last executing test programs: 29.217653128s ago: executing program 3 (id=22): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) removexattr(0x0, 0x0) 8.876762262s ago: executing program 3 (id=23): socket$l2tp6(0xa, 0x2, 0x73) socket$unix(0x1, 0x5, 0x0) r0 = socket(0x1e, 0x5, 0x0) listen(r0, 0x0) socket(0x1e, 0x805, 0x0) accept4$inet6(r0, 0x0, 0x0, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000240)={'syz_tun\x00', 0x0}) bind$packet(r1, &(0x7f0000000300)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @remote}, 0x14) r3 = socket$packet(0x11, 0x3, 0x300) bind$packet(r3, &(0x7f0000000180)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @remote}, 0x14) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/ptype\x00') r5 = socket$packet(0x11, 0x3, 0x300) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) bind$packet(r5, &(0x7f0000000000)={0x11, 0x0, r7, 0x1, 0x0, 0x6, @link_local}, 0x14) preadv(r4, &(0x7f0000000000)=[{&(0x7f0000000480)=""/187, 0xbb}], 0x1, 0x4c, 0x0) 7.787060198s ago: executing program 3 (id=108): madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000928000/0x2000)=nil, 0x2000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = io_uring_setup(0x1698, &(0x7f0000000140)={0x0, 0x3, 0x0, 0xfffffffc, 0x4}) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) r2 = syz_open_procfs(0x0, 0x0) writev(r2, &(0x7f0000000100)=[{0x0}], 0x1) munmap(&(0x7f00001a2000/0x1000)=nil, 0x1000) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r5, &(0x7f0000000200), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000005, 0x110, r4, 0x8075000) ioctl$FS_IOC_FIEMAP(0xffffffffffffffff, 0xc020660b, &(0x7f0000000000)=ANY=[@ANYBLOB="0100"]) preadv(r5, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) move_pages(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_GET_NESTED_STATE(r6, 0xc048aeca, &(0x7f0000005580)={{0x0, 0x0, 0x80}}) migrate_pages(0x0, 0x3, &(0x7f0000000040)=0x7f, &(0x7f0000000300)=0xa) r7 = syz_open_procfs$pagemap(0x0, &(0x7f0000000000)) ioctl$PAGEMAP_SCAN(r7, 0xc0606610, &(0x7f0000000200)={0x60, 0x0, &(0x7f0000245000/0x2000)=nil, &(0x7f0000994000/0x2000)=nil, 0x0, 0x0, 0x0, 0x800000}) syz_open_dev$evdev(&(0x7f0000000000), 0xffffffffffffffff, 0x1) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r2, &(0x7f0000000600)={&(0x7f0000000500), 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x30, 0x0, 0x100, 0x70bd2b, 0x25dfdbff, {{}, {}, {0x14, 0x19, {0xfffffef9, 0x1, 0x0, 0xc}}}, [""]}, 0x30}, 0x1, 0x0, 0x0, 0x20000004}, 0x0) r8 = socket(0x11, 0x800000003, 0x0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r8, 0x89f0, &(0x7f0000000080)={'tunl0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @local, @loopback}}}}) 7.663152453s ago: executing program 0 (id=110): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'ip_vti0\x00', 0x0}) r2 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$sock_int(r2, 0x1, 0x29, &(0x7f0000000080)=0x2, 0x4) sendmsg$can_raw(r2, &(0x7f0000000300)={&(0x7f0000000800)={0x1d, r1}, 0x10, &(0x7f0000000880)={&(0x7f0000000840)=@can={{}, 0x0, 0x0, 0x0, 0x0, "ded27feeba7ca62a"}, 0x10}}, 0x0) 7.237005754s ago: executing program 0 (id=113): r0 = socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$inet_int(r0, 0x10d, 0xb4, &(0x7f0000000040), &(0x7f0000000080)=0x4) 7.030013492s ago: executing program 0 (id=114): r0 = socket(0x200000100000011, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f00000000c0)={'batadv0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @multicast}, 0x14) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x800b, 0x4) sendmsg$netlink(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000300)={0x30, 0x0, 0x0, 0x0, 0x0, "", [@generic="d96e6c8d5e85080045f00d80724e11d569116e3a1ce41e2a560254cc0043"]}, 0x30}, {&(0x7f0000000340)=ANY=[], 0x100}], 0x2}, 0x0) 6.741796348s ago: executing program 0 (id=116): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000040)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) move_mount(r1, &(0x7f00000000c0)='./file0\x00', r0, &(0x7f0000000180)='./file0\x00', 0x100) 6.656381956s ago: executing program 2 (id=117): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000006c0), 0x208c01, 0x0) r2 = syz_io_uring_setup(0x516a, &(0x7f00000008c0)={0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, r1}, &(0x7f0000000140), &(0x7f0000000940)=0x0) syz_io_uring_setup(0x5e2, &(0x7f0000000280), &(0x7f0000000040)=0x0, &(0x7f0000000500)) syz_io_uring_submit(r4, r3, &(0x7f00000001c0)=@IORING_OP_READ_FIXED={0x4, 0x0, 0x3, @fd_index}) io_uring_enter(r2, 0xb15, 0x0, 0x0, 0x0, 0x0) r5 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$sock_netdev_private(r5, 0x8920, &(0x7f0000000080)="3ef2b744f871f304bd39afb83a") r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x8, 0x1c, &(0x7f0000000200)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}]}, &(0x7f0000000000)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000140)) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_queued_recursive\x00', 0x26e1, 0x0) close(r7) socket$key(0xf, 0x3, 0x2) ioctl$FICLONERANGE(r6, 0x4020940d, &(0x7f0000000840)={{r6}, 0x3, 0x7ff, 0x5}) sendmsg$key(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x2, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, [@sadb_spirange={0x2, 0x10, 0x4d5}]}, 0x20}}, 0x0) r8 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r8, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {0xffffffffffffffff, 0x0, 0x0, 0x30, 0x0, @in6={0x1b, 0x0, 0x0, @loopback}, @ib}}, 0x118) ioctl$SIOCSIFHWADDR(r7, 0x8b1b, &(0x7f0000000000)={'virt_wifi0\x00', @random}) 6.35902159s ago: executing program 0 (id=118): ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$bsg(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000008000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000008500000072"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0) r5 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r5, &(0x7f0000000080)={0x28, 0x0, 0x0, @local, 0x2}, 0x10) r6 = eventfd(0x0) ioctl$VHOST_SET_VRING_BASE(r4, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f}) ioctl$VHOST_SET_LOG_FD(r4, 0x4004af07, &(0x7f0000000240)=r6) ioctl$VHOST_SET_VRING_KICK(r4, 0x4008af20, &(0x7f0000000040)={0x1, r6}) ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/53, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f0000000000)=0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x90) 6.279867875s ago: executing program 2 (id=120): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000080)) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000200)={0x1, 0x0, [{0x0, 0x5, 0x0, 0x0, @msi}]}) 6.013638621s ago: executing program 0 (id=121): syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) inotify_add_watch(0xffffffffffffffff, 0x0, 0x0) r1 = dup(0xffffffffffffffff) read$FUSE(r1, &(0x7f0000002280)={0x2020}, 0x18b5) inotify_rm_watch(r1, 0x0) inotify_rm_watch(r0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x6}, 0x48) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000580)={r2, 0x0, 0x0}, 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r3, 0x8933, &(0x7f0000000000)={'wg1\x00'}) r4 = socket$inet6(0xa, 0x3, 0x4) setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f00000003c0)={0x1, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108) setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f00000005c0)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r4, 0x29, 0x30, &(0x7f0000002980)=ANY=[@ANYBLOB="01000000000000000a00000000000000ff020000000000000000000000000001"], 0x90) 5.533529605s ago: executing program 1 (id=123): r0 = syz_open_dev$media(&(0x7f0000000080), 0x0, 0xc01) write$cgroup_pid(r0, 0x0, 0x0) 5.518077031s ago: executing program 2 (id=124): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)={0xcc, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private1}, {0x14, 0x4, @private0}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private1}, {0x14, 0x4, @local}}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x38, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MAXIP={0x14, 0x5, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x6}]}, @CTA_NAT_V6_MINIP={0x14, 0x4, @loopback={0x2001000000000000}}]}]}, 0xcc}}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x0, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48) ptrace$setopts(0x4206, 0x0, 0x7fffffff, 0x6a) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10) socket$netlink(0x10, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x4c}}, 0x0) prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) waitid(0x2, 0x0, &(0x7f0000002b80), 0x41000004, &(0x7f0000000040)) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000000)='xfrm0\x00', 0x10) 5.333984005s ago: executing program 1 (id=126): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) io_setup(0x6, &(0x7f0000000240)) preadv(r0, &(0x7f0000000580)=[{&(0x7f0000000640)=""/102396, 0xfffffd6e}, {&(0x7f0000019740)=""/242}], 0x2, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) syz_open_dev$video4linux(0x0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) syz_emit_ethernet(0x7a, &(0x7f0000002080)={@local, @empty, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "9a6185", 0x44, 0x2f, 0x0, @remote, @private1, {[], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x1}}}}}}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00'}, 0x10) semop(0x0, &(0x7f0000000000)=[{0x0, 0xffff}], 0x1) write$sysctl(0xffffffffffffffff, 0x0, 0x0) ioctl$vim2m_VIDIOC_PREPARE_BUF(0xffffffffffffffff, 0xc058565d, 0x0) openat$mixer(0xffffffffffffff9c, &(0x7f00000016c0), 0x0, 0x0) ioctl$SOUND_MIXER_READ_VOLUME(0xffffffffffffffff, 0x40086603, &(0x7f0000000040)) socket$nl_netfilter(0x10, 0x3, 0xc) personality(0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x0) r3 = openat$cgroup_ro(r2, &(0x7f0000000340)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[], 0x0) write$binfmt_script(r3, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0) preadv(r3, &(0x7f00000015c0)=[{0x0}], 0x1, 0x0, 0x0) 4.684903006s ago: executing program 3 (id=127): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)={0x38, r1, 0x436ef9a9e9e5d58f, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}]]}, 0x38}}, 0x0) 3.95453316s ago: executing program 1 (id=128): socket$netlink(0x10, 0x3, 0x0) syz_usb_connect(0x0, 0x4f, &(0x7f0000000640)={{0x12, 0x1, 0x0, 0x3d, 0xa3, 0x77, 0x20, 0x572, 0xcafe, 0x5501, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3d, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x4, 0x96, 0xdb, 0xa8, 0x0, [], [{{0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [@generic={0x7, 0x5, "e37e1b82e6"}]}}, {{0x9, 0x5, 0xb, 0x2}}, {{0x9, 0x5, 0x1}}, {{0x9, 0x5, 0x2, 0x0, 0x10}}]}}]}}]}}, 0x0) 3.651528759s ago: executing program 3 (id=130): r0 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000980)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581d3b3"], 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_disconnect(r0) preadv(r1, &(0x7f0000000500)=[{&(0x7f0000000000)=""/72, 0x48}], 0x1, 0x0, 0x0) 2.900353011s ago: executing program 2 (id=131): r0 = socket$can_raw(0x1d, 0x3, 0x1) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x13, 0x804, 0x5, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x3}, 0x48) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BATADV_ALGO_NAME={0x10, 0x1, 'BATMAN_V'}]}}}]}, 0xfd12}}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800006, 0x10, 0xffffffffffffffff, 0x0) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_NEW(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x20, 0x0, 0x7, 0x301, 0x0, 0x0, {}, [@NFACCT_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x20}}, 0x0) sendmsg$NFNL_MSG_ACCT_DEL(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYBLOB="201000000003fd42facbc57d07010300000000000000000000000009000100fde5c122671b515e"], 0x20}}, 0x0) r5 = eventfd(0x0) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f0000000380)=""/138, 0x0}) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r5, &(0x7f0000000140)) ioctl$VHOST_SET_VRING_KICK(r3, 0x4008af20, &(0x7f0000000040)={0x0, r5}) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000280)={0x1, 0x0, 0x0, &(0x7f00000000c0)=""/87, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000000680)) ioctl$VHOST_SET_VRING_ERR(r3, 0x4008af22, &(0x7f0000000180)={0x0, r5}) ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, &(0x7f0000000000)=0x20000) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) socket(0x1a, 0x80000, 0x1) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000140)=0x632f, 0x4) setsockopt$CAN_RAW_FD_FRAMES(r0, 0x65, 0x5, &(0x7f0000000040)=0x1, 0x4) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000880)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r0, &(0x7f00000004c0)={&(0x7f00000000c0)={0x1d, r6, 0x3}, 0x10, &(0x7f0000000080)={&(0x7f0000000300)=@canfd={{}, 0x0, 0x0, 0x0, 0x0, "621105b0ae0282d478b6b01305946c17afcea96765fbac1cd8aabe71d5522a79da5a1d57b5fc633203000000ab6e543a04aa00"}, 0x48}}, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000100)) 2.705243418s ago: executing program 4 (id=132): mknod$loop(&(0x7f0000000140)='./file0\x00', 0x1000, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1/file2\x00', 0x0, 0x0) r0 = landlock_create_ruleset(&(0x7f00000002c0)={0x2001}, 0x10, 0x0) landlock_restrict_self(r0, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2) 2.432277386s ago: executing program 4 (id=133): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x7, 0x13, r2, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000340)={'ip6_vti0\x00', &(0x7f00000002c0)={'ip6_vti0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private2, @private0, 0x7800}}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000000c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x6]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.903026568s ago: executing program 4 (id=134): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000340)=[{0x6, 0x0, 0x0, 0x67b}]}, 0x10) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) getsockopt$bt_hci(r0, 0x84, 0x84, &(0x7f00000016c0)=""/4068, &(0x7f00000004c0)=0xfe4) 1.780566379s ago: executing program 4 (id=135): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r0, 0x0) setsockopt$inet6_int(r0, 0x29, 0x8, &(0x7f0000000000)=0x3, 0x4) syz_emit_ethernet(0x4a, &(0x7f0000000080)={@local, @multicast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "2a8435", 0x14, 0x6, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x4, 0x5, 0xa2e92c52c5df25c}}}}}}}, 0x0) 1.707627788s ago: executing program 4 (id=136): sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) preadv(r0, &(0x7f0000000240), 0x0, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000100)=',', 0xffdf}], 0x1) socket$inet_mptcp(0x2, 0x1, 0x106) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$inet(0x2, 0x0, 0x2) bind$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x10) socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)}, 0x0) 1.67889011s ago: executing program 1 (id=137): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x1b, 0x0, "61a1ed8439cde8054f2ada6fcd5fe76b933e8bb0ac60081e33dffa158f35f7519d5f73b4f5d80eb4881a5b98cb9fb96d225d602392f816d09dcc09b5063087117502d8c24f1fe97f61fd27a06d6a38a7"}, 0xd8) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r0, &(0x7f0000000240)="c4", 0x1, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) shutdown(r0, 0x2) 1.456471349s ago: executing program 1 (id=138): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={0x0}}, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='environ\x00') prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000180)={&(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x7000)=nil, &(0x7f0000ffb000/0x3000)=nil, 0x0}, 0x68) read$FUSE(r0, &(0x7f00000008c0)={0x2020}, 0x2020) 1.455310313s ago: executing program 3 (id=139): r0 = socket(0x2, 0x3, 0x6) bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a00000000000000000000000000000500010073797a30000000003c000000090a000000000007000000000000000008000a40000000000900020073797a32000000000900010073797a300000000008000540000000003c0000000e0a00000000000000000000000000000900020073797a32000000000900010073797a3000000000100003800c00008008000180040003"], 0xc0}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2c0000003b0007010000000000000000027c00000400000014000180060006008847000008001c"], 0x2c}}, 0x0) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f00000000c0)=0x6, 0x4) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/warn_count', 0x0, 0x0) lseek(r2, 0x3ff, 0x0) r3 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) ppoll(&(0x7f0000000480)=[{r3}], 0x1, 0x0, 0x0, 0x0) r4 = socket$kcm(0x10, 0x2, 0x4) close(r4) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000100)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r5 = syz_io_uring_setup(0x1114, &(0x7f0000000300), &(0x7f00000001c0)=0x0, &(0x7f0000000040)=0x0) flock(r0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x10, 0x0, 0x7, 0x0, 0x0}) io_uring_enter(r5, 0x47fa, 0x0, 0x0, 0x0, 0x0) shmat(0x0, &(0x7f0000ffa000/0x1000)=nil, 0x0) r8 = syz_usb_connect(0x0, 0x24, &(0x7f0000000700)={{0x12, 0x1, 0x0, 0x2e, 0xb5, 0xbd, 0x40, 0xc45, 0x6025, 0x4112, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x9, 0xd7, 0x40}}]}}]}}, 0x0) syz_usb_control_io$hid(r8, 0x0, &(0x7f0000000380)={0x2c, &(0x7f00000005c0)=ANY=[@ANYBLOB="de580363c293a3a8000700000000000000000000000000004dc2886fa1af0cf9710ed4d190e46a49cff9dba8af599b0a0800000000000000b4897e775a7390195f9ac64d750bfc9189cdfebecd1820be0c12fc12f6c9d405bf98129a483827897b7b7e"], 0x0, 0x0, 0x0, 0x0}) socket$kcm(0x10, 0x2, 0x0) r9 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$DEVLINK_CMD_SB_POOL_SET(r1, &(0x7f00000003c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000280)={&(0x7f0000000740)=ANY=[@ANYBLOB="d4000010af4e540f6f426ec1709fafaebd1b3f17f53d74e95c19d0f2fcecf861e88f4ca77d0036f779aad9ac88c2f8c0e6d419ae694872abdfef1405f6c48b100b6a8994ed3e2d84bd53159407a94fa0cd6035011154c7d1b190d196851e7c9d9c4d3bea3f", @ANYRES16=0x0, @ANYBLOB="040009000000fbdbdf25100000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00020000000600110005000000080013000600000005001400000000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00050000000600110007000000080013000800000005001400010000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00ff7f0000060011001700000008001300080000000500140001000000"], 0xd4}, 0x1, 0x0, 0x0, 0x1}, 0x4000881) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r9, 0x84, 0x6b, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010100}], 0x10) setsockopt(r9, 0x84, 0x7f, &(0x7f0000000040)="020000000980ffff", 0x8) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r9, 0x84, 0xc, &(0x7f0000000100), 0x4) recvmsg(r9, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) sendmsg$inet(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000000140)="5c00000011006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514001ac00400020208000200000001000064bc24eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000000e4509c5bbcd72c6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x80) sendto$inet(r0, &(0x7f0000000640)="8ce2ad5f4f95ea87a7846d3f816a9c264889973b", 0x14, 0x0, &(0x7f0000002400)={0x2, 0x0, @dev}, 0x10) 1.277089437s ago: executing program 1 (id=140): syz_usb_connect(0x0, 0x40, &(0x7f0000000540)=ANY=[@ANYBLOB="120100000bc703406d04c608c2330000000109022e000100000000090400000001019a00052406000005240000000d240f01000000000000000000052401"], 0x0) 1.203350205s ago: executing program 4 (id=141): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000c40)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x256c, 0x6d, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000001440)={0x24, 0x0, 0x0, &(0x7f00000013c0)={0x0, 0x22, 0x5, {[@local=@item_4={0x3, 0x2, 0x0, "741cb976"}]}}, 0x0}, 0x0) syz_usb_connect(0x4, 0x1087, &(0x7f0000002940)=ANY=[@ANYBLOB="12011001255bd5083c41ba8110ab0102030109027510040609200f0904940807020600830b24060000bbd482883dc305240009000d240f010180000004b40700080c241b01006b03fffc0002a60424020206241a0900011524120400a317a88b045e4f01a607c0ffcb7e392a0c241b0400a90c0800f5000429216ec5dc93280c6c55fe875af7148fadc15e6da4e7d3f6dbc0b4bec9abd5ff812d9b4fd1389764580905064910000a058007250100080300fc04597b850de75bc103f0bfad34dff90188e2630b25e040a4c92070714bc9aeb06fe07bdf6bf774f734d7c711000e6b804dd34cf7e287c19e2808a5780ef189e1189035d7e8e1f5f6570928c0a742f5c167ece665237c54227c1a7e218cd56ca2a52f8c80cab92456c47bd59f25945edd268d89fceea182e4ac0afa36e24814127db9e573d64084a0c69c48cf74842834b591aac29a7461576c8e386f686a77c907a692c848a6c04616d06f9baae9c57f8688e0d59998ff73aab9e75a769d8c8742ab4aa711872da45242d812e66b8f344da7da2bad8cfa260995facc26886c8830a68269ef5e5f12cf9f95ea485af6bb4e1c096c9342922edaad2809050c08000207090707250103810100e431b5f73db910080d895c21529bc3335b6d363597b2fd193aeae1051f5f179218fe865bedc331359960c5f03399230166e0bff6d75c4dce59263b9e3cac948898c66418de16c340c038631e6c223d57067b77d5780364508a43948b0522aa79e54e0892b00f0cc98c585b98e423652b3f38dbb4047d60cc1a964baba2de239112803165157e8c4b246e7c9a1310ef7175e02bd42cdc2926f0f6ff2421347e2e904381397678245aa85a136f731a1758a9241798a1317f1e3e043edb6c7afad969881525d5579d48fba29a7ccd159da089bb8b100921c3c8fe488336fd878a7ca04e5a08090580100800f7e040e22341e57ef0caa784a259206643f8ad9d760381a6f9b2473c3d0c799e48d13cc7224fd63f4cdd7f5d76a69440be400695fcba9372b1aa6da7473cc9adc51eb09670845b9998d4d0992ce91037a3c024bd952be3d0146c01b69093992773258a815c2cd3398d90fe5318fbf32fb0d5b0bb603de34ccb0e4756a9acec4de54f70026759f93037158f433b0c16471310fe7ec01ae9a7582840e7aa950f99c73684c4e8d0c6fe05c8a96e2b0acf1c43ce75c6e0a84fc7128e8e62a9d711e687aaff22824a69741371daa45cdf7e1e943b99ef78cf84faff5917974ccd0d700fcfb1db4f0905000000020703030725018310ff00072501030605000905050040000004060905041008000200ff09050c010002020b3f090437040fffffff0d0905070020000608800905030010000404ff072501000044fab71031a704ed9a2f4faadfe9446426d486f3c172be037033f1e5597e5aa710c12f6162078351f5ebce829c094c5506107825c7e366466217c0769daf2dbb34143639b018178b66ca083edf0b6525d29397b7308e43f212459146652813b963c1dc56cdea12fd7d5c15bd0fbcf3b54e5a1ec68c1f4c7d1f00546d88095131e2c4e32c82c557541c6b1e005263433d84f614b4e4ca9b3b92416289c3026f7f034f8641bf2d4817554540683a6f2e91af3f45f468198f539509050708080007b90509050f0400040e07cd07250102e4008009050f10000204ff0609050a080800060803072501800301003e0a7eea2ae3843efe53c1c420e010c8b79a734cfe8931c4cc8e58e5e1c66040ab6a8c43a2e3eecd4388d21aa32b32bb284192c5d7b3486a91a58e45ae8a09050f0100020905070905040cff03000401fc22d71aa6f0945586b24734238f70dbd3f1ef80d6d49adca6692b0bbea36b8718135a2c24c870e04ac219e9077375757ad264777b8fc1b3bec34c5b84c0cca328fedbe6f4dbc43e31969a4a7bb96a27e52eb1c92faa082aa9233ad7769b673b6c3584f7ea73aa50035a9ca2d204ddba1374752477a13697ef81fd213d4080581ef0cabab266ea3a1e1cd1db16aa996a52c92c3904ddec5543426e87b2aa7a5f6b70c75ca3ae6091b415c27a26677ecfac96b27b05696ac75514a6a0939140da60765c55c9ff87cc5ff6f87097838d9541e17e5962d294683d806def5f9881360fe76ee8d97ecca596ecbca39ac42d98fd56842438ba98ca406dbc00072501010405000905800c20020208f707250181e9040009050502ff03be030609050801400003000409050100100003040509050b00ff03970a033e119ca65f68844557d2679042310f40a949edaa5abae763b090722444a18560246e4367e2c8c61ca9660dc83fd7a4207e2a3d44f210dc4d0f0a27c820541e3132095462b99a9096a5a5a8807e724f1c3dc19c83056b43c68f27307e090502012000040303762139d5c9faaa69d9fcff9bd7a6463d285879485a96169688bd31dc0052535c73db8e345f39af5a56be773f85f0036717aaa722fe612494a0be789ae4db3bb4fcc8c4819623f44e5490acb8863dfe6010df9c9ff4fee7c8cdcf60c2cbf3374e1dec521d06320a90a6de162ff2e825bf56c4906442480905060100000560028f0ff464a5349f6b080330d105f5e3e83130e4fe7ab468d368e4fbdea19a9abb0f641a6e011f38b7d82398203927245a1ec67292e32689f02f26dcb868ec5b299b0967326fc20edd8abdbf2dd495a3fc7140e74e8de47035806c40c2069c9122a29b47953f323d5bfc6d0e477f9dd1fd9306c35bb3d4c36c754d1db32cf03ea2ef3a0c62e617ea948074f14c317fcca83417a69c6e2fbb242aff5e6f917e66e8bfecad4c7c8f49036e919f7daaeba5471c50c368441856ec0ef6a36ee87671a5410c1a1d3e30bb34c01acd2427c9d3cb9c2bc06eee3d6ff911267ed2125cd69aad2cfc62923998813c247cdf9c3592fb82daa9deda62cc419b6ed1db803dd10f987476417fbc43aaba2bfb804404a917281b1d79be1863d0691635c7998fa99f7599d92225589831d870ca62c2a7428c4b99d957b4649309049f070c4ad7d2045d036e70b1a66f5d6087d45edcc5b71277e80306e8687cf5446b68111ece9b267c0d7c638bbd12ce29de7abcb0f201cbf636736b28a3053c5168a1802b57e830afd952d1a00f56958399fea9bf174fc3218bebcf6438a6e0723729658d080fe8442795d6260905000240040d0706da0e999ad4fabd0c990186377f4909f3dda26729ca4a9fc6fcfce194d6d1414ce80b7326f6ceee3907a5c2059eda2a63c5dd9ad6a3ae60eef16091ba27524dd1fea7fed6193a0fafaf3a1a3422d1ed2b7f68c0108a80b03f0df6206d976e7f31f9789e8f9afd1822aa80a023f952dd3918a1b4bdd28a20a78e961860f8f7fdffde37d106ca797a4ca37e359a8fedd6368881a5a985cabd2cd4dc0768387bdec6976ef2a7b3537730e9ac87e80ec0ee5e85c1d27bed19354f89d3df956bb70697ec941e1ef292c0ec7ba3dead76824031ec9cad575eba88ce5c1209050d110800013f09072501839e0700090500020002567f6bdc234f8a8fb06572ce6ecedd2ecf8bcc4ed01fe45a7d988346377241e8d29b70464ecdc7b5fbbc9365298f196fc3610805405bb2364aae270f745aa166c34bdd254d5d7d1d4bcce6eda79965a7f9e8ca0e2cc4996ee0717c64539d71fb176673ffb739f930c431f51fa314e138704517647f737df5d90bc15a498efea5c0dde7a53ff557332f432d948893af11a73d72316f190fd59825075b0fb530e60cefcc441e66adf91811e21bcc56f73a8ce6078d53b31e041112ed64dcacf3c898703b5a851b3c8cc39f3cd8fee27ef0ee837a6f124dd5b5ecf86b23cd05a78e0cb0cd9ea74205ce9f5f4fac249c60badf49064053d6465fa4ae66581308818f5da3c6f225c1baaa4cb5ca40c02691ee0d9734bfe40bc3f3bd628f33d23105fba97ef552924153d074c72052e57a3a2b6f2edfc506332c258bfa049a3249522967255c407c16487bff646c61250888123a17f3ee7b46dc98faf761213a17e02a6c9844faac8b1302d88b30393809050401ff0340faff05223b1729090507000004090502871153ea2211acc4666495c6587ab0a63129b80bdc0f08b1b8722787b55d86593b8107ffe1f4d4de8a2b0f48a98547539376c04aa18e072c582f1161e1c9b6eafd0cc42f57860ec818c477a65695be6af6fe9533002b3f8e9a71bb119a267022044adbbcee379e1fe60a4125a7680b1b9678074ea49bff4f133a4bdcf9c051c664ce00d8f4b7dd090580104000d440070725010104040007250180020400090580000004d60808c605f49b94dc74d7ac8598be7fb42ad9a344b928e159d1dffb1d6e1faff3936b1957984c711f103e0b5235454106d7995d9bf88baa9b16d47919dc399ae1402fb5751498b2dd6e44b99fea482586099b6dafbd7750bfe3346999fb2cf5706b6eee06fac57c1ad2bfc3cb7c6799543a0188aaeb921697b172db2f0a43b310e9bf847841aaf57de8fe7239a7921809eb3b486c7663c588e021fbf831fb2774dfe6a136dbb0e836562c4ed66386fe0f6f757ea21b59acbb65aad6ab617180dcd21b57fd555f7607c510721c0bfe0c1abbb19d20cb637c07e001bf73266895f7611e5a6d0c7647c2cbf93483c6330faf668f5c7368d1541dcb0fe1992045ea528e8c9f63012cfee4daf4f7a4de840455c6cb7e2d18fb363d1d31bf2b7facf950be5945ed636f26489ca2013234d2875c2bc9b61c2f0d218381582f9f0afdd067bdf8ecf7b0dcb85ee14c14a5b05152b71359c5c1e7587b8a90c6b9083e3212a3cb3ae1f4e02eff60c1bbc9e51f9437237e87f6e1c77484ef8e210a9888e2e56c991578a547baba3553fcb96e07090504002000f90e0607250101080c0009050c0100040591011121fef1449042173c9d3bcecf3df0e9a6880395def94ddd067a3148f0ce8e3d3284d6ab1b4eb6f68853118994c96ce2e22edfa2cb7f058a83b8b81ca3ebaf127196528d8f2dbaee4306087bb80ff2a47cbbfdd41cdab1047e873f99f506fd976b2216534f46ac329b88b41e4a09a2aa7df9fb5f72a5ede693883071467f16fb3ebba05c4cf85bf3fc9c1adc114e4daf535527e23db7e1a9420905090800020813016705155865afaab9420b2a49002bf00566df3bb87a9fd1a9f418dbfb4de8440a2a7c113240d133bcfde6db86cb5239457c9b6508b3671d8a4b4fc31db4ea5d670840abf69ee5352863fbb5a14c2fed6b0522fdddd4177fb7744715f5150f57b9bb55022b37fa5309050d082000090910072501830020000c04072c891894dbfba76a4909050e10080607030107250100310b000725010105ff0109049a08055306630909050c0840000006044c3547c101e1f3f69d2907685d1e4462e4655d256138cf97a3e901f1c5d3abc981d286e59ac965ece8ccde60886244086dfd86bff3b49e3fc7a03d3f15f1a8e4d957155728714587b9bd04b3740235a750ce4647c5621604b3dc20e6adabb84a4a461dbd55099092c524ec76f886574d7df8d7854f2f218ed0c5807fb72cd0ab7e176a5ae8007e6b6a2d5a341c902ecb7f8a764ec3348d2056bd428e3ddc14a64e29a33667c99295b1929ffb0decec5e3479540a113784b33d12f2a47121ffcf09050303400002060c07250103020400a605a2ff1eaef64b5b4cd4c1aa69488e630f55628b4074881242bbaae6ddaea7166a17910f17db972cb9ff9b5d6e3ecad4c036cc3b8f1aa6f22fbdc88b64b5c699c3b57d5f681c3c259ef32d16b10883c2076130b657a52ea25dc67cd65d1aa8f2303e67670d4c757e17114fa3fcb6cd183fb707a15ceeaba248327c2c8a245d8bd851b8c325f669b942f4a83c9f44eeae7a27aca55fd5f7809b73de412b956baf4160fc79c5090504000800010b7f090509000004080b0109050700ff03020704072501010700009557b1400e8fe8e69cc6fcc4464283a45ba4694a900e4081225790e547fcfd6a18a9f8c55d6e466e38f81a3edfe144c6ea85d280fc08e7f00725ca51eaefcb79078ae974a4cc10c2fcfc11804ca0ab7d2059ff8847b7bce0668378162ed2beb6f76b9038fdab105cd618705cc4bf45cfb7213d"], &(0x7f0000000bc0)={0xa, &(0x7f0000000940)={0xa, 0x6, 0x200, 0xd, 0x5, 0xfc, 0x20, 0x29}, 0x2d, &(0x7f0000000980)=ANY=[@ANYBLOB="050f2d000407100202a900080b10010c880000000000030b10012c180009080500010b1001080000030931ba07"], 0x6, [{0x4, &(0x7f00000009c0)=@lang_id={0x4, 0x3, 0x422}}, {0x91, &(0x7f0000000a00)=@string={0x91, 0x3, "d8d05622facd3aa51dc556f0d8463741908d3f7b22220d4ede1b89240557505c327b2f90b8d1809228e80a6f0dc4e86c94b5148486617c4c17fda9e4c8d8175604ca1542c1e2dcdddfa6b9faf14d9ca76597be3dee5cc5ce79adcc1379100cce06e105200be8d2be05f1427e1125a2e0748e2e083c492b3c44a93f35e9e37c18890fd82e04a8e036073c25dfa36455"}}, {0x4, &(0x7f0000000ac0)=@lang_id={0x4, 0x3, 0x455}}, {0x4, &(0x7f0000000b00)=@lang_id={0x4, 0x3, 0x500a}}, {0x14, &(0x7f0000000b40)=@string={0x14, 0x3, "008ad34e3569fe293d06930a25f00b6526ee"}}, {0x4, &(0x7f0000000b80)=@lang_id={0x4, 0x3, 0x446}}]}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000000000200850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000080)='sys_enter\x00', r2}, 0x10) r4 = syz_usb_connect(0x0, 0x10b, &(0x7f0000000000)=ANY=[@ANYBLOB="05010900b24b6a10e6040300770100000001090224000b010000000904000302ccd4280009050b02000000040009058a02"], 0x0) r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) fchdir(r5) close(r1) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYRES64=r5, @ANYRES32=r4], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_usb_control_io$cdc_ecm(r4, &(0x7f0000000740)={0x14, &(0x7f00000006c0)={0x20, 0x31, 0x26, {0x26, 0x4, "6ce8c4a3f786bcc83cf0fa8b8cc4023b0fd63e037467afe337752194face9558458a2e7d"}}, &(0x7f0000000700)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f00000008c0)={0x1c, &(0x7f0000000780)={0x0, 0xf, 0x33, "eaa4dedaed0d4e82c3620086bbb342f1d1e8212833446c2f8df37cfcdd1ba1bb1bc17e93f035184ea0dba7f633c27f3e2f5ffe"}, &(0x7f0000000800)={0x0, 0xa, 0x1, 0x5}, &(0x7f0000000880)={0x0, 0x8, 0x1, 0x5}}) setgroups(0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000900)={0x24, 0x0, &(0x7f0000000840)={0x0, 0x3, 0x4, @lang_id={0x4}}, 0x0, 0x0}, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000240)='kfree\x00', r6}, 0x10) syz_usb_control_io$hid(r0, &(0x7f0000001840)={0x24, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0003040000000403"], 0x0, 0x0}, 0x0) r7 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_group_source_req(r7, 0x29, 0x2f, &(0x7f00000005c0)={0x101, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @dev}}}, 0x108) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="000312"], 0x0, 0x0}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x71}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000cc0)=ANY=[@ANYRES64=r7, @ANYRES16=r5, @ANYRES64, @ANYRESHEX=r7, @ANYRES32=r3, @ANYRES8=r6, @ANYRES16=0x0, @ANYBLOB="46016fa9539097a43d468ec32645781238a66c173f4f35b3a767db23ac2cbff57ff9521ac29e7d14ac9f5196cd0841ef0b70bebb8813a83205654de2c291dc47766f8374067349b0b43dc67fae6badc214a59ba875743f5cd7c8a0768da685a58023e7f0dc9747a57207ade3c590de2a06405040254a7ec6691c", @ANYBLOB="e50d65a90252bd352ec57badd35e6e3f344f3a08d7a41ee747217ce24101ac00556b366771f28cf74f870b66a3413d74c79213560e991873fb68f42320c97be8917b876453edbc4abc32b9516fc606b4c36b4cc0bdfddab1283ef6343640cf021070fa7eaf2e8bc6c34a568b66376f08298a00b1566cca5a0e"], &(0x7f0000000040)='GPL\x00', 0x10, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f00000002c0)='timer_start\x00', r8}, 0x10) r9 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000c80)=ANY=[@ANYBLOB="12010000000000406d0422c2000000000001090224000100000000090400000103000000092100000001220b0009058103"], 0x0) syz_usb_control_io$hid(r9, 0x0, 0x0) syz_usb_control_io(r9, &(0x7f00000003c0)={0x2c, &(0x7f0000000200)={0x0, 0x0, 0xa0, {0xa0, 0x0, "2c166262376fa074bdf28286693d667ce3685f6db86cb25e15337e76631397e5360d7c5b2400c5333cdebc6b47c6977b6b0f75a61619bea28519ab52661ab6f40a1a4f2d13b0a902c94f207af435c8adcd7f43080c5a9631167a52dd1c75171ea3cd1a31ef6906a7731204b44f2395d76a7336283f61dd7de9c5cf6db074c936814e52afcbb00e88e7046851e2043a2ca3005a00f09a09aef77c3cec039d"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000940)) syz_usb_control_io$hid(r0, &(0x7f00000003c0)={0x24, &(0x7f0000000280)={0x40, 0x28, 0xffffffffffffff74, {0x87, 0xa, "db9289373857c7cac18cbb37ee2f7f17eae37e312f74675bff946a6d775ba7985283169894eb18af1f13a8e643bf02ca8191b2e364dcfcb4188693040a1ed76a6123e263b50e23e4679e9264be284a810c17142b80aaab06e8829eab4678083eddcecf46f6b05df03f295a0f52a8065ac401f886ef49a4a6c69508e79a009f3360892abbf5"}}, &(0x7f0000000200)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x41b}}, &(0x7f0000000340)={0x0, 0x22, 0x14}, &(0x7f0000000380)={0x0, 0x21, 0x9, {0x9, 0x21, 0x1, 0x80, 0x1, {0x22, 0x4d3}}}}, &(0x7f0000000680)={0x2c, &(0x7f0000000400)={0x40, 0xf, 0x93, "f80d25ff691256543bd27f86710aae0f93abe26c156263c861c7bb0b5862e02c9ede2afa8b48bb2726546a96743acc55a9889ab57c36d15d83ec10533b6299ccf0a008cfd78b7322b13eb86af0fd2f81486e998e83eb61af8716743d912ca6806583e457038d05129e68941888e5fccea994be4d5809a68727135dc8ca4479559c1dfe4253de8bbafe3485bead93f9e729664e"}, &(0x7f00000004c0)={0x0, 0xa, 0x1, 0xb4}, &(0x7f0000000500)={0x0, 0x8, 0x1, 0x5}, &(0x7f0000000580)={0x20, 0x1, 0x7d, "3179dd0807aaaa672b4220aa5a96fc0f1781181bf2dab43d8c34f7e4ee4d188e98c1907d39c347f5b21693c4adc8f90968dcb20c4411c6a5a53d7b9b5185de2a43cd1c8652adee27ccbae399fbe68041ef2a5677b9e1181259056caa7b52845282369e6dee007b5d29d47cc3fe272be7fdf5be64b670749f75f23d5b23"}, &(0x7f0000000640)={0x20, 0x3, 0x1, 0x80}}) 245.579673ms ago: executing program 2 (id=142): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_io_uring_setup(0x24fa, &(0x7f0000000240), 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f00000001c0)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000080)=0x40) 0s ago: executing program 2 (id=143): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setreuid(0x0, r1) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r2}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x5}}, {}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_VALIDATION={0x5, 0xd, 0x3}]}}}]}, 0x3c}}, 0x0) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) r4 = io_uring_setup(0x4011, &(0x7f0000000180)={0x0, 0x6e42, 0x2000, 0x3, 0x3d7}) r5 = syz_io_uring_setup(0x8a5, &(0x7f0000000080)={0x0, 0xc524, 0x4, 0x0, 0x0, 0x0, r4}, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000280)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}) r8 = openat$vcs(0xffffffffffffff9c, &(0x7f0000001880), 0x400000, 0x0) dup(r8) r9 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r9, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r9, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r9, 0x6, 0x1f, &(0x7f00000001c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r9, 0x11a, 0x1, &(0x7f0000000140)=@gcm_256={{0x304}, "85406704bbcd6043", "898e9d750bfd000000000400", "a22300", "8ce3a39e3181899b"}, 0x38) setsockopt$inet6_tcp_TLS_TX(r9, 0x11a, 0x2, &(0x7f0000000280)=@ccm_128={{0x304}, "3a997aae6644173f", "b9c0a8cd2707555d2fd4cc373ac51cf2", "1784fe44", "d3e69d47722a0439"}, 0x28) ioctl$IOCTL_VMCI_VERSION2(r8, 0x7a7, &(0x7f0000000240)=0x10000) r10 = socket$rxrpc(0x21, 0x2, 0xa) sendmmsg(r10, &(0x7f0000000900)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x20}}], 0x1, 0x0) setsockopt$RXRPC_SECURITY_KEY(r10, 0x110, 0x1, 0x0, 0x0) syz_emit_vhci(&(0x7f00000003c0)=ANY=[@ANYBLOB="041706fffffff7fffff40bfe338d969126b404301be4c9b597f365383707df02fa5d0e66b4e30717d764239253f8725c409a121146f72b25c9ff4947fb882d03e96bde4bdfafcef129385084ba6ba28954e526850310472c7bb936746d496efbb24da5bd8260aca749fca60ae19072d0de9ede84b9d616b56e61d5c4ca2d4ce6ec8b8542007f28cc035edac010c318d68f3a7f7eb1f33ac59018433e449b69c6ae81fae87873e447d536f86248ea1f9efc1689096f33835824831e249fc0b89a2d84baae8ce8ec727feace714980e07fed34422372a429ed49ce1c929b73ae96a8906485183e8886665f2e3e252fdfb3cef2"], 0x9) syz_emit_vhci(&(0x7f0000000380)=@HCI_VENDOR_PKT={0xff, 0x1}, 0x2) io_uring_enter(r5, 0xa3d, 0x0, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.112' (ED25519) to the list of known hosts. syzkaller login: [ 71.609970][ T5220] cgroup: Unknown subsys name 'net' [ 71.751881][ T5220] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 73.396336][ T5220] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 75.920984][ T5234] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 75.930045][ T5237] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 75.939532][ T5237] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 75.947453][ T5237] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 75.955643][ T5237] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 75.966023][ T5237] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 75.982538][ T5237] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 75.990278][ T5237] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 75.998715][ T5237] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 76.007072][ T5237] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 76.014640][ T5237] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 76.017152][ T5234] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 76.032435][ T5234] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 76.039904][ T5243] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 76.049018][ T5234] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 76.056735][ T5234] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 76.057835][ T5242] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 76.064072][ T5234] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 76.080890][ T5234] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 76.088809][ T5234] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 76.097394][ T5234] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 76.097602][ T5238] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 76.114290][ T5238] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 76.121667][ T55] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 76.129445][ T5238] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 76.138854][ T5233] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 76.146852][ T5233] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 76.165505][ T5233] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 76.173383][ T5233] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 76.180779][ T5233] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 76.781694][ T5248] chnl_net:caif_netlink_parms(): no params data found [ 76.850107][ T5245] chnl_net:caif_netlink_parms(): no params data found [ 76.885656][ T5250] chnl_net:caif_netlink_parms(): no params data found [ 76.988143][ T5249] chnl_net:caif_netlink_parms(): no params data found [ 77.004272][ T5251] chnl_net:caif_netlink_parms(): no params data found [ 77.168561][ T5245] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.178954][ T5245] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.186978][ T5245] bridge_slave_0: entered allmulticast mode [ 77.194985][ T5245] bridge_slave_0: entered promiscuous mode [ 77.232853][ T5250] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.240025][ T5250] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.247898][ T5250] bridge_slave_0: entered allmulticast mode [ 77.255485][ T5250] bridge_slave_0: entered promiscuous mode [ 77.264045][ T5245] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.271220][ T5245] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.279194][ T5245] bridge_slave_1: entered allmulticast mode [ 77.286994][ T5245] bridge_slave_1: entered promiscuous mode [ 77.294343][ T5248] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.303230][ T5248] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.310399][ T5248] bridge_slave_0: entered allmulticast mode [ 77.317526][ T5248] bridge_slave_0: entered promiscuous mode [ 77.336448][ T5250] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.343676][ T5250] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.350840][ T5250] bridge_slave_1: entered allmulticast mode [ 77.358066][ T5250] bridge_slave_1: entered promiscuous mode [ 77.376935][ T5248] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.384734][ T5248] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.392178][ T5248] bridge_slave_1: entered allmulticast mode [ 77.399325][ T5248] bridge_slave_1: entered promiscuous mode [ 77.506069][ T5251] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.513697][ T5251] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.520860][ T5251] bridge_slave_0: entered allmulticast mode [ 77.529257][ T5251] bridge_slave_0: entered promiscuous mode [ 77.554674][ T5245] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.567355][ T5245] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.580077][ T5248] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.593575][ T5248] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.602864][ T5249] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.610051][ T5249] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.618030][ T5249] bridge_slave_0: entered allmulticast mode [ 77.626154][ T5249] bridge_slave_0: entered promiscuous mode [ 77.634225][ T5251] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.641893][ T5251] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.649154][ T5251] bridge_slave_1: entered allmulticast mode [ 77.658478][ T5251] bridge_slave_1: entered promiscuous mode [ 77.667790][ T5250] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.680605][ T5250] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.718370][ T5249] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.725580][ T5249] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.733310][ T5249] bridge_slave_1: entered allmulticast mode [ 77.740319][ T5249] bridge_slave_1: entered promiscuous mode [ 77.810349][ T5245] team0: Port device team_slave_0 added [ 77.833709][ T5248] team0: Port device team_slave_0 added [ 77.856249][ T5249] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.883172][ T5250] team0: Port device team_slave_0 added [ 77.891143][ T5245] team0: Port device team_slave_1 added [ 77.912754][ T5248] team0: Port device team_slave_1 added [ 77.920757][ T5249] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.945211][ T5251] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.956090][ T5250] team0: Port device team_slave_1 added [ 78.002422][ T5251] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.037884][ T5245] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.044978][ T5245] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.071643][ T5245] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.096781][ T5248] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.104299][ T5248] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.104460][ T5234] Bluetooth: hci0: command tx timeout [ 78.130336][ T5248] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.135113][ T5249] team0: Port device team_slave_0 added [ 78.168953][ T5251] team0: Port device team_slave_0 added [ 78.188177][ T5234] Bluetooth: hci1: command tx timeout [ 78.188202][ T55] Bluetooth: hci3: command tx timeout [ 78.188515][ T5233] Bluetooth: hci2: command tx timeout [ 78.207095][ T5245] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.214171][ T5245] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.240291][ T5245] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.259235][ T5248] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.261563][ T5233] Bluetooth: hci4: command tx timeout [ 78.266840][ T5248] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.298590][ T5248] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.315365][ T5249] team0: Port device team_slave_1 added [ 78.323406][ T5251] team0: Port device team_slave_1 added [ 78.329927][ T5250] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.337363][ T5250] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.363764][ T5250] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.377378][ T5250] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.384868][ T5250] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.411513][ T5250] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.478101][ T5251] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.485391][ T5251] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.512224][ T5251] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.563275][ T5249] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.570275][ T5249] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.596975][ T5249] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.625782][ T5251] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.633178][ T5251] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.659206][ T5251] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.702605][ T5245] hsr_slave_0: entered promiscuous mode [ 78.709162][ T5245] hsr_slave_1: entered promiscuous mode [ 78.717756][ T5249] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.725024][ T5249] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.751636][ T5249] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.786454][ T5250] hsr_slave_0: entered promiscuous mode [ 78.793535][ T5250] hsr_slave_1: entered promiscuous mode [ 78.799947][ T5250] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 78.807870][ T5250] Cannot create hsr debugfs directory [ 78.824848][ T5248] hsr_slave_0: entered promiscuous mode [ 78.831844][ T5248] hsr_slave_1: entered promiscuous mode [ 78.838417][ T5248] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 78.846273][ T5248] Cannot create hsr debugfs directory [ 78.973394][ T5249] hsr_slave_0: entered promiscuous mode [ 78.979866][ T5249] hsr_slave_1: entered promiscuous mode [ 78.987741][ T5249] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 78.996040][ T5249] Cannot create hsr debugfs directory [ 79.094821][ T5251] hsr_slave_0: entered promiscuous mode [ 79.101272][ T5251] hsr_slave_1: entered promiscuous mode [ 79.107698][ T5251] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 79.115680][ T5251] Cannot create hsr debugfs directory [ 79.532056][ T5248] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 79.551903][ T5248] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 79.581067][ T5248] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 79.593406][ T5248] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 79.640300][ T5250] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 79.654885][ T5250] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 79.670732][ T5250] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 79.694983][ T5250] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 79.754712][ T5245] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 79.776499][ T5245] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 79.788120][ T5245] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 79.800641][ T5245] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 79.883421][ T5249] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 79.908094][ T5249] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 79.919442][ T5249] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 79.930757][ T5249] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 80.061965][ T5251] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 80.073015][ T5251] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 80.118763][ T5251] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 80.129506][ T5251] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 80.176267][ T5248] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.183401][ T5233] Bluetooth: hci0: command tx timeout [ 80.265912][ T5233] Bluetooth: hci1: command tx timeout [ 80.265943][ T55] Bluetooth: hci3: command tx timeout [ 80.278598][ T5234] Bluetooth: hci2: command tx timeout [ 80.289269][ T5248] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.330887][ T5250] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.342075][ T5234] Bluetooth: hci4: command tx timeout [ 80.354352][ T5284] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.361787][ T5284] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.388416][ T5284] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.395594][ T5284] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.409555][ T5249] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.439750][ T5249] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.465953][ T5287] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.473096][ T5287] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.484424][ T5287] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.491609][ T5287] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.525423][ T5245] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.597345][ T5250] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.650577][ T5284] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.657856][ T5284] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.678834][ T5245] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.709110][ T5286] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.716257][ T5286] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.758274][ T5286] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.765460][ T5286] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.794212][ T5284] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.801399][ T5284] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.866840][ T5251] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.934607][ T5248] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.995403][ T5251] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.025919][ T5250] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.040795][ T5249] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.063060][ T5286] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.070285][ T5286] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.114754][ T5286] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.121969][ T5286] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.182487][ T5248] veth0_vlan: entered promiscuous mode [ 81.239897][ T5245] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.275132][ T5248] veth1_vlan: entered promiscuous mode [ 81.300017][ T5249] veth0_vlan: entered promiscuous mode [ 81.343349][ T5249] veth1_vlan: entered promiscuous mode [ 81.371969][ T5250] veth0_vlan: entered promiscuous mode [ 81.398737][ T5248] veth0_macvtap: entered promiscuous mode [ 81.430121][ T5248] veth1_macvtap: entered promiscuous mode [ 81.439140][ T5250] veth1_vlan: entered promiscuous mode [ 81.463169][ T5249] veth0_macvtap: entered promiscuous mode [ 81.499732][ T5249] veth1_macvtap: entered promiscuous mode [ 81.546920][ T5248] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 81.573771][ T5245] veth0_vlan: entered promiscuous mode [ 81.585115][ T5249] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 81.597141][ T5249] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.608717][ T5249] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 81.625208][ T5249] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 81.641327][ T5250] veth0_macvtap: entered promiscuous mode [ 81.649770][ T5248] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 81.660437][ T5248] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.674685][ T5248] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 81.694678][ T5251] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.707582][ T5249] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.717527][ T5249] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.727317][ T5249] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.737388][ T5249] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.772437][ T5245] veth1_vlan: entered promiscuous mode [ 81.780841][ T5248] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.792660][ T5248] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.802621][ T5248] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.811637][ T5248] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.849242][ T5250] veth1_macvtap: entered promiscuous mode [ 81.985711][ T5245] veth0_macvtap: entered promiscuous mode [ 81.998927][ T5250] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.010506][ T5250] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.020566][ T5250] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.034110][ T5250] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.048566][ T5250] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.067007][ T5245] veth1_macvtap: entered promiscuous mode [ 82.117963][ T5250] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.130441][ T5250] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.140395][ T5250] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.152215][ T5250] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.164255][ T5250] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.176380][ T5250] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.188468][ T5250] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.198602][ T5250] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.207750][ T5250] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.244131][ T5251] veth0_vlan: entered promiscuous mode [ 82.263811][ T5245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.279917][ T5234] Bluetooth: hci0: command tx timeout [ 82.294967][ T5245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.305246][ T5245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.316086][ T5245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.326311][ T5245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.337209][ T5245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.347490][ T5234] Bluetooth: hci2: command tx timeout [ 82.352969][ T5234] Bluetooth: hci3: command tx timeout [ 82.358408][ T5234] Bluetooth: hci1: command tx timeout [ 82.367221][ T5245] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.395628][ T5245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.410516][ T5245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.420643][ T5245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.434150][ T5234] Bluetooth: hci4: command tx timeout [ 82.440215][ T5245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.450114][ T5245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.460609][ T5245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.472509][ T5245] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.483836][ T5245] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.494271][ T5245] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.504157][ T5245] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.515101][ T5245] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.553269][ T5251] veth1_vlan: entered promiscuous mode [ 82.594303][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.610690][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.689471][ T2516] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.730374][ T2516] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.747671][ T5251] veth0_macvtap: entered promiscuous mode [ 82.763769][ T2928] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.766997][ T5251] veth1_macvtap: entered promiscuous mode [ 82.793880][ T2928] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.870726][ T5251] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.884972][ T2928] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.887022][ T5251] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.895595][ T2928] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.911775][ T5251] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.922568][ T5251] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.932475][ T5251] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.943659][ T5251] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.953890][ T5251] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.964383][ T5251] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.976410][ T5251] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.033583][ T5251] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.054323][ T5251] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.064532][ T5251] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.079061][ T5251] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.089306][ T5251] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.099868][ T5251] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.109892][ T5251] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.121046][ T5251] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.134334][ T5251] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.152792][ T5251] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.161645][ T5251] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.170365][ T5251] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.179588][ T5251] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.224722][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.248162][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.315380][ T2948] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.339323][ T2948] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.414826][ T2948] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.424290][ T2948] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.499118][ T2516] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.513037][ T2516] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.568265][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.612721][ T5283] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 83.619921][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.632545][ T5287] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 83.715200][ T2516] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.733650][ T2516] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.813168][ T5283] usb 3-1: New USB device found, idVendor=2770, idProduct=9052, bcdDevice=15.f5 [ 83.848571][ T5287] usb 1-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c [ 83.865012][ T5283] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 83.885318][ T5287] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 83.896545][ T5283] usb 3-1: Product: syz [ 83.900758][ T5283] usb 3-1: Manufacturer: syz [ 83.905708][ T5287] usb 1-1: Product: syz [ 83.920218][ T5287] usb 1-1: Manufacturer: syz [ 83.925203][ T5283] usb 3-1: SerialNumber: syz [ 83.930347][ T5287] usb 1-1: SerialNumber: syz [ 83.947060][ T5283] usb 3-1: config 0 descriptor?? [ 83.966456][ T5287] usb 1-1: config 0 descriptor?? [ 84.009199][ T5283] gspca_main: sq905c-2.14.0 probing 2770:9052 [ 84.342012][ T5234] Bluetooth: hci0: command tx timeout [ 84.382459][ T5287] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 84.423116][ T5234] Bluetooth: hci1: command tx timeout [ 84.428574][ T5233] Bluetooth: hci3: command tx timeout [ 84.434650][ T55] Bluetooth: hci2: command tx timeout [ 84.449793][ T25] usb 1-1: USB disconnect, device number 2 [ 84.502480][ T5234] Bluetooth: hci4: command tx timeout [ 84.546332][ T5310] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 84.687730][ T5287] usb 2-1: Using ep0 maxpacket: 8 [ 84.701144][ T5287] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 84.720476][ T5287] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 84.756790][ T5287] usb 2-1: New USB device found, idVendor=0421, idProduct=008f, bcdDevice=ba.de [ 84.777285][ T5287] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 84.801047][ T5307] netlink: 'syz.4.7': attribute type 21 has an invalid length. [ 84.810811][ T5287] usb 2-1: config 0 descriptor?? [ 84.855510][ T5307] netlink: 6 bytes leftover after parsing attributes in process `syz.4.7'. [ 84.872184][ T5287] rndis_host 2-1:0.0: invalid descriptor buffer length [ 84.895932][ T5287] usb 2-1: bad CDC descriptors [ 84.919609][ T5287] cdc_acm 2-1:0.0: invalid descriptor buffer length [ 85.071847][ T25] usb 3-1: USB disconnect, device number 2 [ 85.081495][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 85.129425][ T5315] ======================================================= [ 85.129425][ T5315] WARNING: The mand mount option has been deprecated and [ 85.129425][ T5315] and is ignored by this kernel. Remove the mand [ 85.129425][ T5315] option from the mount to silence this warning. [ 85.129425][ T5315] ======================================================= [ 85.230741][ T5283] usb 2-1: USB disconnect, device number 2 [ 85.503859][ T5322] fuse: Bad value for 'fd' [ 85.551109][ T5322] kernel profiling enabled (shift: 17) [ 85.870153][ T5332] vlan2: entered promiscuous mode [ 85.870179][ T5332] macvtap0: entered promiscuous mode [ 85.870604][ T5332] vlan2: entered allmulticast mode [ 85.870623][ T5332] macvtap0: entered allmulticast mode [ 85.870640][ T5332] veth0_macvtap: entered allmulticast mode [ 85.896118][ T5332] macvtap0: left allmulticast mode [ 85.896142][ T5332] veth0_macvtap: left allmulticast mode [ 85.896162][ T5332] macvtap0: left promiscuous mode [ 86.007317][ T5335] dummy0: entered promiscuous mode [ 86.007552][ T5335] vlan2: entered promiscuous mode [ 86.007817][ T5335] vlan2: entered allmulticast mode [ 86.007834][ T5335] dummy0: entered allmulticast mode [ 86.032154][ T5335] dummy0: left allmulticast mode [ 86.032365][ T5335] dummy0: left promiscuous mode [ 86.103681][ T5286] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 86.277642][ T1058] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 86.291877][ T5286] usb 3-1: Using ep0 maxpacket: 8 [ 86.312666][ T5286] usb 3-1: unable to get BOS descriptor or descriptor too short [ 86.324082][ T5286] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 86.345442][ T5286] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 86.382682][ T5286] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 86.397712][ T5286] usb 3-1: config 1 has no interface number 1 [ 86.411715][ T5286] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 86.434033][ T5286] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x2 has invalid wMaxPacketSize 0 [ 86.447392][ T5286] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 86.458950][ T5286] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 86.472945][ T5286] usb 3-1: Product: syz [ 86.477148][ T5286] usb 3-1: Manufacturer: syz [ 86.511590][ T5286] usb 3-1: SerialNumber: syz [ 86.588504][ T1058] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 86.903060][ T5286] usb 3-1: USB disconnect, device number 3 [ 86.924335][ T48] cfg80211: failed to load regulatory.db [ 86.926726][ T1058] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 87.201110][ T1058] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 87.232185][ T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!! [ 87.308812][ T5239] udevd[5239]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 87.334140][ T55] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 87.345914][ T55] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 87.361648][ T55] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 87.376762][ T55] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 87.388971][ T5361] process 'syz.0.30' launched './file0' with NULL argv: empty string added [ 87.390488][ T55] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 87.411468][ T55] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 87.996926][ T5377] capability: warning: `syz.2.33' uses 32-bit capabilities (legacy support in use) [ 88.011679][ T5298] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 88.027864][ T1058] bridge_slave_1: left allmulticast mode [ 88.041268][ T1058] bridge_slave_1: left promiscuous mode [ 88.072485][ T1058] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.166378][ T1058] bridge_slave_0: left allmulticast mode [ 88.206107][ T1058] bridge_slave_0: left promiscuous mode [ 88.236411][ T1058] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.272739][ T5298] usb 1-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 88.292010][ T5298] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 88.300079][ T5298] usb 1-1: Product: syz [ 88.324099][ T5298] usb 1-1: Manufacturer: syz [ 88.349926][ T5298] usb 1-1: SerialNumber: syz [ 88.366880][ T5298] usb 1-1: config 0 descriptor?? [ 88.602747][ T5288] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 88.782146][ T5283] usb 1-1: USB disconnect, device number 3 [ 88.833347][ T5288] usb 3-1: Using ep0 maxpacket: 8 [ 88.836913][ T5400] No such timeout policy "syz1" [ 88.846662][ T5288] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x99, changing to 0x89 [ 88.890589][ T5288] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 88.924088][ T5288] usb 3-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e [ 88.941898][ T5288] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 88.950163][ T5288] usb 3-1: Product: syz [ 88.962054][ T5288] usb 3-1: Manufacturer: syz [ 88.966711][ T5288] usb 3-1: SerialNumber: syz [ 88.988710][ T5288] usb 3-1: config 0 descriptor?? [ 89.030740][ T5288] streamzap 3-1:0.0: streamzap_probe: endpoint attributes don't match xfer 0200 [ 89.119348][ T5404] netlink: 8 bytes leftover after parsing attributes in process `syz.1.39'. [ 89.331467][ T5289] usb 3-1: USB disconnect, device number 4 [ 89.391233][ T1058] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 89.413015][ T1058] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 89.425572][ T1058] bond0 (unregistering): Released all slaves [ 89.464777][ T55] Bluetooth: hci0: command tx timeout [ 89.493370][ T5408] syz_tun: entered promiscuous mode [ 89.517291][ T5408] batadv_slave_1: entered promiscuous mode [ 89.781657][ T48] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 89.985223][ T48] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 90.011725][ T48] usb 5-1: config 0 has no interface number 0 [ 90.012109][ T5363] chnl_net:caif_netlink_parms(): no params data found [ 90.039439][ T48] usb 5-1: New USB device found, idVendor=2639, idProduct=0012, bcdDevice=65.b5 [ 90.071671][ T48] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 90.102216][ T5288] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 90.129120][ T48] usb 5-1: Product: syz [ 90.149639][ T48] usb 5-1: Manufacturer: syz [ 90.161402][ T48] usb 5-1: SerialNumber: syz [ 90.180233][ T48] usb 5-1: config 0 descriptor?? [ 90.203010][ T48] xsens_mt 5-1:0.1: xsens_mt converter detected [ 90.250005][ T48] usb 5-1: xsens_mt converter now attached to ttyUSB0 [ 90.310519][ T1058] hsr_slave_0: left promiscuous mode [ 90.322314][ T5288] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 90.345512][ T1058] hsr_slave_1: left promiscuous mode [ 90.364004][ T5288] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 90.394580][ T5288] usb 1-1: New USB device found, idVendor=05ac, idProduct=0062, bcdDevice= 0.00 [ 90.404928][ T1058] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 90.425174][ T1058] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 90.440768][ T5288] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 90.465729][ T1058] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 90.478140][ T5288] usb 1-1: config 0 descriptor?? [ 90.486555][ T1058] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 90.530001][ T48] usb 5-1: USB disconnect, device number 2 [ 90.554703][ T1058] veth1_macvtap: left promiscuous mode [ 90.562040][ T48] xsens_mt ttyUSB0: xsens_mt converter now disconnected from ttyUSB0 [ 90.572901][ T1058] veth0_macvtap: left promiscuous mode [ 90.579649][ T1058] veth1_vlan: left promiscuous mode [ 90.592096][ T48] xsens_mt 5-1:0.1: device disconnected [ 90.619933][ T1058] veth0_vlan: left promiscuous mode [ 90.945957][ T5288] hid-generic 0003:05AC:0062.0001: unbalanced delimiter at end of report description [ 90.985174][ T5288] hid-generic 0003:05AC:0062.0001: probe with driver hid-generic failed with error -22 [ 91.206082][ T5298] usb 1-1: USB disconnect, device number 4 [ 91.516957][ T1058] team0 (unregistering): Port device team_slave_1 removed [ 91.545642][ T55] Bluetooth: hci0: command tx timeout [ 91.586784][ T1058] team0 (unregistering): Port device team_slave_0 removed [ 92.064263][ T5473] netlink: 'syz.0.59': attribute type 57 has an invalid length. [ 92.454099][ T5483] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 92.621237][ T5363] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.635179][ T5363] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.644512][ T5363] bridge_slave_0: entered allmulticast mode [ 92.664366][ T5363] bridge_slave_0: entered promiscuous mode [ 92.687627][ T5363] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.700401][ T5363] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.708453][ T5363] bridge_slave_1: entered allmulticast mode [ 92.717254][ T5363] bridge_slave_1: entered promiscuous mode [ 92.770801][ T5363] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.785171][ T5489] tap0: tun_chr_ioctl cmd 1074025677 [ 92.794680][ T5489] tap0: linktype set to 270 [ 92.803825][ T5363] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.862526][ T5283] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 93.040795][ T5363] team0: Port device team_slave_0 added [ 93.076365][ T5283] usb 2-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config [ 93.123224][ T5363] team0: Port device team_slave_1 added [ 93.127714][ T5283] usb 2-1: config 9 has 0 interfaces, different from the descriptor's value: 1 [ 93.164112][ T5283] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 93.212141][ T5283] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 93.264989][ T5505] netlink: 12 bytes leftover after parsing attributes in process `syz.0.69'. [ 93.336397][ T5363] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.365855][ T5363] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.439751][ T5363] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.512457][ T5363] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.519484][ T5363] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.606945][ T5363] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.641389][ T55] Bluetooth: hci0: command tx timeout [ 93.701284][ T5283] usb 2-1: string descriptor 0 read error: -22 [ 93.926336][ T5363] hsr_slave_0: entered promiscuous mode [ 93.964495][ T5283] usb 2-1: USB disconnect, device number 3 [ 93.988644][ T5363] hsr_slave_1: entered promiscuous mode [ 94.439241][ T5526] xt_CT: You must specify a L4 protocol and not use inversions on it [ 95.291774][ T5286] IPVS: starting estimator thread 0... [ 95.393643][ T5537] IPVS: using max 16 ests per chain, 38400 per kthread [ 95.675899][ T5545] netlink: 4 bytes leftover after parsing attributes in process `syz.1.77'. [ 95.701627][ T55] Bluetooth: hci0: command tx timeout [ 95.809886][ T5545] netlink: 4544 bytes leftover after parsing attributes in process `syz.1.77'. [ 95.835644][ T5545] netlink: 4544 bytes leftover after parsing attributes in process `syz.1.77'. [ 95.849102][ T1058] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 96.108610][ T1058] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 96.121863][ T29] audit: type=1326 audit(1723035130.209:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5548 comm="syz.2.78" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f11e31779f9 code=0x0 [ 96.309978][ T1058] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 96.342451][ T5234] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 96.361979][ T5234] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 96.370224][ T5234] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 96.378501][ T5234] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 96.386399][ T5234] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 96.393868][ T5234] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 96.565743][ T1058] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 96.680552][ T5363] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 96.756741][ T5363] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 96.810947][ T5363] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 96.848645][ T5363] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 97.097110][ T1058] bridge_slave_1: left allmulticast mode [ 97.108024][ T1058] bridge_slave_1: left promiscuous mode [ 97.133866][ T5288] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 97.161685][ T1058] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.196731][ T1058] bridge_slave_0: left allmulticast mode [ 97.208921][ T1058] bridge_slave_0: left promiscuous mode [ 97.215264][ T1058] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.302682][ T5234] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 97.311802][ T5234] Bluetooth: hci1: Injecting HCI hardware error event [ 97.319957][ T5234] Bluetooth: hci1: hardware error 0x00 [ 97.383658][ T5572] Zero length message leads to an empty skb [ 97.399952][ T5288] usb 1-1: Using ep0 maxpacket: 16 [ 97.412908][ T5572] netlink: 'syz.2.84': attribute type 1 has an invalid length. [ 97.426624][ T5288] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 97.447248][ T5288] usb 1-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 97.459145][ T5288] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 97.490171][ T5288] usb 1-1: Product: syz [ 97.500967][ T5288] usb 1-1: Manufacturer: syz [ 97.514294][ T5288] usb 1-1: SerialNumber: syz [ 97.559279][ T5288] usb 1-1: config 0 descriptor?? [ 97.577990][ T5288] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input5 [ 97.892022][ T5286] usb 1-1: USB disconnect, device number 5 [ 98.034458][ T5289] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 98.066719][ T1058] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 98.086312][ T1058] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 98.104226][ T1058] bond0 (unregistering): Released all slaves [ 98.224126][ T5289] usb 2-1: Using ep0 maxpacket: 8 [ 98.265265][ T5289] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 98.283270][ T5289] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 98.293874][ T5289] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 98.310352][ T5289] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 98.326923][ T5289] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 98.341107][ T5289] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 98.424742][ T55] Bluetooth: hci3: command tx timeout [ 98.604778][ T5289] usb 2-1: GET_CAPABILITIES returned 0 [ 98.624060][ T5289] usbtmc 2-1:16.0: can't read capabilities [ 98.702147][ T5554] chnl_net:caif_netlink_parms(): no params data found [ 98.940251][ T5289] usb 2-1: USB disconnect, device number 4 [ 99.013047][ T1058] hsr_slave_0: left promiscuous mode [ 99.014157][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 99.053702][ T1058] hsr_slave_1: left promiscuous mode [ 99.086901][ T1058] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 99.115430][ T1058] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 99.136547][ T1058] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 99.158923][ T1058] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 99.233551][ T1058] veth1_macvtap: left promiscuous mode [ 99.241919][ T1058] veth0_macvtap: left promiscuous mode [ 99.247637][ T1058] veth1_vlan: left promiscuous mode [ 99.276775][ T1058] veth0_vlan: left promiscuous mode [ 99.381657][ T5234] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 99.781986][ T48] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 99.971558][ T48] usb 3-1: Using ep0 maxpacket: 16 [ 99.981039][ T48] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 99.994428][ T48] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 100.006177][ T48] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 100.026357][ T48] usb 3-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 100.048548][ T48] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 100.081419][ T48] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 100.100162][ T48] usb 3-1: SerialNumber: syz [ 100.139260][ T48] cdc_acm 3-1:1.0: Control and data interfaces are not separated! [ 100.397377][ T25] usb 3-1: USB disconnect, device number 5 [ 100.483410][ T1058] team0 (unregistering): Port device team_slave_1 removed [ 100.505026][ T5234] Bluetooth: hci3: command tx timeout [ 100.524796][ T1058] team0 (unregistering): Port device team_slave_0 removed [ 100.880963][ T5606] netlink: 'syz.1.89': attribute type 9 has an invalid length. [ 100.946092][ T5363] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.339302][ T5554] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.409922][ T5554] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.440009][ T5554] bridge_slave_0: entered allmulticast mode [ 101.472661][ T5554] bridge_slave_0: entered promiscuous mode [ 101.493516][ T5554] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.500821][ T5554] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.516911][ T5554] bridge_slave_1: entered allmulticast mode [ 101.528629][ T5554] bridge_slave_1: entered promiscuous mode [ 101.554700][ T5363] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.808265][ T5284] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.815481][ T5284] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.874443][ T5554] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 101.917596][ T5554] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 101.938839][ T5289] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 101.998047][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.005697][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 102.106963][ T5554] team0: Port device team_slave_0 added [ 102.118433][ T5554] team0: Port device team_slave_1 added [ 102.148795][ T5289] usb 3-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=a1.c9 [ 102.191599][ T5289] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 102.202504][ T5289] usb 3-1: Product: syz [ 102.218536][ T5289] usb 3-1: Manufacturer: syz [ 102.224309][ T5289] usb 3-1: SerialNumber: syz [ 102.236109][ T5289] usb 3-1: config 0 descriptor?? [ 102.258552][ T5289] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 102.320654][ T5554] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 102.335689][ T5554] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 102.361825][ C0] vkms_vblank_simulate: vblank timer overrun [ 102.396738][ T5554] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 102.449369][ T5554] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 102.478899][ T5554] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 102.554236][ T5554] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 102.582243][ T5234] Bluetooth: hci3: command tx timeout [ 102.644065][ T29] audit: type=1326 audit(1723035136.749:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5641 comm="syz.2.95" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f11e31779f9 code=0x0 [ 102.803990][ T5289] gspca_vc032x: reg_r err -110 [ 102.808864][ T5289] gspca_vc032x: I2c Bus Busy Wait 00 [ 102.824391][ T5289] gspca_vc032x: I2c Bus Busy Wait 00 [ 102.829985][ T5289] gspca_vc032x: I2c Bus Busy Wait 00 [ 102.839294][ T5289] gspca_vc032x: I2c Bus Busy Wait 00 [ 102.851239][ T5289] gspca_vc032x: I2c Bus Busy Wait 00 [ 102.859050][ T5289] gspca_vc032x: I2c Bus Busy Wait 00 [ 102.865216][ T5676] netlink: 44 bytes leftover after parsing attributes in process `syz.2.95'. [ 102.865995][ T5289] gspca_vc032x: I2c Bus Busy Wait 00 [ 102.880457][ T5289] gspca_vc032x: I2c Bus Busy Wait 00 [ 102.909389][ T5676] netlink: 12 bytes leftover after parsing attributes in process `syz.2.95'. [ 102.926913][ T5554] hsr_slave_0: entered promiscuous mode [ 102.944547][ T5676] netlink: 20 bytes leftover after parsing attributes in process `syz.2.95'. [ 102.953660][ T5289] gspca_vc032x: I2c Bus Busy Wait 00 [ 102.959537][ T5289] gspca_vc032x: I2c Bus Busy Wait 00 [ 102.964949][ T5289] gspca_vc032x: I2c Bus Busy Wait 00 [ 102.970260][ T5289] gspca_vc032x: I2c Bus Busy Wait 00 [ 102.981802][ T5289] gspca_vc032x: I2c Bus Busy Wait 00 [ 102.993411][ T5289] gspca_vc032x: I2c Bus Busy Wait 00 [ 102.999175][ T5289] gspca_vc032x: I2c Bus Busy Wait 00 [ 103.117791][ T5554] hsr_slave_1: entered promiscuous mode [ 103.163393][ T0] NOHZ tick-stop error: local softirq work is pending, handler #2c2!!! [ 103.163418][ T5554] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 103.179475][ T5289] gspca_vc032x: I2c Bus Busy Wait 00 [ 103.185231][ T5554] Cannot create hsr debugfs directory [ 103.190751][ T5289] gspca_vc032x: I2c Bus Busy Wait 00 [ 103.247023][ T5289] gspca_vc032x: I2c Bus Busy Wait 00 [ 103.271486][ T5289] gspca_vc032x: Unknown sensor... [ 103.287620][ T5289] vc032x 3-1:0.0: probe with driver vc032x failed with error -22 [ 103.622787][ T5363] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 103.712569][ T5234] Bluetooth: hci4: command tx timeout [ 103.776910][ T5692] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 103.955862][ T5689] netlink: 'syz.0.99': attribute type 2 has an invalid length. [ 103.993409][ T5689] netlink: 'syz.0.99': attribute type 1 has an invalid length. [ 104.033721][ T5689] netlink: 152 bytes leftover after parsing attributes in process `syz.0.99'. [ 104.379242][ T5363] veth0_vlan: entered promiscuous mode [ 104.451643][ T5363] veth1_vlan: entered promiscuous mode [ 104.661538][ T5234] Bluetooth: hci3: command tx timeout [ 104.702557][ T5289] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 104.860222][ T5363] veth0_macvtap: entered promiscuous mode [ 104.924893][ T5289] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 104.951389][ T5363] veth1_macvtap: entered promiscuous mode [ 104.971008][ T5289] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 104.994989][ T5289] usb 1-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 105.026979][ T5289] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 105.044859][ T5363] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 105.060220][ T5289] usb 1-1: config 0 descriptor?? [ 105.068213][ T5363] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 105.091462][ T5363] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 105.105858][ T5363] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 105.107145][ T48] usb 3-1: USB disconnect, device number 6 [ 105.122430][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 105.123899][ T5363] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 105.191807][ T5363] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 105.205481][ T5363] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 105.291537][ T5363] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 105.332128][ T5363] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 105.342797][ T5363] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 105.353801][ T5363] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 105.371383][ T5363] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 105.383019][ T5363] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 105.409945][ T5363] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 105.454230][ T5363] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.491574][ T5363] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.510615][ T5363] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.529356][ T5289] cm6533_jd 0003:0D8C:0022.0002: unknown main item tag 0x0 [ 105.539875][ T5289] cm6533_jd 0003:0D8C:0022.0002: unknown main item tag 0x0 [ 105.548105][ T5363] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.570821][ T5289] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0D8C:0022.0002/input/input6 [ 105.628017][ T5289] cm6533_jd 0003:0D8C:0022.0002: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.0-1/input0 [ 105.776611][ T5554] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 105.885653][ T5554] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 105.953430][ T5703] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 106.009507][ T48] usb 1-1: USB disconnect, device number 6 [ 106.044376][ T5554] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 106.092341][ T5554] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 106.196762][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.223432][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.285208][ T2516] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.317312][ T2516] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.414632][ T5554] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.487474][ T5554] 8021q: adding VLAN 0 to HW filter on device team0 [ 106.523754][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.530983][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 106.572605][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.579850][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.760148][ T5554] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 106.866843][ T5724] wireguard0: entered promiscuous mode [ 106.907906][ T5724] wireguard0: entered allmulticast mode [ 107.115211][ T5554] veth0_vlan: entered promiscuous mode [ 107.138426][ T5554] veth1_vlan: entered promiscuous mode [ 107.186536][ T5234] Bluetooth: Unknown BR/EDR signaling command 0x00 [ 107.193962][ T5234] Bluetooth: Wrong link type (-22) [ 107.242881][ T5554] veth0_macvtap: entered promiscuous mode [ 107.255448][ T5554] veth1_macvtap: entered promiscuous mode [ 107.263659][ T5298] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 107.293888][ T5554] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 107.311925][ T5554] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 107.331519][ T5554] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 107.354838][ T5554] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 107.375196][ T5554] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 107.404047][ T5554] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 107.415829][ T5554] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 107.426888][ T5554] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 107.442575][ T5554] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 107.464600][ T5298] usb 2-1: Using ep0 maxpacket: 8 [ 107.477946][ T5298] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 107.490491][ T5554] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 107.503710][ T5298] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 107.515883][ T5554] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 107.551266][ T5298] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 107.571482][ T5554] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 107.586332][ T5298] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 107.606177][ T5554] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 107.623834][ T5298] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 107.633487][ T5554] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 107.644124][ T5298] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 107.661929][ T5554] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 107.681405][ T5554] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 107.705764][ T5554] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 107.734879][ T5554] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 107.801034][ T5554] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.810764][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 107.821004][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 107.862109][ T5554] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.881160][ T5554] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.921668][ T5554] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.943653][ T5298] usb 2-1: GET_CAPABILITIES returned 0 [ 107.966439][ T5298] usbtmc 2-1:16.0: can't read capabilities [ 108.296290][ T5756] netlink: 'syz.2.112': attribute type 21 has an invalid length. [ 108.321977][ C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 108.324569][ T2928] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.363703][ C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 108.372812][ C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 108.381955][ C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 108.412566][ C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 108.421710][ C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 108.430807][ C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 108.461277][ T2928] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.521483][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.529388][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.539284][ C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 108.548396][ C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 108.626435][ C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 108.635573][ C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 108.644675][ C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 108.663971][ C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 108.673089][ C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 108.798031][ C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 108.807174][ C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 108.828189][ T8] usb 2-1: USB disconnect, device number 5 [ 108.910803][ T5769] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 108.923545][ T5766] warning: `syz.2.117' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 109.367238][ T5776] netlink: 12 bytes leftover after parsing attributes in process `syz.4.119'. [ 109.429900][ T2516] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 109.521510][ T5774] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 109.729274][ T2516] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 109.741179][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 109.919017][ T2516] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 110.138471][ T2516] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 110.467579][ T2516] bridge_slave_1: left allmulticast mode [ 110.489274][ T2516] bridge_slave_1: left promiscuous mode [ 110.518644][ T2516] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.564288][ T2516] bridge_slave_0: left allmulticast mode [ 110.571113][ T2516] bridge_slave_0: left promiscuous mode [ 110.594688][ T2516] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.963927][ T55] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 110.982602][ T55] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 110.991935][ T55] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 111.003313][ T55] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 111.032417][ T55] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 111.040066][ T55] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 111.567354][ T2516] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 111.580589][ T2516] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 111.603894][ T2516] bond0 (unregistering): Released all slaves [ 111.714492][ T8] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 111.901419][ T8] usb 2-1: Using ep0 maxpacket: 32 [ 111.913021][ T8] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 111.955683][ T8] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83 [ 112.011031][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 1024 [ 112.068334][ T8] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 112.071570][ T5283] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 112.085550][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 112.139014][ T8] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0 [ 112.188747][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 112.235930][ T8] usb 2-1: config 0 interface 0 altsetting 0 has 5 endpoint descriptors, different from the interface descriptor's value: 4 [ 112.275834][ T8] usb 2-1: New USB device found, idVendor=0572, idProduct=cafe, bcdDevice=55.01 [ 112.289930][ T5283] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 112.293488][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 112.320097][ T5283] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 112.341239][ T5283] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 112.349354][ T8] usb 2-1: Product: syz [ 112.359460][ T2516] hsr_slave_0: left promiscuous mode [ 112.361181][ T5283] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 112.373650][ T8] usb 2-1: Manufacturer: syz [ 112.386143][ T2516] hsr_slave_1: left promiscuous mode [ 112.400625][ T5283] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 112.404568][ T8] usb 2-1: SerialNumber: syz [ 112.417451][ T5283] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 112.430430][ T2516] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 112.447336][ T5283] usb 4-1: Product: syz [ 112.451941][ T2516] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 112.464753][ T5283] usb 4-1: Manufacturer: syz [ 112.470740][ T8] usb 2-1: config 0 descriptor?? [ 112.484366][ T2516] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 112.497610][ T2516] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 112.523335][ T5798] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 112.535521][ T5283] cdc_wdm 4-1:1.0: skipping garbage [ 112.542143][ T5283] cdc_wdm 4-1:1.0: skipping garbage [ 112.562882][ T5283] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 112.579235][ T5283] cdc_wdm 4-1:1.0: Unknown control protocol [ 112.608292][ T2516] veth1_macvtap: left promiscuous mode [ 112.622932][ T2516] veth0_macvtap: left promiscuous mode [ 112.628821][ T2516] veth1_vlan: left promiscuous mode [ 112.644388][ T2516] veth0_vlan: left promiscuous mode [ 112.782673][ T8] cxacru 2-1:0.0: submit of read urb for cm 0x90 failed (-8) [ 112.807674][ T5825] cxacru 2-1:0.0: Direct firmware load for cxacru-fw.bin failed with error -2 [ 112.847878][ T8] usb 2-1: USB disconnect, device number 6 [ 112.860237][ T5825] cxacru 2-1:0.0: Falling back to sysfs fallback for: cxacru-fw.bin [ 112.924902][ C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 112.931694][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 112.938050][ C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 112.944825][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 112.951173][ C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 112.957815][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 112.964150][ C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 112.970771][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 112.977270][ C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 112.983895][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 112.990190][ C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 112.996805][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 113.003103][ C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 113.009742][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 113.016084][ C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 113.022701][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 113.028998][ C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 113.035584][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 113.041871][ C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 113.048583][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 113.058351][ T5298] usb 4-1: USB disconnect, device number 2 [ 113.058405][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 113.147806][ T55] Bluetooth: hci1: command tx timeout [ 113.252167][ T5828] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 113.835477][ T2516] team0 (unregistering): Port device team_slave_1 removed [ 113.978853][ T29] audit: type=1326 audit(1723035148.089:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5844 comm="syz.3.139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bf93779f9 code=0x7ffc0000 [ 114.032123][ T2516] team0 (unregistering): Port device team_slave_0 removed [ 114.061396][ T29] audit: type=1326 audit(1723035148.089:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5844 comm="syz.3.139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f1bf93779f9 code=0x7ffc0000 [ 114.157320][ T29] audit: type=1326 audit(1723035148.089:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5844 comm="syz.3.139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f1bf9377a33 code=0x7ffc0000 [ 114.213672][ T29] audit: type=1326 audit(1723035148.089:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5844 comm="syz.3.139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f1bf9377a33 code=0x7ffc0000 [ 114.258576][ T29] audit: type=1326 audit(1723035148.089:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5844 comm="syz.3.139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bf93779f9 code=0x7ffc0000 [ 114.327140][ T29] audit: type=1326 audit(1723035148.089:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5844 comm="syz.3.139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bf93779f9 code=0x7ffc0000 [ 114.376865][ T29] audit: type=1326 audit(1723035148.099:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5844 comm="syz.3.139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=73 compat=0 ip=0x7f1bf93779f9 code=0x7ffc0000 [ 114.427449][ T5298] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 114.436082][ T29] audit: type=1326 audit(1723035148.099:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5844 comm="syz.3.139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bf93779f9 code=0x7ffc0000 [ 114.462250][ T29] audit: type=1326 audit(1723035148.099:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5844 comm="syz.3.139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bf93779f9 code=0x7ffc0000 [ 114.471536][ T5284] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 114.659705][ T5298] usb 4-1: New USB device found, idVendor=0c45, idProduct=6025, bcdDevice=41.12 [ 114.673645][ T5298] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 114.693714][ T5284] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 114.696164][ T5298] usb 4-1: config 0 descriptor?? [ 114.713047][ T5284] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 114.722562][ T5298] hub 4-1:0.0: bad descriptor, ignoring hub [ 114.723840][ T5284] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 114.731447][ T5298] hub 4-1:0.0: probe with driver hub failed with error -5 [ 114.738085][ T5284] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 114.769092][ T5298] gspca_main: sonixb-2.14.0 probing 0c45:6025 [ 114.785429][ T5284] usb 5-1: config 0 descriptor?? [ 115.040826][ T5794] chnl_net:caif_netlink_parms(): no params data found [ 115.224490][ T55] Bluetooth: hci1: command tx timeout [ 115.464316][ T5794] bridge0: port 1(bridge_slave_0) entered blocking state [ 115.492982][ T5852] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 115.519638][ T5794] bridge0: port 1(bridge_slave_0) entered disabled state [ 115.555310][ T5852] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 115.563625][ T5794] bridge_slave_0: entered allmulticast mode [ 115.572972][ T5794] bridge_slave_0: entered promiscuous mode [ 115.590432][ T55] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:585 [ 115.599060][ T5794] bridge0: port 2(bridge_slave_1) entered blocking state [ 115.601253][ T55] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 55, name: kworker/u9:0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 115.608814][ T5794] bridge0: port 2(bridge_slave_1) entered disabled state [ 115.621280][ T55] preempt_count: 0, expected: 0 [ 115.633474][ T55] RCU nest depth: 1, expected: 0 [ 115.638460][ T55] 4 locks held by kworker/u9:0/55: [ 115.643833][ T55] #0: ffff88807f5b8948 ((wq_completion)hci4#2){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 115.655142][ T55] #1: ffffc90000bf7d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 115.667440][ T55] #2: ffff888024ef4078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xcf/0xae0 [ 115.678700][ T55] #3: ffffffff8e9382a0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0xdb/0xae0 [ 115.689791][ T55] CPU: 0 UID: 0 PID: 55 Comm: kworker/u9:0 Not tainted 6.11.0-rc2-syzkaller-00013-gd4560686726f #0 [ 115.700508][ T55] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 115.709149][ T5794] bridge_slave_1: entered allmulticast mode [ 115.710661][ T55] Workqueue: hci4 hci_rx_work [ 115.721292][ T55] Call Trace: [ 115.724596][ T55] [ 115.727558][ T55] dump_stack_lvl+0x241/0x360 [ 115.732279][ T55] ? __pfx_dump_stack_lvl+0x10/0x10 [ 115.737503][ T55] ? __pfx__printk+0x10/0x10 [ 115.742133][ T55] __might_resched+0x5d4/0x780 [ 115.746929][ T55] ? __mutex_lock+0x112/0xd70 [ 115.751625][ T55] ? __pfx___might_resched+0x10/0x10 [ 115.756944][ T55] __mutex_lock+0xc1/0xd70 [ 115.761394][ T55] ? __pfx_lock_acquire+0x10/0x10 [ 115.766439][ T55] ? hci_le_create_big_complete_evt+0x3d9/0xae0 [ 115.772709][ T55] ? __pfx_lock_release+0x10/0x10 [ 115.777751][ T55] ? __pfx___mutex_lock+0x10/0x10 [ 115.782798][ T55] ? trace_contention_end+0x3c/0x120 [ 115.788094][ T55] ? skb_pull_data+0x112/0x230 [ 115.792884][ T55] ? hci_conn_set_handle+0x9a/0x270 [ 115.798108][ T55] hci_le_create_big_complete_evt+0x3d9/0xae0 [ 115.804193][ T55] ? __copy_skb_header+0x437/0x5b0 [ 115.809330][ T55] ? hci_le_create_big_complete_evt+0xdb/0xae0 [ 115.815518][ T55] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 115.822141][ T55] ? hci_le_meta_evt+0x366/0x580 [ 115.827091][ T55] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 115.833702][ T55] hci_event_packet+0xa55/0x1540 [ 115.838654][ T55] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 115.843962][ T55] ? __pfx_hci_event_packet+0x10/0x10 [ 115.849347][ T55] ? do_raw_spin_unlock+0x13c/0x8b0 [ 115.854565][ T55] ? hci_send_to_monitor+0xd8/0x7f0 [ 115.859776][ T55] ? kcov_remote_start+0x9e/0x7e0 [ 115.864825][ T55] hci_rx_work+0x3e8/0xca0 [ 115.869265][ T55] ? process_scheduled_works+0x945/0x1830 [ 115.875002][ T55] process_scheduled_works+0xa2c/0x1830 [ 115.880594][ T55] ? __pfx_process_scheduled_works+0x10/0x10 [ 115.886598][ T55] ? assign_work+0x364/0x3d0 [ 115.891213][ T55] worker_thread+0x86d/0xd40 [ 115.895834][ T55] ? __kthread_parkme+0x169/0x1d0 [ 115.900890][ T55] ? __pfx_worker_thread+0x10/0x10 [ 115.906022][ T55] kthread+0x2f0/0x390 [ 115.910121][ T55] ? __pfx_worker_thread+0x10/0x10 [ 115.915261][ T55] ? __pfx_kthread+0x10/0x10 [ 115.919877][ T55] ret_from_fork+0x4b/0x80 [ 115.924311][ T55] ? __pfx_kthread+0x10/0x10 [ 115.928926][ T55] ret_from_fork_asm+0x1a/0x30 [ 115.933724][ T55] [ 115.942097][ T55] [ 115.944455][ T55] ============================= [ 115.949326][ T55] [ BUG: Invalid wait context ] [ 115.954205][ T55] 6.11.0-rc2-syzkaller-00013-gd4560686726f #0 Tainted: G W [ 115.962806][ T55] ----------------------------- [ 115.967673][ T55] kworker/u9:0/55 is trying to lock: [ 115.973066][ T55] ffffffff8fdecfa8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0x3d9/0xae0 [ 115.974459][ T5794] bridge_slave_1: entered promiscuous mode [ 115.983714][ T55] other info that might help us debug this: [ 115.983725][ T55] context-{4:4} [ 115.983735][ T55] 4 locks held by kworker/u9:0/55: [ 115.983748][ T55] #0: ffff88807f5b8948 ((wq_completion)hci4#2){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 115.983823][ T55] #1: ffffc90000bf7d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 116.027041][ T55] #2: ffff888024ef4078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xcf/0xae0 [ 116.037637][ T55] #3: ffffffff8e9382a0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0xdb/0xae0 [ 116.048397][ T55] stack backtrace: [ 116.052131][ T55] CPU: 0 UID: 0 PID: 55 Comm: kworker/u9:0 Tainted: G W 6.11.0-rc2-syzkaller-00013-gd4560686726f #0 [ 116.064302][ T55] Tainted: [W]=WARN [ 116.068122][ T55] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 116.078199][ T55] Workqueue: hci4 hci_rx_work [ 116.082921][ T55] Call Trace: [ 116.086224][ T55] [ 116.089174][ T55] dump_stack_lvl+0x241/0x360 [ 116.093905][ T55] ? __pfx_dump_stack_lvl+0x10/0x10 [ 116.099138][ T55] ? __pfx__printk+0x10/0x10 [ 116.103775][ T55] __lock_acquire+0x153b/0x2040 [ 116.108676][ T55] lock_acquire+0x1ed/0x550 [ 116.113239][ T55] ? hci_le_create_big_complete_evt+0x3d9/0xae0 [ 116.119525][ T55] ? __pfx_lock_acquire+0x10/0x10 [ 116.124598][ T55] ? __mutex_lock+0x112/0xd70 [ 116.129324][ T55] ? __pfx___might_resched+0x10/0x10 [ 116.134659][ T55] __mutex_lock+0x136/0xd70 [ 116.139210][ T55] ? hci_le_create_big_complete_evt+0x3d9/0xae0 [ 116.145499][ T55] ? __pfx_lock_acquire+0x10/0x10 [ 116.150561][ T55] ? hci_le_create_big_complete_evt+0x3d9/0xae0 [ 116.156832][ T55] ? __pfx_lock_release+0x10/0x10 [ 116.162047][ T55] ? __pfx___mutex_lock+0x10/0x10 [ 116.167086][ T55] ? trace_contention_end+0x3c/0x120 [ 116.172379][ T55] ? skb_pull_data+0x112/0x230 [ 116.177165][ T55] ? hci_conn_set_handle+0x9a/0x270 [ 116.182394][ T55] hci_le_create_big_complete_evt+0x3d9/0xae0 [ 116.188481][ T55] ? __copy_skb_header+0x437/0x5b0 [ 116.193601][ T55] ? hci_le_create_big_complete_evt+0xdb/0xae0 [ 116.199766][ T55] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 116.206370][ T55] ? hci_le_meta_evt+0x366/0x580 [ 116.211316][ T55] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 116.217920][ T55] hci_event_packet+0xa55/0x1540 [ 116.222873][ T55] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 116.228169][ T55] ? __pfx_hci_event_packet+0x10/0x10 [ 116.233542][ T55] ? do_raw_spin_unlock+0x13c/0x8b0 [ 116.238748][ T55] ? hci_send_to_monitor+0xd8/0x7f0 [ 116.243955][ T55] ? kcov_remote_start+0x9e/0x7e0 [ 116.249082][ T55] hci_rx_work+0x3e8/0xca0 [ 116.253534][ T55] ? process_scheduled_works+0x945/0x1830 [ 116.259536][ T55] process_scheduled_works+0xa2c/0x1830 [ 116.265106][ T55] ? __pfx_process_scheduled_works+0x10/0x10 [ 116.271100][ T55] ? assign_work+0x364/0x3d0 [ 116.275704][ T55] worker_thread+0x86d/0xd40 [ 116.280313][ T55] ? __kthread_parkme+0x169/0x1d0 [ 116.285354][ T55] ? __pfx_worker_thread+0x10/0x10 [ 116.290475][ T55] kthread+0x2f0/0x390 [ 116.294555][ T55] ? __pfx_worker_thread+0x10/0x10 [ 116.299672][ T55] ? __pfx_kthread+0x10/0x10 [ 116.304280][ T55] ret_from_fork+0x4b/0x80 [ 116.308723][ T55] ? __pfx_kthread+0x10/0x10 [ 116.313341][ T55] ret_from_fork_asm+0x1a/0x30 [ 116.318138][ T55] [ 116.437483][ T55] ================================================================== [ 116.445591][ T55] BUG: KASAN: slab-use-after-free in hci_le_create_big_complete_evt+0x383/0xae0 [ 116.454652][ T55] Read of size 8 at addr ffff88805f7c8000 by task kworker/u9:0/55 [ 116.462484][ T55] [ 116.464850][ T55] CPU: 0 UID: 0 PID: 55 Comm: kworker/u9:0 Tainted: G W 6.11.0-rc2-syzkaller-00013-gd4560686726f #0 [ 116.477033][ T55] Tainted: [W]=WARN [ 116.480852][ T55] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 116.490935][ T55] Workqueue: hci4 hci_rx_work [ 116.495652][ T55] Call Trace: [ 116.498958][ T55] [ 116.501909][ T55] dump_stack_lvl+0x241/0x360 [ 116.506629][ T55] ? __pfx_dump_stack_lvl+0x10/0x10 [ 116.511863][ T55] ? __pfx__printk+0x10/0x10 [ 116.516489][ T55] ? _printk+0xd5/0x120 [ 116.520676][ T55] ? __virt_addr_valid+0x183/0x530 [ 116.525812][ T55] ? __virt_addr_valid+0x183/0x530 [ 116.530953][ T55] print_report+0x169/0x550 [ 116.535496][ T55] ? __virt_addr_valid+0x183/0x530 [ 116.540717][ T55] ? __virt_addr_valid+0x183/0x530 [ 116.545852][ T55] ? __virt_addr_valid+0x45f/0x530 [ 116.550988][ T55] ? __phys_addr+0xba/0x170 [ 116.555518][ T55] ? hci_le_create_big_complete_evt+0x383/0xae0 [ 116.561796][ T55] kasan_report+0x143/0x180 [ 116.566360][ T55] ? hci_le_create_big_complete_evt+0x383/0xae0 [ 116.572646][ T55] hci_le_create_big_complete_evt+0x383/0xae0 [ 116.578750][ T55] ? __copy_skb_header+0x437/0x5b0 [ 116.583956][ T55] ? hci_le_create_big_complete_evt+0xdb/0xae0 [ 116.590153][ T55] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 116.596782][ T55] ? hci_le_meta_evt+0x366/0x580 [ 116.601753][ T55] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 116.608376][ T55] hci_event_packet+0xa55/0x1540 [ 116.613349][ T55] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 116.618673][ T55] ? __pfx_hci_event_packet+0x10/0x10 [ 116.624159][ T55] ? do_raw_spin_unlock+0x13c/0x8b0 [ 116.629399][ T55] ? hci_send_to_monitor+0xd8/0x7f0 [ 116.634636][ T55] ? kcov_remote_start+0x9e/0x7e0 [ 116.639709][ T55] hci_rx_work+0x3e8/0xca0 [ 116.644164][ T55] ? process_scheduled_works+0x945/0x1830 [ 116.650012][ T55] process_scheduled_works+0xa2c/0x1830 [ 116.655606][ T55] ? __pfx_process_scheduled_works+0x10/0x10 [ 116.661629][ T55] ? assign_work+0x364/0x3d0 [ 116.666252][ T55] worker_thread+0x86d/0xd40 [ 116.670878][ T55] ? __kthread_parkme+0x169/0x1d0 [ 116.675940][ T55] ? __pfx_worker_thread+0x10/0x10 [ 116.681090][ T55] kthread+0x2f0/0x390 [ 116.685200][ T55] ? __pfx_worker_thread+0x10/0x10 [ 116.690366][ T55] ? __pfx_kthread+0x10/0x10 [ 116.695007][ T55] ret_from_fork+0x4b/0x80 [ 116.699467][ T55] ? __pfx_kthread+0x10/0x10 [ 116.704093][ T55] ret_from_fork_asm+0x1a/0x30 [ 116.708909][ T55] [ 116.711927][ T55] [ 116.714248][ T55] Allocated by task 55: [ 116.718487][ T55] kasan_save_track+0x3f/0x80 [ 116.723175][ T55] __kasan_kmalloc+0x98/0xb0 [ 116.727778][ T55] __kmalloc_cache_noprof+0x19c/0x2c0 [ 116.733162][ T55] __hci_conn_add+0x2f9/0x1850 [ 116.737945][ T55] hci_le_big_sync_established_evt+0x414/0xc20 [ 116.744106][ T55] hci_event_packet+0xa55/0x1540 [ 116.749046][ T55] hci_rx_work+0x3e8/0xca0 [ 116.753467][ T55] process_scheduled_works+0xa2c/0x1830 [ 116.759025][ T55] worker_thread+0x86d/0xd40 [ 116.763627][ T55] kthread+0x2f0/0x390 [ 116.767708][ T55] ret_from_fork+0x4b/0x80 [ 116.772133][ T55] ret_from_fork_asm+0x1a/0x30 [ 116.776908][ T55] [ 116.779236][ T55] Freed by task 55: [ 116.783039][ T55] kasan_save_track+0x3f/0x80 [ 116.787727][ T55] kasan_save_free_info+0x40/0x50 [ 116.792753][ T55] poison_slab_object+0xe0/0x150 [ 116.797707][ T55] __kasan_slab_free+0x37/0x60 [ 116.802478][ T55] kfree+0x149/0x360 [ 116.806390][ T55] device_release+0x99/0x1c0 [ 116.810990][ T55] kobject_put+0x22f/0x480 [ 116.815423][ T55] hci_conn_del+0x8c4/0xc40 [ 116.819934][ T55] hci_le_create_big_complete_evt+0x619/0xae0 [ 116.826010][ T55] hci_event_packet+0xa55/0x1540 [ 116.830948][ T55] hci_rx_work+0x3e8/0xca0 [ 116.835374][ T55] process_scheduled_works+0xa2c/0x1830 [ 116.840929][ T55] worker_thread+0x86d/0xd40 [ 116.845526][ T55] kthread+0x2f0/0x390 [ 116.849608][ T55] ret_from_fork+0x4b/0x80 [ 116.854029][ T55] ret_from_fork_asm+0x1a/0x30 [ 116.858798][ T55] [ 116.861129][ T55] The buggy address belongs to the object at ffff88805f7c8000 [ 116.861129][ T55] which belongs to the cache kmalloc-8k of size 8192 [ 116.875178][ T55] The buggy address is located 0 bytes inside of [ 116.875178][ T55] freed 8192-byte region [ffff88805f7c8000, ffff88805f7ca000) [ 116.888890][ T55] [ 116.891212][ T55] The buggy address belongs to the physical page: [ 116.897642][ T55] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5f7c8 [ 116.906407][ T55] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 116.914921][ T55] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 116.922474][ T55] page_type: 0xfdffffff(slab) [ 116.927163][ T55] raw: 00fff00000000040 ffff888015842280 ffffea0000947600 dead000000000002 [ 116.935753][ T55] raw: 0000000000000000 0000000000020002 00000001fdffffff 0000000000000000 [ 116.944343][ T55] head: 00fff00000000040 ffff888015842280 ffffea0000947600 dead000000000002 [ 116.953124][ T55] head: 0000000000000000 0000000000020002 00000001fdffffff 0000000000000000 [ 116.961796][ T55] head: 00fff00000000003 ffffea00017df201 ffffffffffffffff 0000000000000000 [ 116.970474][ T55] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 116.979138][ T55] page dumped because: kasan: bad access detected [ 116.985560][ T55] page_owner tracks the page as allocated [ 116.991274][ T55] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 55, tgid 55 (kworker/u9:0), ts 98340847335, free_ts 98280412117 [ 117.013684][ T55] post_alloc_hook+0x1f3/0x230 [ 117.018459][ T55] get_page_from_freelist+0x2e4c/0x2f10 [ 117.024108][ T55] __alloc_pages_noprof+0x256/0x6c0 [ 117.029318][ T55] alloc_slab_page+0x5f/0x120 [ 117.034017][ T55] allocate_slab+0x5a/0x2f0 [ 117.038526][ T55] ___slab_alloc+0xcd1/0x14b0 [ 117.043208][ T55] __slab_alloc+0x58/0xa0 [ 117.047540][ T55] __kmalloc_cache_noprof+0x1d5/0x2c0 [ 117.052923][ T55] __hci_conn_add+0x2f9/0x1850 [ 117.057708][ T55] hci_le_big_sync_established_evt+0x414/0xc20 [ 117.063868][ T55] hci_event_packet+0xa55/0x1540 [ 117.068803][ T55] hci_rx_work+0x3e8/0xca0 [ 117.073218][ T55] process_scheduled_works+0xa2c/0x1830 [ 117.078770][ T55] worker_thread+0x86d/0xd40 [ 117.083390][ T55] kthread+0x2f0/0x390 [ 117.087469][ T55] ret_from_fork+0x4b/0x80 [ 117.091895][ T55] page last free pid 5554 tgid 5554 stack trace: [ 117.098236][ T55] free_unref_page+0xd22/0xea0 [ 117.103003][ T55] __slab_free+0x31b/0x3d0 [ 117.107424][ T55] qlist_free_all+0x9e/0x140 [ 117.112024][ T55] kasan_quarantine_reduce+0x14f/0x170 [ 117.117492][ T55] __kasan_slab_alloc+0x23/0x80 [ 117.122348][ T55] __kmalloc_cache_noprof+0x132/0x2c0 [ 117.127719][ T55] ref_tracker_alloc+0x14b/0x490 [ 117.132662][ T55] netdev_queue_update_kobjects+0x186/0x5f0 [ 117.138569][ T55] netdev_register_kobject+0x265/0x320 [ 117.144493][ T55] register_netdevice+0x12c5/0x1b00 [ 117.149887][ T55] bond_newlink+0x3b/0x90 [ 117.154240][ T55] rtnl_newlink+0x1591/0x20a0 [ 117.158936][ T55] rtnetlink_rcv_msg+0x73f/0xcf0 [ 117.163885][ T55] netlink_rcv_skb+0x1e3/0x430 [ 117.168679][ T55] netlink_unicast+0x7f0/0x990 [ 117.173458][ T55] netlink_sendmsg+0x8e4/0xcb0 [ 117.178240][ T55] [ 117.180588][ T55] Memory state around the buggy address: [ 117.186226][ T55] ffff88805f7c7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 117.194286][ T55] ffff88805f7c7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 117.202345][ T55] >ffff88805f7c8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 117.210493][ T55] ^ [ 117.214562][ T55] ffff88805f7c8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 117.222620][ T55] ffff88805f7c8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 117.230672][ T55] ================================================================== [ 117.275341][ T55] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 117.282620][ T55] CPU: 1 UID: 0 PID: 55 Comm: kworker/u9:0 Tainted: G W 6.11.0-rc2-syzkaller-00013-gd4560686726f #0 [ 117.294808][ T55] Tainted: [W]=WARN [ 117.298628][ T55] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 117.308716][ T55] Workqueue: hci4 hci_rx_work [ 117.313429][ T55] Call Trace: [ 117.316724][ T55] [ 117.319673][ T55] dump_stack_lvl+0x241/0x360 [ 117.324402][ T55] ? __pfx_dump_stack_lvl+0x10/0x10 [ 117.329634][ T55] ? __pfx__printk+0x10/0x10 [ 117.334259][ T55] ? rcu_is_watching+0x15/0xb0 [ 117.339068][ T55] ? preempt_schedule+0xe1/0xf0 [ 117.344042][ T55] ? vscnprintf+0x5d/0x90 [ 117.348401][ T55] panic+0x349/0x860 [ 117.352340][ T55] ? check_panic_on_warn+0x21/0xb0 [ 117.357489][ T55] ? __pfx_panic+0x10/0x10 [ 117.362156][ T55] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 117.368264][ T55] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 117.374649][ T55] ? print_report+0x502/0x550 [ 117.379356][ T55] check_panic_on_warn+0x86/0xb0 [ 117.384299][ T55] ? hci_le_create_big_complete_evt+0x383/0xae0 [ 117.390557][ T55] end_report+0x77/0x160 [ 117.394843][ T55] kasan_report+0x154/0x180 [ 117.399380][ T55] ? hci_le_create_big_complete_evt+0x383/0xae0 [ 117.405645][ T55] hci_le_create_big_complete_evt+0x383/0xae0 [ 117.411743][ T55] ? __copy_skb_header+0x437/0x5b0 [ 117.416871][ T55] ? hci_le_create_big_complete_evt+0xdb/0xae0 [ 117.423048][ T55] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 117.429658][ T55] ? hci_le_meta_evt+0x366/0x580 [ 117.434636][ T55] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 117.441259][ T55] hci_event_packet+0xa55/0x1540 [ 117.446207][ T55] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 117.451527][ T55] ? __pfx_hci_event_packet+0x10/0x10 [ 117.456917][ T55] ? do_raw_spin_unlock+0x13c/0x8b0 [ 117.462155][ T55] ? hci_send_to_monitor+0xd8/0x7f0 [ 117.467373][ T55] ? kcov_remote_start+0x9e/0x7e0 [ 117.472408][ T55] hci_rx_work+0x3e8/0xca0 [ 117.476842][ T55] ? process_scheduled_works+0x945/0x1830 [ 117.482577][ T55] process_scheduled_works+0xa2c/0x1830 [ 117.488155][ T55] ? __pfx_process_scheduled_works+0x10/0x10 [ 117.494150][ T55] ? assign_work+0x364/0x3d0 [ 117.498751][ T55] worker_thread+0x86d/0xd40 [ 117.503363][ T55] ? __kthread_parkme+0x169/0x1d0 [ 117.508404][ T55] ? __pfx_worker_thread+0x10/0x10 [ 117.513527][ T55] kthread+0x2f0/0x390 [ 117.517606][ T55] ? __pfx_worker_thread+0x10/0x10 [ 117.522734][ T55] ? __pfx_kthread+0x10/0x10 [ 117.527335][ T55] ret_from_fork+0x4b/0x80 [ 117.531774][ T55] ? __pfx_kthread+0x10/0x10 [ 117.536390][ T55] ret_from_fork_asm+0x1a/0x30 [ 117.541177][ T55] [ 117.544494][ T55] Kernel Offset: disabled [ 117.548817][ T55] Rebooting in 86400 seconds..