last executing test programs: 1m23.043350316s ago: executing program 1 (id=28): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0500000004000000080000000500000000"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) socket$inet6(0xa, 0x200000000003, 0x87) syz_emit_ethernet(0x4e, &(0x7f0000000100)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x15}, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "03136c", 0x18, 0x87, 0x0, @private2={0xfc, 0x2, '\x00', 0xfd}, @mcast2, {[@srh={0x3b, 0x2, 0x4, 0x1, 0x3, 0x28, 0x8001, [@local]}]}}}}}, 0x0) 1m22.746735338s ago: executing program 1 (id=29): sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000580)="d4fa0c511aad03aa5ed217677bc41c027d9c830c439c7f821ddd78b6915cb170e7603acf9e433c2903bb6773f4b0130668a1e5b5e08d21d0b69c28ca3455aed65855c86f3d1e5789d26375a0d85eaf5e92e19c9affcf76e7a94e76556d2b104ebf645747fadc91460f4b3c94e1a89b51be4a6aa4c65285f988329a8163b69c51b801500a5bacd0463976e2960e2679ef2feee5e6ce6bb78a51fb0e15820d13e4a5aa9e0742a6f8d677ad28fea356657bb550c8311b682d9003c82267a15aa7334bc53b65b9119a1a7d905c7dd365b85c230bbad0d5d0a79819e112637819d9a187cfdf782c6127d2d4281926ab0e22f7346b616fe28ed0b9f4a0c9fdac6d3a90a9c38b5e31448a45546388c95045bc22fe88c43b82a0a5d3eb61c238a5159ea98db9c00aeef644ae98a8cb8dffff3b7ba14d7971910b559623af8295", 0x13c}], 0x2, 0x0, 0x21}, 0x28000814) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) socket$isdn_base(0x22, 0x3, 0x0) sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000081}, 0xc1) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b18, &(0x7f0000000000)={'wlan0\x00'}) 1m22.127374131s ago: executing program 1 (id=31): r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000e5cf01406e0510401c20000000010902120001000000000904"], 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f00000003c0)={0x34, &(0x7f0000000140)={0x0, 0xc, 0x1, '.'}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000500)={0x34, &(0x7f0000000400)={0x20, 0x13, 0x2, "b81c"}, 0x0, 0x0, 0x0, 0x0, 0x0}) 1m18.7520147s ago: executing program 1 (id=42): r0 = socket$inet_udp(0x2, 0x2, 0x0) recvmmsg(r0, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}], 0x40000000000012d, 0x2, 0x0) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000180)=0x80000001, 0x4) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff8000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x1000)=nil, &(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x32, &(0x7f0000001140)={@broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @void, {@ipv4={0x800, @udp={{0x6, 0x4, 0x0, 0x8, 0x24, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty, {[@timestamp={0x44, 0x4, 0x5e}]}}, {0x1, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0) 1m18.509575134s ago: executing program 1 (id=45): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) socketpair$unix(0x1, 0x2, 0x0, 0x0) unshare(0x24020400) connect$unix(0xffffffffffffffff, 0x0, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) epoll_create1(0x0) ioctl$BINDER_THREAD_EXIT(0xffffffffffffffff, 0x40046208, 0x0) r5 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) ioctl$USBDEVFS_SUBMITURB(r5, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x2000000b, 0x80, &(0x7f0000000240)={0x3, 0x0, 0xfffa, 0x4360}, 0x8, 0x6, 0x7d, 0x0, 0x1, 0x101, 0x0}) ioctl$USBDEVFS_REAPURBNDELAY(r5, 0x4008550d, &(0x7f0000000000)) socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_udp(0xa, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) 1m17.145865069s ago: executing program 1 (id=46): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r3], 0x1c}}, 0x0) write$nci(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="4f03020303020601ab1702"], 0xb) 1m1.895794697s ago: executing program 32 (id=46): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r3], 0x1c}}, 0x0) write$nci(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="4f03020303020601ab1702"], 0xb) 22.043707219s ago: executing program 0 (id=249): r0 = syz_usb_connect$uac1(0x0, 0xac, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029a0003010000000904000000010100000a24010000000201020c24020000000000000800000524050000082407000000009e0c240700000000a3e82f07070d240701060000fd80000000e80924030000000001"], 0x0) syz_usb_control_io(r0, &(0x7f0000000140)={0x2c, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x407}}, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$uac1(r0, &(0x7f0000001840)={0x14, 0x0, &(0x7f0000000180)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x3009}}}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000c40)={0x84, &(0x7f0000000000)={0x20, 0x14, 0x5, "0000681fe0"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000004c0)={0x44, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x20, 0x82, 0x2, '\x00\x00'}, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000a00)={0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="208402"], 0x0}) 19.775007493s ago: executing program 3 (id=259): r0 = gettid() mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) socketpair$unix(0x1, 0x3, 0x0, 0x0) openat$sysfs(0xffffffffffffff9c, 0x0, 0xc3a01, 0x0) process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0x7ffff000}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) 19.447751283s ago: executing program 3 (id=260): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000000500)=0x3, 0x4) sendmmsg$inet(r0, &(0x7f0000000e40)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000011c0)="93bffce623851797a8dc7901f0048678cd35ef833c350900f95a94770a6845b091e69f243dea0d601c54e9c93ee3568b89a3427c84262ff67b679ccac305b5cea1dcd151d7bb5754603b6b0e362d8041bdc61529260e6c4046d55927c96dcce1609b9c4f8424b9da760270a470f95b99ebb6", 0x72}, {0x0}], 0x2}}], 0x1, 0xc0) 19.144242447s ago: executing program 3 (id=262): r0 = socket(0x6, 0x3, 0x1) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x13, &(0x7f00000009c0)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000}, 0x94) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) syz_emit_ethernet(0x2a, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) r4 = shmget$private(0x0, 0x13000, 0x1, &(0x7f0000feb000/0x13000)=nil) shmat(r4, &(0x7f0000ff7000/0x3000)=nil, 0x400c) munmap(&(0x7f0000ffb000/0x1000)=nil, 0x1000) mremap(&(0x7f0000ff8000/0x3000)=nil, 0x3000, 0x4000, 0x0, &(0x7f0000ffc000/0x4000)=nil) connect$netrom(r3, &(0x7f0000000080)={{0x6, @rose, 0x8}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @default, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x8, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000004380), 0x1814800, &(0x7f0000000380)=ANY=[@ANYBLOB='trans=fd', @ANYRESHEX, @ANYBLOB='\x00\x00\x00', @ANYRESHEX, @ANYRESOCT=r0]) socket$inet6_udplite(0xa, 0x2, 0x88) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[@ANYBLOB="40010000", @ANYRESOCT, @ANYRES32=r1, @ANYRES32=r6, @ANYBLOB="0c00990000000000000000000800a0004e16000008009f000a000000080026000816"], 0x40}}, 0x200040b4) r7 = socket$alg(0x26, 0x5, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r9, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="6400000000010104000000000000000002000000240001801400018008000100e000000108000200000000000c0002800500010000000000240002800c000280050001000000000014000180080001007f00000108000200ac141400080007"], 0x64}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(r9, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="38000000020109040000000000000000021f"], 0x38}, 0x1, 0x0, 0x0, 0x40010}, 0x0) sendmsg$nl_generic(r8, &(0x7f0000000000)={0x0, 0xffffffffffffff00, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES32=r3, @ANYRES16=0x0], 0x30}, 0x1, 0x0, 0x0, 0x4048011}, 0x48080) setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000000180)="dd9d480e", 0x4) 18.39264579s ago: executing program 0 (id=264): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x26e1, 0x0) close(r0) r1 = socket$nl_generic(0x10, 0x3, 0x10) recvmsg$unix(r0, &(0x7f0000002100)={0x0, 0x0, 0x0}, 0x2100) sendmsg$nl_generic(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) recvmsg$can_raw(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000900)=[{0x0}, {&(0x7f0000002140)=""/4096, 0x1000}, {0x0}, {&(0x7f0000000340)=""/117, 0x75}, {&(0x7f00000004c0)=""/108, 0x6c}, {&(0x7f00000003c0)=""/143, 0x8f}, {&(0x7f0000003140)=""/4096, 0x1000}, {&(0x7f0000004140)=""/4096, 0x1000}], 0x8}, 0x10000) 18.283532519s ago: executing program 3 (id=265): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x0) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) splice(r2, 0x0, r3, 0x0, 0x7, 0x8) 18.059427013s ago: executing program 2 (id=266): r0 = socket(0x6, 0x3, 0x1) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x13, &(0x7f00000009c0)=ANY=[@ANYRES16=r0], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000}, 0x94) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff}, 0x0) syz_emit_ethernet(0x2a, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) r5 = shmget$private(0x0, 0x13000, 0x1, &(0x7f0000feb000/0x13000)=nil) shmat(r5, &(0x7f0000ff7000/0x3000)=nil, 0x400c) munmap(&(0x7f0000ffb000/0x1000)=nil, 0x1000) mremap(&(0x7f0000ff8000/0x3000)=nil, 0x3000, 0x4000, 0x0, &(0x7f0000ffc000/0x4000)=nil) connect$netrom(r4, &(0x7f0000000080)={{0x6, @rose, 0x8}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @default, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x8, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000004380), 0x1814800, &(0x7f0000000380)=ANY=[@ANYBLOB='trans=fd', @ANYRESHEX=r2, @ANYBLOB, @ANYRESHEX, @ANYRESOCT=r0]) socket$inet6_udplite(0xa, 0x2, 0x88) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[@ANYBLOB="40010000", @ANYRESOCT=r2, @ANYRES32=r1, @ANYRES32=r7, @ANYBLOB="0c00990000000000000000000800a0004e16000008009f000a000000080026000816"], 0x40}}, 0x200040b4) r8 = socket$alg(0x26, 0x5, 0x0) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r10, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="6400000000010104000000000000000002000000240001801400018008000100e000000108000200000000000c0002800500010000000000240002800c000280050001000000000014000180080001007f00000108000200ac141400080007"], 0x64}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(r10, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="38000000020109040000000000000000021f"], 0x38}, 0x1, 0x0, 0x0, 0x40010}, 0x0) sendmsg$nl_generic(r9, &(0x7f0000000000)={0x0, 0xffffffffffffff00, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES32=r4, @ANYRES16=0x0], 0x30}, 0x1, 0x0, 0x0, 0x4048011}, 0x48080) setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, &(0x7f0000000180)="dd9d480e", 0x4) 18.058860935s ago: executing program 3 (id=268): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TLS_TX(r0, 0x6, 0x1, &(0x7f00000000c0)=@gcm_256={{0x303}, '\x00', "5193bb672965593497c186a80e00", '\x00\x00=*', "1202000000040030"}, 0x38) capset(0x0, &(0x7f0000000040)={0x200000, 0x200000, 0x20000000}) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000020, &(0x7f0000000040)=0xa, 0x1959cc36) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback, 0xffff}, 0x1c) 18.058616146s ago: executing program 0 (id=269): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000327bd7000fedbdf251300000008000100706369303a30303a31302e3000000000080003000000000008000b00d009000006001100070000000800010070636900110002"], 0x7c}, 0x1, 0x0, 0x0, 0x4000000}, 0x48050) r0 = socket(0x10, 0x2, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="700200001300290a000000000000000007000000", @ANYRES32=r2, @ANYBLOB="000000000000000010010c8013000c800ca3488008000000000000000800038064001d80050006000000000014000500714abbd2547de97cbbf6efb226f19bf90d0002003a288e5e5b5b5a40000000006000078014000400293a02149f3b75a67093c28fd6f55a2314000400e48f01e49713f0c2d839f940d9f088d8050006000000003bd00002006272696467655f736c6176655f30000007000200293a00000500060000000000080001000000000018002580140004004d2906d0880fc8acc30fe2020f9849675000028004000500a1085e7df341b9dc3d8008a2fe5bdaad140004009c7e472c916020fe41bcc5aa8f56c9471400050080ab8be51421cfa3c9e5cbfe8217e0af0800010000000000080001000000000060001a803f0003"], 0x270}, 0x1, 0x0, 0x0, 0x20008014}, 0x4) 17.391931046s ago: executing program 3 (id=270): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000040), r1) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, r2, 0x1, 0x70bd26, 0x25dfdbfc, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r3}]}, 0x1c}}, 0x0) write$nci(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="7105050302f70101010603012c040ffc700173"], 0x13) 17.365156887s ago: executing program 4 (id=271): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000001c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x8a, 0x3}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r3 = dup3(r2, r1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r7, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x78, 0x18, &(0x7f0000000980)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x1, 0x3}, @ptr={0x70742a85, 0x3, 0x0, 0x0, 0x800000, 0x22}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x0, 0x7}}, &(0x7f0000000240)={0x0, 0x28, 0x50}}, 0x1000}], 0x0, 0x0, 0x0}) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f0000000440), 0x0) syz_emit_ethernet(0x5e, &(0x7f0000000040)=ANY=[], 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f00000000c0), 0x8) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000200), 0x4) shmget$private(0x0, 0x3000, 0x10, &(0x7f0000ffc000/0x3000)=nil) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x2d, 0x0, @val=@netfilter={0xa, 0x1, 0x353a, 0x1}}, 0x20) syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa1780c206050086dd6018232500102c"], 0x0) 17.224393138s ago: executing program 2 (id=272): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x3a, &(0x7f0000001c00)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x2, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x18, 0x0, @wg=@data={0x4, 0x3, 0xfffffffffffffffd}}}}}}, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local, @local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x66, 0x0, 0x0, 0x11, 0x0, @rand_addr=0x64010101, @multicast1}, {0x0, 0x4e20, 0x8}}}}}, 0x0) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f0000000240)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0xffffffffffffff6b, &(0x7f0000000000)="ff", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x82) 17.163748865s ago: executing program 0 (id=273): r0 = landlock_create_ruleset(&(0x7f0000000040)={0x2, 0x3, 0x3}, 0x18, 0x0) landlock_restrict_self(r0, 0x5) r1 = landlock_create_ruleset(&(0x7f0000000080)={0x8000}, 0x18, 0x0) landlock_restrict_self(r1, 0x0) r2 = socket$inet(0x2, 0x80001, 0x84) bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) 16.977534948s ago: executing program 0 (id=274): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000280)={'pim6reg1\x00', 0x2}) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000004000000040000000a"], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x1000, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f0000001a00)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) 16.703531162s ago: executing program 0 (id=275): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x2200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000000, 0x5d032, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0xdddd1000, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000500)={0x0, 0x1, 0xdddd0000, 0x2000, &(0x7f0000000000/0x2000)=nil}) 16.290639741s ago: executing program 2 (id=276): r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000040), 0x8400, 0x0) r1 = syz_io_uring_setup(0x891, &(0x7f0000000140)={0x0, 0xaee2, 0x8, 0x2, 0xbfdffffc}, &(0x7f0000000100)=0x0, &(0x7f00000000c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x5100}}) io_uring_enter(r1, 0x75fa, 0xe478, 0x0, 0x0, 0x0) preadv(r0, &(0x7f0000000280)=[{&(0x7f0000000300)=""/4096, 0x1000}], 0x1, 0x9, 0x1) 16.222129007s ago: executing program 4 (id=277): setgroups(0x0, 0x0) setresgid(0x0, 0xee01, 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x1d) setuid(0xee01) r0 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0) write$tcp_mem(r0, 0x0, 0xfffffd5f) 16.035738774s ago: executing program 4 (id=278): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000040)=ANY=[], 0x8) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10) sendmmsg$inet6(r0, &(0x7f00000000c0)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="82", 0x1}, {&(0x7f0000000140)="84", 0x1}], 0x2}}], 0x1, 0x4400c800) sendto$inet6(r0, &(0x7f0000000300), 0x16, 0x3b00, 0x0, 0xfffffffffffffdfd) 15.924475047s ago: executing program 4 (id=279): openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)={0x30, r0, 0x1, 0x70bf27, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x143c}]]}, 0x30}, 0x1, 0x0, 0x0, 0x20000845}, 0x20000814) 15.888617799s ago: executing program 2 (id=280): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_TP_METER(r1, 0x0, 0x80) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_AUTHENTICATE(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)={0x48, r2, 0x1, 0x70bd28, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @random="0e7668d28bc7"}, @NL80211_ATTR_SSID={0x4}, @NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0x5}, @key_params=[@NL80211_ATTR_KEY={0xc, 0x50, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPES={0x4}, @NL80211_KEY_DEFAULT_MGMT={0x4}]}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x9b4}]]}, 0x48}, 0x1, 0x0, 0x0, 0x4}, 0x800) 15.711765829s ago: executing program 4 (id=281): r0 = socket$nl_route(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000000280)={0x10, 0x0, 0x0, 0x400000}, 0xc) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) bind$netlink(r2, &(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000}, 0xc) r3 = socket$nl_route(0x10, 0x3, 0x0) bind$netlink(r3, 0x0, 0x0) r4 = socket$netlink(0x10, 0x3, 0x4) bind$netlink(r4, &(0x7f00000000c0)={0x10, 0x0, 0x0, 0x810000}, 0xc) r5 = socket$nl_route(0x10, 0x3, 0x0) bind$netlink(r5, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x8}, 0xc) r6 = socket$nl_route(0x10, 0x3, 0x0) bind$netlink(r6, &(0x7f0000000280)={0x10, 0x0, 0x0, 0x4140045e}, 0xc) r7 = socket$netlink(0x10, 0x3, 0x14) bind$netlink(r7, &(0x7f0000000340)={0x10, 0x0, 0x0, 0x22ffffffff}, 0xc) r8 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r8, &(0x7f0000000340)={0x10, 0x0, 0x0, 0x400}, 0xc) r9 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r9, &(0x7f0000000200)={0x10, 0x0, 0x25dfdbff, 0x10}, 0xc) r10 = socket$netlink(0x10, 0x3, 0x14) bind$netlink(r10, &(0x7f0000000340)={0x10, 0x0, 0x0, 0x22ffffffff}, 0xc) r11 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r11, &(0x7f0000000340)={0x10, 0x0, 0x0, 0x200}, 0xc) r12 = socket$netlink(0x10, 0x3, 0xb) bind$netlink(r12, &(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000000}, 0xc) r13 = socket$nl_route(0x10, 0x3, 0x0) bind$netlink(r13, &(0x7f0000000280)={0x10, 0x0, 0x25dfdbfc, 0x100000}, 0xc) bind$netlink(r1, &(0x7f0000000340)={0x10, 0x0, 0x0, 0x20000}, 0xc) r14 = socket$netlink(0x10, 0x3, 0x4) writev(r14, &(0x7f0000000100)=[{&(0x7f0000000000)="580000001400192340834b80043f679a10ff3d425f9cc3f4ff7f4e32f61bcdf1e422000000000100804824cabecc4b381eaadc28f23457e792945f64009400050028925aaa000000c600000000000000feff2c707f8f00ff", 0x58}], 0x1) 15.710815267s ago: executing program 2 (id=282): r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000), 0x22301, 0x0) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000080)=0x100) r1 = syz_io_uring_setup(0x22f, &(0x7f0000000080)={0x0, 0x5325, 0x10000, 0x0, 0x100002cc}, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r2, r3, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31}) io_uring_enter(r1, 0x7a98, 0x0, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0) 15.561303012s ago: executing program 4 (id=283): mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYBLOB=',rootmode=0000000000000']) read$FUSE(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_usb_connect(0x0, 0x5e, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000c291492099042a102d850102030109024c0001000010000904100002e51de5000b2402010302057ff49bfd052406000105240002000d240f010500000009000700080624037f000109050602ff0300000009058202"], 0x0) openat(0xffffffffffffffff, 0x0, 0x18400, 0xa) 15.421165816s ago: executing program 2 (id=284): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000105509147200ed0000000109022400010000000009040000030300000009210000000122050009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000100)={0x2c, &(0x7f0000000280)=ANY=[@ANYBLOB="200617"], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x3f, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) close_range(r1, r1, 0x0) 2.078941104s ago: executing program 33 (id=270): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000040), r1) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, r2, 0x1, 0x70bd26, 0x25dfdbfc, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r3}]}, 0x1c}}, 0x0) write$nci(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="7105050302f70101010603012c040ffc700173"], 0x13) 1.598499198s ago: executing program 34 (id=275): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x2200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000000, 0x5d032, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0xdddd1000, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000500)={0x0, 0x1, 0xdddd0000, 0x2000, &(0x7f0000000000/0x2000)=nil}) 101.832811ms ago: executing program 35 (id=284): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000105509147200ed0000000109022400010000000009040000030300000009210000000122050009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000100)={0x2c, &(0x7f0000000280)=ANY=[@ANYBLOB="200617"], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x3f, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) close_range(r1, r1, 0x0) 0s ago: executing program 36 (id=283): mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYBLOB=',rootmode=0000000000000']) read$FUSE(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_usb_connect(0x0, 0x5e, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000c291492099042a102d850102030109024c0001000010000904100002e51de5000b2402010302057ff49bfd052406000105240002000d240f010500000009000700080624037f000109050602ff0300000009058202"], 0x0) openat(0xffffffffffffffff, 0x0, 0x18400, 0xa) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.147' (ED25519) to the list of known hosts. [ 91.003709][ T5827] cgroup: Unknown subsys name 'net' [ 91.231671][ T5827] cgroup: Unknown subsys name 'cpuset' [ 91.296611][ T5827] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 92.059393][ T1229] cfg80211: failed to load regulatory.db [ 93.438891][ T5827] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 96.742855][ T5840] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 96.744954][ T5840] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 96.760453][ T59] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 96.771954][ T5848] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 96.775122][ T5848] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 96.793567][ T5848] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 96.840232][ T5846] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 96.840440][ T5846] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 96.842300][ T5846] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 96.854515][ T5851] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 96.855985][ T5851] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 96.856922][ T5851] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 96.890143][ T5157] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 96.893190][ T5157] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 96.894917][ T5157] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 96.895787][ T5840] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 96.906586][ T5840] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 96.908252][ T5840] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 96.909650][ T5840] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 96.910609][ T5840] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 96.936719][ T5846] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 96.939388][ T5840] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 96.939813][ T5840] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 96.941147][ T5840] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 96.941656][ T5840] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 97.787742][ T5839] chnl_net:caif_netlink_parms(): no params data found [ 98.180639][ T5843] chnl_net:caif_netlink_parms(): no params data found [ 98.218096][ T5842] chnl_net:caif_netlink_parms(): no params data found [ 98.497198][ T5838] chnl_net:caif_netlink_parms(): no params data found [ 98.503287][ T5845] chnl_net:caif_netlink_parms(): no params data found [ 98.694503][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.695807][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.697171][ T5839] bridge_slave_0: entered allmulticast mode [ 98.700776][ T5839] bridge_slave_0: entered promiscuous mode [ 98.775585][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.775703][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.777706][ T5839] bridge_slave_1: entered allmulticast mode [ 98.780897][ T5839] bridge_slave_1: entered promiscuous mode [ 98.928678][ T5848] Bluetooth: hci1: command tx timeout [ 99.006159][ T5840] Bluetooth: hci2: command tx timeout [ 99.006351][ T5840] Bluetooth: hci0: command tx timeout [ 99.006835][ T5848] Bluetooth: hci3: command tx timeout [ 99.085983][ T5848] Bluetooth: hci4: command tx timeout [ 99.394244][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 99.478383][ T5843] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.478596][ T5843] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.479109][ T5843] bridge_slave_0: entered allmulticast mode [ 99.481783][ T5843] bridge_slave_0: entered promiscuous mode [ 99.529345][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 99.529559][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.529683][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.529859][ T5842] bridge_slave_0: entered allmulticast mode [ 99.531755][ T5842] bridge_slave_0: entered promiscuous mode [ 99.534127][ T5843] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.534311][ T5843] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.534493][ T5843] bridge_slave_1: entered allmulticast mode [ 99.538710][ T5843] bridge_slave_1: entered promiscuous mode [ 99.827286][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.827402][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.827538][ T5842] bridge_slave_1: entered allmulticast mode [ 99.829351][ T5842] bridge_slave_1: entered promiscuous mode [ 100.378488][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.378634][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.378830][ T5838] bridge_slave_0: entered allmulticast mode [ 100.381721][ T5838] bridge_slave_0: entered promiscuous mode [ 100.384870][ T5845] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.385074][ T5845] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.385699][ T5845] bridge_slave_0: entered allmulticast mode [ 100.390627][ T5845] bridge_slave_0: entered promiscuous mode [ 100.406527][ T5839] team0: Port device team_slave_0 added [ 100.523876][ T5843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 100.525968][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.526619][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.526856][ T5838] bridge_slave_1: entered allmulticast mode [ 100.535319][ T5838] bridge_slave_1: entered promiscuous mode [ 100.537758][ T5845] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.537952][ T5845] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.538636][ T5845] bridge_slave_1: entered allmulticast mode [ 100.542009][ T5845] bridge_slave_1: entered promiscuous mode [ 100.558705][ T5839] team0: Port device team_slave_1 added [ 100.567790][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 100.580001][ T5843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 100.840639][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 101.006312][ T5848] Bluetooth: hci1: command tx timeout [ 101.086228][ T59] Bluetooth: hci0: command tx timeout [ 101.086261][ T59] Bluetooth: hci2: command tx timeout [ 101.086429][ T5848] Bluetooth: hci3: command tx timeout [ 101.165977][ T5848] Bluetooth: hci4: command tx timeout [ 101.279973][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 101.403899][ T5845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 101.405363][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 101.405375][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 101.405394][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 101.550558][ T5843] team0: Port device team_slave_0 added [ 101.554797][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 101.571877][ T5845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 101.573077][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 101.573105][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 101.573131][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 101.575469][ T5842] team0: Port device team_slave_0 added [ 101.587258][ T5843] team0: Port device team_slave_1 added [ 101.774668][ T5842] team0: Port device team_slave_1 added [ 102.250676][ T5838] team0: Port device team_slave_0 added [ 102.263917][ T5845] team0: Port device team_slave_0 added [ 102.356440][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 102.356458][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 102.356486][ T5843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 102.459431][ T5838] team0: Port device team_slave_1 added [ 102.462255][ T5845] team0: Port device team_slave_1 added [ 102.627941][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 102.627957][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 102.627994][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 102.629202][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 102.629216][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 102.629249][ T5843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 102.888479][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 102.888496][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 102.888521][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 102.919853][ T5839] hsr_slave_0: entered promiscuous mode [ 102.927159][ T5839] hsr_slave_1: entered promiscuous mode [ 103.086233][ T5848] Bluetooth: hci1: command tx timeout [ 103.095497][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 103.095509][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 103.095527][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 103.100847][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 103.100864][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 103.100895][ T5845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 103.119914][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 103.119932][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 103.119973][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 103.121834][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 103.121862][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 103.121892][ T5845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 103.166767][ T5848] Bluetooth: hci3: command tx timeout [ 103.166791][ T5840] Bluetooth: hci2: command tx timeout [ 103.166801][ T5848] Bluetooth: hci0: command tx timeout [ 103.245981][ T59] Bluetooth: hci4: command tx timeout [ 103.687254][ T5843] hsr_slave_0: entered promiscuous mode [ 103.688746][ T5843] hsr_slave_1: entered promiscuous mode [ 103.690098][ T5843] debugfs: 'hsr0' already exists in 'hsr' [ 103.690210][ T5843] Cannot create hsr debugfs directory [ 103.795467][ T5842] hsr_slave_0: entered promiscuous mode [ 103.798800][ T5842] hsr_slave_1: entered promiscuous mode [ 103.799766][ T5842] debugfs: 'hsr0' already exists in 'hsr' [ 103.799792][ T5842] Cannot create hsr debugfs directory [ 104.186079][ T5838] hsr_slave_0: entered promiscuous mode [ 104.187074][ T5838] hsr_slave_1: entered promiscuous mode [ 104.187736][ T5838] debugfs: 'hsr0' already exists in 'hsr' [ 104.187758][ T5838] Cannot create hsr debugfs directory [ 104.194363][ T5845] hsr_slave_0: entered promiscuous mode [ 104.195293][ T5845] hsr_slave_1: entered promiscuous mode [ 104.197126][ T5845] debugfs: 'hsr0' already exists in 'hsr' [ 104.197154][ T5845] Cannot create hsr debugfs directory [ 105.177518][ T59] Bluetooth: hci1: command tx timeout [ 105.246092][ T59] Bluetooth: hci3: command tx timeout [ 105.256280][ T59] Bluetooth: hci0: command tx timeout [ 105.256299][ T5840] Bluetooth: hci2: command tx timeout [ 105.325998][ T5840] Bluetooth: hci4: command tx timeout [ 105.798177][ T5839] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 105.845704][ T5839] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 105.902799][ T5839] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 105.942318][ T5839] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 106.080804][ T5843] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 106.134893][ T5843] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 106.164917][ T5843] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 106.219815][ T5843] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 106.371060][ T5842] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 106.412468][ T5842] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 106.467497][ T5842] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 106.523668][ T5842] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 106.685579][ T5838] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 106.733857][ T5838] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 106.776852][ T5838] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 106.845062][ T5838] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 106.974635][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 107.019368][ T5845] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 107.075275][ T5845] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 107.117241][ T5845] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 107.173552][ T5845] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 107.248499][ T5839] 8021q: adding VLAN 0 to HW filter on device team0 [ 107.305355][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.306756][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 107.363392][ T808] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.363554][ T808] bridge0: port 2(bridge_slave_1) entered forwarding state [ 107.378298][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0 [ 107.486251][ T5843] 8021q: adding VLAN 0 to HW filter on device team0 [ 107.562543][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0 [ 107.568139][ T67] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.568379][ T67] bridge0: port 1(bridge_slave_0) entered forwarding state [ 107.618143][ T67] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.618297][ T67] bridge0: port 2(bridge_slave_1) entered forwarding state [ 107.706995][ T5842] 8021q: adding VLAN 0 to HW filter on device team0 [ 107.715134][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0 [ 107.799485][ T67] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.799637][ T67] bridge0: port 1(bridge_slave_0) entered forwarding state [ 107.889226][ T67] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.889394][ T67] bridge0: port 2(bridge_slave_1) entered forwarding state [ 107.918822][ T5838] 8021q: adding VLAN 0 to HW filter on device team0 [ 107.974442][ T5845] 8021q: adding VLAN 0 to HW filter on device bond0 [ 107.990378][ T808] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.991345][ T808] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.061221][ T3852] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.061390][ T3852] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.199017][ T5845] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.277838][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.278140][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.339020][ T3649] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.339259][ T3649] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.376741][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 108.638999][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 108.818144][ T5839] veth0_vlan: entered promiscuous mode [ 108.937466][ T5839] veth1_vlan: entered promiscuous mode [ 109.022765][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.105533][ T5843] veth0_vlan: entered promiscuous mode [ 109.123641][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.179439][ T5843] veth1_vlan: entered promiscuous mode [ 109.187548][ T5839] veth0_macvtap: entered promiscuous mode [ 109.233793][ T5839] veth1_macvtap: entered promiscuous mode [ 109.380209][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 109.459262][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 109.465161][ T5843] veth0_macvtap: entered promiscuous mode [ 109.495672][ T5845] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.543269][ T5838] veth0_vlan: entered promiscuous mode [ 109.545451][ T67] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.561730][ T5843] veth1_macvtap: entered promiscuous mode [ 109.587722][ T67] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.628550][ T37] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.652193][ T37] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.734611][ T5838] veth1_vlan: entered promiscuous mode [ 109.795809][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 109.898023][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 109.963540][ T3576] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.994118][ T3576] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.022716][ T3576] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.041504][ T3576] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.071663][ T3576] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.071686][ T3576] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.146202][ T5845] veth0_vlan: entered promiscuous mode [ 110.267402][ T5842] veth0_vlan: entered promiscuous mode [ 110.268488][ T5838] veth0_macvtap: entered promiscuous mode [ 110.386225][ T5845] veth1_vlan: entered promiscuous mode [ 110.391580][ T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.391597][ T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.395528][ T5838] veth1_macvtap: entered promiscuous mode [ 110.483638][ T5842] veth1_vlan: entered promiscuous mode [ 110.532425][ T3576] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.532444][ T3576] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.571569][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 110.725278][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 110.779806][ T3852] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.779827][ T3852] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.783483][ T5845] veth0_macvtap: entered promiscuous mode [ 110.821586][ T57] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.825121][ T57] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.826560][ T5845] veth1_macvtap: entered promiscuous mode [ 110.834766][ T5842] veth0_macvtap: entered promiscuous mode [ 110.845798][ T57] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.865709][ T57] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.895661][ T5842] veth1_macvtap: entered promiscuous mode [ 111.075527][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 111.189242][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 111.231752][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 111.290759][ T3649] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.327829][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 111.327903][ T3649] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.350408][ T3649] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.390639][ T3649] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.418952][ T67] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.418971][ T67] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.484712][ T3852] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.570903][ T3852] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.603462][ T3852] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.622860][ T3852] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.955940][ T3649] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.981786][ T3649] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.284453][ T37] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.284471][ T37] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.337491][ T5844] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 112.457633][ T1316] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.457653][ T1316] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.514563][ T5844] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 112.514597][ T5844] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 112.514620][ T5844] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 112.514663][ T5844] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 112.514685][ T5844] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 112.603323][ T5844] usb 3-1: config 0 descriptor?? [ 112.714162][ T808] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.714184][ T808] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.736174][ T45] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 112.888297][ T45] usb 2-1: Using ep0 maxpacket: 16 [ 112.901681][ T45] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 112.901702][ T45] usb 2-1: config 0 has no interface number 0 [ 112.901808][ T45] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 112.901834][ T45] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 112.901872][ T45] usb 2-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00 [ 112.901954][ T45] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 112.974532][ T3576] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.974553][ T3576] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.049927][ T45] usb 2-1: config 0 descriptor?? [ 113.192814][ T9] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 113.233708][ T5844] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 113.413872][ T9] usb 4-1: config index 0 descriptor too short (expected 23569, got 27) [ 113.413945][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 113.446407][ T9] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 113.446437][ T9] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 113.446456][ T9] usb 4-1: Manufacturer: syz [ 113.477543][ T9] usb 4-1: config 0 descriptor?? [ 113.749394][ T45] input: HID 28bd:0071 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.1/0003:28BD:0071.0002/input/input7 [ 113.786764][ T9] rc_core: IR keymap rc-hauppauge not found [ 113.786785][ T9] Registered IR keymap rc-empty [ 113.829223][ T45] input: HID 28bd:0071 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.1/0003:28BD:0071.0002/input/input8 [ 113.844621][ T9] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 113.881434][ T45] uclogic 0003:28BD:0071.0002: input,hidraw1: USB HID v0.02 Keypad [HID 28bd:0071] on usb-dummy_hcd.1-1/input1 [ 113.913947][ T9] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input6 [ 113.956478][ T45] usb 2-1: USB disconnect, device number 2 [ 114.060545][ C0] igorplugusb 4-1:0.0: Error: urb status = -32 [ 114.167750][ T9] usb 4-1: USB disconnect, device number 2 [ 114.664359][ T5995] fido_id[5995]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory [ 115.307694][ T1229] usb 3-1: USB disconnect, device number 2 [ 115.385437][ T6007] nullb0: AHDI p1 [ 115.469594][ T6012] process 'syz.2.18' launched './file0' with NULL argv: empty string added [ 115.967362][ T6014] block nbd2: shutting down sockets [ 116.146863][ T991] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 116.248392][ T1229] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 116.316690][ T991] usb 1-1: Using ep0 maxpacket: 16 [ 116.319140][ T991] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 116.319170][ T991] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 116.319192][ T991] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 116.319233][ T991] usb 1-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 116.319255][ T991] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 116.398676][ T991] usb 1-1: config 0 descriptor?? [ 116.408245][ T1229] usb 5-1: Using ep0 maxpacket: 16 [ 116.417955][ T1229] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 116.417994][ T1229] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 116.418051][ T1229] usb 5-1: New USB device found, idVendor=041e, idProduct=3100, bcdDevice= 0.00 [ 116.418076][ T1229] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 116.538615][ T1229] usb 5-1: config 0 descriptor?? [ 116.925700][ T991] shield 0003:0955:7214.0003: unknown main item tag 0x0 [ 116.925740][ T991] shield 0003:0955:7214.0003: unknown main item tag 0x0 [ 116.925768][ T991] shield 0003:0955:7214.0003: unknown main item tag 0x0 [ 116.925794][ T991] shield 0003:0955:7214.0003: unknown main item tag 0x0 [ 116.970123][ T991] shield 0003:0955:7214.0003: unknown main item tag 0x0 [ 116.997009][ T991] input: HID 0955:7214 Haptics as /devices/virtual/input/input9 [ 117.119123][ T6020] random: crng reseeded on system resumption [ 117.119802][ T1229] input: HID 041e:3100 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:041E:3100.0004/input/input10 [ 117.282321][ T991] shield 0003:0955:7214.0003: Registered Thunderstrike controller [ 117.282790][ T991] shield 0003:0955:7214.0003: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.0-1/input0 [ 117.405923][ T1229] creative-sb0540 0003:041E:3100.0004: input,hidraw0: USB HID v0.00 Device [HID 041e:3100] on usb-dummy_hcd.4-1/input0 [ 117.522936][ T1229] usb 5-1: USB disconnect, device number 2 [ 117.704163][ T5954] shield 0003:0955:7214.0003: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 117.704548][ T5954] shield 0003:0955:7214.0003: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 117.704876][ T5954] shield 0003:0955:7214.0003: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 117.761548][ T6033] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 117.761582][ T6033] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 117.782621][ T6048] warning: `syz.1.29' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 117.794864][ T5926] usb 1-1: USB disconnect, device number 2 [ 117.921170][ T6049] fido_id[6049]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/5-1/report_descriptor': No such file or directory [ 118.180136][ T6033] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 118.180163][ T6033] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 118.426257][ T10] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 119.361274][ T10] usb 2-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 119.361320][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 119.381705][ T10] usb 2-1: config 0 descriptor?? [ 119.705246][ T6033] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 119.705329][ T6033] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 120.037721][ T6033] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 120.037745][ T6033] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 120.379384][ T6033] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 120.379409][ T6033] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 120.713371][ T10] pegasus 2-1:0.0: can't reset MAC [ 120.713805][ T10] pegasus 2-1:0.0: probe with driver pegasus failed with error -5 [ 120.759596][ T10] usb 2-1: USB disconnect, device number 3 [ 120.818429][ T6090] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 121.501753][ T10] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 121.664105][ T10] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 121.664138][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 121.688340][ T10] usb 5-1: config 0 descriptor?? [ 121.708128][ T10] cp210x 5-1:0.0: cp210x converter detected [ 122.408046][ T6107] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 122.694671][ T6104] netlink: 36 bytes leftover after parsing attributes in process `syz.3.43'. [ 122.762307][ T6112] 9pnet: Could not find request transport: fd0x0000000000000003 [ 122.807058][ T10] cp210x 5-1:0.0: failed to get vendor val 0x0010 size 3: -32 [ 122.902764][ T10] usb 5-1: cp210x converter now attached to ttyUSB0 [ 122.915974][ T45] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 123.082187][ T45] usb 1-1: Using ep0 maxpacket: 16 [ 123.084308][ T45] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 123.084324][ T45] usb 1-1: config 0 has no interface number 0 [ 123.084354][ T45] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 123.084371][ T45] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 123.084396][ T45] usb 1-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00 [ 123.084411][ T45] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.145881][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 123.147222][ T991] usb 5-1: USB disconnect, device number 3 [ 123.196089][ T45] usb 1-1: config 0 descriptor?? [ 123.250472][ T991] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 123.406610][ T991] cp210x 5-1:0.0: device disconnected [ 123.853184][ T45] input: HID 28bd:0071 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.1/0003:28BD:0071.0005/input/input11 [ 123.900009][ T6133] Bluetooth: MGMT ver 1.23 [ 123.900050][ T6133] Bluetooth: hci0: invalid len left 7, exp >= 52 [ 123.937167][ T45] input: HID 28bd:0071 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.1/0003:28BD:0071.0005/input/input12 [ 123.969873][ T45] uclogic 0003:28BD:0071.0005: input,hidraw0: USB HID v0.02 Keypad [HID 28bd:0071] on usb-dummy_hcd.0-1/input1 [ 124.094435][ T45] usb 1-1: USB disconnect, device number 3 [ 124.878026][ T6145] netlink: 830 bytes leftover after parsing attributes in process `syz.0.51'. [ 125.298330][ T10] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 125.300630][ C0] raw-gadget.0 gadget.3: ignoring, device is not running [ 125.785966][ T5954] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 125.889079][ T10] usb 4-1: device descriptor read/64, error -32 [ 125.956125][ T5954] usb 1-1: Using ep0 maxpacket: 16 [ 125.958804][ T5954] usb 1-1: config 1 interface 0 altsetting 4 bulk endpoint 0x82 has invalid maxpacket 8 [ 125.958836][ T5954] usb 1-1: config 1 interface 0 altsetting 4 bulk endpoint 0x3 has invalid maxpacket 16 [ 125.958860][ T5954] usb 1-1: config 1 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 125.958889][ T5954] usb 1-1: config 1 interface 0 has no altsetting 0 [ 125.981956][ T5954] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 125.981993][ T5954] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 125.982015][ T5954] usb 1-1: Product: syz [ 125.982029][ T5954] usb 1-1: Manufacturer: syz [ 125.982043][ T5954] usb 1-1: SerialNumber: syz [ 126.011270][ T6150] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 126.014011][ T6150] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 126.195984][ T10] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 126.350447][ T5954] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -71 [ 126.365993][ T10] usb 4-1: Using ep0 maxpacket: 8 [ 126.406838][ T10] usb 4-1: device descriptor read/all, error -71 [ 126.408259][ T10] usb usb4-port1: attempt power cycle [ 126.420540][ T5954] usb 1-1: USB disconnect, device number 4 [ 126.818632][ T5926] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 126.883177][ T6174] tipc: Started in network mode [ 126.883210][ T6174] tipc: Node identity fe800000000000000000000000000016, cluster identity 4711 [ 126.893379][ T6174] tipc: Enabled bearer , priority 10 [ 127.006382][ T5926] usb 5-1: config index 0 descriptor too short (expected 45, got 36) [ 127.006437][ T5926] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 127.006460][ T5926] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 127.006485][ T5926] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 127.006505][ T5926] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 127.006544][ T5926] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 127.006565][ T5926] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 127.089634][ T5926] usb 5-1: config 0 descriptor?? [ 127.220130][ T6176] syz.0.60 (6176) used greatest stack depth: 18840 bytes left [ 127.470818][ T6182] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 127.522563][ T5926] plantronics 0003:047F:FFFF.0006: reserved main item tag 0xd [ 127.566513][ T5926] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 128.001113][ T6047] tipc: Node number set to 4269801494 [ 128.454774][ T5926] usb 5-1: USB disconnect, device number 4 [ 128.518739][ T6190] netlink: 36 bytes leftover after parsing attributes in process `syz.3.63'. [ 128.605572][ T6189] fido_id[6189]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 129.189097][ T6212] tipc: Started in network mode [ 129.189121][ T6212] tipc: Node identity 4, cluster identity 4711 [ 129.189134][ T6212] tipc: Node number set to 4 [ 131.467981][ T6252] netlink: 8 bytes leftover after parsing attributes in process `syz.3.81'. [ 132.230377][ T6258] netlink: 36 bytes leftover after parsing attributes in process `syz.2.79'. [ 132.866018][ T10] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 133.217387][ T10] usb 4-1: Using ep0 maxpacket: 8 [ 133.347572][ T10] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 133.347924][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 133.491479][ T10] pvrusb2: Hardware description: Terratec Grabster AV400 [ 133.491502][ T10] pvrusb2: ********** [ 133.491510][ T10] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 133.491522][ T10] pvrusb2: Important functionality might not be entirely working. [ 133.491532][ T10] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 133.491543][ T10] pvrusb2: ********** [ 133.714781][ T2364] pvrusb2: Invalid write control endpoint [ 133.754510][ T6283] netlink: 12 bytes leftover after parsing attributes in process `syz.4.90'. [ 133.754543][ T6283] netlink: 12 bytes leftover after parsing attributes in process `syz.4.90'. [ 133.815107][ T6283] bridge0: port 3(vlan2) entered blocking state [ 133.815260][ T6283] bridge0: port 3(vlan2) entered disabled state [ 133.815577][ T6283] vlan2: entered allmulticast mode [ 133.815594][ T6283] bridge0: entered allmulticast mode [ 133.919041][ T45] usb 4-1: USB disconnect, device number 6 [ 133.933586][ T6283] vlan2: left allmulticast mode [ 133.933607][ T6283] bridge0: left allmulticast mode [ 134.008195][ T2364] pvrusb2: Invalid write control endpoint [ 134.008211][ T2364] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 134.008221][ T2364] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 134.008230][ T2364] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 134.008245][ T2364] pvrusb2: Device being rendered inoperable [ 134.011489][ T2364] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 134.011548][ T2364] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 134.058562][ T2364] pvrusb2: Attached sub-driver cx25840 [ 134.058581][ T2364] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 134.058592][ T2364] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 134.978644][ T6047] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 135.147072][ T6047] usb 3-1: Using ep0 maxpacket: 16 [ 135.149567][ T6047] usb 3-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 135.149595][ T6047] usb 3-1: config 0 interface 0 has no altsetting 0 [ 135.149627][ T6047] usb 3-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 135.149649][ T6047] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.188286][ T6303] netlink: 36 bytes leftover after parsing attributes in process `syz.0.94'. [ 135.267425][ T6047] usb 3-1: config 0 descriptor?? [ 135.319728][ T6300] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 135.456091][ T9] usb 5-1: new full-speed USB device number 5 using dummy_hcd [ 136.076182][ T9] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 136.076212][ T9] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 136.076252][ T9] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 136.076272][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.339279][ T6047] nzxt-smart2 0003:1E71:2009.0007: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.2-1/input0 [ 136.364380][ T9] usb 5-1: usb_control_msg returned -32 [ 136.364428][ T9] usbtmc 5-1:16.0: can't read capabilities [ 136.389475][ T6313] netlink: 36 bytes leftover after parsing attributes in process `syz.3.98'. [ 136.395978][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 136.859103][ T6047] usb 3-1: USB disconnect, device number 3 [ 136.872113][ T6324] usbtmc 5-1:16.0: usbtmc_ioctl_request failed -32 [ 136.898377][ T9] usb 5-1: USB disconnect, device number 5 [ 137.168303][ T6325] fido_id[6325]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 137.696341][ T6346] netlink: 12 bytes leftover after parsing attributes in process `syz.2.104'. [ 138.162807][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.162885][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 140.680503][ T6376] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 142.901953][ T6403] syz.4.124 uses obsolete (PF_INET,SOCK_PACKET) [ 143.116006][ T9] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 143.276025][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 143.325206][ T9] usb 4-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 143.325238][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 143.325258][ T9] usb 4-1: Product: syz [ 143.325273][ T9] usb 4-1: Manufacturer: syz [ 143.325288][ T9] usb 4-1: SerialNumber: syz [ 143.349107][ T9] usb 4-1: config 0 descriptor?? [ 143.360358][ T9] gspca_main: se401-2.14.0 probing 047d:5003 [ 143.770754][ T9] gspca_se401: write req failed req 0x57 val 0x00 error -71 [ 143.770855][ T9] se401 4-1:0.0: probe with driver se401 failed with error -71 [ 143.821870][ T9] usb 4-1: USB disconnect, device number 7 [ 143.888966][ T5983] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 144.058483][ T5983] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 144.058535][ T5983] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 144.058559][ T5983] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 144.099512][ T5983] usb 1-1: config 0 descriptor?? [ 144.476063][ T5983] usbhid 1-1:0.0: can't add hid device: -71 [ 144.476205][ T5983] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 144.503513][ T5983] usb 1-1: USB disconnect, device number 5 [ 144.912660][ T6421] netlink: 36 bytes leftover after parsing attributes in process `syz.4.133'. [ 145.009158][ T6425] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 145.682498][ T6440] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 146.805990][ T10] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 146.955972][ T10] usb 4-1: Using ep0 maxpacket: 32 [ 146.975330][ T10] usb 4-1: config 0 has an invalid interface number: 12 but max is 0 [ 146.975357][ T10] usb 4-1: config 0 has no interface number 0 [ 146.975407][ T10] usb 4-1: config 0 interface 12 has no altsetting 0 [ 147.000142][ T10] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 147.000173][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 147.000194][ T10] usb 4-1: Product: syz [ 147.000216][ T10] usb 4-1: Manufacturer: syz [ 147.000231][ T10] usb 4-1: SerialNumber: syz [ 147.030171][ T10] usb 4-1: config 0 descriptor?? [ 147.135841][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 147.215871][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 147.215920][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 147.215964][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 147.216002][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 147.216041][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 147.216079][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 147.216118][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 147.729316][ T6454] netlink: 36 bytes leftover after parsing attributes in process `syz.2.142'. [ 147.908986][ T6456] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 148.618364][ T6465] netlink: 36 bytes leftover after parsing attributes in process `syz.4.144'. [ 148.801824][ T6461] 9pnet: Could not find request transport: fd0x0000000000000003 [ 149.242122][ T10] f81534 4-1:0.12: f81534_get_register: reg: 1003 failed: -71 [ 149.242178][ T10] f81534 4-1:0.12: f81534_find_config_idx: read failed: -71 [ 149.242195][ T10] f81534 4-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 149.242289][ T10] f81534 4-1:0.12: probe with driver f81534 failed with error -71 [ 149.298486][ T10] usb 4-1: USB disconnect, device number 8 [ 149.372330][ T1229] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 149.549649][ T1229] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 149.549683][ T1229] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 149.549723][ T1229] usb 1-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 149.549746][ T1229] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 149.566617][ T1229] usb 1-1: config 0 descriptor?? [ 150.038096][ T1229] cm6533_jd 0003:0D8C:0022.0008: unknown main item tag 0x0 [ 150.038210][ T1229] cm6533_jd 0003:0D8C:0022.0008: unknown main item tag 0x0 [ 150.044621][ T1229] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0D8C:0022.0008/input/input14 [ 150.192973][ T1229] cm6533_jd 0003:0D8C:0022.0008: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.0-1/input0 [ 150.369510][ T1229] usb 1-1: USB disconnect, device number 6 [ 150.562877][ T6490] vivid-000: disconnect [ 150.616338][ T6491] autofs4:pid:6491:validate_dev_ioctl: invalid path supplied for cmd(0xc018937a) [ 150.656494][ T6491] netlink: 'syz.4.154': attribute type 39 has an invalid length. [ 150.807531][ T6487] fido_id[6487]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory [ 157.383065][ T6492] vivid-000: reconnect [ 157.845965][ T5926] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 158.012966][ T5926] usb 3-1: Using ep0 maxpacket: 8 [ 158.015424][ T5926] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 158.015447][ T5926] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 158.055842][ T5926] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40 [ 158.055869][ T5926] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 158.055887][ T5926] usb 3-1: Product: syz [ 158.055901][ T5926] usb 3-1: Manufacturer: syz [ 158.055914][ T5926] usb 3-1: SerialNumber: syz [ 158.061605][ T5926] usb 3-1: config 0 descriptor?? [ 159.429789][ T5926] usb 3-1: USB disconnect, device number 4 [ 159.644434][ T6512] capability: warning: `syz.3.161' uses deprecated v2 capabilities in a way that may be insecure [ 160.569416][ T6530] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 160.678853][ T6533] netlink: 12 bytes leftover after parsing attributes in process `syz.4.169'. [ 160.735967][ T5954] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 160.748011][ T45] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 160.900481][ T45] usb 3-1: Using ep0 maxpacket: 32 [ 160.900649][ T5954] usb 1-1: Using ep0 maxpacket: 16 [ 160.903590][ T45] usb 3-1: config 0 has an invalid interface number: 85 but max is 0 [ 160.903722][ T45] usb 3-1: config 0 has no interface number 0 [ 160.903763][ T45] usb 3-1: config 0 interface 85 has no altsetting 0 [ 160.910687][ T5954] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 160.910798][ T5954] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 160.910845][ T5954] usb 1-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00 [ 160.910872][ T5954] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 160.917909][ T45] usb 3-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 160.917942][ T45] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 160.917965][ T45] usb 3-1: Product: syz [ 160.917982][ T45] usb 3-1: Manufacturer: syz [ 160.918000][ T45] usb 3-1: SerialNumber: syz [ 160.953699][ T5954] usb 1-1: config 0 descriptor?? [ 160.997854][ T45] usb 3-1: config 0 descriptor?? [ 161.027380][ T6533] bridge_slave_1: left allmulticast mode [ 161.027412][ T6533] bridge_slave_1: left promiscuous mode [ 161.027936][ T6533] bridge0: port 2(bridge_slave_1) entered disabled state [ 161.072287][ T45] appletouch 3-1:0.85: Could not find int-in endpoint [ 161.072326][ T45] appletouch 3-1:0.85: probe with driver appletouch failed with error -5 [ 161.085535][ T45] usbhid 3-1:0.85: couldn't find an input interrupt endpoint [ 161.281851][ T5926] usb 3-1: USB disconnect, device number 5 [ 161.323441][ T6533] bridge_slave_0: left allmulticast mode [ 161.326892][ T6533] bridge_slave_0: left promiscuous mode [ 161.346731][ T6533] bridge0: port 1(bridge_slave_0) entered disabled state [ 161.831233][ T5954] letsketch 0003:6161:4D15.0009: Device info: ఁ [ 162.032077][ T5954] letsketch 0003:6161:4D15.0009: Device info: 擃 [ 162.171761][ T6546] vivid-000: disconnect [ 162.263272][ T5954] usb 1-1: Max retries (5) exceeded reading string descriptor 202 [ 162.263359][ T5954] letsketch 0003:6161:4D15.0009: probe with driver letsketch failed with error -71 [ 162.332410][ T5954] usb 1-1: USB disconnect, device number 7 [ 162.859808][ T6542] vivid-000: reconnect [ 163.139324][ C0] IPv4: Oversized IP packet from 172.20.20.24 [ 163.141036][ T6560] Illegal XDP return value 65535 on prog (id 18) dev syz_tun, expect packet loss! [ 163.271615][ T6564] netlink: 40 bytes leftover after parsing attributes in process `syz.2.180'. [ 163.286046][ T1229] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 163.437162][ T1229] usb 5-1: Using ep0 maxpacket: 32 [ 163.439620][ T1229] usb 5-1: config 0 has an invalid interface number: 155 but max is 0 [ 163.439643][ T1229] usb 5-1: config 0 has no interface number 0 [ 163.443775][ T1229] usb 5-1: New USB device found, idVendor=05ac, idProduct=0274, bcdDevice=a7.4c [ 163.443801][ T1229] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 163.443825][ T1229] usb 5-1: Product: syz [ 163.443839][ T1229] usb 5-1: Manufacturer: syz [ 163.443853][ T1229] usb 5-1: SerialNumber: syz [ 163.444060][ T6568] netlink: 'syz.0.182': attribute type 4 has an invalid length. [ 163.610405][ T1229] usb 5-1: config 0 descriptor?? [ 164.667223][ T6567] vivid-000: disconnect [ 164.891993][ T1229] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.155/input/input15 [ 165.092732][ T5193] bcm5974 5-1:0.155: could not read from device [ 165.544125][ T1229] usb 5-1: USB disconnect, device number 6 [ 165.566648][ T5193] bcm5974 5-1:0.155: could not read from device [ 165.956753][ T6565] vivid-000: reconnect [ 166.171690][ T6584] vivid-004: disconnect [ 166.245374][ T6586] tipc: Started in network mode [ 166.245406][ T6586] tipc: Node identity ac141441, cluster identity 4711 [ 166.257064][ T6586] tipc: Enabling of bearer rejected, failed to enable media [ 166.351110][ T6590] use of bytesused == 0 is deprecated and will be removed in the future, [ 166.351126][ T6590] use the actual size instead. [ 166.675947][ T10] usb 4-1: new full-speed USB device number 9 using dummy_hcd [ 166.828697][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 166.828731][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 166.828769][ T10] usb 4-1: New USB device found, idVendor=0e8f, idProduct=0003, bcdDevice= 0.00 [ 166.828792][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.835385][ T6580] vivid-004: reconnect [ 166.946201][ T10] usb 4-1: config 0 descriptor?? [ 167.258946][ T10] usbhid 4-1:0.0: can't add hid device: -71 [ 167.259085][ T10] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 167.282129][ T10] usb 4-1: USB disconnect, device number 9 [ 168.229663][ T6612] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 168.413985][ T6616] netlink: 36 bytes leftover after parsing attributes in process `syz.2.199'. [ 168.545960][ T6615] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 168.620368][ T6624] macvlan2: entered promiscuous mode [ 168.620406][ T6624] macvlan2: entered allmulticast mode [ 168.620420][ T6624] gretap0: entered allmulticast mode [ 168.969788][ T6633] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 171.115948][ T5983] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 171.280612][ T5983] usb 4-1: config index 0 descriptor too short (expected 45, got 36) [ 171.280676][ T5983] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 171.280703][ T5983] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 171.280730][ T5983] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 171.280759][ T5983] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 171.280802][ T5983] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 171.280827][ T5983] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 171.297270][ T5983] usb 4-1: config 0 descriptor?? [ 171.303101][ T6677] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 171.924447][ C0] vkms_vblank_simulate: vblank timer overrun [ 172.213279][ C0] vkms_vblank_simulate: vblank timer overrun [ 172.238716][ T5983] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 172.238752][ T5983] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 172.238778][ T5983] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 172.238805][ T5983] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 172.238830][ T5983] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 172.238882][ T5983] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 172.255607][ T6690] 9pnet: Could not find request transport: fd0x00000000000000030xffffffffffffffff01777777777777777777777 [ 172.274297][ T6687] netlink: 36 bytes leftover after parsing attributes in process `syz.2.224'. [ 172.335618][ T5983] plantronics 0003:047F:FFFF.000A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 172.563494][ T5954] usb 4-1: USB disconnect, device number 10 [ 172.654290][ T6695] input: syz1 as /devices/virtual/input/input16 [ 173.420572][ T6711] netlink: 4 bytes leftover after parsing attributes in process `syz.0.232'. [ 173.587180][ T5926] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 173.735950][ T5926] usb 5-1: Using ep0 maxpacket: 32 [ 173.738984][ T6713] syzkaller0: tun_chr_ioctl cmd 1074025677 [ 173.739131][ T6713] syzkaller0: linktype set to 805 [ 173.739930][ T5926] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 173.739955][ T5926] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 173.739989][ T5926] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 173.740027][ T5926] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 173.803710][ T5926] usb 5-1: config 0 descriptor?? [ 173.825126][ T5926] hub 5-1:0.0: USB hub found [ 174.017436][ T5926] hub 5-1:0.0: 1 port detected [ 174.397192][ T6707] syz.3.230 (6707) used greatest stack depth: 16616 bytes left [ 174.655074][ T1229] hub 5-1:0.0: hub_ext_port_status failed (err = -71) [ 174.682760][ T1229] usb 5-1: USB disconnect, device number 7 [ 174.698335][ T5926] usb 5-1: Failed to suspend device, error -19 [ 174.954924][ T6727] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 174.984521][ T6721] netlink: 36 bytes leftover after parsing attributes in process `syz.3.237'. [ 178.056427][ T6750] vivid-000: disconnect [ 178.776015][ T6047] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 179.086731][ T6047] usb 1-1: Using ep0 maxpacket: 16 [ 179.093476][ T6047] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 179.093501][ T6047] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 179.093520][ T6047] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 179.110734][ T6047] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 179.110770][ T6047] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 179.110794][ T6047] usb 1-1: Product: syz [ 179.110809][ T6047] usb 1-1: Manufacturer: syz [ 179.110826][ T6047] usb 1-1: SerialNumber: syz [ 179.180076][ T6756] vivid-000: reconnect [ 179.575713][ T6047] usb 1-1: 0:2 : does not exist [ 180.245141][ C0] vkms_vblank_simulate: vblank timer overrun [ 180.691067][ T6047] usb 1-1: 1:0: failed to get current value for ch 0 (-22) [ 180.797973][ C0] vkms_vblank_simulate: vblank timer overrun [ 180.987662][ T6047] usb 1-1: USB disconnect, device number 8 [ 181.089647][ T5996] udevd[5996]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 181.244462][ C0] vkms_vblank_simulate: vblank timer overrun [ 181.394933][ C0] vkms_vblank_simulate: vblank timer overrun [ 181.501914][ C0] vkms_vblank_simulate: vblank timer overrun [ 181.643976][ T6791] netlink: 36 bytes leftover after parsing attributes in process `syz.3.262'. [ 181.710947][ T6787] 9pnet: Could not find request transport: fd0xffffffffffffffff [ 182.188888][ C0] vkms_vblank_simulate: vblank timer overrun [ 182.402056][ C0] vkms_vblank_simulate: vblank timer overrun [ 182.517521][ C0] vkms_vblank_simulate: vblank timer overrun [ 182.625678][ T6800] 9pnet: Could not find request transport: fd0x00000000000000030xffffffffffffffff01777777777777777777777 [ 182.650698][ T6800] netlink: 36 bytes leftover after parsing attributes in process `syz.2.266'. [ 182.671315][ T6805] netlink: 'syz.0.269': attribute type 12 has an invalid length. [ 182.671338][ T6805] netlink: 'syz.0.269': attribute type 29 has an invalid length. [ 182.671355][ T6805] netlink: 148 bytes leftover after parsing attributes in process `syz.0.269'. [ 182.671407][ T6805] netlink: 'syz.0.269': attribute type 2 has an invalid length. [ 182.671423][ T6805] netlink: 'syz.0.269': attribute type 3 has an invalid length. [ 182.671437][ T6805] netlink: 11 bytes leftover after parsing attributes in process `syz.0.269'. [ 199.577032][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.577106][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 261.019007][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 261.019144][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 275.096134][ T39] INFO: task kworker/0:4:5909 blocked for more than 143 seconds. [ 275.096165][ T39] Not tainted syzkaller #0 [ 275.096175][ T39] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 275.096185][ T39] task:kworker/0:4 state:D stack:20496 pid:5909 tgid:5909 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 275.096246][ T39] Workqueue: events rfkill_sync_work [ 275.096300][ T39] Call Trace: [ 275.096307][ T39] [ 275.096323][ T39] __schedule+0x16f3/0x4c20 [ 275.096365][ T39] ? sched_clock+0x3f/0x60 [ 275.096392][ T39] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 275.096429][ T39] ? __pfx___schedule+0x10/0x10 [ 275.096487][ T39] rt_mutex_schedule+0x77/0xf0 [ 275.096529][ T39] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 275.096570][ T39] ? rt_mutex_slowlock_block+0x351/0x6d0 [ 275.096602][ T39] rt_mutex_slowlock+0x2b1/0x6e0 [ 275.096633][ T39] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 275.096661][ T39] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 275.096708][ T39] ? reacquire_held_locks+0x127/0x1d0 [ 275.096748][ T39] ? nfc_rfkill_set_block+0x50/0x2e0 [ 275.096771][ T39] mutex_lock_nested+0x16a/0x1d0 [ 275.096800][ T39] ? __pfx_nfc_rfkill_set_block+0x10/0x10 [ 275.096827][ T39] nfc_rfkill_set_block+0x50/0x2e0 [ 275.096851][ T39] ? __pfx_nfc_rfkill_set_block+0x10/0x10 [ 275.096877][ T39] rfkill_set_block+0x1e5/0x450 [ 275.096912][ T39] rfkill_sync_work+0x114/0x200 [ 275.096943][ T39] ? process_scheduled_works+0x9ef/0x17b0 [ 275.096973][ T39] process_scheduled_works+0xade/0x17b0 [ 275.097033][ T39] ? __pfx_process_scheduled_works+0x10/0x10 [ 275.097080][ T39] worker_thread+0x8a0/0xda0 [ 275.097137][ T39] kthread+0x70e/0x8a0 [ 275.097174][ T39] ? __pfx_worker_thread+0x10/0x10 [ 275.097201][ T39] ? __pfx_kthread+0x10/0x10 [ 275.097239][ T39] ? __pfx_kthread+0x10/0x10 [ 275.097272][ T39] ret_from_fork+0x436/0x7d0 [ 275.097304][ T39] ? __pfx_ret_from_fork+0x10/0x10 [ 275.097339][ T39] ? __switch_to_asm+0x39/0x70 [ 275.097360][ T39] ? __switch_to_asm+0x33/0x70 [ 275.097379][ T39] ? __pfx_kthread+0x10/0x10 [ 275.097413][ T39] ret_from_fork_asm+0x1a/0x30 [ 275.097452][ T39] [ 275.097468][ T39] INFO: task kworker/1:6:5984 blocked for more than 143 seconds. [ 275.097482][ T39] Not tainted syzkaller #0 [ 275.097500][ T39] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 275.097509][ T39] task:kworker/1:6 state:D stack:20872 pid:5984 tgid:5984 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 275.097626][ T39] Workqueue: events rfkill_global_led_trigger_worker [ 275.097649][ T39] Call Trace: [ 275.097656][ T39] [ 275.097669][ T39] __schedule+0x16f3/0x4c20 [ 275.097721][ T39] ? __pfx___schedule+0x10/0x10 [ 275.097756][ T39] ? __pfx___schedule+0x10/0x10 [ 275.097807][ T39] ? _raw_spin_unlock_irq+0x23/0x50 [ 275.097843][ T39] rt_mutex_schedule+0x77/0xf0 [ 275.097863][ T39] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 275.097890][ T39] ? task_blocks_on_rt_mutex+0x78c/0x1380 [ 275.097937][ T39] rt_mutex_slowlock+0x2b1/0x6e0 [ 275.097966][ T39] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 275.097994][ T39] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 275.098033][ T39] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 275.098082][ T39] ? rfkill_global_led_trigger_worker+0x27/0xd0 [ 275.098103][ T39] mutex_lock_nested+0x16a/0x1d0 [ 275.098129][ T39] ? rfkill_global_led_trigger_worker+0x27/0xd0 [ 275.098151][ T39] ? process_scheduled_works+0x9ef/0x17b0 [ 275.098180][ T39] rfkill_global_led_trigger_worker+0x27/0xd0 [ 275.098202][ T39] ? process_scheduled_works+0x9ef/0x17b0 [ 275.098230][ T39] process_scheduled_works+0xade/0x17b0 [ 275.098299][ T39] ? __pfx_process_scheduled_works+0x10/0x10 [ 275.098343][ T39] worker_thread+0x8a0/0xda0 [ 275.098371][ T39] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 275.098412][ T39] ? __kthread_parkme+0x7b/0x200 [ 275.098449][ T39] kthread+0x70e/0x8a0 [ 275.098482][ T39] ? __pfx_worker_thread+0x10/0x10 [ 275.098533][ T39] ? __pfx_kthread+0x10/0x10 [ 275.098572][ T39] ? __pfx_kthread+0x10/0x10 [ 275.098606][ T39] ret_from_fork+0x436/0x7d0 [ 275.098637][ T39] ? __pfx_ret_from_fork+0x10/0x10 [ 275.098672][ T39] ? __switch_to_asm+0x39/0x70 [ 275.098692][ T39] ? __switch_to_asm+0x33/0x70 [ 275.098710][ T39] ? __pfx_kthread+0x10/0x10 [ 275.098744][ T39] ret_from_fork_asm+0x1a/0x30 [ 275.098783][ T39] [ 275.098795][ T39] INFO: task syz.1.46:6119 blocked for more than 143 seconds. [ 275.098809][ T39] Not tainted syzkaller #0 [ 275.098819][ T39] Blocked by coredump. [ 275.098826][ T39] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 275.098835][ T39] task:syz.1.46 state:D stack:25640 pid:6119 tgid:6118 ppid:5839 task_flags:0x40044c flags:0x00004002 [ 275.098919][ T39] Call Trace: [ 275.098926][ T39] [ 275.098939][ T39] __schedule+0x16f3/0x4c20 [ 275.098981][ T39] ? validate_chain+0x897/0x2140 [ 275.099024][ T39] ? __lock_acquire+0xab9/0xd20 [ 275.099052][ T39] ? __pfx___schedule+0x10/0x10 [ 275.099101][ T39] ? schedule+0x91/0x360 [ 275.099135][ T39] schedule+0x165/0x360 [ 275.099168][ T39] schedule_timeout+0x9a/0x270 [ 275.099199][ T39] ? __pfx_schedule_timeout+0x10/0x10 [ 275.099243][ T39] ? _raw_spin_unlock_irq+0x23/0x50 [ 275.099276][ T39] ? lockdep_hardirqs_on+0x9c/0x150 [ 275.099307][ T39] ? wait_for_completion+0x267/0x5d0 [ 275.099342][ T39] wait_for_completion+0x2bf/0x5d0 [ 275.099388][ T39] ? __pfx_wait_for_completion+0x10/0x10 [ 275.099427][ T39] ? __flush_work+0xd2/0xbe0 [ 275.099460][ T39] ? __flush_work+0xd2/0xbe0 [ 275.099491][ T39] __flush_work+0x9b9/0xbe0 [ 275.099532][ T39] ? __flush_work+0xd2/0xbe0 [ 275.099566][ T39] ? __pfx___flush_work+0x10/0x10 [ 275.099598][ T39] ? __pfx_wq_barrier_func+0x10/0x10 [ 275.099642][ T39] ? __pfx___cancel_work+0x10/0x10 [ 275.099673][ T39] ? nfc_genl_device_removed+0x23c/0x330 [ 275.099708][ T39] __cancel_work_sync+0xbe/0x110 [ 275.099741][ T39] rfkill_unregister+0x95/0x230 [ 275.099776][ T39] nfc_unregister_device+0x96/0x2a0 [ 275.099801][ T39] ? __pfx_virtual_ncidev_close+0x10/0x10 [ 275.099827][ T39] virtual_ncidev_close+0x59/0x90 [ 275.099852][ T39] __fput+0x45b/0xa80 [ 275.099887][ T39] task_work_run+0x1d4/0x260 [ 275.099913][ T39] ? __pfx_task_work_run+0x10/0x10 [ 275.099947][ T39] do_exit+0x6b5/0x2300 [ 275.099968][ T39] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 275.100008][ T39] ? __lock_acquire+0xab9/0xd20 [ 275.100039][ T39] ? __pfx_do_exit+0x10/0x10 [ 275.100057][ T39] ? rt_mutex_slowunlock+0x493/0x8a0 [ 275.100088][ T39] ? rt_spin_lock+0x1bb/0x2c0 [ 275.100141][ T39] do_group_exit+0x21c/0x2d0 [ 275.100169][ T39] get_signal+0x125e/0x1310 [ 275.100223][ T39] arch_do_signal_or_restart+0x9a/0x750 [ 275.100259][ T39] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 275.100304][ T39] ? exit_to_user_mode_loop+0x40/0x110 [ 275.100339][ T39] exit_to_user_mode_loop+0x75/0x110 [ 275.100370][ T39] do_syscall_64+0x2bd/0x3b0 [ 275.100392][ T39] ? lockdep_hardirqs_on+0x9c/0x150 [ 275.100425][ T39] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 275.100448][ T39] ? clear_bhb_loop+0x60/0xb0 [ 275.100476][ T39] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 275.100503][ T39] RIP: 0033:0x7f71524eeec9 [ 275.100526][ T39] RSP: 002b:00007f715074e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 275.100546][ T39] RAX: 0000000000000003 RBX: 00007f7152745fa0 RCX: 00007f71524eeec9 [ 275.100562][ T39] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 275.100574][ T39] RBP: 00007f7152571f91 R08: 0000000000000000 R09: 0000000000000000 [ 275.100584][ T39] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 275.100593][ T39] R13: 00007f7152746038 R14: 00007f7152745fa0 R15: 00007ffc68bbaee8 [ 275.100633][ T39] [ 275.100654][ T39] [ 275.100654][ T39] Showing all locks held in the system: [ 275.100664][ T39] 1 lock held by khungtaskd/39: [ 275.100673][ T39] #0: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 275.100739][ T39] 2 locks held by getty/5600: [ 275.100747][ T39] #0: ffff88823bf688a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 275.100792][ T39] #1: ffffc90003e8b2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1410 [ 275.100832][ T39] 1 lock held by syz-executor/5839: [ 275.100840][ T39] #0: ffffffff8efb21b8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xd1/0x230 [ 275.100889][ T39] 4 locks held by kworker/0:4/5909: [ 275.100897][ T39] #0: ffff888019898538 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 275.100935][ T39] #1: ffffc90004f5fbc0 ((work_completion)(&rfkill->sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 275.100974][ T39] #2: ffffffff8efb21b8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_sync_work+0x2e/0x200 [ 275.101016][ T39] #3: ffff88801cb850f0 (&dev->mutex){....}-{4:4}, at: nfc_rfkill_set_block+0x50/0x2e0 [ 275.101055][ T39] 3 locks held by kworker/1:6/5984: [ 275.101064][ T39] #0: ffff888019898538 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 275.101102][ T39] #1: ffffc900052ffbc0 ((work_completion)(&rfkill_global_led_trigger_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 275.101141][ T39] #2: ffffffff8efb21b8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_global_led_trigger_worker+0x27/0xd0 [ 275.101177][ T39] 1 lock held by syz.1.46/6119: [ 275.101185][ T39] #0: ffff88801cb850f0 (&dev->mutex){....}-{4:4}, at: nfc_unregister_device+0x63/0x2a0 [ 275.101221][ T39] 2 locks held by syz-executor/6386: [ 275.101230][ T39] #0: ffff88814daf1188 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x660 [ 275.101269][ T39] #1: ffffffff8efb21b8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x900 [ 275.101312][ T39] 3 locks held by syz.3.270/6810: [ 275.101320][ T39] #0: ffffffff8e217ad8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x340 [ 275.101373][ T39] #1: ffff88805adb30f0 (&dev->mutex){....}-{4:4}, at: nfc_register_device+0xa1/0x320 [ 275.101408][ T39] #2: ffffffff8efb21b8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x900 [ 275.101448][ T39] 1 lock held by syz.0.275/6825: [ 275.101456][ T39] #0: ffffffff8e217ad8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x340 [ 275.101500][ T39] 1 lock held by syz.4.283/6844: [ 275.101507][ T39] #0: ffffffff8e217ad8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x340 [ 275.101545][ T39] 1 lock held by syz.2.284/6846: [ 275.101553][ T39] #0: ffffffff8e217ad8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x340 [ 275.101590][ T39] 1 lock held by syz-executor/6848: [ 275.101598][ T39] #0: ffffffff8e217ad8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x340 [ 275.101635][ T39] 1 lock held by syz-executor/6851: [ 275.101643][ T39] #0: ffffffff8e217ad8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x340 [ 275.101680][ T39] 1 lock held by syz-executor/6852: [ 275.101688][ T39] #0: ffffffff8e217ad8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x340 [ 275.101725][ T39] 1 lock held by syz-executor/6855: [ 275.101733][ T39] #0: ffffffff8e217ad8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x340 [ 275.101780][ T39] 1 lock held by syz-executor/6856: [ 275.101788][ T39] #0: ffffffff8e217ad8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x340 [ 275.101823][ T39] 1 lock held by syz-executor/6862: [ 275.101830][ T39] #0: ffffffff8e217ad8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x340 [ 275.101865][ T39] 1 lock held by syz-executor/6864: [ 275.101872][ T39] #0: ffffffff8e217ad8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x340 [ 275.101907][ T39] 1 lock held by syz-executor/6866: [ 275.101914][ T39] #0: ffffffff8e217ad8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x340 [ 275.101950][ T39] 1 lock held by syz-executor/6869: [ 275.101957][ T39] #0: ffffffff8e217ad8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x340 [ 275.101992][ T39] 1 lock held by syz-executor/6870: [ 275.101999][ T39] #0: ffffffff8e217ad8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x340 [ 275.102034][ T39] [ 275.102037][ T39] ============================================= [ 275.102037][ T39] [ 275.102051][ T39] NMI backtrace for cpu 0 [ 275.102068][ T39] CPU: 0 UID: 0 PID: 39 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 275.102084][ T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 275.102091][ T39] Call Trace: [ 275.102096][ T39] [ 275.102102][ T39] dump_stack_lvl+0x189/0x250 [ 275.102125][ T39] ? __pfx_dump_stack_lvl+0x10/0x10 [ 275.102145][ T39] ? __pfx__printk+0x10/0x10 [ 275.102168][ T39] nmi_cpu_backtrace+0x39e/0x3d0 [ 275.102189][ T39] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 275.102209][ T39] ? __pfx__printk+0x10/0x10 [ 275.102226][ T39] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 275.102245][ T39] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 275.102265][ T39] watchdog+0xf93/0xfe0 [ 275.102286][ T39] ? watchdog+0x1de/0xfe0 [ 275.102308][ T39] kthread+0x70e/0x8a0 [ 275.102330][ T39] ? __pfx_watchdog+0x10/0x10 [ 275.102347][ T39] ? __pfx_kthread+0x10/0x10 [ 275.102371][ T39] ? __pfx_kthread+0x10/0x10 [ 275.102392][ T39] ret_from_fork+0x436/0x7d0 [ 275.102412][ T39] ? __pfx_ret_from_fork+0x10/0x10 [ 275.102434][ T39] ? __switch_to_asm+0x39/0x70 [ 275.102446][ T39] ? __switch_to_asm+0x33/0x70 [ 275.102458][ T39] ? __pfx_kthread+0x10/0x10 [ 275.102479][ T39] ret_from_fork_asm+0x1a/0x30 [ 275.102506][ T39] [ 275.102511][ T39] Sending NMI from CPU 0 to CPUs 1: [ 275.102565][ C1] NMI backtrace for cpu 1 [ 275.102580][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 275.102609][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 275.102623][ C1] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 275.102654][ C1] Code: 13 b3 03 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 13 06 11 00 f3 0f 1e fa fb f4 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 275.102667][ C1] RSP: 0018:ffffc900001d7de0 EFLAGS: 000002c6 [ 275.102681][ C1] RAX: 1108ed25bde2f800 RBX: ffffffff81956088 RCX: 1108ed25bde2f800 [ 275.102694][ C1] RDX: 0000000000000001 RSI: ffffffff8d03af6e RDI: ffffffff8b621680 [ 275.102705][ C1] RBP: ffffc900001d7f20 R08: ffff8880b893341b R09: 1ffff11017126683 [ 275.102718][ C1] R10: dffffc0000000000 R11: ffffed1017126684 R12: ffffffff8f1d6330 [ 275.102730][ C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff110038d2b28 [ 275.102740][ C1] FS: 0000000000000000(0000) GS:ffff8881269bc000(0000) knlGS:0000000000000000 [ 275.102753][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 275.102764][ C1] CR2: 00007fa53557c9cb CR3: 000000000d7a6000 CR4: 00000000003526f0 [ 275.102778][ C1] Call Trace: [ 275.102784][ C1] [ 275.102789][ C1] default_idle+0x13/0x20 [ 275.102824][ C1] default_idle_call+0x74/0xb0 [ 275.102843][ C1] do_idle+0x1e8/0x510 [ 275.102862][ C1] ? __pfx_do_idle+0x10/0x10 [ 275.102885][ C1] ? do_idle+0xa/0x510 [ 275.102901][ C1] cpu_startup_entry+0x44/0x60 [ 275.102917][ C1] start_secondary+0x101/0x110 [ 275.102937][ C1] common_startup_64+0x13e/0x147 [ 275.102962][ C1] [ 275.103534][ T39] Kernel panic - not syncing: hung_task: blocked tasks [ 275.103544][ T39] CPU: 0 UID: 0 PID: 39 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 275.103560][ T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 275.103569][ T39] Call Trace: [ 275.103574][ T39] [ 275.103580][ T39] dump_stack_lvl+0x99/0x250 [ 275.103613][ T39] ? __asan_memcpy+0x40/0x70 [ 275.103629][ T39] ? __pfx_dump_stack_lvl+0x10/0x10 [ 275.103649][ T39] ? __pfx__printk+0x10/0x10 [ 275.103672][ T39] vpanic+0x281/0x750 [ 275.103695][ T39] ? __pfx_vpanic+0x10/0x10 [ 275.103714][ T39] ? __x2apic_send_IPI_mask+0x1e4/0x260 [ 275.103728][ T39] ? lockdep_hardirqs_on+0x9c/0x150 [ 275.103756][ T39] panic+0xb9/0xc0 [ 275.103776][ T39] ? __pfx_panic+0x10/0x10 [ 275.103798][ T39] ? irq_work_queue+0xc3/0x140 [ 275.103837][ T39] ? nmi_trigger_cpumask_backtrace+0x234/0x300 [ 275.103858][ T39] watchdog+0xfd2/0xfe0 [ 275.103881][ T39] ? watchdog+0x1de/0xfe0 [ 275.103904][ T39] kthread+0x70e/0x8a0 [ 275.103928][ T39] ? __pfx_watchdog+0x10/0x10 [ 275.103946][ T39] ? __pfx_kthread+0x10/0x10 [ 275.103972][ T39] ? __pfx_kthread+0x10/0x10 [ 275.103995][ T39] ret_from_fork+0x436/0x7d0 [ 275.104016][ T39] ? __pfx_ret_from_fork+0x10/0x10 [ 275.104040][ T39] ? __switch_to_asm+0x39/0x70 [ 275.104053][ T39] ? __switch_to_asm+0x33/0x70 [ 275.104066][ T39] ? __pfx_kthread+0x10/0x10 [ 275.104089][ T39] ret_from_fork_asm+0x1a/0x30 [ 275.104114][ T39] [ 275.104588][ T39] Kernel Offset: disabled