave_0: entered promiscuous mode [ 431.902473][ T8349] bridge0: port 2(bridge_slave_1) entered blocking state [ 431.902624][ T8349] bridge0: port 2(bridge_slave_1) entered disabled state [ 431.902835][ T8349] bridge_slave_1: entered allmulticast mode [ 431.914142][ T8349] bridge_slave_1: entered promiscuous mode [ 432.326135][ T138] bridge_slave_1: left allmulticast mode [ 432.326164][ T138] bridge_slave_1: left promiscuous mode [ 432.328985][ T138] bridge0: port 2(bridge_slave_1) entered disabled state [ 432.418572][ T138] bridge_slave_0: left allmulticast mode [ 432.418597][ T138] bridge_slave_0: left promiscuous mode [ 432.419108][ T138] bridge0: port 1(bridge_slave_0) entered disabled state [ 432.906757][ T31] usb 1-1: Sierra USB modem converter now attached to ttyUSB0 [ 432.930295][ T31] usb 1-1: USB disconnect, device number 22 [ 432.957800][ T31] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0 [ 432.958661][ T31] sierra 1-1:0.92: device disconnected [ 433.184722][ T996] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 433.248681][ T62] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 433.253205][ T62] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 433.263886][ T62] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 433.269808][ T62] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 433.270563][ T62] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 433.334736][ T996] usb 3-1: Using ep0 maxpacket: 8 [ 433.335689][ T996] usb 3-1: no configurations [ 433.335706][ T996] usb 3-1: can't read configurations, error -22 [ 433.362110][ T138] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 433.455399][ T138] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 433.464870][ T996] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 433.534963][ T138] bond0 (unregistering): Released all slaves [ 433.613806][ T8349] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 433.614755][ T996] usb 3-1: Using ep0 maxpacket: 8 [ 433.615703][ T996] usb 3-1: no configurations [ 433.615716][ T996] usb 3-1: can't read configurations, error -22 [ 433.622066][ T996] usb usb3-port1: attempt power cycle [ 433.850850][ T6002] usb 1-1: new full-speed USB device number 23 using dummy_hcd [ 433.925732][ T8349] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 433.965069][ T996] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 433.985671][ T996] usb 3-1: Using ep0 maxpacket: 8 [ 433.986642][ T996] usb 3-1: no configurations [ 433.986653][ T996] usb 3-1: can't read configurations, error -22 [ 433.998255][ T6002] usb 1-1: config 0 has an invalid interface number: 92 but max is 0 [ 433.998280][ T6002] usb 1-1: config 0 has an invalid descriptor of length 196, skipping remainder of the config [ 433.998298][ T6002] usb 1-1: config 0 has no interface number 0 [ 433.998348][ T6002] usb 1-1: config 0 interface 92 altsetting 243 endpoint 0xF has invalid maxpacket 1023, setting to 64 [ 433.998372][ T6002] usb 1-1: config 0 interface 92 altsetting 243 endpoint 0x6 has invalid wMaxPacketSize 0 [ 433.998393][ T6002] usb 1-1: config 0 interface 92 altsetting 243 endpoint 0xE has invalid maxpacket 63913, setting to 64 [ 433.998417][ T6002] usb 1-1: config 0 interface 92 altsetting 243 has 4 endpoint descriptors, different from the interface descriptor's value: 5 [ 433.998441][ T6002] usb 1-1: config 0 interface 92 has no altsetting 0 [ 434.001472][ T6002] usb 1-1: New USB device found, idVendor=1199, idProduct=0024, bcdDevice=83.4b [ 434.001497][ T6002] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 434.001516][ T6002] usb 1-1: Product: syz [ 434.001528][ T6002] usb 1-1: Manufacturer: syz [ 434.001542][ T6002] usb 1-1: SerialNumber: syz [ 434.011930][ T6002] usb 1-1: config 0 descriptor?? [ 434.013406][ T8557] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 434.021950][ T6002] sierra 1-1:0.92: Sierra USB modem converter detected [ 434.084615][ T1214] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 434.114732][ T996] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 434.135753][ T996] usb 3-1: Using ep0 maxpacket: 8 [ 434.139330][ T996] usb 3-1: no configurations [ 434.139347][ T996] usb 3-1: can't read configurations, error -22 [ 434.141111][ T996] usb usb3-port1: unable to enumerate USB device [ 435.409214][ T62] Bluetooth: hci1: command tx timeout [ 435.433770][ T1214] usb 5-1: Using ep0 maxpacket: 8 [ 435.457514][ T1214] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 435.457541][ T1214] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 435.457560][ T1214] usb 5-1: Product: syz [ 435.457574][ T1214] usb 5-1: Manufacturer: syz [ 435.457588][ T1214] usb 5-1: SerialNumber: syz [ 435.500369][ T138] hsr_slave_0: left promiscuous mode [ 435.503746][ T1214] usb 5-1: config 0 descriptor?? [ 435.545837][ T138] hsr_slave_1: left promiscuous mode [ 435.546866][ T138] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 435.586344][ T138] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 435.960372][ T1214] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 436.764126][ T6002] usb 1-1: Sierra USB modem converter now attached to ttyUSB0 [ 436.821437][ T6002] usb 1-1: USB disconnect, device number 23 [ 436.894774][ T6002] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0 [ 436.895631][ T6002] sierra 1-1:0.92: device disconnected [ 436.924505][ C1] raw-gadget.2 gadget.4: ignoring, device is not running [ 436.924806][ T1214] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 437.077638][ T1214] usb 5-1: USB disconnect, device number 22 [ 437.503850][ T62] Bluetooth: hci1: command tx timeout [ 438.034787][ T1214] usb 5-1: new full-speed USB device number 23 using dummy_hcd [ 438.239507][ T138] team0 (unregistering): Port device team_slave_1 removed [ 438.258007][ T1214] usb 5-1: config 0 has an invalid interface number: 92 but max is 0 [ 438.258033][ T1214] usb 5-1: config 0 has an invalid descriptor of length 196, skipping remainder of the config [ 438.258051][ T1214] usb 5-1: config 0 has no interface number 0 [ 438.258106][ T1214] usb 5-1: config 0 interface 92 altsetting 243 endpoint 0xF has invalid maxpacket 1023, setting to 64 [ 438.258132][ T1214] usb 5-1: config 0 interface 92 altsetting 243 endpoint 0x6 has invalid wMaxPacketSize 0 [ 438.258154][ T1214] usb 5-1: config 0 interface 92 altsetting 243 endpoint 0xE has invalid maxpacket 63913, setting to 64 [ 438.258179][ T1214] usb 5-1: config 0 interface 92 altsetting 243 has 4 endpoint descriptors, different from the interface descriptor's value: 5 [ 438.258496][ T1214] usb 5-1: config 0 interface 92 has no altsetting 0 [ 438.269257][ T1214] usb 5-1: New USB device found, idVendor=1199, idProduct=0024, bcdDevice=83.4b [ 438.269285][ T1214] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 438.269304][ T1214] usb 5-1: Product: syz [ 438.269317][ T1214] usb 5-1: Manufacturer: syz [ 438.269330][ T1214] usb 5-1: SerialNumber: syz [ 438.278005][ T1214] usb 5-1: config 0 descriptor?? [ 438.284058][ T8584] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 438.309236][ T1214] sierra 5-1:0.92: Sierra USB modem converter detected [ 438.815429][ T138] team0 (unregistering): Port device team_slave_0 removed [ 439.735080][ T62] Bluetooth: hci1: command tx timeout [ 440.059648][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.059733][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.712903][ T8349] team0: Port device team_slave_0 added [ 440.747803][ T8349] team0: Port device team_slave_1 added [ 441.806855][ T62] Bluetooth: hci1: command tx timeout [ 442.525175][ T1214] usb 5-1: Sierra USB modem converter now attached to ttyUSB0 [ 442.554655][ T1214] usb 5-1: USB disconnect, device number 23 [ 442.588976][ T1214] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0 [ 442.589846][ T1214] sierra 5-1:0.92: device disconnected [ 442.716945][ T37] kauditd_printk_skb: 216 callbacks suppressed [ 442.716962][ T37] audit: type=1326 audit(1760712565.174:951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8593 comm="syz.4.614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8a5f1efc9 code=0x7ffc0000 [ 442.717010][ T37] audit: type=1326 audit(1760712565.174:952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8593 comm="syz.4.614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8a5f1efc9 code=0x7ffc0000 [ 442.717050][ T37] audit: type=1326 audit(1760712565.174:953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8593 comm="syz.4.614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff8a5f1efc9 code=0x7ffc0000 [ 442.717090][ T37] audit: type=1326 audit(1760712565.174:954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8593 comm="syz.4.614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8a5f1efc9 code=0x7ffc0000 [ 442.717129][ T37] audit: type=1326 audit(1760712565.174:955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8593 comm="syz.4.614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8a5f1efc9 code=0x7ffc0000 [ 442.717172][ T37] audit: type=1326 audit(1760712565.174:956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8593 comm="syz.4.614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7ff8a5f1efc9 code=0x7ffc0000 [ 442.721868][ T37] audit: type=1326 audit(1760712565.174:957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8593 comm="syz.4.614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8a5f1efc9 code=0x7ffc0000 [ 442.721896][ T37] audit: type=1326 audit(1760712565.174:958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8593 comm="syz.4.614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8a5f1efc9 code=0x7ffc0000 [ 442.721920][ T37] audit: type=1326 audit(1760712565.174:959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8593 comm="syz.4.614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7ff8a5f1efc9 code=0x7ffc0000 [ 442.721942][ T37] audit: type=1326 audit(1760712565.174:960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8593 comm="syz.4.614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8a5f1efc9 code=0x7ffc0000 [ 442.979219][ T8349] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 442.979237][ T8349] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 442.979263][ T8349] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 443.035575][ T8349] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 443.035592][ T8349] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 443.035617][ T8349] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 448.414641][ T9] usb 1-1: new full-speed USB device number 24 using dummy_hcd [ 448.442919][ T8349] hsr_slave_0: entered promiscuous mode [ 448.444324][ T8349] hsr_slave_1: entered promiscuous mode [ 448.489858][ T8349] debugfs: 'hsr0' already exists in 'hsr' [ 448.489889][ T8349] Cannot create hsr debugfs directory [ 448.568629][ T9] usb 1-1: config 0 has an invalid interface number: 92 but max is 0 [ 448.568656][ T9] usb 1-1: config 0 has an invalid descriptor of length 196, skipping remainder of the config [ 448.568675][ T9] usb 1-1: config 0 has no interface number 0 [ 448.568723][ T9] usb 1-1: config 0 interface 92 altsetting 243 endpoint 0xF has invalid maxpacket 1023, setting to 64 [ 448.568750][ T9] usb 1-1: config 0 interface 92 altsetting 243 endpoint 0x6 has invalid wMaxPacketSize 0 [ 448.568770][ T9] usb 1-1: config 0 interface 92 altsetting 243 endpoint 0xE has invalid maxpacket 63913, setting to 64 [ 448.568794][ T9] usb 1-1: config 0 interface 92 altsetting 243 has 4 endpoint descriptors, different from the interface descriptor's value: 5 [ 448.568825][ T9] usb 1-1: config 0 interface 92 has no altsetting 0 [ 448.588162][ T9] usb 1-1: New USB device found, idVendor=1199, idProduct=0024, bcdDevice=83.4b [ 448.588192][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 448.588210][ T9] usb 1-1: Product: syz [ 448.588224][ T9] usb 1-1: Manufacturer: syz [ 448.588237][ T9] usb 1-1: SerialNumber: syz [ 448.752220][ T9] usb 1-1: config 0 descriptor?? [ 448.753368][ T8622] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 448.774848][ T9] sierra 1-1:0.92: Sierra USB modem converter detected [ 451.565160][ T9] usb 1-1: Sierra USB modem converter now attached to ttyUSB0 [ 451.624755][ T9] usb 1-1: USB disconnect, device number 24 [ 451.668707][ T9] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0 [ 451.669194][ T9] sierra 1-1:0.92: device disconnected [ 451.906579][ T138] bridge_slave_1: left allmulticast mode [ 451.906600][ T138] bridge_slave_1: left promiscuous mode [ 451.906759][ T138] bridge0: port 2(bridge_slave_1) entered disabled state [ 453.066441][ T138] bridge_slave_0: left allmulticast mode [ 453.066470][ T138] bridge_slave_0: left promiscuous mode [ 453.066731][ T138] bridge0: port 1(bridge_slave_0) entered disabled state [ 455.109904][ T138] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 455.375326][ T138] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 455.380513][ T8677] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 455.380597][ T8677] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 455.717872][ T138] bond0 (unregistering): Released all slaves [ 458.329607][ C0] vkms_vblank_simulate: vblank timer overrun [ 458.619944][ C0] vkms_vblank_simulate: vblank timer overrun [ 458.881917][ C0] vkms_vblank_simulate: vblank timer overrun [ 459.806958][ T138] hsr_slave_0: left promiscuous mode [ 459.854254][ T138] hsr_slave_1: left promiscuous mode [ 459.855085][ T138] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 459.890992][ T138] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 460.048535][ T8720] netlink: 8 bytes leftover after parsing attributes in process `syz.2.644'. [ 460.848280][ C0] vkms_vblank_simulate: vblank timer overrun [ 461.089408][ C0] vkms_vblank_simulate: vblank timer overrun [ 461.146770][ T8722] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 461.146837][ T8722] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 461.319930][ C0] vkms_vblank_simulate: vblank timer overrun [ 461.415758][ T138] team0 (unregistering): Port device team_slave_1 removed [ 461.556939][ T138] team0 (unregistering): Port device team_slave_0 removed [ 461.956427][ T8720] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12 [ 461.956454][ T8720] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12 [ 461.956469][ T8720] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 462.691220][ C0] vkms_vblank_simulate: vblank timer overrun [ 462.930092][ C0] vkms_vblank_simulate: vblank timer overrun [ 463.238394][ C0] vkms_vblank_simulate: vblank timer overrun [ 463.716797][ C0] vkms_vblank_simulate: vblank timer overrun [ 463.735657][ T8553] chnl_net:caif_netlink_parms(): no params data found [ 463.825385][ C0] vkms_vblank_simulate: vblank timer overrun [ 464.893638][ C0] vkms_vblank_simulate: vblank timer overrun [ 465.113408][ C0] vkms_vblank_simulate: vblank timer overrun [ 465.202419][ C0] vkms_vblank_simulate: vblank timer overrun [ 465.404112][ T5802] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 465.420115][ T5802] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 465.422472][ T5802] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 465.447003][ T5802] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 465.452874][ T5802] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 465.537594][ T8553] bridge0: port 1(bridge_slave_0) entered blocking state [ 465.537905][ T8553] bridge0: port 1(bridge_slave_0) entered disabled state [ 465.538132][ T8553] bridge_slave_0: entered allmulticast mode [ 465.565791][ T8553] bridge_slave_0: entered promiscuous mode [ 465.633665][ T8553] bridge0: port 2(bridge_slave_1) entered blocking state [ 465.633823][ T8553] bridge0: port 2(bridge_slave_1) entered disabled state [ 465.634023][ T8553] bridge_slave_1: entered allmulticast mode [ 465.661735][ T8553] bridge_slave_1: entered promiscuous mode [ 465.941530][ C0] vkms_vblank_simulate: vblank timer overrun [ 466.427047][ C0] vkms_vblank_simulate: vblank timer overrun [ 466.917658][ C0] vkms_vblank_simulate: vblank timer overrun [ 467.080139][ C0] vkms_vblank_simulate: vblank timer overrun [ 467.241367][ T8786] netlink: 8 bytes leftover after parsing attributes in process `syz.0.654'. [ 467.485828][ T62] Bluetooth: hci5: command tx timeout [ 468.103912][ T8786] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12 [ 468.103955][ T8786] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12 [ 468.103973][ T8786] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 468.469909][ T8553] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 468.512003][ T8553] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 469.517234][ T8802] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 469.517334][ T8802] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 469.564737][ T62] Bluetooth: hci5: command tx timeout [ 469.785000][ T8553] team0: Port device team_slave_0 added [ 469.851457][ T8553] team0: Port device team_slave_1 added [ 470.417434][ T8553] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 470.417451][ T8553] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 470.417482][ T8553] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 470.522162][ T8553] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 470.522180][ T8553] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 470.523862][ T8553] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 470.821128][ C0] vkms_vblank_simulate: vblank timer overrun [ 470.973654][ T8815] netlink: 8 bytes leftover after parsing attributes in process `syz.0.662'. [ 471.054543][ T8815] netlink: 20 bytes leftover after parsing attributes in process `syz.0.662'. [ 471.498294][ C0] vkms_vblank_simulate: vblank timer overrun [ 471.662158][ T62] Bluetooth: hci5: command tx timeout [ 472.224655][ T996] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 472.227933][ T8310] bridge_slave_1: left allmulticast mode [ 472.227952][ T8310] bridge_slave_1: left promiscuous mode [ 472.228113][ T8310] bridge0: port 2(bridge_slave_1) entered disabled state [ 472.336698][ T8310] bridge_slave_0: left allmulticast mode [ 472.336728][ T8310] bridge_slave_0: left promiscuous mode [ 472.337009][ T8310] bridge0: port 1(bridge_slave_0) entered disabled state [ 472.376070][ T996] usb 1-1: Using ep0 maxpacket: 8 [ 472.378535][ T996] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 472.384369][ T996] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 472.384396][ T996] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 472.384414][ T996] usb 1-1: Product: syz [ 472.384427][ T996] usb 1-1: Manufacturer: syz [ 472.384439][ T996] usb 1-1: SerialNumber: syz [ 472.442913][ T996] usb 1-1: config 0 descriptor?? [ 472.658639][ C0] vkms_vblank_simulate: vblank timer overrun [ 473.850252][ T62] Bluetooth: hci5: command tx timeout [ 473.917085][ C0] vkms_vblank_simulate: vblank timer overrun [ 474.235495][ C0] vkms_vblank_simulate: vblank timer overrun [ 474.420114][ C0] vkms_vblank_simulate: vblank timer overrun [ 474.471757][ C0] vkms_vblank_simulate: vblank timer overrun [ 474.690673][ C0] vkms_vblank_simulate: vblank timer overrun [ 474.882606][ T8310] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 475.080500][ T31] usb 1-1: USB disconnect, device number 25 [ 475.095363][ C0] vkms_vblank_simulate: vblank timer overrun [ 475.195711][ T8310] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 475.336451][ C0] vkms_vblank_simulate: vblank timer overrun [ 475.377523][ T8310] bond0 (unregistering): Released all slaves [ 475.614255][ T8843] netlink: 8 bytes leftover after parsing attributes in process `syz.0.668'. [ 475.686133][ T8843] netlink: 20 bytes leftover after parsing attributes in process `syz.0.668'. [ 476.120816][ T8553] hsr_slave_0: entered promiscuous mode [ 476.122303][ T8553] hsr_slave_1: entered promiscuous mode [ 476.123241][ T8553] debugfs: 'hsr0' already exists in 'hsr' [ 476.123265][ T8553] Cannot create hsr debugfs directory [ 489.382500][ T8893] netlink: 8 bytes leftover after parsing attributes in process `syz.2.676'. [ 490.304566][ T8310] hsr_slave_0: left promiscuous mode [ 490.700778][ T8310] hsr_slave_1: left promiscuous mode [ 490.701786][ T8310] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 490.765778][ T8310] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 492.845516][ T8310] team0 (unregistering): Port device team_slave_1 removed [ 492.975667][ T8310] team0 (unregistering): Port device team_slave_0 removed [ 493.490479][ T5802] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 493.507578][ T5802] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 493.508797][ T5802] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 493.510706][ T5802] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 493.511583][ T5802] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 495.044662][ T996] usb 3-1: new full-speed USB device number 21 using dummy_hcd [ 496.017178][ T5802] Bluetooth: hci3: command tx timeout [ 496.037057][ T996] usb 3-1: config 0 has an invalid interface number: 92 but max is 0 [ 496.037084][ T996] usb 3-1: config 0 has an invalid descriptor of length 196, skipping remainder of the config [ 496.037104][ T996] usb 3-1: config 0 has no interface number 0 [ 496.037153][ T996] usb 3-1: config 0 interface 92 altsetting 243 endpoint 0xF has invalid maxpacket 1023, setting to 64 [ 496.037179][ T996] usb 3-1: config 0 interface 92 altsetting 243 endpoint 0x6 has invalid wMaxPacketSize 0 [ 496.037201][ T996] usb 3-1: config 0 interface 92 altsetting 243 endpoint 0xE has invalid maxpacket 63913, setting to 64 [ 496.037227][ T996] usb 3-1: config 0 interface 92 altsetting 243 has 4 endpoint descriptors, different from the interface descriptor's value: 5 [ 496.037253][ T996] usb 3-1: config 0 interface 92 has no altsetting 0 [ 496.040228][ T996] usb 3-1: New USB device found, idVendor=1199, idProduct=0024, bcdDevice=83.4b [ 496.040254][ T996] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 496.040273][ T996] usb 3-1: Product: syz [ 496.040287][ T996] usb 3-1: Manufacturer: syz [ 496.040300][ T996] usb 3-1: SerialNumber: syz [ 496.166123][ T996] usb 3-1: config 0 descriptor?? [ 496.169480][ T8935] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 496.177490][ T996] sierra 3-1:0.92: Sierra USB modem converter detected [ 496.533248][ T8942] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 496.533738][ T8942] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 498.407869][ T5802] Bluetooth: hci3: command tx timeout [ 499.154175][ T8765] chnl_net:caif_netlink_parms(): no params data found [ 499.425109][ T996] usb 3-1: Sierra USB modem converter now attached to ttyUSB0 [ 499.436704][ T996] usb 3-1: USB disconnect, device number 21 [ 499.458643][ T996] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0 [ 499.459524][ T996] sierra 3-1:0.92: device disconnected [ 500.655205][ T5802] Bluetooth: hci3: command tx timeout [ 501.535406][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.535482][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 503.085927][ T5802] Bluetooth: hci3: command tx timeout [ 503.774764][ T1214] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 504.100094][ T1214] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 504.100125][ T1214] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 504.100149][ T1214] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121 [ 504.150732][ T1214] usb 3-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 504.150763][ T1214] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 504.150782][ T1214] usb 3-1: Product: syz [ 504.150796][ T1214] usb 3-1: Manufacturer: syz [ 504.150810][ T1214] usb 3-1: SerialNumber: syz [ 504.272481][ T1214] usb 3-1: config 0 descriptor?? [ 504.280956][ T8976] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 504.281152][ T8976] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 504.377527][ T1214] usb 3-1: ucan: probing device on interface #0 [ 504.554618][ T1214] usb 3-1: ucan: could not read protocol version, ret=0 [ 504.554642][ T1214] usb 3-1: ucan: probe failed; try to update the device firmware [ 504.756971][ T996] usb 3-1: USB disconnect, device number 22 [ 504.976764][ T9004] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 504.976869][ T9004] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 505.119581][ T8765] bridge0: port 1(bridge_slave_0) entered blocking state [ 505.119687][ T8765] bridge0: port 1(bridge_slave_0) entered disabled state [ 505.119841][ T8765] bridge_slave_0: entered allmulticast mode [ 505.121443][ T8765] bridge_slave_0: entered promiscuous mode [ 505.175886][ T8765] bridge0: port 2(bridge_slave_1) entered blocking state [ 505.176021][ T8765] bridge0: port 2(bridge_slave_1) entered disabled state [ 505.176239][ T8765] bridge_slave_1: entered allmulticast mode [ 505.180894][ T8765] bridge_slave_1: entered promiscuous mode [ 505.334656][ T31] usb 5-1: new full-speed USB device number 24 using dummy_hcd [ 505.342259][ T62] Bluetooth: hci2: unexpected event for opcode 0x202d [ 505.489020][ T31] usb 5-1: config 0 has an invalid interface number: 92 but max is 0 [ 505.489047][ T31] usb 5-1: config 0 has an invalid descriptor of length 196, skipping remainder of the config [ 505.489065][ T31] usb 5-1: config 0 has no interface number 0 [ 505.489097][ T31] usb 5-1: config 0 interface 92 altsetting 243 endpoint 0xF has invalid maxpacket 1023, setting to 64 [ 505.489110][ T31] usb 5-1: config 0 interface 92 altsetting 243 endpoint 0x6 has invalid wMaxPacketSize 0 [ 505.489122][ T31] usb 5-1: config 0 interface 92 altsetting 243 endpoint 0xE has invalid maxpacket 63913, setting to 64 [ 505.489135][ T31] usb 5-1: config 0 interface 92 altsetting 243 has 4 endpoint descriptors, different from the interface descriptor's value: 5 [ 505.489148][ T31] usb 5-1: config 0 interface 92 has no altsetting 0 [ 505.492858][ T31] usb 5-1: New USB device found, idVendor=1199, idProduct=0024, bcdDevice=83.4b [ 505.492876][ T31] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 505.492887][ T31] usb 5-1: Product: syz [ 505.492894][ T31] usb 5-1: Manufacturer: syz [ 505.492901][ T31] usb 5-1: SerialNumber: syz [ 505.503761][ T31] usb 5-1: config 0 descriptor?? [ 505.507775][ T9006] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 505.663089][ T8765] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 505.674990][ T31] sierra 5-1:0.92: Sierra USB modem converter detected [ 507.177459][ T8765] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 507.743381][ T8765] team0: Port device team_slave_0 added [ 507.807942][ T8765] team0: Port device team_slave_1 added [ 508.016957][ T8310] bridge_slave_1: left allmulticast mode [ 508.016985][ T8310] bridge_slave_1: left promiscuous mode [ 508.017204][ T8310] bridge0: port 2(bridge_slave_1) entered disabled state [ 508.236688][ T8310] bridge_slave_0: left allmulticast mode [ 508.236716][ T8310] bridge_slave_0: left promiscuous mode [ 508.236964][ T8310] bridge0: port 1(bridge_slave_0) entered disabled state [ 508.237671][ T31] usb 5-1: Sierra USB modem converter now attached to ttyUSB0 [ 508.330971][ T31] usb 5-1: USB disconnect, device number 24 [ 508.428496][ T31] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0 [ 508.429359][ T31] sierra 5-1:0.92: device disconnected [ 508.855178][ T8310] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 509.013700][ T8310] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 509.095879][ T9] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 509.161000][ T9030] netlink: 8 bytes leftover after parsing attributes in process `syz.2.707'. [ 510.057969][ T8310] bond0 (unregistering): Released all slaves [ 510.104853][ T9032] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 510.104940][ T9032] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 510.129079][ T9030] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12 [ 510.129119][ T9030] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12 [ 510.129139][ T9030] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 510.194642][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 510.224676][ T9] usb 5-1: no configurations [ 510.224695][ T9] usb 5-1: can't read configurations, error -22 [ 510.374644][ T9] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 510.534309][ T9039] netlink: 8 bytes leftover after parsing attributes in process `syz.0.710'. [ 511.350295][ T8765] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 511.350310][ T8765] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 511.350334][ T8765] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 511.350795][ T9039] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12 [ 511.350835][ T9039] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12 [ 511.350853][ T9039] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 511.384720][ T8765] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 511.384739][ T8765] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 511.384770][ T8765] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 511.393242][ T8927] chnl_net:caif_netlink_parms(): no params data found [ 511.394573][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 511.395558][ T9] usb 5-1: no configurations [ 511.395573][ T9] usb 5-1: can't read configurations, error -22 [ 511.403673][ T9] usb usb5-port1: attempt power cycle [ 511.545305][ T62] Bluetooth: hci4: unexpected event for opcode 0x202d [ 511.574844][ T8310] hsr_slave_0: left promiscuous mode [ 511.634743][ T8310] hsr_slave_1: left promiscuous mode [ 511.637603][ T8310] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 511.685206][ T8310] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 511.844586][ T996] usb 3-1: new full-speed USB device number 23 using dummy_hcd [ 511.943657][ T9047] netlink: 24 bytes leftover after parsing attributes in process `syz.4.713'. [ 512.054999][ T996] usb 3-1: config 0 has an invalid interface number: 92 but max is 0 [ 512.055026][ T996] usb 3-1: config 0 has an invalid descriptor of length 196, skipping remainder of the config [ 512.055045][ T996] usb 3-1: config 0 has no interface number 0 [ 512.055092][ T996] usb 3-1: config 0 interface 92 altsetting 243 endpoint 0xF has invalid maxpacket 1023, setting to 64 [ 512.055113][ T996] usb 3-1: config 0 interface 92 altsetting 243 endpoint 0x6 has invalid wMaxPacketSize 0 [ 512.055125][ T996] usb 3-1: config 0 interface 92 altsetting 243 endpoint 0xE has invalid maxpacket 63913, setting to 64 [ 512.055138][ T996] usb 3-1: config 0 interface 92 altsetting 243 has 4 endpoint descriptors, different from the interface descriptor's value: 5 [ 512.055151][ T996] usb 3-1: config 0 interface 92 has no altsetting 0 [ 512.092526][ T996] usb 3-1: New USB device found, idVendor=1199, idProduct=0024, bcdDevice=83.4b [ 512.092554][ T996] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 512.092573][ T996] usb 3-1: Product: syz [ 512.092586][ T996] usb 3-1: Manufacturer: syz [ 512.092599][ T996] usb 3-1: SerialNumber: syz [ 512.100675][ T996] usb 3-1: config 0 descriptor?? [ 512.102151][ T9043] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 512.109356][ T996] sierra 3-1:0.92: Sierra USB modem converter detected [ 512.588894][ T9051] netlink: 4 bytes leftover after parsing attributes in process `syz.4.713'. [ 513.765718][ T8310] team0 (unregistering): Port device team_slave_1 removed [ 513.865074][ T8310] team0 (unregistering): Port device team_slave_0 removed [ 515.595066][ T996] usb 3-1: Sierra USB modem converter now attached to ttyUSB0 [ 515.604222][ T9071] netlink: 24 bytes leftover after parsing attributes in process `syz.2.718'. [ 515.651658][ T8765] hsr_slave_0: entered promiscuous mode [ 515.677570][ T8765] hsr_slave_1: entered promiscuous mode [ 515.683872][ T8765] debugfs: 'hsr0' already exists in 'hsr' [ 515.683898][ T8765] Cannot create hsr debugfs directory [ 515.719394][ T996] usb 3-1: USB disconnect, device number 23 [ 515.849620][ T9074] netlink: 4 bytes leftover after parsing attributes in process `syz.2.718'. [ 515.966986][ T996] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0 [ 515.967738][ T996] sierra 3-1:0.92: device disconnected [ 516.106140][ T9079] netlink: 8 bytes leftover after parsing attributes in process `syz.4.719'. [ 516.973452][ T9079] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12 [ 516.973496][ T9079] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12 [ 516.973515][ T9079] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 517.159023][ T9084] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 517.159112][ T9084] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 518.537245][ C1] vkms_vblank_simulate: vblank timer overrun [ 518.645082][ C1] vkms_vblank_simulate: vblank timer overrun [ 518.843286][ C1] vkms_vblank_simulate: vblank timer overrun [ 518.998778][ T9098] netlink: 24 bytes leftover after parsing attributes in process `syz.2.723'. [ 519.029212][ C1] vkms_vblank_simulate: vblank timer overrun [ 519.247265][ T9102] netlink: 4 bytes leftover after parsing attributes in process `syz.2.723'. [ 519.336157][ T8927] bridge0: port 1(bridge_slave_0) entered blocking state [ 519.336364][ T8927] bridge0: port 1(bridge_slave_0) entered disabled state [ 519.336554][ T8927] bridge_slave_0: entered allmulticast mode [ 519.346771][ T8927] bridge_slave_0: entered promiscuous mode [ 519.669126][ T8927] bridge0: port 2(bridge_slave_1) entered blocking state [ 519.669262][ T8927] bridge0: port 2(bridge_slave_1) entered disabled state [ 519.669478][ T8927] bridge_slave_1: entered allmulticast mode [ 519.675398][ T8927] bridge_slave_1: entered promiscuous mode [ 520.068292][ T8927] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 520.095202][ T8927] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 520.104730][ T5890] usb 1-1: new full-speed USB device number 26 using dummy_hcd [ 520.257192][ T5890] usb 1-1: config 0 has an invalid interface number: 92 but max is 0 [ 520.257220][ T5890] usb 1-1: config 0 has an invalid descriptor of length 196, skipping remainder of the config [ 520.257245][ T5890] usb 1-1: config 0 has no interface number 0 [ 520.257295][ T5890] usb 1-1: config 0 interface 92 altsetting 243 endpoint 0xF has invalid maxpacket 1023, setting to 64 [ 520.257309][ T5890] usb 1-1: config 0 interface 92 altsetting 243 endpoint 0x6 has invalid wMaxPacketSize 0 [ 520.257320][ T5890] usb 1-1: config 0 interface 92 altsetting 243 endpoint 0xE has invalid maxpacket 63913, setting to 64 [ 520.257333][ T5890] usb 1-1: config 0 interface 92 altsetting 243 has 4 endpoint descriptors, different from the interface descriptor's value: 5 [ 520.257347][ T5890] usb 1-1: config 0 interface 92 has no altsetting 0 [ 520.261790][ T5890] usb 1-1: New USB device found, idVendor=1199, idProduct=0024, bcdDevice=83.4b [ 520.261821][ T5890] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 520.261840][ T5890] usb 1-1: Product: syz [ 520.261854][ T5890] usb 1-1: Manufacturer: syz [ 520.261867][ T5890] usb 1-1: SerialNumber: syz [ 520.276634][ T5890] usb 1-1: config 0 descriptor?? [ 520.297296][ T9110] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 520.327287][ T5890] sierra 1-1:0.92: Sierra USB modem converter detected [ 520.484411][ T8927] team0: Port device team_slave_0 added [ 520.817554][ T8927] team0: Port device team_slave_1 added [ 520.892170][ C1] vkms_vblank_simulate: vblank timer overrun [ 521.666108][ C1] vkms_vblank_simulate: vblank timer overrun [ 521.846924][ C1] vkms_vblank_simulate: vblank timer overrun [ 522.522878][ C1] vkms_vblank_simulate: vblank timer overrun [ 522.918749][ T9121] netlink: 8 bytes leftover after parsing attributes in process `syz.2.729'. [ 525.252507][ T9121] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12 [ 525.252553][ T9121] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12 [ 525.252572][ T9121] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 525.445016][ T5890] usb 1-1: Sierra USB modem converter now attached to ttyUSB0 [ 525.487440][ T5890] usb 1-1: USB disconnect, device number 26 [ 525.508642][ T5890] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0 [ 525.509453][ T5890] sierra 1-1:0.92: device disconnected [ 525.553939][ T9138] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 525.554032][ T9138] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 526.136330][ T9149] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 526.156747][ T8927] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 526.156760][ T8927] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 526.156781][ T8927] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 526.158862][ T8927] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 526.158875][ T8927] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 526.158901][ T8927] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 526.162617][ T9149] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 526.262812][ T9149] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 526.270178][ T9149] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 526.271205][ T9149] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 526.635547][ T31] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 526.657843][ T8927] hsr_slave_0: entered promiscuous mode [ 526.667835][ T8927] hsr_slave_1: entered promiscuous mode [ 526.669487][ T8927] debugfs: 'hsr0' already exists in 'hsr' [ 526.669513][ T8927] Cannot create hsr debugfs directory [ 526.787415][ T31] usb 5-1: Using ep0 maxpacket: 8 [ 526.788037][ T31] usb 5-1: no configurations [ 526.788047][ T31] usb 5-1: can't read configurations, error -22 [ 526.914587][ T31] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 527.003335][ C0] vkms_vblank_simulate: vblank timer overrun [ 527.065829][ T31] usb 5-1: Using ep0 maxpacket: 8 [ 527.066818][ T31] usb 5-1: no configurations [ 527.066833][ T31] usb 5-1: can't read configurations, error -22 [ 527.067389][ T31] usb usb5-port1: attempt power cycle [ 527.414586][ T31] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 527.435264][ T31] usb 5-1: Using ep0 maxpacket: 8 [ 527.435832][ T31] usb 5-1: no configurations [ 527.435841][ T31] usb 5-1: can't read configurations, error -22 [ 527.565418][ T9156] Bluetooth: hci0: invalid length 0, exp 2 for type 0 [ 527.574617][ T31] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 527.583782][ T13] bridge_slave_1: left allmulticast mode [ 527.583808][ T13] bridge_slave_1: left promiscuous mode [ 527.584045][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 527.595265][ T31] usb 5-1: Using ep0 maxpacket: 8 [ 527.616588][ T31] usb 5-1: no configurations [ 527.616607][ T31] usb 5-1: can't read configurations, error -22 [ 527.617125][ T31] usb usb5-port1: unable to enumerate USB device [ 527.697633][ T13] bridge_slave_0: left allmulticast mode [ 527.697661][ T13] bridge_slave_0: left promiscuous mode [ 527.697930][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 527.904614][ T31] usb 1-1: new full-speed USB device number 27 using dummy_hcd [ 527.995262][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 528.057246][ T31] usb 1-1: config 0 has an invalid interface number: 92 but max is 0 [ 528.057275][ T31] usb 1-1: config 0 has an invalid descriptor of length 196, skipping remainder of the config [ 528.057293][ T31] usb 1-1: config 0 has no interface number 0 [ 528.057342][ T31] usb 1-1: config 0 interface 92 altsetting 243 endpoint 0xF has invalid maxpacket 1023, setting to 64 [ 528.057360][ T31] usb 1-1: config 0 interface 92 altsetting 243 endpoint 0x6 has invalid wMaxPacketSize 0 [ 528.057371][ T31] usb 1-1: config 0 interface 92 altsetting 243 endpoint 0xE has invalid maxpacket 63913, setting to 64 [ 528.057384][ T31] usb 1-1: config 0 interface 92 altsetting 243 has 4 endpoint descriptors, different from the interface descriptor's value: 5 [ 528.057398][ T31] usb 1-1: config 0 interface 92 has no altsetting 0 [ 528.060008][ T31] usb 1-1: New USB device found, idVendor=1199, idProduct=0024, bcdDevice=83.4b [ 528.060036][ T31] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 528.060055][ T31] usb 1-1: Product: syz [ 528.060068][ T31] usb 1-1: Manufacturer: syz [ 528.060081][ T31] usb 1-1: SerialNumber: syz [ 528.064012][ T31] usb 1-1: config 0 descriptor?? [ 528.089691][ T9159] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 528.093217][ T31] sierra 1-1:0.92: Sierra USB modem converter detected [ 528.104548][ T996] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 528.207487][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 528.269652][ T13] bond0 (unregistering): Released all slaves [ 528.284768][ T9149] Bluetooth: hci1: command tx timeout [ 528.292631][ T996] usb 3-1: Using ep0 maxpacket: 8 [ 528.303814][ T996] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 528.303841][ T996] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 528.303860][ T996] usb 3-1: Product: syz [ 528.303873][ T996] usb 3-1: Manufacturer: syz [ 528.303887][ T996] usb 3-1: SerialNumber: syz [ 528.342356][ T996] usb 3-1: config 0 descriptor?? [ 528.575543][ T996] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 529.453087][ C0] vkms_vblank_simulate: vblank timer overrun [ 530.041837][ C0] vkms_vblank_simulate: vblank timer overrun [ 530.051952][ T996] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 530.071083][ T996] usb 3-1: USB disconnect, device number 24 [ 530.497795][ T9149] Bluetooth: hci1: command tx timeout [ 530.500919][ C0] vkms_vblank_simulate: vblank timer overrun [ 530.565633][ C0] vkms_vblank_simulate: vblank timer overrun [ 530.712551][ C0] vkms_vblank_simulate: vblank timer overrun [ 530.797895][ C0] vkms_vblank_simulate: vblank timer overrun [ 530.949334][ T31] usb 1-1: Sierra USB modem converter now attached to ttyUSB0 [ 530.974588][ T31] usb 1-1: USB disconnect, device number 27 [ 530.996386][ T31] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0 [ 530.997245][ T31] sierra 1-1:0.92: device disconnected [ 531.019562][ C0] vkms_vblank_simulate: vblank timer overrun [ 531.053018][ T9168] netlink: 24 bytes leftover after parsing attributes in process `syz.0.742'. [ 531.160156][ T13] hsr_slave_0: left promiscuous mode [ 531.206821][ T13] hsr_slave_1: left promiscuous mode [ 531.207836][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 531.242909][ T9175] netlink: 4 bytes leftover after parsing attributes in process `syz.0.742'. [ 531.302667][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 532.694291][ T9187] Bluetooth: hci0: invalid length 0, exp 2 for type 0 [ 532.788319][ T9149] Bluetooth: hci1: command tx timeout [ 533.544115][ T13] team0 (unregistering): Port device team_slave_1 removed [ 534.820840][ T13] team0 (unregistering): Port device team_slave_0 removed [ 534.844630][ T9149] Bluetooth: hci1: command tx timeout [ 535.259853][ T31] usb 3-1: new full-speed USB device number 25 using dummy_hcd [ 535.460186][ T31] usb 3-1: config 0 has an invalid interface number: 92 but max is 0 [ 535.460214][ T31] usb 3-1: config 0 has an invalid descriptor of length 196, skipping remainder of the config [ 535.460233][ T31] usb 3-1: config 0 has no interface number 0 [ 535.460296][ T31] usb 3-1: config 0 interface 92 altsetting 243 endpoint 0xF has invalid maxpacket 1023, setting to 64 [ 535.460323][ T31] usb 3-1: config 0 interface 92 altsetting 243 endpoint 0x6 has invalid wMaxPacketSize 0 [ 535.460345][ T31] usb 3-1: config 0 interface 92 altsetting 243 endpoint 0xE has invalid maxpacket 63913, setting to 64 [ 535.460371][ T31] usb 3-1: config 0 interface 92 altsetting 243 has 4 endpoint descriptors, different from the interface descriptor's value: 5 [ 535.460404][ T31] usb 3-1: config 0 interface 92 has no altsetting 0 [ 535.564100][ T31] usb 3-1: New USB device found, idVendor=1199, idProduct=0024, bcdDevice=83.4b [ 535.564129][ T31] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 535.564147][ T31] usb 3-1: Product: syz [ 535.564160][ T31] usb 3-1: Manufacturer: syz [ 535.564173][ T31] usb 3-1: SerialNumber: syz [ 535.621254][ T31] usb 3-1: config 0 descriptor?? [ 535.637351][ T9196] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 535.639702][ T31] sierra 3-1:0.92: Sierra USB modem converter detected [ 537.608097][ T8927] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 537.797700][ T8927] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 537.859368][ T9147] chnl_net:caif_netlink_parms(): no params data found [ 537.871368][ T8927] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 537.998921][ T8927] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 538.116901][ T31] usb 3-1: Sierra USB modem converter now attached to ttyUSB0 [ 538.137245][ T31] usb 3-1: USB disconnect, device number 25 [ 538.165199][ T31] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0 [ 538.166123][ T31] sierra 3-1:0.92: device disconnected [ 538.266101][ T9218] Bluetooth: hci0: invalid length 0, exp 2 for type 0 [ 539.288678][ T9232] netlink: 8 bytes leftover after parsing attributes in process `syz.0.759'. [ 542.020827][ T9147] bridge0: port 1(bridge_slave_0) entered blocking state [ 542.021037][ T9147] bridge0: port 1(bridge_slave_0) entered disabled state [ 542.021270][ T9147] bridge_slave_0: entered allmulticast mode [ 542.048831][ T9147] bridge_slave_0: entered promiscuous mode [ 542.064895][ T9261] Bluetooth: hci0: invalid length 0, exp 2 for type 0 [ 542.073607][ T9147] bridge0: port 2(bridge_slave_1) entered blocking state [ 542.073754][ T9147] bridge0: port 2(bridge_slave_1) entered disabled state [ 542.073939][ T9147] bridge_slave_1: entered allmulticast mode [ 542.103592][ T9147] bridge_slave_1: entered promiscuous mode [ 542.751702][ T9] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 542.823156][ T9147] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 543.576661][ T9147] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 543.596937][ T9] usb 3-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 543.596969][ T9] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 543.596994][ T9] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 543.597035][ T9] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 543.597055][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 543.720927][ T9264] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 544.731198][ T9] aiptek 3-1:17.0: Aiptek using 400 ms programming speed [ 544.745476][ T9] input: Aiptek as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:17.0/input/input27 [ 547.261854][ T9] usb 3-1: USB disconnect, device number 26 [ 547.261941][ C0] aiptek 3-1:17.0: aiptek_irq - usb_submit_urb failed with result -19 [ 547.417577][ T37] kauditd_printk_skb: 247 callbacks suppressed [ 547.417594][ T37] audit: type=1326 audit(1760712669.904:1208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9287 comm="syz.4.775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8a5f1efc9 code=0x7ffc0000 [ 547.417928][ T37] audit: type=1326 audit(1760712669.904:1209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9287 comm="syz.4.775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff8a5f1efc9 code=0x7ffc0000 [ 547.418859][ T37] audit: type=1326 audit(1760712669.904:1210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9287 comm="syz.4.775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8a5f1efc9 code=0x7ffc0000 [ 547.419607][ T37] audit: type=1326 audit(1760712669.904:1211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9287 comm="syz.4.775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7ff8a5f1efc9 code=0x7ffc0000 [ 547.419882][ T37] audit: type=1326 audit(1760712669.904:1212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9287 comm="syz.4.775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8a5f1efc9 code=0x7ffc0000 [ 547.420253][ T37] audit: type=1326 audit(1760712669.904:1213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9287 comm="syz.4.775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8a5f1efc9 code=0x7ffc0000 [ 547.420536][ T37] audit: type=1326 audit(1760712669.904:1214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9287 comm="syz.4.775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7ff8a5f1efc9 code=0x7ffc0000 [ 547.420792][ T37] audit: type=1326 audit(1760712669.904:1215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9287 comm="syz.4.775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8a5f1efc9 code=0x7ffc0000 [ 547.421266][ T37] audit: type=1326 audit(1760712669.904:1216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9287 comm="syz.4.775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8a5f1efc9 code=0x7ffc0000 [ 547.421513][ T37] audit: type=1326 audit(1760712669.904:1217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9287 comm="syz.4.775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7ff8a5f1efc9 code=0x7ffc0000 [ 547.470087][ T9291] Bluetooth: hci0: invalid length 0, exp 2 for type 0 [ 547.736070][ T9147] team0: Port device team_slave_0 added [ 547.822850][ T9147] team0: Port device team_slave_1 added [ 549.140731][ T9147] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 549.140748][ T9147] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 549.140771][ T9147] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 549.148112][ T9147] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 549.148127][ T9147] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 549.148152][ T9147] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 549.552800][ T9309] netlink: 8 bytes leftover after parsing attributes in process `syz.0.783'. [ 550.522781][ T9147] hsr_slave_0: entered promiscuous mode [ 550.524157][ T9147] hsr_slave_1: entered promiscuous mode [ 550.528945][ T9147] debugfs: 'hsr0' already exists in 'hsr' [ 550.528973][ T9147] Cannot create hsr debugfs directory [ 550.942419][ C0] vkms_vblank_simulate: vblank timer overrun [ 551.685690][ T9328] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 552.666093][ C0] vkms_vblank_simulate: vblank timer overrun [ 553.191879][ C0] vkms_vblank_simulate: vblank timer overrun [ 555.069702][ C0] vkms_vblank_simulate: vblank timer overrun [ 555.113131][ C0] vkms_vblank_simulate: vblank timer overrun [ 555.286691][ C0] vkms_vblank_simulate: vblank timer overrun [ 555.527566][ C0] vkms_vblank_simulate: vblank timer overrun [ 556.755776][ T9147] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 556.978702][ C0] vkms_vblank_simulate: vblank timer overrun [ 557.464063][ T62] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 557.508527][ C0] vkms_vblank_simulate: vblank timer overrun [ 557.731264][ C0] vkms_vblank_simulate: vblank timer overrun [ 557.787373][ T9147] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 557.873807][ T62] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 557.876262][ T62] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 557.877441][ T62] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 557.878626][ T62] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 557.900301][ C0] vkms_vblank_simulate: vblank timer overrun [ 558.169162][ T9379] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 558.826303][ C0] vkms_vblank_simulate: vblank timer overrun [ 558.973284][ C0] vkms_vblank_simulate: vblank timer overrun [ 559.039446][ T9147] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 559.117631][ T9147] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 559.718662][ C0] vkms_vblank_simulate: vblank timer overrun [ 560.284508][ T9149] Bluetooth: hci5: command tx timeout [ 560.349950][ C0] vkms_vblank_simulate: vblank timer overrun [ 560.443238][ T9402] netlink: 24 bytes leftover after parsing attributes in process `syz.4.806'. [ 560.532757][ T9400] Bluetooth: hci0: invalid length 0, exp 2 for type 7 [ 560.933536][ C0] vkms_vblank_simulate: vblank timer overrun [ 560.967673][ T9411] netlink: 4 bytes leftover after parsing attributes in process `syz.4.806'. [ 561.074385][ T9412] netlink: 8 bytes leftover after parsing attributes in process `syz.0.807'. [ 561.912836][ C0] vkms_vblank_simulate: vblank timer overrun [ 562.051657][ C0] vkms_vblank_simulate: vblank timer overrun [ 563.456879][ C0] vkms_vblank_simulate: vblank timer overrun [ 563.458757][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.458831][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.463214][ T9149] Bluetooth: hci5: command tx timeout [ 564.002164][ C0] vkms_vblank_simulate: vblank timer overrun [ 564.733904][ C0] vkms_vblank_simulate: vblank timer overrun [ 565.484915][ T9149] Bluetooth: hci5: command tx timeout [ 567.564584][ T9149] Bluetooth: hci5: command tx timeout [ 570.710342][ T9445] netlink: [ 570.710342][ T9445] netlink: 8 bytes leftover after parsing attributes in process `syz.4.813'. [ 570.721753][ T9445] netlink: 20 bytes leftover after parsing attributes in process `syz.4.813'. [ 571.065091][ T26] ================================================================== [ 571.065104][ T26] BUG: KASAN: vmalloc-out-of-bounds in run_irq_workd+0x116/0x190 [ 571.065137][ T26] Read of size 8 at addr ffffc9000532d090 by task irq_work/1/26 [ 571.065152][ T26] [ 571.065173][ T26] CPU: 1 UID: 0 PID: 26 Comm: irq_work/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 571.065194][ T26] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 571.065212][ T26] Call Trace: [ 571.065223][ T26] [ 571.065231][ T26] dump_stack_lvl+0x189/0x250 [ 571.065253][ T26] ? run_irq_workd+0x116/0x190 [ 571.065272][ T26] ? __pfx_dump_stack_lvl+0x10/0x10 [ 571.065293][ T26] ? __pfx__printk+0x10/0x10 [ 571.065316][ T26] ? __virt_addr_valid+0xdc/0x5c0 [ 571.065336][ T26] ? __virt_addr_valid+0xdc/0x5c0 [ 571.065357][ T26] print_report+0xca/0x240 [ 571.065380][ T26] ? run_irq_workd+0x116/0x190 [ 571.065398][ T26] kasan_report+0x118/0x150 [ 571.065418][ T26] ? run_irq_workd+0x116/0x190 [ 571.065441][ T26] run_irq_workd+0x116/0x190 [ 571.065460][ T26] ? __pfx_run_irq_workd+0x10/0x10 [ 571.065478][ T26] ? schedule+0x91/0x360 [ 571.065503][ T26] ? smpboot_thread_fn+0x4d/0xa60 [ 571.065521][ T26] ? smpboot_thread_fn+0x4d/0xa60 [ 571.065536][ T26] smpboot_thread_fn+0x542/0xa60 [ 571.065554][ T26] ? smpboot_thread_fn+0x4d/0xa60 [ 571.065574][ T26] kthread+0x711/0x8a0 [ 571.065595][ T26] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 571.065612][ T26] ? __pfx_kthread+0x10/0x10 [ 571.065630][ T26] ? rt_spin_unlock+0x150/0x200 [ 571.065654][ T26] ? rt_spin_unlock+0x161/0x200 [ 571.065673][ T26] ? __pfx_kthread+0x10/0x10 [ 571.065693][ T26] ret_from_fork+0x4bc/0x870 [ 571.065719][ T26] ? __pfx_ret_from_fork+0x10/0x10 [ 571.065747][ T26] ? __switch_to_asm+0x39/0x70 [ 571.065768][ T26] ? __switch_to_asm+0x33/0x70 [ 571.065789][ T26] ? __pfx_kthread+0x10/0x10 [ 571.065809][ T26] ret_from_fork_asm+0x1a/0x30 [ 571.065839][ T26] [ 571.065845][ T26] [ 571.065850][ T26] The buggy address belongs to a vmalloc virtual mapping [ 571.065877][ T26] Memory state around the buggy address: [ 571.065887][ T26] ffffc9000532cf80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 571.065900][ T26] ffffc9000532d000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 571.065912][ T26] >ffffc9000532d080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 571.065925][ T26] ^ [ 571.065934][ T26] ffffc9000532d100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 571.065947][ T26] ffffc9000532d180: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 571.065956][ T26] ================================================================== [ 571.065976][ T26] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 571.065988][ T26] CPU: 1 UID: 0 PID: 26 Comm: irq_work/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 571.066009][ T26] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 571.066020][ T26] Call Trace: [ 571.066026][ T26] [ 571.066033][ T26] dump_stack_lvl+0x99/0x250 [ 571.066053][ T26] ? __asan_memcpy+0x40/0x70 [ 571.066077][ T26] ? __pfx_dump_stack_lvl+0x10/0x10 [ 571.066096][ T26] ? __pfx__printk+0x10/0x10 [ 571.066122][ T26] vpanic+0x237/0x6d0 [ 571.066139][ T26] ? __pfx_vpanic+0x10/0x10 [ 571.066160][ T26] panic+0xb9/0xc0 [ 571.066176][ T26] ? __pfx_panic+0x10/0x10 [ 571.066190][ T26] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 571.066219][ T26] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 571.066247][ T26] ? run_irq_workd+0x116/0x190 [ 571.066266][ T26] check_panic_on_warn+0x89/0xb0 [ 571.066288][ T26] ? run_irq_workd+0x116/0x190 [ 571.066306][ T26] end_report+0x78/0x160 [ 571.066323][ T26] kasan_report+0x129/0x150 [ 571.066343][ T26] ? run_irq_workd+0x116/0x190 [ 571.066365][ T26] run_irq_workd+0x116/0x190 [ 571.066383][ T26] ? __pfx_run_irq_workd+0x10/0x10 [ 571.066401][ T26] ? schedule+0x91/0x360 [ 571.066425][ T26] ? smpboot_thread_fn+0x4d/0xa60 [ 571.066442][ T26] ? smpboot_thread_fn+0x4d/0xa60 [ 571.066458][ T26] smpboot_thread_fn+0x542/0xa60 [ 571.066475][ T26] ? smpboot_thread_fn+0x4d/0xa60 [ 571.066495][ T26] kthread+0x711/0x8a0 [ 571.066516][ T26] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 571.066532][ T26] ? __pfx_kthread+0x10/0x10 [ 571.066550][ T26] ? rt_spin_unlock+0x150/0x200 [ 571.066574][ T26] ? rt_spin_unlock+0x161/0x200 [ 571.066593][ T26] ? __pfx_kthread+0x10/0x10 [ 571.066613][ T26] ret_from_fork+0x4bc/0x870 [ 571.066652][ T26] ? __pfx_ret_from_fork+0x10/0x10 [ 571.066680][ T26] ? __switch_to_asm+0x39/0x70 [ 571.066702][ T26] ? __switch_to_asm+0x33/0x70 [ 571.066723][ T26] ? __pfx_kthread+0x10/0x10 [ 571.066743][ T26] ret_from_fork_asm+0x1a/0x30 [ 571.066773][ T26] [ 571.067095][ T26] Kernel Offset: disabled