last executing test programs: 9.203574556s ago: executing program 2 (id=492): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r0, &(0x7f0000000840)="a6", 0x1, 0x200080c0, &(0x7f00000001c0)={0xa, 0x2, 0x8000, @loopback, 0x8}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000002c0)='hybla', 0x5) sendto$inet6(r0, &(0x7f0000000880)="e2a8", 0x2, 0x40040, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0) shutdown(r0, 0x1) 8.853307563s ago: executing program 1 (id=497): mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x10b) r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r0, 0x402, 0x8000003d) fcntl$setsig(r0, 0xa, 0x21) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) write$dsp(r1, &(0x7f0000000040), 0x0) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) rename(&(0x7f0000000480)='./bus\x00', &(0x7f0000000500)='./file0\x00') 8.62104319s ago: executing program 2 (id=499): r0 = socket(0x2b, 0x1, 0x1) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e1f, 0x2, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) setsockopt$inet_tcp_int(r0, 0x6, 0x9, &(0x7f0000000140)=0xfb78, 0x4) 8.539803149s ago: executing program 2 (id=500): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000140), 0x10) sendmsg$can_bcm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="05"], 0x48}}, 0x805) close(r0) 8.369646888s ago: executing program 2 (id=503): mprotect(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0xe) mlock2(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000200), 0xa2442, 0x0) r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={0x54, 0x12, 0x1, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, {0x0, 0x4e22, [0xfffffffc, 0x0, 0xcd7e], [], 0x0, [0x1]}, 0x0, 0x2000}, [@INET_DIAG_REQ_BYTECODE={0x8, 0x3, "06010000"}]}, 0x54}}, 0x20000080) r1 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2603) r2 = syz_open_dev$evdev(&(0x7f0000000240), 0x20000, 0x0) ioctl$EVIOCGLED(r2, 0x40284504, &(0x7f0000000000)=""/56) ioctl$I2C_FUNCS(r1, 0x705, &(0x7f0000000280)=0x3) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup/cgroup.procs\x00', 0x2, 0x0) read(r3, &(0x7f0000000080)=""/1, 0x1) r4 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup/cgroup.procs\x00', 0x2, 0x0) read(r4, &(0x7f0000000080)=""/1, 0x1) r5 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r5, 0x6, 0x0, 0x0, 0x0) r6 = fsmount(r5, 0x1, 0x0) r7 = openat$cgroup_subtree(r6, &(0x7f0000000100), 0x2, 0x0) write$cgroup_subtree(r7, &(0x7f0000000300)=ANY=[@ANYBLOB='-cpu'], 0x5) syz_usb_connect$uac2(0x5, 0x7b, &(0x7f0000000d00)=ANY=[@ANYBLOB="1201500200000040532b24004000010203010902690003012b4006080b02010103200809040000000101200009240100800909000909040100000102200009040101010102200009050109100032000908250102300001000904020000010220000904020101010220000905829d693bf719d39bdf3346c10f859e3a9ab204de636fb6dfc2a277fd34d9512e99c1c222d1141eeac3e9532eef633fd1a262563164bbb43b1caa2e09912ccfe120128bd45e7790b0936b2e86dbb2740cc5cf52362e584d05d170bddbc17de050da184cf49cec9c06c7ec49833850885a0e5d8c2848a04a7696bd1cef35fc92"], &(0x7f0000000cc0)={0x0, 0x0, 0x0, 0x0}) socket$inet6(0xa, 0x1, 0x0) 7.067288829s ago: executing program 1 (id=505): r0 = fsopen(&(0x7f0000000140)='sysfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = getpid() r2 = syz_pidfd_open(r1, 0x0) setns(r2, 0x24020000) r3 = syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = syz_pidfd_open(r3, 0x0) setns(r4, 0x24020000) fsmount(r0, 0x0, 0x0) 7.067010104s ago: executing program 0 (id=506): prctl$PR_SET_MM(0x23, 0x1, &(0x7f00002d5000/0x2000)=nil) r0 = shmget(0x1, 0x4000, 0x200, &(0x7f0000ffc000/0x4000)=nil) shmctl$SHM_LOCK(r0, 0xb) shmctl$IPC_RMID(r0, 0x0) 6.817724229s ago: executing program 0 (id=508): sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[], 0x20}}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_GET_MSR_FEATURE_INDEX_LIST(r0, 0x4018aee3, &(0x7f0000000080)) 6.70016021s ago: executing program 0 (id=510): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20020008008f}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) r3 = userfaultfd(0x801) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5}) ioctl$UFFDIO_CONTINUE(r3, 0xc020aa08, &(0x7f0000000180)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) 6.664270438s ago: executing program 1 (id=511): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x10031, 0xffffffffffffffff, 0x61be1000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mknod$loop(0x0, 0xfff, 0x0) execve(0x0, 0x0, &(0x7f0000000100)={[&(0x7f00000000c0)='=\x8d5\x10\xe4\x00\bj\xfb', &(0x7f0000000080)='=\x8d5\x10\xe4\x00\bj\xfb']}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$ARPT_SO_SET_REPLACE(r2, 0x0, 0x60, 0x0, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8923, &(0x7f00000000c0)={'dummy0\x00', @random="01350104ff00"}) syz_open_dev$sg(&(0x7f0000000180), 0x0, 0x80041) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/disk', 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000280)='net/route\x00') r4 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000180)='/proc/asound/card0/oss_mixer\x00', 0x2, 0x0) write$proc_mixer(r4, &(0x7f0000000340)=ANY=[@ANYBLOB='LINE \''], 0x8c) close(r4) r5 = syz_open_procfs(0xffffffffffffffff, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_RESET_LINK_STATS(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000a40)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000000005001462726f61646361730000000000000000000000000000224fdc0ce632cc389657292c1307ca0d0000f2d3c90dd3d79bdecf9e5af9d73fa92b83edcfd26e50fb1a9e73b8217d23457da7ceca66e0695028020fb7ef3d6c064f810059f5e9edd380e3da9c45a1a7e9fb1db1e52a8a6268bca8d57cfa23c19abec538146057dd5cf13360d0b8aee6e73089fe124f7c63d1ae4b92710433fcb3a3cdc1f97adaa5cd9b6834e8e55cec7970c0e9bc1ba526298fa7ff7e21959f76e1f8b51ad84c10e6b634b49aa7b2f05975f4db1f9b4e810e1dfad194137aa36af4496cd936516fd120c5947b6736b660045900cec6ac7c3163f2360f59f82b51e325f3d036ad2ab4b4aa334b304566014dcd9dacd7b4c9394c1003f53fee33652e7952f6562b1b95e564431eda0f454b715e329274dba520983257b983006beb526d9c7fe5b2a4ec365a2cd6af6922f56c99ef1561c8273d1b9b761c1c1a2af80737f65d4a771f01034e11c200ff2cbb0959d2ff09a287bfccab44089808903792924b93b8d8f23b0b6fb6a473cd214ce78e221ac0f563d9f44a97cf306d2c38f4e2fe0a3dc9b17f47396f5454440f63a46a29033d9585e3f1dfaf4158d46e5bb23ff1515490f13f85dea80e05b05adcdd381f4253803600bdd0441cccdc7696fc5d36245006bb8f0967aa43af14c536aa073c6f5040108d2538736c342f8d1748f7690b518d0fb56f2d385936a71548aea745b4b4c102924c5e882285fb76ddb772c0bed75e197ae9abf79af3f9398a288b9fc86e575f7b6b1265942913e01ceb14996417307499de6a2b921435aa"], 0x30}}, 0x0) read$FUSE(r5, &(0x7f00000061c0)={0x2020}, 0x115f) syz_clone3(&(0x7f000000dd80)={0xa00400, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58) sendfile(0xffffffffffffffff, r3, &(0x7f0000000080)=0xb, 0x8) 5.529932403s ago: executing program 0 (id=513): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$unix(0x1, 0x2, 0x0) file_getattr(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x400) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={0x80, 0x0, 0x10, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x10000, 0x200070}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'vcan0\x00'}, @mon_options=[@NL80211_ATTR_MNTR_FLAGS={0x20, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}]}, @NL80211_ATTR_MNTR_FLAGS={0x1c, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_OTHER_BSS={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}]}, @NL80211_ATTR_MNTR_FLAGS={0x4}], @NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0x80}, 0x1, 0x0, 0x0, 0x91}, 0x20054804) rt_sigqueueinfo(0x0, 0x21, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) fcntl$getown(r3, 0x9) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xd, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000025300)=""/102392, 0x18ff8) syz_open_dev$dvb_demux(&(0x7f0000000080), 0x0, 0x41) close(r3) 5.386557029s ago: executing program 3 (id=514): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000040)={0x84, @multicast2, 0x15, 0x3, 'sh\x00', 0x1, 0x4, 0x6d}, 0x2c) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_ACCEPT(r4, &(0x7f0000000700)={0x8, 0x120, 0xfa00, {0x1, {0x7fff, 0x0, "f2f098559c349771f4685809b0bd266d9bdf828ef95654a926215943e4db81b6bd174e58c4d933d8b2511eff67b62a4ab96414dfadf511338d12fdd60fadeab08f4d9b8ddd86a12a30aaf70329511fbdd7e3f75834942f27ebf81621ac5ac4398d16db7fa83f2be5426064ade336055432cf298ee73d2302cfff371f44cde79fc74e32cea15ed259070ec226c5ec19860aa1480a39d35d1ae94d6de1e43555b84f3a42a6ec1ffbf174708b1a4a586386736a28e604cc543162d5e9d591adef68116bb01515476763f888f9739445fb85da04a4ecb8da0baa27e9d122243c759a31740d53103d7d97ddcf7c90e577dc46d09e6a1d3ee3008cac3bdd5f4bb82551", 0xc, 0xfc, 0xd, 0x0, 0xe, 0xe, 0x6, 0x1}, r5}}, 0x128) 3.539312428s ago: executing program 3 (id=515): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x881, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_TSC_KHZ_vm(r1, 0xaea2, 0xfff) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000300)={0x1, 0x0, [{0x40000021, 0x0, 0x1af}]}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_GET_MSRS_cpu(r2, 0xc008ae88, &(0x7f0000000200)={0x1, 0x0, [{0x40000020, 0x0, 0x8}]}) 3.325951985s ago: executing program 0 (id=516): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) openat$vcsa(0xffffffffffffff9c, 0x0, 0x20000, 0x0) setsockopt$sock_int(r1, 0x1, 0x29, &(0x7f0000000840)=0x4, 0x4) 2.958146682s ago: executing program 3 (id=517): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000780)=ANY=[@ANYBLOB="28010000", @ANYRES16=r1, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="0901330080000000ffffffffffff080211000000f70b87594b3f00002f1203abf6c014dd360000000001"], 0x128}, 0x1, 0x0, 0x0, 0x44800}, 0x0) 2.891631291s ago: executing program 1 (id=518): syz_emit_vhci(0x0, 0x0) syz_emit_vhci(0x0, 0x0) syz_emit_vhci(&(0x7f0000001a80)=@HCI_SCODATA_PKT={0x3, {0x0, 0x1e}, "c088dfd165356b567105731ee20c8c604befa672ed22ffac9b7afa08cae9"}, 0x22) syz_emit_vhci(&(0x7f0000001b80)=@HCI_EVENT_PKT={0x4, @inquiry_info={{0x2, 0xf}, {0x1, [{@none, 0x5, 0x6b, 0x2, "1aa6d6", 0x31}]}}}, 0x12) syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) syz_emit_vhci(&(0x7f0000002440)=@HCI_EVENT_PKT={0x4, @extended_inquiry_info={{0x2f, 0xff}, {0x1, [{@none, 0xb, 0xd, "e5ea7c", 0x0, 0x49, "e6f139b88e9dd7a94c0abf132a142b3b8e3ac39546ea63d505c81b249776769d43ecdc472fa6f72d21e93ad47dee7387fab8ee18d02ae5b94999c1df9d8a732a13c3bcdb0135a8c30bd4d4241bcc2ffc619e0b0c95dfbf936be9d29f8f3481432b24e0215c5b13bb850ed80ebb978697632f261ced458f5806018ded4cdf995700ef92a23a583c1f62867b760ad91c41d4cff419f3c225310414bc83a0fc2ea19391a530991a8fb644753f90f3c6c13bc8ec8054643813a3fe49e51a66ff2f5f7f17e31f4a18b67ae1f9e9795141ec4955a6596f3564858d489066d9048a6f4f74f4ffd0cff343f4322cfb6455e331b0"}]}}}, 0x102) 2.891390303s ago: executing program 2 (id=519): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x40001e0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) madvise(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x17) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3400000040000701fcffffff00000100017c"], 0x34}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) 2.382568648s ago: executing program 3 (id=520): r0 = socket$inet_udp(0x2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$inet_udp_encap(r0, 0x11, 0x68, &(0x7f0000000040)=0x2, 0x4) 2.093957669s ago: executing program 0 (id=521): socket$nl_generic(0x10, 0x3, 0x10) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$phonet_pipe(0x23, 0x5, 0x2) ptrace$cont(0xf7aef61bbe72383, 0x0, 0x276, 0x401) r0 = socket$kcm(0x23, 0x5, 0x0) listen(r0, 0x800) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000f00)=[{&(0x7f0000000200)="5c00000014006b05c84e21000ab16d6e230675f811000000440002005817d30461bc24eeb556a7ef595105ea1698fa51f60a64c9f408000000e786a6d0bdbdc3d44bd70011b6c0504bb9189d9193e9bd00"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x240040c4) r2 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r2, &(0x7f0000000040)={0x23, 0x0, 0x58}, 0x10) accept4(r0, 0x0, 0x0, 0x80000) syz_open_dev$sndmidi(0x0, 0x2, 0x143102) 1.231169586s ago: executing program 1 (id=522): setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000180)={0x0, 0x5}, 0x8) r0 = add_key$user(&(0x7f0000000200), &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000002c0)="f5", 0x30, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xd3, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, 0x0, 0x0, 0x0) 1.206714382s ago: executing program 3 (id=523): r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000780), 0x40002, 0x0) write$P9_RREADDIR(r0, 0x0, 0x0) r1 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_SET(r1, &(0x7f0000000cc0)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000c80)={&(0x7f0000000c40)={0x3c, 0x3e9, 0x400, 0x70bd2a, 0x25dfdbff, {0x21, 0x0, 0x0, 0x0, 0x0, 0x1, 0xffffffff, 0x6, 0x0, 0x1, 0x7}, ["", "", ""]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000810}, 0x8040) 80.289774ms ago: executing program 1 (id=524): r0 = syz_open_dev$usbfs(&(0x7f0000000240), 0x75, 0x109301) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000080), 0x8080, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 27.700944ms ago: executing program 3 (id=525): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0) ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000000)) r1 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x9) ioctl$TCSETSF2(r1, 0x402c542d, &(0x7f0000000100)={0x4, 0xf37, 0x3, 0x6, 0x7, "d0993dbaf1c41bdaaacce510430554caddbd3a", 0x5, 0x9}) 0s ago: executing program 2 (id=526): mkdir(&(0x7f0000000000)='./file0\x00', 0x1d7) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_notify={{0x3b, 0xa}, {@none, 0x1}}}, 0xd) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_user_confirm_req={{0x33, 0xa}, {@any, 0xf}}}, 0xd) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, 0xffffffffffffffff) ioctl$SNDCTL_SEQ_GETINCOUNT(0xffffffffffffffff, 0x80045105, &(0x7f0000000640)) prctl$PR_CAP_AMBIENT(0x2f, 0x3, 0x0) r0 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece) ioctl$HIDIOCAPPLICATION(r0, 0x4802, 0x8) ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(0xffffffffffffffff, 0xf502, 0x0) copy_file_range(r0, &(0x7f0000000680)=0xc, r0, 0x0, 0x1, 0x0) syz_open_dev$amidi(0x0, 0x7fff, 0x101000) pivot_root(&(0x7f0000000800)='./file0\x00', 0x0) r1 = syz_usb_connect_ath9k(0x3, 0x0, 0x0, 0x0) syz_usb_ep_write$ath9k_ep1(r1, 0x82, 0x0, 0x0) syz_usb_ep_write$ath9k_ep2(r1, 0x83, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000e00)=@HCI_EVENT_PKT={0x4, @hci_ev_conn_request={{0x4, 0xa}, {@none, "cd6949"}}}, 0xd) syz_emit_vhci(&(0x7f00000012c0)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x3, 0x4}}, 0x9) syz_usb_control_io$rtl8150(0xffffffffffffffff, 0x0, 0x0) unlink(0x0) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.93' (ED25519) to the list of known hosts. [ 90.170260][ T5599] cgroup: Unknown subsys name 'net' [ 90.412599][ T5599] cgroup: Unknown subsys name 'cpuset' [ 90.466892][ T5599] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 91.953796][ T45] cfg80211: failed to load regulatory.db [ 92.510286][ T5599] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 96.890509][ T5627] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 96.930660][ T5630] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 96.935669][ T5630] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 96.952010][ T5630] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 96.989170][ T5626] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 96.993385][ T5632] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 97.003628][ T5632] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 97.016551][ T5626] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 97.033379][ T5630] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 97.034864][ T5632] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 97.044856][ T5626] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 97.062503][ T5630] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 97.063273][ T5635] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 97.065883][ T5630] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 97.069649][ T5630] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 97.072187][ T5630] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 97.082880][ T4926] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 97.083358][ T4926] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 97.095794][ T4926] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 97.152267][ T61] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 99.141673][ T5627] Bluetooth: hci3: command tx timeout [ 99.191951][ T5619] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.192945][ T5619] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.193162][ T5619] bridge_slave_0: entered allmulticast mode [ 99.195761][ T5619] bridge_slave_0: entered promiscuous mode [ 99.219860][ T5627] Bluetooth: hci1: command tx timeout [ 99.220085][ T5627] Bluetooth: hci2: command tx timeout [ 99.220301][ T5627] Bluetooth: hci0: command tx timeout [ 99.279278][ T5619] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.279526][ T5619] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.279725][ T5619] bridge_slave_1: entered allmulticast mode [ 99.283698][ T5619] bridge_slave_1: entered promiscuous mode [ 99.435022][ T5620] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.435301][ T5620] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.435718][ T5620] bridge_slave_0: entered allmulticast mode [ 99.445119][ T5620] bridge_slave_0: entered promiscuous mode [ 99.491914][ T5619] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 99.511874][ T5620] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.512164][ T5620] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.512372][ T5620] bridge_slave_1: entered allmulticast mode [ 99.514713][ T5620] bridge_slave_1: entered promiscuous mode [ 99.516254][ T5622] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.519078][ T5622] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.521264][ T5622] bridge_slave_0: entered allmulticast mode [ 99.545719][ T5622] bridge_slave_0: entered promiscuous mode [ 99.573778][ T5619] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 99.618278][ T5622] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.618490][ T5622] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.618727][ T5622] bridge_slave_1: entered allmulticast mode [ 99.621154][ T5622] bridge_slave_1: entered promiscuous mode [ 99.791376][ T5621] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.791823][ T5621] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.792119][ T5621] bridge_slave_0: entered allmulticast mode [ 99.794592][ T5621] bridge_slave_0: entered promiscuous mode [ 99.829645][ T5620] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 99.859158][ T5619] team0: Port device team_slave_0 added [ 99.859602][ T5621] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.859934][ T5621] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.860212][ T5621] bridge_slave_1: entered allmulticast mode [ 99.863030][ T5621] bridge_slave_1: entered promiscuous mode [ 99.890328][ T5620] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 99.912608][ T5622] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 99.923773][ T5619] team0: Port device team_slave_1 added [ 99.969157][ T5622] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 100.075794][ T5621] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 100.088433][ T5620] team0: Port device team_slave_0 added [ 100.112041][ T5619] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 100.112055][ T5619] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 100.112075][ T5619] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 100.128313][ T5621] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 100.142560][ T5620] team0: Port device team_slave_1 added [ 100.159449][ T5622] team0: Port device team_slave_0 added [ 100.169543][ T5619] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 100.169586][ T5619] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 100.169661][ T5619] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 100.254231][ T5622] team0: Port device team_slave_1 added [ 100.325628][ T5621] team0: Port device team_slave_0 added [ 100.335131][ T5620] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 100.335145][ T5620] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 100.335165][ T5620] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 100.395344][ T5621] team0: Port device team_slave_1 added [ 100.399510][ T5620] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 100.399560][ T5620] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 100.399641][ T5620] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 100.408071][ T5622] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 100.408107][ T5622] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 100.408182][ T5622] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 100.517868][ T5622] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 100.517885][ T5622] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 100.517907][ T5622] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 100.620589][ T5619] hsr_slave_0: entered promiscuous mode [ 100.622451][ T5619] hsr_slave_1: entered promiscuous mode [ 100.625905][ T5621] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 100.625917][ T5621] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 100.625937][ T5621] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 100.705492][ T5621] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 100.705507][ T5621] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 100.705527][ T5621] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 101.117130][ T5620] hsr_slave_0: entered promiscuous mode [ 101.118731][ T5620] hsr_slave_1: entered promiscuous mode [ 101.120058][ T5620] debugfs: 'hsr0' already exists in 'hsr' [ 101.120139][ T5620] Cannot create hsr debugfs directory [ 101.185521][ T5622] hsr_slave_0: entered promiscuous mode [ 101.189474][ T5622] hsr_slave_1: entered promiscuous mode [ 101.194531][ T5622] debugfs: 'hsr0' already exists in 'hsr' [ 101.194604][ T5622] Cannot create hsr debugfs directory [ 101.216753][ T5625] Bluetooth: hci3: command tx timeout [ 101.297630][ T5625] Bluetooth: hci0: command tx timeout [ 101.297663][ T5625] Bluetooth: hci2: command tx timeout [ 101.297686][ T5625] Bluetooth: hci1: command tx timeout [ 101.341566][ T5621] hsr_slave_0: entered promiscuous mode [ 101.343660][ T5621] hsr_slave_1: entered promiscuous mode [ 101.344860][ T5621] debugfs: 'hsr0' already exists in 'hsr' [ 101.344886][ T5621] Cannot create hsr debugfs directory [ 102.151765][ T5619] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 102.229840][ T5619] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 102.238989][ T5619] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 102.272383][ T5619] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 102.274333][ T5619] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 102.298456][ T5619] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 102.325245][ T5619] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 102.354135][ T5619] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 102.486674][ T5622] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 102.543954][ T5622] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 102.556836][ T5622] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 102.594078][ T5622] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 102.606422][ T5622] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 102.653170][ T5622] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 102.693520][ T5622] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 102.731993][ T5622] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 102.893250][ T5621] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 102.925139][ T5621] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 102.943524][ T5621] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 102.972369][ T5621] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 102.976092][ T5621] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 103.036122][ T5621] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 103.076976][ T5621] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 103.102593][ T5621] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 103.258584][ T5620] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 103.296457][ T5627] Bluetooth: hci3: command tx timeout [ 103.308355][ T5620] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 103.313655][ T5620] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 103.334471][ T5620] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 103.356060][ T5620] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 103.376484][ T5625] Bluetooth: hci2: command tx timeout [ 103.376499][ T5627] Bluetooth: hci1: command tx timeout [ 103.376517][ T5625] Bluetooth: hci0: command tx timeout [ 103.407585][ T5620] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 103.416068][ T5620] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 103.460884][ T5620] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 103.571216][ T5619] 8021q: adding VLAN 0 to HW filter on device bond0 [ 103.711437][ T5619] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.778328][ T5622] 8021q: adding VLAN 0 to HW filter on device bond0 [ 103.799034][ T1195] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.799209][ T1195] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.850334][ T170] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.850476][ T170] bridge0: port 2(bridge_slave_1) entered forwarding state [ 103.984777][ T5622] 8021q: adding VLAN 0 to HW filter on device team0 [ 104.051981][ T1491] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.052512][ T1491] bridge0: port 1(bridge_slave_0) entered forwarding state [ 104.080982][ T5621] 8021q: adding VLAN 0 to HW filter on device bond0 [ 104.130709][ T1486] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.130880][ T1486] bridge0: port 2(bridge_slave_1) entered forwarding state [ 104.245302][ T5621] 8021q: adding VLAN 0 to HW filter on device team0 [ 104.267940][ T5620] 8021q: adding VLAN 0 to HW filter on device bond0 [ 104.318603][ T1491] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.319166][ T1491] bridge0: port 1(bridge_slave_0) entered forwarding state [ 104.392314][ T170] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.392427][ T170] bridge0: port 2(bridge_slave_1) entered forwarding state [ 104.485313][ T5620] 8021q: adding VLAN 0 to HW filter on device team0 [ 104.579867][ T1195] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.580190][ T1195] bridge0: port 1(bridge_slave_0) entered forwarding state [ 104.663974][ T1195] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.664143][ T1195] bridge0: port 2(bridge_slave_1) entered forwarding state [ 105.376717][ T5627] Bluetooth: hci3: command tx timeout [ 105.456445][ T61] Bluetooth: hci2: command tx timeout [ 105.456481][ T61] Bluetooth: hci0: command tx timeout [ 105.456505][ T61] Bluetooth: hci1: command tx timeout [ 105.573043][ T5619] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 105.873547][ T5622] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 106.095957][ T5619] veth0_vlan: entered promiscuous mode [ 106.190446][ T5621] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 106.205700][ T5619] veth1_vlan: entered promiscuous mode [ 106.350228][ T5622] veth0_vlan: entered promiscuous mode [ 106.363844][ T5620] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 106.423479][ T5622] veth1_vlan: entered promiscuous mode [ 106.469147][ T5619] veth0_macvtap: entered promiscuous mode [ 106.509462][ T5619] veth1_macvtap: entered promiscuous mode [ 106.547227][ T5621] veth0_vlan: entered promiscuous mode [ 106.605710][ T5621] veth1_vlan: entered promiscuous mode [ 106.628654][ T5619] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 106.668204][ T5622] veth0_macvtap: entered promiscuous mode [ 106.675480][ T5619] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 106.676045][ T5620] veth0_vlan: entered promiscuous mode [ 106.711728][ T5622] veth1_macvtap: entered promiscuous mode [ 106.745249][ T1195] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.761347][ T1195] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.764147][ T1195] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.795068][ T5620] veth1_vlan: entered promiscuous mode [ 106.801991][ T1195] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.912633][ T5622] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 106.986401][ T5621] veth0_macvtap: entered promiscuous mode [ 107.064174][ T5622] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 107.081408][ T5621] veth1_macvtap: entered promiscuous mode [ 107.209461][ T1471] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.229852][ T1471] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.264783][ T1471] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.287182][ T1471] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.288038][ T5620] veth0_macvtap: entered promiscuous mode [ 107.341793][ T1471] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.341813][ T1471] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.435085][ T5620] veth1_macvtap: entered promiscuous mode [ 107.449054][ T5621] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 107.546947][ T5621] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 107.725631][ T1486] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.725655][ T1486] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.743469][ T1471] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.767626][ T1471] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.768110][ T1471] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.769424][ T1471] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 107.821818][ T5620] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 108.042811][ T5620] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 108.105896][ T1486] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.105918][ T1486] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.262600][ T1471] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.294292][ T1471] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.394554][ T1471] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.492464][ T1486] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.635015][ T5769] UHID_CREATE from different security context by process 3 (syz.1.2), this is not allowed. [ 108.758442][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.758463][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.981560][ T3391] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 108.981581][ T3391] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 109.524219][ T3391] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 109.524238][ T3391] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.011299][ T1491] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.011320][ T1491] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.297836][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.297860][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.797091][ T5717] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 111.060295][ T5717] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 111.060348][ T5717] usb 2-1: New USB device found, idVendor=054c, idProduct=0ba0, bcdDevice= 0.00 [ 111.060375][ T5717] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 111.225916][ T5787] netlink: 1624 bytes leftover after parsing attributes in process `syz.2.10'. [ 111.418361][ T5717] usb 2-1: config 0 descriptor?? [ 111.743354][ T5717] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 113.117294][ T37] usb 2-1: USB disconnect, device number 2 [ 114.823301][ T5627] Bluetooth: hci1: command 0x0406 tx timeout [ 118.931959][ T5960] netlink: 4 bytes leftover after parsing attributes in process `syz.2.81'. [ 118.971247][ T5960] netlink: 24 bytes leftover after parsing attributes in process `syz.2.81'. [ 119.646219][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 119.666236][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 119.676234][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 119.686223][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 119.696219][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 119.706214][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 119.716217][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 119.726232][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 119.736219][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 119.746221][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 121.394690][ T5969] netlink: 80 bytes leftover after parsing attributes in process `syz.1.86'. [ 121.429682][ T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 121.626361][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 121.631493][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 121.651297][ T9] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 121.651395][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 121.651450][ T9] usb 1-1: Product: syz [ 121.651494][ T9] usb 1-1: Manufacturer: syz [ 121.651538][ T9] usb 1-1: SerialNumber: syz [ 121.734534][ T9] usb 1-1: config 0 descriptor?? [ 121.838290][ T9] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 121.838330][ T9] em28xx 1-1:0.0: DVB interface 0 found: bulk [ 123.266994][ T9] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 123.855013][ T9] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 123.855048][ T9] em28xx 1-1:0.0: board has no eeprom [ 123.876144][ T5987] netlink: 'syz.3.93': attribute type 2 has an invalid length. [ 124.046322][ T9] em28xx 1-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 124.046411][ T9] em28xx 1-1:0.0: dvb set to bulk mode. [ 124.048937][ T45] em28xx 1-1:0.0: Binding DVB extension [ 124.434484][ T9] usb 1-1: USB disconnect, device number 2 [ 124.465405][ T45] em28xx 1-1:0.0: Registering input extension [ 124.761127][ T9] em28xx 1-1:0.0: Disconnecting em28xx [ 124.761300][ T9] em28xx 1-1:0.0: Closing input extension [ 127.100420][ T5999] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 127.735299][ T9] em28xx 1-1:0.0: Freeing device [ 128.247416][ T9] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 128.437344][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 128.443026][ T9] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 128.443059][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 128.495818][ T9] usb 1-1: config 0 descriptor?? [ 128.720737][ T9] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 128.763212][ T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 128.767641][ T9] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 128.767716][ T9] usb 1-1: media controller created [ 128.797894][ T61] Bluetooth: to_multiplier 4209 > 3200 [ 128.936036][ T6024] syz.2.104 uses obsolete (PF_INET,SOCK_PACKET) [ 129.925956][ T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 130.210954][ T6016] syz.3.100 (6016) used greatest stack depth: 18856 bytes left [ 130.429416][ T9] az6027: usb out operation failed. (-71) [ 130.438355][ T9] az6027: usb out operation failed. (-71) [ 130.438376][ T9] stb0899_attach: Driver disabled by Kconfig [ 130.438387][ T9] az6027: no front-end attached [ 130.438387][ T9] [ 130.452656][ T9] az6027: usb out operation failed. (-71) [ 130.452711][ T9] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 130.548278][ T9] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input6 [ 131.265413][ T61] Bluetooth: hci2: command tx timeout [ 131.349770][ T9] dvb-usb: schedule remote query interval to 400 msecs. [ 131.349796][ T9] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 131.437126][ T9] usb 1-1: USB disconnect, device number 3 [ 132.868893][ T6043] binder: BINDER_SET_CONTEXT_MGR already set [ 132.868939][ T6043] binder: 6042:6043 ioctl 4018620d 200000004a80 returned -16 [ 132.901913][ T1338] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.902045][ T1338] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.102142][ T9] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 133.784126][ T6067] netlink: 'syz.1.119': attribute type 29 has an invalid length. [ 133.785771][ T6067] netlink: 'syz.1.119': attribute type 29 has an invalid length. [ 133.787135][ T6067] netlink: 'syz.1.119': attribute type 29 has an invalid length. [ 135.122655][ T6064] syz.3.117 (6064) used greatest stack depth: 18136 bytes left [ 135.439679][ T6085] process 'syz.3.126' launched '/dev/fd/3' with NULL argv: empty string added [ 135.599853][ T6089] netlink: 24 bytes leftover after parsing attributes in process `syz.0.127'. [ 137.586688][ T5710] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 138.217311][ T5710] usb 3-1: Using ep0 maxpacket: 8 [ 138.528711][ T5710] usb 3-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4 [ 138.528745][ T5710] usb 3-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3 [ 138.528779][ T5710] usb 3-1: Product: syz [ 138.528794][ T5710] usb 3-1: Manufacturer: syz [ 138.528809][ T5710] usb 3-1: SerialNumber: syz [ 138.577059][ T5710] usb 3-1: config 0 descriptor?? [ 138.613161][ T6106] qnx6: unable to read the first superblock [ 138.613384][ T6106] qnx6: unable to read the first superblock [ 138.613390][ T6106] qnx6: unable to read the first superblock [ 138.651291][ T5710] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd [ 138.751731][ T6111] netlink: 60 bytes leftover after parsing attributes in process `syz.1.135'. [ 138.763474][ T6111] netlink: 60 bytes leftover after parsing attributes in process `syz.1.135'. [ 138.779164][ T6111] netlink: 60 bytes leftover after parsing attributes in process `syz.1.135'. [ 139.196038][ T5710] gspca_zc3xx: reg_r err -32 [ 139.198273][ T5710] gspca_zc3xx 3-1:0.0: probe with driver gspca_zc3xx failed with error -32 [ 139.223852][ C0] Unknown status report in ack skb [ 141.014345][ T61] block nbd1: Receive control failed (result -107) [ 141.075787][ T5710] usb 3-1: USB disconnect, device number 2 [ 141.123071][ T6129] nbd1: detected capacity change from 0 to 10 [ 141.190321][ T6133] syzkaller1: entered promiscuous mode [ 141.190349][ T6133] syzkaller1: entered allmulticast mode [ 141.215105][ T6125] block nbd1: shutting down sockets [ 144.269643][ T6149] netlink: 32 bytes leftover after parsing attributes in process `syz.1.148'. [ 144.352672][ T6151] netlink: 8 bytes leftover after parsing attributes in process `syz.3.149'. [ 144.374489][ T6151] nbd: socks must be embedded in a SOCK_ITEM attr [ 144.859328][ T5726] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 145.007084][ T5726] usb 2-1: Using ep0 maxpacket: 8 [ 145.014803][ T5726] usb 2-1: config index 0 descriptor too short (expected 74, got 45) [ 145.014865][ T5726] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 145.014894][ T5726] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 145.014919][ T5726] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024 [ 145.014946][ T5726] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 145.014970][ T5726] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 145.015011][ T5726] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 145.015035][ T5726] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 145.433903][ T5726] usb 2-1: usb_control_msg returned -32 [ 145.433959][ T5726] usbtmc 2-1:16.0: can't read capabilities [ 147.456247][ T61] Bluetooth: hci3: command 0x0406 tx timeout [ 148.465735][ T6186] netlink: 'syz.0.159': attribute type 3 has an invalid length. [ 148.515807][ T5710] usb 2-1: USB disconnect, device number 3 [ 149.595243][ T6194] Bluetooth: hci1: Opcode 0x0401 failed: -4 [ 151.457835][ T5627] Bluetooth: hci1: command 0x0406 tx timeout [ 151.706545][ T6191] syz.1.161 (6191) used greatest stack depth: 16928 bytes left [ 152.609295][ T6207] ======================================================= [ 152.609295][ T6207] WARNING: The mand mount option has been deprecated and [ 152.609295][ T6207] and is ignored by this kernel. Remove the mand [ 152.609295][ T6207] option from the mount to silence this warning. [ 152.609295][ T6207] ======================================================= [ 152.956463][ T6210] netlink: 4 bytes leftover after parsing attributes in process `syz.0.167'. [ 153.654403][ T6216] syz_tun: entered allmulticast mode [ 153.755730][ T6218] netlink: 'syz.0.170': attribute type 39 has an invalid length. [ 153.857845][ T6216] dvmrp1: entered allmulticast mode [ 155.930213][ T6218] syz_tun (unregistering): left allmulticast mode [ 157.748287][ T5710] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 157.916903][ T5710] usb 4-1: Using ep0 maxpacket: 32 [ 157.919721][ T5710] usb 4-1: config 0 interface 0 has no altsetting 0 [ 157.919764][ T5710] usb 4-1: New USB device found, idVendor=0403, idProduct=97c1, bcdDevice= 0.00 [ 157.919791][ T5710] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 157.979908][ T5710] usb 4-1: config 0 descriptor?? [ 159.298581][ T5710] hid-retrode 0003:0403:97C1.0001: bogus close delimiter [ 159.298606][ T5710] hid-retrode 0003:0403:97C1.0001: item 0 2 2 10 parsing failed [ 159.299467][ T5710] hid-retrode 0003:0403:97C1.0001: probe with driver hid-retrode failed with error -22 [ 159.519793][ T5717] usb 4-1: USB disconnect, device number 2 [ 164.856958][ T6304] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 166.631830][ T5717] kernel read not supported for file /media3 (pid: 5717 comm: kworker/0:4) [ 166.908625][ C0] wlan1: beacon TX faster than countdown (channel/color switch) completion [ 169.257021][ T6343] syz_tun: entered allmulticast mode [ 169.319085][ T6342] syz_tun: left allmulticast mode [ 169.322835][ T6345] bridge0: port 3(veth1_vlan) entered blocking state [ 169.323237][ T6345] bridge0: port 3(veth1_vlan) entered disabled state [ 169.323554][ T6345] veth1_vlan: entered allmulticast mode [ 169.395936][ T6345] veth1_vlan: left allmulticast mode [ 170.975575][ T6336] syz.0.213 (6336): drop_caches: 2 [ 174.900005][ T6388] netlink: 'syz.2.230': attribute type 2 has an invalid length. [ 174.900031][ T6388] netlink: 723 bytes leftover after parsing attributes in process `syz.2.230'. [ 179.727800][ T5601] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 179.884819][ T5601] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 246, changing to 11 [ 179.884860][ T5601] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 179.884906][ T5601] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 179.884932][ T5601] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 179.981876][ T5601] usb 2-1: config 0 descriptor?? [ 180.404161][ T5601] kovaplus 0003:1E7D:2D50.0002: unknown main item tag 0x0 [ 180.404204][ T5601] kovaplus 0003:1E7D:2D50.0002: unknown main item tag 0x0 [ 180.404233][ T5601] kovaplus 0003:1E7D:2D50.0002: unknown main item tag 0x0 [ 180.404263][ T5601] kovaplus 0003:1E7D:2D50.0002: unknown main item tag 0x0 [ 180.404292][ T5601] kovaplus 0003:1E7D:2D50.0002: unknown main item tag 0x0 [ 180.404321][ T5601] kovaplus 0003:1E7D:2D50.0002: unknown main item tag 0x0 [ 180.404349][ T5601] kovaplus 0003:1E7D:2D50.0002: unknown main item tag 0x0 [ 180.404386][ T5601] kovaplus 0003:1E7D:2D50.0002: unknown main item tag 0x0 [ 180.404415][ T5601] kovaplus 0003:1E7D:2D50.0002: unknown main item tag 0x0 [ 180.404444][ T5601] kovaplus 0003:1E7D:2D50.0002: unknown main item tag 0x0 [ 180.697362][ T5601] kovaplus 0003:1E7D:2D50.0002: hidraw0: USB HID v7f.fd Device [HID 1e7d:2d50] on usb-dummy_hcd.1-1/input0 [ 182.006613][ T5601] kovaplus 0003:1E7D:2D50.0002: couldn't init struct kovaplus_device [ 182.006674][ T5601] kovaplus 0003:1E7D:2D50.0002: couldn't install mouse [ 182.100608][ T5601] kovaplus 0003:1E7D:2D50.0002: probe with driver kovaplus failed with error -71 [ 182.115008][ T5601] usb 2-1: USB disconnect, device number 4 [ 182.150660][ T6437] fido_id[6437]: Failed to read report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:1E7D:2D50.0002/report_descriptor': No such device [ 184.242807][ T6458] vivid-004: disconnect [ 185.525314][ T6457] vivid-004: reconnect [ 186.653989][ T6474] futex_wake_op: syz.2.260 tries to shift op by 144; fix this program [ 188.068813][ T6484] trusted_key: encrypted_key: insufficient parameters specified [ 188.306003][ T6487] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 189.928850][ T6506] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.271'. [ 189.929129][ T6506] openvswitch: netlink: Message has 512 unknown bytes. [ 192.754256][ T5627] Bluetooth: hci1: unexpected event for opcode 0x000e [ 195.502611][ T1338] ieee802154 phy0 wpan0: encryption failed: -22 [ 195.507243][ T1338] ieee802154 phy1 wpan1: encryption failed: -22 [ 197.211521][ T6580] netlink: 8 bytes leftover after parsing attributes in process `syz.3.301'. [ 200.842203][ T6614] Zero length message leads to an empty skb [ 200.842925][ T6614] netlink: 14 bytes leftover after parsing attributes in process `syz.3.313'. [ 202.376030][ T6614] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 202.545108][ T6614] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 202.661952][ T6638] netlink: 8 bytes leftover after parsing attributes in process `syz.1.319'. [ 202.703999][ T6614] bond0 (unregistering): Released all slaves [ 207.540834][ T38] audit: type=1800 audit(2000000028.780:2): pid=6668 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.330" name="file0" dev="overlay" ino=424 res=0 errno=0 [ 208.746568][ T6675] netlink: 4 bytes leftover after parsing attributes in process `syz.0.325'. [ 208.914616][ T6680] netlink: 12 bytes leftover after parsing attributes in process `syz.1.332'. [ 209.156579][ T6680] netlink: 12 bytes leftover after parsing attributes in process `syz.1.332'. [ 209.306321][ T6680] netlink: 12 bytes leftover after parsing attributes in process `syz.1.332'. [ 216.522682][ T6779] tmpfs: Bad value for 'mpol' [ 222.576653][ T5627] Bluetooth: hci0: command 0x0406 tx timeout [ 222.576697][ T5627] Bluetooth: hci3: command 0x0406 tx timeout [ 224.944046][ T6831] netlink: 'syz.3.386': attribute type 10 has an invalid length. [ 227.429890][ T6844] netlink: 'syz.2.388': attribute type 4 has an invalid length. [ 229.695015][ T6855] evm: overlay not supported [ 229.765312][ T61] Bluetooth: hci1: unexpected event for opcode 0x1009 [ 234.606500][ T6916] faux_driver vgem: [drm] Unknown color mode 127; guessing buffer size. [ 238.307713][ T6928] netlink: 12 bytes leftover after parsing attributes in process `syz.3.420'. [ 238.420424][ T6930] netlink: 'syz.1.422': attribute type 10 has an invalid length. [ 238.438893][ T6930] team0: Device veth1_macvtap is up. Set it down before adding it as a team port [ 238.876394][ T38] audit: type=1326 audit(2000000060.150:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6939 comm="syz.1.426" exe="/root/ci-upstream-rust-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7371f6cdd9 code=0x7ffc0000 [ 238.876456][ T38] audit: type=1326 audit(2000000060.150:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6939 comm="syz.1.426" exe="/root/ci-upstream-rust-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7371f6cdd9 code=0x7ffc0000 [ 239.911751][ T38] audit: type=1326 audit(2000000061.120:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6939 comm="syz.1.426" exe="/root/ci-upstream-rust-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7371f6cdd9 code=0x7ffc0000 [ 239.911798][ T38] audit: type=1326 audit(2000000061.190:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6939 comm="syz.1.426" exe="/root/ci-upstream-rust-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7371f6cdd9 code=0x7ffc0000 [ 239.911830][ T38] audit: type=1326 audit(2000000061.190:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6939 comm="syz.1.426" exe="/root/ci-upstream-rust-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7f7371f6cdd9 code=0x7ffc0000 [ 239.940771][ T38] audit: type=1326 audit(2000000061.220:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6939 comm="syz.1.426" exe="/root/ci-upstream-rust-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7371f6cdd9 code=0x7ffc0000 [ 239.940829][ T38] audit: type=1326 audit(2000000061.220:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6939 comm="syz.1.426" exe="/root/ci-upstream-rust-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7371f6cdd9 code=0x7ffc0000 [ 239.940893][ T38] audit: type=1326 audit(2000000061.220:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6939 comm="syz.1.426" exe="/root/ci-upstream-rust-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7371f6cdd9 code=0x7ffc0000 [ 239.981865][ T38] audit: type=1326 audit(2000000061.230:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6939 comm="syz.1.426" exe="/root/ci-upstream-rust-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7371f6cdd9 code=0x7ffc0000 [ 240.016154][ T38] audit: type=1326 audit(2000000061.280:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6939 comm="syz.1.426" exe="/root/ci-upstream-rust-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=242 compat=0 ip=0x7f7371f6cdd9 code=0x7ffc0000 [ 241.714065][ T6956] fuse: Bad value for 'fd' [ 248.685986][ T7021] capability: warning: `syz.3.454' uses deprecated v2 capabilities in a way that may be insecure [ 250.236241][ T5724] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 250.390949][ T5724] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 250.391001][ T5724] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 250.392716][ T5724] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 250.392744][ T5724] usb 2-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 250.392771][ T5724] usb 2-1: Manufacturer: syz [ 251.977015][ T5724] usb 2-1: config 0 descriptor?? [ 253.592955][ T5724] uclogic 0003:256C:006D.0003: v1 frame probing failed: -71 [ 253.593062][ T5724] uclogic 0003:256C:006D.0003: failed probing parameters: -71 [ 253.593155][ T5724] uclogic 0003:256C:006D.0003: probe with driver uclogic failed with error -71 [ 253.694146][ T5724] usb 2-1: USB disconnect, device number 5 [ 254.920352][ T7078] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 255.906581][ T1338] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.906693][ T1338] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.347181][ C0] Unknown status report in ack skb [ 258.413820][ T7120] trusted_key: encrypted_key: insufficient parameters specified [ 259.290809][ T7127] overlayfs: failed to resolve './file0': -2 [ 259.624518][ T38] kauditd_printk_skb: 3 callbacks suppressed [ 259.624538][ T38] audit: type=1326 audit(2000000080.900:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7138 comm="syz.1.497" exe="/root/ci-upstream-rust-kasan-gce/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7371f6cdd9 code=0x0 [ 259.886729][ T7144] nbd: couldn't find a device at index 0 [ 260.041742][ T7152] overlayfs: missing 'lowerdir' [ 261.656376][ T7055] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 261.692106][ T7173] bridge0: entered allmulticast mode [ 261.819366][ T7055] usb 3-1: unable to get BOS descriptor or descriptor too short [ 261.822643][ T7055] usb 3-1: config 1 has an invalid descriptor of length 155, skipping remainder of the config [ 261.822727][ T7055] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 50, changing to 7 [ 261.824298][ T7055] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 247, changing to 7 [ 261.824331][ T7055] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid maxpacket 9065, setting to 1024 [ 261.852376][ T7055] usb 3-1: New USB device found, idVendor=2b53, idProduct=0024, bcdDevice= 0.40 [ 261.852475][ T7055] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 261.852537][ T7055] usb 3-1: Product: syz [ 261.852573][ T7055] usb 3-1: Manufacturer: syz [ 261.852617][ T7055] usb 3-1: SerialNumber: syz [ 262.707683][ T7181] ÿ: renamed from dummy0 (while UP) [ 264.879125][ T32] IPVS: starting estimator thread 0... [ 264.976486][ T7194] IPVS: using max 12 ests per chain, 28800 per kthread [ 266.977712][ T61] Bluetooth: hci1: SCO packet for unknown connection handle 0 [ 267.187898][ T7212] netlink: 'syz.0.521': attribute type 2 has an invalid length. [ 267.331195][ T7055] usb 3-1: USB disconnect, device number 3 [ 267.626998][ T7221] netlink: 28 bytes leftover after parsing attributes in process `syz.2.519'. [ 268.103750][ T5696] udevd[5696]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 268.438502][ C0] [ 268.438515][ C0] ====================================================== [ 268.438524][ C0] WARNING: possible circular locking dependency detected [ 268.438546][ C0] syzkaller #0 Tainted: G L [ 268.438558][ C0] ------------------------------------------------------ [ 268.438567][ C0] syz.0.521/7212 is trying to acquire lock: [ 268.438579][ C0] ffff88804d56bfe0 (slock-AF_PHONET/1){+.+.}-{3:3}, at: __sk_receive_skb+0x1bf/0x9e0 [ 268.438643][ C0] [ 268.438643][ C0] but task is already holding lock: [ 268.438649][ C0] ffff88801af148a0 (slock-AF_PHONET){+...}-{3:3}, at: __sk_receive_skb+0x1f1/0x9e0 [ 268.438696][ C0] [ 268.438696][ C0] which lock already depends on the new lock. [ 268.438696][ C0] [ 268.438703][ C0] [ 268.438703][ C0] the existing dependency chain (in reverse order) is: [ 268.438711][ C0] [ 268.438711][ C0] -> #1 (slock-AF_PHONET){+...}-{3:3}: [ 268.438739][ C0] rt_spin_lock+0x83/0x400 [ 268.438761][ C0] __sk_receive_skb+0x1f1/0x9e0 [ 268.438781][ C0] phonet_rcv+0x781/0xc40 [ 268.438812][ C0] process_backlog+0x5e1/0xc60 [ 268.438831][ C0] __napi_poll+0xab/0x550 [ 268.438849][ C0] net_rx_action+0x696/0xe00 [ 268.438868][ C0] handle_softirqs+0x1de/0x6d0 [ 268.438894][ C0] __local_bh_enable_ip+0x170/0x2b0 [ 268.438920][ C0] netif_rx+0xb9/0xf0 [ 268.438946][ C0] pn_send+0x62a/0x8e0 [ 268.438966][ C0] pn_skb_send+0x218/0x530 [ 268.438987][ C0] pipe_snd_status+0x1f1/0x320 [ 268.439010][ C0] pipe_do_rcv+0xf15/0x16a0 [ 268.439034][ C0] __sk_receive_skb+0x962/0x9e0 [ 268.439053][ C0] pep_do_rcv+0x685/0xaa0 [ 268.439079][ C0] __release_sock+0x2a9/0x3d0 [ 268.439105][ C0] release_sock+0x1be/0x290 [ 268.439125][ C0] pep_sock_accept+0xd47/0x11e0 [ 268.439168][ C0] pn_socket_accept+0xc1/0x310 [ 268.439188][ C0] do_accept+0x6ca/0x930 [ 268.439210][ C0] __sys_accept4+0x139/0x230 [ 268.439232][ C0] __x64_sys_accept4+0x9a/0xb0 [ 268.439254][ C0] do_syscall_64+0x15f/0xf80 [ 268.439288][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 268.439309][ C0] [ 268.439309][ C0] -> #0 (slock-AF_PHONET/1){+.+.}-{3:3}: [ 268.439346][ C0] __lock_acquire+0x15a5/0x2d10 [ 268.439367][ C0] lock_acquire+0x106/0x350 [ 268.439385][ C0] rt_spin_lock_nested+0x81/0x3f0 [ 268.439408][ C0] __sk_receive_skb+0x1bf/0x9e0 [ 268.439429][ C0] pep_do_rcv+0x685/0xaa0 [ 268.439454][ C0] __sk_receive_skb+0x962/0x9e0 [ 268.439476][ C0] phonet_rcv+0x781/0xc40 [ 268.439499][ C0] process_backlog+0x5e1/0xc60 [ 268.439520][ C0] __napi_poll+0xab/0x550 [ 268.439538][ C0] net_rx_action+0x696/0xe00 [ 268.439559][ C0] handle_softirqs+0x1de/0x6d0 [ 268.439587][ C0] __local_bh_enable_ip+0x170/0x2b0 [ 268.439614][ C0] netif_rx+0xb9/0xf0 [ 268.439641][ C0] pn_send+0x62a/0x8e0 [ 268.439662][ C0] pn_skb_send+0x218/0x530 [ 268.439685][ C0] pep_sock_close+0x2c1/0x5b0 [ 268.439710][ C0] pn_socket_release+0x9b/0xc0 [ 268.439730][ C0] __sock_release+0xb9/0x250 [ 268.439747][ C0] sock_close+0x1c/0x30 [ 268.439775][ C0] __fput+0x461/0xa70 [ 268.439797][ C0] task_work_run+0x1d9/0x270 [ 268.439825][ C0] exit_to_user_mode_loop+0xed/0x4d0 [ 268.439857][ C0] [ 268.439857][ C0] other info that might help us debug this: [ 268.439857][ C0] [ 268.439864][ C0] Possible unsafe locking scenario: [ 268.439864][ C0] [ 268.439871][ C0] CPU0 CPU1 [ 268.439878][ C0] ---- ---- [ 268.439885][ C0] lock(slock-AF_PHONET); [ 268.439900][ C0] lock(slock-AF_PHONET/1); [ 268.439923][ C0] lock(slock-AF_PHONET); [ 268.439940][ C0] lock(slock-AF_PHONET/1); [ 268.439959][ C0] [ 268.439959][ C0] *** DEADLOCK *** [ 268.439959][ C0] [ 268.439965][ C0] 7 locks held by syz.0.521/7212: [ 268.439979][ C0] #0: ffff88805c0fe138 (&sb->s_type->i_mutex_key#13){+.+.}-{4:4}, at: __sock_release+0x89/0x250 [ 268.440036][ C0] #1: ffff88801af14098 (sk_lock-AF_PHONET){+.+.}-{0:0}, at: pep_sock_close+0x86/0x5b0 [ 268.440095][ C0] #2: ffffffff8e1c8300 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 [ 268.440155][ C0] #3: ffffffff8e1c8300 (rcu_read_lock){....}-{1:3}, at: process_backlog+0x271/0xc60 [ 268.440208][ C0] #4: ffff88801af148a0 (slock-AF_PHONET){+...}-{3:3}, at: __sk_receive_skb+0x1f1/0x9e0 [ 268.440261][ C0] #5: ffffffff8e1c8300 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 [ 268.440315][ C0] #6: ffff88801af14958 (sk_lock-AF_PHONET){+.+.}-{0:0}, at: phonet_rcv+0x781/0xc40 [ 268.440377][ C0] [ 268.440377][ C0] stack backtrace: [ 268.440403][ C0] CPU: 0 UID: 0 PID: 7212 Comm: syz.0.521 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 268.440435][ C0] Tainted: [L]=SOFTLOCKUP [ 268.440444][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 268.440464][ C0] Call Trace: [ 268.440476][ C0] [ 268.440485][ C0] dump_stack_lvl+0xe8/0x150 [ 268.440513][ C0] print_circular_bug+0x2e1/0x300 [ 268.440542][ C0] check_noncircular+0x12e/0x150 [ 268.440572][ C0] __lock_acquire+0x15a5/0x2d10 [ 268.440595][ C0] ? try_to_take_rt_mutex+0x840/0xb00 [ 268.440630][ C0] ? __sk_receive_skb+0x1bf/0x9e0 [ 268.440652][ C0] lock_acquire+0x106/0x350 [ 268.440672][ C0] ? __sk_receive_skb+0x1bf/0x9e0 [ 268.440698][ C0] ? sk_filter_trim_cap+0x8f1/0xce0 [ 268.440735][ C0] rt_spin_lock_nested+0x81/0x3f0 [ 268.440759][ C0] ? __sk_receive_skb+0x1bf/0x9e0 [ 268.440783][ C0] ? __pfx_sk_filter_trim_cap+0x10/0x10 [ 268.440821][ C0] ? __lock_acquire+0x6b5/0x2d10 [ 268.440842][ C0] ? __pfx_rt_spin_lock_nested+0x10/0x10 [ 268.440869][ C0] ? rt_spin_lock+0x1e0/0x400 [ 268.440895][ C0] __sk_receive_skb+0x1bf/0x9e0 [ 268.440923][ C0] pep_do_rcv+0x685/0xaa0 [ 268.440953][ C0] ? __pfx_pep_do_rcv+0x10/0x10 [ 268.440985][ C0] ? __pfx_pep_do_rcv+0x10/0x10 [ 268.441012][ C0] ? phonet_rcv+0x781/0xc40 [ 268.441037][ C0] __sk_receive_skb+0x962/0x9e0 [ 268.441065][ C0] phonet_rcv+0x781/0xc40 [ 268.441090][ C0] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 268.441127][ C0] ? __pfx_phonet_rcv+0x10/0x10 [ 268.441155][ C0] ? process_backlog+0x271/0xc60 [ 268.441178][ C0] ? process_backlog+0x271/0xc60 [ 268.441200][ C0] ? __pfx_phonet_rcv+0x10/0x10 [ 268.441227][ C0] process_backlog+0x5e1/0xc60 [ 268.441258][ C0] __napi_poll+0xab/0x550 [ 268.441281][ C0] net_rx_action+0x696/0xe00 [ 268.441311][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 268.441334][ C0] ? kvm_sched_clock_read+0x11/0x20 [ 268.441368][ C0] ? __pfx_sched_clock_cpu+0x10/0x10 [ 268.441396][ C0] ? enqueue_to_backlog+0x340/0xcb0 [ 268.441436][ C0] handle_softirqs+0x1de/0x6d0 [ 268.441471][ C0] __local_bh_enable_ip+0x170/0x2b0 [ 268.441503][ C0] netif_rx+0xb9/0xf0 [ 268.441533][ C0] pn_send+0x62a/0x8e0 [ 268.441561][ C0] pn_skb_send+0x218/0x530 [ 268.441588][ C0] pep_sock_close+0x2c1/0x5b0 [ 268.441618][ C0] pn_socket_release+0x9b/0xc0 [ 268.441641][ C0] __sock_release+0xb9/0x250 [ 268.441660][ C0] ? __pfx_sock_close+0x10/0x10 [ 268.441693][ C0] sock_close+0x1c/0x30 [ 268.441725][ C0] __fput+0x461/0xa70 [ 268.441754][ C0] task_work_run+0x1d9/0x270 [ 268.441780][ C0] ? __pfx_task_work_run+0x10/0x10 [ 268.441816][ C0] exit_to_user_mode_loop+0xed/0x4d0 [ 268.441849][ C0] ? rcu_is_watching+0x15/0xb0 [ 268.441875][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 268.441898][ C0] ? do_syscall_64+0x33e/0xf80 [ 268.441928][ C0] ? trace_irq_disable+0x3b/0x140 [ 268.441960][ C0] ? clear_bhb_loop+0x40/0x90 [ 268.441985][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 268.442016][ C0] [ 268.930747][ T61] Bluetooth: hci2: connection err: -111