last executing test programs: 4.196668007s ago: executing program 1 (id=91): openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01090000000000000f478e"]) r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x10000, 0x0, 0x4002004c4, 0x1000, 0x0, 0x0, 0x0, 0x5, 0x0, 0x9, 0x0, 0x7], 0xeeee8000, 0x2113c0}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0xc0042, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0xfffffffffffffffe, 0x1, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x2], 0xeeee8000, 0x42240}) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 3.84883122s ago: executing program 1 (id=97): syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x46d, 0xc294, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xc0, 0x0, [{{0x9, 0x4, 0x0, 0x3, 0x3, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x3, 0x1, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x28, 0x5, 0x0) socket(0x10, 0x802, 0x0) socket$key(0xf, 0x3, 0x2) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2000, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) epoll_create(0x101) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x200) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r3, 0x4068aea3, &(0x7f0000000080)={0xbe, 0x0, 0x40000000000001}) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) ioctl$FIDEDUPERANGE(r4, 0xc0189436, &(0x7f0000000040)={0x2, 0x0, 0x1, 0x0, 0x0, [{{r4}, 0x1}]}) ioctl$KVM_GET_MSRS(r3, 0xc008ae88, &(0x7f0000000040)) 2.44728758s ago: executing program 2 (id=116): openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$unix(0x1, 0x2, 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB, @ANYRES32=r3, @ANYBLOB="0c009900ff070000700000001400040073797a6b616c6c6572300000000000000800050006"], 0x44}, 0x1, 0x0, 0x0, 0x81}, 0x24044884) openat$pidfd(0xffffffffffffff9c, &(0x7f0000000400), 0x305800, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) 2.257091396s ago: executing program 2 (id=119): sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@hci={0x1f, 0x1, 0x1}, 0x80, 0x0}, 0x20000814) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="040e0b0805"], 0xe) 2.190871482s ago: executing program 1 (id=120): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @loopback, 0x5}, 0x1c) 2.07260498s ago: executing program 1 (id=121): openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$unix(0x1, 0x2, 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010028bd7000fddbdf25070000000800", @ANYRES32=r3, @ANYBLOB="0c009900ff070000700000001400040073797a6b616c6c6572300000000000000800050006"], 0x44}, 0x1, 0x0, 0x0, 0x81}, 0x24044884) openat$pidfd(0xffffffffffffff9c, &(0x7f0000000400), 0x305800, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) 2.054741545s ago: executing program 2 (id=122): socket$inet_sctp(0x2, 0x5, 0x84) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) socket$kcm(0x2, 0xa, 0x2) socket(0x10, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$l2tp6(0xa, 0x2, 0x73) socket$nl_netfilter(0x10, 0x3, 0xc) socket$igmp(0x2, 0x3, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0xb) pipe(&(0x7f0000000080)) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) socket$pppoe(0x18, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES32=r0], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) 1.922824537s ago: executing program 2 (id=124): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)={0x44, 0x0, 0x8, 0x101, 0x0, 0x0, {0x7, 0x0, 0x8}, [@CTA_TIMEOUT_DATA={0x14, 0x4, 0x0, 0x1, @tcp=[@CTA_TIMEOUT_TCP_FIN_WAIT={0x8, 0x4, 0x1, 0x0, 0x80000000}, @CTA_TIMEOUT_TCP_TIME_WAIT={0x8, 0x7, 0x1, 0x0, 0x56}]}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x806}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x84}]}, 0x44}}, 0x800) 1.814407761s ago: executing program 2 (id=126): r0 = socket(0x1, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = socket$inet(0xa, 0x801, 0x84) connect$inet(r2, 0x0, 0x0) listen(r2, 0x8) r3 = socket$inet(0xa, 0x801, 0x84) listen(r3, 0xfffffffd) r4 = socket$inet(0xa, 0x801, 0x84) listen(r4, 0x8) r5 = socket$inet(0xa, 0x801, 0x84) listen(r5, 0x8) r6 = socket$inet6(0xa, 0x1, 0x8010000000000084) listen(r6, 0x7) r7 = socket$netlink(0x10, 0x3, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r7) writev(r7, &(0x7f0000000000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560a84476080ffe00600000000590000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x40b}], 0x1) 1.721521257s ago: executing program 1 (id=128): syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x46d, 0xc294, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xc0, 0x0, [{{0x9, 0x4, 0x0, 0x3, 0x3, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x3, 0x1, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x28, 0x5, 0x0) socket(0x10, 0x802, 0x0) socket$key(0xf, 0x3, 0x2) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2000, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) epoll_create(0x101) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x200) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r3, 0x4068aea3, &(0x7f0000000080)={0xbe, 0x0, 0x40000000000001}) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) ioctl$FIDEDUPERANGE(r4, 0xc0189436, &(0x7f0000000040)={0x2, 0x0, 0x1, 0x0, 0x0, [{{r4}, 0x1}]}) ioctl$KVM_GET_MSRS(r3, 0xc008ae88, &(0x7f0000000040)) 1.703497043s ago: executing program 2 (id=129): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x141, 0x48, 0x13, 0x44, 0x20, 0x424, 0x7500, 0x69ee, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xb8, 0x7, 0x2, 0x96, 0xd1, 0xca, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x200, 0xd, 0x0, 0x6}}, {{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x1, 0x10}}]}}]}}]}}, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000900)={0x84, &(0x7f00000003c0)={0x0, 0x17, 0x4, "abe763a8"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000300)={0x1c, &(0x7f0000001480)=ANY=[@ANYBLOB="200104"], 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000013c0)={0x44, &(0x7f00000011c0)={0x20, 0x14, 0x4, "0426fd98"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000fc0)={0x84, &(0x7f0000000c80)={0x20, 0x0, 0x4, "f670e000"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000001200)={0x84, &(0x7f0000000f00)={0x0, 0x14, 0x4, "42467af9"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000500)={0x2c, &(0x7f0000000200)={0x0, 0x14, 0x4, "1df73cc1"}, 0x0, 0x0, 0x0, 0x0}) 807.454485ms ago: executing program 3 (id=141): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4138ae84, 0x0) ioctl$KVM_SET_MSRS(r4, 0xc008ae88, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) r5 = socket$phonet_pipe(0x23, 0x5, 0x2) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0) ioctl$sock_proto_private(r5, 0x8b30, 0x0) 718.599181ms ago: executing program 0 (id=142): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000240)={0x20, 0x12, 0x1, 0x70bd26, 0x25dfdbfe, "", [@nested={0x10, 0x0, 0x0, 0x0, [@typed={0xc, 0xce, 0x0, 0x0, @u64}]}]}, 0x20}], 0x1, 0x0, 0x0, 0x4000}, 0x4000800) 672.730604ms ago: executing program 3 (id=143): socket$inet_sctp(0x2, 0x5, 0x84) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) socket$kcm(0x2, 0xa, 0x2) socket(0x10, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$l2tp6(0xa, 0x2, 0x73) socket$inet6_sctp(0xa, 0x801, 0x84) socket$igmp(0x2, 0x3, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0xb) pipe(&(0x7f0000000080)) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) socket$pppoe(0x18, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES32=r0], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) 600.592673ms ago: executing program 0 (id=144): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01090000000000000f478e"]) r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x10000, 0x0, 0x4002004c4, 0x1000, 0x0, 0x0, 0x0, 0x5, 0x0, 0x9, 0x0, 0x7], 0xeeee8000, 0x2113c0}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0xc0042, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0xfffffffffffffffe, 0x1, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x2], 0xeeee8000, 0x42240}) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 542.107317ms ago: executing program 3 (id=145): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000740)={'wlan1\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r0) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REGISTER_FRAME(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)={0x28, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x40}]}, 0x28}}, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REGISTER_FRAME(r7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000c80)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000003a00000008000300", @ANYRES32=r2, @ANYBLOB="0500"], 0x24}}, 0x0) 450.213422ms ago: executing program 3 (id=146): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x9c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x74, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x3c, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_XOR={0x4}, @NFTA_BITWISE_MASK={0xc, 0x4, 0x0, 0x1, [@NFTA_DATA_VALUE={0x8, 0x1, "6eee7e00"}]}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x110}}, 0x0) 340.955188ms ago: executing program 3 (id=147): openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$unix(0x1, 0x2, 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010028bd7000fddbdf25070000000800", @ANYRES32=r3, @ANYBLOB="0c009900ff070000700000001400040073797a6b616c6c6572300000000000000800050006"], 0x44}, 0x1, 0x0, 0x0, 0x81}, 0x24044884) openat$pidfd(0xffffffffffffff9c, &(0x7f0000000400), 0x305800, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r4) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) 317.199371ms ago: executing program 0 (id=148): r0 = socket(0x1, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = socket$inet(0xa, 0x801, 0x84) connect$inet(r2, 0x0, 0x0) listen(r2, 0x8) r3 = socket$inet(0xa, 0x801, 0x84) listen(r3, 0xfffffffd) r4 = socket$inet(0xa, 0x801, 0x84) listen(r4, 0x8) r5 = socket$inet(0xa, 0x801, 0x84) listen(r5, 0x8) r6 = socket$inet6(0xa, 0x1, 0x8010000000000084) listen(r6, 0x7) r7 = socket$netlink(0x10, 0x3, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r7) writev(r7, &(0x7f0000000000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560a84476080ffe00600000000590000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x40b}], 0x1) 222.897465ms ago: executing program 0 (id=149): r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000140), 0x224200, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0) ioctl$I2C_SMBUS(0xffffffffffffffff, 0x720, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, 0xffffffffffffffff, 0x45809000) getsockopt$inet6_buf(r0, 0x29, 0x48, 0x0, 0x0) r2 = shmget$private(0x0, 0x800000, 0x880, &(0x7f0000173000/0x800000)=nil) r3 = shmat(r2, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff) mbind(&(0x7f000011b000/0x3000)=nil, 0x3000, 0x4000, 0x0, 0xb, 0x8) ioctl$I2C_SMBUS(0xffffffffffffffff, 0x720, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, 0xffffffffffffffff, 0x45809000) mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil) openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ptrace(0x10, 0x0) openat$drirender128(0xffffffffffffff9c, 0x0, 0x0, 0x0) r4 = socket$xdp(0x2c, 0x3, 0x0) fchdir(r4) r5 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r5, &(0x7f0000000540)={0x0, 0xc027, &(0x7f0000000340)=[{&(0x7f00000000c0)="97eb000014006bcd9e", 0xeb98}], 0x1, 0x0, 0x0, 0x1f000000}, 0x600) write$tun(0xffffffffffffffff, &(0x7f0000000380)=ANY=[@ANYBLOB="2781a58f4244b8ff2e1c2a8f4039c9058e6c904dd50cf258887b91a304d15a0392e106b183e7d7", @ANYRES32=r4, @ANYRES16=r3, @ANYRES8=0x0, @ANYBLOB="4b3db71defeab80dbb617a1d9bb4fd75bed7f41a83c40fa0fc8d5597fc259c22a08c1fbc167f00d0dbde544e9957e622e4d0f69aa2b7957fba5f583b67a1361d4f366910b6f7c0c61d26d7b4f7eb6b24f9d75895373c837edd512db272d8417c85b63fe79d8cd1bc9c5f475f4d12a1de7cabc1df41fa856fc745bba1fef0e1390ba1c4c3563d33a369014230c7", @ANYRES64=r0], 0x4a) setrlimit(0x40000000000008, &(0x7f0000000000)) mlockall(0x7) r6 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r6, 0x1, 0x19, &(0x7f0000000040)='gre0\x00', 0x10) sendmmsg$inet(r6, &(0x7f0000000240)=[{{&(0x7f00000001c0)={0x2, 0x4e20, @multicast1}, 0x10, &(0x7f0000001980)=[{&(0x7f0000000200)="a90500040000746400009e15045116", 0xf}, {&(0x7f0000000000)="17460081ba60ccbb9d000000000000", 0xf}], 0x2}}, {{&(0x7f00000004c0)={0x2, 0x4e24, @loopback}, 0x10, 0x0}}], 0x2, 0x4004040) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15) 172.665988ms ago: executing program 3 (id=150): syz_usb_connect(0x3, 0xb78, &(0x7f00000017c0)=ANY=[@ANYBLOB="120110038376ae10b40b6f0a057a010203010902660b030900106b09046f1007012ced0509210104070122f80408240600015ab69e05240001000d240f01ff0f0000060000408d06241a0200014124130988fd871527201bd0405529f61594f46e95406fc39ee5972fc347f4a86c51a37eeb92ffe9cb758953ea4c5b818a1c7851a800167dac9049c1588bcba13d522413101388269b991c1a3d64961404df19d43dcc47d98cda46c9b7c91b58577288b82620e69ee820e0560748ebd686485e27b20454d1d40ce94d3be66095907e286ec17f1281dfe92665b3926b9b0c440905241501000424020009050708ff030701fe781a6bbc6a99e603bd750812acb0208b1148d1a9c0992cdfe2bfe640263c50c60a847a8630910e7c62c020c5dc1bc8eecacb52bad9ab6654c6a2aadc81e46df7e091ef88c9f1423efac37dd4ac56b029e0f05ad9692e3d6c122d63fb688cd85d0ede683bd16461f11186efb95993b667b96d667e80433402090506039f360fff090725018204040009050b0810000603994906484b793deb175580e4b99b51ba1e3845406cfa68a8e24064639c46f4f418691f8defb4e5a6d6a40300d265e9f3957621a4b97b51f6e2a8e561fd0efafc549bc88cbb4502d1f0f209050d0c0002030307fc0e42e43ef0bebfd78a9cf498cd6e08a5bd11493131ececa2190e6ab639e3df75f5f63d4423c57b6c6866b3d4fc141b0f03897c1bd09beab3d84a67cfb09039d324cb931f732ad7c51d627cb05693c9ba720c4202e6eb0d96dac1d8eee38ddb8a76fe7f08ea362f6eace05bbb1158cc41b5d1d703e2801c37b78d1fb06f8a07a773db6d1e36b256de8bdc167ba221b6be7d0fae7fb7e8df7f5602d644100232ac11d01471e734991d421e9e6cba3fe3afe2d03d9a12400752f61d652020923f81e143e9310ece9d0b0c8a366f9bdfa9f23759d6911d08fae55e8663fec5396b8d6eec23c08ad512913318da5849441f805f9430639b578c0e3dd5ef4e0b2799808766831cb999537c68426d475e50fb5b58a5db4712fdab7a1e2830cf5a1adaf2861982fccd51f75f20303bff7bb7ca53568ae8cb26d499d830e4fecd54cfd6aa4750079eed12ab32740905020000008107a1072501020502000725010201030009058010000200ff8f072501010d090036293f3dbdf118534540877bd56f373296569545f3883e0fbee9921481f9346f39c8c029e7b3fc93f39aff3eb9a5d59c5d04ff6e4ea1090504030800013441072501010904009021031f532efe41d0488f4136ea69daf275f9b9673397f03304d1e8b0434d416815a6b6f9b1f4688da7a68b2c842e89c9f234596da3281fc8c10fa924c800adbf2802f7149263609179ee0b258b10d96c169c9ba2cdf1b80defb382fd716d9ad6ad5a27685848cd4b79203713bf9591f2784bbeb14637f2125979a5583758254e3971e18311413887901b3d9d900b7309044f041036660a071024020209000800021a75d5eb47c9cd112402021000000006d74ae10ef63fe7dd09058000200000080e09058001100006ff04072501000000000725010105040009050d02100081030409050d002000077f036f2288b479232db4bbb8de801aabb6f0b2734e63de4bb7c45c7334b09be5ab3e7b38aeed30830dc640fe82407b14c0df992f48cf86ab2409398a7cdb136e37827f483545c93138ff81da48b99472f0099b730c0dee792327d1c2392ad2d18b73ae449a2e031e15986fd3538488e6670905090800020d017507250181c4e8f6b8118b78dcd841688862b4615cb2d338f4b1119a8ff768a6eaea55473a0310c1648033ffffc583552d00035ecb8cfad45cb197d80303e5fb79d1d1fba73be586ed052525c9eae68a8c9921a0182b26066964fc1c2afc8420b7aea5cacf542f1b77856f20a4ac28fe9d6bfc2cc182c05ca7ab2442cb6cf35e4f89f7633964d7df97e8dbd60cf8441c6f65c682ed3a3cc2d7adc2ab2f172513155f158cb58084d41d211626fed721ec817e4cb5536a1f4b3004cb54db39f2430905060400040902010905041008001202f8b1072c34a051ef064fd36fef80714a49b0f9c694afe3dbcb414bb42323777fa29c3ec109c9c4a8736ab790d8f9a895fd0e8fb48d43aaa677eb6ba8f52aacbc200c7e90bfaa950f7006217a36ca5b608ab7e619aadc15d3ed6367f3baa3695198cf74e1d136df773395d511248ecc840c2ab331ad2831eb86f634fd229a16e46c3cd45b90b04a70a281b15322cbd435d1568449474d10bfa6765f4bf1412c94415ad6f1834c90f595eee7bf8c9dce7654770725010140050009050d100002fb0804e50a6ccfddfd8a12b19407b802f6b4fa78b649629309bf3053514dd3c6de2880352e60cabae8b4d74f669fe3e4ec1e0a6ee9085e54c4ced297619ca2075b42a64783f73491ae68f790ae8d5d04f67c7634e9049500ff41fd97176bd468ac3bb4e55fccfa413b7dd76b339ae5e395d0ee5ffd06eba9f0b77d6692b40087a14bca3ca85b43051eb2f4824719c5e7f012c28d3eb80e7922cb462dc3f211a865ea85bbb8524f9a1a4337c8ce30ed61e148a684974f9c9ca530789169cf345235e4706145d57dda4d355985fdf8ecb18d12c0ea6be0434c744023cb76f2b5287ec77a3c722a294809050d000006fa0a0209058c0240000201880725018109000109050c000000c5a5060725010107030009050510ff03080e000725018005000009050d06400006034309050b01400081050509050d014000070307c00b6ad1"], &(0x7f0000001480)={0x0, 0x0, 0x0, 0x0}) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, 0x0) 44.587309ms ago: executing program 0 (id=151): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4138ae84, 0x0) ioctl$KVM_SET_MSRS(r4, 0xc008ae88, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) r5 = socket$phonet_pipe(0x23, 0x5, 0x2) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0) ioctl$sock_proto_private(r5, 0x8b30, 0x0) 20.464472ms ago: executing program 1 (id=152): r0 = openat$binfmt_format(0xffffff9c, &(0x7f0000000040)='/proc/sys/fs/binfmt_misc/syz0\x00', 0x2, 0x0) write$binfmt_format(r0, &(0x7f0000000100)='-1\x00', 0x2) 0s ago: executing program 0 (id=153): socket$inet_sctp(0x2, 0x5, 0x84) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) socket$kcm(0x2, 0xa, 0x2) socket(0x10, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$l2tp6(0xa, 0x2, 0x73) socket$inet6_sctp(0xa, 0x801, 0x84) socket$igmp(0x2, 0x3, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0xb) pipe(&(0x7f0000000080)) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) socket$pppoe(0x18, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES32=r0], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.151' (ED25519) to the list of known hosts. syzkaller login: [ 63.306462][ T5822] cgroup: Unknown subsys name 'net' [ 63.496812][ T5822] cgroup: Unknown subsys name 'cpuset' [ 63.505137][ T5822] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 64.880948][ T5822] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 67.290505][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 67.307489][ T5839] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 67.317221][ T5839] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 67.325038][ T5839] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 67.333072][ T5839] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 67.340915][ T5839] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 67.401730][ T5846] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 67.409320][ T5843] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 67.417386][ T5843] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 67.425038][ T5846] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 67.432921][ T5843] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 67.441011][ T5846] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 67.441529][ T5843] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 67.448954][ T5846] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 67.456364][ T5843] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 67.476153][ T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 67.484190][ T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 67.491631][ T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 67.508570][ T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 67.518736][ T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 67.768552][ T5831] chnl_net:caif_netlink_parms(): no params data found [ 67.996129][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.004171][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.011572][ T5831] bridge_slave_0: entered allmulticast mode [ 68.018662][ T5831] bridge_slave_0: entered promiscuous mode [ 68.027371][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.034930][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.042067][ T5831] bridge_slave_1: entered allmulticast mode [ 68.049494][ T5831] bridge_slave_1: entered promiscuous mode [ 68.148294][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.165835][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.209285][ T5840] chnl_net:caif_netlink_parms(): no params data found [ 68.219872][ T5835] chnl_net:caif_netlink_parms(): no params data found [ 68.244310][ T5831] team0: Port device team_slave_0 added [ 68.279586][ T5831] team0: Port device team_slave_1 added [ 68.389877][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 68.396872][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 68.423464][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 68.444537][ T5845] chnl_net:caif_netlink_parms(): no params data found [ 68.455194][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 68.462138][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 68.488266][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 68.607614][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.614992][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.622084][ T5835] bridge_slave_0: entered allmulticast mode [ 68.629412][ T5835] bridge_slave_0: entered promiscuous mode [ 68.637224][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.646153][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.653251][ T5840] bridge_slave_0: entered allmulticast mode [ 68.660217][ T5840] bridge_slave_0: entered promiscuous mode [ 68.690098][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.697254][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.704846][ T5835] bridge_slave_1: entered allmulticast mode [ 68.711900][ T5835] bridge_slave_1: entered promiscuous mode [ 68.718907][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.726154][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.733251][ T5840] bridge_slave_1: entered allmulticast mode [ 68.740630][ T5840] bridge_slave_1: entered promiscuous mode [ 68.753039][ T5831] hsr_slave_0: entered promiscuous mode [ 68.760104][ T5831] hsr_slave_1: entered promiscuous mode [ 68.865008][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.877433][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.890190][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.924897][ T5845] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.932301][ T5845] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.939864][ T5845] bridge_slave_0: entered allmulticast mode [ 68.946920][ T5845] bridge_slave_0: entered promiscuous mode [ 68.955488][ T5845] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.962601][ T5845] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.969816][ T5845] bridge_slave_1: entered allmulticast mode [ 68.977423][ T5845] bridge_slave_1: entered promiscuous mode [ 68.986792][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.051363][ T5835] team0: Port device team_slave_0 added [ 69.091419][ T5835] team0: Port device team_slave_1 added [ 69.098888][ T5840] team0: Port device team_slave_0 added [ 69.107916][ T5840] team0: Port device team_slave_1 added [ 69.121794][ T5845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.187316][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.194289][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.220575][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.234442][ T5845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.256837][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.264032][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.290033][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.308434][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.315405][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.341490][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.374237][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.381195][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.407657][ T51] Bluetooth: hci0: command tx timeout [ 69.407730][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.455593][ T5845] team0: Port device team_slave_0 added [ 69.496260][ T5845] team0: Port device team_slave_1 added [ 69.543820][ T51] Bluetooth: hci3: command tx timeout [ 69.543838][ T5846] Bluetooth: hci1: command tx timeout [ 69.544057][ T5843] Bluetooth: hci2: command tx timeout [ 69.567497][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.574567][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.600840][ T5845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.627145][ T5840] hsr_slave_0: entered promiscuous mode [ 69.633520][ T5840] hsr_slave_1: entered promiscuous mode [ 69.639508][ T5840] debugfs: 'hsr0' already exists in 'hsr' [ 69.645827][ T5840] Cannot create hsr debugfs directory [ 69.659711][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.667217][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.694198][ T5845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.715686][ T5835] hsr_slave_0: entered promiscuous mode [ 69.721836][ T5835] hsr_slave_1: entered promiscuous mode [ 69.728052][ T5835] debugfs: 'hsr0' already exists in 'hsr' [ 69.734172][ T5835] Cannot create hsr debugfs directory [ 69.858898][ T5831] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 69.893143][ T5831] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 69.910706][ T5845] hsr_slave_0: entered promiscuous mode [ 69.917297][ T5845] hsr_slave_1: entered promiscuous mode [ 69.923580][ T5845] debugfs: 'hsr0' already exists in 'hsr' [ 69.929345][ T5845] Cannot create hsr debugfs directory [ 69.950126][ T5831] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 69.961976][ T5831] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 70.252419][ T5840] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 70.269764][ T5840] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 70.280114][ T5840] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 70.292670][ T5840] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 70.386142][ T5835] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 70.402585][ T5835] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 70.436734][ T5835] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 70.449768][ T5835] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 70.505672][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.542977][ T5845] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 70.566001][ T5845] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 70.577230][ T5845] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 70.587996][ T5845] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 70.605140][ T5831] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.639962][ T1158] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.647252][ T1158] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.674232][ T1158] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.681326][ T1158] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.730198][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.786034][ T5840] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.821642][ T1158] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.828861][ T1158] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.841001][ T1158] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.848115][ T1158] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.865084][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.905393][ T5835] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.951478][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.958701][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.996650][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.003833][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.134858][ T5845] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.197062][ T5845] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.239692][ T1103] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.246898][ T1103] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.282027][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.289258][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.309146][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.325112][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.357835][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.463550][ T5843] Bluetooth: hci0: command tx timeout [ 71.493606][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.526854][ T5831] veth0_vlan: entered promiscuous mode [ 71.566805][ T5831] veth1_vlan: entered promiscuous mode [ 71.578290][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.625853][ T5843] Bluetooth: hci3: command tx timeout [ 71.625903][ T51] Bluetooth: hci2: command tx timeout [ 71.631266][ T5846] Bluetooth: hci1: command tx timeout [ 71.689872][ T5840] veth0_vlan: entered promiscuous mode [ 71.725525][ T5831] veth0_macvtap: entered promiscuous mode [ 71.741563][ T5840] veth1_vlan: entered promiscuous mode [ 71.770384][ T5831] veth1_macvtap: entered promiscuous mode [ 71.780118][ T5835] veth0_vlan: entered promiscuous mode [ 71.803791][ T5835] veth1_vlan: entered promiscuous mode [ 71.857270][ T5840] veth0_macvtap: entered promiscuous mode [ 71.869396][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 71.887470][ T5845] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.899238][ T5840] veth1_macvtap: entered promiscuous mode [ 71.916777][ T5835] veth0_macvtap: entered promiscuous mode [ 71.926475][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 71.950519][ T49] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.960329][ T49] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.975305][ T5835] veth1_macvtap: entered promiscuous mode [ 71.986593][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 71.996295][ T49] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.005612][ T49] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.055483][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.070294][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.098634][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.108456][ T5845] veth0_vlan: entered promiscuous mode [ 72.133549][ T49] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.157114][ T49] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.166321][ T49] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.184965][ T5845] veth1_vlan: entered promiscuous mode [ 72.207220][ T49] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.217035][ T49] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.238983][ T49] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.248543][ T49] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.269764][ T49] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.290970][ T1158] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.303056][ T1158] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.340314][ T5845] veth0_macvtap: entered promiscuous mode [ 72.383302][ T5845] veth1_macvtap: entered promiscuous mode [ 72.392302][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.402183][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.462294][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.495943][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.505218][ T1158] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.513045][ T1158] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.534267][ T5831] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 72.559045][ T1103] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.569778][ T36] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.580766][ T1103] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.593549][ T36] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.602783][ T36] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.652321][ T36] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.681470][ T1158] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.697442][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.707496][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.715370][ T1158] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.827820][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.838008][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.928428][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.937142][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.992064][ T5838] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 73.014838][ T5924] netlink: 1041 bytes leftover after parsing attributes in process `syz.0.1'. [ 73.185881][ T5926] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 73.206646][ T5838] usb 2-1: config 4 has an invalid interface number: 223 but max is 1 [ 73.224154][ T5838] usb 2-1: config 4 has an invalid interface number: 12 but max is 1 [ 73.263173][ T5838] usb 2-1: config 4 has no interface number 0 [ 73.287491][ T5838] usb 2-1: config 4 has no interface number 1 [ 73.326110][ T5838] usb 2-1: config 4 interface 223 altsetting 85 endpoint 0x3 has invalid maxpacket 512, setting to 64 [ 73.343730][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 73.352008][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 73.363657][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 73.471801][ T5936] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5'. [ 73.482120][ T5936] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5'. [ 73.512050][ T5838] usb 2-1: config 4 interface 223 altsetting 85 endpoint 0x5 has invalid maxpacket 1024, setting to 64 [ 73.558773][ T5846] Bluetooth: hci0: command tx timeout [ 73.653843][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 73.700297][ T5838] usb 2-1: config 4 interface 223 has no altsetting 0 [ 73.707725][ T5846] Bluetooth: hci3: command tx timeout [ 73.707738][ T51] Bluetooth: hci1: command tx timeout [ 73.707819][ T5843] Bluetooth: hci2: command tx timeout [ 73.784438][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 73.837409][ T5838] usb 2-1: config 4 interface 12 has no altsetting 0 [ 74.007738][ T5838] usb 2-1: New USB device found, idVendor=0bfd, idProduct=0112, bcdDevice=e0.78 [ 74.111227][ T5917] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 74.161078][ T5838] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 74.253898][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 74.313648][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 74.323235][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 74.331932][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 74.340584][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 74.407906][ T5838] usb 2-1: Product: syz [ 74.419659][ T5917] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 74.433140][ T5838] usb 2-1: Manufacturer: syz [ 74.465711][ T5838] usb 2-1: SerialNumber: syz [ 74.519656][ T5919] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 74.529529][ T5919] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 74.683378][ T3082] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 74.829777][ T5838] kvaser_usb 2-1:4.223: error -ENODEV: Cannot get usb endpoint(s) [ 74.833498][ T3082] usb 3-1: Using ep0 maxpacket: 32 [ 74.866323][ T3082] usb 3-1: unable to get BOS descriptor or descriptor too short [ 74.869040][ T5838] kvaser_usb 2-1:4.12: error -ENODEV: Cannot get usb endpoint(s) [ 74.900542][ T3082] usb 3-1: config 5 has an invalid interface number: 103 but max is 0 [ 74.926815][ T5838] usb 2-1: USB disconnect, device number 2 [ 74.934487][ T3082] usb 3-1: config 5 has no interface number 0 [ 74.940588][ T3082] usb 3-1: config 5 interface 103 has no altsetting 0 [ 74.974201][ T3082] usb 3-1: New USB device found, idVendor=0711, idProduct=0230, bcdDevice=3c.61 [ 75.000559][ T3082] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 75.027797][ T30] audit: type=1800 audit(1751457945.704:2): pid=5952 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.12" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 75.047945][ T3082] usb 3-1: Product: syz [ 75.052107][ T3082] usb 3-1: Manufacturer: syz [ 75.074522][ T3082] usb 3-1: SerialNumber: syz [ 75.110578][ T5843] Bluetooth: hci1: unexpected cc 0x0c2d length: 69 > 4 [ 75.232603][ T5954] PKCS7: Unknown OID: [4] 0.0 [ 75.241480][ T5954] PKCS7: Only support pkcs7_signedData type [ 75.296505][ T3082] mct_u232 3-1:5.103: MCT U232 converter detected [ 75.313132][ T3082] mct_u232 ttyUSB0: expected endpoint missing [ 75.343998][ T3082] usb 3-1: USB disconnect, device number 2 [ 75.358979][ T3082] mct_u232 3-1:5.103: device disconnected [ 75.584010][ T5963] sp0: Synchronizing with TNC [ 75.624120][ T5843] Bluetooth: hci0: command tx timeout [ 75.783763][ T5843] Bluetooth: hci2: command tx timeout [ 75.797777][ T5843] Bluetooth: hci3: command tx timeout [ 75.864194][ T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 76.053378][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 76.061469][ T9] usb 1-1: config 0 has an invalid interface number: 105 but max is 0 [ 76.069737][ T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 76.079930][ T9] usb 1-1: config 0 has no interface number 0 [ 76.086201][ T5886] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 76.097525][ T9] usb 1-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 76.107455][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 76.113440][ T3082] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 76.123858][ T9] usb 1-1: Product: syz [ 76.128024][ T9] usb 1-1: Manufacturer: syz [ 76.132819][ T9] usb 1-1: SerialNumber: syz [ 76.143238][ T9] usb 1-1: config 0 descriptor?? [ 76.155535][ T9] usb 1-1: Found UVC 0.00 device syz (046d:08f3) [ 76.161896][ T9] usb 1-1: No valid video chain found. [ 76.173781][ T5838] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 76.253429][ T5886] usb 2-1: Using ep0 maxpacket: 8 [ 76.262550][ T5886] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 76.263395][ T3082] usb 4-1: device descriptor read/64, error -71 [ 76.272071][ T5886] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 76.287914][ T5886] usb 2-1: Product: syz [ 76.292060][ T5886] usb 2-1: Manufacturer: syz [ 76.296704][ T5886] usb 2-1: SerialNumber: syz [ 76.303117][ T5886] usb 2-1: config 0 descriptor?? [ 76.333381][ T5838] usb 3-1: Using ep0 maxpacket: 32 [ 76.342315][ T5838] usb 3-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 76.363309][ T5838] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 76.369962][ T5900] usb 1-1: USB disconnect, device number 2 [ 76.371323][ T5838] usb 3-1: Product: syz [ 76.381407][ T5838] usb 3-1: Manufacturer: syz [ 76.389111][ T5838] usb 3-1: SerialNumber: syz [ 76.405311][ T5838] usb 3-1: config 0 descriptor?? [ 76.415916][ T5838] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 76.519859][ T5886] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 76.533826][ T3082] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 76.665811][ T3082] usb 4-1: device descriptor read/64, error -71 [ 76.774354][ T3082] usb usb4-port1: attempt power cycle [ 77.113444][ T3082] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 77.134139][ T3082] usb 4-1: device descriptor read/8, error -71 [ 77.375768][ T3082] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 77.404866][ T3082] usb 4-1: device descriptor read/8, error -71 [ 77.517222][ T3082] usb usb4-port1: unable to enumerate USB device [ 77.939947][ T5886] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 77.959408][ T5886] usb 2-1: USB disconnect, device number 3 [ 78.753422][ T3082] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 78.925231][ T3082] usb 2-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 78.934684][ T3082] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 78.957221][ T3082] usb 2-1: config 0 descriptor?? [ 79.623518][ T30] audit: type=1800 audit(1751457950.294:3): pid=5990 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.27" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0 [ 79.677138][ T5843] Bluetooth: hci1: unexpected cc 0x0c2d length: 69 > 4 [ 79.820657][ T5995] netlink: 'syz.0.28': attribute type 10 has an invalid length. [ 79.901055][ T5995] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 79.931379][ T5997] sp0: Synchronizing with TNC [ 80.050474][ T5838] gspca_stk1135: reg_w 0x19 err -71 [ 80.062623][ T5838] gspca_stk1135: serial bus timeout: status=0x00 [ 80.071481][ T5838] gspca_stk1135: Sensor write failed [ 80.080047][ T5838] gspca_stk1135: serial bus timeout: status=0x00 [ 80.086933][ T5838] gspca_stk1135: Sensor write failed [ 80.092238][ T5838] gspca_stk1135: serial bus timeout: status=0x00 [ 80.101795][ T5838] gspca_stk1135: Sensor read failed [ 80.108238][ T5838] gspca_stk1135: serial bus timeout: status=0x00 [ 80.114880][ T5838] gspca_stk1135: Sensor read failed [ 80.120079][ T5838] gspca_stk1135: Detected sensor type unknown (0x0) [ 80.132040][ T5838] gspca_stk1135: serial bus timeout: status=0x00 [ 80.142497][ T5838] gspca_stk1135: Sensor read failed [ 80.148632][ T5838] gspca_stk1135: serial bus timeout: status=0x00 [ 80.156662][ T5838] gspca_stk1135: Sensor read failed [ 80.161881][ T5838] gspca_stk1135: serial bus timeout: status=0x00 [ 80.180210][ T5838] gspca_stk1135: Sensor write failed [ 80.207791][ T5838] gspca_stk1135: serial bus timeout: status=0x00 [ 80.251573][ T5838] gspca_stk1135: Sensor write failed [ 80.261636][ T5838] stk1135 3-1:0.0: probe with driver stk1135 failed with error -71 [ 80.286521][ T5838] usb 3-1: USB disconnect, device number 3 [ 80.524897][ T5843] Bluetooth: hci1: unexpected cc 0x0c2d length: 69 > 4 [ 80.613148][ T6015] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 80.637601][ T5843] Bluetooth: hci2: unexpected cc 0x2039 length: 9 > 1 [ 80.698874][ T6019] netlink: 'syz.2.40': attribute type 10 has an invalid length. [ 80.711737][ T6019] netlink: 40 bytes leftover after parsing attributes in process `syz.2.40'. [ 80.723220][ T6019] bridge0: port 3(dummy0) entered blocking state [ 80.729823][ T6019] bridge0: port 3(dummy0) entered disabled state [ 80.736910][ T6019] dummy0: entered allmulticast mode [ 80.753047][ T6019] dummy0: entered promiscuous mode [ 80.776249][ T6019] bridge0: port 3(dummy0) entered blocking state [ 80.783476][ T6019] bridge0: port 3(dummy0) entered forwarding state [ 80.991047][ T5843] Bluetooth: hci1: unexpected cc 0x2005 length: 8 > 1 [ 81.097434][ T5843] Bluetooth: hci1: unexpected cc 0x0c2d length: 69 > 4 [ 81.198035][ T3082] pegasus 2-1:0.0: setup Pegasus II specific registers [ 81.316290][ T5938] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 81.404908][ T5838] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 81.487586][ T5938] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 81.501498][ T5938] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 81.510891][ T5938] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 81.520290][ T5938] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 81.532199][ T5938] usb 3-1: config 0 descriptor?? [ 81.545162][ T980] cfg80211: failed to load regulatory.db [ 81.573321][ T5838] usb 1-1: Using ep0 maxpacket: 32 [ 81.589667][ T5838] usb 1-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 81.613353][ T5838] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 81.631554][ T5838] usb 1-1: Product: syz [ 81.636258][ T5838] usb 1-1: Manufacturer: syz [ 81.640920][ T5838] usb 1-1: SerialNumber: syz [ 81.656695][ T5838] usb 1-1: config 0 descriptor?? [ 81.668110][ T5838] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 81.979730][ T5843] Bluetooth: Wrong link type (-57) [ 81.987041][ T5886] usb 3-1: USB disconnect, device number 4 [ 82.413569][ T5886] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 82.570239][ T5886] usb 4-1: config 0 interface 0 altsetting 3 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 82.581279][ T5886] usb 4-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0 [ 82.593777][ T5886] usb 4-1: config 0 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 82.618330][ T5886] usb 4-1: config 0 interface 0 has no altsetting 0 [ 82.625279][ T5886] usb 4-1: New USB device found, idVendor=046d, idProduct=c294, bcdDevice= 0.00 [ 82.640160][ T5886] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 82.651724][ T5886] usb 4-1: config 0 descriptor?? [ 82.998364][ T5886] usbhid 4-1:0.0: can't add hid device: -71 [ 83.010826][ T5886] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 83.022312][ T5886] usb 4-1: USB disconnect, device number 6 [ 83.046521][ T3082] pegasus 2-1:0.0: can't locate MII phy, using default [ 83.070562][ T3082] pegasus 2-1:0.0: eth1, ELECOM USB Ethernet LD-USB20, e2:f3:93:13:2c:ab [ 83.082504][ T3082] usb 2-1: USB disconnect, device number 4 [ 83.681976][ T6085] netlink: 40 bytes leftover after parsing attributes in process `syz.3.61'. [ 83.725548][ T5843] Bluetooth: hci0: unexpected cc 0x0c2d length: 69 > 4 [ 83.765021][ T6090] netlink: 'syz.3.61': attribute type 10 has an invalid length. [ 83.840582][ T6090] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 84.052660][ T6096] netlink: 8 bytes leftover after parsing attributes in process `syz.3.63'. [ 84.274774][ T6106] fuse: Bad value for 'fd' [ 84.636648][ T3082] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 84.674315][ T5843] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 84.683251][ T5843] Bluetooth: hci2: Injecting HCI hardware error event [ 84.691035][ T5843] Bluetooth: hci2: hardware error 0x00 [ 84.806738][ T3082] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 84.817449][ T3082] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 84.829920][ T3082] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 84.840679][ T3082] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 84.851725][ T3082] usb 2-1: config 0 descriptor?? [ 84.993392][ T980] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 85.124908][ T5838] gspca_stk1135: reg_w 0x18 err -71 [ 85.131929][ T5838] gspca_stk1135: serial bus timeout: status=0x00 [ 85.139622][ T5838] gspca_stk1135: Sensor write failed [ 85.145490][ T5838] gspca_stk1135: serial bus timeout: status=0x00 [ 85.152375][ T5838] gspca_stk1135: Sensor write failed [ 85.158034][ T5838] gspca_stk1135: serial bus timeout: status=0x00 [ 85.170635][ T5838] gspca_stk1135: Sensor read failed [ 85.178397][ T980] usb 4-1: config 0 interface 0 altsetting 3 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 85.189434][ T5838] gspca_stk1135: serial bus timeout: status=0x00 [ 85.195832][ T980] usb 4-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0 [ 85.205590][ T5838] gspca_stk1135: Sensor read failed [ 85.210785][ T5838] gspca_stk1135: Detected sensor type unknown (0x0) [ 85.217471][ T980] usb 4-1: config 0 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 85.232444][ T5838] gspca_stk1135: serial bus timeout: status=0x00 [ 85.238893][ T5838] gspca_stk1135: Sensor read failed [ 85.244236][ T980] usb 4-1: config 0 interface 0 has no altsetting 0 [ 85.250853][ T980] usb 4-1: New USB device found, idVendor=046d, idProduct=c294, bcdDevice= 0.00 [ 85.260276][ T5838] gspca_stk1135: serial bus timeout: status=0x00 [ 85.267103][ T5838] gspca_stk1135: Sensor read failed [ 85.267792][ T5893] usb 2-1: USB disconnect, device number 5 [ 85.272312][ T5838] gspca_stk1135: serial bus timeout: status=0x00 [ 85.284542][ T980] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 85.293815][ T5838] gspca_stk1135: Sensor write failed [ 85.300205][ T5838] gspca_stk1135: serial bus timeout: status=0x00 [ 85.307748][ T5838] gspca_stk1135: Sensor write failed [ 85.313966][ T980] usb 4-1: config 0 descriptor?? [ 85.319237][ T5838] stk1135 1-1:0.0: probe with driver stk1135 failed with error -71 [ 85.334029][ T5838] usb 1-1: USB disconnect, device number 3 [ 85.651910][ T980] usbhid 4-1:0.0: can't add hid device: -71 [ 85.675771][ T980] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 85.703408][ T980] usb 4-1: USB disconnect, device number 7 [ 85.747987][ T6123] syz.2.71 uses obsolete (PF_INET,SOCK_PACKET) [ 85.776678][ T5846] Bluetooth: hci1: unexpected cc 0x0c2d length: 69 > 4 [ 85.856849][ T6125] netlink: 8 bytes leftover after parsing attributes in process `syz.2.72'. [ 85.898605][ T6127] fuse: Bad value for 'fd' [ 85.992594][ T5846] Bluetooth: hci1: unexpected cc 0x0c2d length: 69 > 4 [ 86.319052][ T6142] netlink: 'syz.2.80': attribute type 1 has an invalid length. [ 86.321415][ T6139] warning: `syz.3.78' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 86.557679][ T6153] netlink: 8 bytes leftover after parsing attributes in process `syz.3.84'. [ 86.573698][ T5920] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 86.733457][ T5920] usb 1-1: Using ep0 maxpacket: 32 [ 86.741749][ T5920] usb 1-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 86.750895][ T5843] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 86.753504][ T5838] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 86.757222][ T5920] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 86.772722][ T5920] usb 1-1: Product: syz [ 86.776984][ T5920] usb 1-1: Manufacturer: syz [ 86.781577][ T5920] usb 1-1: SerialNumber: syz [ 86.789310][ T980] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 86.790480][ T5920] usb 1-1: config 0 descriptor?? [ 86.808125][ T5920] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 86.863371][ T5886] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 86.915342][ T5838] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 86.927535][ T5838] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 86.937233][ T5838] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 86.946525][ T5838] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 86.956422][ T980] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 86.967537][ T980] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 86.977962][ T5838] usb 2-1: config 0 descriptor?? [ 86.983558][ T980] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 87.000444][ T980] usb 3-1: config 0 descriptor?? [ 87.011546][ T980] pwc: Askey VC010 type 2 USB webcam detected. [ 87.021639][ T5886] usb 4-1: config 0 interface 0 altsetting 3 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 87.032618][ T5886] usb 4-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0 [ 87.042503][ T5886] usb 4-1: config 0 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 87.055676][ T5886] usb 4-1: config 0 interface 0 has no altsetting 0 [ 87.062299][ T5886] usb 4-1: New USB device found, idVendor=046d, idProduct=c294, bcdDevice= 0.00 [ 87.071474][ T5886] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 87.089269][ T5886] usb 4-1: config 0 descriptor?? [ 87.365798][ T5893] usb 2-1: USB disconnect, device number 6 [ 87.421322][ T980] pwc: recv_control_msg error -32 req 02 val 2b00 [ 87.428935][ T980] pwc: recv_control_msg error -32 req 02 val 2700 [ 87.436509][ T980] pwc: recv_control_msg error -32 req 02 val 2c00 [ 87.443787][ T980] pwc: recv_control_msg error -32 req 04 val 1000 [ 87.450802][ T980] pwc: recv_control_msg error -32 req 04 val 1300 [ 87.458623][ T980] pwc: recv_control_msg error -32 req 04 val 1400 [ 87.459956][ T6152] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 87.480984][ T5886] usbhid 4-1:0.0: can't add hid device: -71 [ 87.481017][ T6152] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 87.492276][ T5886] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 87.512814][ T980] pwc: recv_control_msg error -32 req 02 val 2000 [ 87.520795][ T5886] usb 4-1: USB disconnect, device number 8 [ 87.528536][ T980] pwc: recv_control_msg error -32 req 02 val 2100 [ 87.543478][ T980] pwc: recv_control_msg error -32 req 04 val 1500 [ 87.550562][ T980] pwc: recv_control_msg error -32 req 02 val 2500 [ 87.759775][ T980] pwc: recv_control_msg error -71 req 02 val 2600 [ 87.770336][ T980] pwc: recv_control_msg error -71 req 02 val 2900 [ 87.777385][ T980] pwc: recv_control_msg error -71 req 02 val 2800 [ 87.785385][ T980] pwc: recv_control_msg error -71 req 04 val 1100 [ 87.792246][ T980] pwc: recv_control_msg error -71 req 04 val 1200 [ 87.801698][ T980] pwc: Registered as video103. [ 87.815391][ T980] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input5 [ 87.850433][ T980] usb 3-1: USB disconnect, device number 5 [ 87.968052][ T6160] fuse: Bad value for 'fd' [ 88.379908][ T5843] Bluetooth: Wrong link type (-57) [ 88.385137][ T6174] netlink: 8 bytes leftover after parsing attributes in process `syz.3.94'. [ 88.504202][ T6181] netlink: 'syz.2.95': attribute type 10 has an invalid length. [ 88.602288][ T6181] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 88.883485][ T5893] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 88.996559][ T5843] Bluetooth: hci3: unexpected cc 0x0c2d length: 69 > 4 [ 89.079028][ T5893] usb 2-1: config 0 interface 0 altsetting 3 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 89.106778][ T5893] usb 2-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0 [ 89.135876][ T5893] usb 2-1: config 0 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 89.151742][ T5893] usb 2-1: config 0 interface 0 has no altsetting 0 [ 89.162539][ T5893] usb 2-1: New USB device found, idVendor=046d, idProduct=c294, bcdDevice= 0.00 [ 89.203358][ T5893] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 89.222031][ T5893] usb 2-1: config 0 descriptor?? [ 89.244312][ T6213] netlink: 8 bytes leftover after parsing attributes in process `syz.2.104'. [ 89.370699][ T6220] netlink: 'syz.2.106': attribute type 10 has an invalid length. [ 89.650121][ T5893] usbhid 2-1:0.0: can't add hid device: -71 [ 89.661308][ T5893] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 89.676027][ T5893] usb 2-1: USB disconnect, device number 7 [ 89.857541][ T5843] Bluetooth: hci3: unexpected cc 0x0c2d length: 69 > 4 [ 89.932020][ T6240] netlink: 8 bytes leftover after parsing attributes in process `syz.3.114'. [ 90.035946][ T6246] netlink: 'syz.2.116': attribute type 10 has an invalid length. [ 90.206868][ T5843] Bluetooth: hci3: unexpected cc 0x2005 length: 8 > 1 [ 90.246527][ T5920] gspca_stk1135: reg_w 0x18 err -71 [ 90.261149][ T5920] gspca_stk1135: serial bus timeout: status=0x00 [ 90.302079][ T6257] netlink: 'syz.1.121': attribute type 72 has an invalid length. [ 90.308641][ T5920] gspca_stk1135: Sensor write failed [ 90.312751][ T6257] netlink: 40 bytes leftover after parsing attributes in process `syz.1.121'. [ 90.335591][ T5920] gspca_stk1135: serial bus timeout: status=0x00 [ 90.352558][ T5920] gspca_stk1135: Sensor write failed [ 90.379423][ T5920] gspca_stk1135: serial bus timeout: status=0x00 [ 90.398790][ T6261] netlink: 'syz.1.121': attribute type 10 has an invalid length. [ 90.406948][ T5920] gspca_stk1135: Sensor read failed [ 90.412218][ T5920] gspca_stk1135: serial bus timeout: status=0x00 [ 90.433589][ T5920] gspca_stk1135: Sensor read failed [ 90.438805][ T5920] gspca_stk1135: Detected sensor type unknown (0x0) [ 90.454229][ T5920] gspca_stk1135: serial bus timeout: status=0x00 [ 90.460757][ T5920] gspca_stk1135: Sensor read failed [ 90.480920][ T5920] gspca_stk1135: serial bus timeout: status=0x00 [ 90.490347][ T5920] gspca_stk1135: Sensor read failed [ 90.518902][ T5920] gspca_stk1135: serial bus timeout: status=0x00 [ 90.538005][ T6261] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 90.549948][ T5920] gspca_stk1135: Sensor write failed [ 90.567647][ T5920] gspca_stk1135: serial bus timeout: status=0x00 [ 90.576126][ T5920] gspca_stk1135: Sensor write failed [ 90.582092][ T5920] stk1135 1-1:0.0: probe with driver stk1135 failed with error -71 [ 90.595141][ T5920] usb 1-1: USB disconnect, device number 4 [ 90.808445][ T6278] netlink: 'syz.3.127': attribute type 10 has an invalid length. [ 90.957503][ T980] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 90.983492][ T5938] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 91.068636][ T6289] net veth1_virt_wifi virt_wifi0: entered promiscuous mode [ 91.081103][ T6289] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 91.126969][ T980] usb 2-1: config 0 interface 0 altsetting 3 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 91.139598][ T980] usb 2-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0 [ 91.152038][ T5938] usb 3-1: Using ep0 maxpacket: 32 [ 91.171832][ T5938] usb 3-1: config 0 has an invalid interface number: 184 but max is 0 [ 91.180716][ T5938] usb 3-1: config 0 has no interface number 0 [ 91.190763][ T980] usb 2-1: config 0 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 91.205858][ T5938] usb 3-1: config 0 interface 184 has no altsetting 0 [ 91.212758][ T980] usb 2-1: config 0 interface 0 has no altsetting 0 [ 91.220575][ T980] usb 2-1: New USB device found, idVendor=046d, idProduct=c294, bcdDevice= 0.00 [ 91.231021][ T980] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 91.239826][ T5938] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 91.242648][ T6294] netlink: 'syz.3.137': attribute type 72 has an invalid length. [ 91.252244][ T5938] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 91.258172][ T6294] netlink: 40 bytes leftover after parsing attributes in process `syz.3.137'. [ 91.282263][ T980] usb 2-1: config 0 descriptor?? [ 91.296354][ T5938] usb 3-1: Product: syz [ 91.314978][ T5938] usb 3-1: Manufacturer: syz [ 91.332499][ T6297] netlink: 'syz.3.137': attribute type 10 has an invalid length. [ 91.348574][ T5938] usb 3-1: SerialNumber: syz [ 91.388874][ T5938] usb 3-1: config 0 descriptor?? [ 91.406987][ T5938] smsc75xx v1.0.0 [ 91.562781][ T6307] netlink: 'syz.0.140': attribute type 10 has an invalid length. [ 91.830090][ T980] usbhid 2-1:0.0: can't add hid device: -71 [ 91.852456][ T980] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 91.881528][ T980] usb 2-1: USB disconnect, device number 8 [ 92.018555][ T5938] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 92.039242][ T6323] netlink: 'syz.3.147': attribute type 72 has an invalid length. [ 92.048531][ T5938] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 92.062316][ T6323] netlink: 40 bytes leftover after parsing attributes in process `syz.3.147'. [ 92.133972][ T6327] netlink: 'syz.3.147': attribute type 10 has an invalid length. [ 92.267775][ T5938] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32 [ 92.280103][ T5938] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -32 [ 92.291160][ T5938] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset [ 92.314834][ T5938] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -32 [ 92.348875][ T5938] smsc75xx 3-1:0.184: probe with driver smsc75xx failed with error -32 [ 92.440051][ T6338] [ 92.442419][ T6338] ============================================ [ 92.448561][ T6338] WARNING: possible recursive locking detected [ 92.454707][ T6338] 6.16.0-rc4-next-20250702-syzkaller #0 Not tainted [ 92.461266][ T6338] -------------------------------------------- [ 92.467386][ T6338] syz.1.152/6338 is trying to acquire lock: [ 92.473247][ T6338] ffff88807d59e988 (&sb->s_type->i_mutex_key#17){+.+.}-{4:4}, at: __simple_recursive_removal+0x95/0x510 [ 92.484378][ T6338] [ 92.484378][ T6338] but task is already holding lock: [ 92.491716][ T6338] ffff888023139a70 (&sb->s_type->i_mutex_key#17){+.+.}-{4:4}, at: bm_entry_write+0x289/0x540 [ 92.493504][ T980] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 92.501869][ T6338] [ 92.501869][ T6338] other info that might help us debug this: [ 92.501879][ T6338] Possible unsafe locking scenario: [ 92.501879][ T6338] [ 92.501884][ T6338] CPU0 [ 92.501889][ T6338] ---- [ 92.501893][ T6338] lock(&sb->s_type->i_mutex_key#17); [ 92.501913][ T6338] lock(&sb->s_type->i_mutex_key#17); [ 92.542160][ T6338] [ 92.542160][ T6338] *** DEADLOCK *** [ 92.542160][ T6338] [ 92.550283][ T6338] May be due to missing lock nesting notation [ 92.550283][ T6338] [ 92.558588][ T6338] 3 locks held by syz.1.152/6338: [ 92.563599][ T6338] #0: ffff88803078cef8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x247/0x320 [ 92.572624][ T6338] #1: ffff888034e50428 (sb_writers#11){.+.+}-{0:0}, at: vfs_write+0x211/0xa90 [ 92.581560][ T6338] #2: ffff888023139a70 (&sb->s_type->i_mutex_key#17){+.+.}-{4:4}, at: bm_entry_write+0x289/0x540 [ 92.592150][ T6338] [ 92.592150][ T6338] stack backtrace: [ 92.598028][ T6338] CPU: 1 UID: 0 PID: 6338 Comm: syz.1.152 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 92.598041][ T6338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 92.598053][ T6338] Call Trace: [ 92.598057][ T6338] [ 92.598061][ T6338] dump_stack_lvl+0x189/0x250 [ 92.598076][ T6338] ? __pfx_dump_stack_lvl+0x10/0x10 [ 92.598085][ T6338] ? __pfx__printk+0x10/0x10 [ 92.598096][ T6338] ? print_lock_name+0xde/0x100 [ 92.598106][ T6338] print_deadlock_bug+0x28b/0x2a0 [ 92.598116][ T6338] validate_chain+0x1a3f/0x2140 [ 92.598131][ T6338] ? lockdep_unlock+0x89/0x120 [ 92.598152][ T6338] ? validate_chain+0x897/0x2140 [ 92.598172][ T6338] __lock_acquire+0xab9/0xd20 [ 92.598192][ T6338] ? __simple_recursive_removal+0x95/0x510 [ 92.598203][ T6338] lock_acquire+0x120/0x360 [ 92.598216][ T6338] ? __simple_recursive_removal+0x95/0x510 [ 92.598228][ T6338] down_write+0x96/0x1f0 [ 92.598242][ T6338] ? __simple_recursive_removal+0x95/0x510 [ 92.598252][ T6338] ? __pfx_down_write+0x10/0x10 [ 92.598266][ T6338] __simple_recursive_removal+0x95/0x510 [ 92.598278][ T6338] bm_entry_write+0x4f7/0x540 [ 92.598291][ T6338] ? __pfx_bm_entry_write+0x10/0x10 [ 92.598304][ T6338] ? __pfx_bm_entry_write+0x10/0x10 [ 92.598316][ T6338] vfs_write+0x27e/0xa90 [ 92.598328][ T6338] ? __pfx_vfs_write+0x10/0x10 [ 92.598339][ T6338] ? __fget_files+0x2a/0x420 [ 92.598352][ T6338] ? __fget_files+0x3a0/0x420 [ 92.598364][ T6338] ? __fget_files+0x2a/0x420 [ 92.598377][ T6338] ksys_write+0x145/0x250 [ 92.598388][ T6338] ? __pfx_ksys_write+0x10/0x10 [ 92.598397][ T6338] ? rcu_is_watching+0x15/0xb0 [ 92.598407][ T6338] ? do_syscall_64+0xbe/0x3b0 [ 92.598420][ T6338] do_syscall_64+0xfa/0x3b0 [ 92.598432][ T6338] ? lockdep_hardirqs_on+0x9c/0x150 [ 92.598443][ T6338] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.598451][ T6338] ? clear_bhb_loop+0x60/0xb0 [ 92.598461][ T6338] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.598470][ T6338] RIP: 0033:0x7f9e2038e929 [ 92.598486][ T6338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 92.598493][ T6338] RSP: 002b:00007f9e212a8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 92.598503][ T6338] RAX: ffffffffffffffda RBX: 00007f9e205b5fa0 RCX: 00007f9e2038e929 [ 92.598510][ T6338] RDX: 0000000000000002 RSI: 0000200000000100 RDI: 0000000000000003 [ 92.598516][ T6338] RBP: 00007f9e20410b39 R08: 0000000000000000 R09: 0000000000000000 [ 92.598522][ T6338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 92.598527][ T6338] R13: 0000000000000000 R14: 00007f9e205b5fa0 R15: 00007ffc5fe19338 [ 92.598536][ T6338] [ 92.743746][ T980] usb 4-1: Using ep0 maxpacket: 16 [ 92.883988][ T980] usb 4-1: unable to get BOS descriptor or descriptor too short [ 92.893328][ T980] usb 4-1: config 9 has an invalid interface number: 111 but max is 2 [ 92.901494][ T980] usb 4-1: config 9 has an invalid interface number: 79 but max is 2 [ 92.910795][ T980] usb 4-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config [ 92.921978][ T980] usb 4-1: config 9 has 2 interfaces, different from the descriptor's value: 3 [ 92.930945][ T980] usb 4-1: config 9 has no interface number 0 [ 92.937089][ T980] usb 4-1: config 9 has no interface number 1 [ 92.943149][ T980] usb 4-1: config 9 interface 111 altsetting 16 endpoint 0x7 has invalid maxpacket 1023, setting to 64 [ 92.954217][ T980] usb 4-1: config 9 interface 111 altsetting 16 endpoint 0x6 has invalid maxpacket 9887, setting to 1024 [ 92.965444][ T980] usb 4-1: config 9 interface 111 altsetting 16 endpoint 0xD has invalid maxpacket 512, setting to 64 [ 92.976467][ T980] usb 4-1: config 9 interface 111 altsetting 16 endpoint 0x2 has invalid wMaxPacketSize 0 [ 92.987583][ T980] usb 4-1: config 9 interface 111 altsetting 16 has an invalid descriptor for endpoint zero, skipping [ 92.998896][ T980] usb 4-1: config 9 interface 79 altsetting 4 has an invalid descriptor for endpoint zero, skipping [ 93.009723][ T980] usb 4-1: config 9 interface 79 altsetting 4 has an invalid descriptor for endpoint zero, skipping [ 93.020514][ T980] usb 4-1: config 9 interface 79 altsetting 4 has a duplicate endpoint with address 0xD, skipping [ 93.031122][ T980] usb 4-1: config 9 interface 79 altsetting 4 has a duplicate endpoint with address 0xD, skipping [ 93.041803][ T980] usb 4-1: config 9 interface 79 altsetting 4 endpoint 0x9 has invalid maxpacket 512, setting to 64 [ 93.052576][ T980] usb 4-1: config 9 interface 79 altsetting 4 has a duplicate endpoint with address 0x6, skipping [ 93.063182][ T980] usb 4-1: config 9 interface 79 altsetting 4 has a duplicate endpoint with address 0x4, skipping [ 93.073820][ T980] usb 4-1: config 9 interface 79 altsetting 4 has a duplicate endpoint with address 0xD, skipping [ 93.084492][ T980] usb 4-1: config 9 interface 79 altsetting 4 has a duplicate endpoint with address 0xD, skipping [ 93.095116][ T980] usb 4-1: config 9 interface 79 altsetting 4 bulk endpoint 0x8C has invalid maxpacket 64 [ 93.105055][ T980] usb 4-1: config 9 interface 79 altsetting 4 has a duplicate endpoint with address 0xC, skipping [ 93.115674][ T980] usb 4-1: config 9 interface 79 altsetting 4 endpoint 0x5 has invalid maxpacket 1023, setting to 64 [ 93.126545][ T980] usb 4-1: config 9 interface 79 altsetting 4 has a duplicate endpoint with address 0xD, skipping [ 93.137170][ T980] usb 4-1: config 9 interface 79 altsetting 4 has a duplicate endpoint with address 0xB, skipping [ 93.147925][ T980] usb 4-1: config 9 interface 79 altsetting 4 has a duplicate endpoint with address 0xD, skipping [ 93.158536][ T980] usb 4-1: config 9 interface 79 altsetting 4 has 15 endpoint descriptors, different from the interface descriptor's value: 16 [ 93.171698][ T980] usb 4-1: config 9 interface 111 has no altsetting 0 [ 93.178473][ T980] usb 4-1: config 9 interface 79 has no altsetting 0 [ 93.186817][ T980] usb 4-1: New USB device found, idVendor=0bb4, idProduct=0a6f, bcdDevice=7a.05 [ 93.195961][ T980] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 93.203964][ T980] usb 4-1: Product: syz [ 93.208108][ T980] usb 4-1: Manufacturer: syz [ 93.212678][ T980] usb 4-1: SerialNumber: syz [ 93.218401][ T980] usb 4-1: Interface #111 referenced by multiple IADs [ 93.225889][ T6332] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 93.447777][ T980] usb 4-1: USB disconnect, device number 9 [ 93.752118][ T980] usb 3-1: USB disconnect, device number 6 [ 95.303391][ T5843] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 95.311674][ T5843] Bluetooth: hci1: Injecting HCI hardware error event [ 95.318567][ T5846] Bluetooth: hci1: hardware error 0x00 [ 97.383319][ T5846] Bluetooth: hci1: Opcode 0x0c03 failed: -110