last executing test programs: 10m48.40191825s ago: executing program 0 (id=201): r0 = socket$packet(0x11, 0x3, 0x300) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfec8d000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000820004000000000000000c00850000000f00000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0x0, 0x0, &(0x7f00000001c0)='GPL\x00'}, 0x94) socket$inet_tcp(0x2, 0x1, 0x0) r5 = socket$netlink(0x10, 0x3, 0xf) bind$netlink(r5, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000440)=[{0x20, 0x2, 0x81, 0xfffff034}, {0x6}]}, 0x10) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000340), 0xffffffffffffffff) r7 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00', 0x0}) sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000440)={0x40, r6, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_FEATURES_HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}]}, @ETHTOOL_A_FEATURES_WANTED={0x18, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1}]}]}]}]}, 0x40}}, 0x0) 10m44.525263882s ago: executing program 0 (id=204): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x58, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_emit_ethernet(0x4a, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd600a96460014060000000000000000000000000000000000fe8000000000000000000000000000aa00014e22", @ANYRES32=0x41424344, @ANYRES32], 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) writev(r1, &(0x7f0000000000)=[{&(0x7f00000000c0)="14", 0x1f68}], 0x2) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r0, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x1], 0x0, 0x0, 0x1, 0x1}}, 0x40) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x44) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000001, 0x12, r2, 0x0) 10m42.295323439s ago: executing program 0 (id=210): setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) write$binfmt_script(r0, &(0x7f00000005c0)={'#! ', './file0', [{0x20, 'GPL\x00'}, {0x20, ')-'}], 0xa, "a598b349ba6abe4a121cdf1a4989c2991d9b1c4ce58c7fcde415d6ed3b2ec0bcaa150f4ffafa5b48b57a794d4bd47880ed23dc1537db9f317ac99d4a9cf6bc641fa10b5ebc2682cec9c6194095b8939d7d4a2b5b3615fe61ee129d51"}, 0x6f) close(r0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) r2 = syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), r0) sendmsg$DEVLINK_CMD_RATE_DEL(r0, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000300)={&(0x7f0000000a00)=ANY=[@ANYBLOB="01003abb4732c961185195957d20a5fcf15afdac887d37f664cd19f615f31d2977d5ab96c9a627486949d47577eec8e42f65b8b9eac64e3b2a832f2dea9fea35da35afd83b88234dae29a720edc9feab700d7ca69912af65", @ANYRES16=r2, @ANYBLOB="100025bd7000fbdbdf254d000000c900a80000809e154cf9f2466b320ff361f1800ddf4d918fc52d94a80a8e1f86ec36039a237aaa99048e8770b3d31c1f459742f7f3931174cb0cf19d5c33118f42041ab58cb51f2f19559e03389275cb4c6ba6d6aa93b6a2026a3ed845d8f5b84b657ab3cce97436c185afbe5e3c6ba526ac1181dbb82a71af0c8b8ccc07ef6903d0691b56c7db17315485651546d6de2fa2a882efc6eb9d347b01019f27bba92e8a6745b505da4e71fe26acfcd953247ce6326ff52dcc8400815276281c50806e8fe694f7629bcf21000000080001007063690011000200303030303a30303a31302e3000000000ec00a800c878d1a33381ad0130256807092b469b873736402063a512a431e0cf0de67269314a969f55f7caebaae5953b3dab86748f505b5c14d0932c9abcfce6bcfd429589d5337cdcb8570abe02b49cb707d7a92bae769501b2ca9ccde5e7ce15e1ac011cca1056e2b7994ac5a3771207607bd7e297fb3abd09b875290390179da5f7ee6f03a0e4d996a33fcedc1690289b6902657f5d20addcaccaa81cb209e5d18855223b9440cb158ec2ad0b50c69a954d3471d23a552e93a0d5f5c194b252cd944125cf9321ee43de057331a5df02c7cfd4185e882e7cf6d7de87a61644badfd7ecea2643160f3b63a80800030000000000080001007063690011000200303030303a30303a31302e30000000000e0001006e657464657673696d0000000f0002006e657464657673696d300000"], 0x22c}, 0x1, 0x0, 0x0, 0x6159e7d40f521b10}, 0x4800) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000016"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000d00000001"], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r6, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r6], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r7}, 0x18) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10) execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) 10m37.96243397s ago: executing program 0 (id=213): socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50) socket$l2tp6(0xa, 0x2, 0x73) socket$l2tp6(0xa, 0x2, 0x73) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0xe}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000180), 0xfea7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000007580), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_HARDIF(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="00008000", @ANYRES16, @ANYBLOB="2d01620000000900509072fb60cb080003"], 0x2c}}, 0x4000) sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f0000007680)={0x0, 0x0, &(0x7f0000007640)={&(0x7f0000000000)=ANY=[@ANYBLOB="46040000", @ANYRES16=r5, @ANYBLOB="ff830500000700ffffff", @ANYRES8=r0], 0x4}}, 0x0) sendfile(r4, r3, 0x0, 0x100000002) 10m37.641933242s ago: executing program 0 (id=214): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) pipe2$9p(0x0, 0x800) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r0, @ANYBLOB=',U']) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x14, 0x2, 0x6, 0x801, 0xe4340000}, 0x14}}, 0x2) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065ffff"], 0xfffffd97) 10m36.103699786s ago: executing program 0 (id=216): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) unshare(0x22020600) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$SIOCGSTAMP(r2, 0x8906, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x50, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}]}, 0x50}}, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000000000000aa1800148014000240fc000000000000000000000000000000060004404e1f0000050007008400000006000540"], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000093850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r6, 0x0, 0x1ffffffffffffffd}, 0x18) r7 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r7, &(0x7f00000007c0)={0x300, 0x0, &(0x7f0000000080)={&(0x7f0000000b00)=ANY=[@ANYBLOB="020a06000300000028bd7008fcd1df25010018"], 0x18}}, 0x40) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) 10m20.338457003s ago: executing program 32 (id=216): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) unshare(0x22020600) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$SIOCGSTAMP(r2, 0x8906, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r3}, 0x10) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x50, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}]}, 0x50}}, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000000000000aa1800148014000240fc000000000000000000000000000000060004404e1f0000050007008400000006000540"], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000093850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r6, 0x0, 0x1ffffffffffffffd}, 0x18) r7 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r7, &(0x7f00000007c0)={0x300, 0x0, &(0x7f0000000080)={&(0x7f0000000b00)=ANY=[@ANYBLOB="020a06000300000028bd7008fcd1df25010018"], 0x18}}, 0x40) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) 7m12.319884189s ago: executing program 2 (id=559): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='mountinfo\x00') read$FUSE(r0, 0x0, 0x0) r1 = syz_usb_connect(0x0, 0x5a, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000060f94d100d05020027230102030109024840020000000009047d04031d5abf0009050400005539000009050b00000000000009050200000005000009047d01013481af0009a00e00230000690009047dbe"], 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_getscheduler(r2) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b000000000000"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r6 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r6, 0x0, 0x0) poll(0x0, 0x0, 0x5) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10) fsopen(0x0, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r8) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r8, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000", @ANYRES16=r9, @ANYBLOB="796100000000000000007e000000c13793b662e1b12b940a3bd19e5f9bd47e3f7f600e7406a5129bb288f78573610564130ca7a8e45dd686f4014dcd42a656f07e91858fd92337541a37b8f1c9fa300b553926"], 0x14}}, 0x4000054) syz_usb_control_io$uac1(r1, 0x0, 0x0) 7m6.140053988s ago: executing program 1 (id=564): socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb4, 0x13, 0x2, 0x0, 0x25dfdbfe, {{@in6=@private0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x4, 0x0, 0x0, 0xa, 0x60, 0x80, 0x3b, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, {0xfffffffffffffffe}, 0x9, 0x0, 0x0, 0x0, 0x2}}, 0xb4}, 0x1, 0x0, 0x0, 0x80}, 0x50) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9"], 0xb8}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0xaa3, 0xfffffffffffffff8, 0x4}, {0x0, 0x8}}}, 0xb8}}, 0x0) 7m6.072203759s ago: executing program 1 (id=566): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0e000000040000000800"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000d8d60b007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r1}, 0x10) getrandom(0x0, 0x0, 0x1) 7m5.812473182s ago: executing program 1 (id=567): setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) write$binfmt_script(r0, &(0x7f00000005c0)={'#! ', './file0', [{0x20, 'GPL\x00'}, {0x20, ')-'}], 0xa, "a598b349ba6abe4a121cdf1a4989c2991d9b1c4ce58c7fcde415d6ed3b2ec0bcaa150f4ffafa5b48b57a794d4bd47880ed23dc1537db9f317ac99d4a9cf6bc641fa10b5ebc2682cec9c6194095b8939d7d4a2b5b3615fe61ee129d51"}, 0x6f) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) sendmsg$DEVLINK_CMD_RATE_DEL(r0, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000300)={&(0x7f0000000a00)=ANY=[@ANYBLOB="01003abb4732c961185195957d20a5fcf15afdac887d37f664cd19f615f31d2977d5ab96c9a627486949d47577eec8e42f65b8b9eac64e3b2a832f2dea9fea35da35afd83b88234dae29a720edc9feab700d7ca69912af65", @ANYRES16, @ANYBLOB="100025bd7000fbdbdf254d000000c900a80000809e154cf9f2466b320ff361f1800ddf4d918fc52d94a80a8e1f86ec36039a237aaa99048e8770b3d31c1f459742f7f3931174cb0cf19d5c33118f42041ab58cb51f2f19559e03389275cb4c6ba6d6aa93b6a2026a3ed845d8f5b84b657ab3cce97436c185afbe5e3c6ba526ac1181dbb82a71af0c8b8ccc07ef6903d0691b56c7db17315485651546d6de2fa2a882efc6eb9d347b01019f27bba92e8a6745b505da4e71fe26acfcd953247ce6326ff52dcc8400815276281c50806e8fe694f7629bcf21000000080001007063690011000200303030303a30303a31302e3000000000ec00a800c878d1a33381ad0130256807092b469b873736402063a512a431e0cf0de67269314a969f55f7caebaae5953b3dab86748f505b5c14d0932c9abcfce6bcfd429589d5337cdcb8570abe02b49cb707d7a92bae769501b2ca9ccde5e7ce15e1ac011cca1056e2b7994ac5a3771207607bd7e297fb3abd09b875290390179da5f7ee6f03a0e4d996a33fcedc1690289b6902657f5d20addcaccaa81cb209e5d18855223b9440cb158ec2ad0b50c69a954d3471d23a552e93a0d5f5c194b252cd944125cf9321ee43de057331a5df02c7cfd4185e882e7cf6d7de87a61644badfd7ecea2643160f3b63a80800030000000000080001007063690011000200303030303a30303a31302e30000000000e0001006e657464657673696d0000000f0002006e657464657673696d300000"], 0x22c}, 0x1, 0x0, 0x0, 0x6159e7d40f521b10}, 0x4800) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000016"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000d00000001"], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r5, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r6}, 0x18) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10) execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) 7m4.040803513s ago: executing program 1 (id=570): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0x8, &(0x7f0000000400)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000e00000850000001b000000b700000000fa000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x7d, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000200)='kmem_cache_free\x00', r1}, 0x18) r2 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$AUTOFS_IOC_READY(r0, 0x9360, 0x1) bind$inet(r2, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2c}}, 0x10) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000080)=ANY=[@ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="0700a920e73cb70025f40000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="05000000010000000500"/28], 0x50) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x69703000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$RTC_UIE_ON(0xffffffffffffffff, 0x7003) bpf$PROG_LOAD(0x5, 0x0, 0x0) r6 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r6, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x0, 0x1}, 0x10) close(r6) 7m1.610971634s ago: executing program 1 (id=572): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_clone(0x498144ee5f62e149, 0x0, 0x17, 0x0, 0x0, 0x0) 7m0.413140488s ago: executing program 2 (id=573): socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='sched_switch\x00', r3}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x50) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) r4 = add_key$keyring(&(0x7f00000101c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r4, &(0x7f00000001c0)='asymmetric\x00', &(0x7f0000000240)=@keyring={'key_or_keyring:', r4, 0x30}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x18) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'tunl0\x00'}) r5 = socket$inet6(0xa, 0x2, 0x0) sendto$inet6(r5, 0x0, 0x0, 0x4098884, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c) 6m57.300792207s ago: executing program 2 (id=575): socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb4, 0x13, 0x2, 0x0, 0x25dfdbfe, {{@in6=@private0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x4, 0x0, 0x0, 0xa, 0x60, 0x80, 0x3b, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, {0xfffffffffffffffe}, 0x9, 0x0, 0x0, 0x0, 0x2}}, 0xb4}, 0x1, 0x0, 0x0, 0x80}, 0x50) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9"], 0xb8}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0xaa3, 0xfffffffffffffff8, 0x4}, {0x0, 0x8}}}, 0xb8}}, 0x0) 6m56.932898746s ago: executing program 1 (id=577): bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x200000c0, &(0x7f0000000440)=ANY=[@ANYRES32=r0, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x56, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x14}}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020700000000000002030207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000100850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r6 = open(&(0x7f0000000000)='./file0\x00', 0x80140, 0x0) fcntl$setlease(r6, 0x400, 0x1) close_range(r6, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sched_switch\x00', r5}, 0x10) r7 = socket$inet6(0x10, 0x2, 0x0) sendmsg(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000240)="5500000020007fafb72d13b2a4a2719302000000030b43026c26236925000400fe7f0080bd2dca8a9848a3c728f1c46b7b31afdc1338d509000000000100005ae583de0dd7d8319f98af84fda542e718f94b929ade", 0x55}], 0x1}, 0x0) 6m56.579998577s ago: executing program 2 (id=578): sched_setscheduler(0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x4c, 0x0, &(0x7f0000000500)=[@reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40}], 0x0, 0x0, 0x0}) r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) read$FUSE(r4, &(0x7f00000034c0)={0x2020}, 0x2020) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@ipv4_newrule={0x24, 0x20, 0x301, 0xfffffffc, 0x0, {0x2, 0x20, 0x0, 0x4, 0x3, 0x0, 0x0, 0x3, 0xf}, [@FRA_DST={0x8, 0x1, @private=0xa010101}]}, 0x24}}, 0x42094) 6m49.337472775s ago: executing program 2 (id=581): r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000740)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb010018000000000000001800000018000000050000000100000001000013040000000200000088060000ff0f0000002e2e"], 0x0, 0x35, 0x0, 0x1}, 0x28) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f0000000080)='GPL\x00', 0x5, 0x1000, &(0x7f0000000cc0)=""/4096, 0x40f00, 0x5, '\x00', 0x0, 0x0, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f00000002c0)={0x0, 0x2, 0x4, 0x9}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x40f00, 0x14, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0xd4}, 0x94) 6m48.963000732s ago: executing program 2 (id=582): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'geneve1\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0x2}, {0xffff, 0xffff}, {0xd}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0xd, 0xe, 0x1, 0x4}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x51}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r2 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newsa={0x138, 0x10, 0x1, 0xfffffffe, 0x100, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x714, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@loopback, {0x0, 0x192, 0x6, 0xffff, 0x8251c, 0x2, 0xfffffffffffffff8}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0x2, 0xfffffffc}, 0x70bd2a, 0x3504, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x3}, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x10, &(0x7f0000006680)) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000005580)=""/102392, 0x18ff8) r6 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x2002, 0x0) write$rfkill(r6, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8) sendmsg$nl_xfrm(r4, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8801}, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) 6m41.777394143s ago: executing program 33 (id=577): bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x200000c0, &(0x7f0000000440)=ANY=[@ANYRES32=r0, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x56, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x14}}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020700000000000002030207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000100850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r6 = open(&(0x7f0000000000)='./file0\x00', 0x80140, 0x0) fcntl$setlease(r6, 0x400, 0x1) close_range(r6, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sched_switch\x00', r5}, 0x10) r7 = socket$inet6(0x10, 0x2, 0x0) sendmsg(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000240)="5500000020007fafb72d13b2a4a2719302000000030b43026c26236925000400fe7f0080bd2dca8a9848a3c728f1c46b7b31afdc1338d509000000000100005ae583de0dd7d8319f98af84fda542e718f94b929ade", 0x55}], 0x1}, 0x0) 6m33.75361561s ago: executing program 34 (id=582): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'geneve1\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0x2}, {0xffff, 0xffff}, {0xd}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0xd, 0xe, 0x1, 0x4}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x51}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r2 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) read$msr(r2, &(0x7f0000002700)=""/102392, 0x18ff8) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newsa={0x138, 0x10, 0x1, 0xfffffffe, 0x100, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x714, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@loopback, {0x0, 0x192, 0x6, 0xffff, 0x8251c, 0x2, 0xfffffffffffffff8}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0x2, 0xfffffffc}, 0x70bd2a, 0x3504, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x3}, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x10, &(0x7f0000006680)) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000005580)=""/102392, 0x18ff8) r6 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x2002, 0x0) write$rfkill(r6, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8) sendmsg$nl_xfrm(r4, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8801}, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) 10.7127842s ago: executing program 3 (id=1004): sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, 0x0, 0x40c0080) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0) r1 = openat$cgroup_type(r0, &(0x7f0000000300), 0x2, 0x0) write$cgroup_type(r1, &(0x7f0000000280), 0x9) r2 = openat$cgroup_procs(r0, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0) write$cgroup_pid(r2, &(0x7f0000000c40), 0x12) r3 = socket$nl_route(0x10, 0x3, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r3, 0x0, r4, 0x0, 0x1, 0x5) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_ro(r5, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000040)=0x5) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r6, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) 9.519339849s ago: executing program 4 (id=1005): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="01000000040000000800000008"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) inotify_init1(0x800) socket(0x1e, 0x4, 0x0) r5 = socket(0x1, 0x3, 0x0) r6 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$UI_SET_EVBIT(r6, 0x40045564, 0x1) ioctl$UI_DEV_SETUP(r6, 0x405c5503, &(0x7f0000000580)={{0x0, 0x4, 0x0, 0x1}, 'syz0\x00', 0x33}) ioctl$UI_DEV_CREATE(r6, 0x5501) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) setsockopt$packet_tx_ring(r5, 0x10f, 0x87, 0x0, 0x0) 9.169419925s ago: executing program 3 (id=1006): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000080000", @ANYBLOB], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x3, &(0x7f00000003c0)=@framed, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) quotactl$Q_QUOTAON(0xffffffff80000200, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0) r4 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f0000000240)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108) 6.222006861s ago: executing program 3 (id=1007): socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) socket$l2tp6(0xa, 0x2, 0x73) socket$l2tp6(0xa, 0x2, 0x73) socket$l2tp6(0xa, 0x2, 0x73) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0xe}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000180), 0xfea7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000007580), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_HARDIF(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="00008000", @ANYRES16, @ANYBLOB="2d01620000000900509072fb60cb080003"], 0x2c}}, 0x4000) sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f0000007680)={0x0, 0x0, &(0x7f0000007640)={&(0x7f0000000000)=ANY=[@ANYRES16=r5, @ANYBLOB="ff830500000700ffffff", @ANYRES8=r0], 0x4}}, 0x0) sendfile(r4, r3, 0x0, 0x100000002) 6.220069814s ago: executing program 4 (id=1008): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', 0xffffffffffffffff, 0x0, 0xfffffffffffffffd}, 0x18) mq_notify(0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000800000008"], 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r1) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c) listen(r2, 0xfffffffc) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) accept(r1, 0x0, 0x0) 6.131331342s ago: executing program 3 (id=1009): socket$inet6(0xa, 0x2, 0x0) socket(0x10, 0x803, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) futex(0xfffffffffffffffd, 0x8, 0x0, 0x0, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f0000000480), 0x400034f, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000e00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='smaps\x00') pread64(r3, &(0x7f0000000200)=""/102400, 0x19000, 0x1000000000) 3.822211022s ago: executing program 3 (id=1010): socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[], 0x50) bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)=ANY=[@ANYBLOB="84000000180001002cbd7000ffdbdf251d0107000c000b00040000a00300", @ANYRES32=r3], 0x84}}, 0x0) madvise(&(0x7f00002e5000/0x400000)=nil, 0x400000, 0xf) epoll_create1(0x80000) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1b00"/13], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000020000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket$netlink(0x10, 0x3, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x54, r6, 0x1, 0x0, 0x25dfdbfc, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2f}}}, {0x14, 0x2, @in={0x2, 0x0, @empty}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x0) 3.821418286s ago: executing program 4 (id=1011): pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000300)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r5}}) 2.532995016s ago: executing program 4 (id=1012): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) pipe2$9p(0x0, 0x800) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000300)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d) r5 = dup(0xffffffffffffffff) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000780)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r5}}) 1.069005995s ago: executing program 4 (id=1013): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) read$FUSE(r0, &(0x7f0000003500)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) r2 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r2, &(0x7f0000000300), 0x10) sendmsg$can_bcm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)={0x5, 0x87, 0x6847, {0x0, 0xea60}, {0x0, 0xea60}, {0x4, 0x1, 0x1}, 0x1, @can={{0x0, 0x0, 0x0, 0x1}, 0x0, 0x3, 0x0, 0x0, "a8140e235ec62340"}}, 0x48}, 0x1, 0x0, 0x0, 0x1}, 0x90) write(r0, &(0x7f0000000140)="24000000010006", 0x7) r3 = socket$inet6_icmp(0xa, 0x2, 0x3a) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB='\v\x00\x00\x00\a\x00\x00\x00\b'], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000001840)=ANY=[@ANYRESOCT=r1, @ANYBLOB="2f12301e3b2c9d4606a7f1bbf53002147334d4e22b95b76fd7806b4b304bfbc653d2477f021afde19c84042164404190f0c4cd90d5b5666d50fac09bcfa430a57aa2f40553b7da4367b06255ae667ce740e6374735bd8631d7e6e6a6fbb4f3f893ba052c50252ccfcf5bcf4d94ab0abb3911acb54d01982d1104dc8796ec2df0c420199b6c911be0a71d403e5b537de37ebba8039db4fd885f969769534069b892422e62042e5c72cb9040c33127536191e531814d1eae25e79fce0cbd04421466e89b26b07b6a88028cf74d7035f5c0c4b5a1526d9c3930fc06525efacbbea3e03c650a3eb720ec5a858ef278a8ac655e9856d3b716eceb47cddc221fa4a35918c9215751decc4de4bfa4b7ab3e4fc9671794f7f9109b4ed472ac32e9b5c79f7188768631dc85530a1a7af434b5c9b7aa48c994f395533c2465cdfc49111865d68e74ccced859ca196ad208cf599dc6de397bf3171a2020ad84c7a0c3eed06bf2caf01bdab4263a62d4bdc890b601c61d1ebb18726ecfeaa220c9de5a5893efde881c02bc7b8b386bc734dae6b992745a5ba6c5166ecf9c0c4f535fc4fbdcd029d09cdd7a802d8447712ab5bb2861bdb9ebd9145ae3ded4a3bc7baea5b211aa96b76980b54d2e82aeab3065f4e5f58689b11a17748c5fb83507754c0ef31e5fe5157a996a30f16933babed408dbebab4abf6639d53e5289aacbbbfa5fb0eb63964e363f3923b92fcec042511f380a0fbd6ec40788678c7f22c2d21566f2d6a5ef1e491f8b8a698cf7b3ccb1167f2b3369e5e4ecbb6534ec2f427956ced44679b8bd630fd2dc9de971da46eace7e93fee88d3201ae27ca2a8c975a4049d3e6cdd90f57b620b56127c79e3fbdd1c603449fc6ac1cb19223febacd1fee148b7c5498659ebe326f506c6ea7422d1f9ce884b3ab18f1b822e9dc332c63047e165f0d164f60f97df1b1364c6fa401c640e31db76117d29a00b2046b2d18266aae20f478bf18293987b3ae2f720a1059b06d4abc426db7814d7b40868a32c65222d6baa6a24d86a88f6c06d67646d0a08bd69d1a8e19184e67b850ffca24111471947eee78226a6831b01d19ea8fed22b2127c49c7cf845de749a0ce9dcc0056624d70f758957483f3f08f0c1a10424a5bb39b5b9070b7bbc5ba65924911c67dd4220c70cef022a3dc528e72bd35f1ff7b3aa5110e911b26bfc7e4b64dfc668e72d7acc709e583df7b75aee9304e057f989c4ee56e0651c7bb03359a74d12872996574cc164ddef937e52d1934c154a4dd43279d62f9915486ac75d13ca38c3e3701be122878e6ca12ed02470535325d1bdd3d46914378149e115ebb140f67f096abd5e7a77df286c13b14d928f5a8dc6b743e1334d78a98087155cff9516468eda04cd3d84529320d86e707bb651980e59631154c6863f5782b79562ad50acc7c5c006eb76b93997cec00c22a80df3a752f4d6ac78d7d4e470653d99598359f335ca834b34885d28c6af74bfe03c1e54ce8d622126f0900e2ac269681661e3669ba98b0d52adbe7ac2eee20501e19a269806dccd608c560f566fc592db894a2eadfd0f3484dca3fe0ee96a5f99f1c9e9982941a8b116eeb6cfa9870bb46b5f8563e8b6c2e8d91db3048fae96625e8a79ecccf59b00209432d231470928b9028ea56fbe50172cb6ef16f1d4f1826720ad236ea4c4429260e943c7999a1467e0544e8b74d9e48632d75c5d8fdfad2e12ef3da4b9b94c32e84a9bff5e2f816093459c00da3b1f20afae975e0fd11267100507153f7ebc9fe4c1ce9b9136abfe32fdff3ad807646e554a6af78e8fa2b9c4aaf991362868905944b80572dda51ea8d5b6aa70d82f1c60402f536c6e4a5f2e50d7e19eba16acad34eccf1827ec555e4bc068e796f9918986de9829cdd5206aa0d07d527c9ee7943a0fd2db84562338b36e86ee5ee4170f6111380e6e91bda46b5672898c2cdabb28880bd3472f9f67eec0979edaf009461dbfb06b280fe9010abf1991cdde648579696da44fb2ca2bccaaa3c9e4ad3a6e595bb95d2a5848a0c628f680a761c998b36d6266b4c7fb5e5e27efdf331c809a2844226aae8a7c616a193cd2553ef0f1f30ab5f4dcf22447a9367a761e972bc6569d7d929a44dbae777805d6f9c424691a65f471ca09d65a9020e837c70d29310391e30be499d1dff0d1d393fc4ee5a8465056a8df8611c32f68481badf7810c6cf5f597f23822e56029a7ddce40d89cf7658c52f17480ddf865951f231cb9dd85935d4ace798453b7bed1bdbe2d38e90c4e63fac72e71e83060d768d925d87f52fa0bf5838249da9ba845235736c90b7fd64ed157f1ebb0ea35d9cdce048a0371c80ccbc3733df4267c22b8b5db800760e029288199f34facb44a26f46b8cef58584b72b6214ce0c3d377613a60f349c4c9115c38a392675eb3382b058415c7979cc7b200b691d4e67769989049fb3759c1db2e2f09d9f1c552d00fcb3e5ca40672b94c572b7cae34663c15864f2b6ea897e476bb53576a43e73655ee168b03800c4ae5f4313a738dfec5bc8a597e0274db3b8d205c7a261e7c46ad887271ccf493e03645fd9900f0d4220157e0dfdba86c44152962db68716103d2eceef0773445655d65588495d51d9513dbb3018b9c212493e6bcbc7242e286e9121c82735403ccf39d80e32cd1d1970fc1698f1d27587ce99a923b2f8136191d526397092ad332ad1ba7204c88cbc493e46ab1bee030d034b818d189c48f63c9b2576516d60919e6fda20494202a16b6b5dbffc6ff3b33cfc8e959f05f4ac1d6554160645afcc78fedf6580dbdd14cb457e03f3e4f93701ed1901e80a58e064488a99018f71a3cf33e081ae4b0eee49dde3fc3c60d6426f8ff21574958d83010c2b0ad84ba61f50ecef3f41d934a67edc7b7af3e70e2730fbdef9f889b6dde08c90af39656a745da079cbde44f4b5e9bdc797474c7ba88bd287a4542377b5a309883b7366915fede6a050142e08747fda711580aed28b73f674bb314b6cd455c10f4f4152d8f3d092dc89cad441686732807b4c8d3aaac9c89bf44128529fd34f75275fc032cf07f21cd879b592903e76e3b008e7ea7262421ac8518a22deae7b09e3837424d7baebe3c6c9938964d11e6eb30615549f3d1157f8a44f50782efec9e5b42c10b20b75202b3e5a8947e290d1e4ce04aa9ce2f71d9a73233979f0ac8d1e3b1064c6f33820f9434fcc846cc2018a0f1091042be9d3157b7a8fb05d9096b1f2c1e58d6ed2a4c122b1cc0497a71c60a724dcbbe3db2616b52c0cb757d61dd7f46db389473b64fc475f004f66e42c4425d6821d564d3e19e83372f4b29da292d7af780f6efe8a51879b87390d08fc3e25fde5d8cba31b16f552a16ed36143224d817381ebb7091cf31038c79dfb58f0778f0590c5d55a7feab298ab41ef5a9c4b95cc3e0e29a22b044f6b72b5525d73e1e58474229d1fd25f90c5d0bf0c65eb234d3d4049b8ca6326a364731b6aab219d45866d1625b6abebf8bbf8f6f3e796e8465124d9161f89c6c168c0754596bab82ab3de4cb598d32351bc1b1c09ca42777b37d56e9c6a216300e083b73657a80c3f1d681274c639958c45091f913852f870a1307405091c577e1cfb1cbb4f9221e5752189fc6744c6165dea6aebbe23a656f155bac240a6f29240d8fdd5da10bceea4b576613d4c06a0406598f17e2ed49679525137cfed64f622bbd29599dff3adf2e89f6114fee6151f88453913d48acb1c35c5bbe25cef2af91f4a4edc37095ca8a37cc9b002a5aaed18542daa9155e20363313fa138c3df6782690887a2e9c63e581195cdf64f7b040f7c3d8dd1da7345725ac2ee3300670445aa3122e699f6d8b136bd73fcaf9377ba342bbaed7375385600f2ae80802d60232b766e332423f11bed740b61b218603c0feb6df57aeafabad0688d1188b5e2fa9100b9d32a62ee9a178865bcac85de8fffc11adb1d3016d753f53b8fcc1ff017288e453f674d0fde41cbfead6ba7f64af9e5a004be31978197aa27a69e505d3f7b3cd08d2750f3d34dd85cb3ca2c0c30858bf4162121b498ed975a819bd324ad279a7c8d3e659aa53b244d4b67f4a7804b69478ba1d83b60ba432336afb319b6306299baf86787ff10ecd19888fce251f66726d0a4bde6f0dfe0c6f861a6f954fd8072cf67d8ff5ab17058896c35d41a1f0c9a5e5261d6ad569be75492d6b51117787cb2cebf4c101576d9e486a2d5d7a7ee5470670c77c36840d9670de75b14b58d1b327c7905fe2c5b71993218d9a1128513bac9f061ff448fa00fb01d8b168e6c5e4edbfe5e1d57ef3beda14e85a206f6ebdd2067a23752e2eb8b5f10f8f9faabe3b720a39e2dfd09a027878818e70a0f242d85b971e8f56155c46fd4676c90909f582f7210e4362f7d4bf85a6b7948467f47085e25626fb7fabfb3abb0c367dd3400553e89c60db3d1f00de1dd443f5fec74fedf960fab4440a5c983efc43b9bfc687016fac45c2288ea4c0d9d84a1ee853f11e9bc41c25193c42bc9d5df27d178e2bf49725d511c2ccd98a20c92457bae4666e12a5092805dbd808ef1a6b0b9eb8e0c4449750f6b9ace69b15efa4a2a4d067eebf511ccf8d2c90e7fc2202684255ecd10aff38d18427f11fb00af42601e71147fdc373dce9435799a9b42aa9928fd81084973951186f08bb42c07531c3d39c22071b9e046233c55a69330d429dd84d3f919d9f5c6df9b1ed7ca2c24b598572c59fa9f20ac8a2054e8ab435d7943485077d55e5d00c207dcd0117757fd851a432a2ce04cc4410601db54fd7a0219a9aaf7f93dead573a645923aaf8581b851316c16dcbc48429d10fef805d2849e54c20dbed7daa9f2ac4dc0cee9aadca0bb9a0897916f84c8263aaa4d19c0727bac9004bd091a1e055df137fa5a6a1be7990373e160f5ac9dc8a0bd50332cc109ecac01866574dfcbc5b1280e3d0ff8448d6647a404b932a1498183678f5ce4e5466d05eb05fe9e905bc5f1d0b8874c54c91bb3008fd35310a4260b50fd30b530864914d98da79658006b4db5bb4f45f87a5f57b69f0f7d6618c640c64480d0ce0cf80e31862fb92aa9df2b7d3a1e289a44914bbc811acf2dec8279ec80ba40e714d0325726fa9145bd392e8abdc971330c39b2771aeefe0f732567e6a0e3b64b6018a24783d088b2e254877e5bf465df3a114d2e4b1fd660d2b73d8b345a6839d9f4d09914e65d70ca2528e50215f6b2240e34f6b3392f6d6281b52c5e794935cf2daaeccec0eccfc181a624955f3fba840bb6662dc014deb808a1fb62379f1c3dd88c3aee14c69daba97d018f93193607cb431032aab5859449a1ec4ad80b61b5a4600c0126411cee571f07097de224f6302a47ad579162bb249bd0f88a002e14138e1052ab0020a947329d9679dffc966873656c0d0453d98f5cf465743ad304bea9cdc50ba94bcfc9253b116ecdd74cf7ed20fd7f02823929a14ba3be43866755413e4a9a5c4f3ee882292fe0d8b1fc93ac6995f58fc7bf58d5703457f16eb41482260d2b75ee9b27516f3abc21ef0e81895b27caf4c40789e7b75284d1e9b3332a262411ff717fa9816ab0e9f3bf6532ee70b9c0707ec5b2d06b437b583f029be39254b3fb374a32922c845bfe6378f9598b389301f2d09cd5a39e9879e9647b04f3510233ba234a435180e3f0f04ea9ef69f6375663adaaa283d314316df815891beadb9d62d254178a962778c6fbbd3cf27b85ef685698a438c87bf98eb4fbed3361cc5cef53f31ff63b13", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r6, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20) socket$packet(0x11, 0xa, 0x300) r7 = socket$packet(0x11, 0x2, 0x300) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet_udplite(0x2, 0x2, 0x88) socket(0x10, 0x80002, 0x0) sendmsg$tipc(r8, &(0x7f0000000240)={0x0, 0x810100, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1, 0x0, 0x0, 0x3}, 0x0) bind$packet(r7, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, 0x14) syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @random="50a245d5cde0", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0xc5954f3a11a34c, 0x20, 0x0, 0x80, 0x2, 0x0, @multicast1, @multicast2}, @timestamp_reply={0x11, 0xe0, 0x0, 0x3, 0x200, 0x0, 0x0, 0x1}}}}}, 0x0) recvmmsg(r3, &(0x7f0000004980), 0x0, 0x1, &(0x7f0000004b80)={r4, r5+10000000}) 679.558032ms ago: executing program 3 (id=1014): openat$kvm(0xffffffffffffff9c, 0x0, 0x80002, 0x0) r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r3}, 0x10) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x10) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100)={0xa000000d}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r4, &(0x7f0000000400)={0xa}) syz_usb_connect(0x4, 0x24, 0x0, 0x0) epoll_pwait(r0, &(0x7f0000000080)=[{}], 0x1, 0x4c6, 0x0, 0x0) 0s ago: executing program 4 (id=1015): r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$nl_route(0x10, 0x3, 0x0) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) r3 = userfaultfd(0x80001) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f0000000480), 0x400034f, 0x2, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=@framed={{}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r7}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r8}, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) socket$nl_route(0x10, 0x3, 0x0) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f00000001c0)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14) sendmsg$nl_route_sched(r1, &(0x7f0000006280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x6a00}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x2}, 0x2, r9}}]}, {0x4, 0xa}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x0) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4) kernel console output (not intermixed with test programs): ng): unset [1, 0] type 2 family 0 port 6081 - 0 [ 233.449834][ T37] audit: type=1326 audit(1761203721.846:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6859 comm="syz.4.270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f46162cefc9 code=0x7ffc0000 [ 233.452072][ T37] audit: type=1326 audit(1761203721.856:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6863 comm="syz.2.272" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdeabedefc9 code=0x7ffc0000 [ 233.453219][ T37] audit: type=1326 audit(1761203721.856:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6859 comm="syz.4.270" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46162cefc9 code=0x7ffc0000 [ 233.666376][ T6769] chnl_net:caif_netlink_parms(): no params data found [ 236.450128][ T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 236.783052][ T6885] 9pnet_fd: Insufficient options for proto=fd [ 238.374498][ T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 239.965446][ T1243] libceph: connect (1)[c::]:6789 error -101 [ 239.965629][ T1243] libceph: mon0 (1)[c::]:6789 connect error [ 239.973045][ T1243] libceph: connect (1)[c::]:6789 error -101 [ 239.973251][ T1243] libceph: mon0 (1)[c::]:6789 connect error [ 240.236187][ T5888] libceph: connect (1)[c::]:6789 error -101 [ 240.245609][ T5888] libceph: mon0 (1)[c::]:6789 connect error [ 240.298108][ T6912] ceph: No mds server is up or the cluster is laggy [ 240.795398][ T5888] libceph: connect (1)[c::]:6789 error -101 [ 240.795595][ T5888] libceph: mon0 (1)[c::]:6789 connect error [ 243.181938][ T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 243.266771][ T6927] netlink: 204 bytes leftover after parsing attributes in process `syz.2.289'. [ 243.378360][ T6769] bridge0: port 1(bridge_slave_0) entered blocking state [ 243.378495][ T6769] bridge0: port 1(bridge_slave_0) entered disabled state [ 243.378727][ T6769] bridge_slave_0: entered allmulticast mode [ 243.388355][ T6769] bridge_slave_0: entered promiscuous mode [ 243.429235][ T6769] bridge0: port 2(bridge_slave_1) entered blocking state [ 243.429370][ T6769] bridge0: port 2(bridge_slave_1) entered disabled state [ 243.432084][ T6769] bridge_slave_1: entered allmulticast mode [ 243.460024][ T6769] bridge_slave_1: entered promiscuous mode [ 245.323398][ T6769] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 245.371751][ T6769] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 245.626563][ T37] kauditd_printk_skb: 31 callbacks suppressed [ 245.626581][ T37] audit: type=1326 audit(1761203734.026:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6954 comm="syz.2.298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdeabedefc9 code=0x7ffc0000 [ 245.626627][ T37] audit: type=1326 audit(1761203734.026:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6954 comm="syz.2.298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdeabedefc9 code=0x7ffc0000 [ 245.627514][ T37] audit: type=1326 audit(1761203734.026:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6954 comm="syz.2.298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdeabedefc9 code=0x7ffc0000 [ 245.628833][ T37] audit: type=1326 audit(1761203734.036:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6954 comm="syz.2.298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdeabedefc9 code=0x7ffc0000 [ 245.629950][ T37] audit: type=1326 audit(1761203734.036:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6954 comm="syz.2.298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdeabedefc9 code=0x7ffc0000 [ 245.629995][ T37] audit: type=1326 audit(1761203734.036:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6954 comm="syz.2.298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdeabedefc9 code=0x7ffc0000 [ 245.630031][ T37] audit: type=1326 audit(1761203734.036:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6954 comm="syz.2.298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fdeabedefc9 code=0x7ffc0000 [ 245.630068][ T37] audit: type=1326 audit(1761203734.036:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6954 comm="syz.2.298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdeabedefc9 code=0x7ffc0000 [ 245.631077][ T37] audit: type=1326 audit(1761203734.036:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6954 comm="syz.2.298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fdeabedefc9 code=0x7ffc0000 [ 245.631120][ T37] audit: type=1326 audit(1761203734.036:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6954 comm="syz.2.298" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdeabedefc9 code=0x7ffc0000 [ 245.890152][ T9] libceph: connect (1)[c::]:6789 error -101 [ 245.890274][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 246.008921][ T6962] ceph: No mds server is up or the cluster is laggy [ 246.474860][ T9] libceph: connect (1)[c::]:6789 error -101 [ 246.475097][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 246.640541][ T6769] team0: Port device team_slave_0 added [ 246.706935][ T6769] team0: Port device team_slave_1 added [ 248.757607][ T6983] overlayfs: overlapping lowerdir path [ 248.772838][ T6984] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 248.973810][ T6769] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 248.973826][ T6769] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 248.973851][ T6769] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 248.991306][ T6769] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 248.991322][ T6769] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 248.991345][ T6769] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 249.679537][ T6993] netlink: 4 bytes leftover after parsing attributes in process `syz.2.307'. [ 249.684799][ T6993] netlink: 4 bytes leftover after parsing attributes in process `syz.2.307'. [ 250.753179][ T6769] hsr_slave_0: entered promiscuous mode [ 250.765972][ T6769] hsr_slave_1: entered promiscuous mode [ 250.767102][ T6769] debugfs: 'hsr0' already exists in 'hsr' [ 250.767126][ T6769] Cannot create hsr debugfs directory [ 250.769934][ T13] bridge_slave_1: left allmulticast mode [ 250.770117][ T13] bridge_slave_1: left promiscuous mode [ 250.777939][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 252.267898][ T13] bridge_slave_0: left allmulticast mode [ 252.267928][ T13] bridge_slave_0: left promiscuous mode [ 252.270225][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 253.593092][ T7020] overlayfs: overlapping lowerdir path [ 253.700679][ T7017] overlayfs: failed to resolve './file1': -2 [ 256.054156][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.054297][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 257.891821][ T7050] netlink: 4 bytes leftover after parsing attributes in process `syz.4.318'. [ 261.728935][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 261.788886][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 261.811327][ T13] bond0 (unregistering): Released all slaves [ 273.155397][ T5875] libceph: connect (1)[c::]:6789 error -101 [ 273.155589][ T5875] libceph: mon0 (1)[c::]:6789 connect error [ 273.346801][ T7178] ceph: No mds server is up or the cluster is laggy [ 273.514001][ T9] libceph: connect (1)[c::]:6789 error -101 [ 273.514204][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 274.974978][ T5875] libceph: connect (1)[c::]:6789 error -101 [ 274.975211][ T5875] libceph: mon0 (1)[c::]:6789 connect error [ 275.021407][ T13] hsr_slave_0: left promiscuous mode [ 276.363199][ T13] hsr_slave_1: left promiscuous mode [ 276.364430][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 276.364566][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 276.650333][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 276.650360][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 277.217768][ T13] veth1_macvtap: left promiscuous mode [ 277.229680][ T13] veth0_macvtap: left promiscuous mode [ 277.230153][ T13] veth1_vlan: left promiscuous mode [ 277.230597][ T13] veth0_vlan: left promiscuous mode [ 280.154611][ T5813] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 280.157991][ T5813] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 280.174343][ T5813] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 280.175474][ T5813] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 280.185662][ T5813] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 280.516263][ T7190] kexec: Could not allocate control_code_buffer [ 281.938708][ T7238] netlink: 12 bytes leftover after parsing attributes in process `syz.2.362'. [ 281.954018][ T7238] netlink: 12 bytes leftover after parsing attributes in process `syz.2.362'. [ 282.457921][ T5813] Bluetooth: hci4: command tx timeout [ 282.878880][ T13] team0 (unregistering): Port device team_slave_1 removed [ 283.058769][ T13] team0 (unregistering): Port device team_slave_0 removed [ 284.508441][ T5813] Bluetooth: hci4: command tx timeout [ 285.568396][ T9] libceph: connect (1)[c::]:6789 error -101 [ 285.623770][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 285.724882][ T7241] ceph: No mds server is up or the cluster is laggy [ 285.993691][ T9] libceph: connect (1)[c::]:6789 error -101 [ 285.993895][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 287.469625][ T5813] Bluetooth: hci4: command tx timeout [ 289.291497][ T7279] netlink: 4 bytes leftover after parsing attributes in process `syz.2.368'. [ 289.302132][ T7279] netlink: 4 bytes leftover after parsing attributes in process `syz.2.368'. [ 289.831343][ T5813] Bluetooth: hci4: command tx timeout [ 290.185648][ T7216] chnl_net:caif_netlink_parms(): no params data found [ 290.469981][ T7286] netlink: 4 bytes leftover after parsing attributes in process `syz.4.370'. [ 297.348454][ T7311] wg2: left promiscuous mode [ 297.348481][ T7311] wg2: left allmulticast mode [ 300.388592][ T7347] hpfs: hpfs_map_sector(): read error [ 301.801170][ T7216] bridge0: port 1(bridge_slave_0) entered blocking state [ 301.801307][ T7216] bridge0: port 1(bridge_slave_0) entered disabled state [ 301.801542][ T7216] bridge_slave_0: entered allmulticast mode [ 301.870160][ T7216] bridge_slave_0: entered promiscuous mode [ 302.026550][ T7216] bridge0: port 2(bridge_slave_1) entered blocking state [ 302.026661][ T7216] bridge0: port 2(bridge_slave_1) entered disabled state [ 302.026874][ T7216] bridge_slave_1: entered allmulticast mode [ 302.058269][ T7216] bridge_slave_1: entered promiscuous mode [ 302.784334][ T1243] libceph: connect (1)[c::]:6789 error -101 [ 302.784535][ T1243] libceph: mon0 (1)[c::]:6789 connect error [ 302.861373][ T5888] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 302.885171][ T7370] ceph: No mds server is up or the cluster is laggy [ 303.051243][ T7216] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 303.088136][ T5888] usb 4-1: Using ep0 maxpacket: 16 [ 303.108889][ T5888] usb 4-1: config 7 has an invalid interface number: 163 but max is 0 [ 303.108918][ T5888] usb 4-1: config 7 has no interface number 0 [ 303.112578][ T5888] usb 4-1: New USB device found, idVendor=1a0a, idProduct=0103, bcdDevice=ce.47 [ 303.112605][ T5888] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 303.112625][ T5888] usb 4-1: Product: syz [ 303.112639][ T5888] usb 4-1: Manufacturer: syz [ 303.112653][ T5888] usb 4-1: SerialNumber: syz [ 303.181408][ T7216] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 305.162159][ T5888] usb_ehset_test 4-1:7.163: probe with driver usb_ehset_test failed with error -32 [ 305.173122][ T5888] usb 4-1: USB disconnect, device number 2 [ 305.430662][ T7216] team0: Port device team_slave_0 added [ 305.514117][ T7216] team0: Port device team_slave_1 added [ 305.997678][ T7408] hpfs: hpfs_map_sector(): read error [ 307.393384][ T5875] libceph: connect (1)[c::]:6789 error -101 [ 307.393712][ T5875] libceph: mon0 (1)[c::]:6789 connect error [ 307.394480][ T5875] libceph: connect (1)[c::]:6789 error -101 [ 307.394778][ T5875] libceph: mon0 (1)[c::]:6789 connect error [ 307.761756][ T7425] ceph: No mds server is up or the cluster is laggy [ 307.911174][ T1882] libceph: connect (1)[c::]:6789 error -101 [ 308.092153][ T1882] libceph: mon0 (1)[c::]:6789 connect error [ 308.187283][ T13] bridge_slave_1: left allmulticast mode [ 308.187304][ T13] bridge_slave_1: left promiscuous mode [ 308.187448][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 308.777522][ T9] libceph: connect (1)[c::]:6789 error -101 [ 308.779444][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 309.419345][ T7438] 9pnet_fd: Insufficient options for proto=fd [ 309.445309][ T13] bridge_slave_0: left allmulticast mode [ 309.445338][ T13] bridge_slave_0: left promiscuous mode [ 309.445607][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 309.864024][ T7444] hpfs: hpfs_map_sector(): read error [ 312.505195][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 312.693582][ T37] kauditd_printk_skb: 9 callbacks suppressed [ 312.693601][ T37] audit: type=1326 audit(1761203801.086:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7460 comm="syz.4.413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46162cefc9 code=0x7ffc0000 [ 312.693650][ T37] audit: type=1326 audit(1761203801.086:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7460 comm="syz.4.413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46162cefc9 code=0x7ffc0000 [ 312.693797][ T37] audit: type=1326 audit(1761203801.086:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7460 comm="syz.4.413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f46162cda7f code=0x7ffc0000 [ 312.693837][ T37] audit: type=1326 audit(1761203801.086:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7460 comm="syz.4.413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46162cefc9 code=0x7ffc0000 [ 312.693877][ T37] audit: type=1326 audit(1761203801.086:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7460 comm="syz.4.413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46162cefc9 code=0x7ffc0000 [ 313.254024][ T7469] netlink: 4 bytes leftover after parsing attributes in process `syz.3.412'. [ 313.272022][ T7469] netlink: 4 bytes leftover after parsing attributes in process `syz.3.412'. [ 313.864954][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 314.271802][ T13] bond0 (unregistering): Released all slaves [ 315.206847][ T7480] 9pnet_fd: Insufficient options for proto=fd [ 315.335138][ T7216] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 315.335150][ T7216] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 315.335163][ T7216] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 315.388208][ T1882] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 315.392125][ T7216] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 315.392139][ T7216] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 315.392163][ T7216] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 315.538173][ T1882] usb 3-1: Using ep0 maxpacket: 32 [ 315.540819][ T1882] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 315.540866][ T1882] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 315.540888][ T1882] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 315.589332][ T1882] usb 3-1: config 0 descriptor?? [ 315.611512][ T1882] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 315.898235][ T13] hsr_slave_0: left promiscuous mode [ 315.938219][ T13] hsr_slave_1: left promiscuous mode [ 315.939300][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 315.991455][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 317.088778][ T13] team0 (unregistering): Port device team_slave_1 removed [ 317.236720][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.236789][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.247266][ T13] team0 (unregistering): Port device team_slave_0 removed [ 318.931260][ T5875] usb 3-1: USB disconnect, device number 3 [ 319.204279][ T37] audit: type=1326 audit(1761203807.596:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7516 comm="syz.4.424" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46162cefc9 code=0x7ffc0000 [ 319.205622][ T37] audit: type=1326 audit(1761203807.606:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7516 comm="syz.4.424" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f46162cda7f code=0x7ffc0000 [ 319.218147][ T37] audit: type=1326 audit(1761203807.606:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7516 comm="syz.4.424" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46162cefc9 code=0x7ffc0000 [ 319.218198][ T37] audit: type=1326 audit(1761203807.616:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7516 comm="syz.4.424" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46162cefc9 code=0x7ffc0000 [ 319.929523][ T7533] hpfs: hpfs_map_sector(): read error [ 320.788585][ T7216] hsr_slave_0: entered promiscuous mode [ 320.792256][ T7216] hsr_slave_1: entered promiscuous mode [ 320.798834][ T7216] debugfs: 'hsr0' already exists in 'hsr' [ 320.798858][ T7216] Cannot create hsr debugfs directory [ 324.858417][ T7216] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 325.014447][ T7216] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 325.805990][ T7583] hpfs: hpfs_map_sector(): read error [ 326.594867][ T7216] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 326.746082][ T7216] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 326.958517][ T7595] 9pnet_fd: Insufficient options for proto=fd [ 327.170734][ T7600] 9pnet_fd: Insufficient options for proto=fd [ 327.860088][ T7596] 9pnet: Could not find request transport: fd0x0000000000000004 [ 330.944459][ T7216] 8021q: adding VLAN 0 to HW filter on device bond0 [ 331.130760][ T7216] 8021q: adding VLAN 0 to HW filter on device team0 [ 331.173474][ T1454] bridge0: port 1(bridge_slave_0) entered blocking state [ 331.175202][ T1454] bridge0: port 1(bridge_slave_0) entered forwarding state [ 331.245418][ T1454] bridge0: port 2(bridge_slave_1) entered blocking state [ 331.245569][ T1454] bridge0: port 2(bridge_slave_1) entered forwarding state [ 333.047214][ T7651] 9pnet: Could not find request transport: fd0x0000000000000004 [ 333.201554][ T7662] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 333.201748][ T7662] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 334.143353][ T7216] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 342.074411][ T7718] 9pnet_fd: Insufficient options for proto=fd [ 342.797109][ T7730] input: syz0 as /devices/virtual/input/input10 [ 345.502382][ T5802] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 345.527958][ T5802] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 345.538291][ T5802] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 345.539596][ T5802] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 345.540456][ T5802] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 345.748827][ T9] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 346.288128][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 346.290703][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 346.290731][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 346.290768][ T9] usb 5-1: New USB device found, idVendor=17ef, idProduct=7309, bcdDevice= 0.00 [ 346.290789][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 346.414843][ T9] usb 5-1: config 0 descriptor?? [ 346.450283][ T9] hub 5-1:0.0: USB hub found [ 346.960835][ T9] hub 5-1:0.0: 7 ports detected [ 346.961320][ T9] hub 5-1:0.0: insufficient power available to use all downstream ports [ 348.118549][ T9] hub 5-1:0.0: hub_hub_status failed (err = -71) [ 348.118572][ T9] hub 5-1:0.0: config failed, can't get hub status (err -71) [ 348.194172][ T9] usb 5-1: USB disconnect, device number 3 [ 348.428288][ T5802] Bluetooth: hci5: command tx timeout [ 348.454808][ T37] audit: type=1326 audit(1761203836.856:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7766 comm="syz.2.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdeabedefc9 code=0x7ffc0000 [ 348.455201][ T37] audit: type=1326 audit(1761203836.856:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7766 comm="syz.2.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdeabedefc9 code=0x7ffc0000 [ 348.488134][ T37] audit: type=1326 audit(1761203836.866:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7766 comm="syz.2.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fdeabedda7f code=0x7ffc0000 [ 348.488193][ T37] audit: type=1326 audit(1761203836.876:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7766 comm="syz.2.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdeabedefc9 code=0x7ffc0000 [ 348.488233][ T37] audit: type=1326 audit(1761203836.876:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7766 comm="syz.2.472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdeabedefc9 code=0x7ffc0000 [ 349.076766][ T7782] 9pnet_fd: Insufficient options for proto=fd [ 350.688219][ T5802] Bluetooth: hci5: command tx timeout [ 352.950836][ T5802] Bluetooth: hci5: command tx timeout [ 354.995181][ T7818] 9pnet_fd: Insufficient options for proto=fd [ 355.338162][ T7822] input: syz0 as /devices/virtual/input/input11 [ 355.818086][ T5802] Bluetooth: hci5: command tx timeout [ 363.788758][ T7875] 9pnet_fd: Insufficient options for proto=fd [ 364.516023][ T7741] chnl_net:caif_netlink_parms(): no params data found [ 366.812786][ T7913] hpfs: hpfs_map_sector(): read error [ 368.387160][ T7741] bridge0: port 1(bridge_slave_0) entered blocking state [ 368.387319][ T7741] bridge0: port 1(bridge_slave_0) entered disabled state [ 368.387536][ T7741] bridge_slave_0: entered allmulticast mode [ 368.398524][ T7741] bridge_slave_0: entered promiscuous mode [ 368.402121][ T7741] bridge0: port 2(bridge_slave_1) entered blocking state [ 368.402243][ T7741] bridge0: port 2(bridge_slave_1) entered disabled state [ 368.402589][ T7741] bridge_slave_1: entered allmulticast mode [ 368.413447][ T7741] bridge_slave_1: entered promiscuous mode [ 371.927243][ T7939] 9pnet_fd: Insufficient options for proto=fd [ 374.781176][ T9] libceph: connect (1)[c::]:6789 error -101 [ 374.781447][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 376.124049][ T7955] ceph: No mds server is up or the cluster is laggy [ 376.218950][ T5875] libceph: connect (1)[c::]:6789 error -101 [ 376.219172][ T5875] libceph: mon0 (1)[c::]:6789 connect error [ 376.443208][ T7741] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 378.118459][ T5875] libceph: connect (1)[c::]:6789 error -101 [ 378.120459][ T5875] libceph: mon0 (1)[c::]:6789 connect error [ 378.122525][ T5875] libceph: connect (1)[c::]:6789 error -101 [ 378.122714][ T5875] libceph: mon0 (1)[c::]:6789 connect error [ 378.180322][ T7741] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 378.235836][ T7974] 9pnet_fd: Insufficient options for proto=fd [ 378.777262][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.777334][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 380.353758][ T7990] hpfs: hpfs_map_sector(): read error [ 381.271426][ T7741] team0: Port device team_slave_0 added [ 381.569141][ T7741] team0: Port device team_slave_1 added [ 382.759644][ T1433] bridge_slave_1: left allmulticast mode [ 382.759671][ T1433] bridge_slave_1: left promiscuous mode [ 382.760271][ T1433] bridge0: port 2(bridge_slave_1) entered disabled state [ 382.860823][ T8012] 9pnet_fd: Insufficient options for proto=fd [ 382.883616][ T1433] bridge_slave_0: left allmulticast mode [ 382.883644][ T1433] bridge_slave_0: left promiscuous mode [ 382.884506][ T1433] bridge0: port 1(bridge_slave_0) entered disabled state [ 390.199413][ T8049] 9pnet_fd: Insufficient options for proto=fd [ 393.033010][ T8058] hpfs: hpfs_map_sector(): read error [ 399.717732][ T8095] 9pnet_fd: Insufficient options for proto=fd [ 402.711638][ T5813] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 402.715155][ T5813] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 402.728193][ T5813] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 402.734118][ T5813] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 402.734859][ T5813] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 403.302327][ T1433] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 403.378814][ T1433] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 403.408206][ T9] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 403.440336][ T1433] bond0 (unregistering): Released all slaves [ 403.568824][ T9] usb 3-1: Using ep0 maxpacket: 16 [ 403.574043][ T9] usb 3-1: config index 0 descriptor too short (expected 16456, got 72) [ 403.574070][ T9] usb 3-1: config 0 has an invalid interface number: 125 but max is 1 [ 403.574088][ T9] usb 3-1: config 0 has an invalid interface number: 125 but max is 1 [ 403.574105][ T9] usb 3-1: config 0 has an invalid interface number: 125 but max is 1 [ 403.574122][ T9] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 403.574139][ T9] usb 3-1: config 0 has no interface number 0 [ 403.574194][ T9] usb 3-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 403.574221][ T9] usb 3-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 403.574241][ T9] usb 3-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 403.574275][ T9] usb 3-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 403.574299][ T9] usb 3-1: config 0 interface 125 has no altsetting 0 [ 403.574316][ T9] usb 3-1: config 0 interface 125 has no altsetting 2 [ 403.602416][ T9] usb 3-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 403.602446][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 403.602464][ T9] usb 3-1: Product: syz [ 403.602476][ T9] usb 3-1: Manufacturer: syz [ 403.602489][ T9] usb 3-1: SerialNumber: syz [ 404.187163][ T9] usb 3-1: config 0 descriptor?? [ 404.521089][ T9] usb 3-1: selecting invalid altsetting 2 [ 405.631510][ T5802] Bluetooth: hci4: command tx timeout [ 406.299090][ T9] get_1284_register timeout [ 406.301173][ C0] usb 3-1: async_complete: urb error -104 [ 406.304501][ C0] usb 3-1: async_complete: urb error -104 [ 406.304602][ C0] usb 3-1: async_complete: urb error -104 [ 406.304694][ C0] usb 3-1: async_complete: urb error -104 [ 406.304761][ C0] dummy_hcd dummy_hcd.2: timer fired with no URBs pending? [ 406.304813][ T9] uss720 3-1:0.125: probe with driver uss720 failed with error -5 [ 407.642538][ T8134] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -12 [ 407.642585][ T8134] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -12 [ 407.642612][ T8134] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 407.660033][ T37] audit: type=1800 audit(1761203896.046:78): pid=8134 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.559" name="regulatory.db" dev="sda1" ino=448 res=0 errno=0 [ 407.959214][ T5802] Bluetooth: hci4: command tx timeout [ 408.043686][ T8134] syz.2.559 (8134) used greatest stack depth: 16200 bytes left [ 409.157272][ T1433] hsr_slave_0: left promiscuous mode [ 409.263505][ T1433] hsr_slave_1: left promiscuous mode [ 409.264498][ T1433] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 409.321948][ T1433] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 410.029199][ T5802] Bluetooth: hci4: command tx timeout [ 412.107761][ T1243] usb 3-1: USB disconnect, device number 4 [ 412.118160][ T5802] Bluetooth: hci4: command tx timeout [ 420.147059][ T8201] netlink: 'syz.1.577': attribute type 4 has an invalid length. [ 420.147081][ T8201] netlink: 17 bytes leftover after parsing attributes in process `syz.1.577'. [ 432.929683][ T1433] team0 (unregistering): Port device team_slave_1 removed [ 433.128660][ T1433] team0 (unregistering): Port device team_slave_0 removed [ 437.057176][ T8271] FAT-fs (loop7): unable to read boot sector [ 438.869729][ T8282] netlink: 'syz.4.596': attribute type 4 has an invalid length. [ 440.193046][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.196438][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 443.735300][ T8310] FAT-fs (loop7): unable to read boot sector [ 444.541109][ T5813] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 444.549100][ T5813] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 444.551985][ T5813] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 444.553104][ T5813] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 444.553846][ T5813] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 444.605465][ T5813] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 444.614976][ T5813] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 444.616550][ T5813] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 444.618479][ T5813] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 444.621866][ T5813] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 446.590462][ T5813] Bluetooth: hci5: command tx timeout [ 447.008099][ T5813] Bluetooth: hci6: command tx timeout [ 448.678173][ T5813] Bluetooth: hci5: command tx timeout [ 450.200242][ T5813] Bluetooth: hci6: command tx timeout [ 451.130492][ T5813] Bluetooth: hci5: command tx timeout [ 452.355221][ T5813] Bluetooth: hci6: command tx timeout [ 453.419079][ T5813] Bluetooth: hci5: command tx timeout [ 453.485382][ T8367] netlink: 'syz.3.612': attribute type 4 has an invalid length. [ 453.694616][ T8370] netlink: 88 bytes leftover after parsing attributes in process `syz.4.614'. [ 454.048954][ T8109] chnl_net:caif_netlink_parms(): no params data found [ 454.857631][ T5813] Bluetooth: hci6: command tx timeout [ 457.027079][ T8262] chnl_net:caif_netlink_parms(): no params data found [ 457.041349][ T8298] chnl_net:caif_netlink_parms(): no params data found [ 458.693124][ T8416] netlink: 'syz.4.622': attribute type 4 has an invalid length. [ 458.863350][ T8423] netlink: 52 bytes leftover after parsing attributes in process `syz.3.623'. [ 459.079185][ T8109] bridge0: port 1(bridge_slave_0) entered blocking state [ 459.079309][ T8109] bridge0: port 1(bridge_slave_0) entered disabled state [ 459.079482][ T8109] bridge_slave_0: entered allmulticast mode [ 459.082008][ T8109] bridge_slave_0: entered promiscuous mode [ 459.214591][ T37] audit: type=1326 audit(1761203947.616:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8427 comm="syz.4.624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46162cefc9 code=0x7ffc0000 [ 459.214765][ T37] audit: type=1326 audit(1761203947.616:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8427 comm="syz.4.624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46162cefc9 code=0x7ffc0000 [ 459.215253][ T37] audit: type=1326 audit(1761203947.616:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8427 comm="syz.4.624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f46162cefc9 code=0x7ffc0000 [ 459.215676][ T37] audit: type=1326 audit(1761203947.616:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8427 comm="syz.4.624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46162cefc9 code=0x7ffc0000 [ 459.215803][ T37] audit: type=1326 audit(1761203947.616:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8427 comm="syz.4.624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46162cefc9 code=0x7ffc0000 [ 459.216220][ T37] audit: type=1326 audit(1761203947.616:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8427 comm="syz.4.624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f46162cefc9 code=0x7ffc0000 [ 459.216841][ T37] audit: type=1326 audit(1761203947.616:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8427 comm="syz.4.624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46162cefc9 code=0x7ffc0000 [ 459.216997][ T37] audit: type=1326 audit(1761203947.616:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8427 comm="syz.4.624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46162cefc9 code=0x7ffc0000 [ 459.231332][ T37] audit: type=1326 audit(1761203947.636:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8427 comm="syz.4.624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f46162cefc9 code=0x7ffc0000 [ 459.231660][ T37] audit: type=1326 audit(1761203947.636:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8427 comm="syz.4.624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46162cefc9 code=0x7ffc0000 [ 459.555369][ T8109] bridge0: port 2(bridge_slave_1) entered blocking state [ 459.555487][ T8109] bridge0: port 2(bridge_slave_1) entered disabled state [ 459.555808][ T8109] bridge_slave_1: entered allmulticast mode [ 459.557482][ T8109] bridge_slave_1: entered promiscuous mode [ 463.283953][ T1433] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 463.499259][ T8262] bridge0: port 1(bridge_slave_0) entered blocking state [ 463.500599][ T8262] bridge0: port 1(bridge_slave_0) entered disabled state [ 463.500937][ T8262] bridge_slave_0: entered allmulticast mode [ 463.528920][ T8262] bridge_slave_0: entered promiscuous mode [ 463.556047][ T8471] netlink: 'syz.3.631': attribute type 4 has an invalid length. [ 463.696043][ T5802] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 463.718380][ T5802] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 463.720278][ T5802] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 463.721490][ T5802] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 463.722718][ T5802] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 463.872219][ T8298] bridge0: port 1(bridge_slave_0) entered blocking state [ 463.872353][ T8298] bridge0: port 1(bridge_slave_0) entered disabled state [ 463.872595][ T8298] bridge_slave_0: entered allmulticast mode [ 463.883927][ T8298] bridge_slave_0: entered promiscuous mode [ 463.893882][ T8262] bridge0: port 2(bridge_slave_1) entered blocking state [ 463.894010][ T8262] bridge0: port 2(bridge_slave_1) entered disabled state [ 463.894236][ T8262] bridge_slave_1: entered allmulticast mode [ 463.901758][ T8262] bridge_slave_1: entered promiscuous mode [ 465.687526][ T9] libceph: connect (1)[c::]:6789 error -101 [ 465.687718][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 465.690811][ T9] libceph: connect (1)[c::]:6789 error -101 [ 465.691002][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 465.729036][ T1433] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 465.788575][ T5802] Bluetooth: hci0: command tx timeout [ 465.954668][ T5875] libceph: connect (1)[c::]:6789 error -101 [ 465.954836][ T5875] libceph: mon0 (1)[c::]:6789 connect error [ 465.955243][ T8298] bridge0: port 2(bridge_slave_1) entered blocking state [ 465.955344][ T8298] bridge0: port 2(bridge_slave_1) entered disabled state [ 465.955562][ T8298] bridge_slave_1: entered allmulticast mode [ 465.966827][ T8485] ceph: No mds server is up or the cluster is laggy [ 465.971977][ T8298] bridge_slave_1: entered promiscuous mode [ 466.318235][ T1882] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 466.468134][ T1882] usb 5-1: Using ep0 maxpacket: 32 [ 466.472725][ T1882] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 466.472757][ T1882] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 466.472818][ T1882] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 466.472840][ T1882] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 466.540501][ T1882] usb 5-1: config 0 descriptor?? [ 466.962453][ T1433] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 467.007611][ T1882] savu 0003:1E7D:2D5A.0001: unknown main item tag 0x0 [ 467.007651][ T1882] savu 0003:1E7D:2D5A.0001: unknown main item tag 0x0 [ 467.007677][ T1882] savu 0003:1E7D:2D5A.0001: unknown main item tag 0x0 [ 467.007702][ T1882] savu 0003:1E7D:2D5A.0001: unknown main item tag 0x0 [ 467.007727][ T1882] savu 0003:1E7D:2D5A.0001: unknown main item tag 0x0 [ 467.007752][ T1882] savu 0003:1E7D:2D5A.0001: unknown main item tag 0x0 [ 467.007777][ T1882] savu 0003:1E7D:2D5A.0001: unknown main item tag 0x0 [ 467.007811][ T1882] savu 0003:1E7D:2D5A.0001: unknown main item tag 0x0 [ 467.635414][ T8262] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 467.642075][ T8298] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 467.682260][ T1882] savu 0003:1E7D:2D5A.0001: hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.4-1/input0 [ 467.700865][ T1882] usb 5-1: USB disconnect, device number 4 [ 467.753904][ T8262] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 467.780409][ T8298] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 467.869577][ T5802] Bluetooth: hci0: command tx timeout [ 467.969872][ T8512] fido_id[8512]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 468.180125][ T1433] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 468.590605][ T8518] FAT-fs (loop7): unable to read boot sector [ 469.958315][ T5802] Bluetooth: hci0: command tx timeout [ 471.917197][ T8532] netlink: 128 bytes leftover after parsing attributes in process `syz.3.643'. [ 472.000598][ T8262] team0: Port device team_slave_0 added [ 472.005377][ T8298] team0: Port device team_slave_0 added [ 472.028864][ T8262] team0: Port device team_slave_1 added [ 472.032474][ T8298] team0: Port device team_slave_1 added [ 472.263178][ T5802] Bluetooth: hci0: command tx timeout [ 473.873398][ T8556] netlink: 52 bytes leftover after parsing attributes in process `syz.3.647'. [ 476.256672][ T8262] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 476.256689][ T8262] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 476.256713][ T8262] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 476.301435][ T8298] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 476.301451][ T8298] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 476.301475][ T8298] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 476.368237][ T8262] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 476.368252][ T8262] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 476.368275][ T8262] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 476.420447][ T8298] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 476.420462][ T8298] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 476.420486][ T8298] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 476.548136][ T1243] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 476.698192][ T1243] usb 5-1: Using ep0 maxpacket: 32 [ 476.700550][ T1243] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 476.700582][ T1243] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 476.700621][ T1243] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 476.700643][ T1243] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 476.713463][ T1243] usb 5-1: config 0 descriptor?? [ 477.204335][ T1243] savu 0003:1E7D:2D5A.0002: unknown main item tag 0x0 [ 477.204371][ T1243] savu 0003:1E7D:2D5A.0002: unknown main item tag 0x0 [ 477.204398][ T1243] savu 0003:1E7D:2D5A.0002: unknown main item tag 0x0 [ 477.204424][ T1243] savu 0003:1E7D:2D5A.0002: unknown main item tag 0x0 [ 477.204450][ T1243] savu 0003:1E7D:2D5A.0002: unknown main item tag 0x0 [ 477.204476][ T1243] savu 0003:1E7D:2D5A.0002: unbalanced collection at end of report description [ 477.209412][ T1243] savu 0003:1E7D:2D5A.0002: parse failed [ 477.209487][ T1243] savu 0003:1E7D:2D5A.0002: probe with driver savu failed with error -22 [ 477.405816][ T1882] usb 5-1: USB disconnect, device number 5 [ 477.514879][ T8262] hsr_slave_0: entered promiscuous mode [ 477.516896][ T8262] hsr_slave_1: entered promiscuous mode [ 477.517885][ T8262] debugfs: 'hsr0' already exists in 'hsr' [ 477.517908][ T8262] Cannot create hsr debugfs directory [ 477.532919][ T8298] hsr_slave_0: entered promiscuous mode [ 477.534258][ T8298] hsr_slave_1: entered promiscuous mode [ 477.535191][ T8298] debugfs: 'hsr0' already exists in 'hsr' [ 477.535213][ T8298] Cannot create hsr debugfs directory [ 478.780894][ T1433] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 481.187481][ T1433] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 484.545605][ T1433] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 485.518644][ T8616] Bluetooth: MGMT ver 1.23 [ 485.602998][ T37] kauditd_printk_skb: 17 callbacks suppressed [ 485.603016][ T37] audit: type=1326 audit(1761203973.926:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8613 comm="syz.4.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46162cefc9 code=0x7ffc0000 [ 485.603067][ T37] audit: type=1326 audit(1761203973.926:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8613 comm="syz.4.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f46162cefc9 code=0x7ffc0000 [ 485.603106][ T37] audit: type=1326 audit(1761203973.926:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8613 comm="syz.4.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46162cefc9 code=0x7ffc0000 [ 485.603145][ T37] audit: type=1326 audit(1761203973.926:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8613 comm="syz.4.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f46162cefc9 code=0x7ffc0000 [ 485.603185][ T37] audit: type=1326 audit(1761203973.926:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8613 comm="syz.4.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46162cefc9 code=0x7ffc0000 [ 485.603223][ T37] audit: type=1326 audit(1761203973.926:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8613 comm="syz.4.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f46162cefc9 code=0x7ffc0000 [ 485.603274][ T37] audit: type=1326 audit(1761203973.926:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8613 comm="syz.4.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46162cefc9 code=0x7ffc0000 [ 485.603314][ T37] audit: type=1326 audit(1761203973.936:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8613 comm="syz.4.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f46162cefc9 code=0x7ffc0000 [ 485.603357][ T37] audit: type=1326 audit(1761203973.936:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8613 comm="syz.4.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46162cefc9 code=0x7ffc0000 [ 485.603396][ T37] audit: type=1326 audit(1761203973.936:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8613 comm="syz.4.664" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f46162cefc9 code=0x7ffc0000 [ 488.283940][ T1433] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 488.504272][ T8627] FAT-fs (loop9): unable to read boot sector [ 489.496828][ T8473] chnl_net:caif_netlink_parms(): no params data found [ 495.796921][ T8473] bridge0: port 1(bridge_slave_0) entered blocking state [ 495.797156][ T8473] bridge0: port 1(bridge_slave_0) entered disabled state [ 495.797379][ T8473] bridge_slave_0: entered allmulticast mode [ 495.808837][ T8473] bridge_slave_0: entered promiscuous mode [ 495.958972][ T8473] bridge0: port 2(bridge_slave_1) entered blocking state [ 495.959102][ T8473] bridge0: port 2(bridge_slave_1) entered disabled state [ 495.959689][ T8473] bridge_slave_1: entered allmulticast mode [ 496.313037][ T8473] bridge_slave_1: entered promiscuous mode [ 496.326890][ T5813] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 496.330459][ T5813] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 496.332969][ T5813] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 496.334470][ T5813] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 496.335259][ T5813] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 498.543765][ T5813] Bluetooth: hci2: command tx timeout [ 499.022103][ T8473] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 499.073954][ T8473] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 500.183994][ T8702] netlink: 'syz.4.681': attribute type 1 has an invalid length. [ 500.289889][ T8704] netlink: 44 bytes leftover after parsing attributes in process `syz.4.681'. [ 500.317426][ T1433] batadv1: left allmulticast mode [ 500.317636][ T1433] batadv1: left promiscuous mode [ 500.317880][ T1433] bridge0: port 3(batadv1) entered disabled state [ 500.532672][ T1433] bridge_slave_1: left allmulticast mode [ 500.532702][ T1433] bridge_slave_1: left promiscuous mode [ 500.533111][ T1433] bridge0: port 2(bridge_slave_1) entered disabled state [ 500.588584][ T5813] Bluetooth: hci2: command tx timeout [ 501.489489][ T1433] bridge_slave_0: left allmulticast mode [ 501.489518][ T1433] bridge_slave_0: left promiscuous mode [ 501.489762][ T1433] bridge0: port 1(bridge_slave_0) entered disabled state [ 501.562635][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.562723][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.572422][ T1433] bridge_slave_1: left allmulticast mode [ 501.572455][ T1433] bridge_slave_1: left promiscuous mode [ 501.572687][ T1433] bridge0: port 2(bridge_slave_1) entered disabled state [ 501.619168][ T1433] bridge_slave_0: left allmulticast mode [ 501.619187][ T1433] bridge_slave_0: left promiscuous mode [ 501.619361][ T1433] bridge0: port 1(bridge_slave_0) entered disabled state [ 501.681104][ T1433] bridge_slave_1: left allmulticast mode [ 501.681125][ T1433] bridge_slave_1: left promiscuous mode [ 501.681275][ T1433] bridge0: port 2(bridge_slave_1) entered disabled state [ 501.719085][ T1433] bridge_slave_0: left allmulticast mode [ 501.719106][ T1433] bridge_slave_0: left promiscuous mode [ 501.719286][ T1433] bridge0: port 1(bridge_slave_0) entered disabled state [ 502.680854][ T5813] Bluetooth: hci2: command tx timeout [ 502.821720][ T5802] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 502.825550][ T5802] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 502.826605][ T5802] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 502.827602][ T5802] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 502.828889][ T5802] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 503.609552][ T1433] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 503.688728][ T1433] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 503.750201][ T1433] bond0 (unregistering): Released all slaves [ 504.748476][ T5802] Bluetooth: hci2: command tx timeout [ 504.908137][ T5802] Bluetooth: hci4: command tx timeout [ 505.208620][ T1433] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 505.290735][ T1433] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 505.310235][ T1433] bond0 (unregistering): Released all slaves [ 505.438686][ T1433] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 505.518828][ T1433] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 505.590247][ T1433] bond0 (unregistering): Released all slaves [ 505.630899][ T8702] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 507.012099][ T5802] Bluetooth: hci4: command tx timeout [ 508.543161][ T8473] team0: Port device team_slave_0 added [ 508.569044][ T8473] team0: Port device team_slave_1 added [ 508.580613][ T8734] netlink: 28 bytes leftover after parsing attributes in process `syz.3.688'. [ 509.068185][ T5802] Bluetooth: hci4: command tx timeout [ 509.311779][ T8473] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 509.311794][ T8473] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 509.311814][ T8473] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 510.196013][ T8741] netlink: 'syz.3.690': attribute type 1 has an invalid length. [ 510.352423][ T8741] 8021q: adding VLAN 0 to HW filter on device bond1 [ 510.354091][ T8473] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 510.354104][ T8473] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 510.354128][ T8473] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 510.369562][ T8741] netlink: 44 bytes leftover after parsing attributes in process `syz.3.690'. [ 511.587587][ T5802] Bluetooth: hci4: command tx timeout [ 512.663552][ T8745] bond1: (slave wlan0): Opening slave failed [ 517.261101][ T992] libceph: connect (1)[c::]:6789 error -101 [ 517.261300][ T992] libceph: mon0 (1)[c::]:6789 connect error [ 517.469111][ T8768] ceph: No mds server is up or the cluster is laggy [ 517.521310][ T992] libceph: connect (1)[c::]:6789 error -101 [ 517.522927][ T992] libceph: mon0 (1)[c::]:6789 connect error [ 518.322977][ T8782] netlink: 28 bytes leftover after parsing attributes in process `syz.4.697'. [ 518.597675][ T8473] hsr_slave_0: entered promiscuous mode [ 518.601892][ T8473] hsr_slave_1: entered promiscuous mode [ 518.602970][ T8473] debugfs: 'hsr0' already exists in 'hsr' [ 518.602991][ T8473] Cannot create hsr debugfs directory [ 519.295836][ T8790] netlink: 'syz.3.699': attribute type 1 has an invalid length. [ 520.140348][ T8790] 8021q: adding VLAN 0 to HW filter on device bond2 [ 520.229501][ T8792] bond2: (slave wlan0): Opening slave failed [ 520.251796][ T8790] netlink: 44 bytes leftover after parsing attributes in process `syz.3.699'. [ 520.959460][ T8810] netlink: 'syz.4.700': attribute type 4 has an invalid length. [ 520.959531][ T8810] netlink: 17 bytes leftover after parsing attributes in process `syz.4.700'. [ 521.738096][ T1433] hsr_slave_0: left promiscuous mode [ 521.778131][ T1433] hsr_slave_1: left promiscuous mode [ 521.779889][ T1433] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 521.779906][ T1433] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 521.818790][ T1433] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 521.818830][ T1433] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 521.978433][ T1433] hsr_slave_0: left promiscuous mode [ 521.998171][ T1433] hsr_slave_1: left promiscuous mode [ 521.998873][ T1433] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 521.998888][ T1433] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 522.058976][ T1433] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 522.059002][ T1433] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 522.178492][ T1433] veth1_macvtap: left promiscuous mode [ 522.178558][ T1433] veth0_macvtap: left promiscuous mode [ 522.178700][ T1433] veth1_vlan: left promiscuous mode [ 522.178805][ T1433] veth0_vlan: left promiscuous mode [ 522.278397][ T1433] veth1_macvtap: left promiscuous mode [ 522.278461][ T1433] veth0_macvtap: left promiscuous mode [ 522.278601][ T1433] veth1_vlan: left promiscuous mode [ 522.278700][ T1433] veth0_vlan: left promiscuous mode [ 522.917441][ T5813] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 522.965010][ T5813] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 522.966464][ T5813] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 522.971107][ T5813] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 522.971894][ T5813] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 524.708981][ T1433] team0 (unregistering): Port device team_slave_1 removed [ 524.938922][ T1433] team0 (unregistering): Port device team_slave_0 removed [ 524.997642][ T5802] Bluetooth: hci5: command tx timeout [ 527.072886][ T5802] Bluetooth: hci5: command tx timeout [ 529.148119][ T5802] Bluetooth: hci5: command tx timeout [ 529.238765][ T1433] team0 (unregistering): Port device team_slave_1 removed [ 529.448684][ T1433] team0 (unregistering): Port device team_slave_0 removed [ 531.238206][ T5802] Bluetooth: hci5: command tx timeout [ 531.938590][ T1433] team0 (unregistering): Port device team_slave_1 removed [ 532.058682][ T1433] team0 (unregistering): Port device team_slave_0 removed [ 532.838001][ T8662] chnl_net:caif_netlink_parms(): no params data found [ 535.883617][ T8710] chnl_net:caif_netlink_parms(): no params data found [ 536.172950][ T8841] netlink: 28 bytes leftover after parsing attributes in process `syz.4.705'. [ 538.553940][ T8851] netlink: 'syz.4.708': attribute type 1 has an invalid length. [ 538.666604][ T8855] netlink: 44 bytes leftover after parsing attributes in process `syz.4.708'. [ 538.734788][ T8851] 8021q: adding VLAN 0 to HW filter on device bond1 [ 538.743971][ T8853] bond1: (slave wlan0): Opening slave failed [ 541.854443][ T8662] bridge0: port 1(bridge_slave_0) entered blocking state [ 541.854587][ T8662] bridge0: port 1(bridge_slave_0) entered disabled state [ 541.854817][ T8662] bridge_slave_0: entered allmulticast mode [ 541.858671][ T8662] bridge_slave_0: entered promiscuous mode [ 542.867831][ T8869] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 542.869763][ T8869] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 544.939434][ T8873] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 544.939613][ T8873] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 545.005385][ T8662] bridge0: port 2(bridge_slave_1) entered blocking state [ 545.005518][ T8662] bridge0: port 2(bridge_slave_1) entered disabled state [ 545.005764][ T8662] bridge_slave_1: entered allmulticast mode [ 545.008610][ T8662] bridge_slave_1: entered promiscuous mode [ 545.306793][ T8710] bridge0: port 1(bridge_slave_0) entered blocking state [ 545.306942][ T8710] bridge0: port 1(bridge_slave_0) entered disabled state [ 545.307163][ T8710] bridge_slave_0: entered allmulticast mode [ 545.323315][ T8710] bridge_slave_0: entered promiscuous mode [ 545.570268][ T8710] bridge0: port 2(bridge_slave_1) entered blocking state [ 545.573616][ T8710] bridge0: port 2(bridge_slave_1) entered disabled state [ 545.573882][ T8710] bridge_slave_1: entered allmulticast mode [ 545.576658][ T8710] bridge_slave_1: entered promiscuous mode [ 545.585795][ T8662] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 545.848308][ T8880] netlink: 28 bytes leftover after parsing attributes in process `syz.4.713'. [ 546.665682][ T8662] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 546.709537][ T8884] netlink: 28 bytes leftover after parsing attributes in process `syz.3.714'. [ 548.209609][ T8710] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 548.924683][ T8895] netlink: 220 bytes leftover after parsing attributes in process `syz.3.716'. [ 549.285968][ T8710] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 549.288421][ T8662] team0: Port device team_slave_0 added [ 549.923750][ T8662] team0: Port device team_slave_1 added [ 555.985200][ T5813] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 556.009379][ T5813] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 556.023584][ T5813] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 556.046792][ T5813] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 556.047787][ T5813] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 556.135169][ T8710] team0: Port device team_slave_0 added [ 556.170594][ T8710] team0: Port device team_slave_1 added [ 557.348797][ T8710] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 557.348813][ T8710] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 557.348836][ T8710] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 557.359496][ T8710] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 557.359510][ T8710] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 557.359541][ T8710] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 558.194843][ T5813] Bluetooth: hci0: command tx timeout [ 560.470272][ T8710] hsr_slave_0: entered promiscuous mode [ 560.471815][ T8710] hsr_slave_1: entered promiscuous mode [ 560.503072][ T8812] chnl_net:caif_netlink_parms(): no params data found [ 560.578003][ T5813] Bluetooth: hci0: command tx timeout [ 562.588265][ T5813] Bluetooth: hci0: command tx timeout [ 563.042871][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.042971][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.771697][ T5802] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 563.791226][ T5802] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 563.793427][ T5802] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 563.794747][ T5802] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 563.795737][ T5802] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 563.886356][ T8812] bridge0: port 1(bridge_slave_0) entered blocking state [ 563.886501][ T8812] bridge0: port 1(bridge_slave_0) entered disabled state [ 563.886782][ T8812] bridge_slave_0: entered allmulticast mode [ 563.908586][ T8812] bridge_slave_0: entered promiscuous mode [ 563.981172][ T8812] bridge0: port 2(bridge_slave_1) entered blocking state [ 563.981310][ T8812] bridge0: port 2(bridge_slave_1) entered disabled state [ 563.981565][ T8812] bridge_slave_1: entered allmulticast mode [ 564.017341][ T8812] bridge_slave_1: entered promiscuous mode [ 564.644562][ T8812] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 564.668398][ T5813] Bluetooth: hci0: command tx timeout [ 564.699143][ T8812] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 565.276316][ T9002] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 565.278224][ T9002] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 565.900575][ T5813] Bluetooth: hci2: command tx timeout [ 566.521773][ T8812] team0: Port device team_slave_0 added [ 568.412686][ T5813] Bluetooth: hci2: command tx timeout [ 569.339033][ T8812] team0: Port device team_slave_1 added [ 569.382003][ T8922] chnl_net:caif_netlink_parms(): no params data found [ 569.444890][ T9] libceph: connect (1)[c::]:6789 error -101 [ 569.445094][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 569.445554][ T9] libceph: connect (1)[c::]:6789 error -101 [ 569.445729][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 569.651501][ T9030] ceph: No mds server is up or the cluster is laggy [ 569.698493][ T9] libceph: connect (1)[c::]:6789 error -101 [ 569.698707][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 570.428118][ T5802] Bluetooth: hci2: command tx timeout [ 571.198611][ T8812] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 571.198713][ T8812] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 571.198878][ T8812] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 571.824780][ T8812] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 571.824797][ T8812] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 571.824821][ T8812] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 571.943947][ T37] kauditd_printk_skb: 10 callbacks suppressed [ 571.943966][ T37] audit: type=1326 audit(1761204060.346:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9049 comm="syz.3.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1fa95efc9 code=0x7ffc0000 [ 571.946503][ T37] audit: type=1326 audit(1761204060.346:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9049 comm="syz.3.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1fa95efc9 code=0x7ffc0000 [ 571.988498][ T37] audit: type=1326 audit(1761204060.376:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9049 comm="syz.3.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7ff1fa95efc9 code=0x7ffc0000 [ 571.988554][ T37] audit: type=1326 audit(1761204060.376:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9049 comm="syz.3.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1fa95efc9 code=0x7ffc0000 [ 571.988593][ T37] audit: type=1326 audit(1761204060.376:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9049 comm="syz.3.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7ff1fa95efc9 code=0x7ffc0000 [ 571.988633][ T37] audit: type=1326 audit(1761204060.376:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9049 comm="syz.3.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1fa95efc9 code=0x7ffc0000 [ 571.988673][ T37] audit: type=1326 audit(1761204060.376:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9049 comm="syz.3.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1fa95efc9 code=0x7ffc0000 [ 571.988712][ T37] audit: type=1326 audit(1761204060.386:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9049 comm="syz.3.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7ff1fa95efc9 code=0x7ffc0000 [ 571.988751][ T37] audit: type=1326 audit(1761204060.386:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9049 comm="syz.3.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1fa95efc9 code=0x7ffc0000 [ 571.988790][ T37] audit: type=1326 audit(1761204060.386:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9049 comm="syz.3.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1fa95efc9 code=0x7ffc0000 [ 573.569286][ T5802] Bluetooth: hci2: command tx timeout [ 575.789910][ T8812] hsr_slave_0: entered promiscuous mode [ 575.791547][ T8812] hsr_slave_1: entered promiscuous mode [ 575.792526][ T8812] debugfs: 'hsr0' already exists in 'hsr' [ 575.792550][ T8812] Cannot create hsr debugfs directory [ 575.793368][ T8922] bridge0: port 1(bridge_slave_0) entered blocking state [ 575.793576][ T8922] bridge0: port 1(bridge_slave_0) entered disabled state [ 575.793782][ T8922] bridge_slave_0: entered allmulticast mode [ 575.796537][ T8922] bridge_slave_0: entered promiscuous mode [ 576.083343][ T8922] bridge0: port 2(bridge_slave_1) entered blocking state [ 576.083495][ T8922] bridge0: port 2(bridge_slave_1) entered disabled state [ 576.083735][ T8922] bridge_slave_1: entered allmulticast mode [ 576.086635][ T8922] bridge_slave_1: entered promiscuous mode [ 579.141282][ T9078] netlink: 'syz.3.749': attribute type 1 has an invalid length. [ 579.247853][ T9080] netlink: 44 bytes leftover after parsing attributes in process `syz.3.749'. [ 580.169089][ T9078] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR [ 580.430371][ T9085] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 580.432152][ T9085] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 580.977146][ T8922] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 581.497272][ T8922] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 583.763739][ T8922] team0: Port device team_slave_0 added [ 583.826037][ T8922] team0: Port device team_slave_1 added [ 586.036292][ T8922] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 586.036392][ T8922] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 586.038949][ T8922] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 586.353327][ T8987] chnl_net:caif_netlink_parms(): no params data found [ 586.386837][ T8922] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 586.386852][ T8922] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 586.386877][ T8922] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 589.019642][ T5813] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 589.203738][ T5813] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 590.015279][ T5813] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 590.063078][ T5813] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 590.078785][ T5813] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 593.313218][ T5813] Bluetooth: hci4: command tx timeout [ 596.214798][ T5813] Bluetooth: hci4: command tx timeout [ 598.506538][ T1408] Bluetooth: hci5: Frame reassembly failed (-84) [ 598.920525][ T5802] Bluetooth: hci4: command tx timeout [ 599.939347][ T8922] hsr_slave_0: entered promiscuous mode [ 599.940802][ T8922] hsr_slave_1: entered promiscuous mode [ 599.941822][ T8922] debugfs: 'hsr0' already exists in 'hsr' [ 599.941846][ T8922] Cannot create hsr debugfs directory [ 600.471358][ T8987] bridge0: port 1(bridge_slave_0) entered blocking state [ 600.471590][ T8987] bridge0: port 1(bridge_slave_0) entered disabled state [ 600.471849][ T8987] bridge_slave_0: entered allmulticast mode [ 600.476887][ T8987] bridge_slave_0: entered promiscuous mode [ 600.509253][ T5802] Bluetooth: hci5: command 0x1003 tx timeout [ 600.509286][ T5813] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 600.752497][ T8987] bridge0: port 2(bridge_slave_1) entered blocking state [ 600.752668][ T8987] bridge0: port 2(bridge_slave_1) entered disabled state [ 600.752928][ T8987] bridge_slave_1: entered allmulticast mode [ 600.755748][ T8987] bridge_slave_1: entered promiscuous mode [ 600.989107][ T5813] Bluetooth: hci4: command tx timeout [ 601.320461][ T8987] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 601.385767][ T8987] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 605.089699][ T8987] team0: Port device team_slave_0 added [ 605.186434][ T8987] team0: Port device team_slave_1 added [ 606.413397][ T9214] serio: Serial port ptm0 [ 606.513604][ T8987] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 606.513619][ T8987] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 606.513642][ T8987] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 606.529172][ T8987] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 606.529188][ T8987] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 606.529215][ T8987] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 606.826733][ T9224] overlay: Unknown parameter '/' [ 606.883460][ T9224] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 606.982419][ T9228] FAT-fs (loop7): unable to read boot sector [ 610.043061][ T8987] hsr_slave_0: entered promiscuous mode [ 610.045088][ T8987] hsr_slave_1: entered promiscuous mode [ 610.046181][ T8987] debugfs: 'hsr0' already exists in 'hsr' [ 610.046202][ T8987] Cannot create hsr debugfs directory [ 610.086347][ T1433] bridge_slave_1: left allmulticast mode [ 610.086373][ T1433] bridge_slave_1: left promiscuous mode [ 610.086559][ T1433] bridge0: port 2(bridge_slave_1) entered disabled state [ 610.133136][ T1433] bridge_slave_0: left allmulticast mode [ 610.133157][ T1433] bridge_slave_0: left promiscuous mode [ 610.133323][ T1433] bridge0: port 1(bridge_slave_0) entered disabled state [ 610.214945][ T1433] bridge_slave_1: left allmulticast mode [ 610.214974][ T1433] bridge_slave_1: left promiscuous mode [ 610.215359][ T1433] bridge0: port 2(bridge_slave_1) entered disabled state [ 610.280232][ T1433] bridge_slave_0: left allmulticast mode [ 610.280261][ T1433] bridge_slave_0: left promiscuous mode [ 610.280524][ T1433] bridge0: port 1(bridge_slave_0) entered disabled state [ 610.352783][ T1433] bridge_slave_1: left allmulticast mode [ 610.352812][ T1433] bridge_slave_1: left promiscuous mode [ 610.353071][ T1433] bridge0: port 2(bridge_slave_1) entered disabled state [ 610.409368][ T1433] bridge_slave_0: left allmulticast mode [ 610.409389][ T1433] bridge_slave_0: left promiscuous mode [ 610.409681][ T1433] bridge0: port 1(bridge_slave_0) entered disabled state [ 610.474508][ T1433] bridge_slave_1: left allmulticast mode [ 610.474529][ T1433] bridge_slave_1: left promiscuous mode [ 610.474703][ T1433] bridge0: port 2(bridge_slave_1) entered disabled state [ 610.531762][ T1433] bridge_slave_0: left allmulticast mode [ 610.531782][ T1433] bridge_slave_0: left promiscuous mode [ 610.531960][ T1433] bridge0: port 1(bridge_slave_0) entered disabled state [ 610.592958][ T1433] bridge_slave_1: left allmulticast mode [ 610.592978][ T1433] bridge_slave_1: left promiscuous mode [ 610.593133][ T1433] bridge0: port 2(bridge_slave_1) entered disabled state [ 610.669535][ T1433] bridge_slave_0: left allmulticast mode [ 610.669555][ T1433] bridge_slave_0: left promiscuous mode [ 610.669798][ T1433] bridge0: port 1(bridge_slave_0) entered disabled state [ 610.741697][ T1433] bridge_slave_1: left allmulticast mode [ 610.741716][ T1433] bridge_slave_1: left promiscuous mode [ 610.741916][ T1433] bridge0: port 2(bridge_slave_1) entered disabled state [ 610.799696][ T1433] bridge_slave_0: left allmulticast mode [ 610.799725][ T1433] bridge_slave_0: left promiscuous mode [ 610.799963][ T1433] bridge0: port 1(bridge_slave_0) entered disabled state [ 612.619013][ T1433] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 612.680143][ T1433] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 612.860008][ T1433] bond0 (unregistering): Released all slaves [ 613.038868][ T1433] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 613.119202][ T1433] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 613.183173][ T1433] bond0 (unregistering): Released all slaves [ 613.418966][ T1433] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 613.509065][ T1433] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 613.551445][ T1433] bond0 (unregistering): Released all slaves [ 613.789432][ T1433] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 613.868813][ T1433] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 613.910071][ T1433] bond0 (unregistering): Released all slaves [ 614.288904][ T1433] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 614.371940][ T1433] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 614.435639][ T1433] bond0 (unregistering): Released all slaves [ 614.647018][ T1433] bond0 (unregistering): Released all slaves [ 615.757172][ T5802] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 615.803481][ T5802] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 615.808219][ T5802] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 615.811196][ T5802] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 615.860602][ T5802] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 616.121691][ T9133] chnl_net:caif_netlink_parms(): no params data found [ 616.867025][ T9281] FAT-fs (loop9): unable to read boot sector [ 620.602035][ T9293] overlayfs: failed to resolve './file1': -2 [ 621.246068][ T5813] Bluetooth: hci5: command tx timeout [ 623.625236][ T5802] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 623.637343][ T5802] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 623.650962][ T5802] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 623.652314][ T5802] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 623.653065][ T5802] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 623.840972][ T5802] Bluetooth: hci5: command tx timeout [ 624.220649][ T9133] bridge0: port 1(bridge_slave_0) entered blocking state [ 624.220821][ T9133] bridge0: port 1(bridge_slave_0) entered disabled state [ 624.221076][ T9133] bridge_slave_0: entered allmulticast mode [ 624.248189][ T9133] bridge_slave_0: entered promiscuous mode [ 624.295189][ T9133] bridge0: port 2(bridge_slave_1) entered blocking state [ 624.295380][ T9133] bridge0: port 2(bridge_slave_1) entered disabled state [ 624.295616][ T9133] bridge_slave_1: entered allmulticast mode [ 624.323390][ T9133] bridge_slave_1: entered promiscuous mode [ 624.744247][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.744322][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.932867][ T1433] hsr_slave_0: left promiscuous mode [ 624.975080][ T1433] hsr_slave_1: left promiscuous mode [ 624.976131][ T1433] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 625.021575][ T1433] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 625.263652][ T1433] hsr_slave_0: left promiscuous mode [ 625.298199][ T1433] hsr_slave_1: left promiscuous mode [ 625.299246][ T1433] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 625.329058][ T1433] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 625.538089][ T1433] hsr_slave_0: left promiscuous mode [ 625.558124][ T1433] hsr_slave_1: left promiscuous mode [ 625.559822][ T1433] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 625.598547][ T1433] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 625.768041][ T1433] hsr_slave_0: left promiscuous mode [ 625.788910][ T1433] hsr_slave_1: left promiscuous mode [ 625.791225][ T1433] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 625.828635][ T1433] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 625.868187][ T5813] Bluetooth: hci5: command tx timeout [ 625.948745][ T5813] Bluetooth: hci6: command tx timeout [ 627.799986][ T9322] serio: Serial port ptm0 [ 627.948297][ T5813] Bluetooth: hci5: command tx timeout [ 628.609876][ T5813] Bluetooth: hci6: command tx timeout [ 628.724620][ T9328] netlink: 12 bytes leftover after parsing attributes in process `syz.4.799'. [ 628.888898][ T1433] team0 (unregistering): Port device team_slave_1 removed [ 629.979077][ T1433] team0 (unregistering): Port device team_slave_0 removed [ 630.668017][ T5813] Bluetooth: hci6: command tx timeout [ 631.099461][ T1433] team0 (unregistering): Port device team_slave_1 removed [ 631.228758][ T1433] team0 (unregistering): Port device team_slave_0 removed [ 631.980608][ T1433] team0 (unregistering): Port device team_slave_1 removed [ 632.090557][ T1433] team0 (unregistering): Port device team_slave_0 removed [ 632.768737][ T5802] Bluetooth: hci6: command tx timeout [ 633.028612][ T1433] team0 (unregistering): Port device team_slave_1 removed [ 633.138809][ T1433] team0 (unregistering): Port device team_slave_0 removed [ 634.138763][ T1433] team0 (unregistering): Port device team_slave_1 removed [ 634.268712][ T1433] team0 (unregistering): Port device team_slave_0 removed [ 635.794441][ T37] kauditd_printk_skb: 13 callbacks suppressed [ 635.794458][ T37] audit: type=1326 audit(1761204124.196:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9345 comm="syz.4.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46162cefc9 code=0x7ffc0000 [ 635.794762][ T37] audit: type=1326 audit(1761204124.196:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9345 comm="syz.4.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46162cefc9 code=0x7ffc0000 [ 635.795398][ T37] audit: type=1326 audit(1761204124.196:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9345 comm="syz.4.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f46162cefc9 code=0x7ffc0000 [ 635.795524][ T37] audit: type=1326 audit(1761204124.196:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9345 comm="syz.4.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46162cefc9 code=0x7ffc0000 [ 635.795675][ T37] audit: type=1326 audit(1761204124.196:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9345 comm="syz.4.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46162cefc9 code=0x7ffc0000 [ 635.796014][ T37] audit: type=1326 audit(1761204124.196:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9345 comm="syz.4.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f46162cefc9 code=0x7ffc0000 [ 635.803492][ T37] audit: type=1326 audit(1761204124.206:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9345 comm="syz.4.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46162cefc9 code=0x7ffc0000 [ 635.803544][ T37] audit: type=1326 audit(1761204124.206:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9345 comm="syz.4.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46162cefc9 code=0x7ffc0000 [ 635.803588][ T37] audit: type=1326 audit(1761204124.206:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9345 comm="syz.4.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f46162cefc9 code=0x7ffc0000 [ 635.837582][ T37] audit: type=1326 audit(1761204124.206:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9345 comm="syz.4.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46162cefc9 code=0x7ffc0000 [ 635.853889][ T9133] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 635.884931][ T9133] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 636.290199][ T9133] team0: Port device team_slave_0 added [ 636.371489][ T9133] team0: Port device team_slave_1 added [ 636.952378][ T9133] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 636.952395][ T9133] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 636.952419][ T9133] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 638.095957][ T9133] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 638.095973][ T9133] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 638.095998][ T9133] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 638.732064][ T9133] hsr_slave_0: entered promiscuous mode [ 638.734510][ T9133] hsr_slave_1: entered promiscuous mode [ 640.982778][ T9273] chnl_net:caif_netlink_parms(): no params data found [ 642.242469][ T9391] netlink: 12 bytes leftover after parsing attributes in process `syz.4.810'. [ 642.314607][ T9300] chnl_net:caif_netlink_parms(): no params data found [ 650.796955][ T9273] bridge0: port 1(bridge_slave_0) entered blocking state [ 650.797258][ T9273] bridge0: port 1(bridge_slave_0) entered disabled state [ 650.797437][ T9273] bridge_slave_0: entered allmulticast mode [ 650.812867][ T9273] bridge_slave_0: entered promiscuous mode [ 650.851186][ T9273] bridge0: port 2(bridge_slave_1) entered blocking state [ 650.851270][ T9273] bridge0: port 2(bridge_slave_1) entered disabled state [ 650.851425][ T9273] bridge_slave_1: entered allmulticast mode [ 650.871813][ T9273] bridge_slave_1: entered promiscuous mode [ 651.112233][ T5813] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 651.125899][ T5813] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 651.127182][ T5813] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 651.129336][ T5813] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 651.130223][ T5813] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 653.448286][ T5813] Bluetooth: hci0: command tx timeout [ 655.488296][ T5813] Bluetooth: hci0: command tx timeout [ 657.130021][ T9446] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 657.881090][ T5813] Bluetooth: hci0: command tx timeout [ 658.538051][ T9455] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 659.074197][ T9273] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 659.316172][ T9273] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 659.331808][ T9300] bridge0: port 1(bridge_slave_0) entered blocking state [ 659.332057][ T9300] bridge0: port 1(bridge_slave_0) entered disabled state [ 659.332327][ T9300] bridge_slave_0: entered allmulticast mode [ 659.335356][ T9300] bridge_slave_0: entered promiscuous mode [ 659.579688][ T9300] bridge0: port 2(bridge_slave_1) entered blocking state [ 659.579779][ T9300] bridge0: port 2(bridge_slave_1) entered disabled state [ 659.579946][ T9300] bridge_slave_1: entered allmulticast mode [ 659.582514][ T9300] bridge_slave_1: entered promiscuous mode [ 659.758008][ T5911] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 659.890478][ T9273] team0: Port device team_slave_0 added [ 659.918001][ T5911] usb 5-1: Using ep0 maxpacket: 16 [ 659.921990][ T5911] usb 5-1: config index 0 descriptor too short (expected 16456, got 72) [ 659.922018][ T5911] usb 5-1: config 0 has an invalid interface number: 125 but max is 1 [ 659.922050][ T5911] usb 5-1: config 0 has an invalid interface number: 125 but max is 1 [ 659.922069][ T5911] usb 5-1: config 0 has an invalid interface number: 125 but max is 1 [ 659.922088][ T5911] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 659.922108][ T5911] usb 5-1: config 0 has no interface number 0 [ 659.922154][ T5911] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 659.922182][ T5911] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 659.922211][ T5911] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 659.922247][ T5911] usb 5-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 659.922273][ T5911] usb 5-1: config 0 interface 125 has no altsetting 0 [ 659.922291][ T5911] usb 5-1: config 0 interface 125 has no altsetting 2 [ 659.926137][ T5911] usb 5-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 659.926165][ T5911] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 659.926183][ T5911] usb 5-1: Product: syz [ 659.926195][ T5911] usb 5-1: Manufacturer: syz [ 659.926204][ T5911] usb 5-1: SerialNumber: syz [ 659.948381][ T5813] Bluetooth: hci0: command tx timeout [ 660.099509][ T5911] usb 5-1: config 0 descriptor?? [ 660.156157][ T5911] usb 5-1: selecting invalid altsetting 2 [ 663.783340][ T9273] team0: Port device team_slave_1 added [ 663.906698][ T5911] get_1284_register timeout [ 663.906780][ T5911] uss720 5-1:0.125: probe with driver uss720 failed with error -5 [ 664.565465][ C1] usb 5-1: async_complete: urb error -104 [ 664.565567][ C1] usb 5-1: async_complete: urb error -104 [ 664.565648][ C1] usb 5-1: async_complete: urb error -104 [ 664.565726][ C1] usb 5-1: async_complete: urb error -104 [ 664.842681][ T1882] usb 5-1: USB disconnect, device number 6 [ 666.051047][ T9300] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 667.312637][ T9300] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 669.131005][ T5911] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 669.547510][ T5911] usb 5-1: Using ep0 maxpacket: 16 [ 669.562226][ T5911] usb 5-1: config index 0 descriptor too short (expected 16456, got 72) [ 669.562256][ T5911] usb 5-1: config 0 has an invalid interface number: 125 but max is 1 [ 669.562276][ T5911] usb 5-1: config 0 has an invalid interface number: 125 but max is 1 [ 669.562295][ T5911] usb 5-1: config 0 has an invalid interface number: 125 but max is 1 [ 669.562315][ T5911] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 669.562335][ T5911] usb 5-1: config 0 has no interface number 0 [ 669.562382][ T5911] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 669.562410][ T5911] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 669.562432][ T5911] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 669.562467][ T5911] usb 5-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 669.562493][ T5911] usb 5-1: config 0 interface 125 has no altsetting 0 [ 669.562511][ T5911] usb 5-1: config 0 interface 125 has no altsetting 2 [ 669.678559][ T5911] usb 5-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 669.678596][ T5911] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 669.678615][ T5911] usb 5-1: Product: syz [ 669.678629][ T5911] usb 5-1: Manufacturer: syz [ 669.678643][ T5911] usb 5-1: SerialNumber: syz [ 669.730295][ T9273] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 669.730311][ T9273] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 669.730336][ T9273] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 669.930572][ T5911] usb 5-1: config 0 descriptor?? [ 670.105685][ T5911] usb 5-1: selecting invalid altsetting 2 [ 671.896956][ T5911] get_1284_register timeout [ 671.897025][ T5911] uss720 5-1:0.125: probe with driver uss720 failed with error -5 [ 671.897115][ C1] usb 5-1: async_complete: urb error -104 [ 671.897198][ C1] usb 5-1: async_complete: urb error -104 [ 671.897270][ C1] usb 5-1: async_complete: urb error -104 [ 671.939544][ T9273] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 671.939561][ T9273] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 671.939587][ T9273] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 671.962860][ T9300] team0: Port device team_slave_0 added [ 672.060178][ T9300] team0: Port device team_slave_1 added [ 673.322270][ T5911] usb 5-1: USB disconnect, device number 7 [ 676.433120][ T9300] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 676.433142][ T9300] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 676.433168][ T9300] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 676.464536][ T5802] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 676.484431][ T5802] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 676.485727][ T5802] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 676.489241][ T5802] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 676.492572][ T5802] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 676.843038][ T9300] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 676.843062][ T9300] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 676.843092][ T9300] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 678.508183][ T5813] Bluetooth: hci2: command tx timeout [ 678.600455][ T9300] hsr_slave_0: entered promiscuous mode [ 678.613713][ T9300] hsr_slave_1: entered promiscuous mode [ 678.617688][ T9300] debugfs: 'hsr0' already exists in 'hsr' [ 678.617713][ T9300] Cannot create hsr debugfs directory [ 681.392979][ T5813] Bluetooth: hci2: command tx timeout [ 683.470157][ T5813] Bluetooth: hci2: command tx timeout [ 685.174713][ T5802] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 685.204282][ T5802] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 685.212614][ T5802] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 685.226749][ T5802] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 685.227565][ T5802] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 685.253240][ T1882] libceph: connect (1)[c::]:6789 error -101 [ 685.253416][ T1882] libceph: mon0 (1)[c::]:6789 connect error [ 685.554806][ T5802] Bluetooth: hci2: command tx timeout [ 685.687501][ T1882] libceph: connect (1)[c::]:6789 error -101 [ 685.688497][ T9566] ceph: No mds server is up or the cluster is laggy [ 685.689169][ T1882] libceph: mon0 (1)[c::]:6789 connect error [ 685.928868][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.928957][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.915270][ T9590] FAT-fs (loop7): unable to read boot sector [ 688.263152][ T9591] netlink: 28 bytes leftover after parsing attributes in process `syz.4.857'. [ 688.263332][ T5802] Bluetooth: hci4: command tx timeout [ 688.303266][ T9591] tipc: Started in network mode [ 688.303302][ T9591] tipc: Node identity ac14141b, cluster identity 4711 [ 688.305015][ T9591] tipc: New replicast peer: 255.255.255.255 [ 688.307246][ T9591] tipc: Enabled bearer , priority 10 [ 688.329156][ T9423] chnl_net:caif_netlink_parms(): no params data found [ 688.857389][ T9597] serio: Serial port ptm0 [ 689.412775][ T1243] tipc: Node number set to 2886997019 [ 690.534083][ T5802] Bluetooth: hci4: command tx timeout [ 690.605338][ T1243] libceph: connect (1)[c::]:6789 error -101 [ 690.605534][ T1243] libceph: mon0 (1)[c::]:6789 connect error [ 690.923134][ T9609] ceph: No mds server is up or the cluster is laggy [ 690.942646][ T1243] libceph: connect (1)[c::]:6789 error -101 [ 690.981416][ T1243] libceph: mon0 (1)[c::]:6789 connect error [ 691.441273][ T1433] bridge_slave_1: left allmulticast mode [ 691.441301][ T1433] bridge_slave_1: left promiscuous mode [ 691.441563][ T1433] bridge0: port 2(bridge_slave_1) entered disabled state [ 693.546343][ T5802] Bluetooth: hci4: command tx timeout [ 693.632714][ T1433] bridge_slave_0: left allmulticast mode [ 693.632742][ T1433] bridge_slave_0: left promiscuous mode [ 693.633019][ T1433] bridge0: port 1(bridge_slave_0) entered disabled state [ 694.669908][ T1433] bridge_slave_1: left allmulticast mode [ 694.669938][ T1433] bridge_slave_1: left promiscuous mode [ 694.670250][ T1433] bridge0: port 2(bridge_slave_1) entered disabled state [ 694.728879][ T1433] bridge_slave_0: left allmulticast mode [ 694.728898][ T1433] bridge_slave_0: left promiscuous mode [ 694.729054][ T1433] bridge0: port 1(bridge_slave_0) entered disabled state [ 694.830996][ T1433] bridge_slave_1: left allmulticast mode [ 694.831015][ T1433] bridge_slave_1: left promiscuous mode [ 694.831162][ T1433] bridge0: port 2(bridge_slave_1) entered disabled state [ 694.899099][ T1433] bridge_slave_0: left allmulticast mode [ 694.899125][ T1433] bridge_slave_0: left promiscuous mode [ 694.899377][ T1433] bridge0: port 1(bridge_slave_0) entered disabled state [ 694.975400][ T1433] bridge_slave_1: left allmulticast mode [ 694.975430][ T1433] bridge_slave_1: left promiscuous mode [ 694.975588][ T1433] bridge0: port 2(bridge_slave_1) entered disabled state [ 695.029038][ T1433] bridge_slave_0: left allmulticast mode [ 695.029065][ T1433] bridge_slave_0: left promiscuous mode [ 695.029225][ T1433] bridge0: port 1(bridge_slave_0) entered disabled state [ 695.092359][ T1433] bridge_slave_1: left allmulticast mode [ 695.092380][ T1433] bridge_slave_1: left promiscuous mode [ 695.092553][ T1433] bridge0: port 2(bridge_slave_1) entered disabled state [ 695.169031][ T1433] bridge_slave_0: left allmulticast mode [ 695.169051][ T1433] bridge_slave_0: left promiscuous mode [ 695.169226][ T1433] bridge0: port 1(bridge_slave_0) entered disabled state [ 695.498652][ T1433] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 695.548241][ T5802] Bluetooth: hci4: command tx timeout [ 695.750251][ T1433] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 696.020189][ T1433] bond0 (unregistering): Released all slaves [ 697.298472][ T1433] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 697.379838][ T1433] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 697.442153][ T1433] bond0 (unregistering): Released all slaves [ 697.668622][ T1433] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 697.778558][ T1433] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 697.861398][ T1433] bond0 (unregistering): Released all slaves [ 698.289250][ T1433] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 698.398556][ T1433] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 698.470432][ T1433] bond0 (unregistering): Released all slaves [ 698.648616][ T1433] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 698.728700][ T1433] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 698.822363][ T1433] bond0 (unregistering): Released all slaves [ 703.664299][ T9662] input: syz0 as /devices/virtual/input/input12 [ 704.270971][ T9656] netlink: 100 bytes leftover after parsing attributes in process `syz.4.874'. [ 706.225006][ T9423] bridge0: port 1(bridge_slave_0) entered blocking state [ 706.225152][ T9423] bridge0: port 1(bridge_slave_0) entered disabled state [ 706.225390][ T9423] bridge_slave_0: entered allmulticast mode [ 706.254513][ T9423] bridge_slave_0: entered promiscuous mode [ 706.266746][ T9423] bridge0: port 2(bridge_slave_1) entered blocking state [ 706.266953][ T9423] bridge0: port 2(bridge_slave_1) entered disabled state [ 706.267164][ T9423] bridge_slave_1: entered allmulticast mode [ 706.270218][ T9423] bridge_slave_1: entered promiscuous mode [ 707.600509][ T9533] chnl_net:caif_netlink_parms(): no params data found [ 707.766559][ T9423] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 708.308851][ T1433] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 708.369003][ T1433] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 708.528082][ T1433] hsr_slave_0: left promiscuous mode [ 708.570249][ T1433] hsr_slave_1: left promiscuous mode [ 708.572558][ T1433] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 708.858264][ T1433] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 708.922983][ T5813] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 708.925756][ T5813] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 708.927543][ T5813] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 709.827087][ T5813] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 709.840482][ T5813] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 711.118049][ T1433] hsr_slave_0: left promiscuous mode [ 711.158814][ T1433] hsr_slave_1: left promiscuous mode [ 711.160086][ T1433] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 711.444780][ T1433] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 712.728499][ T1433] hsr_slave_0: left promiscuous mode [ 715.726324][ T5802] Bluetooth: hci0: command tx timeout [ 715.891312][ T1433] hsr_slave_1: left promiscuous mode [ 715.892293][ T1433] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 715.953139][ T1433] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 716.288127][ T1433] hsr_slave_0: left promiscuous mode [ 716.308123][ T1433] hsr_slave_1: left promiscuous mode [ 716.308756][ T1433] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 716.333477][ T1433] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 716.568581][ T1433] team0 (unregistering): Port device team_slave_1 removed [ 716.678603][ T1433] team0 (unregistering): Port device team_slave_0 removed [ 718.972087][ T5802] Bluetooth: hci0: command tx timeout [ 720.078656][ T1433] team0 (unregistering): Port device team_slave_1 removed [ 720.208696][ T1433] team0 (unregistering): Port device team_slave_0 removed [ 720.988268][ T5802] Bluetooth: hci0: command tx timeout [ 721.159526][ T1433] team0 (unregistering): Port device team_slave_1 removed [ 721.288617][ T1433] team0 (unregistering): Port device team_slave_0 removed [ 722.288488][ T1433] team0 (unregistering): Port device team_slave_1 removed [ 722.398858][ T1433] team0 (unregistering): Port device team_slave_0 removed [ 723.080901][ T5802] Bluetooth: hci0: command tx timeout [ 723.249096][ T1433] team0 (unregistering): Port device team_slave_1 removed [ 723.378591][ T1433] team0 (unregistering): Port device team_slave_0 removed [ 723.972750][ T9533] bridge0: port 1(bridge_slave_0) entered blocking state [ 723.972954][ T9533] bridge0: port 1(bridge_slave_0) entered disabled state [ 723.973165][ T9533] bridge_slave_0: entered allmulticast mode [ 723.976004][ T9533] bridge_slave_0: entered promiscuous mode [ 727.440500][ T9745] netlink: 'syz.4.892': attribute type 4 has an invalid length. [ 727.440572][ T9745] netlink: 17 bytes leftover after parsing attributes in process `syz.4.892'. [ 730.084799][ T9754] tipc: Enabling of bearer rejected, already enabled [ 730.676438][ T9533] bridge0: port 2(bridge_slave_1) entered blocking state [ 730.676595][ T9533] bridge0: port 2(bridge_slave_1) entered disabled state [ 730.676835][ T9533] bridge_slave_1: entered allmulticast mode [ 730.684200][ T9533] bridge_slave_1: entered promiscuous mode [ 731.197216][ T9533] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 731.206551][ T9567] chnl_net:caif_netlink_parms(): no params data found [ 731.334477][ T9533] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 738.571996][ T9780] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 739.719190][ T5813] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 739.746561][ T5813] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 739.758142][ T5813] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 739.761736][ T5813] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 739.762913][ T5813] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 743.179962][ T5802] Bluetooth: hci5: command tx timeout [ 745.229666][ T5802] Bluetooth: hci5: command tx timeout [ 745.348295][ T9567] bridge0: port 1(bridge_slave_0) entered blocking state [ 745.348470][ T9567] bridge0: port 1(bridge_slave_0) entered disabled state [ 745.348702][ T9567] bridge_slave_0: entered allmulticast mode [ 745.351463][ T9567] bridge_slave_0: entered promiscuous mode [ 746.859484][ T5813] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 746.864470][ T5813] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 746.865799][ T5813] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 746.867672][ T5813] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 746.891939][ T5813] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 747.308015][ T5802] Bluetooth: hci5: command tx timeout [ 747.565831][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.565903][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.607022][ T9696] chnl_net:caif_netlink_parms(): no params data found [ 748.988187][ T5802] Bluetooth: hci2: command tx timeout [ 749.397968][ T5802] Bluetooth: hci5: command tx timeout [ 749.830489][ T9782] chnl_net:caif_netlink_parms(): no params data found [ 750.201328][ T9696] bridge0: port 1(bridge_slave_0) entered blocking state [ 750.201550][ T9696] bridge0: port 1(bridge_slave_0) entered disabled state [ 750.202116][ T9696] bridge_slave_0: entered allmulticast mode [ 750.205089][ T9696] bridge_slave_0: entered promiscuous mode [ 750.967330][ T9696] bridge0: port 2(bridge_slave_1) entered blocking state [ 750.981648][ T9696] bridge0: port 2(bridge_slave_1) entered disabled state [ 750.986576][ T9696] bridge_slave_1: entered allmulticast mode [ 751.220764][ T5802] Bluetooth: hci2: command tx timeout [ 751.361424][ T9696] bridge_slave_1: entered promiscuous mode [ 756.074971][ T5802] Bluetooth: hci2: command tx timeout [ 756.465868][ T9696] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 756.466316][ T9817] chnl_net:caif_netlink_parms(): no params data found [ 756.919411][ T9696] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 758.237928][ T5802] Bluetooth: hci2: command tx timeout [ 758.628200][ T9782] bridge0: port 1(bridge_slave_0) entered blocking state [ 758.628341][ T9782] bridge0: port 1(bridge_slave_0) entered disabled state [ 758.628592][ T9782] bridge_slave_0: entered allmulticast mode [ 758.631381][ T9782] bridge_slave_0: entered promiscuous mode [ 759.070765][ T9782] bridge0: port 2(bridge_slave_1) entered blocking state [ 759.070898][ T9782] bridge0: port 2(bridge_slave_1) entered disabled state [ 759.071102][ T9782] bridge_slave_1: entered allmulticast mode [ 759.110436][ T9782] bridge_slave_1: entered promiscuous mode [ 759.113019][ T9696] team0: Port device team_slave_0 added [ 759.210607][ T9696] team0: Port device team_slave_1 added [ 759.443184][ T9782] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 761.623830][ T9782] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 761.770029][ T9696] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 761.770048][ T9696] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 761.770074][ T9696] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 763.448703][ T9696] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 763.448720][ T9696] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 763.448746][ T9696] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 763.452191][ T9817] bridge0: port 1(bridge_slave_0) entered blocking state [ 763.452322][ T9817] bridge0: port 1(bridge_slave_0) entered disabled state [ 763.452576][ T9817] bridge_slave_0: entered allmulticast mode [ 763.463022][ T9817] bridge_slave_0: entered promiscuous mode [ 763.863686][ T9817] bridge0: port 2(bridge_slave_1) entered blocking state [ 763.863894][ T9817] bridge0: port 2(bridge_slave_1) entered disabled state [ 763.864118][ T9817] bridge_slave_1: entered allmulticast mode [ 763.866876][ T9817] bridge_slave_1: entered promiscuous mode [ 763.871055][ T9782] team0: Port device team_slave_0 added [ 764.161430][ T9782] team0: Port device team_slave_1 added [ 764.539563][ T9817] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 764.743513][ T9817] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 764.771864][ T9696] hsr_slave_0: entered promiscuous mode [ 764.778902][ T9696] hsr_slave_1: entered promiscuous mode [ 764.786430][ T9782] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 764.786444][ T9782] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 764.786469][ T9782] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 765.190756][ T9782] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 765.190773][ T9782] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 765.190800][ T9782] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 766.245754][ T9817] team0: Port device team_slave_0 added [ 766.856614][ T9929] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 767.068939][ T9817] team0: Port device team_slave_1 added [ 769.192239][ T9817] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 769.192255][ T9817] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 769.192281][ T9817] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 769.253028][ T9782] hsr_slave_0: entered promiscuous mode [ 769.254526][ T9782] hsr_slave_1: entered promiscuous mode [ 769.255530][ T9782] debugfs: 'hsr0' already exists in 'hsr' [ 769.255553][ T9782] Cannot create hsr debugfs directory [ 769.257773][ T9817] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 769.257787][ T9817] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 769.257812][ T9817] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 771.092316][ T5813] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 771.115516][ T5813] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 771.117155][ T5813] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 771.129536][ T5813] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 771.130329][ T5813] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 771.147095][ T9956] FAT-fs (loop9): unable to read boot sector [ 771.867100][ T9817] hsr_slave_0: entered promiscuous mode [ 771.868367][ T9817] hsr_slave_1: entered promiscuous mode [ 771.869313][ T9817] debugfs: 'hsr0' already exists in 'hsr' [ 771.869336][ T9817] Cannot create hsr debugfs directory [ 773.370589][ T5802] Bluetooth: hci0: command tx timeout [ 773.619932][ T9976] input: syz0 as /devices/virtual/input/input13 [ 774.954705][ T1433] bridge_slave_0: left allmulticast mode [ 774.954733][ T1433] bridge_slave_0: left promiscuous mode [ 774.954976][ T1433] bridge0: port 1(bridge_slave_0) entered disabled state [ 775.698661][ T5802] Bluetooth: hci0: command tx timeout [ 775.771866][ T1433] bridge_slave_1: left allmulticast mode [ 775.772003][ T1433] bridge_slave_1: left promiscuous mode [ 775.777408][ T1433] bridge0: port 2(bridge_slave_1) entered disabled state [ 779.175481][ T5802] Bluetooth: hci0: command tx timeout [ 779.346600][ T1433] bridge_slave_0: left allmulticast mode [ 779.346629][ T1433] bridge_slave_0: left promiscuous mode [ 779.346878][ T1433] bridge0: port 1(bridge_slave_0) entered disabled state [ 781.153163][ T1433] bridge_slave_1: left allmulticast mode [ 781.153191][ T1433] bridge_slave_1: left promiscuous mode [ 781.153446][ T1433] bridge0: port 2(bridge_slave_1) entered disabled state [ 781.228106][ T5802] Bluetooth: hci0: command tx timeout [ 781.309375][ T1433] bridge_slave_0: left allmulticast mode [ 781.309401][ T1433] bridge_slave_0: left promiscuous mode [ 781.461972][ T1433] bridge0: port 1(bridge_slave_0) entered disabled state [ 782.276200][ T1433] bridge_slave_1: left allmulticast mode [ 782.276231][ T1433] bridge_slave_1: left promiscuous mode [ 782.276464][ T1433] bridge0: port 2(bridge_slave_1) entered disabled state [ 783.029649][ T1433] bridge_slave_0: left allmulticast mode [ 783.029678][ T1433] bridge_slave_0: left promiscuous mode [ 783.032022][ T1433] bridge0: port 1(bridge_slave_0) entered disabled state [ 786.181631][T10015] overlayfs: failed to resolve './file1': -2 [ 786.832000][ T1433] bond0 (unregistering): Released all slaves [ 787.119393][ T1433] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 788.038768][ T1433] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 788.240669][ T1433] bond0 (unregistering): Released all slaves [ 788.378894][ T1433] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 788.440393][ T1433] bond0 (unregistering): Released all slaves [ 788.639158][ T1433] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 788.698866][ T1433] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 788.732184][ T1433] bond0 (unregistering): Released all slaves [ 788.769000][T10012] netlink: 100 bytes leftover after parsing attributes in process `syz.3.954'. [ 790.912966][T10039] netlink: 'syz.3.960': attribute type 4 has an invalid length. [ 790.912988][T10039] netlink: 17 bytes leftover after parsing attributes in process `syz.3.960'. [ 792.648357][ T1433] hsr_slave_0: left promiscuous mode [ 792.699770][ T1433] hsr_slave_1: left promiscuous mode [ 792.700724][ T1433] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 792.758946][ T1433] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 793.181192][T10052] overlayfs: failed to resolve './file1': -2 [ 797.352898][ T1433] team0 (unregistering): Port device team_slave_1 removed [ 797.570059][ T1433] team0 (unregistering): Port device team_slave_0 removed [ 800.477159][ T5813] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 800.501254][ T5813] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 800.503767][ T5813] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 800.891071][T10089] overlayfs: failed to resolve './file1': -2 [ 801.530661][ T5813] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 801.710319][ T5813] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 807.916244][ T5802] Bluetooth: hci4: command tx timeout [ 808.639640][ T5813] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 808.643791][ T5813] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 808.645015][ T5813] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 808.646187][ T5813] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 808.646979][ T5813] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 808.777197][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.777265][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 809.948098][ T5813] Bluetooth: hci4: command tx timeout [ 809.954893][ T9954] chnl_net:caif_netlink_parms(): no params data found [ 810.459489][T10126] input: syz0 as /devices/virtual/input/input14 [ 811.048228][ T5813] Bluetooth: hci5: command tx timeout [ 812.529562][ T5813] Bluetooth: hci4: command tx timeout [ 814.394585][ T5802] Bluetooth: hci5: command tx timeout [ 814.670481][ T9954] bridge0: port 1(bridge_slave_0) entered blocking state [ 814.670695][ T9954] bridge0: port 1(bridge_slave_0) entered disabled state [ 814.670933][ T9954] bridge_slave_0: entered allmulticast mode [ 814.686418][ T9954] bridge_slave_0: entered promiscuous mode [ 814.743784][ T9954] bridge0: port 2(bridge_slave_1) entered blocking state [ 814.743932][ T9954] bridge0: port 2(bridge_slave_1) entered disabled state [ 814.744495][ T9954] bridge_slave_1: entered allmulticast mode [ 814.747523][ T9954] bridge_slave_1: entered promiscuous mode [ 814.931448][ T5813] Bluetooth: hci4: command tx timeout [ 815.943235][ T9954] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 816.884382][ T9954] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 816.886925][ T5813] Bluetooth: hci5: command tx timeout [ 818.236593][ T9954] team0: Port device team_slave_0 added [ 818.440302][T10178] netlink: 28 bytes leftover after parsing attributes in process `syz.3.994'. [ 818.462007][ T9954] team0: Port device team_slave_1 added [ 818.540756][T10178] tipc: Started in network mode [ 818.540970][T10178] tipc: Node identity ac14141b, cluster identity 4711 [ 818.580240][T10178] tipc: New replicast peer: 255.255.255.255 [ 818.635312][T10178] tipc: Enabled bearer , priority 10 [ 819.058006][ T5813] Bluetooth: hci5: command tx timeout [ 819.603325][ T992] tipc: Node number set to 2886997019 [ 820.779654][ T9954] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 820.779671][ T9954] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 820.779696][ T9954] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 820.812050][ T9954] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 820.812067][ T9954] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 820.812092][ T9954] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 821.177276][T10083] chnl_net:caif_netlink_parms(): no params data found [ 823.057382][ T9954] hsr_slave_0: entered promiscuous mode [ 823.065291][ T9954] hsr_slave_1: entered promiscuous mode [ 823.066451][ T9954] debugfs: 'hsr0' already exists in 'hsr' [ 823.066476][ T9954] Cannot create hsr debugfs directory [ 824.319302][T10112] chnl_net:caif_netlink_parms(): no params data found [ 824.931063][T10083] bridge0: port 1(bridge_slave_0) entered blocking state [ 824.931418][T10083] bridge0: port 1(bridge_slave_0) entered disabled state [ 824.931592][T10083] bridge_slave_0: entered allmulticast mode [ 824.933253][T10083] bridge_slave_0: entered promiscuous mode [ 824.985678][T10083] bridge0: port 2(bridge_slave_1) entered blocking state [ 824.986056][T10083] bridge0: port 2(bridge_slave_1) entered disabled state [ 824.986702][T10083] bridge_slave_1: entered allmulticast mode [ 824.999874][T10083] bridge_slave_1: entered promiscuous mode [ 825.501028][T10083] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 825.719759][T10083] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 825.810592][T10112] bridge0: port 1(bridge_slave_0) entered blocking state [ 825.811242][T10112] bridge0: port 1(bridge_slave_0) entered disabled state [ 825.811571][T10112] bridge_slave_0: entered allmulticast mode [ 825.823715][T10112] bridge_slave_0: entered promiscuous mode [ 827.752268][T10112] bridge0: port 2(bridge_slave_1) entered blocking state [ 827.752824][T10112] bridge0: port 2(bridge_slave_1) entered disabled state [ 827.753748][T10112] bridge_slave_1: entered allmulticast mode [ 827.760900][T10112] bridge_slave_1: entered promiscuous mode [ 827.823844][T10222] input: syz0 as /devices/virtual/input/input15 [ 830.141051][T10083] team0: Port device team_slave_0 added [ 830.292850][T10083] team0: Port device team_slave_1 added [ 830.504369][T10112] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 830.757097][T10112] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 830.766097][T10083] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 830.766114][T10083] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 830.766140][T10083] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 831.359375][T10083] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 831.359392][T10083] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 831.359418][T10083] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 833.069879][ T5802] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 833.077659][ T5802] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 833.079872][ T5802] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 833.085293][ T5802] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 833.321605][T10253] 9pnet_fd: Insufficient options for proto=fd [ 833.960273][ T5802] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 834.169243][T10242] netlink: 100 bytes leftover after parsing attributes in process `syz.3.1010'. [ 834.169961][T10243] tipc: Enabling of bearer rejected, already enabled [ 834.294092][T10256] Bluetooth: MGMT ver 1.23 [ 834.296337][ T37] kauditd_printk_skb: 13 callbacks suppressed [ 834.296354][ T37] audit: type=1326 audit(1761204322.696:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10254 comm="syz.4.1013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46162cefc9 code=0x7ffc0000 [ 834.296616][ T37] audit: type=1326 audit(1761204322.696:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10254 comm="syz.4.1013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46162cefc9 code=0x7ffc0000 [ 834.297376][ T37] audit: type=1326 audit(1761204322.696:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10254 comm="syz.4.1013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f46162cefc9 code=0x7ffc0000 [ 834.297677][ T37] audit: type=1326 audit(1761204322.696:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10254 comm="syz.4.1013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46162cefc9 code=0x7ffc0000 [ 834.334142][ T37] audit: type=1326 audit(1761204322.696:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10254 comm="syz.4.1013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46162cefc9 code=0x7ffc0000 [ 834.334193][ T37] audit: type=1326 audit(1761204322.726:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10254 comm="syz.4.1013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f46162cefc9 code=0x7ffc0000 [ 834.334232][ T37] audit: type=1326 audit(1761204322.726:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10254 comm="syz.4.1013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46162cefc9 code=0x7ffc0000 [ 834.334278][ T37] audit: type=1326 audit(1761204322.726:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10254 comm="syz.4.1013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46162cefc9 code=0x7ffc0000 [ 834.334316][ T37] audit: type=1326 audit(1761204322.736:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10254 comm="syz.4.1013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f46162cefc9 code=0x7ffc0000 [ 834.334355][ T37] audit: type=1326 audit(1761204322.736:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10254 comm="syz.4.1013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46162cefc9 code=0x7ffc0000 [ 834.494504][T10112] team0: Port device team_slave_0 added [ 834.691601][T10112] team0: Port device team_slave_1 added [ 835.230030][T10083] hsr_slave_0: entered promiscuous mode [ 835.232712][T10083] hsr_slave_1: entered promiscuous mode [ 835.234855][T10083] debugfs: 'hsr0' already exists in 'hsr' [ 835.234879][T10083] Cannot create hsr debugfs directory [ 835.519166][T10112] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 835.519182][T10112] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 835.519206][T10112] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 837.075228][T10112] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 837.075251][T10112] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the perform[ 837.075251][T10112] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 837.075277][T10112] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 837.863167][ T23] ================================================================== [ 837.863185][ T23] BUG: KASAN: vmalloc-out-of-bounds in run_irq_workd+0x116/0x190 [ 837.863218][ T23] Read of size 8 at addr ffffc90005599090 by task irq_work/0/23 [ 837.863233][ T23] [ 837.863259][ T23] CPU: 0 UID: 0 PID: 23 Comm: irq_work/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 837.863279][ T23] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 837.863297][ T23] Call Trace: [ 837.863308][ T23] [ 837.863315][ T23] dump_stack_lvl+0x189/0x250 [ 837.863344][ T23] ? run_irq_workd+0x116/0x190 [ 837.863364][ T23] ? __pfx_dump_stack_lvl+0x10/0x10 [ 837.863385][ T23] ? __pfx__printk+0x10/0x10 [ 837.863405][ T23] ? __virt_addr_valid+0xdc/0x5c0 [ 837.863432][ T23] ? __virt_addr_valid+0xdc/0x5c0 [ 837.863455][ T23] print_report+0xca/0x240 [ 837.863479][ T23] ? run_irq_workd+0x116/0x190 [ 837.863499][ T23] kasan_report+0x118/0x150 [ 837.863526][ T23] ? run_irq_workd+0x116/0x190 [ 837.863551][ T23] run_irq_workd+0x116/0x190 [ 837.863571][ T23] ? __pfx_run_irq_workd+0x10/0x10 [ 837.863595][ T23] ? schedule+0x91/0x360 [ 837.863614][ T23] ? smpboot_thread_fn+0x4d/0xa60 [ 837.863632][ T23] ? smpboot_thread_fn+0x4d/0xa60 [ 837.863649][ T23] smpboot_thread_fn+0x542/0xa60 [ 837.863668][ T23] ? smpboot_thread_fn+0x4d/0xa60 [ 837.863689][ T23] kthread+0x711/0x8a0 [ 837.863710][ T23] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 837.863729][ T23] ? __pfx_kthread+0x10/0x10 [ 837.863748][ T23] ? rt_spin_unlock+0x150/0x200 [ 837.863766][ T23] ? rt_spin_unlock+0x161/0x200 [ 837.863781][ T23] ? __pfx_kthread+0x10/0x10 [ 837.863802][ T23] ret_from_fork+0x4bc/0x870 [ 837.863821][ T23] ? __pfx_ret_from_fork+0x10/0x10 [ 837.863841][ T23] ? __switch_to_asm+0x39/0x70 [ 837.863857][ T23] ? __switch_to_asm+0x33/0x70 [ 837.863872][ T23] ? __pfx_kthread+0x10/0x10 [ 837.863893][ T23] ret_from_fork_asm+0x1a/0x30 [ 837.863915][ T23] [ 837.863921][ T23] [ 837.863926][ T23] The buggy address belongs to a vmalloc virtual mapping [ 837.863953][ T23] Memory state around the buggy address: [ 837.863963][ T23] ffffc90005598f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 837.863974][ T23] ffffc90005599000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 837.863986][ T23] >ffffc90005599080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 837.864001][ T23] ^ [ 837.864011][ T23] ffffc90005599100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 837.864022][ T23] ffffc90005599180: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 837.864030][ T23] ================================================================== [ 837.864050][ T23] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 837.864063][ T23] CPU: 0 UID: 0 PID: 23 Comm: irq_work/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 837.864081][ T23] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 837.864092][ T23] Call Trace: [ 837.864098][ T23] [ 837.864105][ T23] dump_stack_lvl+0x99/0x250 [ 837.864127][ T23] ? __asan_memcpy+0x40/0x70 [ 837.864145][ T23] ? __pfx_dump_stack_lvl+0x10/0x10 [ 837.864166][ T23] ? __pfx__printk+0x10/0x10 [ 837.864189][ T23] vpanic+0x237/0x6d0 [ 837.864206][ T23] ? __pfx_vpanic+0x10/0x10 [ 837.864226][ T23] panic+0xb9/0xc0 [ 837.864240][ T23] ? __pfx_panic+0x10/0x10 [ 837.864255][ T23] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 837.864275][ T23] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 837.864298][ T23] ? run_irq_workd+0x116/0x190 [ 837.864317][ T23] check_panic_on_warn+0x89/0xb0 [ 837.864334][ T23] ? run_irq_workd+0x116/0x190 [ 837.864355][ T23] end_report+0x78/0x160 [ 837.864376][ T23] kasan_report+0x129/0x150 [ 837.864399][ T23] ? run_irq_workd+0x116/0x190 [ 837.864420][ T23] run_irq_workd+0x116/0x190 [ 837.864440][ T23] ? __pfx_run_irq_workd+0x10/0x10 [ 837.864459][ T23] ? schedule+0x91/0x360 [ 837.864477][ T23] ? smpboot_thread_fn+0x4d/0xa60 [ 837.864496][ T23] ? smpboot_thread_fn+0x4d/0xa60 [ 837.864514][ T23] smpboot_thread_fn+0x542/0xa60 [ 837.864533][ T23] ? smpboot_thread_fn+0x4d/0xa60 [ 837.864555][ T23] kthread+0x711/0x8a0 [ 837.864577][ T23] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 837.864595][ T23] ? __pfx_kthread+0x10/0x10 [ 837.864616][ T23] ? rt_spin_unlock+0x150/0x200 [ 837.864634][ T23] ? rt_spin_unlock+0x161/0x200 [ 837.864649][ T23] ? __pfx_kthread+0x10/0x10 [ 837.864672][ T23] ret_from_fork+0x4bc/0x870 [ 837.864692][ T23] ? __pfx_ret_from_fork+0x10/0x10 [ 837.864712][ T23] ? __switch_to_asm+0x39/0x70 [ 837.864728][ T23] ? __switch_to_asm+0x33/0x70 [ 837.864743][ T23] ? __pfx_kthread+0x10/0x10 [ 837.864764][ T23] ret_from_fork_asm+0x1a/0x30 [ 837.864786][ T23] [ 837.865064][ T23] Kernel Offset: disabled