last executing test programs: 12.401128608s ago: executing program 2 (id=358): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getpid() pipe2(&(0x7f00000000c0), 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r3 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f0000000400)={0x0, &(0x7f0000000140)=[0x0], &(0x7f0000000180)=[0x0], 0x0, 0x0, 0x1, 0x1}) ioctl$DRM_IOCTL_MODE_SETCRTC(r3, 0xc06864a2, &(0x7f00000002c0)={0x0, 0x0, r4, 0x0, 0x80, 0x5, 0x9, 0x0, {0x9, 0x1000, 0x101c, 0x10, 0x4, 0x401, 0x100, 0xa, 0x0, 0x52, 0x43, 0x7e9, 0x401, 0x9aa5, "cb630dab3a0338057401a192419598961f50dc45c87d55a52a28b8f01c0e0e7a"}}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r3, 0xc01864c6, &(0x7f00000003c0)={&(0x7f0000000280)=[r4, r5], 0x2}) 11.357637658s ago: executing program 2 (id=361): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r0 = socket(0x400000000010, 0x3, 0x0) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850) sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@gettfilter={0x24, 0x2e, 0x205, 0x70bd2c, 0x25dfdafc, {0x0, 0x0, 0x0, r3, {0xe, 0xc}, {0xfff1, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000801}, 0x24041080) 10.695119806s ago: executing program 2 (id=366): r0 = syz_usb_connect(0x3, 0x24, &(0x7f0000001940)=ANY=[@ANYBLOB="120100008d1e502039102021a70201020301090212000100bfc0000904"], 0x0) tgkill(0xffffffffffffffff, 0x0, 0x1e) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nbd(0x0, 0xffffffffffffffff) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f00000001c0)='usrquota') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='freezer.self_freezing\x00', 0x275a, 0x0) chdir(&(0x7f0000000140)='./file1\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) quotactl_fd$Q_GETINFO(r1, 0xffffffff80000501, 0x0, &(0x7f00000002c0)) syz_usb_disconnect(r0) r2 = syz_usb_connect$uac1(0x0, 0x71, &(0x7f0000000040)=ANY=[], 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x1) syz_usb_control_io$uac1(r2, &(0x7f0000000600)={0x14, 0x0, &(0x7f0000000480)={0x0, 0x3, 0x2, @string={0x2}}}, 0x0) 7.186043753s ago: executing program 3 (id=377): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getpid() pipe2(&(0x7f00000000c0), 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r3 = io_uring_setup(0x5f41, &(0x7f00000001c0)={0x0, 0x0, 0x2, 0x0, 0x400000}) r4 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000400)={0x0, &(0x7f0000000140)=[0x0], &(0x7f0000000180)=[0x0], 0x0, 0x0, 0x1, 0x1}) ioctl$DRM_IOCTL_MODE_SETCRTC(r4, 0xc06864a2, &(0x7f00000002c0)={0x0, 0x0, r5, 0x0, 0x80, 0x5, 0x9, 0x0, {0x9, 0x1000, 0x101c, 0x10, 0x4, 0x401, 0x100, 0xa, 0x0, 0x52, 0x43, 0x7e9, 0x401, 0x9aa5, "cb630dab3a0338057401a192419598961f50dc45c87d55a52a28b8f01c0e0e7a"}}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r4, 0xc01864c6, &(0x7f00000003c0)={&(0x7f0000000280)=[r5, r6], 0x2, 0x0, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_MODE_SETCRTC(r7, 0xc06864a2, &(0x7f0000000500)={0x0, 0x0, r5, 0x0, 0x0, 0x0, 0xffffffff, 0x9, {0x4000, 0x0, 0x3ceb, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0xfffe, 0x0, 0x0, 0x0, "b1eddb851ba63800d8730000000000000000000800"}}) close_range(r3, 0xffffffffffffffff, 0x0) timer_create(0x1, 0x0, &(0x7f0000bbdffc)) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r8 = io_uring_setup(0x3450, &(0x7f0000000080)={0x0, 0x1539, 0x0, 0x2}) io_uring_register$IORING_REGISTER_BUFFERS(r8, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) mremap(&(0x7f00003eb000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000003000/0x1000)=nil) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x12, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="05000000000000007111ae00000000008510000002000000850000000500000095000000000000009500a50500"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000140)={r9, 0x0, 0x29, 0x10, @void}, 0x10) mount_setattr(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, &(0x7f0000001dc0)={0x8c, 0x0, 0x20000}, 0x20) 7.065398989s ago: executing program 2 (id=380): r0 = syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x0) readv(r0, &(0x7f0000000340)=[{&(0x7f0000000000)=""/9, 0x9}], 0x1) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x124411, 0x0) 5.337566899s ago: executing program 3 (id=381): r0 = openat$panthor(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$DRM_IOCTL_VERSION(r0, 0xc0406400, 0x0) 5.112936653s ago: executing program 2 (id=384): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x400400, 0x0) r2 = syz_open_dev$dvb_frontend(0x0, 0x0, 0x40002) ioctl$FE_GET_EVENT(r2, 0x80286f4e, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r3 = socket$qrtr(0x2a, 0x2, 0x0) keyctl$search(0xa, 0x0, &(0x7f0000000240)='user\x00', 0x0, 0x0) connect$qrtr(r3, &(0x7f0000000200)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc) r4 = syz_io_uring_setup(0x498, &(0x7f0000000540)={0x0, 0x465e, 0x400, 0x3, 0x285, 0x0, r2}, &(0x7f00000004c0)=0x0, &(0x7f0000000480)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r3, 0x0, 0x0}) io_uring_enter(r4, 0x3498, 0x969, 0x0, 0x0, 0x0) socket$unix(0x1, 0x1, 0x0) ioctl$IOMMU_HWPT_GET_DIRTY_BITMAP(0xffffffffffffffff, 0x3b8c, 0x0) r7 = socket(0x10, 0x80805, 0x4) getsockopt$inet_sctp_SCTP_MAX_BURST(r7, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, 0x0) 5.065040523s ago: executing program 3 (id=386): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'rmd160-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000400)={0x0}, 0x1, 0x0, 0x0, 0x4011}, 0x40004) 4.773252315s ago: executing program 3 (id=390): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x48) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0x0, 0xffffffff}, 0x0) setxattr$system_posix_acl(0x0, &(0x7f0000000400)='system.posix_acl_access\x00', 0x0, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x14) sendmsg$inet(r3, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) 3.180440293s ago: executing program 0 (id=397): r0 = openat$panthor(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$DRM_IOCTL_VERSION(r0, 0xc0406400, 0x0) 3.067932114s ago: executing program 0 (id=398): r0 = socket$netlink(0x10, 0x3, 0x15) sendmsg$DEVLINK_CMD_SB_PORT_POOL_SET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[], 0x104}, 0x1, 0x0, 0x0, 0x20040890}, 0x200080c0) 3.000962993s ago: executing program 4 (id=399): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) syz_open_dev$radio(&(0x7f0000000000), 0x1, 0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x10, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="170100000000b2000500000000000000850000004700000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, 0x0, 0x10, 0x2}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) futex(0x0, 0x85, 0x0, 0x0, 0x0, 0xc5fffffd) creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb) gettid() r2 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, &(0x7f0000000140)={{0xbffffffd, 0x1, 0xffffffff, 0xfffffff8, 'syz1\x00', 0x20}, 0x2, 0x2, 0x5, 0x0, 0x0, 0x4ff, 'syz0\x00', 0x0}) sendmsg$IPCTNL_MSG_EXP_NEW(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={0x0, 0xd0}, 0x1, 0x0, 0x0, 0x20008004}, 0x4) 2.89781283s ago: executing program 0 (id=401): bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x5, &(0x7f0000000000)=@framed={{0xffffffb4, 0x8, 0x0, 0x0, 0x0, 0x73, 0x11, 0x33}, [@call={0xb7}, @exit={0x95, 0x0, 0xc2}], {0x95, 0x0, 0x1200}}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94) 2.847598977s ago: executing program 0 (id=403): r0 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x48200, 0x0) setresuid(0xee01, 0xee00, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x11) 2.344130064s ago: executing program 4 (id=405): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@local, 0x0, 0x5, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x7fffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000000}}}, 0xb8}}, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc000000190001002dbd70000000000064010100000000000000000000000000fc01000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000800000000000003000000000000000000000000000000fdfffffffbffffff0000000000000000ffffffffffffffff053b000000000000000000000000000002000000000000005600000000000000feffffffff7f40000200000000000008000000000000000001"], 0xfc}}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x20000845, &(0x7f0000b63fe4), 0x1c) getsockopt$inet6_buf(r1, 0x29, 0x18, 0x0, &(0x7f00000000c0)) 2.290716727s ago: executing program 0 (id=406): r0 = syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x0) readv(r0, &(0x7f0000000340)=[{0x0}, {&(0x7f0000000000)=""/9, 0x9}], 0x2) openat$sequencer2(0xffffffffffffff9c, 0x0, 0x124411, 0x0) 2.193359193s ago: executing program 4 (id=407): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000007c0)=@file={0x0, './file1/file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26}) r3 = socket$inet(0xa, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f00000002c0)=@mangle={'mangle\x00', 0x44, 0x6, 0x410, 0x2d8, 0x98, 0x2d8, 0x98, 0x138, 0x378, 0x378, 0x378, 0x378, 0x378, 0x6, 0x0, {[{{@ip={@loopback, @multicast1=0xe0007600, 0x0, 0x0, 'gre0\x00', 'ip6gre0\x00', {}, {}, 0x0, 0x0, 0x11}, 0x7a00, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@ip={@multicast1, @local, 0x0, 0x0, 'wg1\x00', 'nicvf0\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @local}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'vlan1\x00', 'nr0\x00'}, 0x0, 0xb8, 0x100, 0x0, {}, [@common=@unspec=@limit={{0x48}, {0x0, 0x28, 0x0, 0x0, 0x0, 0x1}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@private2, 'veth0_virt_wifi\x00', {0x7}}}}, {{@ip={@rand_addr, @private, 0xffffffff, 0xff, 'syzkaller0\x00', 'veth1_to_team\x00', {}, {0xff}}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @empty}}}, {{@ip={@empty, @empty, 0xff000000, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x1fb, 0x0, @loopback}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x470) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000000)={'syz_tun\x00', &(0x7f0000002fc0)=@ethtool_link_settings={0x4d, 0x80, 0x3, 0xf, 0xd, 0xf6, 0x4, 0x10, 0x9d, 0x4, [0x1, 0x4, 0x1, 0x468, 0x80, 0x3, 0x9, 0x80]}}) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043ef502"], 0xf8) bind$bt_l2cap(r4, &(0x7f00000002c0)={0x1f, 0x0, @any, 0x4}, 0xe) 1.339392486s ago: executing program 1 (id=413): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffd7a, &(0x7f0000000580)=0x8000000002) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0) renameat2(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x38011, r1, 0x0) read(r1, &(0x7f00000000c0)=""/163, 0xd0140f23) 1.307756232s ago: executing program 2 (id=414): syz_usb_connect(0x2, 0x24, &(0x7f0000000540)={{0x12, 0x1, 0x310, 0xb0, 0x67, 0x93, 0x40, 0x5ac, 0x240, 0xe482, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0xe, 0x4, 0x90, 0x4, "", [{{0x9, 0x4, 0xa9, 0x1, 0x0, 0x3, 0x87, 0x2, 0x4}}]}}]}}, 0x0) 1.245526605s ago: executing program 0 (id=415): r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x1, 0x0) syz_usb_disconnect(r0) syz_usb_connect$cdc_ecm(0x5, 0x56, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000020000102505a1a4400000000101090244000101000000090400001202060000052406000005240000000d240f00e50000008700060000090581030002"], 0x0) ioctl$EVIOCRMFF(r0, 0x4004550f, 0x0) 967.382937ms ago: executing program 1 (id=416): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1}) r0 = memfd_create(0x0, 0x4) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x200000f, 0x4002012, r0, 0x4000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000000)='nv', 0x2) add_key$user(0x0, 0x0, 0x0, 0x0, 0x0) pwrite64(0xffffffffffffffff, &(0x7f0000000140), 0x0, 0x8000c61) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a31000000001400078005001500070000000800124000000000050005000200000005000400000000000d000300686173683a"], 0x5c}}, 0x0) 957.210793ms ago: executing program 3 (id=417): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0, 0xa0}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000500)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) mlock(&(0x7f0000ffe000/0x1000)=nil, 0xffffffffdf001fff) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, &(0x7f0000000240)=0x6, 0x4) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x6, 0x0, 0x8100, 0x0, {0xc3}, {}, {0xe, 0x10}}, [@TCA_RATE={0x6, 0x5, {0x0, 0x9e}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x11, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}, {0x6, 0x1b, [0x0]}}]}]}, 0x54}}, 0x4c014) 956.756912ms ago: executing program 4 (id=418): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@local, 0x0, 0x5, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x7fffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000000}}}, 0xb8}}, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc000000190001002dbd70000000000064010100000000000000000000000000fc01000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000800000000000003000000000000000000000000000000fdfffffffbffffff0000000000000000ffffffffffffffff053b000000000000000000000000000002000000000000005600000000000000feffffffff7f40000200000000000008000000000000000001"], 0xfc}}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x20000845, &(0x7f0000b63fe4), 0x1c) getsockopt$inet6_buf(r1, 0x29, 0x18, 0x0, &(0x7f00000000c0)) 349.260056ms ago: executing program 1 (id=419): prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r2 = dup(r1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r2, 0x3554000) 268.958857ms ago: executing program 1 (id=420): mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000080)=0x3) ioctl$TIOCSLCKTRMIOS(0xffffffffffffffff, 0x80047456, &(0x7f00000010c0)) 243.500467ms ago: executing program 4 (id=421): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f00000000c0)=0xa, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth0\x00', 0x0}) sendto$packet(r0, &(0x7f00000001c0)="10031400e4ff020002004788aa96a1001000001100007fcafa68b75b560f", 0x1e, 0x0, &(0x7f0000000240)={0x11, 0x1a, r1, 0x1, 0x53}, 0x14) 136.210691ms ago: executing program 3 (id=422): r0 = socket$netlink(0x10, 0x3, 0x15) sendmsg$DEVLINK_CMD_SB_PORT_POOL_SET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB], 0x104}, 0x1, 0x0, 0x0, 0x20040890}, 0x200080c0) 85.047387ms ago: executing program 1 (id=423): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, 0x0, 0x0) 11.782231ms ago: executing program 1 (id=424): openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x40200, 0x24) socket$inet6_mptcp(0xa, 0x1, 0x106) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) getsockopt$ax25_int(0xffffffffffffffff, 0x101, 0x7, &(0x7f00000002c0), 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmmsg$unix(r0, 0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) socket(0x10, 0x3, 0x0) sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) socket(0x10, 0x803, 0x0) r3 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r3, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000001200)=ANY=[@ANYBLOB="61128c00000000006113300000000000bf300000000000002500070007ffffffbd0201000000000095002000000000006916320000000000bf6700000000000004070000b964b01a4607feff00200000540700000ee60090bf050000000000000c5700000000000065070000d23700002c030000000000001f75000000000000bf54000000000000070000000400f9ffad430100000000007c000000000000000500000000000000950000000000000032ed3c5be95e5db67754bb12dc8c4ed68ecf264e0f84f9f17d3c30e3c7bdd2d17f2f175455000078af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd390700000500000000f18c30907d7bee45a0100000fe9de56c9d05000000c6c60bef0d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cac3f055af65727546e7c955ccefa1f6ab689ffffff7f63ede202fa4e0a2127b8b83c71a51445dc8dfd13ff15f852a39e5b2ab7bcb8f512036a5ba6d04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6901fcecc8158f0200000000c8fb735fd552bdc268694aeb0763f65e439ec1120843e326c819b6cf5c8ac86f8a297dff0445a13d0045fb3cda30a673a6037ed8c85f21ec2c081bdce431e56723888fb126a19bc1172b84b3ebe174aba210d739a018f9bbec63222d20cecac4d03723f1c921b5bbf7949632cacfdd32b3a6aa57f1ad2e99e0e67a993716dbf580469f0f53acbb400001e3abd5dedd3f7d2cf5834f2af97787f696649a46e17e090000000000000045eac1720e83b7838e3eede14308d582685e1becd6f35154bcb400000000000000000000008129277dc467148670ad3e2b26539cebca8f4ddc211bc3ccf0bd9d42ca019dd5d022cf74686e9fbe2562979eaed840a7afaab43176e65ec1118d46d1e827f3472f4445d353887a5ad103649afa1769080584f800031e03a651bb04000000ab04871bc47287cd31cc43ea0ffb567b4040c1458d0320ce7d0000413a0000000000000000005f37983f84e98a523d80bd56a57fa82b82f639601ae899a559944cb9a62a29ab028acfc1cb26a0f6a5480a55d624a0c544ba0dc828c22fe30000aa391598000000437d57fcf8295f63a70837f5cd4e5e77964522dc7ca3aa3476b7f2d851d27fd4de6eabb43e0799dc8d9fb7dc6c523ffbd74a6a40e4acb1ac872ade9d1f2ab779b8dbe843aeeda0426c767c00327b8c95b2bb6ddb55117669d9598c0f3598073f3a921c76beceff7e4fbfea5011db9020823b83abe54346c7af0a99fa077ffe7000feb9e44023a1749eb1d0d572b77d6e0d0fcd74031c8ef2629f5ecff4626746d6abe98a255e92c3c4f79bfcd0d91741380000cfeb73dec68ed56b5d3dfdf0cb8b71ad79000000000000000000000000000000dd434a25e95d0ec29d3adaccf89d0888031ecdfdb4dfbe444673be099ece7e4009c76c7108ef0a7e59fd6d906fbc3c9b412e0478cfee4485f423c63f49db43833c92eeeb647cebd4d7a93a17bcbb6bae5ff876375d4fe39cc2d292691672cc18ca372104ceb83a35ecedd97fc191d8f64d2b1d60c6d12911aada66c26aa4802c3514c3d92ec905000000b13f14c3f2ed6c64ec90000022d600000000000000000000028026b80c3899543223a6079ee96198b9a326db3be3a48af415ca28ca51c502550044ed8e29af8d763ef9b1f31befcad2ce5394601c7cdc233ba3d4ce26ed703dcb9fb3ad650f77e339768924dfdbeead13b88371154d743544a6091ec93e0d3fd5b4dc42911c17d51f964727bfd5cc5ba15370f6e1141d2271eded0b15e4316a1e4623272beb249a0928c417720be14c898f397411c88a7bcf3df46ab3efe7cd5e160c2afd3cc945f75011a102d952c7ad17a58d9be6910023a26faea764fae160cc2260bd028162917807ce89e11b5f261052ee0dde18efa1d802af2b7beecaaa61e7a726571df5cf6f8af41933cea0d0343261bccf64ca1c81045153eafbefdb91fbdff9ee3307d4a1837963b2dc2a3698d90e7915b098f19392e792adaea86052f4e948184001b6494e906925a092483adc7e9c8f7a29d226763c100aecae7f00619c36bceb9fb6dd7e55487d8485e498fdfc377fd3d266d21d46ab2f6b2ce22cd0aebba9b0ffbfe8ec3143c3734967c90b16ebbeeae1ce2baaae05aed6bf0f40c8a323f9235dc99698bd0b800067a901a79daada03cc77e74feb98b1586946b452764ff917a8ecc10e529c5bea49cad70e22df522c2803b6ef65df70223c6e22c3433e322d8dbd6e9b040065a9d6b3d5ae276cffe935d559bea88e1aa36b4e6c19e78457904297e77370e013b705a96548d47c609a93c45f4d1382b39c05dcc07d5b49ad75ddb3ce5b5b9416e03995da046c7aa5e6fc1a6f5d663380967ccef9de49a90ced031335e3219ebd9d06c257a50497ec523f5ff7361261ccfe239d603364a42e2e81fc068fcbb9792b673827fe7018a988fbce55bb74cdb327ce27e134548032a307871cea4c89d4b77b8743fb3cb72cc280b9f62e4f92f46a19600b802cba88b7d0a938d9e0e6cfe5d66b8748d004179e5b6025c0e1050faec7ecd9de190a975db2f8c06a551236278c4766d7e22e3b85168c9851de6266c791252f919b4f8b25055e786734e5142e4666c67aef5b7b2f88c6640995434aa8636993089c73f196c54ae829ad4307132655b075ae534fa7f1ea9a17e62357b0bd2bd1d62d34bfc136464025013665b1cf26a863a5cb3e8acc806611792add8254e705fefd2a44d5b15e3b36f6b75c97c9c04c511d8cf9e24c61c8284a913a381cb1a56c4f3f265a09628878040000000000000017b68afd95d4abd79286692439ee7acca2adc3d83d72b1b778e30c2bf2efbbcd054cf51f5705eb0faa8a0d9f18135cb1d8d567c3436fa697b72c5035d98b9e4f7f3379c0b3339debc78352b2e65299223d7ef2bd540e78167a3ac92a4c4f826f6d0e5c4ebf4f7a70c03e2f5ddbebf168586331eb5995d2288a167b7c6b20b32116b0c528dab6d0c4fe2ee402348104bc5d4012babedee898c6d3e1017be2e9bc759d3ab4d615f5000000000000000000000000000000000000000000007fff0000000000e693e314adf7dc9f517d04f1e6ca367d30d31d3647c6059db6e1e9529eb1623ef99e2d9ac2ab4872f8e784b07a31110bef6d000000a6f9e89e6d50ee06ce716f94da60f1f22db669560d296287c13c92070000ee7553eb2df17a39542fa88d09f000e88a90cf4406b9000000000000000000000000f441d6a6f516c235c6f5863e7f454ee0e16b9aa2593eb31fa3836703e7765aaeb77a8770e518efaa6d3dd85e03b3b133eb749057cea9af75a0e6f633532f2891b8e263cb6eecea691842827bc7c887081c8d320642389f5f0c42dba0ff75a257310f2d92cb1d1e16468949f5675262ee6609cf26ae4a8f5eac0ebf318e735930b01d8f586e34537bcff7d6196f494cdcf3a712078d745db0f5687a78ee6d000b3d171a0f08299b52d207f32e9da311ca090000003a42732808515eec574f892622c5be497fc3d9ca122d7c18b9e54637812c8debc61f0e42d838e44a819b74bce1a56108bb0f72c4a02475920532309c55b2c9ae9f281391ec5cc72a5e94cca1cbf1a706ec201eedfa5fbdb537a0c52bd45a9f966c25616cec30c3ea3246cb8e6aac7cf273638e6656a3e4ccadc348f0172028c99cc5f6d5c6d09ed65aa54549e73c28b7c8ad06ad3c5e3c27eec0eff1a6c84f1189919eefcee8072d1f88cb781e4cdb04af00ac92f1080211c4bee74381a0e31021918f27863fdbafb50f70857d52a1f7df51935a80b1980a4778d35f183ea517f55a98c5a471f3521956f8da6a4ccf2071095305701ab3f3ae43f06e91bc7d85e3800b46926944fba9805a985e63e53a62232fcd3f01dbe1728f300e247a7ebe344f9749818ff3961b2a42664ccd680a90bbb6ab400e286acc8f9febef64594777f848ed1cf980a3da2f0f7745760a05887d0c28060d613dd6539d392fc21fee0b5131609664b821d7a994e6c5965a4fa1ec1790c54e54586907dcc5a071ba22251e2de8bac16e79da9c2444d52facb7ab49420900000000000000f888a94365b99b72796fde1b922fc9ae09b526efca65faf1546c17cbb1d2d2fd12cb1a49cad501a3ca218c595b667b634606c57987ebfb0783a4948e4561d5cda158fe74453ff4a837be14d6a483842c57d6005b544b4f80003386edfd3d4a88a667bd41eefe0d808abed08a29e6bc370a80cc0366fb4080bfbaaa946fd47ab662c79c846e403910bbc3a48bb276cbb08a8eab145c06221ef16a238e3d50ad18aea9a2cec97d3c2d0569caabe2bffe02506bc9cb7294c5d020536dd5e7a6351642112df3b55d0215aaec7e45598995e79699e47567e353e68b03f82be860b188554b734e1192f9c1a867b815ef52cdc3307c0cc9be0000fdde69c350e59f11f1d26a4d04d8c8b2c4a4d23ee931d14bc7807db773a614b670acf46f83f7c65a0f8d43c5f647e1f0d27c46d4b686e867e9b0be76a7978a8f962bb5a070df97f2bf7612115cfe5ebdc7ad0bc5a5f3ace25347d0e5c347279d55aa67a967380000000000000000000000000000000000000000000000ed0942d980c754c6c69ef65c375ad018824f78b260d5f51bc3feba504408a8c8141d84f3f417603b5081680faa8cf38dbe4ae19e936511966965ce268b6345a0001c0f26a32e0a999fc869292e939dcf89b9bfd794f9c12d41959a00688cca43015a9eec58f647796adea520cd2abeb0b55c22949d10e5a05fee4543fdc1e02554a55b5fef2427a6e5708edc38fac53c2f961945a3f83cdf01979939b49bc6b1aef8c733401bbe473de8d64efbe0d123739f387d1c0d9e74f2175c174ada1678c7db79492e8dd0f34e2ccf419cf7f14ffa408b50a52685b36aed14aa22ad928191d5a2697646edc52a1c0c5d720ae690add2b34aed161f51cc1cb424f76098e1e1921e5a405f9d298a8461f2da30e47b7c6ed7c95c84c745f58723e4cddffae3b53b5b947f9435e589f9ae55b30ecd3827b2de5df31976870823da8058c2538c04e397f3d0ef90c11c74da984fa558697ecb57224ce8fa6f79aadbd7dbf3678e74d790bc2ee72769a3ada1dd504f8e4133ce1effd446bc9a2f139e65cc4bd83912af3122352506c7c2191b3705113a5ce1c99193886d6008d3565b00000000000000000000000000000000001c260fc175785ca04e31790f542c0f17b6599e93134792eae9878638b299e1d2b38d367be0d5c99d179c6bde265caebbae48bae74338f9d4f12f"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffe50}, 0x48) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x66) 0s ago: executing program 4 (id=425): socket$nl_netfilter(0x10, 0x3, 0xc) syz_open_dev$radio(&(0x7f0000000000), 0x1, 0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x10, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="170100000000b2000500000000000000850000004700000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, 0x0, 0x10, 0x2}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb) gettid() r1 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) readv(r1, &(0x7f00000006c0)=[{&(0x7f0000002480)=""/4110, 0x48}], 0x1) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0xc1105517, &(0x7f0000000140)={{0xbffffffd, 0x1, 0xffffffff, 0xfffffff8, 'syz1\x00', 0x20}, 0x2, 0x2, 0x5, 0x0, 0x0, 0x4ff, 'syz0\x00', 0x0}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.162' (ED25519) to the list of known hosts. [ 72.131197][ T5785] cgroup: Unknown subsys name 'net' [ 72.372305][ T5785] cgroup: Unknown subsys name 'cpuset' [ 72.437953][ T5785] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 74.017778][ T5785] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 76.295319][ T5803] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 76.297242][ T5805] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 76.308220][ T5803] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 76.310011][ T5803] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 76.311066][ T5803] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 76.311849][ T5803] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 76.335815][ T5803] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 76.336780][ T5803] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 76.338379][ T5803] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 76.339344][ T5803] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 76.388319][ T60] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 76.391783][ T60] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 76.399846][ T60] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 76.403394][ T60] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 76.404438][ T60] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 76.428453][ T5803] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 76.429703][ T5803] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 76.430374][ T5803] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 76.438299][ T5803] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 76.439960][ T5803] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 76.476235][ T60] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 76.478555][ T60] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 76.491961][ T60] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 76.506790][ T60] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 76.519553][ T60] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 77.133335][ T5797] chnl_net:caif_netlink_parms(): no params data found [ 77.205260][ T5806] chnl_net:caif_netlink_parms(): no params data found [ 77.274423][ T5798] chnl_net:caif_netlink_parms(): no params data found [ 77.304943][ T5807] chnl_net:caif_netlink_parms(): no params data found [ 77.463434][ T5811] chnl_net:caif_netlink_parms(): no params data found [ 77.513204][ T5797] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.513288][ T5797] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.513563][ T5797] bridge_slave_0: entered allmulticast mode [ 77.515123][ T5797] bridge_slave_0: entered promiscuous mode [ 77.578240][ T5797] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.578347][ T5797] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.578495][ T5797] bridge_slave_1: entered allmulticast mode [ 77.580181][ T5797] bridge_slave_1: entered promiscuous mode [ 77.624837][ T5806] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.624948][ T5806] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.625047][ T5806] bridge_slave_0: entered allmulticast mode [ 77.626391][ T5806] bridge_slave_0: entered promiscuous mode [ 77.684875][ T5806] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.684988][ T5806] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.685145][ T5806] bridge_slave_1: entered allmulticast mode [ 77.686828][ T5806] bridge_slave_1: entered promiscuous mode [ 77.735555][ T5798] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.735668][ T5798] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.736131][ T5798] bridge_slave_0: entered allmulticast mode [ 77.738313][ T5798] bridge_slave_0: entered promiscuous mode [ 77.771555][ T5797] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.771769][ T5807] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.771895][ T5807] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.772037][ T5807] bridge_slave_0: entered allmulticast mode [ 77.773563][ T5807] bridge_slave_0: entered promiscuous mode [ 77.775091][ T5798] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.775200][ T5798] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.775715][ T5798] bridge_slave_1: entered allmulticast mode [ 77.777078][ T5798] bridge_slave_1: entered promiscuous mode [ 77.825914][ T5797] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.830107][ T5807] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.842144][ T5807] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.842289][ T5807] bridge_slave_1: entered allmulticast mode [ 77.843701][ T5807] bridge_slave_1: entered promiscuous mode [ 77.892608][ T5806] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.942249][ T5806] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.981083][ T5798] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.002438][ T5811] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.002554][ T5811] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.002663][ T5811] bridge_slave_0: entered allmulticast mode [ 78.004078][ T5811] bridge_slave_0: entered promiscuous mode [ 78.033878][ T5797] team0: Port device team_slave_0 added [ 78.036710][ T5807] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.053915][ T5798] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.069011][ T5811] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.069146][ T5811] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.069658][ T5811] bridge_slave_1: entered allmulticast mode [ 78.071137][ T5811] bridge_slave_1: entered promiscuous mode [ 78.073591][ T5797] team0: Port device team_slave_1 added [ 78.075439][ T5807] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.359178][ T60] Bluetooth: hci0: command tx timeout [ 78.359420][ T5803] Bluetooth: hci1: command tx timeout [ 78.394657][ T5806] team0: Port device team_slave_0 added [ 78.437472][ T5803] Bluetooth: hci2: command tx timeout [ 78.443902][ T5806] team0: Port device team_slave_1 added [ 78.484772][ T5798] team0: Port device team_slave_0 added [ 78.501564][ T5811] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.502705][ T5797] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.502715][ T5797] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.502728][ T5797] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.505706][ T5807] team0: Port device team_slave_0 added [ 78.509833][ T5798] team0: Port device team_slave_1 added [ 78.517458][ T5803] Bluetooth: hci3: command tx timeout [ 78.533190][ T5811] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.534480][ T5797] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.534492][ T5797] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.534516][ T5797] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.538497][ T5807] team0: Port device team_slave_1 added [ 78.557023][ T5806] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.557037][ T5806] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.557059][ T5806] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.597669][ T5803] Bluetooth: hci4: command tx timeout [ 78.631625][ T5806] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.631641][ T5806] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.631663][ T5806] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.675935][ T5798] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.675951][ T5798] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.675971][ T5798] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.694957][ T5811] team0: Port device team_slave_0 added [ 78.696855][ T5807] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.696868][ T5807] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.696890][ T5807] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.700038][ T5798] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.700051][ T5798] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.700074][ T5798] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.725538][ T5811] team0: Port device team_slave_1 added [ 78.739943][ T5807] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.739958][ T5807] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.739981][ T5807] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.819423][ T5797] hsr_slave_0: entered promiscuous mode [ 78.820923][ T5797] hsr_slave_1: entered promiscuous mode [ 78.887147][ T5811] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.887161][ T5811] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.887182][ T5811] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.900760][ T5806] hsr_slave_0: entered promiscuous mode [ 78.901970][ T5806] hsr_slave_1: entered promiscuous mode [ 78.902977][ T5806] debugfs: 'hsr0' already exists in 'hsr' [ 78.903083][ T5806] Cannot create hsr debugfs directory [ 78.925960][ T5811] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.925975][ T5811] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.925997][ T5811] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.973186][ T5798] hsr_slave_0: entered promiscuous mode [ 78.974351][ T5798] hsr_slave_1: entered promiscuous mode [ 78.975163][ T5798] debugfs: 'hsr0' already exists in 'hsr' [ 78.975183][ T5798] Cannot create hsr debugfs directory [ 79.033716][ T5807] hsr_slave_0: entered promiscuous mode [ 79.035623][ T5807] hsr_slave_1: entered promiscuous mode [ 79.036447][ T5807] debugfs: 'hsr0' already exists in 'hsr' [ 79.036477][ T5807] Cannot create hsr debugfs directory [ 79.585440][ T5811] hsr_slave_0: entered promiscuous mode [ 79.586226][ T5811] hsr_slave_1: entered promiscuous mode [ 79.586718][ T5811] debugfs: 'hsr0' already exists in 'hsr' [ 79.586739][ T5811] Cannot create hsr debugfs directory [ 80.098184][ T5797] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 80.159302][ T5797] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 80.203815][ T5797] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 80.251435][ T5797] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 80.351525][ T5806] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 80.372758][ T5806] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 80.415169][ T5806] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 80.437531][ T60] Bluetooth: hci0: command tx timeout [ 80.437663][ T5803] Bluetooth: hci1: command tx timeout [ 80.475110][ T5806] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 80.517513][ T5803] Bluetooth: hci2: command tx timeout [ 80.585476][ T5798] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 80.607653][ T5803] Bluetooth: hci3: command tx timeout [ 80.631135][ T5798] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 80.675370][ T5798] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 80.677746][ T5803] Bluetooth: hci4: command tx timeout [ 80.724350][ T5798] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 80.829053][ T5807] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 80.872683][ T5807] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 80.904088][ T5807] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 80.959033][ T5807] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 81.065849][ T5797] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.106288][ T5811] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 81.142115][ T5811] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 81.175461][ T5811] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 81.220867][ T5811] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 81.273996][ T5797] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.302933][ T1509] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.303686][ T1509] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.336601][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.337217][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.357020][ T5806] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.431723][ T5806] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.467070][ T5798] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.487428][ T1384] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.487994][ T1384] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.520591][ T1384] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.520705][ T1384] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.586152][ T5798] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.599469][ T5807] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.627173][ T1509] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.630086][ T1509] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.664074][ T31] cfg80211: failed to load regulatory.db [ 81.733308][ T1384] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.733450][ T1384] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.786383][ T5807] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.840789][ T93] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.840915][ T93] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.873663][ T5811] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.905754][ T1509] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.905978][ T1509] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.052263][ T5811] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.113495][ T173] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.114527][ T173] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.155582][ T1544] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.155721][ T1544] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.179966][ T5797] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.455287][ T5806] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.518856][ T60] Bluetooth: hci0: command tx timeout [ 82.518939][ T5803] Bluetooth: hci1: command tx timeout [ 82.557062][ T5797] veth0_vlan: entered promiscuous mode [ 82.597492][ T5803] Bluetooth: hci2: command tx timeout [ 82.624251][ T5797] veth1_vlan: entered promiscuous mode [ 82.650418][ T5798] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.679501][ T5803] Bluetooth: hci3: command tx timeout [ 82.760383][ T5803] Bluetooth: hci4: command tx timeout [ 82.785498][ T5806] veth0_vlan: entered promiscuous mode [ 82.787111][ T5797] veth0_macvtap: entered promiscuous mode [ 82.810809][ T5797] veth1_macvtap: entered promiscuous mode [ 82.816064][ T5811] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.861816][ T5806] veth1_vlan: entered promiscuous mode [ 82.900699][ T5807] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.915419][ T5797] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.922487][ T5798] veth0_vlan: entered promiscuous mode [ 82.945782][ T5797] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.978463][ T5798] veth1_vlan: entered promiscuous mode [ 82.994210][ T93] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.999107][ T93] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.000431][ T93] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.003259][ T93] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.084287][ T5806] veth0_macvtap: entered promiscuous mode [ 83.152085][ T5806] veth1_macvtap: entered promiscuous mode [ 83.255299][ T5807] veth0_vlan: entered promiscuous mode [ 83.264554][ T5798] veth0_macvtap: entered promiscuous mode [ 83.304023][ T5798] veth1_macvtap: entered promiscuous mode [ 83.311546][ T5806] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.323959][ T1384] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.323983][ T1384] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.343698][ T5807] veth1_vlan: entered promiscuous mode [ 83.359643][ T5806] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.404703][ T1384] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.417546][ T1384] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.421052][ T1384] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.422909][ T173] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.422925][ T173] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.426552][ T5798] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.448713][ T1384] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.516653][ T5798] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.598760][ T5811] veth0_vlan: entered promiscuous mode [ 83.599772][ T1001] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.623307][ T1001] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.689727][ T1001] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.701740][ T1001] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.772927][ T5807] veth0_macvtap: entered promiscuous mode [ 83.779456][ T5811] veth1_vlan: entered promiscuous mode [ 83.873810][ T5807] veth1_macvtap: entered promiscuous mode [ 83.895634][ T1509] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.895653][ T1509] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.122217][ T5807] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.176745][ T5807] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.193414][ T173] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.193433][ T173] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.223334][ T5811] veth0_macvtap: entered promiscuous mode [ 84.241618][ T93] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.242460][ T93] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.244178][ T93] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.256835][ T5811] veth1_macvtap: entered promiscuous mode [ 84.277845][ T93] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.288653][ T1509] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.288673][ T1509] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.429770][ T5811] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.551170][ T5811] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.573750][ T5928] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 84.608628][ T5803] Bluetooth: hci1: command tx timeout [ 84.608658][ T5803] Bluetooth: hci0: command tx timeout [ 84.630342][ T1544] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.630358][ T1544] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.650331][ T173] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.656119][ T173] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.656178][ T173] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.656216][ T173] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.677395][ T60] Bluetooth: hci2: command tx timeout [ 84.757707][ T60] Bluetooth: hci3: command tx timeout [ 84.837469][ T60] Bluetooth: hci4: command tx timeout [ 84.911363][ T1001] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.911384][ T1001] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.357398][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 85.357458][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 85.517353][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 85.527345][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 85.537327][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 85.547333][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 85.557339][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 85.567336][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 85.577328][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 85.587333][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 86.755124][ T1001] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.755138][ T1001] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.066399][ T1001] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.066413][ T1001] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.297190][ T1384] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.297208][ T1384] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.459916][ T5971] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 93.005617][ T5995] openvswitch: netlink: ufid size 20 bytes exceeds the range (1, 16) [ 93.005857][ T5995] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 94.049216][ T6005] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 94.054823][ T6005] netlink: 'syz.4.31': attribute type 2 has an invalid length. [ 95.927976][ T10] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 96.119039][ T10] usb 1-1: Using ep0 maxpacket: 8 [ 96.142844][ T10] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 96.142874][ T10] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 96.142896][ T10] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 96.142917][ T10] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 96.142959][ T10] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 96.142979][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 96.599774][ T10] usb 1-1: GET_CAPABILITIES returned 0 [ 96.599815][ T10] usbtmc 1-1:16.0: can't read capabilities [ 97.416510][ T10] usb 1-1: USB disconnect, device number 2 [ 99.868492][ T6063] 9pnet_fd: Insufficient options for proto=fd [ 100.072586][ T6070] process 'syz.1.52' launched './file0' with NULL argv: empty string added [ 102.016133][ T6091] netlink: 32 bytes leftover after parsing attributes in process `syz.0.61'. [ 102.016361][ T6091] netlink: 32 bytes leftover after parsing attributes in process `syz.0.61'. [ 102.016481][ T6091] Zero length message leads to an empty skb [ 106.436570][ T6138] netlink: 32 bytes leftover after parsing attributes in process `syz.4.76'. [ 106.436786][ T6138] netlink: 32 bytes leftover after parsing attributes in process `syz.4.76'. [ 107.105295][ T6149] Bluetooth: MGMT ver 1.23 [ 108.323870][ T5915] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 108.487424][ T5915] usb 3-1: Using ep0 maxpacket: 8 [ 108.489599][ T5915] usb 3-1: config 6 has an invalid interface number: 220 but max is 0 [ 108.489624][ T5915] usb 3-1: config 6 has no interface number 0 [ 108.489653][ T5915] usb 3-1: config 6 interface 220 has no altsetting 0 [ 108.492526][ T5915] usb 3-1: New USB device found, idVendor=174f, idProduct=5212, bcdDevice=40.10 [ 108.492552][ T5915] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 108.492570][ T5915] usb 3-1: Product: syz [ 108.492582][ T5915] usb 3-1: Manufacturer: syz [ 108.492594][ T5915] usb 3-1: SerialNumber: syz [ 109.708728][ T6175] netlink: 32 bytes leftover after parsing attributes in process `syz.3.91'. [ 109.708893][ T6175] netlink: 32 bytes leftover after parsing attributes in process `syz.3.91'. [ 110.370011][ T5915] uvcvideo 3-1:6.220: Found multiple Units with ID 4 [ 110.384489][ T5915] uvcvideo 3-1:6.220: Found Unit with invalid ID 0 [ 110.387500][ T5915] uvcvideo 3-1:6.220: Found UVC 7.ff device syz (174f:5212) [ 110.387594][ T5915] uvcvideo 3-1:6.220: No valid video chain found. [ 110.433764][ T5915] usb 3-1: USB disconnect, device number 2 [ 112.321808][ T6221] netlink: 32 bytes leftover after parsing attributes in process `syz.0.104'. [ 112.321998][ T6221] netlink: 32 bytes leftover after parsing attributes in process `syz.0.104'. [ 121.219259][ T60] Bluetooth: hci2: unknown advertising packet type: 0x75 [ 121.219301][ T60] Bluetooth: hci2: Malformed LE Event: 0x02 [ 121.641625][ T10] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 123.147138][ T6313] overlayfs: failed to resolve './file1': -2 [ 123.280148][ T10] usb 4-1: Using ep0 maxpacket: 8 [ 123.284906][ T10] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 123.284923][ T10] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 123.284934][ T10] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 123.284945][ T10] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 123.284967][ T10] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 123.284978][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.529623][ T10] usb 4-1: usb_control_msg returned -32 [ 123.529651][ T10] usbtmc 4-1:16.0: can't read capabilities [ 123.574903][ T10] usb 4-1: USB disconnect, device number 2 [ 126.694716][ T60] Bluetooth: hci2: unknown advertising packet type: 0x75 [ 126.694757][ T60] Bluetooth: hci2: Malformed LE Event: 0x02 [ 127.693026][ T6343] overlayfs: failed to resolve './file1': -2 [ 128.837710][ T6350] Falling back ldisc for ttyS3. [ 131.487483][ T5812] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 131.566863][ T6369] Invalid source name [ 131.657470][ T5812] usb 5-1: Using ep0 maxpacket: 16 [ 131.674472][ T5812] usb 5-1: New USB device found, idVendor=041e, idProduct=4018, bcdDevice=ed.b4 [ 131.674499][ T5812] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 131.674516][ T5812] usb 5-1: Product: syz [ 131.674528][ T5812] usb 5-1: Manufacturer: syz [ 131.674540][ T5812] usb 5-1: SerialNumber: syz [ 131.743313][ T5812] usb 5-1: config 0 descriptor?? [ 131.779919][ T5812] gspca_main: spca508-2.14.0 probing 041e:4018 [ 131.953768][ T60] Bluetooth: hci0: unknown advertising packet type: 0x75 [ 131.955449][ T60] Bluetooth: hci0: Malformed LE Event: 0x02 [ 132.295529][ T5812] gspca_spca508: reg_read err -32 [ 132.344508][ T5812] gspca_spca508: reg_read err -32 [ 132.367672][ T5812] gspca_spca508: reg_read err -32 [ 132.597012][ T6380] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 132.706837][ T6380] openvswitch: netlink: Missing key (keys=2020040, expected=100) [ 133.461950][ T5812] gspca_spca508: reg_read err -110 [ 133.461957][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.462331][ T5812] gspca_spca508: reg write: error -32 [ 133.462413][ T5812] spca508 5-1:0.0: probe with driver spca508 failed with error -32 [ 133.604143][ T5882] usb 5-1: USB disconnect, device number 2 [ 134.214440][ T6382] overlayfs: failed to resolve './file1': -2 [ 137.092009][ T6402] netlink: 28 bytes leftover after parsing attributes in process `syz.2.163'. [ 137.272299][ T6406] netlink: 'syz.0.165': attribute type 2 has an invalid length. [ 137.366425][ T60] Bluetooth: hci1: unknown advertising packet type: 0x75 [ 137.366465][ T60] Bluetooth: hci1: Malformed LE Event: 0x02 [ 141.592232][ T6430] workqueue: Failed to create a rescuer kthread for wq "xfs-buf/nullb0": -EINTR [ 143.115181][ T60] Bluetooth: hci2: unknown advertising packet type: 0x75 [ 143.115234][ T60] Bluetooth: hci2: Malformed LE Event: 0x02 [ 147.951582][ T6471] workqueue: Failed to create a rescuer kthread for wq "xfs-reclaim/nullb0": -EINTR [ 149.583708][ T6494] usb usb8: usbfs: interface 0 claimed by hub while 'syz.4.194' sets config #27 [ 153.450099][ T5812] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 153.457500][ T5881] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 157.367542][ T5809] usb 5-1: new full-speed USB device number 3 using dummy_hcd [ 157.530255][ T5809] usb 5-1: unable to get BOS descriptor or descriptor too short [ 157.531009][ T5809] usb 5-1: not running at top speed; connect to a high speed hub [ 157.532491][ T5809] usb 5-1: config 14 has an invalid interface number: 169 but max is 0 [ 157.532512][ T5809] usb 5-1: config 14 has no interface number 0 [ 157.532540][ T5809] usb 5-1: config 14 interface 169 has no altsetting 0 [ 157.535810][ T5809] usb 5-1: New USB device found, idVendor=05ac, idProduct=0240, bcdDevice=e4.82 [ 157.535834][ T5809] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 157.535851][ T5809] usb 5-1: Product: syz [ 157.535863][ T5809] usb 5-1: Manufacturer: syz [ 157.535875][ T5809] usb 5-1: SerialNumber: syz [ 158.703558][ T6575] workqueue: Failed to create a rescuer kthread for wq "xfs-buf/nullb0": -EINTR [ 158.955602][ T5809] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:14.169/input/input5 [ 159.191716][ T5152] bcm5974 5-1:14.169: could not read from device [ 159.318068][ T6586] netlink: 68 bytes leftover after parsing attributes in process `syz.3.226'. [ 159.344626][ T5152] bcm5974 5-1:14.169: could not read from device [ 159.379296][ T5809] usb 5-1: USB disconnect, device number 3 [ 159.757426][ T5859] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 159.913288][ T5859] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 159.913374][ T5859] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 159.913412][ T5859] usb 4-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af [ 159.913431][ T5859] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 159.930857][ T5859] usb 4-1: config 0 descriptor?? [ 160.357193][ T5859] playstation 0003:054C:0DF2.0001: unknown main item tag 0x0 [ 160.357230][ T5859] playstation 0003:054C:0DF2.0001: unknown main item tag 0x0 [ 160.357255][ T5859] playstation 0003:054C:0DF2.0001: unknown main item tag 0x0 [ 160.400128][ T5859] playstation 0003:054C:0DF2.0001: unknown main item tag 0x0 [ 160.400162][ T5859] playstation 0003:054C:0DF2.0001: unknown main item tag 0x0 [ 160.441422][ T5859] playstation 0003:054C:0DF2.0001: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.3-1/input0 [ 160.900427][ T5859] playstation 0003:054C:0DF2.0001: Failed to retrieve feature with reportID 32: -71 [ 160.900467][ T5859] playstation 0003:054C:0DF2.0001: Failed to retrieve DualSense firmware info: -71 [ 160.900517][ T5859] playstation 0003:054C:0DF2.0001: Failed to get firmware info from DualSense [ 160.900535][ T5859] playstation 0003:054C:0DF2.0001: Failed to create dualsense. [ 160.973168][ T5859] playstation 0003:054C:0DF2.0001: probe with driver playstation failed with error -71 [ 161.008877][ T5859] usb 4-1: USB disconnect, device number 3 [ 161.082154][ T6619] fido_id[6619]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 162.979013][ T6663] netlink: 'syz.0.253': attribute type 10 has an invalid length. [ 163.060276][ T6663] syz_tun: entered promiscuous mode [ 163.145877][ T6663] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 164.420547][ T6680] workqueue: Failed to create a rescuer kthread for wq "xfs-buf/nullb0": -EINTR [ 166.127559][ T6708] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 166.170825][ T6708] openvswitch: netlink: Missing key (keys=2020040, expected=100) [ 167.057606][ T6711] netlink: 68 bytes leftover after parsing attributes in process `syz.2.271'. [ 167.995340][ T6722] workqueue: Failed to create a rescuer kthread for wq "xfs-conv/nullb0": -EINTR [ 170.439982][ T6757] netlink: 68 bytes leftover after parsing attributes in process `syz.0.287'. [ 171.706183][ T6762] /dev/nullb0: Can't open blockdev [ 174.744337][ T6805] workqueue: Failed to create a rescuer kthread for wq "xfs-buf/nullb0": -EINTR [ 174.758968][ T6802] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 180.045832][ T6875] netlink: 'syz.0.329': attribute type 10 has an invalid length. [ 180.084712][ T6875] 8021q: adding VLAN 0 to HW filter on device team0 [ 180.103901][ T6875] bond0: (slave team0): Enslaving as an active interface with an up link [ 187.188978][ T10] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 188.212486][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 188.212518][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 188.212552][ T10] usb 5-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af [ 188.212572][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 188.275500][ T10] usb 5-1: config 0 descriptor?? [ 188.397418][ T5915] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 188.547418][ T5915] usb 3-1: Using ep0 maxpacket: 32 [ 189.496696][ T10] usbhid 5-1:0.0: can't add hid device: -71 [ 189.496802][ T10] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 189.542098][ T5915] usb 3-1: New USB device found, idVendor=1039, idProduct=2120, bcdDevice= 2.a7 [ 189.542128][ T5915] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 189.542146][ T5915] usb 3-1: Product: syz [ 189.542158][ T5915] usb 3-1: Manufacturer: syz [ 189.542170][ T5915] usb 3-1: SerialNumber: syz [ 189.619276][ T10] usb 5-1: USB disconnect, device number 4 [ 189.649296][ T5915] usb 3-1: config 0 descriptor?? [ 190.777232][ T5915] usb 3-1: [ueagle-atm] ADSL device founded vid (0X1039) pid (0X2120) Rev (0X2A7): Eagle II [ 193.344798][ T5915] usb 3-1: [UEAGLE-ATM] interface 1 not found [ 193.344826][ T5915] ueagle-atm 3-1:0.0: usbatm_usb_probe: bind failed: -19! [ 193.450319][ T5915] usb 3-1: USB disconnect, device number 3 [ 193.507437][ T10] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 193.669318][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 193.669348][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 193.669377][ T10] usb 5-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af [ 193.669388][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 193.674459][ T10] usb 5-1: config 0 descriptor?? [ 194.091298][ T10] usbhid 5-1:0.0: can't add hid device: -71 [ 194.091429][ T10] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 194.130994][ T10] usb 5-1: USB disconnect, device number 5 [ 194.210048][ T60] Bluetooth: hci3: unknown advertising packet type: 0x75 [ 194.210088][ T60] Bluetooth: hci3: Malformed LE Event: 0x02 [ 194.445730][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.181230][ T7071] futex_wake_op: syz.4.399 tries to shift op by -1; fix this program [ 195.609540][ T7077] netlink: 68 bytes leftover after parsing attributes in process `syz.4.405'. [ 196.389561][ T60] Bluetooth: hci4: unknown advertising packet type: 0x75 [ 196.389603][ T60] Bluetooth: hci4: Malformed LE Event: 0x02 [ 196.989242][ T7105] netlink: 68 bytes leftover after parsing attributes in process `syz.4.418'. [ 197.320754][ T5812] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 197.577393][ T5812] usb 1-1: Using ep0 maxpacket: 16 [ 197.582699][ T5812] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 197.582750][ T5812] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 197.582774][ T5812] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18 [ 197.632931][ T5812] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 197.632958][ T5812] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 197.632974][ T5812] usb 1-1: SerialNumber: syz [ 197.688871][ T5812] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22 [ 197.774596][ T1384] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 197.878515][ T5803] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 197.898626][ T5803] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 197.904292][ T5803] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 197.904292][ T5803] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 197.908025][ T10] usb 1-1: USB disconnect, device number 4 [ 197.920037][ T5803] 1024-page vmalloc region starting at 0xffffc9001163a000 allocated at kcov_ioctl+0x58/0x640 [ 197.920098][ T5803] list_del corruption. next->prev should be ffffc9001b65d000, but was 0000000000000000. (next=ffffc9001163a000) [ 197.920534][ T5803] ------------[ cut here ]------------ [ 197.920541][ T5803] kernel BUG at lib/list_debug.c:67! [ 197.920581][ T5803] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI [ 197.920621][ T5803] CPU: 0 UID: 0 PID: 5803 Comm: kworker/u9:2 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 197.920640][ T5803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 197.920651][ T5803] Workqueue: hci1 hci_rx_work [ 197.920672][ T5803] RIP: 0010:__list_del_entry_valid_or_report+0x18a/0x190 [ 197.920692][ T5803] Code: cc ac 61 fd 43 80 3c 2c 00 74 08 4c 89 ff e8 8d d9 82 fd 49 8b 56 08 48 c7 c7 c0 63 a6 8b 48 89 de 4c 89 f1 e8 47 d9 7f fc 90 <0f> 0b cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 197.920707][ T5803] RSP: 0018:ffffc90004697a00 EFLAGS: 00010246 [ 197.920720][ T5803] RAX: 000000000000006d RBX: ffffc9001b65d000 RCX: 3d6f2a94221a5000 [ 197.920732][ T5803] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 197.920742][ T5803] RBP: 0000000000100000 R08: 0000000000000000 R09: 0000000000000000 [ 197.920752][ T5803] R10: dffffc0000000000 R11: ffffed1017104923 R12: 1ffff920022c7401 [ 197.920763][ T5803] R13: dffffc0000000000 R14: ffffc9001163a000 R15: ffffc9001163a008 [ 197.920775][ T5803] FS: 0000000000000000(0000) GS:ffff88812633f000(0000) knlGS:0000000000000000 [ 197.920789][ T5803] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 197.920800][ T5803] CR2: 0000001b2f213ff8 CR3: 0000000034782000 CR4: 00000000003526f0 [ 197.920816][ T5803] Call Trace: [ 197.920827][ T5803] [ 197.920836][ T5803] kcov_remote_start+0x2af/0x710 [ 197.920856][ T5803] hci_rx_work+0x10f/0x1030 [ 197.920876][ T5803] ? process_scheduled_works+0xa25/0x1830 [ 197.920898][ T5803] process_scheduled_works+0xb02/0x1830 [ 197.920928][ T5803] ? __pfx_process_scheduled_works+0x10/0x10 [ 197.920951][ T5803] ? assign_work+0x3d5/0x5e0 [ 197.920971][ T5803] worker_thread+0xa50/0xfc0 [ 197.921001][ T5803] kthread+0x388/0x470 [ 197.921017][ T5803] ? __pfx_worker_thread+0x10/0x10 [ 197.921036][ T5803] ? __pfx_kthread+0x10/0x10 [ 197.921052][ T5803] ret_from_fork+0x51e/0xb90 [ 197.921073][ T5803] ? __pfx_ret_from_fork+0x10/0x10 [ 197.921092][ T5803] ? __switch_to+0xc7d/0x1450 [ 197.921111][ T5803] ? __pfx_kthread+0x10/0x10 [ 197.921127][ T5803] ret_from_fork_asm+0x1a/0x30 [ 197.921148][ T5803] [ 197.921154][ T5803] Modules linked in: [ 197.921170][ T5803] ---[ end trace 0000000000000000 ]--- [ 197.921181][ T5803] RIP: 0010:__list_del_entry_valid_or_report+0x18a/0x190 [ 197.921198][ T5803] Code: cc ac 61 fd 43 80 3c 2c 00 74 08 4c 89 ff e8 8d d9 82 fd 49 8b 56 08 48 c7 c7 c0 63 a6 8b 48 89 de 4c 89 f1 e8 47 d9 7f fc 90 <0f> 0b cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 197.921211][ T5803] RSP: 0018:ffffc90004697a00 EFLAGS: 00010246 [ 197.921225][ T5803] RAX: 000000000000006d RBX: ffffc9001b65d000 RCX: 3d6f2a94221a5000 [ 197.921237][ T5803] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 197.921246][ T5803] RBP: 0000000000100000 R08: 0000000000000000 R09: 0000000000000000 [ 197.921256][ T5803] R10: dffffc0000000000 R11: ffffed1017104923 R12: 1ffff920022c7401 [ 197.921269][ T5803] R13: dffffc0000000000 R14: ffffc9001163a000 R15: ffffc9001163a008 [ 197.921281][ T5803] FS: 0000000000000000(0000) GS:ffff88812633f000(0000) knlGS:0000000000000000 [ 197.921294][ T5803] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 197.921305][ T5803] CR2: 0000001b2f213ff8 CR3: 0000000034782000 CR4: 00000000003526f0 [ 197.921321][ T5803] Kernel panic - not syncing: Fatal exception [ 197.921611][ T5803] Kernel Offset: disabled