last executing test programs: 20m49.20346078s ago: executing program 2 (id=1064): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000000)={0x4, 0x1, 0x608, 0x6, 0xffff, 0x1, 0x4, 0x7, 0x0}, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ab4000000060a01040000000000000000020000280900010073797a30000000000900020073797a320000000088000480100001800c000100636f756e7465720014000180090001006d6173710000000004000280600001800a0001006c696d6974000000500002800c000140000000000000000808000440000000010c00014000000000000080010c00024000000000000000090800034000000fba0c00024000000000000000000c000140000000000000000714000000110001"], 0xdc}}, 0x0) sendmsg$NFT_MSG_GETRULE(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000740)=ANY=[@ANYBLOB="9c000000190a01020000000000000000000000000900010073797a30000000000c0006400000000000000002240005800800015a0000a23c08000140000000320800024000000007080001400000002f0900020073797a300000000020000740d07d45b2ea3eec53a10c6b79cc855cf3348d80c823b4913af25a90a908000a400000000208000a4000000000040005800900010073797a3000000000"], 0x9c}}, 0x0) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r4, 0x84, 0x10, &(0x7f00000000c0)=@assoc_value={r5, 0x5}, &(0x7f0000000100)=0x8) prlimit64(0x0, 0xe, 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000200)={0x0, 0x1, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil}) dup(0xffffffffffffffff) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000040)=@arm64={0x7, 0x6, 0x81, '\x00', 0x3c}) 20m47.229238901s ago: executing program 2 (id=1066): openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149a82, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x16, 0x16, &(0x7f0000000380)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r3 = accept4(r2, 0x0, 0x0, 0x800) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 20m47.014676469s ago: executing program 2 (id=1071): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000400)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) syz_io_uring_submit(0x0, 0x0, 0x0) r3 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x102, 0x0) read$FUSE(r3, &(0x7f0000000040)={0x2020}, 0x2084) writev(r3, &(0x7f0000002100)=[{&(0x7f0000002080)='T01\n', 0x4}], 0x1) write$RDMA_USER_CM_CMD_SET_OPTION(r3, 0x0, 0x2f) syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000), 0x22301, 0x0) r5 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x38, 0x1403, 0x1, 0x1000, 0x25dfdbfd, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'syz_tun\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4004010}, 0x4000000) sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r5, &(0x7f0000001840)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000080)=ANY=[@ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x4048480) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, 0x0) ioctl$SNDCTL_DSP_SYNC(r4, 0x5001, 0x0) 20m45.554106948s ago: executing program 2 (id=1072): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, 0x0, 0x0) syz_emit_ethernet(0x14f, &(0x7f0000000280)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @random="b91c280825dc", @void, {@ipv6={0x86dd, @udp={0x8, 0x6, "56db49", 0x119, 0x11, 0x0, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, @empty, {[@dstopts={0x0, 0x9, '\x00', [@calipso={0x7, 0x48, {0x2, 0x10, 0x2, 0x12b9, [0x2, 0x0, 0x1000, 0x1, 0x8000000000000001, 0x3, 0xfb, 0x2]}}, @enc_lim={0x4, 0x1, 0x5}]}, @srh={0x1b, 0x4, 0x4, 0x2, 0x7f, 0x50, 0x9, [@remote, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x42}}]}, @dstopts={0x89, 0x8, '\x00', [@enc_lim={0x4, 0x1, 0x7}, @jumbo={0xc2, 0x4, 0x400}, @calipso={0x7, 0x8, {0x3, 0x0, 0x7, 0x2c56}}, @ra={0x5, 0x2, 0x6}, @padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @pad1, @calipso={0x7, 0x20, {0x2, 0x6, 0x4d, 0x0, [0x8001, 0x7, 0x3c]}}, @enc_lim={0x4, 0x1, 0xee}]}, @hopopts={0x29, 0x0, '\x00', [@pad1]}, @fragment={0x84, 0x0, 0x0, 0x1, 0x0, 0x3, 0x64}, @fragment={0x80, 0x0, 0x4, 0x1, 0x0, 0x3, 0x67}], {0x4e21, 0x4e23, 0x29, 0x0, @opaque="1277c499f26213c4255164b23f4bccd0f929f72ebb07f4144efce3d460dae90926"}}}}}}, 0x0) setsockopt$inet6_udp_encap(r0, 0x11, 0x68, &(0x7f0000000000)=0x5, 0x4) syz_open_dev$usbfs(0x0, 0x77, 0x101301) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) socket$kcm(0x29, 0x2, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_open_dev$vim2m(&(0x7f0000000240), 0x6, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1}) ioctl$vim2m_VIDIOC_STREAMOFF(r4, 0x40045612, &(0x7f0000000100)=0x1) socketpair(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r5, 0x8b06, &(0x7f0000000040)={'wlan1\x00', @broadcast}) socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$netlink(0x10, 0x3, 0x0) socket(0x200000000000011, 0x2, 0x0) sendmsg$nl_route(r6, 0x0, 0x0) syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) 20m44.039785695s ago: executing program 2 (id=1075): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a500000023000000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r1}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = syz_io_uring_setup(0x7b, 0x0, &(0x7f00000005c0)=0x0, &(0x7f0000000100)=0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r6, r7, &(0x7f0000000600)=@IORING_OP_RECVMSG={0xa, 0x40, 0x0, r9, 0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0, 0x40000103}) io_uring_enter(r5, 0x46f3, 0x0, 0x0, 0x0, 0x0) write(r8, &(0x7f0000000200)='~', 0x1) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000180)={0xffffffffffffffff, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r10 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r10, 0x89f1, &(0x7f0000000340)={'ip6gre0\x00', &(0x7f00000001c0)=@ethtool_cmd={0x2f, 0x80000000, 0x0, 0x9, 0xf, 0x3, 0x3, 0xfc, 0x0, 0x1, 0xffffffff, 0x0, 0x0, 0xff, 0x0, 0xfffffeff}}) r11 = socket$kcm(0x10, 0x2, 0x0) r12 = openat$mice(0xffffffffffffff9c, &(0x7f0000000280), 0x240000) setsockopt$packet_fanout(r12, 0x107, 0x12, &(0x7f0000000240)={0x1, 0x4}, 0x4) sendmsg$kcm(r11, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000008c0)="d8000000180081000181f782db4cb904021d0800ff007c05e8fe50a10a000700014002020c600e41b0000900ac000a0501000000160012000a00ff150048035c3b61c1d67f6f94007134cf6efb8007a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5a02000000ca9ec855eff0eb3f365d3a71d95667daffffffffff1f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5b7276505dba36efab70cdb67e8d1cc5c7b06b1eab31f7b05da962834cedde6fdfcf45add8e51ff159ca9680d0", 0xd8}], 0x1}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0) 20m41.763830019s ago: executing program 2 (id=1078): close(0xffffffffffffffff) socket$inet6_mptcp(0xa, 0x1, 0x106) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000040}, 0x24000040) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f00000007c0)='usrquota') 20m26.600792349s ago: executing program 32 (id=1078): close(0xffffffffffffffff) socket$inet6_mptcp(0xa, 0x1, 0x106) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000040}, 0x24000040) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f00000007c0)='usrquota') 13m15.81365106s ago: executing program 5 (id=2262): openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149a82, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x16, 0x16, &(0x7f0000000380)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r3 = accept4(r2, 0x0, 0x0, 0x800) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 13m15.663375455s ago: executing program 5 (id=2263): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = openat$random(0xffffffffffffff9c, &(0x7f0000001580), 0x60000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) open_by_handle_at(0xffffffffffffffff, 0x0, 0x1) r4 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r4, &(0x7f0000000300)={{0x6, @default, 0x1}, [@default, @default, @null, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast]}, 0x48) readahead(0xffffffffffffffff, 0x0, 0xfffffffffffffffd) poll(&(0x7f0000000600)=[{r4, 0x48}], 0x1, 0x400) ptrace$ARCH_GET_FS(0x1e, 0x0, 0x0, 0x1003) fcntl$setstatus(r1, 0x4, 0x2400) setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="380000001a0001000000000000100a0080202000", @ANYRES32=0x0, @ANYRES16], 0x38}, 0x1, 0x0, 0x0, 0x8090}, 0x0) 13m14.680942828s ago: executing program 5 (id=2269): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = openat$random(0xffffffffffffff9c, &(0x7f0000001580), 0x60000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r5, &(0x7f0000000300)={{0x6, @default, 0x1}, [@default, @default, @null, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast]}, 0x48) readahead(0xffffffffffffffff, 0x0, 0xfffffffffffffffd) poll(&(0x7f0000000600)=[{r5, 0x48}], 0x1, 0x400) ptrace$ARCH_GET_FS(0x1e, 0x0, 0x0, 0x1003) fcntl$setstatus(r1, 0x4, 0x2400) sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="380000001a0001000000000000100a0080202000", @ANYRES32=0x0, @ANYRES16], 0x38}, 0x1, 0x0, 0x0, 0x8090}, 0x0) 13m13.611041902s ago: executing program 5 (id=2272): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) listen(0xffffffffffffffff, 0x0) r0 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) pselect6(0x40, &(0x7f0000000340)={0x100000000, 0x3, 0x1, 0x6, 0x5, 0x9, 0x1, 0x4}, &(0x7f0000000580)={0x8, 0x8, 0x6, 0xcc, 0x8, 0x780, 0xffffffff80000000, 0x10001}, &(0x7f0000000f80)={0x7, 0x0, 0x400, 0x3, 0x4, 0xa, 0x8, 0x5}, &(0x7f0000000fc0)={0x0, 0x3938700}, &(0x7f0000001040)={&(0x7f0000001000)={[0x6]}, 0x8}) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000040)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000200000024000180060005004e230000060001000200000008000300ac1414aa"], 0x38}, 0x1, 0x0, 0x0, 0x4000011}, 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) syz_usb_connect(0x6, 0x75c, &(0x7f0000000600)={{0x12, 0x1, 0x150, 0xe8, 0x8c, 0x67, 0x40, 0x595, 0x4343, 0x17a1, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x74a, 0x1, 0xb, 0x0, 0x20, 0xe, [{{0x9, 0x4, 0xb9, 0x68, 0x10, 0xcf, 0xdd, 0xdb, 0x12, [@cdc_ncm={{0x9, 0x24, 0x6, 0x0, 0x1, "6074c380"}, {0x5, 0x24, 0x0, 0x3}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x3, 0x7, 0xb}, {0x6, 0x24, 0x1a, 0x7, 0x2c}, [@obex={0x5, 0x24, 0x15, 0x5}]}, @generic={0x1d, 0x30, "d49fe495d9b567dbd705fe3650c053cf2758a103dc5196ccd74e42"}], [{{0x9, 0x5, 0x6, 0x1c, 0x400, 0xb, 0x80, 0x8, [@generic={0x2e, 0x3, "5944ec91f1a986ce07fe1e203b34308339ff6b23f02263bc80d2d2a3ec28b90f03d9d967e6e9b72bc4005a61"}, @uac_iso={0x7, 0x25, 0x1, 0x80, 0x30, 0xa}]}}, {{0x9, 0x5, 0x80, 0x8, 0x400, 0x3, 0x9, 0x0, [@generic={0xb5, 0x6, "ac6379b2292488931789ed1cbb0f6195971d055dcc242e980659db08225d106404cf90cf7c74b8ee47ac37b0bebe20f8164ee131790b8477dae4e800775699088849be85b3f2531397f7eb817fc913f760181e111b11b1ceb7f9bbb9af168cad6a0b66c2f7b7474008dcf267fc1020e246a387fe7c6adf635dbe363f026f7893af172d7a2de19c1cf0553cf04d82f835b92626871ce36d4ade562f8037e18674232f00120a5ede434fb6e52947a2a8aa1692bc"}, @generic={0x67, 0x7, "5dcc4278c5ee04924af97a1d2641acc1ff6d36d4a05ab0fe0b6c3d8569a8f70d6c475802345e6b5ef428b707fd20d2e7a0f904fae65d032c085d460538cce011513567fc28dc089f7d98ee048150b952ae862fb475c1de463a4237dd2f8ffa8a4f57659bff"}]}}, {{0x9, 0x5, 0x6, 0x8, 0x8, 0x1, 0x0, 0x9}}, {{0x9, 0x5, 0x2, 0x0, 0x8, 0x8, 0x0, 0x6}}, {{0x9, 0x5, 0x3, 0x2, 0x200, 0xb3, 0xae, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0xff, 0x3}, @generic={0x100, 0xd, "f194baeb3bd6128fde5f71bc7dda118eddbe7513b65cd8e9e6aa43731d041ec0014ca1dffbd7e68ba73cf437b354fffc341b851f449f24364742f651d8640c3797f8ea3551f6aa99771cb458f6fdf1b8f10aafffee216c0a13576a5ac89a78bdd79d5d3fd2eff5d68f2b4e0357ed1b4581b9a1fc94fff8c1e0556fd754f4a57a6796338d4e28c42ff26dfbde89f1f99b89ccfb86f5bc31d4218bb8c1506f471f007b2e55164c24a70c39a22a18ced7b318b67717e7e054748aac8ad67e6b4d1f31da0975b921c454aa77eb850b2d1a2a2417c228966cc41a2c360cf61c982c6931130c6d592828e5e98dbb1d0f89190f7308b496fcc1dffe2c1d92130e23"}]}}, {{0x9, 0x5, 0xf, 0x4, 0x10, 0xcf, 0xa, 0x6, [@generic={0x3c, 0x11, "e88283d563f6879f51f6e993016cacae3537711a5217e35fe7a614545aba8f2da45c787dc67de46692af267d2999787fd32fef347768f19aba10"}, @uac_iso={0x7, 0x25, 0x1, 0x0, 0x5, 0x900}]}}, {{0x9, 0x5, 0xd, 0x3, 0x3ff, 0x7, 0x1}}, {{0x9, 0x5, 0x7, 0x10, 0x3ff, 0x5, 0xe}}, {{0x9, 0x5, 0x6, 0x4, 0x3ff, 0x4, 0xd, 0x96, [@generic={0x63, 0x11, "635caa50a4451b09a60abe370f9dd23b197f4ea545104a9aa2691d638f28a77ffdbf42dbb1d3a50284f6f20b7ef3815262efa29053eb4cfd0c97680ef304388791f49d76913eb5a1c553d651cf0e9607a46e7e2eb1da38052d347979b7677f6eec"}, @uac_iso={0x7, 0x25, 0x1, 0x80, 0x8, 0x6}]}}, {{0x9, 0x5, 0x1, 0xc, 0x8, 0x2, 0xc3, 0x8}}, {{0x9, 0x5, 0xe, 0x10, 0x40, 0x21, 0x7b, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x8, 0x3}]}}, {{0x9, 0x5, 0xd, 0x0, 0x3ff, 0xf, 0x2, 0x3, [@generic={0xdb, 0x10, "5418483f42d26682cf354b806a82739ef4182e4f748767316c7a32053d8b450cfb51e9bb0137544a3be704e363dfa440846d946f954c7bbc14f3bdbfc1364ef67e26b0a42cd87bc37b98bad34427d9494a6bd4a8372e61bd00bf2ca90eb5331560456d8e26af866f8479673dab757c4c2c616c7a815893a1c7cfb1395c8ae8cbd07505d18b1142c0fd208cc76dfa0f0cde4f58592767cf1153e6b1414a7a8f7fc2619da8ec5317571b00805ac454efa9534fd778490cf8b5c72b4940e63be8e2c6211b109eb46ff19f396bef2cb342513449777575931af669"}, @generic={0xfa, 0x1a, "f1e9c7cc78badeafd5c6b54cb294fe36cc546726f60cc3eb2741a8af8d814fa70ff89c444c119a9e09843dbf84ea98c249fcbda10fb1ea28499bc74c2b3cc8cabc27913ee53760acab76e48a0fe8824a2729dec56afe82d9ef828106bb86e634ffd8d5a08a6e7ddc1413335ab30b94956c09b994f22c48a7726030dfaae1547d30bc6825f45329fabbeb22207b25546760188dd5adc53890bd17cb269eafab6eda6f706b27bb06eaf55376d1218d5ba08aaa2afd23b68cdc0f9b34d93b7413d8dca44dc86e11d224513f383f3e64542898e969b8582731e54375efdb4bae578c7f1f91b54a7ee96b90993f508fa7f7cd6de568e41ac2bf21"}]}}, {{0x9, 0x5, 0x0, 0x10, 0x40, 0xf8, 0x7, 0x8}}, {{0x9, 0x5, 0x4, 0x0, 0x40, 0x0, 0x80, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x1}, @uac_iso={0x7, 0x25, 0x1, 0x181, 0x4, 0x101}]}}, {{0x9, 0x5, 0x5, 0x4, 0x8, 0x2, 0xfe, 0x3, [@generic={0x52, 0x23, "d68b2c32e64577f6e6e79710165b86826e47ae32f0a413b5bd22776bb70c594ac4f732153233cdff526446e2b3a2682e9ba6bf62a6e1b68e212cf2959d251574ced203466d21608447c995963b344081"}, @generic={0xbb, 0x11, "77eebeafc3ddbc65435fe50485899e5fc5ce827d127d08c6dba97a811af4ee3c1baa81118cc88394dbdf77f0f912187a68b26c05caa69471fa540d15631cdaaf4c286a88b321c1033e2ee8fc56f79a2f14046ad0cb9d0baee1143da93063dfeea1f0ce94056c57c252c748083cc6ae6da6d0d2827d0465ee678ed8fd29974835654a70190eebf502e1d544d60b106b8426a920fbdab9c0cc992ba124bdd174dd674c4d171ebebd4e7309e1f8af7d904a58166a8375458bdcd3"}]}}, {{0x9, 0x5, 0xb, 0x0, 0x400, 0x9c, 0x81, 0x5, [@generic={0x62, 0x8, "224f80591fcdc9e8a141033b312ddf82f6cac17bdffd2932911e2d62c5308f1493c0b5267477eab864fcea104ed407c8122bd5986ae4042a3ed4f3180daa3d1547b52beb6d31288158773647d1358805e941b2edcb0f6c2c522ebfd9022e7cd5"}, @uac_iso={0x7, 0x25, 0x1, 0x1, 0x6a, 0x7}]}}]}}]}}]}}, &(0x7f0000000f00)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x200, 0xff, 0x3, 0x5, 0xff, 0x8}, 0xc, &(0x7f00000001c0)={0x5, 0xf, 0xc, 0x1, [@ext_cap={0x7, 0x10, 0x2, 0x4, 0x1, 0x1, 0x401}]}, 0x4, [{0xc5, &(0x7f0000000480)=@string={0xc5, 0x3, "96e2905ab765cffb34d8ec99c1da62f741ad92be48b499215f95e3e89ad3af3c0bb28003f2e5d1542a115e2fa7aecd02e52a05fe5b91e17402a02f76eee425cf564ddfd9f1fb217a2fd98d7c500eadf80022b55365343a2d4184487d34cbbf0f1628377b1fbf67d6ea5010b4a59e4db05a58623f084868a95994ac76070b7aa84c368bd3713bd34398423f791b7ed04e4c0422f15d7403cb252e3fdd0a159a1971ce20d491b0f31ef5a977173e930b6ea482693481a02100c3207050dc5a687d45d829"}}, {0xfd, &(0x7f0000000d80)=@string={0xfd, 0x3, "3fa09175263be508a63b2aac9941fd0b51fb0b99cb9b00dda16c62972f1ef8d4ba1879b180d80f23b0030c3e1067b61da326db1de0d76fab77a01238f91eae92781194ae15e14245f21f95b21cbaa4fde4312ee433f1ee676212782fcaf695ad5f09c646c88975a00aa0b8ed5bb437999c334d24dd14549ed468a7096349f86f4cffcac6bf2349703f705bcacff3ddf6be06e59de8d4355718fcfd6e1432cd66cf654119f111320c5d2e47f6396e3371b8e2ff8d45f0f7631bdecea8cbe41bdf4437b1bc041ac9adba210f6ceb1f4f7f707ed4ddcaa5171780acf22426e09d8d2d56c74c005a95f3393f970876d3b32f4f2389fa0d0955864ea2ac"}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x429}}, {0x48, &(0x7f0000000e80)=@string={0x48, 0x3, "0f8ef1bdc2e17b550e7de114a85a8852117d738b3f54eb6d341618fc3921e181c6ec4bd395e4efa7543fa5efa07e9ac28afcefbf7039913e278f20d1a3b13f9387b09959bab5"}}]}) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0) r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x89901) move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) 13m12.923394455s ago: executing program 5 (id=2279): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = openat$random(0xffffffffffffff9c, &(0x7f0000001580), 0x60000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) open_by_handle_at(0xffffffffffffffff, 0x0, 0x1) r5 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r5, &(0x7f0000000300)={{0x6, @default, 0x1}, [@default, @default, @null, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast]}, 0x48) readahead(0xffffffffffffffff, 0x0, 0xfffffffffffffffd) poll(&(0x7f0000000600)=[{r5, 0x48}], 0x1, 0x400) ptrace$ARCH_GET_FS(0x1e, 0x0, 0x0, 0x1003) fcntl$setstatus(r1, 0x4, 0x2400) setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="380000001a0001000000000000100a0080202000", @ANYRES32=0x0, @ANYRES16], 0x38}, 0x1, 0x0, 0x0, 0x8090}, 0x0) 13m12.271211584s ago: executing program 5 (id=2280): openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149a82, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x16, 0x16, &(0x7f0000000380)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000003d0301"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r3 = accept4(r2, 0x0, 0x0, 0x800) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000140)={0x2c, 0x0, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_TAGLST={0x4}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_MLSCATLST={0x4}]}, 0x2c}}, 0x0) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085", 0xcb}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 13m11.875633567s ago: executing program 33 (id=2280): openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149a82, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x16, 0x16, &(0x7f0000000380)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000003d0301"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r3 = accept4(r2, 0x0, 0x0, 0x800) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000140)={0x2c, 0x0, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_TAGLST={0x4}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_MLSCATLST={0x4}]}, 0x2c}}, 0x0) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085", 0xcb}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 1m22.350988633s ago: executing program 1 (id=4360): socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat$sndseq(0xffffffffffffff9c, 0x0, 0x200) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48) socket(0xb, 0x4, 0x3) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x0, @dev}, 0x2}}, 0x2e) 26.611225253s ago: executing program 1 (id=4366): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = add_key(0x0, &(0x7f0000000080)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) keyctl$read(0xb, r4, 0x0, 0x0) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) ioctl$FS_IOC_GETFSLABEL(r5, 0x541b, 0xffffffffffffffff) 25.640156536s ago: executing program 1 (id=4513): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001f00), 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_usbip_server_init(0x0) r3 = socket$inet6(0xa, 0x802, 0x0) sendmsg$inet(r3, &(0x7f0000000300)={&(0x7f00000001c0)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1100000000000000000000000100000000000000000000001c00000000000000000000000700"], 0x38}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = socket$inet6(0xa, 0x80002, 0x0) r5 = dup(r4) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0xe501, 0x3, 0x230, 0x0, 0xa, 0x1000000, 0x0, 0x0, 0x198, 0x230, 0x230, 0x198, 0x223, 0x3, 0x0, {[{{@ip={@broadcast, @multicast2, 0x0, 0xffffffff, 'ip6_vti0\x00', 'veth1_to_hsr\x00', {0xff}, {}, 0x6e, 0x0, 0x24}, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffe}}, {{@ip={@multicast2, @rand_addr, 0x0, 0xffffffff, 'vxcan1\x00', 'veth1_to_batadv\x00', {}, {0xff}, 0x1d}, 0x0, 0x98, 0x100, 0x0, {}, [@common=@unspec=@connlabel={{0x28}, {0x5, 0x1}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x589b, 0x6, 0x0, 'syz1\x00', 'syz1\x00', {0xb}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x290) 23.925356758s ago: executing program 1 (id=4515): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000080), r0) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000011c0)={0x30, r1, 0x5, 0x70bd2a, 0x25dfdbfd, {}, [@WGDEVICE_A_FLAGS={0x8, 0x5, 0x1}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg1\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000}, 0x40) 23.544998495s ago: executing program 1 (id=4520): gettid() timer_create(0x0, 0x0, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r0 = socket(0x10, 0x3, 0x0) recvmmsg(r0, &(0x7f0000000380)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) write(r0, &(0x7f00000000c0)="240000001e005f0214fffffffffffff8070000001d00000000000000050009000d000000", 0x24) 22.693288144s ago: executing program 1 (id=4524): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x38, 0x1403, 0x1, 0x70bd2b, 0x25dfdbfc, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'bond_slave_0\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x20000000) 13.964985387s ago: executing program 0 (id=4551): rseq(&(0x7f0000000080)={0x0, 0x0, 0x0, 0x5}, 0x20, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000140)={r0, 0x0, 0x0}, 0x20) 13.151489499s ago: executing program 0 (id=4553): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="1800"/15], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='contention_end\x00', r0}, 0x10) pipe2(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000100)=0x3ff) 12.964188554s ago: executing program 0 (id=4556): socket$kcm(0x10, 0x2, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4a2000, 0x0) r0 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000000c0)=0x580a, 0x4) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vcan0\x00'}) sendmsg$can_raw(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@can={{0x4, 0x1, 0x0, 0x1}, 0x4, 0x2, 0x0, 0x0, "ef189a7dc3cd399f"}, 0x10}}, 0x20000000) close(r0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, 0x0, 0x0) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) r3 = accept4$inet(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCDELRT(r3, 0x890c, &(0x7f0000000280)={0x0, {0x2, 0x4e20, @local}, {0x2, 0x4e21, @local}, {0x2, 0x4e23, @broadcast}, 0x200, 0x0, 0x0, 0x0, 0x4, 0x0, 0xa, 0x9, 0xff9e}) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) mlock2(&(0x7f000027f000/0x2000)=nil, 0x2000, 0x1) r4 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000100), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$WG_CMD_SET_DEVICE(r5, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000580)=ANY=[@ANYBLOB="1c020000", @ANYRES16=r4, @ANYBLOB="01000000000000000000010000001400020077673100000000000000000000000000f40108807000008048000980282000f8060001000a00000014000200fe8000000000000000000000000000aa05000300000000001c000080060001000200000908000200e0000001050003000000000024000100000000000000000000000000000000000000000000000000000000000000000080010080200004000a004e2000000005200100000000000000000000000000000800000006000500b01f00000800030006000000060005000500000008000a000100000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff200004000a034e200000040100000000000000000000ffffac14142a0600000024000100"/301], 0x21c}, 0x1, 0x0, 0x0, 0x20040010}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x18}, 0x1, 0x0, 0x0, 0x20000001}, 0x44) 10.16347001s ago: executing program 4 (id=4562): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x6a) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000480)='cgroup.threads\x00', 0x2, 0x0) sendfile(r1, r1, 0x0, 0x4) sched_setscheduler(0x0, 0x2, 0x0) readv(r1, &(0x7f0000000440)=[{&(0x7f00000004c0)=""/247, 0xf7}], 0x1) 10.036277317s ago: executing program 3 (id=4563): rseq(&(0x7f0000000080)={0x0, 0x0, 0x0, 0x5}, 0x20, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[], 0x50) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000140)={r0, 0x0, 0x0}, 0x20) 9.911778317s ago: executing program 4 (id=4564): prlimit64(0x0, 0xe, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000) r1 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5) writev(r1, &(0x7f0000000400)=[{&(0x7f0000000040)="aa1d484ea0000000f7fc08fcd111fbdf23ea32db0e8f21d5bc27bd49eb067a0689fff2a41cfbf0e9d85e44", 0x2b}], 0x1) 9.723668452s ago: executing program 6 (id=4565): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0) r1 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbfdfff7c}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0x75fa, 0xe475, 0x0, 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, "00769aff95595915303d74ffdeffff000400"}) r4 = syz_open_pts(r0, 0x0) ioctl$TIOCVHANGUP(r4, 0x5437, 0x0) 9.647582412s ago: executing program 3 (id=4566): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="1800"/15], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='contention_end\x00', r0}, 0x10) pipe2(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000100)=0x3ff) 9.555882228s ago: executing program 6 (id=4567): syz_open_dev$tty1(0xc, 0x4, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[], 0x0, 0x26, 0x0, 0x1, 0x4, 0x0, @void, @value}, 0x28) r1 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f0000000480), 0x400034f, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7030000080000002d01000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r8}, 0x10) mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000600)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r6}}) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40840) sched_setscheduler(r0, 0x2, 0x0) syz_io_uring_setup(0x762f, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b81000085"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 9.495557909s ago: executing program 3 (id=4568): pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0x8}, 0x0, &(0x7f0000000600)={0x3ff, 0x0, 0x0, 0xc, 0x0, 0x9, 0x466, 0xffffffffffffffff}, 0x0, 0x0) 7.78346375s ago: executing program 3 (id=4569): r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x3, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f0000000280), r2) getsockname$packet(r2, &(0x7f00000007c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="4400000010000104001007fb5c360dff9fe30000", @ANYRES32=r3, @ANYBLOB="0100000000000000240012000c000100627269646765000e140002000800070005"], 0x44}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendto$packet(r0, 0x0, 0x0, 0x10, &(0x7f0000000080)={0x11, 0x4, r3, 0x1, 0x5, 0x6, @broadcast}, 0x14) 7.579131302s ago: executing program 34 (id=4524): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x38, 0x1403, 0x1, 0x70bd2b, 0x25dfdbfc, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'bond_slave_0\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x20000000) 7.571797447s ago: executing program 6 (id=4571): bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000200)={{}, &(0x7f0000000000), &(0x7f0000000140)='%-5lx \x00'}, 0x20) bind$alg(0xffffffffffffffff, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c", 0x15) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0000002d00010026bd7000fcdbdf250400000008000c00", @ANYRES32=r0, @ANYBLOB="19007550a58e434281bc9508e6f40e429d58c27949ba3228835498259610b0f70d"], 0x1c}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000) r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r2, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @multicast}, 0x10) sendmmsg(r2, &(0x7f0000001380), 0x3fffffffffffeed, 0x0) mknodat$loop(0xffffffffffffffff, &(0x7f0000001600)='./file1\x00', 0x0, 0x0) link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00') unlinkat(0xffffffffffffffff, 0x0, 0x200) unlink(&(0x7f0000000040)='./file1\x00') bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000600)=ANY=[@ANYBLOB="9feb010018000000000000003100000031000000030000000f0000000000001203000000030000000200000f01000050250003588e1aa3f95a5cd2b10000000102000007000000020000000200000000000000d0213fa78a821903ecb13da4b9bc98ed81faa67f95501016687f3a0f9887d9fa23432b25afeb1c8a9998332442d1f7cb76feb96dbc9da3545cdb3ba3fdd1bbd1f9264fea1967f7d3896f9edc31b8a9993093e8688822a89c3ddd9b2e47d65b539139d4df3dd61e88d9f2550762533a378d3645e71f41f961dad5894ab731070389941be27b91edf0360cb400112faa00"/237], &(0x7f0000000340)=""/142, 0x4f, 0x8e, 0x1, 0x0, 0x0, @void, @value}, 0x28) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) 7.493865693s ago: executing program 4 (id=4572): fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r1, &(0x7f0000000440), 0x10) listen(r1, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) mount(0x0, 0x0, 0x0, 0x0, 0x0) r2 = accept4$unix(r1, 0x0, 0x0, 0x0) recvmsg(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000480)=""/68, 0x44}], 0x1}, 0x80) 5.555385924s ago: executing program 0 (id=4573): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x2556, 0x1000, 0x2, 0x24d}, &(0x7f0000000480)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f00000002c0)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000180)=[{&(0x7f0000000300)=""/139, 0x8b}], 0x1}) io_uring_enter(r1, 0x100847c0, 0x0, 0x1, 0x0, 0x0) 5.555087139s ago: executing program 4 (id=4574): close(0xffffffffffffffff) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) r1 = dup(r0) mount$9p_fd(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x200400, &(0x7f0000000240)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r1}}) 5.533640554s ago: executing program 3 (id=4575): tkill(0x0, 0x7) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(0xffffffffffffffff, 0xc08c5336, 0x0) syz_usb_disconnect(0xffffffffffffffff) r0 = syz_open_dev$evdev(0x0, 0x1d39, 0x10001) ioctl$EVIOCRMFF(r0, 0x40044581, 0x0) r1 = syz_pidfd_open(0x0, 0x0) setns(r1, 0x24020000) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000240)={0x60000000}) ioctl$TCSETA(0xffffffffffffffff, 0x5406, &(0x7f0000000000)={0x8, 0x7, 0xe48, 0x9f1, 0x17, "de98cd550c0f9c4a"}) syz_usb_connect(0x3, 0x36, &(0x7f0000000280)=ANY=[@ANYBLOB="1201000086255608c6051292834701020301090224000300000000090b1e0000fc05410009040000004624d0000904ea7300ff3a848a5a71e20d8b3498676a78832cad0a5b8461c017"], 0x0) 5.461499722s ago: executing program 6 (id=4576): rseq(&(0x7f0000000080)={0x0, 0x0, 0x0, 0x5}, 0x20, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[], 0x50) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000140)={r0, 0x0, 0x0}, 0x20) 4.924410637s ago: executing program 4 (id=4577): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket$inet6(0xa, 0x805, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x4003) mq_open(0x0, 0x0, 0x0, &(0x7f0000000180)={0x0, 0x80000040001}) r6 = add_key$user(&(0x7f0000000200), &(0x7f0000000300)={'syz', 0x3}, &(0x7f00000004c0)='\x00K', 0x2, 0xfffffffffffffffe) r7 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000040)={r6, r7, r7}, 0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)={'poly1305-generic\x00'}}) 4.423199676s ago: executing program 6 (id=4578): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000000c0), 0x80, 0x0) setsockopt$pppl2tp_PPPOL2TP_SO_DEBUG(r2, 0x111, 0x1, 0x4, 0x4) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e) ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x8933, &(0x7f0000002540)={'wg0\x00'}) getpeername$packet(r2, &(0x7f0000003900), &(0x7f0000003940)=0x14) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r4 = openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x109801, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r4, 0xc004500a, &(0x7f0000000000)=0x74000000) write$dsp(r4, &(0x7f0000002000)='`', 0x88020) sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB], 0x34}, 0x1, 0x0, 0x0, 0x40}, 0x0) 1.169533673s ago: executing program 3 (id=4579): socket$kcm(0x10, 0x3, 0x10) socket$inet6_sctp(0xa, 0x1, 0x84) socket$inet6_udp(0xa, 0x2, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0) ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, &(0x7f0000000d40)={0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(0xffffffffffffffff, 0xc06864ce, &(0x7f0000000340)={r2, 0x0, 0x0, 0x0, 0x0, [0x0], [0x0, 0x7], [0x0, 0x0, 0x2], [0x0, 0x0, 0x1, 0x1]}) dup(0xffffffffffffffff) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0x4}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000080)={r3, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r4}) socket$inet_tcp(0x2, 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x14, 0x4, 0x4, 0x10002, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xffffffff, 0x0, 0x0, @void, @value, @void, @value=0x180}, 0x48) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x5, @mcast1}, 0x1c) mbind(&(0x7f0000006000/0x3000)=nil, 0x3000, 0x4, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0x17) 1.135295933s ago: executing program 0 (id=4580): r0 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r0, &(0x7f0000000200)={0x2a, 0x1}, 0xc) syz_open_dev$vcsn(&(0x7f00000000c0), 0xb, 0x8020) bpf$MAP_CREATE(0x0, 0x0, 0x50) mount(&(0x7f0000000040)=@nullb, &(0x7f0000000100)='.\x00', &(0x7f0000000000)='exfat\x00', 0x8000, 0x0) 900.784222ms ago: executing program 4 (id=4581): prlimit64(0x0, 0xe, 0x0, 0x0) fanotify_init(0x200, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f0000000080)={@loopback={0x0, 0xff00}}) openat$dir(0xffffffffffffff9c, &(0x7f0000001a00)='./file1\x00', 0x40, 0x1e8) mount(&(0x7f0000000000)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000004a00)='./file1\x00', &(0x7f0000000040)='udf\x00', 0x8007, 0x0) quotactl$Q_QUOTAON(0xffffffff80000201, &(0x7f00000000c0)=@nbd={'/dev/nbd', 0x0}, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$sndseq(0xffffffffffffffff, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8) 407.142185ms ago: executing program 0 (id=4582): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = syz_io_uring_setup(0x497, 0x0, 0x0, 0x0) io_uring_enter(r1, 0x3516, 0x0, 0x4, 0x0, 0x0) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000100)={0x50, 0x0, 0x0, {0x7, 0x1f, 0xffffffff, 0x240009, 0x1, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x20, 0x7}}, 0x50) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x2, 0x0, 0x7fff0000}]}) r3 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x8, 0x3, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x8, 0x76}}, &(0x7f0000000040)='syzkaller\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000001240)=@base={0xf, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x37) close(r3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg(r4, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000001680)=[{&(0x7f0000001400)='H', 0x20001401}], 0x1}, 0x803e000000000000) pselect6(0x40, &(0x7f0000000000)={0x0, 0x0, 0x8000000000000000, 0x0, 0x77c8, 0x0, 0x0, 0x10000000}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x8, 0x9, 0x0, 0x2, 0x7}, 0x0, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) 0s ago: executing program 6 (id=4583): syz_usb_connect$cdc_ncm(0x4, 0x6e, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000002505a1a440000102030109025c0002010000000904000001a3f45747d649f9a30105240000000d240f8100000000000000000006241a0000000905810300000000000904010000020d00000904010102020d000009058202000000000009050302"], 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d00090582"], 0x0) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r0, &(0x7f0000001300)="92", 0x2) syz_usb_connect(0x0, 0x1cb, 0x0, 0x0) read$char_usb(r0, 0x0, 0x0) kernel console output (not intermixed with test programs): 477.185835][ T5873] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1477.220483][ T5873] usb 4-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 1477.239885][ T5873] usb 4-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 1477.260883][ T5873] usb 4-1: Product: syz [ 1477.270788][ T5873] usb 4-1: Manufacturer: syz [ 1477.276690][ T5873] usb 4-1: SerialNumber: syz [ 1477.302223][ T5873] input: appletouch as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/input/input23 [ 1477.308167][T20966] FAULT_INJECTION: forcing a failure. [ 1477.308167][T20966] name failslab, interval 1, probability 0, space 0, times 0 [ 1477.352841][T20966] CPU: 1 UID: 0 PID: 20966 Comm: syz.1.3680 Not tainted 6.15.0-rc7-syzkaller-00002-gb36ddb9210e6 #0 PREEMPT(full) [ 1477.352878][T20966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1477.352892][T20966] Call Trace: [ 1477.352901][T20966] [ 1477.352911][T20966] dump_stack_lvl+0x189/0x250 [ 1477.352948][T20966] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1477.352976][T20966] ? __pfx__printk+0x10/0x10 [ 1477.353015][T20966] ? __pfx___might_resched+0x10/0x10 [ 1477.353043][T20966] ? fs_reclaim_acquire+0x7d/0x100 [ 1477.353071][T20966] should_fail_ex+0x414/0x560 [ 1477.353098][T20966] ? alloc_netdev_mqs+0xa8b/0x11e0 [ 1477.353128][T20966] should_failslab+0xa8/0x100 [ 1477.353150][T20966] __kvmalloc_node_noprof+0x168/0x5e0 [ 1477.353171][T20966] ? alloc_netdev_mqs+0xa8b/0x11e0 [ 1477.353208][T20966] alloc_netdev_mqs+0xa8b/0x11e0 [ 1477.353247][T20966] rtnl_create_link+0x31f/0xd10 [ 1477.353287][T20966] rtnl_newlink_create+0x258/0xaf0 [ 1477.353320][T20966] ? __lock_acquire+0xaac/0xd20 [ 1477.353352][T20966] ? __pfx_rtnl_newlink_create+0x10/0x10 [ 1477.353376][T20966] ? rtnl_newlink+0x8db/0x1c70 [ 1477.353403][T20966] ? __pfx___mutex_lock+0x10/0x10 [ 1477.353443][T20966] ? ns_capable+0x8a/0xf0 [ 1477.353478][T20966] rtnl_newlink+0x16d6/0x1c70 [ 1477.353516][T20966] ? kasan_save_track+0x3e/0x80 [ 1477.353557][T20966] ? __pfx_rtnl_newlink+0x10/0x10 [ 1477.353618][T20966] ? kasan_quarantine_put+0xdd/0x220 [ 1477.353647][T20966] ? lockdep_hardirqs_on+0x9c/0x150 [ 1477.353680][T20966] ? nlmon_xmit+0xb0/0x100 [ 1477.353708][T20966] ? kmem_cache_free+0x192/0x3f0 [ 1477.353746][T20966] ? __local_bh_enable_ip+0x12d/0x1c0 [ 1477.353777][T20966] ? lockdep_hardirqs_on+0x9c/0x150 [ 1477.353803][T20966] ? __local_bh_enable_ip+0x12d/0x1c0 [ 1477.353833][T20966] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 1477.353869][T20966] ? __dev_queue_xmit+0x27e/0x3a70 [ 1477.353898][T20966] ? __dev_queue_xmit+0x27e/0x3a70 [ 1477.353927][T20966] ? __dev_queue_xmit+0x27e/0x3a70 [ 1477.353962][T20966] ? __lock_acquire+0xaac/0xd20 [ 1477.354016][T20966] ? __pfx_rtnl_newlink+0x10/0x10 [ 1477.354038][T20966] rtnetlink_rcv_msg+0x7cf/0xb70 [ 1477.354066][T20966] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 1477.354088][T20966] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1477.354116][T20966] ? ref_tracker_free+0x63a/0x7d0 [ 1477.354136][T20966] ? __copy_skb_header+0xa7/0x550 [ 1477.354176][T20966] netlink_rcv_skb+0x21c/0x490 [ 1477.354203][T20966] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1477.354229][T20966] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1477.354277][T20966] ? netlink_deliver_tap+0x2e/0x1b0 [ 1477.354301][T20966] ? netlink_deliver_tap+0x2e/0x1b0 [ 1477.354332][T20966] netlink_unicast+0x758/0x8d0 [ 1477.354367][T20966] netlink_sendmsg+0x805/0xb30 [ 1477.354389][T20966] ? is_bpf_text_address+0x26/0x2b0 [ 1477.354429][T20966] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1477.354463][T20966] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1477.354487][T20966] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1477.354521][T20966] __sock_sendmsg+0x219/0x270 [ 1477.354547][T20966] ____sys_sendmsg+0x505/0x830 [ 1477.354583][T20966] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1477.354623][T20966] ? import_iovec+0x74/0xa0 [ 1477.354657][T20966] ___sys_sendmsg+0x21f/0x2a0 [ 1477.354689][T20966] ? __pfx____sys_sendmsg+0x10/0x10 [ 1477.354761][T20966] ? __fget_files+0x2a/0x420 [ 1477.354781][T20966] ? __fget_files+0x3a0/0x420 [ 1477.354813][T20966] __x64_sys_sendmsg+0x19b/0x260 [ 1477.354844][T20966] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1477.354894][T20966] ? do_syscall_64+0xba/0x210 [ 1477.354927][T20966] do_syscall_64+0xf6/0x210 [ 1477.354955][T20966] ? clear_bhb_loop+0x60/0xb0 [ 1477.354981][T20966] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1477.355001][T20966] RIP: 0033:0x7fe2cf38e969 [ 1477.355020][T20966] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1477.355038][T20966] RSP: 002b:00007fe2d0180038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1477.355061][T20966] RAX: ffffffffffffffda RBX: 00007fe2cf5b5fa0 RCX: 00007fe2cf38e969 [ 1477.355077][T20966] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003 [ 1477.355090][T20966] RBP: 00007fe2d0180090 R08: 0000000000000000 R09: 0000000000000000 [ 1477.355102][T20966] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1477.355113][T20966] R13: 0000000000000000 R14: 00007fe2cf5b5fa0 R15: 00007fffa4d3df58 [ 1477.355146][T20966] [ 1477.891054][ T5875] usb 4-1: USB disconnect, device number 51 [ 1477.956841][ T5875] appletouch 4-1:1.0: input: appletouch disconnected [ 1478.592863][T20979] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3684'. [ 1479.263500][T20983] netlink: 'syz.4.3685': attribute type 72 has an invalid length. [ 1479.280620][T20983] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3685'. [ 1480.250489][T21000] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3690'. [ 1480.633583][ T5875] usb 5-1: new high-speed USB device number 69 using dummy_hcd [ 1480.786610][ T5880] usb 2-1: new high-speed USB device number 45 using dummy_hcd [ 1481.002984][ T5880] usb 2-1: Using ep0 maxpacket: 16 [ 1481.009871][ T5880] usb 2-1: config 0 has an invalid interface number: 105 but max is 0 [ 1481.014005][ T5875] usb 5-1: Using ep0 maxpacket: 16 [ 1481.018807][ T5880] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1481.034133][ T5880] usb 2-1: config 0 has no interface number 0 [ 1481.037864][ T5875] usb 5-1: config 5 has an invalid interface number: 168 but max is 0 [ 1481.043204][ T5880] usb 2-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28 [ 1481.049958][ T5875] usb 5-1: config 5 has no interface number 0 [ 1481.064744][ T5880] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1481.066208][ T5875] usb 5-1: config 5 interface 168 altsetting 7 has an endpoint descriptor with address 0xEB, changing to 0x8B [ 1481.077389][ T5880] usb 2-1: Product: syz [ 1481.085652][ T5875] usb 5-1: config 5 interface 168 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1481.089166][ T5880] usb 2-1: Manufacturer: syz [ 1481.103063][ T5875] usb 5-1: config 5 interface 168 has no altsetting 0 [ 1481.114669][ T5880] usb 2-1: SerialNumber: syz [ 1481.117954][ T5875] usb 5-1: New USB device found, idVendor=04cc, idProduct=2533, bcdDevice=fc.58 [ 1481.129305][ T5875] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1481.130706][ T5880] usb 2-1: config 0 descriptor?? [ 1481.138775][ T5875] usb 5-1: Product: syz [ 1481.147417][ T5875] usb 5-1: Manufacturer: syz [ 1481.152227][ T5875] usb 5-1: SerialNumber: syz [ 1481.366301][ T5880] usb 2-1: Found UVC 0.00 device syz (046d:08d3) [ 1481.373492][ T5880] usb 2-1: No valid video chain found. [ 1481.382616][T20997] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3689'. [ 1481.404511][ T5875] pn533_usb 5-1:5.168: NFC: Could not find bulk-in or bulk-out endpoint [ 1481.423805][ T5875] usb 5-1: USB disconnect, device number 69 [ 1481.602200][T21006] atomic_op ffff888033dda998 conn xmit_atomic 0000000000000000 [ 1481.991905][T21016] kvm: kvm [21015]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x0 [ 1482.008652][T21016] kvm: kvm [21015]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0x0 [ 1482.019910][T21016] kvm: kvm [21015]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x0 [ 1482.029417][T21016] kvm: kvm [21015]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0x0 [ 1482.049437][T21016] kvm: kvm [21015]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x0 [ 1482.058480][T21016] kvm: kvm [21015]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0x0 [ 1482.069721][T21016] kvm: kvm [21015]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x0 [ 1482.081648][T21016] kvm: kvm [21015]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0x0 [ 1482.094893][T21016] kvm: kvm [21015]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x0 [ 1482.103534][T21016] kvm: kvm [21015]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0x0 [ 1482.223069][ T5875] usb 5-1: new low-speed USB device number 70 using dummy_hcd [ 1482.396256][ T5875] usb 5-1: config 252 has an invalid interface number: 101 but max is 0 [ 1482.410285][ T5875] usb 5-1: config 252 has no interface number 0 [ 1482.419466][ T5875] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 1482.429668][ T5875] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1482.449055][ T5875] pvrusb2: Hardware description: Terratec Grabster AV400 [ 1482.458939][ T5875] pvrusb2: ********** [ 1482.463488][ T5875] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 1482.488835][ T5875] pvrusb2: Important functionality might not be entirely working. [ 1482.512568][ T5875] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 1482.542879][ T5875] pvrusb2: ********** [ 1482.649566][ T2340] pvrusb2: Invalid write control endpoint [ 1482.685325][T21028] netlink: 'syz.0.3699': attribute type 72 has an invalid length. [ 1482.713178][T21028] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3699'. [ 1482.793130][ T2340] pvrusb2: Invalid write control endpoint [ 1482.822121][ T2340] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 1482.852248][ T2340] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 1482.869426][ T2340] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 1482.880641][ T2340] pvrusb2: Device being rendered inoperable [ 1482.903377][ T5880] usb 5-1: USB disconnect, device number 70 [ 1482.928011][ T2340] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 1482.936948][ T2340] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 1482.950302][ T2340] pvrusb2: Attached sub-driver cx25840 [ 1482.960090][ T2340] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 1482.976899][ T2340] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 1484.362477][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1484.369351][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1484.594272][ T5872] usb 2-1: USB disconnect, device number 45 [ 1485.156516][T21057] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1485.220567][ T5872] usb 2-1: new high-speed USB device number 46 using dummy_hcd [ 1485.550877][ T5872] usb 2-1: Using ep0 maxpacket: 16 [ 1485.665436][ T5872] usb 2-1: config 5 has an invalid interface number: 168 but max is 0 [ 1485.678816][ T5872] usb 2-1: config 5 has no interface number 0 [ 1485.685329][ T5872] usb 2-1: config 5 interface 168 altsetting 7 has an endpoint descriptor with address 0xEB, changing to 0x8B [ 1485.697563][ T5872] usb 2-1: config 5 interface 168 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1485.711160][ T5872] usb 2-1: config 5 interface 168 has no altsetting 0 [ 1485.721440][ T5872] usb 2-1: New USB device found, idVendor=04cc, idProduct=2533, bcdDevice=fc.58 [ 1485.732002][ T5872] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1485.740466][ T5872] usb 2-1: Product: syz [ 1485.745111][ T5872] usb 2-1: Manufacturer: syz [ 1485.749807][ T5872] usb 2-1: SerialNumber: syz [ 1485.963931][T21050] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3707'. [ 1486.052016][ T5872] pn533_usb 2-1:5.168: NFC: Could not find bulk-in or bulk-out endpoint [ 1486.059310][T21063] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3710'. [ 1486.163778][ T5872] usb 2-1: USB disconnect, device number 46 [ 1486.907903][T14128] usb 5-1: new high-speed USB device number 71 using dummy_hcd [ 1487.160040][T21077] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3717'. [ 1487.171206][T21077] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3717'. [ 1487.379653][T14128] usb 5-1: unable to get BOS descriptor or descriptor too short [ 1487.394027][T14128] usb 5-1: config 1 interface 0 has no altsetting 0 [ 1487.403913][T14128] usb 5-1: New USB device found, idVendor=16c0, idProduct=75e1, bcdDevice= 0.40 [ 1487.422722][T14128] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1487.430861][T14128] usb 5-1: Product: syz [ 1487.435197][T14128] usb 5-1: Manufacturer: 邆ⴿ垴Ꮼ㟀嗤୚穞鎐큃榒㎞厰㔚䀨ᨤ여㋡ཌ⠴꺩ჷ狘㑴䝅县龊鹲厩恥ขၶⲻ鯶搲뛴䪰苞홁쫒쇥퟾첯㠌禀⡮쉞쉮猠꾛ᅬ묤ꭏ瑱✡ဒ킡刘㒭灀ꢐ㱨苀譏枔듌꠽쟝苚갽䒍馋쌿炻騸览瘌ꤟ餏◲읝味ᴺ但⡵簈ⷵ酸탣㖤ᢎ儂ⴶ᭣쫳請⻚٠畛僣ƞᴢ㛷횣㭸㧀葽᣹偒ᙈ볚᲼ᣦשּׁ቞湓 [ 1487.801869][T21084] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3716'. [ 1487.873958][T14128] usb 5-1: SerialNumber: syz [ 1488.233646][T21084] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3716'. [ 1488.242569][T21084] netlink: 'syz.3.3716': attribute type 14 has an invalid length. [ 1488.310263][T21084] netlink: 'syz.3.3716': attribute type 12 has an invalid length. [ 1488.394186][T14128] usbhid 5-1:1.0: can't add hid device: -71 [ 1488.400318][T14128] usbhid 5-1:1.0: probe with driver usbhid failed with error -71 [ 1488.415037][T14128] usb 5-1: USB disconnect, device number 71 [ 1488.529332][T21096] overlayfs: conflicting lowerdir path [ 1490.655239][ T5880] usb 5-1: new high-speed USB device number 72 using dummy_hcd [ 1490.893367][ T5880] usb 5-1: Using ep0 maxpacket: 16 [ 1490.912306][ T5880] usb 5-1: config 5 has an invalid interface number: 168 but max is 0 [ 1491.108230][ T5880] usb 5-1: config 5 has no interface number 0 [ 1491.116272][ T5880] usb 5-1: config 5 interface 168 altsetting 7 has an endpoint descriptor with address 0xEB, changing to 0x8B [ 1491.980599][ T5880] usb 5-1: config 5 interface 168 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1492.101832][ T5880] usb 5-1: config 5 interface 168 has no altsetting 0 [ 1492.207006][ T5880] usb 5-1: New USB device found, idVendor=04cc, idProduct=2533, bcdDevice=fc.58 [ 1492.266357][ T5880] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1492.336048][ T5880] usb 5-1: Product: syz [ 1492.358020][ T5880] usb 5-1: Manufacturer: syz [ 1492.383321][ T5880] usb 5-1: SerialNumber: syz [ 1492.634157][T21110] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3724'. [ 1492.752911][ T5880] pn533_usb 5-1:5.168: NFC: Could not find bulk-in or bulk-out endpoint [ 1492.774096][ T5880] usb 5-1: USB disconnect, device number 72 [ 1493.635069][ T5872] usb 7-1: new full-speed USB device number 34 using dummy_hcd [ 1493.814746][ T5872] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 52, changing to 4 [ 1493.831113][ T5872] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 13368, setting to 1023 [ 1494.061459][T21146] Invalid source name [ 1494.065861][T21146] UBIFS error (pid: 21146): cannot open "./file0", error -22 [ 1495.336116][T21147] Invalid source name [ 1495.347891][T21147] UBIFS error (pid: 21147): cannot open "./file0", error -22 [ 1496.922353][ T5872] usb 7-1: string descriptor 0 read error: -71 [ 1497.004226][ T5872] usb 7-1: New USB device found, idVendor=3823, idProduct=0001, bcdDevice= 3.eb [ 1497.047850][ T5872] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1497.088880][ T5872] usb 7-1: config 0 descriptor?? [ 1497.107561][ T5872] usb 7-1: can't set config #0, error -71 [ 1497.137141][ T5872] usb 7-1: USB disconnect, device number 34 [ 1497.423512][T21165] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4) [ 1497.430101][T21165] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1497.470611][T21165] vhci_hcd vhci_hcd.0: Device attached [ 1497.725449][T21172] netlink: 560 bytes leftover after parsing attributes in process `syz.3.3739'. [ 1498.332888][ T5875] usb 33-1: new low-speed USB device number 4 using vhci_hcd [ 1498.742779][ T9] usb 5-1: new high-speed USB device number 73 using dummy_hcd [ 1499.023068][ T5926] Bluetooth: hci2: Frame reassembly failed (-84) [ 1499.425218][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 1499.440660][ T9] usb 5-1: config 5 has an invalid interface number: 168 but max is 0 [ 1499.520398][ T9] usb 5-1: config 5 has no interface number 0 [ 1499.527221][ T9] usb 5-1: config 5 interface 168 altsetting 7 has an endpoint descriptor with address 0xEB, changing to 0x8B [ 1499.542674][ T9] usb 5-1: config 5 interface 168 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1499.559632][ T9] usb 5-1: config 5 interface 168 has no altsetting 0 [ 1499.569890][ T9] usb 5-1: New USB device found, idVendor=04cc, idProduct=2533, bcdDevice=fc.58 [ 1499.583992][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1499.604558][ T9] usb 5-1: Product: syz [ 1499.608827][ T9] usb 5-1: Manufacturer: syz [ 1499.616488][ T9] usb 5-1: SerialNumber: syz [ 1499.634934][T21188] syzkaller0: entered promiscuous mode [ 1499.647636][T21188] syzkaller0: entered allmulticast mode [ 1499.832995][T21174] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3742'. [ 1499.880171][ T9] pn533_usb 5-1:5.168: NFC: Could not find bulk-in or bulk-out endpoint [ 1499.910706][ T9] usb 5-1: USB disconnect, device number 73 [ 1500.380280][T21167] vhci_hcd: connection reset by peer [ 1500.402921][T11891] vhci_hcd: stop threads [ 1500.407270][T11891] vhci_hcd: release socket [ 1500.430311][T11891] vhci_hcd: disconnect device [ 1501.072828][T19854] Bluetooth: hci2: command 0xfc11 tx timeout [ 1501.079257][T15388] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1503.466667][ T5875] vhci_hcd: vhci_device speed not set [ 1506.461694][T21249] FAULT_INJECTION: forcing a failure. [ 1506.461694][T21249] name failslab, interval 1, probability 0, space 0, times 0 [ 1506.509094][T21249] CPU: 1 UID: 0 PID: 21249 Comm: syz.3.3762 Not tainted 6.15.0-rc7-syzkaller-00002-gb36ddb9210e6 #0 PREEMPT(full) [ 1506.509125][T21249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1506.509139][T21249] Call Trace: [ 1506.509149][T21249] [ 1506.509159][T21249] dump_stack_lvl+0x189/0x250 [ 1506.509195][T21249] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1506.509223][T21249] ? __pfx__printk+0x10/0x10 [ 1506.509258][T21249] ? __pfx___might_resched+0x10/0x10 [ 1506.509294][T21249] should_fail_ex+0x414/0x560 [ 1506.509321][T21249] should_failslab+0xa8/0x100 [ 1506.509341][T21249] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 1506.509371][T21249] ? __alloc_skb+0x112/0x2d0 [ 1506.509402][T21249] __alloc_skb+0x112/0x2d0 [ 1506.509430][T21249] netlink_sendmsg+0x5c6/0xb30 [ 1506.509477][T21249] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1506.509508][T21249] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1506.509528][T21249] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1506.509551][T21249] __sock_sendmsg+0x219/0x270 [ 1506.509574][T21249] ____sys_sendmsg+0x52d/0x830 [ 1506.509606][T21249] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1506.509641][T21249] ? import_iovec+0x74/0xa0 [ 1506.509672][T21249] ___sys_sendmsg+0x21f/0x2a0 [ 1506.509701][T21249] ? __pfx____sys_sendmsg+0x10/0x10 [ 1506.509773][T21249] ? __fget_files+0x2a/0x420 [ 1506.509790][T21249] ? __fget_files+0x3a0/0x420 [ 1506.509819][T21249] __sys_sendmmsg+0x227/0x430 [ 1506.509853][T21249] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1506.509891][T21249] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1506.509936][T21249] ? ksys_write+0x1f0/0x250 [ 1506.509963][T21249] ? rcu_is_watching+0x15/0xb0 [ 1506.510003][T21249] __x64_sys_sendmmsg+0xa0/0xc0 [ 1506.510033][T21249] do_syscall_64+0xf6/0x210 [ 1506.510061][T21249] ? clear_bhb_loop+0x60/0xb0 [ 1506.510086][T21249] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1506.510105][T21249] RIP: 0033:0x7fd9cd38e969 [ 1506.510123][T21249] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1506.510141][T21249] RSP: 002b:00007fd9ce19a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1506.510162][T21249] RAX: ffffffffffffffda RBX: 00007fd9cd5b5fa0 RCX: 00007fd9cd38e969 [ 1506.510177][T21249] RDX: 0000000000000002 RSI: 0000200000003440 RDI: 0000000000000004 [ 1506.510191][T21249] RBP: 00007fd9ce19a090 R08: 0000000000000000 R09: 0000000000000000 [ 1506.510203][T21249] R10: 00000000200480d0 R11: 0000000000000246 R12: 0000000000000001 [ 1506.510216][T21249] R13: 0000000000000000 R14: 00007fd9cd5b5fa0 R15: 00007ffd6395e598 [ 1506.510246][T21249] [ 1509.192879][ T5875] usb 7-1: new high-speed USB device number 35 using dummy_hcd [ 1509.542675][ T5875] usb 7-1: Using ep0 maxpacket: 8 [ 1509.566910][ T5875] usb 7-1: config 1 interface 0 altsetting 3 endpoint 0x82 has invalid maxpacket 24385, setting to 1024 [ 1509.581244][ T5875] usb 7-1: config 1 interface 0 altsetting 3 bulk endpoint 0x82 has invalid maxpacket 1024 [ 1509.612924][ T5875] usb 7-1: config 1 interface 0 altsetting 3 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 1509.656602][ T5875] usb 7-1: config 1 interface 0 has no altsetting 0 [ 1509.672040][ T5875] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1509.685892][ T5875] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1509.769104][ T5875] usb 7-1: Product: 貨쒾ᴪا⾊䂾἞ܲ망✎ົ헑㥾볇쟽빿볩妟ẂΊ뙝㭢b嘭侇䪌㾆阹䒀췆贝㹧꿕垝흻Č釪큱昞毠望ৢ᚝뜗켱㕞둟狚⬯瀛齻꥿⦖⍟팋䵱酚Ɣ풚瞲ヲ [ 1509.818490][ T5875] usb 7-1: Manufacturer: 䣯殌퟿썅࣭뿣簷砊ꌱ堊磬釟礉靑縪栲玱ᗻꡉ鉩‷ﲋ崳싵 [ 1509.844899][ T5875] usb 7-1: SerialNumber: syz [ 1509.860570][T21265] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 1509.962425][T21274] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(4) [ 1509.969109][T21274] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1509.995168][T21274] vhci_hcd vhci_hcd.0: Device attached [ 1510.104251][ T5875] cdc_ether 7-1:1.0: probe with driver cdc_ether failed with error -22 [ 1510.133151][ T5875] usb 7-1: USB disconnect, device number 35 [ 1510.237295][T21279] syzkaller0: entered promiscuous mode [ 1510.243454][ T9] usb 41-1: new low-speed USB device number 4 using vhci_hcd [ 1510.251719][T21279] syzkaller0: entered allmulticast mode [ 1510.265584][ T5873] usb 5-1: new high-speed USB device number 74 using dummy_hcd [ 1510.438448][ T5873] usb 5-1: config 0 has no interfaces? [ 1510.444284][ T5873] usb 5-1: New USB device found, idVendor=0de5, idProduct=0056, bcdDevice= 5.b5 [ 1510.473039][ T5873] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1510.506060][ T5873] usb 5-1: config 0 descriptor?? [ 1510.769462][ T5875] usb 5-1: USB disconnect, device number 74 [ 1510.793444][T21275] vhci_hcd: cannot find a urb of seqnum 1 max seqnum 3 [ 1510.873296][ T7900] vhci_hcd: stop threads [ 1510.877606][ T7900] vhci_hcd: release socket [ 1510.898944][ T7900] vhci_hcd: disconnect device [ 1512.037094][T21298] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3774'. [ 1512.056898][T21298] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3774'. [ 1512.202985][ T5875] usb 7-1: new high-speed USB device number 36 using dummy_hcd [ 1512.730924][T21289] ALSA: mixer_oss: invalid index 40000 [ 1512.742736][ T5875] usb 7-1: Using ep0 maxpacket: 16 [ 1512.793663][ T5875] usb 7-1: config 5 has an invalid interface number: 168 but max is 0 [ 1512.804066][ T5875] usb 7-1: config 5 has no interface number 0 [ 1512.810959][ T5875] usb 7-1: config 5 interface 168 altsetting 7 has an endpoint descriptor with address 0xEB, changing to 0x8B [ 1512.826998][ T5875] usb 7-1: config 5 interface 168 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1512.884303][ T5875] usb 7-1: config 5 interface 168 has no altsetting 0 [ 1512.916883][ T5875] usb 7-1: New USB device found, idVendor=04cc, idProduct=2533, bcdDevice=fc.58 [ 1512.937620][ T5875] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1512.949895][ T5875] usb 7-1: Product: syz [ 1512.957756][ T5875] usb 7-1: Manufacturer: syz [ 1512.963052][ T5875] usb 7-1: SerialNumber: syz [ 1513.223824][T21297] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3775'. [ 1513.988057][ T5875] pn533_usb 7-1:5.168: NFC: Could not find bulk-in or bulk-out endpoint [ 1514.077622][ T5875] usb 7-1: USB disconnect, device number 36 [ 1514.561159][T21316] netlink: 'syz.4.3778': attribute type 10 has an invalid length. [ 1515.382825][ T9] vhci_hcd: vhci_device speed not set [ 1516.740311][T21316] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1516.749125][T21316] batadv0: entered promiscuous mode [ 1516.757163][T21316] batadv0: entered allmulticast mode [ 1516.764394][T21316] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 1516.832479][T21318] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1516.849713][T21318] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1518.212867][ T9] usb 7-1: new high-speed USB device number 37 using dummy_hcd [ 1518.543022][ T9] usb 7-1: Using ep0 maxpacket: 8 [ 1518.578817][ T9] usb 7-1: config 1 interface 0 altsetting 3 endpoint 0x82 has invalid maxpacket 24385, setting to 1024 [ 1518.665874][ T9] usb 7-1: config 1 interface 0 altsetting 3 bulk endpoint 0x82 has invalid maxpacket 1024 [ 1518.894861][ T9] usb 7-1: config 1 interface 0 altsetting 3 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 1519.133205][ T9] usb 7-1: config 1 interface 0 has no altsetting 0 [ 1519.142910][ T9] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1519.152534][ T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1519.161129][ T9] usb 7-1: Product: 貨쒾ᴪا⾊䂾἞ܲ망✎ົ헑㥾볇쟽빿볩妟ẂΊ뙝㭢b嘭侇䪌㾆阹䒀췆贝㹧꿕垝흻Č釪큱昞毠望ৢ᚝뜗켱㕞둟狚⬯瀛齻꥿⦖⍟팋䵱酚Ɣ풚瞲ヲ [ 1519.192681][ T9] usb 7-1: Manufacturer: 䣯殌퟿썅࣭뿣簷砊ꌱ堊磬釟礉靑縪栲玱ᗻꡉ鉩‷ﲋ崳싵 [ 1519.221784][ T9] usb 7-1: SerialNumber: syz [ 1519.240717][T21325] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 1519.478874][ T9] cdc_ether 7-1:1.0: probe with driver cdc_ether failed with error -22 [ 1519.548107][ T9] usb 7-1: USB disconnect, device number 37 [ 1520.171002][T21355] syzkaller0: entered promiscuous mode [ 1520.181101][T21355] syzkaller0: entered allmulticast mode [ 1520.344078][T14128] usb 4-1: new high-speed USB device number 52 using dummy_hcd [ 1520.514322][T14128] usb 4-1: Using ep0 maxpacket: 16 [ 1520.528719][T14128] usb 4-1: config 5 has an invalid interface number: 168 but max is 0 [ 1520.545566][T14128] usb 4-1: config 5 has no interface number 0 [ 1520.552003][T14128] usb 4-1: config 5 interface 168 altsetting 7 has an endpoint descriptor with address 0xEB, changing to 0x8B [ 1520.627173][T14128] usb 4-1: config 5 interface 168 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1520.655313][T14128] usb 4-1: config 5 interface 168 has no altsetting 0 [ 1520.679317][T14128] usb 4-1: New USB device found, idVendor=04cc, idProduct=2533, bcdDevice=fc.58 [ 1520.689971][T14128] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1520.701790][T14128] usb 4-1: Product: syz [ 1520.707698][T14128] usb 4-1: Manufacturer: syz [ 1520.714470][T14128] usb 4-1: SerialNumber: syz [ 1521.034945][T21350] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3789'. [ 1521.155093][T14128] pn533_usb 4-1:5.168: NFC: Could not find bulk-in or bulk-out endpoint [ 1521.293235][T14128] usb 4-1: USB disconnect, device number 52 [ 1523.204546][T21377] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3796'. [ 1523.213705][T21377] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3796'. [ 1524.501629][T21376] ALSA: mixer_oss: invalid index 40000 [ 1524.832971][ T9] usb 7-1: new high-speed USB device number 38 using dummy_hcd [ 1525.004840][ T9] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1525.030889][ T9] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1525.047364][ T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1525.056982][ T9] usb 7-1: Product: syz [ 1525.061238][ T9] usb 7-1: Manufacturer: syz [ 1525.069137][ T9] usb 7-1: SerialNumber: syz [ 1526.053813][T21390] bridge0: port 1(bridge_slave_0) entered disabled state [ 1526.062593][T21390] bridge0: port 2(bridge_slave_1) entered disabled state [ 1526.107261][T21391] bridge0: entered promiscuous mode [ 1526.113637][T21391] macvlan3: entered promiscuous mode [ 1526.167950][ T9] cdc_ncm 7-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 1526.317319][ T9] cdc_ncm 7-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048 [ 1526.332885][ T9] cdc_ncm 7-1:1.0: setting rx_max = 2048 [ 1526.782782][ T9] cdc_ncm 7-1:1.0: setting tx_max = 88 [ 1527.033124][ T9] cdc_ncm 7-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.6-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 1527.063099][ T9] usb 7-1: USB disconnect, device number 38 [ 1527.070592][ T9] cdc_ncm 7-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.6-1, CDC NCM (NO ZLP) [ 1527.091577][T21405] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1527.767311][T21405] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1527.924990][T21417] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3807'. [ 1528.173235][T14128] usb 2-1: new high-speed USB device number 47 using dummy_hcd [ 1528.542764][T14128] usb 2-1: Using ep0 maxpacket: 16 [ 1528.556901][T14128] usb 2-1: config 5 has an invalid interface number: 168 but max is 0 [ 1528.588877][T21423] tmpfs: Bad value for 'mpol' [ 1528.590711][T14128] usb 2-1: config 5 has no interface number 0 [ 1528.601096][T21421] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3809'. [ 1528.614723][T14128] usb 2-1: config 5 interface 168 altsetting 7 has an endpoint descriptor with address 0xEB, changing to 0x8B [ 1528.614882][T21424] tmpfs: Bad value for 'mpol' [ 1528.654920][T14128] usb 2-1: config 5 interface 168 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1528.668471][T14128] usb 2-1: config 5 interface 168 has no altsetting 0 [ 1528.680324][T14128] usb 2-1: New USB device found, idVendor=04cc, idProduct=2533, bcdDevice=fc.58 [ 1528.681687][T21428] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3809'. [ 1528.692887][T14128] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1528.710506][T14128] usb 2-1: Product: syz [ 1528.715204][T14128] usb 2-1: Manufacturer: syz [ 1528.719961][T14128] usb 2-1: SerialNumber: syz [ 1528.846931][T21431] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 1528.984590][T21414] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3806'. [ 1529.158468][T14128] pn533_usb 2-1:5.168: NFC: Could not find bulk-in or bulk-out endpoint [ 1529.606613][T14128] usb 2-1: USB disconnect, device number 47 [ 1529.744836][T21433] syzkaller0: entered promiscuous mode [ 1529.763980][T21433] syzkaller0: entered allmulticast mode [ 1529.805335][T21421] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1531.231043][T21458] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3815'. [ 1531.240977][T21458] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3815'. [ 1531.507139][T21451] ALSA: mixer_oss: invalid index 40000 [ 1532.053802][T21469] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1532.074582][T21469] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1533.429256][T21487] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3823'. [ 1533.953522][ T5875] usb 7-1: new high-speed USB device number 39 using dummy_hcd [ 1534.183062][ T5875] usb 7-1: Using ep0 maxpacket: 16 [ 1534.351449][ T5875] usb 7-1: config 0 has an invalid interface number: 105 but max is 0 [ 1534.360324][ T5875] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1534.370855][ T5875] usb 7-1: config 0 has no interface number 0 [ 1534.379837][ T5875] usb 7-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28 [ 1534.395436][ T5875] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1534.403640][ T5875] usb 7-1: Product: syz [ 1534.408275][ T5875] usb 7-1: Manufacturer: syz [ 1534.413037][ T5875] usb 7-1: SerialNumber: syz [ 1534.423773][ T5875] usb 7-1: config 0 descriptor?? [ 1534.793568][ T5875] usb 7-1: Found UVC 0.00 device syz (046d:08d3) [ 1534.905605][ T5875] usb 7-1: No valid video chain found. [ 1534.911402][T14128] usb 2-1: new high-speed USB device number 48 using dummy_hcd [ 1534.996755][T21489] atomic_op ffff888066018198 conn xmit_atomic 0000000000000000 [ 1535.234951][T14128] usb 2-1: Using ep0 maxpacket: 16 [ 1535.241601][T14128] usb 2-1: config 0 has an invalid interface number: 105 but max is 0 [ 1535.250025][T14128] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1535.260481][T14128] usb 2-1: config 0 has no interface number 0 [ 1535.268839][T14128] usb 2-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28 [ 1535.278069][T14128] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1535.286655][T14128] usb 2-1: Product: syz [ 1535.290954][T14128] usb 2-1: Manufacturer: syz [ 1535.297304][T14128] usb 2-1: SerialNumber: syz [ 1535.373290][T14128] usb 2-1: config 0 descriptor?? [ 1535.591620][T14128] usb 2-1: Found UVC 0.00 device syz (046d:08d3) [ 1535.599136][T14128] usb 2-1: No valid video chain found. [ 1535.824795][T21500] atomic_op ffff88805b709198 conn xmit_atomic 0000000000000000 [ 1535.947949][T21511] syzkaller0: entered promiscuous mode [ 1535.957642][T21511] syzkaller0: entered allmulticast mode [ 1535.971120][T21508] kvm_pr_unimpl_wrmsr: 432 callbacks suppressed [ 1535.971140][T21508] kvm: kvm [21507]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x0 [ 1535.996851][T21508] kvm: kvm [21507]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0x0 [ 1536.008780][T21508] kvm: kvm [21507]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x0 [ 1536.018129][T21508] kvm: kvm [21507]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0x0 [ 1536.029616][T21508] kvm: kvm [21507]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x0 [ 1536.038609][T21508] kvm: kvm [21507]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0x0 [ 1536.049897][T21508] kvm: kvm [21507]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x0 [ 1536.058849][T21508] kvm: kvm [21507]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0x0 [ 1536.070003][T21508] kvm: kvm [21507]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x0 [ 1536.078721][T21508] kvm: kvm [21507]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0x0 [ 1536.538084][ T5875] usb 7-1: USB disconnect, device number 39 [ 1536.954267][ T5875] usb 7-1: new high-speed USB device number 40 using dummy_hcd [ 1536.984437][T21525] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3832'. [ 1536.993647][T21525] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3832'. [ 1537.127672][ T5875] usb 7-1: config 1 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 255 [ 1537.159663][ T5875] usb 7-1: config 1 descriptor has 1 excess byte, ignoring [ 1537.192481][ T5875] usb 7-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 1537.263024][ T5875] usb 7-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00 [ 1537.272561][T21518] ALSA: mixer_oss: invalid index 40000 [ 1537.287254][ T5875] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1537.310342][ T5875] usb-storage 7-1:1.0: USB Mass Storage device detected [ 1537.388953][ T5875] usb-storage 7-1:1.0: Quirks match for vid 1908 pid 1315: 20000 [ 1537.479446][T14396] usb 2-1: USB disconnect, device number 48 [ 1537.556951][ T5875] usb 7-1: USB disconnect, device number 40 [ 1540.620411][ T13] Bluetooth: hci2: Frame reassembly failed (-84) [ 1542.595535][T15388] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1543.697314][T21586] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1544.306504][T21589] FAULT_INJECTION: forcing a failure. [ 1544.306504][T21589] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1544.319740][T21589] CPU: 1 UID: 0 PID: 21589 Comm: syz.4.3852 Not tainted 6.15.0-rc7-syzkaller-00002-gb36ddb9210e6 #0 PREEMPT(full) [ 1544.319765][T21589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1544.319777][T21589] Call Trace: [ 1544.319784][T21589] [ 1544.319793][T21589] dump_stack_lvl+0x189/0x250 [ 1544.319823][T21589] ? __lock_acquire+0xaac/0xd20 [ 1544.319850][T21589] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1544.319875][T21589] ? __pfx__printk+0x10/0x10 [ 1544.319903][T21589] ? __might_fault+0xb0/0x130 [ 1544.319943][T21589] should_fail_ex+0x414/0x560 [ 1544.319969][T21589] _copy_from_iter+0x1db/0x15a0 [ 1544.320000][T21589] ? trace_kmem_cache_alloc+0x1f/0xc0 [ 1544.320026][T21589] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 1544.320056][T21589] ? __pfx__copy_from_iter+0x10/0x10 [ 1544.320081][T21589] ? __build_skb_around+0x257/0x3e0 [ 1544.320109][T21589] ? netlink_sendmsg+0x642/0xb30 [ 1544.320129][T21589] ? skb_put+0x11b/0x210 [ 1544.320156][T21589] netlink_sendmsg+0x6b2/0xb30 [ 1544.320177][T21589] ? is_bpf_text_address+0x26/0x2b0 [ 1544.320211][T21589] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1544.320241][T21589] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1544.320261][T21589] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1544.320285][T21589] __sock_sendmsg+0x219/0x270 [ 1544.320307][T21589] ____sys_sendmsg+0x505/0x830 [ 1544.320338][T21589] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1544.320391][T21589] ? import_iovec+0x74/0xa0 [ 1544.320423][T21589] ___sys_sendmsg+0x21f/0x2a0 [ 1544.320453][T21589] ? __pfx____sys_sendmsg+0x10/0x10 [ 1544.320520][T21589] ? __fget_files+0x2a/0x420 [ 1544.320538][T21589] ? __fget_files+0x3a0/0x420 [ 1544.320575][T21589] __x64_sys_sendmsg+0x19b/0x260 [ 1544.320606][T21589] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1544.320652][T21589] ? do_syscall_64+0xba/0x210 [ 1544.320682][T21589] do_syscall_64+0xf6/0x210 [ 1544.320709][T21589] ? clear_bhb_loop+0x60/0xb0 [ 1544.320745][T21589] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1544.320763][T21589] RIP: 0033:0x7f54b218e969 [ 1544.320797][T21589] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1544.320816][T21589] RSP: 002b:00007f54b2fe5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1544.320838][T21589] RAX: ffffffffffffffda RBX: 00007f54b23b5fa0 RCX: 00007f54b218e969 [ 1544.320853][T21589] RDX: 000000002000c010 RSI: 0000200000001cc0 RDI: 0000000000000003 [ 1544.320866][T21589] RBP: 00007f54b2fe5090 R08: 0000000000000000 R09: 0000000000000000 [ 1544.320879][T21589] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1544.320891][T21589] R13: 0000000000000000 R14: 00007f54b23b5fa0 R15: 00007ffe05d01fc8 [ 1544.320923][T21589] [ 1545.488967][T21598] syzkaller0: entered promiscuous mode [ 1545.620479][T21598] syzkaller0: entered allmulticast mode [ 1545.812066][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1545.818542][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1551.389756][T21652] netlink: 788 bytes leftover after parsing attributes in process `syz.0.3867'. [ 1552.332902][ T5870] usb 4-1: new high-speed USB device number 53 using dummy_hcd [ 1552.705424][ T5870] usb 4-1: Using ep0 maxpacket: 16 [ 1552.770511][ T5870] usb 4-1: config 0 has an invalid interface number: 105 but max is 0 [ 1553.197406][ T5870] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1553.273559][ T5870] usb 4-1: config 0 has no interface number 0 [ 1553.330314][ T5870] usb 4-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28 [ 1553.554460][ T5870] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1553.692776][ T5870] usb 4-1: Product: syz [ 1553.717672][ T5870] usb 4-1: Manufacturer: syz [ 1553.736948][ T5870] usb 4-1: SerialNumber: syz [ 1553.755342][ T5870] usb 4-1: config 0 descriptor?? [ 1553.973839][ T5870] usb 4-1: Found UVC 0.00 device syz (046d:08d3) [ 1553.995096][ T5870] usb 4-1: No valid video chain found. [ 1554.180757][T21653] atomic_op ffff88806601a198 conn xmit_atomic 0000000000000000 [ 1554.289500][T21675] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3872'. [ 1554.486520][T21673] bridge0: port 1(bridge_slave_0) entered disabled state [ 1554.500725][T21673] bridge0: port 2(bridge_slave_1) entered disabled state [ 1555.117775][T21688] syzkaller0: entered promiscuous mode [ 1555.125979][T21688] syzkaller0: entered allmulticast mode [ 1555.294640][ T5875] usb 4-1: USB disconnect, device number 53 [ 1555.460224][T21697] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4) [ 1555.466895][T21697] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1555.481670][T21697] vhci_hcd vhci_hcd.0: Device attached [ 1555.723057][T14128] usb 39-1: new low-speed USB device number 6 using vhci_hcd [ 1555.980730][ T5875] usb 4-1: new high-speed USB device number 54 using dummy_hcd [ 1557.002898][ T5875] usb 4-1: config 0 has no interfaces? [ 1557.008751][ T5875] usb 4-1: New USB device found, idVendor=0de5, idProduct=0056, bcdDevice= 5.b5 [ 1557.058794][ T5875] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1557.079911][ T5875] usb 4-1: config 0 descriptor?? [ 1557.302875][ T5875] usb 4-1: USB disconnect, device number 54 [ 1557.311499][T21701] vhci_hcd: cannot find a urb of seqnum 1 max seqnum 5 [ 1557.357655][ T9291] vhci_hcd: stop threads [ 1557.372252][ T9291] vhci_hcd: release socket [ 1557.377428][ T9291] vhci_hcd: disconnect device [ 1558.370370][T21723] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1558.465102][T21723] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1560.785520][T21737] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1560.840709][T14128] vhci_hcd: vhci_device speed not set [ 1560.933553][T21737] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1565.189804][T21782] syzkaller0: entered promiscuous mode [ 1565.199208][T21782] syzkaller0: entered allmulticast mode [ 1569.168652][T21798] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3908'. [ 1569.184309][T21804] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3909'. [ 1570.011750][T21826] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3915'. [ 1571.602456][T21835] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3912'. [ 1571.999105][ T5926] Bluetooth: hci2: Frame reassembly failed (-84) [ 1573.713491][T21849] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3921'. [ 1573.996146][T21853] syzkaller0: entered promiscuous mode [ 1574.001810][T21853] syzkaller0: entered allmulticast mode [ 1574.033237][T19854] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1574.231874][ T5875] usb 4-1: new full-speed USB device number 55 using dummy_hcd [ 1574.621610][ T5875] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 52, changing to 4 [ 1574.689924][ T5875] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 13368, setting to 1023 [ 1574.883110][ T5875] usb 4-1: New USB device found, idVendor=3823, idProduct=0001, bcdDevice= 3.eb [ 1574.902695][ T5875] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1574.910806][ T5875] usb 4-1: Product: syz [ 1574.942790][ T5875] usb 4-1: Manufacturer: syz [ 1574.958180][ T5875] usb 4-1: SerialNumber: syz [ 1575.044646][T21865] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 1575.051765][T21865] overlayfs: failed to set xattr on upper [ 1575.057758][T21865] overlayfs: ...falling back to redirect_dir=nofollow. [ 1575.064948][T21865] overlayfs: ...falling back to index=off. [ 1575.070816][T21865] overlayfs: ...falling back to uuid=null. [ 1575.076819][T21865] overlayfs: maximum fs stacking depth exceeded [ 1575.496190][ T5875] usb 4-1: config 0 descriptor?? [ 1575.745527][ T5875] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input24 [ 1575.975276][ T5870] usb 5-1: new full-speed USB device number 76 using dummy_hcd [ 1576.155844][ T5870] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 52, changing to 4 [ 1576.167122][ T5870] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 13368, setting to 1023 [ 1576.190581][ T5870] usb 5-1: New USB device found, idVendor=3823, idProduct=0001, bcdDevice= 3.eb [ 1576.206992][ T5870] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1576.221603][ T5870] usb 5-1: Product: syz [ 1576.232080][ T5870] usb 5-1: Manufacturer: syz [ 1576.243812][ T5870] usb 5-1: SerialNumber: syz [ 1576.257653][ T5870] usb 5-1: config 0 descriptor?? [ 1576.474298][ T5870] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input25 [ 1577.534777][T21851] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3922'. [ 1577.544161][T21872] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3927'. [ 1577.590384][T14128] usb 5-1: USB disconnect, device number 76 [ 1577.641411][ T5875] usb 4-1: USB disconnect, device number 55 [ 1581.757072][T21907] kvm_pr_unimpl_wrmsr: 282 callbacks suppressed [ 1581.757093][T21907] kvm: kvm [21900]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x0 [ 1581.773054][T21907] kvm: kvm [21900]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0x0 [ 1581.790244][T21907] kvm: kvm [21900]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x0 [ 1581.801916][T21907] kvm: kvm [21900]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0x0 [ 1581.817578][T21907] kvm: kvm [21900]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x0 [ 1581.828841][T21907] kvm: kvm [21900]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0x0 [ 1581.837630][ T5872] usb 2-1: new full-speed USB device number 49 using dummy_hcd [ 1581.846358][T21916] syzkaller0: entered promiscuous mode [ 1581.851981][T21916] syzkaller0: entered allmulticast mode [ 1581.860154][T21907] kvm: kvm [21900]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x0 [ 1581.870589][T21907] kvm: kvm [21900]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0x0 [ 1581.909093][T21907] kvm: kvm [21900]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x0 [ 1581.939308][T21907] kvm: kvm [21900]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0x0 [ 1582.025257][ T5872] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 52, changing to 4 [ 1582.040085][ T5872] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 13368, setting to 1023 [ 1582.075823][ T5872] usb 2-1: New USB device found, idVendor=3823, idProduct=0001, bcdDevice= 3.eb [ 1582.088018][ T5872] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1582.126669][ T5872] usb 2-1: Product: syz [ 1582.133052][ T5872] usb 2-1: Manufacturer: syz [ 1582.176143][ T5872] usb 2-1: SerialNumber: syz [ 1582.187010][ T5872] usb 2-1: config 0 descriptor?? [ 1582.411306][ T5872] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input26 [ 1582.627265][T21938] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3943'. [ 1584.385997][T21901] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3936'. [ 1584.461755][ T5872] usb 2-1: USB disconnect, device number 49 [ 1584.722318][T21952] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3948'. [ 1588.560906][ T5875] usb 7-1: new high-speed USB device number 41 using dummy_hcd [ 1588.632723][T14128] usb 5-1: new full-speed USB device number 77 using dummy_hcd [ 1588.664037][T21972] can: request_module (can-proto-0) failed. [ 1588.686871][T21975] : entered promiscuous mode [ 1588.833112][ T5875] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1588.853149][T14128] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 52, changing to 4 [ 1588.872670][ T5875] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1588.895989][T14128] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 13368, setting to 1023 [ 1588.913189][ T5875] usb 7-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 1588.925452][T14128] usb 5-1: New USB device found, idVendor=3823, idProduct=0001, bcdDevice= 3.eb [ 1588.937265][ T5875] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1588.960949][T14128] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1588.973146][ T5875] usb 7-1: config 0 descriptor?? [ 1589.004864][T14128] usb 5-1: Product: syz [ 1589.022177][T14128] usb 5-1: Manufacturer: syz [ 1589.030614][T14128] usb 5-1: SerialNumber: syz [ 1589.058491][T14128] usb 5-1: config 0 descriptor?? [ 1589.212346][T21981] syzkaller0: entered promiscuous mode [ 1589.218373][T21981] syzkaller0: entered allmulticast mode [ 1589.303911][T14128] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input27 [ 1590.999357][ T4441] Bluetooth: hci2: Frame reassembly failed (-84) [ 1592.990439][T21967] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3952'. [ 1593.034885][ T9] usb 5-1: USB disconnect, device number 77 [ 1593.051257][ T5875] usbhid 7-1:0.0: can't add hid device: -71 [ 1593.072826][T19854] Bluetooth: hci2: command 0xfc11 tx timeout [ 1593.079296][T15388] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1593.169015][ T5875] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 1593.187216][ T5875] usb 7-1: USB disconnect, device number 41 [ 1593.409415][T22000] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3961'. [ 1595.697239][ T5875] usb 5-1: new high-speed USB device number 78 using dummy_hcd [ 1595.840049][T22018] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3965'. [ 1595.906299][T22018] netlink: 632 bytes leftover after parsing attributes in process `syz.0.3965'. [ 1596.274778][ T5875] usb 5-1: config 3 has an invalid interface number: 56 but max is 0 [ 1596.428788][ T5875] usb 5-1: config 3 has no interface number 0 [ 1596.435291][ T5875] usb 5-1: config 3 interface 56 has no altsetting 0 [ 1596.444837][ T5875] usb 5-1: New USB device found, idVendor=03f0, idProduct=2101, bcdDevice=80.bb [ 1596.457385][ T5875] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1596.467515][ T5875] usb 5-1: Product: syz [ 1596.471759][ T5875] usb 5-1: Manufacturer: syz [ 1597.135278][ T5875] usb 5-1: SerialNumber: syz [ 1598.056891][T22034] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1598.118544][ T999] Bluetooth: hci2: Frame reassembly failed (-84) [ 1598.252077][T22034] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1598.430098][ T5875] safe_serial 5-1:3.56: safe_serial converter detected [ 1598.451831][ T5875] usb 5-1: safe_serial converter now attached to ttyUSB0 [ 1598.476533][ T5875] usb 5-1: USB disconnect, device number 78 [ 1598.492081][ T5875] safe_serial ttyUSB0: safe_serial converter now disconnected from ttyUSB0 [ 1598.514734][ T5875] safe_serial 5-1:3.56: device disconnected [ 1598.641830][T22046] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3973'. [ 1600.123412][T15388] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1601.184211][T21668] usb 7-1: new high-speed USB device number 42 using dummy_hcd [ 1601.282780][ T24] usb 4-1: new high-speed USB device number 56 using dummy_hcd [ 1601.447963][T21668] usb 7-1: Using ep0 maxpacket: 16 [ 1601.493723][ T24] usb 4-1: Using ep0 maxpacket: 16 [ 1601.527888][T21668] usb 7-1: config 5 has an invalid interface number: 168 but max is 0 [ 1601.686278][ T24] usb 4-1: config 0 has an invalid interface number: 105 but max is 0 [ 1601.874034][T21668] usb 7-1: config 5 has no interface number 0 [ 1601.880839][T21668] usb 7-1: config 5 interface 168 altsetting 7 has an endpoint descriptor with address 0xEB, changing to 0x8B [ 1601.892941][ T24] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1601.910797][T21668] usb 7-1: config 5 interface 168 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1601.928592][ T24] usb 4-1: config 0 has no interface number 0 [ 1601.936245][T21668] usb 7-1: config 5 interface 168 has no altsetting 0 [ 1601.961476][ T24] usb 4-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28 [ 1601.993191][T21668] usb 7-1: New USB device found, idVendor=04cc, idProduct=2533, bcdDevice=fc.58 [ 1602.039265][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1602.127472][T21668] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1602.155975][ T24] usb 4-1: Product: syz [ 1602.218630][ T24] usb 4-1: Manufacturer: syz [ 1602.263317][T21668] usb 7-1: Product: syz [ 1602.293330][T21668] usb 7-1: Manufacturer: syz [ 1602.299361][ T24] usb 4-1: SerialNumber: syz [ 1602.394896][T21668] usb 7-1: SerialNumber: syz [ 1602.539189][ T24] usb 4-1: config 0 descriptor?? [ 1602.914571][ T24] usb 4-1: Found UVC 0.00 device syz (046d:08d3) [ 1602.945457][ T24] usb 4-1: No valid video chain found. [ 1603.184294][T22061] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3978'. [ 1603.260034][T22064] atomic_op ffff88807c8fb198 conn xmit_atomic 0000000000000000 [ 1603.292261][T21668] pn533_usb 7-1:5.168: NFC: Could not find bulk-in or bulk-out endpoint [ 1603.356934][T21668] usb 7-1: USB disconnect, device number 42 [ 1604.629753][T21668] usb 4-1: USB disconnect, device number 56 [ 1605.540846][T22111] ubi: mtd0 is already attached to ubi31 [ 1607.265480][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1607.275912][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1608.733950][T22131] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3995'. [ 1608.743491][T22131] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3995'. [ 1609.415665][ T5872] usb 5-1: new high-speed USB device number 79 using dummy_hcd [ 1609.581583][T22134] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3997'. [ 1609.597920][ T5872] usb 5-1: Using ep0 maxpacket: 32 [ 1610.073546][ T5872] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 102, changing to 10 [ 1610.147016][ T5872] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24624, setting to 1024 [ 1610.181143][ T5872] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1610.354951][ T5872] usb 5-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 1610.364264][ T5872] usb 5-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 1610.373219][ T5872] usb 5-1: Product: syz [ 1610.377484][ T5872] usb 5-1: Manufacturer: syz [ 1610.382149][ T5872] usb 5-1: SerialNumber: syz [ 1610.412541][ T5872] input: appletouch as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/input/input28 [ 1611.716901][ T5872] usb 5-1: USB disconnect, device number 79 [ 1612.343580][ T5872] appletouch 5-1:1.0: input: appletouch disconnected [ 1612.700521][T22157] ubi: mtd0 is already attached to ubi31 [ 1612.842939][T22160] can: request_module (can-proto-0) failed. [ 1612.987735][T22160] : entered promiscuous mode [ 1614.849305][ T999] Bluetooth: hci2: Frame reassembly failed (-84) [ 1616.863714][T15388] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1617.665437][T22199] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4014'. [ 1617.724406][T22200] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4014'. [ 1618.104596][T22199] netlink: 16 bytes leftover after parsing attributes in process `syz.6.4014'. [ 1618.142650][T22200] netlink: 16 bytes leftover after parsing attributes in process `syz.6.4014'. [ 1618.673467][T21668] usb 5-1: new high-speed USB device number 80 using dummy_hcd [ 1618.854585][T21668] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1618.866018][T21668] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1618.876222][T21668] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 1618.885671][T21668] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1619.644644][T21668] usb 5-1: config 0 descriptor?? [ 1622.286966][T21668] usbhid 5-1:0.0: can't add hid device: -71 [ 1622.294442][T21668] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 1622.313056][T21668] usb 5-1: USB disconnect, device number 80 [ 1622.427333][ T5870] usb 2-1: new full-speed USB device number 50 using dummy_hcd [ 1622.611504][ T5870] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 52, changing to 4 [ 1622.662774][ T5870] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 13368, setting to 1023 [ 1622.704672][ T5870] usb 2-1: New USB device found, idVendor=3823, idProduct=0001, bcdDevice= 3.eb [ 1622.732667][ T5870] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1622.750979][ T5870] usb 2-1: Product: syz [ 1622.762738][ T5870] usb 2-1: Manufacturer: syz [ 1622.767394][ T5870] usb 2-1: SerialNumber: syz [ 1622.803557][ T5870] usb 2-1: config 0 descriptor?? [ 1623.020683][ T5870] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input29 [ 1623.414794][T22244] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4027'. [ 1623.502918][T21668] usb 2-1: USB disconnect, device number 50 [ 1624.913682][T22265] netlink: 'syz.6.4034': attribute type 21 has an invalid length. [ 1624.921581][T22265] netlink: 'syz.6.4034': attribute type 6 has an invalid length. [ 1624.929822][T22265] netlink: 132 bytes leftover after parsing attributes in process `syz.6.4034'. [ 1625.618195][T22265] autofs: Unknown parameter '' [ 1631.934650][ T5875] usb 5-1: new high-speed USB device number 81 using dummy_hcd [ 1632.414229][ T5875] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1632.428843][ T5875] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1632.772900][ T5875] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 1632.782360][ T5875] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1632.911545][ T5875] usb 5-1: config 0 descriptor?? [ 1636.041938][ T5875] usbhid 5-1:0.0: can't add hid device: -71 [ 1636.049911][ T5875] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 1636.062990][ T5875] usb 5-1: USB disconnect, device number 81 [ 1636.183043][ T5873] usb 7-1: new high-speed USB device number 43 using dummy_hcd [ 1636.382967][ T5873] usb 7-1: Using ep0 maxpacket: 16 [ 1636.454438][ T5873] usb 7-1: config 5 has an invalid interface number: 168 but max is 0 [ 1636.493276][ T5873] usb 7-1: config 5 has no interface number 0 [ 1636.546827][ T5873] usb 7-1: config 5 interface 168 altsetting 7 has an endpoint descriptor with address 0xEB, changing to 0x8B [ 1636.606085][ T5875] usb 5-1: new full-speed USB device number 82 using dummy_hcd [ 1636.619137][ T5873] usb 7-1: config 5 interface 168 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1636.665213][ T5873] usb 7-1: config 5 interface 168 has no altsetting 0 [ 1636.684474][ T5873] usb 7-1: New USB device found, idVendor=04cc, idProduct=2533, bcdDevice=fc.58 [ 1636.705378][ T5873] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1636.715219][ T5873] usb 7-1: Product: syz [ 1636.725092][ T5873] usb 7-1: Manufacturer: syz [ 1636.733973][ T5873] usb 7-1: SerialNumber: syz [ 1636.776742][T22406] loop7: detected capacity change from 0 to 7 [ 1636.804346][T22355] Dev loop7: unable to read RDB block 7 [ 1636.810465][T22355] loop7: unable to read partition table [ 1636.825629][T22355] loop7: partition table beyond EOD, truncated [ 1636.831186][ T5875] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1636.856528][ T5875] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 1636.868118][ T5875] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 1636.869407][T22406] Dev loop7: unable to read RDB block 7 [ 1636.878282][ T5875] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1636.883632][T22406] loop7: unable to read partition table [ 1636.897865][T22406] loop7: partition table beyond EOD, truncated [ 1636.904404][T22406] loop_reread_partitions: partition scan of loop7 (被x ) failed (rc=-5) [ 1636.923381][ T5875] usb 5-1: config 0 descriptor?? [ 1636.952122][ T5875] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 1636.954666][T22400] netlink: 16 bytes leftover after parsing attributes in process `syz.6.4071'. [ 1636.961297][ T5875] dvb-usb: bulk message failed: -22 (3/0) [ 1637.106660][ T5875] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 1637.186762][ T5873] pn533_usb 7-1:5.168: NFC: Could not find bulk-in or bulk-out endpoint [ 1637.207314][ T5873] usb 7-1: USB disconnect, device number 43 [ 1637.940767][ T5875] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 1637.953399][ T5875] usb 5-1: media controller created [ 1637.961043][ T5875] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1638.064990][ T5875] dvb-usb: bulk message failed: -22 (6/0) [ 1638.073019][ T5875] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 1638.190092][ T5875] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input30 [ 1638.215364][ T5875] dvb-usb: schedule remote query interval to 150 msecs. [ 1638.222643][ T5875] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 1638.253087][ T5875] usb 5-1: USB disconnect, device number 82 [ 1638.319494][ T5875] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 1640.513058][ T5875] usb 7-1: new high-speed USB device number 44 using dummy_hcd [ 1641.202724][ T5875] usb 7-1: Using ep0 maxpacket: 16 [ 1641.222451][ T5873] usb 2-1: new high-speed USB device number 51 using dummy_hcd [ 1641.272873][T21668] usb 5-1: new high-speed USB device number 83 using dummy_hcd [ 1641.280552][ T5875] usb 7-1: config 0 has an invalid interface number: 105 but max is 0 [ 1641.445945][ T5875] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1641.456862][ T5875] usb 7-1: config 0 has no interface number 0 [ 1641.457447][ T5873] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1641.483770][ T5873] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1641.510331][ T5873] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1641.521383][ T5873] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1641.532515][ T5873] usb 2-1: SerialNumber: syz [ 1641.590781][T21668] usb 5-1: Using ep0 maxpacket: 16 [ 1641.628496][ T5875] usb 7-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28 [ 1641.636676][T21668] usb 5-1: config 0 has an invalid interface number: 105 but max is 0 [ 1641.659187][ T5875] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1641.663754][T21668] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1641.710950][ T5875] usb 7-1: Product: syz [ 1641.714669][T21668] usb 5-1: config 0 has no interface number 0 [ 1641.718868][ T5875] usb 7-1: Manufacturer: syz [ 1641.962410][T21668] usb 5-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28 [ 1641.985872][ T5875] usb 7-1: SerialNumber: syz [ 1641.989112][ T5873] usb 2-1: 0:2 : does not exist [ 1641.995781][T21668] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1642.026453][T21668] usb 5-1: Product: syz [ 1642.060163][T21668] usb 5-1: Manufacturer: syz [ 1642.060472][ T5875] usb 7-1: config 0 descriptor?? [ 1642.110285][T21668] usb 5-1: SerialNumber: syz [ 1642.156823][T21668] usb 5-1: config 0 descriptor?? [ 1642.166563][ T5873] usb 2-1: USB disconnect, device number 51 [ 1642.274514][T22410] udevd[22410]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1642.345563][ T5875] usb 7-1: Found UVC 0.00 device syz (046d:08d3) [ 1642.363927][ T5875] usb 7-1: No valid video chain found. [ 1642.416757][T21668] usb 5-1: Found UVC 0.00 device syz (046d:08d3) [ 1642.425358][T21668] usb 5-1: No valid video chain found. [ 1642.566261][T22434] atomic_op ffff888023a0b198 conn xmit_atomic 0000000000000000 [ 1642.747141][T22443] atomic_op ffff88802a59d198 conn xmit_atomic 0000000000000000 [ 1643.819760][ T5873] usb 4-1: new high-speed USB device number 57 using dummy_hcd [ 1643.982726][ T5873] usb 4-1: Using ep0 maxpacket: 16 [ 1643.989899][ T5873] usb 4-1: config 5 has an invalid interface number: 168 but max is 0 [ 1643.998718][ T5873] usb 4-1: config 5 has no interface number 0 [ 1644.005147][ T5873] usb 4-1: config 5 interface 168 altsetting 7 has an endpoint descriptor with address 0xEB, changing to 0x8B [ 1644.017127][ T5873] usb 4-1: config 5 interface 168 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1644.800995][ T5873] usb 4-1: config 5 interface 168 has no altsetting 0 [ 1644.811629][ T5873] usb 4-1: New USB device found, idVendor=04cc, idProduct=2533, bcdDevice=fc.58 [ 1644.833415][ T5870] usb 7-1: USB disconnect, device number 44 [ 1644.853498][ T5873] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1644.861565][ T5873] usb 4-1: Product: syz [ 1644.901560][ T5873] usb 4-1: Manufacturer: syz [ 1644.915990][T22467] netlink: 'syz.0.4089': attribute type 1 has an invalid length. [ 1644.916213][ T5873] usb 4-1: SerialNumber: syz [ 1644.936684][ T24] usb 5-1: USB disconnect, device number 83 [ 1644.954203][T22467] netlink: 224 bytes leftover after parsing attributes in process `syz.0.4089'. [ 1645.097109][T22475] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4089'. [ 1645.191798][T22475] netlink: 48 bytes leftover after parsing attributes in process `syz.0.4089'. [ 1645.330267][T22477] overlayfs: conflicting lowerdir path [ 1646.713925][ T5873] pn533_usb 4-1:5.168: NFC: Could not find bulk-in or bulk-out endpoint [ 1646.741874][ T5873] usb 4-1: USB disconnect, device number 57 [ 1647.091263][T22493] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4096'. [ 1649.266345][T22506] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4100'. [ 1651.293483][T19854] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1651.309615][T19854] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1651.319248][T19854] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1651.327371][T19854] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1651.340509][T19854] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1652.092151][ T999] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1652.162213][T22527] lo speed is unknown, defaulting to 1000 [ 1652.219009][ T999] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1653.192342][ T999] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1653.425545][T15388] Bluetooth: hci2: command tx timeout [ 1653.767835][ T999] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1653.782877][ T9] usb 2-1: new full-speed USB device number 52 using dummy_hcd [ 1653.940764][T22527] chnl_net:caif_netlink_parms(): no params data found [ 1653.958366][ T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1653.979468][ T9] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 1654.003328][ T9] usb 2-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 1654.013872][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1654.041093][ T9] usb 2-1: config 0 descriptor?? [ 1654.063743][ T9] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 1654.072253][ T9] dvb-usb: bulk message failed: -22 (3/0) [ 1654.089266][ T9] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 1654.106085][ T9] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 1654.125719][ T9] usb 2-1: media controller created [ 1654.139414][ T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1654.148715][ T999] bridge_slave_1: left allmulticast mode [ 1654.154599][ T999] bridge_slave_1: left promiscuous mode [ 1654.160329][ T999] bridge0: port 2(bridge_slave_1) entered disabled state [ 1654.173028][ T9] dvb-usb: bulk message failed: -22 (6/0) [ 1654.180799][ T999] bridge_slave_0: left allmulticast mode [ 1654.187036][ T9] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 1654.194942][ T999] bridge_slave_0: left promiscuous mode [ 1654.201078][ T999] bridge0: port 1(bridge_slave_0) entered disabled state [ 1654.207149][ T9] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input31 [ 1654.238573][ T9] dvb-usb: schedule remote query interval to 150 msecs. [ 1654.255673][ T9] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 1654.358513][ T5870] usb 2-1: USB disconnect, device number 52 [ 1654.419550][ T5870] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 1654.799258][ T999] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1654.810615][ T999] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1654.821155][ T999] bond0 (unregistering): Released all slaves [ 1654.883950][T22527] bridge0: port 1(bridge_slave_0) entered blocking state [ 1654.900407][T22527] bridge0: port 1(bridge_slave_0) entered disabled state [ 1654.909854][T22527] bridge_slave_0: entered allmulticast mode [ 1654.917921][T22527] bridge_slave_0: entered promiscuous mode [ 1654.935530][T22527] bridge0: port 2(bridge_slave_1) entered blocking state [ 1654.954772][T22527] bridge0: port 2(bridge_slave_1) entered disabled state [ 1654.962105][T22527] bridge_slave_1: entered allmulticast mode [ 1654.975369][T22527] bridge_slave_1: entered promiscuous mode [ 1654.983095][ T999] tipc: Left network mode [ 1655.048101][T22527] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1655.079751][T22527] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1655.174513][T22527] team0: Port device team_slave_0 added [ 1655.196556][T22527] team0: Port device team_slave_1 added [ 1655.265479][T22527] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1655.272477][T22527] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1655.300321][T22527] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1655.335763][T22527] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1655.352275][T22527] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1655.382774][T22527] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1655.479915][T15388] Bluetooth: hci2: command tx timeout [ 1655.551914][T22527] hsr_slave_0: entered promiscuous mode [ 1655.561954][T22527] hsr_slave_1: entered promiscuous mode [ 1655.574421][T22527] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1655.582027][T22527] Cannot create hsr debugfs directory [ 1656.091463][ T999] hsr_slave_0: left promiscuous mode [ 1656.102718][ T999] hsr_slave_1: left promiscuous mode [ 1656.109659][ T999] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1656.117271][ T999] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1656.132320][ T999] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1656.143699][ T999] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1656.181250][ T999] veth1_macvtap: left allmulticast mode [ 1656.187464][ T999] veth1_macvtap: left promiscuous mode [ 1656.206866][ T999] veth0_macvtap: left promiscuous mode [ 1656.212510][ T999] veth1_vlan: left promiscuous mode [ 1656.222900][ T999] veth0_vlan: left promiscuous mode [ 1656.851410][ T999] team0 (unregistering): Port device team_slave_1 removed [ 1656.907363][ T999] team0 (unregistering): Port device team_slave_0 removed [ 1657.404298][ T9] lo speed is unknown, defaulting to 1000 [ 1657.410642][ T9] syz2: Port: 1 Link DOWN [ 1657.554774][T15388] Bluetooth: hci2: command tx timeout [ 1657.705314][T22527] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1657.726576][T22527] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1657.739236][T22527] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1657.748454][ T999] IPVS: stop unused estimator thread 0... [ 1657.761467][T22527] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1657.884879][T22527] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1657.916593][T22527] 8021q: adding VLAN 0 to HW filter on device team0 [ 1657.937747][ T999] bridge0: port 1(bridge_slave_0) entered blocking state [ 1657.945125][ T999] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1657.968943][ T999] bridge0: port 2(bridge_slave_1) entered blocking state [ 1657.976169][ T999] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1658.306350][T22527] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1658.366345][T22527] veth0_vlan: entered promiscuous mode [ 1658.387934][T22527] veth1_vlan: entered promiscuous mode [ 1658.432353][T22527] veth0_macvtap: entered promiscuous mode [ 1658.444573][T22527] veth1_macvtap: entered promiscuous mode [ 1658.479608][T22527] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1658.496421][T22527] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1658.516559][T22527] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1658.530865][T22527] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1658.543961][T22527] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1658.557363][T22527] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1658.691953][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1658.721692][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1658.759163][ T7900] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1658.769537][ T7900] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1659.683010][T15388] Bluetooth: hci2: command tx timeout [ 1668.677706][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1668.684141][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1681.276256][T19854] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1681.286258][T19854] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1681.383147][T19854] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1681.400018][T19854] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1681.413438][T19854] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1682.348866][ T7900] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1683.183787][T22692] netlink: 'syz.3.4123': attribute type 7 has an invalid length. [ 1683.474445][T19854] Bluetooth: hci0: command tx timeout [ 1683.848815][ T7900] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1683.902670][ T5872] usb 2-1: new full-speed USB device number 53 using dummy_hcd [ 1684.030824][ T7900] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1684.095772][ T5872] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 52, changing to 4 [ 1684.123999][ T5872] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 13368, setting to 1023 [ 1684.185127][ T5872] usb 2-1: New USB device found, idVendor=3823, idProduct=0001, bcdDevice= 3.eb [ 1684.205610][ T5872] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1684.226426][ T5872] usb 2-1: Product: syz [ 1684.235982][ T5872] usb 2-1: Manufacturer: syz [ 1684.250714][ T5872] usb 2-1: SerialNumber: syz [ 1684.272470][ T5872] usb 2-1: config 0 descriptor?? [ 1684.298498][ T7900] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1684.388091][T22676] chnl_net:caif_netlink_parms(): no params data found [ 1684.550110][ T5872] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input32 [ 1684.739929][T22686] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4122'. [ 1684.812494][ T5870] usb 2-1: USB disconnect, device number 53 [ 1685.048639][T22676] bridge0: port 1(bridge_slave_0) entered blocking state [ 1685.062048][T22676] bridge0: port 1(bridge_slave_0) entered disabled state [ 1685.077820][T22676] bridge_slave_0: entered allmulticast mode [ 1685.099315][T22676] bridge_slave_0: entered promiscuous mode [ 1685.279562][T22709] bridge0: port 3(team0) entered disabled state [ 1685.572654][T19854] Bluetooth: hci0: command tx timeout [ 1686.018341][T22709] bridge0: port 1(bridge_slave_0) entered disabled state [ 1686.044485][T22709] bridge0: port 2(bridge_slave_1) entered disabled state [ 1686.228453][T22676] bridge0: port 2(bridge_slave_1) entered blocking state [ 1686.242846][T22676] bridge0: port 2(bridge_slave_1) entered disabled state [ 1686.342952][T22676] bridge_slave_1: entered allmulticast mode [ 1686.566001][T22676] bridge_slave_1: entered promiscuous mode [ 1686.977385][T22676] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1686.995946][T22676] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1687.295953][T22736] netlink: 48 bytes leftover after parsing attributes in process `syz.1.4133'. [ 1687.482117][ T5872] usb 5-1: new high-speed USB device number 84 using dummy_hcd [ 1687.519561][ T7900] bridge_slave_1: left allmulticast mode [ 1687.532802][ T7900] bridge_slave_1: left promiscuous mode [ 1687.632787][T19854] Bluetooth: hci0: command tx timeout [ 1687.663432][ T7900] bridge0: port 2(bridge_slave_1) entered disabled state [ 1687.703720][ T5872] usb 5-1: Using ep0 maxpacket: 16 [ 1687.716757][ T7900] bridge_slave_0: left allmulticast mode [ 1687.733854][ T5872] usb 5-1: config 0 has an invalid interface number: 105 but max is 0 [ 1687.754411][ T5872] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1687.765022][ T7900] bridge_slave_0: left promiscuous mode [ 1687.771022][ T7900] bridge0: port 1(bridge_slave_0) entered disabled state [ 1687.790288][ T5872] usb 5-1: config 0 has no interface number 0 [ 1687.804447][ T5872] usb 5-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28 [ 1687.828084][ T5872] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1687.853651][ T5872] usb 5-1: Product: syz [ 1687.864976][ T5872] usb 5-1: Manufacturer: syz [ 1687.869634][ T5872] usb 5-1: SerialNumber: syz [ 1687.906422][ T5872] usb 5-1: config 0 descriptor?? [ 1688.130193][ T5872] usb 5-1: Found UVC 0.00 device syz (046d:08d3) [ 1688.146564][ T5872] usb 5-1: No valid video chain found. [ 1688.365946][T22732] atomic_op ffff88807c06d198 conn xmit_atomic 0000000000000000 [ 1688.424302][ T7900] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1688.445160][ T7900] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1688.457502][ T7900] bond0 (unregistering): Released all slaves [ 1688.490548][T22676] team0: Port device team_slave_0 added [ 1688.610422][T22676] team0: Port device team_slave_1 added [ 1688.717072][ T7900] : left promiscuous mode [ 1688.937603][T22676] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1688.985439][T22676] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1689.682851][T22676] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1689.711518][T22676] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1689.713196][T19854] Bluetooth: hci0: command tx timeout [ 1689.719226][T22676] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1689.842079][T22676] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1689.863899][ T7900] tipc: Left network mode [ 1689.957391][ T7900] IPVS: stopping master sync thread 5959 ... [ 1689.987493][ T5872] usb 5-1: USB disconnect, device number 84 [ 1690.190048][T22676] hsr_slave_0: entered promiscuous mode [ 1690.201333][T22676] hsr_slave_1: entered promiscuous mode [ 1690.228492][T22676] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1690.236523][T22676] Cannot create hsr debugfs directory [ 1691.302835][ T5872] usb 7-1: new high-speed USB device number 45 using dummy_hcd [ 1691.483483][ T5872] usb 7-1: Using ep0 maxpacket: 32 [ 1691.752883][ T5872] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 102, changing to 10 [ 1691.943890][ T5872] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24624, setting to 1024 [ 1692.149879][ T5872] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1692.174195][T22794] netlink: 48 bytes leftover after parsing attributes in process `syz.4.4145'. [ 1692.241746][ T5872] usb 7-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 1692.254165][ T5872] usb 7-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 1692.426589][ T5872] usb 7-1: Product: syz [ 1692.454423][ T5872] usb 7-1: Manufacturer: syz [ 1692.462621][ T5872] usb 7-1: SerialNumber: syz [ 1692.632471][ T5872] input: appletouch as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/input/input33 [ 1692.814673][ T24] usb 7-1: USB disconnect, device number 45 [ 1692.932714][ T24] appletouch 7-1:1.0: input: appletouch disconnected [ 1693.602890][ T5872] usb 5-1: new full-speed USB device number 85 using dummy_hcd [ 1693.806592][ T5872] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1693.833261][ T5875] usb 4-1: new full-speed USB device number 58 using dummy_hcd [ 1693.847466][ T5872] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 1693.880699][ T5872] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 1693.892386][ T5872] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1693.934179][ T5872] usb 5-1: config 0 descriptor?? [ 1693.977565][ T5872] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 1694.009202][ T5872] dvb-usb: bulk message failed: -22 (3/0) [ 1694.025424][ T5872] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 1694.046267][ T5875] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 52, changing to 4 [ 1694.069276][ T5872] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 1694.083565][ T5875] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 13368, setting to 1023 [ 1694.096315][ T5872] usb 5-1: media controller created [ 1694.103763][ T5872] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1694.118784][ T5875] usb 4-1: New USB device found, idVendor=3823, idProduct=0001, bcdDevice= 3.eb [ 1694.134932][ T5875] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1694.164651][ T5872] dvb-usb: bulk message failed: -22 (6/0) [ 1694.201480][ T5875] usb 4-1: Product: syz [ 1694.206758][ T5872] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 1694.221007][ T5875] usb 4-1: Manufacturer: syz [ 1694.232382][ T5875] usb 4-1: SerialNumber: syz [ 1694.245951][ T5872] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input34 [ 1694.290145][ T5875] usb 4-1: config 0 descriptor?? [ 1694.311525][ T5872] dvb-usb: schedule remote query interval to 150 msecs. [ 1694.517051][ T5872] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 1695.380641][ T9] dvb-usb: bulk message failed: -22 (1/0) [ 1695.387074][ T9] dvb-usb: error while querying for an remote control event. [ 1695.413639][ T5872] usb 5-1: USB disconnect, device number 85 [ 1695.438205][ T5875] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input35 [ 1695.448853][T22823] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1695.555884][ T9] dvb-usb: bulk message failed: -22 (1/0) [ 1695.561731][ T9] dvb-usb: error while querying for an remote control event. [ 1696.425265][ T5872] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 1696.466879][T22805] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4148'. [ 1696.560943][ T24] usb 4-1: USB disconnect, device number 58 [ 1696.837560][T22827] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4152'. [ 1696.966998][T22676] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1697.093995][T22676] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1697.383983][T22850] netlink: 48 bytes leftover after parsing attributes in process `syz.1.4156'. [ 1697.490678][T22676] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1697.704974][T22676] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1697.852072][ T7900] hsr_slave_0: left promiscuous mode [ 1697.876288][ T7900] hsr_slave_1: left promiscuous mode [ 1697.935447][ T7900] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1697.977078][ T7900] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1698.044236][ T7900] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1698.163251][ T7900] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1698.926411][ T7900] veth1_macvtap: left promiscuous mode [ 1698.956971][ T7900] veth0_macvtap: left promiscuous mode [ 1698.972802][ T9] usb 2-1: new full-speed USB device number 54 using dummy_hcd [ 1698.981730][ T7900] veth1_vlan: left promiscuous mode [ 1698.997116][ T7900] veth0_vlan: left promiscuous mode [ 1699.078444][T22868] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4161'. [ 1699.606155][ T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1699.618187][ T9] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 1699.627853][ T9] usb 2-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 1699.639168][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1699.655417][ T9] usb 2-1: config 0 descriptor?? [ 1699.664037][ T9] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 1699.670832][ T9] dvb-usb: bulk message failed: -22 (3/0) [ 1699.693516][ T9] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 1699.702812][ T5872] usb 4-1: new full-speed USB device number 59 using dummy_hcd [ 1699.711227][ T9] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 1699.737926][ T9] usb 2-1: media controller created [ 1699.745021][ T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1699.773484][ T9] dvb-usb: bulk message failed: -22 (6/0) [ 1699.812900][ T9] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 1699.838514][ T9] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input36 [ 1699.870860][ T9] dvb-usb: schedule remote query interval to 150 msecs. [ 1699.892788][ T9] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 1699.912814][ T5872] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1699.946736][ T5872] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 1699.956668][ T5872] usb 4-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 1699.987719][ T5872] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1700.014663][ T5872] usb 4-1: config 0 descriptor?? [ 1700.028995][ T5872] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 1700.042002][ T5872] dvb-usb: bulk message failed: -22 (3/0) [ 1700.050764][T14396] usb 2-1: USB disconnect, device number 54 [ 1700.054756][ T5872] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 1700.065482][ T9] dvb-usb: bulk message failed: -22 (1/0) [ 1700.071255][ T9] dvb-usb: error while querying for an remote control event. [ 1700.083647][ T5872] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 1700.092892][ T5872] usb 4-1: media controller created [ 1700.099312][ T5872] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1700.116090][ T5872] dvb-usb: bulk message failed: -22 (6/0) [ 1700.122007][ T5872] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 1700.166767][ T5872] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input37 [ 1700.180804][T14396] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 1700.216316][ T5872] dvb-usb: schedule remote query interval to 150 msecs. [ 1700.257680][ T5872] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 1700.277924][ T5872] usb 4-1: USB disconnect, device number 59 [ 1700.347045][ T5872] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 1700.579634][ T7900] team0 (unregistering): Port device team_slave_1 removed [ 1700.659444][ T7900] team0 (unregistering): Port device team_slave_0 removed [ 1700.819374][T22878] can: request_module (can-proto-0) failed. [ 1702.144993][T22895] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1702.636306][T22676] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1702.841021][ T7900] IPVS: stop unused estimator thread 0... [ 1702.856267][T22676] 8021q: adding VLAN 0 to HW filter on device team0 [ 1702.886194][ T4441] bridge0: port 1(bridge_slave_0) entered blocking state [ 1702.893534][ T4441] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1703.131567][ T4441] bridge0: port 2(bridge_slave_1) entered blocking state [ 1703.138781][ T4441] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1703.808777][T19854] Bluetooth: hci2: unexpected subevent 0x1a length: 25 > 6 [ 1705.462167][T22676] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1705.499049][T22945] netlink: 'syz.3.4182': attribute type 6 has an invalid length. [ 1705.525573][T22945] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4182'. [ 1705.717709][T22676] veth0_vlan: entered promiscuous mode [ 1705.759188][T22676] veth1_vlan: entered promiscuous mode [ 1707.415421][T22676] veth0_macvtap: entered promiscuous mode [ 1707.510443][T22676] veth1_macvtap: entered promiscuous mode [ 1707.561242][T22676] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1707.825605][T22676] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1709.185532][T22676] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1709.267094][T22676] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1709.363083][T22676] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1709.392643][T22676] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1709.459931][T22985] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4189'. [ 1709.475400][T22985] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'syz0' [ 1709.767207][T22999] TCP: tcp_parse_options: Illegal window scaling value 253 > 14 received [ 1709.868065][ T7900] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1709.868723][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1709.892693][ T7900] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1710.550008][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1710.754962][T23010] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4198'. [ 1710.765333][T23007] syzkaller1: entered promiscuous mode [ 1710.776307][T23007] syzkaller1: entered allmulticast mode [ 1710.790354][T23010] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4198'. [ 1711.028980][T23016] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4111'. [ 1712.288683][T23033] netlink: 'syz.3.4203': attribute type 29 has an invalid length. [ 1712.346696][T23033] netlink: 'syz.3.4203': attribute type 29 has an invalid length. [ 1712.390923][T23033] netlink: 'syz.3.4203': attribute type 29 has an invalid length. [ 1712.903585][T23046] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4208'. [ 1713.865001][ T9] syz1: Port: 1 Link DOWN [ 1713.871612][T23046] bridge_slave_1: left allmulticast mode [ 1713.908398][T23046] bridge_slave_1: left promiscuous mode [ 1713.919747][T15388] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1713.932396][T15388] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1713.941099][T15388] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1713.952239][T23046] bridge0: port 2(bridge_slave_1) entered disabled state [ 1713.962319][T15388] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1713.972393][T15388] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1714.062287][T23046] bridge_slave_0: left allmulticast mode [ 1714.102382][T23046] bridge_slave_0: left promiscuous mode [ 1714.132875][T23046] bridge0: port 1(bridge_slave_0) entered disabled state [ 1714.315892][T23071] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4214'. [ 1714.412479][T23071] hsr_slave_0: left promiscuous mode [ 1714.433130][T23071] hsr_slave_1: left promiscuous mode [ 1714.632086][ T7900] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1715.836638][ T7900] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1716.034782][T19854] Bluetooth: hci1: command tx timeout [ 1716.054156][ T7900] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1716.250105][ T7900] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1716.676405][T23115] can0: slcan on ttyS3. [ 1716.871085][T23057] chnl_net:caif_netlink_parms(): no params data found [ 1716.928912][T23113] can0 (unregistered): slcan off ttyS3. [ 1717.367675][T23136] x_tables: ip6_tables: tcpmss match: only valid for protocol 6 [ 1718.113823][T19854] Bluetooth: hci1: command tx timeout [ 1718.936998][ T7900] team0: left allmulticast mode [ 1718.990465][ T7900] team_slave_0: left allmulticast mode [ 1718.998538][ T7900] team_slave_1: left allmulticast mode [ 1719.004433][ T7900] team0: left promiscuous mode [ 1719.009229][ T7900] team_slave_0: left promiscuous mode [ 1719.021653][ T7900] team_slave_1: left promiscuous mode [ 1719.040202][ T7900] bridge0: port 3(team0) entered disabled state [ 1719.100009][ T7900] bridge_slave_1: left allmulticast mode [ 1719.123878][ T7900] bridge_slave_1: left promiscuous mode [ 1719.129704][ T7900] bridge0: port 2(bridge_slave_1) entered disabled state [ 1719.175014][ T7900] bridge_slave_0: left allmulticast mode [ 1719.205539][ T7900] bridge_slave_0: left promiscuous mode [ 1719.228030][ T7900] bridge0: port 1(bridge_slave_0) entered disabled state [ 1719.504617][T23162] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input38 [ 1719.573888][T23163] --map-set only usable from mangle table [ 1720.207075][T19854] Bluetooth: hci1: command tx timeout [ 1721.302048][T23188] xt_hashlimit: max too large, truncated to 1048576 [ 1722.542811][T19854] Bluetooth: hci1: command tx timeout [ 1723.661559][ T7900] bond0 (unregistering): left allmulticast mode [ 1723.680474][ T7900] bond_slave_0: left allmulticast mode [ 1723.696170][ T7900] bond_slave_1: left allmulticast mode [ 1723.713781][ T7900] batadv0: left allmulticast mode [ 1723.722424][ T7900] bond0 (unregistering): left promiscuous mode [ 1723.805331][ T7900] bond_slave_0: left promiscuous mode [ 1723.832906][ T7900] bond_slave_1: left promiscuous mode [ 1723.838560][ T7900] batadv0: left promiscuous mode [ 1723.912845][ T7900] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1723.954058][ T7900] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1724.032201][ T7900] bond0 (unregistering): (slave batadv0): Releasing backup interface [ 1724.073629][ T7900] bond0 (unregistering): Released all slaves [ 1724.484580][ T7900] bond1 (unregistering): Released all slaves [ 1724.821533][ T5873] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 1725.819944][ T5873] hid-generic 0000:0000:0000.000A: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1725.848807][ T7900] tipc: Left network mode [ 1725.849879][T23057] bridge0: port 1(bridge_slave_0) entered blocking state [ 1725.850108][T23057] bridge0: port 1(bridge_slave_0) entered disabled state [ 1725.850377][T23057] bridge_slave_0: entered allmulticast mode [ 1726.816877][T23057] bridge_slave_0: entered promiscuous mode [ 1727.090892][ T9] usb 4-1: new high-speed USB device number 60 using dummy_hcd [ 1727.097097][T23057] bridge0: port 2(bridge_slave_1) entered blocking state [ 1727.097249][T23057] bridge0: port 2(bridge_slave_1) entered disabled state [ 1727.097496][T23057] bridge_slave_1: entered allmulticast mode [ 1727.099609][T23057] bridge_slave_1: entered promiscuous mode [ 1727.308488][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1727.308559][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1727.308730][ T9] usb 4-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 1727.308790][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1727.423751][ T9] usb 4-1: config 0 descriptor?? [ 1727.563703][T23248] fido_id[23248]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 1728.062962][T23057] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1728.073442][ T9] usbhid 4-1:0.0: can't add hid device: -71 [ 1728.188356][ T9] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 1728.201148][ T9] usb 4-1: USB disconnect, device number 60 [ 1730.270505][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1730.282838][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1731.262731][T23057] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1732.050702][T23057] team0: Port device team_slave_0 added [ 1732.119927][T23057] team0: Port device team_slave_1 added [ 1732.339878][T23306] 9pnet_fd: Insufficient options for proto=fd [ 1732.411177][T23057] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1732.452170][T23057] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1732.692648][T23057] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1732.714803][T23057] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1732.721790][T23057] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1732.750224][T23057] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1733.568149][ T30] kauditd_printk_skb: 59 callbacks suppressed [ 1733.568168][ T30] audit: type=1326 audit(1747784988.847:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23324 comm="syz.6.4285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc6558e969 code=0x7ffc0000 [ 1733.751356][T19854] Bluetooth: hci0: Malformed LE Event: 0x1b [ 1733.769636][ T30] audit: type=1326 audit(1747784988.847:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23324 comm="syz.6.4285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc6558e969 code=0x7ffc0000 [ 1734.115215][ T30] audit: type=1326 audit(1747784988.847:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23324 comm="syz.6.4285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=163 compat=0 ip=0x7efc6558e969 code=0x7ffc0000 [ 1734.518340][ T30] audit: type=1326 audit(1747784988.847:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23324 comm="syz.6.4285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc6558e969 code=0x7ffc0000 [ 1734.707809][ T30] audit: type=1326 audit(1747784988.847:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23324 comm="syz.6.4285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc6558e969 code=0x7ffc0000 [ 1735.004352][T23057] hsr_slave_0: entered promiscuous mode [ 1735.032354][T23057] hsr_slave_1: entered promiscuous mode [ 1735.052322][T23057] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1735.080540][T23348] 9pnet_fd: Insufficient options for proto=fd [ 1735.099279][T23057] Cannot create hsr debugfs directory [ 1737.812628][T14396] usb 7-1: new high-speed USB device number 46 using dummy_hcd [ 1738.499388][T14396] usb 7-1: Using ep0 maxpacket: 8 [ 1738.842747][T14396] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1738.862623][T14396] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 1738.882251][T14396] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1738.961797][T14396] usb 7-1: config 0 descriptor?? [ 1739.223483][T14396] iowarrior 7-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 1739.275289][T23402] sg_write: data in/out 209152/4 bytes for SCSI command 0x89-- guessing data in; [ 1739.275289][T23402] program syz.1.4306 not setting count and/or reply_len properly [ 1741.757444][T23057] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1741.999974][T23057] 8021q: adding VLAN 0 to HW filter on device team0 [ 1742.020868][T23431] @: renamed from vlan0 (while UP) [ 1742.127482][T23439] RDS: rds_bind could not find a transport for fe80::17, load rds_tcp or rds_rdma? [ 1742.301807][T23439] kernel read not supported for file / 7âW)s!Qfsl{Tr)rO2:"T+͟v|ղDvc֠6xc: (pid: 23439 comm: syz.1.4315) [ 1742.324158][ T30] audit: type=1800 audit(1747784997.617:83): pid=23439 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.4315" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=96682 res=0 errno=0 [ 1742.601680][ T9291] bridge0: port 1(bridge_slave_0) entered blocking state [ 1742.608904][ T9291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1742.645535][ T5875] usb 7-1: USB disconnect, device number 46 [ 1742.839720][ T7900] hsr_slave_0: left promiscuous mode [ 1743.133199][ T7900] hsr_slave_1: left promiscuous mode [ 1743.141962][ T7900] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1743.782620][ T7900] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1744.905030][ T7900] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1744.954634][ T7900] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1745.446108][ T7900] batadv_slave_0: left allmulticast mode [ 1745.482822][ T7900] batadv_slave_0: left promiscuous mode [ 1745.513156][ T7900] veth1_macvtap: left promiscuous mode [ 1745.519119][ T7900] veth0_macvtap: left promiscuous mode [ 1745.556253][ T7900] veth1_vlan: left promiscuous mode [ 1745.561643][ T7900] veth0_vlan: left promiscuous mode [ 1745.616124][ T5870] IPVS: starting estimator thread 0... [ 1745.663474][ T24] usb 7-1: new high-speed USB device number 47 using dummy_hcd [ 1745.713157][T23474] IPVS: using max 30 ests per chain, 72000 per kthread [ 1745.842719][ T24] usb 7-1: Using ep0 maxpacket: 16 [ 1745.860751][ T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1745.919687][ T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1745.978975][ T24] usb 7-1: New USB device found, idVendor=04e7, idProduct=0009, bcdDevice= 0.00 [ 1746.034224][ T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1746.107179][ T24] usb 7-1: config 0 descriptor?? [ 1747.680829][ T24] usbhid 7-1:0.0: can't add hid device: -71 [ 1747.702435][ T24] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 1747.743123][ T24] usb 7-1: USB disconnect, device number 47 [ 1749.025971][ T7900] team0 (unregistering): Port device team_slave_1 removed [ 1749.278343][ T7900] team0 (unregistering): Port device team_slave_0 removed [ 1750.309115][T15388] Bluetooth: hci1: command 0x0405 tx timeout [ 1750.602633][T23507] binder: BINDER_SET_CONTEXT_MGR already set [ 1750.609258][T23507] binder: 23503:23507 ioctl 4018620d 200000000040 returned -16 [ 1750.624752][T23507] binder: 23503:23507 ioctl c0306201 200000001a80 returned -11 [ 1750.635704][T23507] binder: 23503:23507 ioctl c0306201 0 returned -14 [ 1753.608423][T23512] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.4331'. [ 1754.369337][ T9291] bridge0: port 2(bridge_slave_1) entered blocking state [ 1754.376571][ T9291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1754.721853][T23057] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1756.000417][ T7900] IPVS: stop unused estimator thread 0... [ 1757.052986][T23057] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1757.191865][T23580] tipc: New replicast peer: 255.255.255.255 [ 1757.217942][T23580] tipc: Enabled bearer , priority 10 [ 1758.013177][T23590] netlink: 'syz.6.4349': attribute type 10 has an invalid length. [ 1758.060157][T23590] team0: Device veth1_macvtap failed to register rx_handler [ 1758.453361][T23602] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4352'. [ 1758.697247][T23057] veth0_vlan: entered promiscuous mode [ 1758.711997][T23612] smc: net device bond0 applied user defined pnetid SYZ2 [ 1758.739168][T23612] smc: net device bond0 erased user defined pnetid SYZ2 [ 1758.750850][T23057] veth1_vlan: entered promiscuous mode [ 1758.831893][T23057] veth0_macvtap: entered promiscuous mode [ 1758.861152][T23057] veth1_macvtap: entered promiscuous mode [ 1758.941218][T23057] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1758.991309][T23057] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1759.650898][ T7900] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1759.668129][ T7900] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1759.695627][T15388] Bluetooth: hci5: unexpected event for opcode 0x0c38 [ 1759.730896][ T9291] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1759.744119][ T9291] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1763.794872][T15388] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0 [ 1763.819153][T15388] Bluetooth: hci5: Injecting HCI hardware error event [ 1763.860173][T19854] Bluetooth: hci5: hardware error 0x00 [ 1764.323422][ T5873] usb 7-1: new high-speed USB device number 48 using dummy_hcd [ 1764.638681][ T5873] usb 7-1: Using ep0 maxpacket: 8 [ 1764.769724][ T5873] usb 7-1: unable to get BOS descriptor or descriptor too short [ 1764.861839][ T5873] usb 7-1: config 8 interface 0 altsetting 7 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1764.902637][ T5873] usb 7-1: config 8 interface 0 altsetting 7 bulk endpoint 0x3 has invalid maxpacket 0 [ 1764.934995][ T5873] usb 7-1: config 8 interface 0 has no altsetting 0 [ 1764.984524][ T5873] usb 7-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=6a.e5 [ 1765.011393][ T5873] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1765.039099][ T5873] usb 7-1: Product: syz [ 1765.055316][ T5873] usb 7-1: Manufacturer: syz [ 1765.078514][ T5873] usb 7-1: SerialNumber: syz [ 1765.321389][ T5873] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 1765.344111][ T5873] usb 7-1: selecting invalid altsetting 0 [ 1766.201522][T23690] lo speed is unknown, defaulting to 1000 [ 1766.209780][T23690] lo speed is unknown, defaulting to 1000 [ 1766.218199][T23690] lo speed is unknown, defaulting to 1000 [ 1766.278758][T19854] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 1766.516968][T23690] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 1766.840809][ T5873] snd-usb-audio 7-1:8.0: probe with driver snd-usb-audio failed with error -12 [ 1767.592646][ T5873] usb 7-1: USB disconnect, device number 48 [ 1767.633219][T15388] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1767.646995][T15388] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1767.657743][T23690] lo speed is unknown, defaulting to 1000 [ 1767.663829][T15388] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1767.707236][T15388] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1767.716621][T15388] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1767.766327][T23699] udevd[23699]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:8.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1767.907767][T23690] lo speed is unknown, defaulting to 1000 [ 1767.935610][T23690] lo speed is unknown, defaulting to 1000 [ 1767.942397][T23690] lo speed is unknown, defaulting to 1000 [ 1767.953880][T23690] lo speed is unknown, defaulting to 1000 [ 1767.998601][T23696] lo speed is unknown, defaulting to 1000 [ 1767.998601][T23695] lo speed is unknown, defaulting to 1000 [ 1768.013048][T23695] lo speed is unknown, defaulting to 1000 [ 1768.454618][T23712] netlink: 28 bytes leftover after parsing attributes in process `syz.6.4378'. [ 1769.348064][T23695] lo speed is unknown, defaulting to 1000 [ 1769.527511][T23695] infiniband sz1: set active [ 1769.537243][T23695] infiniband sz1: added lo [ 1769.543181][T23695] sz1: rxe_create_cq: returned err = -12 [ 1769.549173][T23695] infiniband sz1: Couldn't create ib_mad CQ [ 1769.555354][T23695] infiniband sz1: Couldn't open port 1 [ 1769.575524][T23695] RDS/IB: sz1: added [ 1769.579879][T23695] smc: adding ib device sz1 with port count 1 [ 1769.586521][T23695] smc: ib device sz1 port 1 has pnetid [ 1769.595449][T23695] lo speed is unknown, defaulting to 1000 [ 1769.742150][T23695] lo speed is unknown, defaulting to 1000 [ 1769.822716][T19854] Bluetooth: hci4: command tx timeout [ 1769.886056][T23695] lo speed is unknown, defaulting to 1000 [ 1770.034113][T23695] lo speed is unknown, defaulting to 1000 [ 1770.184246][T23695] lo speed is unknown, defaulting to 1000 [ 1770.297758][ T5873] lo speed is unknown, defaulting to 1000 [ 1770.313581][ T5873] lo speed is unknown, defaulting to 1000 [ 1771.177345][ T5965] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1771.204581][T23695] lo speed is unknown, defaulting to 1000 [ 1771.610151][ T5965] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1772.268767][T15388] Bluetooth: hci4: command tx timeout [ 1772.902076][ T5965] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1773.886234][T23696] chnl_net:caif_netlink_parms(): no params data found [ 1774.772998][T15388] Bluetooth: hci4: command tx timeout [ 1774.969535][ T5965] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1776.859579][T19854] Bluetooth: hci4: command tx timeout [ 1776.903441][T23696] bridge0: port 1(bridge_slave_0) entered blocking state [ 1776.910691][T23696] bridge0: port 1(bridge_slave_0) entered disabled state [ 1776.934935][T23696] bridge_slave_0: entered allmulticast mode [ 1776.988115][T23696] bridge_slave_0: entered promiscuous mode [ 1777.015263][T23794] binder: 23791:23794 ioctl c0306201 0 returned -14 [ 1777.029439][T23696] bridge0: port 2(bridge_slave_1) entered blocking state [ 1777.046100][T23696] bridge0: port 2(bridge_slave_1) entered disabled state [ 1777.053743][T23696] bridge_slave_1: entered allmulticast mode [ 1777.061599][T23696] bridge_slave_1: entered promiscuous mode [ 1777.096009][T23796] binder: 23791:23796 ioctl c0306201 0 returned -14 [ 1777.302455][T23696] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1777.316568][T23696] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1777.490519][T23696] team0: Port device team_slave_0 added [ 1777.522026][T23696] team0: Port device team_slave_1 added [ 1777.543156][ T5965] bridge_slave_1: left allmulticast mode [ 1777.549338][ T5965] bridge_slave_1: left promiscuous mode [ 1777.558865][ T5965] bridge0: port 2(bridge_slave_1) entered disabled state [ 1777.751459][ T5965] bridge_slave_0: left allmulticast mode [ 1777.799688][ T5965] bridge_slave_0: left promiscuous mode [ 1777.855270][ T5965] bridge0: port 1(bridge_slave_0) entered disabled state [ 1778.273223][T19854] Bluetooth: hci2: command 0x0406 tx timeout [ 1778.739187][ T30] audit: type=1800 audit(1747786570.018:84): pid=23810 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.4401" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 1780.512600][T19854] Bluetooth: hci4: command 0x0405 tx timeout [ 1781.005912][T23836] exFAT-fs (nullb0): invalid boot record signature [ 1781.039108][T23836] exFAT-fs (nullb0): failed to read boot sector [ 1781.049869][T23836] exFAT-fs (nullb0): failed to recognize exfat type [ 1781.232327][T23843] 9pnet_fd: Insufficient options for proto=fd [ 1783.824998][ T5965] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1783.856896][ T5965] bond_slave_0: left allmulticast mode [ 1783.916847][ T5965] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1783.969108][ T5965] bond_slave_1: left allmulticast mode [ 1783.999839][ T5965] bond0 (unregistering): Released all slaves [ 1785.255788][T23696] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1785.265056][T23696] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1785.305542][T23871] binder: 23870:23871 ioctl 4018620d 0 returned -22 [ 1785.313835][T23696] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1785.328143][T23871] binder: 23870:23871 unknown command 1 [ 1785.333802][T23871] binder: 23870:23871 ioctl c0306201 200000000c40 returned -22 [ 1785.476770][ T5965] : left promiscuous mode [ 1785.504645][T23696] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1785.519733][T23696] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1785.547857][T23696] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1785.969545][T23898] ptrace attach of "./syz-executor exec"[16144] was attempted by "./syz-executor exec"[23898] [ 1787.272238][ T5965] tipc: Disabling bearer [ 1787.283823][ T5965] tipc: Left network mode [ 1787.315831][T23696] hsr_slave_0: entered promiscuous mode [ 1788.143430][T23696] hsr_slave_1: entered promiscuous mode [ 1791.587512][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1791.593898][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1796.192790][T23987] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000). [ 1796.310311][T23987] qnx6: wrong signature (magic) in superblock #1. [ 1796.317297][T23987] qnx6: unable to read the first superblock [ 1797.176315][T24003] afs: Unknown parameter 'dy' [ 1798.475156][T15388] Bluetooth: hci1: command 0x0405 tx timeout [ 1799.245916][T24014] xt_CT: No such helper "syz1" [ 1799.327992][T23696] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1803.149002][T23696] 8021q: adding VLAN 0 to HW filter on device team0 [ 1803.360562][ T5926] bridge0: port 1(bridge_slave_0) entered blocking state [ 1803.367780][ T5926] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1803.430828][ T5926] bridge0: port 2(bridge_slave_1) entered blocking state [ 1803.438105][ T5926] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1803.592220][T24036] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000). [ 1803.625091][T24036] qnx6: wrong signature (magic) in superblock #1. [ 1803.631735][T24036] qnx6: unable to read the first superblock [ 1804.185167][T23696] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1804.311046][ T5965] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1804.454232][ T5965] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1804.493165][T24053] binder: 24047:24053 ioctl 4018620d 0 returned -22 [ 1804.527750][T24053] binder: 24047:24053 unknown command 1 [ 1804.534090][T24053] binder: 24047:24053 ioctl c0306201 200000000c40 returned -22 [ 1804.634685][ T5965] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1804.855789][ T5965] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1805.101595][ T5965] veth1_macvtap: left promiscuous mode [ 1805.124890][ T5965] veth0_macvtap: left promiscuous mode [ 1805.130566][ T5965] veth1_vlan: left promiscuous mode [ 1805.136034][ T5965] veth0_vlan: left promiscuous mode [ 1805.635582][T15388] Bluetooth: hci0: command 0x0406 tx timeout [ 1805.913463][T24060] xt_CT: No such helper "syz1" [ 1808.423496][T24094] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000). [ 1808.440621][T24094] qnx6: wrong signature (magic) in superblock #1. [ 1808.447763][T24094] qnx6: unable to read the first superblock [ 1808.721515][ T5965] team0 (unregistering): Port device team_slave_1 removed [ 1808.823110][ T5965] team0 (unregistering): Port device team_slave_0 removed [ 1808.957791][T24103] kvm: user requested TSC rate below hardware speed [ 1810.003908][T24109] xt_CT: No such helper "syz1" [ 1810.025617][T24064] tipc: Started in network mode [ 1810.034806][T24064] tipc: Node identity ac14140f, cluster identity 4711 [ 1810.042172][T24064] tipc: New replicast peer: 255.255.255.255 [ 1810.050902][T24064] tipc: Enabled bearer , priority 10 [ 1810.509381][ T5965] IPVS: stop unused estimator thread 0... [ 1811.036091][T24136] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000). [ 1811.090825][T24136] qnx6: wrong signature (magic) in superblock #1. [ 1811.158656][T23696] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1811.170624][T21668] tipc: Node number set to 2886997007 [ 1811.261562][T24136] qnx6: unable to read the first superblock [ 1812.229855][T23696] veth0_vlan: entered promiscuous mode [ 1812.277861][T23696] veth1_vlan: entered promiscuous mode [ 1812.371431][T23696] veth0_macvtap: entered promiscuous mode [ 1812.575824][T23696] veth1_macvtap: entered promiscuous mode [ 1813.162708][T24178] Bluetooth: hci2: command 0x0406 tx timeout [ 1813.317090][T23696] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1813.358502][T24188] xt_CT: No such helper "syz1" [ 1813.368360][T23696] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1814.245588][T19854] Bluetooth: hci0: command 0x0406 tx timeout [ 1814.794896][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1814.834488][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1814.932086][T24204] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000). [ 1814.944889][T24204] qnx6: wrong signature (magic) in superblock #1. [ 1814.951409][T24204] qnx6: unable to read the first superblock [ 1815.391289][ T4441] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1815.443212][ T4441] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1818.102954][T24232] xt_CT: No such helper "syz1" [ 1818.701051][T24255] pimreg3: entered allmulticast mode [ 1819.894910][T24281] exFAT-fs (nullb0): invalid boot record signature [ 1819.938849][T24281] exFAT-fs (nullb0): failed to read boot sector [ 1820.013015][T24281] exFAT-fs (nullb0): failed to recognize exfat type [ 1823.300921][T24276] infiniband syz0: set active [ 1823.312907][T24276] infiniband syz0: added bond_slave_0 [ 1823.318970][T24276] syz0: rxe_create_cq: returned err = -12 [ 1823.363195][T24276] infiniband syz0: Couldn't create ib_mad CQ [ 1823.555129][T24276] infiniband syz0: Couldn't open port 1 [ 1823.784429][T24314] xt_CT: No such helper "syz1" [ 1824.354470][T24276] RDS/IB: syz0: added [ 1824.358552][T24276] smc: adding ib device syz0 with port count 1 [ 1824.459284][T24276] smc: ib device syz0 port 1 has pnetid [ 1824.831992][T24343] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4537'. [ 1824.841522][T24343] netlink: 216 bytes leftover after parsing attributes in process `syz.4.4537'. [ 1824.851282][T24343] netlink: 216 bytes leftover after parsing attributes in process `syz.4.4537'. [ 1824.868049][T24343] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check. [ 1827.773014][T24367] xt_CT: No such helper "syz1" [ 1828.983593][T24382] pimreg3: entered allmulticast mode [ 1829.278302][T24357] ip6t_srh: unknown srh invflags 7863 [ 1832.045336][T24424] xt_CT: No such helper "syz1" [ 1832.107275][T24414] netlink: 212 bytes leftover after parsing attributes in process `syz.0.4556'. [ 1832.411301][T24439] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 1832.411301][T24439] program syz.4.4564 not setting count and/or reply_len properly [ 1834.622649][T24456] netlink: 'syz.3.4569': attribute type 7 has an invalid length. [ 1834.630410][T24456] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4569'. [ 1837.306694][ T5873] usb 4-1: new high-speed USB device number 61 using dummy_hcd [ 1838.113139][ T5873] usb 4-1: Using ep0 maxpacket: 8 [ 1838.120413][ T5873] usb 4-1: config 0 has an invalid interface number: 234 but max is 2 [ 1838.128687][ T5873] usb 4-1: config 0 has 2 interfaces, different from the descriptor's value: 3 [ 1838.138698][ T5873] usb 4-1: config 0 has no interface number 1 [ 1838.145268][ T5873] usb 4-1: config 0 interface 234 has no altsetting 0 [ 1839.594331][ T5873] usb 4-1: New USB device found, idVendor=05c6, idProduct=9212, bcdDevice=47.83 [ 1840.942559][ T5873] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1840.950738][ T5873] usb 4-1: Product: syz [ 1840.972669][ T5873] usb 4-1: Manufacturer: syz [ 1840.977927][ T5873] usb 4-1: SerialNumber: syz [ 1841.004207][ T5873] usb 4-1: config 0 descriptor?? [ 1841.062194][ T5873] usb 4-1: can't set config #0, error -71 [ 1841.068599][T19854] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1841.079975][T19854] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1841.092810][T19854] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1841.121512][T19854] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1841.140644][T19854] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1841.152667][ T5873] usb 4-1: USB disconnect, device number 61 [ 1841.333933][T24489] lo speed is unknown, defaulting to 1000 [ 1841.411122][T24500] exFAT-fs (nullb0): invalid boot record signature [ 1841.506632][T24489] lo speed is unknown, defaulting to 1000 [ 1841.562702][T24500] exFAT-fs (nullb0): failed to read boot sector [ 1841.590539][T24500] exFAT-fs (nullb0): failed to recognize exfat type [ 1841.627857][T24507] syz.4.4581: attempt to access beyond end of device [ 1841.627857][T24507] nbd4: rw=0, sector=64, nr_sectors = 2 limit=0 [ 1841.677498][T24507] syz.4.4581: attempt to access beyond end of device [ 1841.677498][T24507] nbd4: rw=0, sector=512, nr_sectors = 2 limit=0 [ 1841.838779][T24507] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256 [ 1842.125336][T24507] syz.4.4581: attempt to access beyond end of device [ 1842.125336][T24507] nbd4: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 1842.143972][T24507] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512 [ 1842.158037][T24507] syz.4.4581: attempt to access beyond end of device [ 1842.158037][T24507] nbd4: rw=0, sector=64, nr_sectors = 4 limit=0 [ 1842.210979][T24507] syz.4.4581: attempt to access beyond end of device [ 1842.210979][T24507] nbd4: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 1842.304707][T24507] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256 [ 1843.059751][T24507] syz.4.4581: attempt to access beyond end of device [ 1843.059751][T24507] nbd4: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 1843.078149][T21668] ================================================================== [ 1843.086252][T21668] BUG: KASAN: slab-use-after-free in __mutex_unlock_slowpath+0xd4/0x700 [ 1843.094608][T21668] Read of size 8 at addr ffff8880286d5ad0 by task kworker/1:3/21668 [ 1843.102598][T21668] [ 1843.104940][T21668] CPU: 1 UID: 0 PID: 21668 Comm: kworker/1:3 Not tainted 6.15.0-rc7-syzkaller-00002-gb36ddb9210e6 #0 PREEMPT(full) [ 1843.104975][T21668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1843.104987][T21668] Workqueue: events l2cap_chan_timeout [ 1843.105015][T21668] Call Trace: [ 1843.105022][T21668] [ 1843.105030][T21668] dump_stack_lvl+0x189/0x250 [ 1843.105055][T21668] ? __virt_addr_valid+0x18c/0x540 [ 1843.105077][T21668] ? rcu_is_watching+0x15/0xb0 [ 1843.105102][T21668] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1843.105124][T21668] ? rcu_is_watching+0x15/0xb0 [ 1843.105148][T21668] ? lock_release+0x4b/0x3e0 [ 1843.105173][T21668] ? __virt_addr_valid+0x18c/0x540 [ 1843.105194][T21668] ? __virt_addr_valid+0x469/0x540 [ 1843.105234][T21668] print_report+0xb4/0x290 [ 1843.105268][T21668] ? __mutex_unlock_slowpath+0xd4/0x700 [ 1843.105290][T21668] kasan_report+0x118/0x150 [ 1843.105318][T21668] ? __mutex_unlock_slowpath+0xd4/0x700 [ 1843.105343][T21668] kasan_check_range+0x29a/0x2b0 [ 1843.105358][T21668] ? process_scheduled_works+0x9ec/0x17a0 [ 1843.105385][T21668] __mutex_unlock_slowpath+0xd4/0x700 [ 1843.105408][T21668] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1843.105432][T21668] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1843.105457][T21668] ? l2cap_chan_put+0x117/0x240 [ 1843.105480][T21668] ? l2cap_chan_timeout+0x1ac/0x390 [ 1843.105500][T21668] ? process_scheduled_works+0x9ec/0x17a0 [ 1843.105527][T21668] process_scheduled_works+0xade/0x17a0 [ 1843.105565][T21668] ? __pfx_process_scheduled_works+0x10/0x10 [ 1843.105598][T21668] worker_thread+0x8a0/0xda0 [ 1843.105615][T21668] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1843.105638][T21668] ? __kthread_parkme+0x7b/0x200 [ 1843.105659][T21668] kthread+0x711/0x8a0 [ 1843.105680][T21668] ? __pfx_worker_thread+0x10/0x10 [ 1843.105695][T21668] ? __pfx_kthread+0x10/0x10 [ 1843.105714][T21668] ? __pfx_kthread+0x10/0x10 [ 1843.105738][T21668] ? _raw_spin_unlock_irq+0x23/0x50 [ 1843.105756][T21668] ? lockdep_hardirqs_on+0x9c/0x150 [ 1843.105777][T21668] ? __pfx_kthread+0x10/0x10 [ 1843.105795][T21668] ret_from_fork+0x4b/0x80 [ 1843.105811][T21668] ? __pfx_kthread+0x10/0x10 [ 1843.105829][T21668] ret_from_fork_asm+0x1a/0x30 [ 1843.105865][T21668] [ 1843.105872][T21668] [ 1843.321936][T21668] Allocated by task 23813: [ 1843.326362][T21668] kasan_save_track+0x3e/0x80 [ 1843.331045][T21668] __kasan_kmalloc+0x93/0xb0 [ 1843.335633][T21668] __kmalloc_cache_noprof+0x230/0x3d0 [ 1843.341007][T21668] l2cap_conn_add+0xaa/0x8d0 [ 1843.345613][T21668] l2cap_chan_connect+0x6c8/0xe30 [ 1843.350642][T21668] lowpan_control_write+0x421/0x6c0 [ 1843.355840][T21668] full_proxy_write+0x15a/0x220 [ 1843.360692][T21668] vfs_write+0x27e/0xa90 [ 1843.364935][T21668] ksys_write+0x145/0x250 [ 1843.369259][T21668] do_syscall_64+0xf6/0x210 [ 1843.373774][T21668] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1843.379662][T21668] [ 1843.381979][T21668] Freed by task 24276: [ 1843.386034][T21668] kasan_save_track+0x3e/0x80 [ 1843.390713][T21668] kasan_save_free_info+0x46/0x50 [ 1843.395735][T21668] __kasan_slab_free+0x62/0x70 [ 1843.400493][T21668] kfree+0x193/0x440 [ 1843.404382][T21668] hci_conn_hash_flush+0x10a/0x230 [ 1843.409499][T21668] hci_dev_close_sync+0xaef/0x1330 [ 1843.414601][T21668] hci_unregister_dev+0x206/0x500 [ 1843.419628][T21668] vhci_release+0x80/0xd0 [ 1843.423960][T21668] __fput+0x449/0xa70 [ 1843.427955][T21668] task_work_run+0x1d4/0x260 [ 1843.432547][T21668] do_exit+0x8d6/0x2550 [ 1843.436707][T21668] do_group_exit+0x21c/0x2d0 [ 1843.441311][T21668] get_signal+0x125e/0x1310 [ 1843.445812][T21668] arch_do_signal_or_restart+0x95/0x780 [ 1843.451361][T21668] syscall_exit_to_user_mode+0x8b/0x120 [ 1843.456910][T21668] do_syscall_64+0x103/0x210 [ 1843.461506][T21668] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1843.467397][T21668] [ 1843.469739][T21668] The buggy address belongs to the object at ffff8880286d5800 [ 1843.469739][T21668] which belongs to the cache kmalloc-1k of size 1024 [ 1843.483789][T21668] The buggy address is located 720 bytes inside of [ 1843.483789][T21668] freed 1024-byte region [ffff8880286d5800, ffff8880286d5c00) [ 1843.497660][T21668] [ 1843.499981][T21668] The buggy address belongs to the physical page: [ 1843.506483][T21668] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x286d0 [ 1843.515241][T21668] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1843.523734][T21668] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1843.531271][T21668] page_type: f5(slab) [ 1843.535241][T21668] raw: 00fff00000000040 ffff88801a041dc0 dead000000000100 dead000000000122 [ 1843.543817][T21668] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 1843.552391][T21668] head: 00fff00000000040 ffff88801a041dc0 dead000000000100 dead000000000122 [ 1843.561078][T21668] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 1843.569750][T21668] head: 00fff00000000003 ffffea0000a1b401 00000000ffffffff 00000000ffffffff [ 1843.578406][T21668] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 1843.587075][T21668] page dumped because: kasan: bad access detected [ 1843.593489][T21668] page_owner tracks the page as allocated [ 1843.599203][T21668] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 10599, tgid 10592 (syz.1.847), ts 489014007001, free_ts 487477546121 [ 1843.620038][T21668] post_alloc_hook+0x1d8/0x230 [ 1843.624912][T21668] get_page_from_freelist+0x21c7/0x22a0 [ 1843.630460][T21668] __alloc_frozen_pages_noprof+0x181/0x370 [ 1843.636268][T21668] alloc_pages_mpol+0x232/0x4a0 [ 1843.641211][T21668] allocate_slab+0x8a/0x3b0 [ 1843.645713][T21668] ___slab_alloc+0xbfc/0x1480 [ 1843.650387][T21668] __kmalloc_node_track_caller_noprof+0x2f8/0x4e0 [ 1843.656819][T21668] kmalloc_reserve+0x136/0x290 [ 1843.661594][T21668] __alloc_skb+0x142/0x2d0 [ 1843.666012][T21668] xfrm_alloc_compat+0x1a6/0x16f0 [ 1843.671044][T21668] xfrm_nlmsg_multicast+0xda/0x1f0 [ 1843.676150][T21668] xfrm_send_acquire+0x99d/0xee0 [ 1843.681083][T21668] km_query+0x11c/0x210 [ 1843.685243][T21668] xfrm_state_find+0x3cc5/0x5520 [ 1843.690188][T21668] xfrm_resolve_and_create_bundle+0x768/0x2f90 [ 1843.696340][T21668] xfrm_lookup_with_ifid+0x2a7/0x1a70 [ 1843.701714][T21668] page last free pid 5188 tgid 5188 stack trace: [ 1843.708030][T21668] __free_frozen_pages+0xb05/0xcd0 [ 1843.713148][T21668] __put_partials+0x161/0x1c0 [ 1843.717829][T21668] put_cpu_partial+0x17c/0x250 [ 1843.722599][T21668] __slab_free+0x2f7/0x400 [ 1843.727026][T21668] qlist_free_all+0x9a/0x140 [ 1843.731629][T21668] kasan_quarantine_reduce+0x148/0x160 [ 1843.737101][T21668] __kasan_slab_alloc+0x22/0x80 [ 1843.741959][T21668] kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 1843.747417][T21668] getname_flags+0xb8/0x540 [ 1843.751912][T21668] do_readlinkat+0xbc/0x500 [ 1843.756420][T21668] __x64_sys_readlink+0x7f/0x90 [ 1843.761277][T21668] do_syscall_64+0xf6/0x210 [ 1843.765776][T21668] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1843.771662][T21668] [ 1843.773978][T21668] Memory state around the buggy address: [ 1843.779599][T21668] ffff8880286d5980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1843.787653][T21668] ffff8880286d5a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1843.795702][T21668] >ffff8880286d5a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1843.803750][T21668] ^ [ 1843.810408][T21668] ffff8880286d5b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1843.818458][T21668] ffff8880286d5b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1843.826522][T21668] ================================================================== [ 1843.894117][T21668] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1843.901448][T21668] CPU: 1 UID: 0 PID: 21668 Comm: kworker/1:3 Not tainted 6.15.0-rc7-syzkaller-00002-gb36ddb9210e6 #0 PREEMPT(full) [ 1843.913639][T21668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1843.923719][T21668] Workqueue: events l2cap_chan_timeout [ 1843.929225][T21668] Call Trace: [ 1843.932525][T21668] [ 1843.935478][T21668] dump_stack_lvl+0x99/0x250 [ 1843.940104][T21668] ? __asan_memcpy+0x40/0x70 [ 1843.944729][T21668] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1843.949967][T21668] ? __pfx__printk+0x10/0x10 [ 1843.954597][T21668] panic+0x2db/0x790 [ 1843.958531][T21668] ? __pfx_panic+0x10/0x10 [ 1843.962978][T21668] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 1843.968896][T21668] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1843.975249][T21668] ? print_memory_metadata+0x314/0x400 [ 1843.980729][T21668] ? __mutex_unlock_slowpath+0xd4/0x700 [ 1843.986294][T21668] check_panic_on_warn+0x89/0xb0 [ 1843.991237][T21668] ? __mutex_unlock_slowpath+0xd4/0x700 [ 1843.996783][T21668] end_report+0x78/0x160 [ 1844.001032][T21668] kasan_report+0x129/0x150 [ 1844.005541][T21668] ? __mutex_unlock_slowpath+0xd4/0x700 [ 1844.011109][T21668] kasan_check_range+0x29a/0x2b0 [ 1844.016043][T21668] ? process_scheduled_works+0x9ec/0x17a0 [ 1844.021771][T21668] __mutex_unlock_slowpath+0xd4/0x700 [ 1844.027142][T21668] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1844.033118][T21668] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1844.039100][T21668] ? l2cap_chan_put+0x117/0x240 [ 1844.043958][T21668] ? l2cap_chan_timeout+0x1ac/0x390 [ 1844.049157][T21668] ? process_scheduled_works+0x9ec/0x17a0 [ 1844.054879][T21668] process_scheduled_works+0xade/0x17a0 [ 1844.060463][T21668] ? __pfx_process_scheduled_works+0x10/0x10 [ 1844.066453][T21668] worker_thread+0x8a0/0xda0 [ 1844.071040][T21668] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1844.077369][T21668] ? __kthread_parkme+0x7b/0x200 [ 1844.082301][T21668] kthread+0x711/0x8a0 [ 1844.086366][T21668] ? __pfx_worker_thread+0x10/0x10 [ 1844.091479][T21668] ? __pfx_kthread+0x10/0x10 [ 1844.096150][T21668] ? __pfx_kthread+0x10/0x10 [ 1844.100740][T21668] ? _raw_spin_unlock_irq+0x23/0x50 [ 1844.105951][T21668] ? lockdep_hardirqs_on+0x9c/0x150 [ 1844.111150][T21668] ? __pfx_kthread+0x10/0x10 [ 1844.115736][T21668] ret_from_fork+0x4b/0x80 [ 1844.120142][T21668] ? __pfx_kthread+0x10/0x10 [ 1844.124724][T21668] ret_from_fork_asm+0x1a/0x30 [ 1844.129498][T21668] [ 1844.132879][T21668] Kernel Offset: disabled [ 1844.137197][T21668] Rebooting in 86400 seconds..