last executing test programs: 10.987363321s ago: executing program 4 (id=75): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) mkdir(&(0x7f0000000100)='./control\x00', 0x0) r2 = openat$cgroup_freezer_state(r1, 0x0, 0x2, 0x0) write$cgroup_freezer_state(r2, &(0x7f00000000c0)='FROZEN\x00', 0x7) 10.399691533s ago: executing program 4 (id=78): r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x0) recvmsg$kcm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000d40)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021100011800c000100636f756e74657200400100000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000140103801001008008000340000000"], 0x1d4}, 0x1, 0x0, 0x0, 0x8000}, 0x0) 9.672766269s ago: executing program 4 (id=83): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0, {0x200}}, './file3\x00'}) syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), r1) socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f00000004c0)=ANY=[@ANYBLOB="b4050000000000006110a40000000000bc0000000000000095000000000000002568f9f4e90a3a51fe379af3acb0711686a73b2884f5dcb4af007b75d6a8dcda61fe11bafede0917cd75c632da28a19a4570f1926ebed5bac4b5e34527620481f8b6919395df6d351e2f230b9274aaeb033cd35e0096426c45b512a29b613fe1e7c988e8bee96f44c5c8d6f7c3683fbf5281644c7861ba4d35122bf88b6d69a34f5b4ebee8e6ed71dcd3087e88fbc6548b308838d287142285cc64e2dcb922fccc259fd8abae0b82ba7bacdac3f4f668e9f8eec2b2c5555657733ef63e177302450c0225604307a5478d"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{0x1}, 0x0, 0x0}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) io_uring_setup(0x54a0, &(0x7f0000000000)={0x0, 0x70e6, 0x10, 0x0, 0xf2}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x3, &(0x7f0000000540)=ANY=[], &(0x7f0000000280)='GPL\x00', 0xa, 0xb9, &(0x7f0000000140)=""/185, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) openat$comedi(0xffffff9c, &(0x7f0000000300)='/dev/comedi1\x00', 0x200040, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1) openat(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', 0x414902, 0x80) mount(&(0x7f0000000240), &(0x7f0000000200)='./file0\x00', &(0x7f0000000140)='ufs\x00', 0x0, 0x0) 7.311025143s ago: executing program 1 (id=90): socket$inet6_sctp(0xa, 0x5, 0x84) socket$rds(0x15, 0x5, 0x0) syz_open_dev$evdev(&(0x7f0000000200), 0x0, 0x40000) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$inet_tcp(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f00000002c0)=ANY=[@ANYRES8=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000001, 0x12, r0, 0x0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_GETKMSGREDIRECT(r1, 0x541c, &(0x7f0000000000)) 5.930352349s ago: executing program 1 (id=93): r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x0) recvmsg$kcm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000d40)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021100011800c000100636f756e74657200400100000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000140103801001008008000340000000"], 0x1d4}, 0x1, 0x0, 0x0, 0x8000}, 0x0) 5.859095735s ago: executing program 4 (id=94): ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(0xffffffffffffffff, 0x40045542, 0x0) syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) syz_open_dev$tty1(0xc, 0x4, 0x2) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) memfd_secret(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setstatus(r3, 0x4, 0x2800) 5.67238642s ago: executing program 3 (id=95): syz_emit_ethernet(0x46, &(0x7f0000000100)={@local, @empty, @void, {@ipv4={0x800, @icmp={{0x7, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local, {[@cipso={0x86, 0x8, 0x3, [{0x0, 0x2}]}]}}, @time_exceeded={0x3, 0x0, 0x0, 0x12, 0x0, 0x2802, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast1, @private}}}}}}, 0x0) 5.2964648s ago: executing program 1 (id=96): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) prctl$PR_SET_IO_FLUSHER(0x43, 0x1) prctl$PR_SET_IO_FLUSHER(0x43, 0x0) 4.95603322s ago: executing program 3 (id=97): openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0) r0 = syz_io_uring_setup(0xf3c, &(0x7f0000000780)={0x0, 0xadb6, 0x10000, 0x0, 0x350}, &(0x7f0000000100)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r0, 0x567, 0x0, 0xe00000000000000, 0x0, 0x0) 4.446636501s ago: executing program 3 (id=100): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a3100000000080005400000002b"], 0x64}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x10}, 0x4004880) sendto$isdn(0xffffffffffffffff, 0x0, 0x0, 0x814, &(0x7f00000002c0)={0x22, 0xe, 0x1, 0xb5, 0xe7}, 0x6) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x28, 0x30, 0x201, 0x8000, 0x0, {0x1}, [@nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x0, 0x0, 0x0, @str='\x05G'}]}, @typed={0x8, 0x2, 0x0, 0x0, @u32}]}, 0x28}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0xe, 0x6, &(0x7f0000000540)=ANY=[@ANYRES32, @ANYBLOB="0000000000ce6e34a4bf842d3800000095000000000000005b1680e373934f3426e84c1f665987a59d"], &(0x7f0000000300)='syzkaller\x00'}, 0x94) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r2, &(0x7f00000002c0)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) listen(r2, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000600)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x5a}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "f900f5", 0x18, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x0, 0x0, 0x0, {[@fastopen={0x1e, 0x2}]}}}}}}}}, 0x0) 4.180810797s ago: executing program 1 (id=101): openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89101) r1 = openat$cgroup_ro(r0, &(0x7f00000002c0)='blkio.throttle.io_serviced_recursive\x00', 0x275a, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) socket$inet6_udp(0xa, 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x0) syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000000200)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2407000005000000000000000c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r0, @ANYBLOB="05", @ANYRES16=r0, @ANYRES8, @ANYRES16=r1, @ANYRES16=r3], 0x0) 3.444908716s ago: executing program 2 (id=104): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) setreuid(0xee01, 0x0) 3.355759018s ago: executing program 3 (id=105): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni-avx2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e", 0x36}, {&(0x7f00000003c0)="e8700e444d50a969ff67", 0xa}], 0x2}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0) 3.250798638s ago: executing program 0 (id=106): r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x0) recvmsg$kcm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000d40)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021100011800c000100636f756e74657200400100000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000140103801001008008000340000000"], 0x1d4}, 0x1, 0x0, 0x0, 0x8000}, 0x0) 2.697001253s ago: executing program 2 (id=107): r0 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x3, 0x3, 0x3}, 0x10) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000080)={0x41, 0x4}, 0x10) 2.53129452s ago: executing program 0 (id=108): r0 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000040)="ff02040000b5ffffffffffffffff2e2be82db1af00000000", 0x18) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e20, 0x1000040, @private1={0xfc, 0x1, '\x00', 0xa}, 0xae3c}, 0x1c) setsockopt$inet6_IPV6_RTHDRDSTOPTS(r0, 0x29, 0x37, 0x0, 0x0) 2.035798443s ago: executing program 2 (id=109): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x1) ioctl$KVM_IOEVENTFD(r0, 0x40a0ae49, &(0x7f0000000080)={0xffffffffffff87bb, 0x2000, 0x8, 0xffffffffffffffff, 0x3}) 2.0356562s ago: executing program 3 (id=110): openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0) r0 = syz_io_uring_setup(0xf3c, &(0x7f0000000780)={0x0, 0xadb6, 0x10000, 0x0, 0x350}, &(0x7f0000000100)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r0, 0x567, 0x0, 0xe00000000000000, 0x0, 0x0) 2.004347065s ago: executing program 1 (id=111): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x5, 0x0, &(0x7f00000000c0)='GPL\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) prctl$PR_SET_IO_FLUSHER(0x43, 0x1) prctl$PR_SET_IO_FLUSHER(0x43, 0x0) 1.971860847s ago: executing program 0 (id=112): socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) pipe(&(0x7f0000000000)) socket$packet(0x11, 0x3, 0x300) socket$inet6_tcp(0xa, 0x1, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x5, 0x0) socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r0, &(0x7f0000000000), 0xd) 1.703810024s ago: executing program 3 (id=113): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0xfffffff9, 0x7fff, 0x16, "0062ba7d82000000000000000000f7ffffff00"}) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d04"], 0x0) r1 = syz_open_pts(r0, 0x0) dup3(r1, r0, 0x0) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000180)=0xff) 1.419395086s ago: executing program 2 (id=114): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) mkdir(&(0x7f0000000100)='./control\x00', 0x0) r2 = openat$cgroup_freezer_state(r1, &(0x7f00000002c0), 0x2, 0x0) write$cgroup_freezer_state(r2, 0x0, 0x0) 1.265317873s ago: executing program 0 (id=115): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x0, 0x10}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x1c, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x18, 0x10, 0x3}, @TCA_FQ_FLOW_MAX_RATE={0x2, 0x2}, @TCA_FQ_QUANTUM={0xffffffffffffff92, 0x2, 0x7000000}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x41}, 0x0) 846.73876ms ago: executing program 1 (id=116): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000780)=ANY=[@ANYBLOB="12010000cf8bed20d90f25004029000000010902120001000000000904"], 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000580)={0x24, &(0x7f0000000700)=ANY=[@ANYBLOB="201109"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) ioctl$I2C_PEC(r1, 0x708, 0x7) ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000080)={0x1, 0x7, 0x3, &(0x7f0000000040)={0x1c, "b020dcf7df12eff7e9c3fe81d507fe9f43779d424d92f1b25b5d42f5eb6e4bbe70"}}) 807.706828ms ago: executing program 4 (id=117): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) bind$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff, 0x2}, 0xe) 563.590542ms ago: executing program 2 (id=118): r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x0) recvmsg$kcm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000d40)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021100011800c000100636f756e74657200400100000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000140103801001008008000340000000"], 0x1d4}, 0x1, 0x0, 0x0, 0x8000}, 0x0) 563.416959ms ago: executing program 0 (id=119): futex(&(0x7f000000cffc), 0xb, 0x0, &(0x7f0000000240)={0x77359400}, 0x0, 0x0) 321.085029ms ago: executing program 4 (id=120): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=ANY=[@ANYBLOB="fc0000001900010029bd7000fbdbdf25ff010000060000800000000000000001fe8000000000000000000000000000bb00000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000004000000000000000000000000000000000000000000000000000000000000000200000000000000fdffffffffffffff000000000000000000000000000000000500000000000000000000000020000000000000000000000000000000000000010002000000000044000500fe800000000000000000000000000044000004d42b0000000a000000e00000010000000000000000000000000000000004"], 0xfc}, 0x1, 0x0, 0x0, 0x24008040}, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r2, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4) connect$inet(r0, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$inet(r0, &(0x7f0000004d00), 0x7fffffffffffd33, 0x20000890) syz_usb_connect$cdc_ncm(0x6, 0x8f, 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0) sendmsg$inet_sctp(0xffffffffffffffff, 0x0, 0x1) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) r3 = dup(0xffffffffffffffff) write$cgroup_subtree(r3, &(0x7f00000005c0)=ANY=[], 0x32600) socket$nl_netfilter(0x10, 0x3, 0xc) 199.213281ms ago: executing program 0 (id=121): openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89101) r1 = openat$cgroup_ro(r0, &(0x7f00000002c0)='blkio.throttle.io_serviced_recursive\x00', 0x275a, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) socket$inet6_udp(0xa, 0x2, 0x0) socket$inet6(0xa, 0x2, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x0) syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000000200)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2407000005000000000000000c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r0, @ANYBLOB="05", @ANYRES16=r0, @ANYRES8, @ANYRES16=r1, @ANYRES16=r3], 0x0) 0s ago: executing program 2 (id=122): sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000580)="d8", 0x1}], 0x1, 0x0, 0x0, 0x7400}, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=ANY=[@ANYBLOB="02"], 0x10}, 0x1f, 0x7}, 0x44) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.123' (ED25519) to the list of known hosts. [ 176.245733][ T5775] cgroup: Unknown subsys name 'net' [ 176.374139][ T5775] cgroup: Unknown subsys name 'cpuset' [ 176.390478][ T5775] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 182.300377][ T5775] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 186.391484][ T5795] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 186.399514][ T5795] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 186.408369][ T5801] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 186.418076][ T5805] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 186.426722][ T5805] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 186.435305][ T5805] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 186.448899][ T5801] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 186.457281][ T5801] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 186.467338][ T5805] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 186.470826][ T5801] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 186.477723][ T5805] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 186.483415][ T5801] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 186.494625][ T5805] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 186.497302][ T5801] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 186.516784][ T5803] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 186.526947][ T5803] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 186.538230][ T5805] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 186.563070][ T5807] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 186.584386][ T5805] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 186.598843][ T5805] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 186.608835][ T5805] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 186.617035][ T5807] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 186.661345][ T50] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 186.674900][ T50] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 186.705596][ T50] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 187.851609][ T5791] chnl_net:caif_netlink_parms(): no params data found [ 188.070260][ T5792] chnl_net:caif_netlink_parms(): no params data found [ 188.547453][ T5800] chnl_net:caif_netlink_parms(): no params data found [ 188.633993][ T50] Bluetooth: hci0: command tx timeout [ 188.639610][ T50] Bluetooth: hci3: command tx timeout [ 188.713892][ T5801] Bluetooth: hci2: command tx timeout [ 188.719736][ T5801] Bluetooth: hci1: command tx timeout [ 188.793971][ T50] Bluetooth: hci4: command tx timeout [ 188.897726][ T5796] chnl_net:caif_netlink_parms(): no params data found [ 188.922386][ T5791] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.930248][ T5791] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.938069][ T5791] bridge_slave_0: entered allmulticast mode [ 188.947820][ T5791] bridge_slave_0: entered promiscuous mode [ 188.987679][ T5791] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.997462][ T5791] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.005261][ T5791] bridge_slave_1: entered allmulticast mode [ 189.014946][ T5791] bridge_slave_1: entered promiscuous mode [ 189.109769][ T5806] chnl_net:caif_netlink_parms(): no params data found [ 189.254606][ T5791] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 189.320437][ T5791] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 189.598910][ T5791] team0: Port device team_slave_0 added [ 189.609421][ T5792] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.618089][ T5792] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.625880][ T5792] bridge_slave_0: entered allmulticast mode [ 189.635656][ T5792] bridge_slave_0: entered promiscuous mode [ 189.705770][ T5791] team0: Port device team_slave_1 added [ 189.724088][ T5792] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.731633][ T5792] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.741119][ T5792] bridge_slave_1: entered allmulticast mode [ 189.750646][ T5792] bridge_slave_1: entered promiscuous mode [ 189.805338][ T5800] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.812886][ T5800] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.820662][ T5800] bridge_slave_0: entered allmulticast mode [ 189.830243][ T5800] bridge_slave_0: entered promiscuous mode [ 189.986696][ T5800] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.995293][ T5800] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.002892][ T5800] bridge_slave_1: entered allmulticast mode [ 190.012746][ T5800] bridge_slave_1: entered promiscuous mode [ 190.068828][ T5792] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 190.083477][ T5791] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 190.090897][ T5791] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 190.118760][ T5791] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 190.293086][ T5796] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.301439][ T5796] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.309159][ T5796] bridge_slave_0: entered allmulticast mode [ 190.319657][ T5796] bridge_slave_0: entered promiscuous mode [ 190.339112][ T5792] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 190.348985][ T5796] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.358689][ T5796] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.366310][ T5796] bridge_slave_1: entered allmulticast mode [ 190.376073][ T5796] bridge_slave_1: entered promiscuous mode [ 190.387904][ T5791] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 190.395125][ T5791] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 190.421819][ T5791] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 190.462971][ T5806] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.470751][ T5806] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.478760][ T5806] bridge_slave_0: entered allmulticast mode [ 190.487865][ T5806] bridge_slave_0: entered promiscuous mode [ 190.509083][ T5800] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 190.598838][ T5806] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.607190][ T5806] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.614972][ T5806] bridge_slave_1: entered allmulticast mode [ 190.623465][ T5806] bridge_slave_1: entered promiscuous mode [ 190.646468][ T5800] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 190.714540][ T50] Bluetooth: hci3: command tx timeout [ 190.716664][ T5801] Bluetooth: hci0: command tx timeout [ 190.767346][ T5796] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 190.804138][ T5801] Bluetooth: hci2: command tx timeout [ 190.807427][ T50] Bluetooth: hci1: command tx timeout [ 190.853234][ T5792] team0: Port device team_slave_0 added [ 190.872362][ T5806] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 190.882487][ T50] Bluetooth: hci4: command tx timeout [ 190.895405][ T5796] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 190.982818][ T5792] team0: Port device team_slave_1 added [ 190.999145][ T5806] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 191.117897][ T5800] team0: Port device team_slave_0 added [ 191.235326][ T5791] hsr_slave_0: entered promiscuous mode [ 191.245438][ T5791] hsr_slave_1: entered promiscuous mode [ 191.264163][ T5800] team0: Port device team_slave_1 added [ 191.309648][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 191.316991][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 191.343422][ T5792] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 191.362567][ T5796] team0: Port device team_slave_0 added [ 191.444564][ T5806] team0: Port device team_slave_0 added [ 191.454911][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 191.462035][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 191.489701][ T5792] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 191.508795][ T5796] team0: Port device team_slave_1 added [ 191.561871][ T5800] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 191.569097][ T5800] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 191.595452][ T5800] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 191.614766][ T5806] team0: Port device team_slave_1 added [ 191.710408][ T5800] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 191.717695][ T5800] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 191.744128][ T5800] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 191.789366][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 191.796612][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 191.822952][ T5796] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 191.838085][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 191.845369][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 191.871651][ T5796] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 192.004632][ T5806] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 192.011865][ T5806] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 192.038215][ T5806] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 192.167085][ T5806] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 192.175426][ T5806] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 192.201722][ T5806] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 192.246750][ T5792] hsr_slave_0: entered promiscuous mode [ 192.256882][ T5792] hsr_slave_1: entered promiscuous mode [ 192.264993][ T5792] debugfs: 'hsr0' already exists in 'hsr' [ 192.270855][ T5792] Cannot create hsr debugfs directory [ 192.467559][ T5796] hsr_slave_0: entered promiscuous mode [ 192.477550][ T5796] hsr_slave_1: entered promiscuous mode [ 192.486253][ T5796] debugfs: 'hsr0' already exists in 'hsr' [ 192.492116][ T5796] Cannot create hsr debugfs directory [ 192.517287][ T5800] hsr_slave_0: entered promiscuous mode [ 192.527367][ T5800] hsr_slave_1: entered promiscuous mode [ 192.535790][ T5800] debugfs: 'hsr0' already exists in 'hsr' [ 192.541629][ T5800] Cannot create hsr debugfs directory [ 192.814119][ T50] Bluetooth: hci3: command tx timeout [ 192.814846][ T5801] Bluetooth: hci0: command tx timeout [ 192.839884][ T5806] hsr_slave_0: entered promiscuous mode [ 192.848631][ T5806] hsr_slave_1: entered promiscuous mode [ 192.856856][ T5806] debugfs: 'hsr0' already exists in 'hsr' [ 192.862703][ T5806] Cannot create hsr debugfs directory [ 192.873832][ T5801] Bluetooth: hci1: command tx timeout [ 192.879469][ T5801] Bluetooth: hci2: command tx timeout [ 192.953935][ T50] Bluetooth: hci4: command tx timeout [ 193.890382][ T5791] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 193.975671][ T5791] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 194.026223][ T5791] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 194.072344][ T5791] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 194.140492][ T5796] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 194.170789][ T5796] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 194.222045][ T5796] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 194.243073][ T5796] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 194.387341][ T5792] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 194.419423][ T5792] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 194.442893][ T5792] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 194.501543][ T5792] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 194.578587][ T5806] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 194.645120][ T5806] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 194.754113][ T5806] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 194.787022][ T5806] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 194.886107][ T5800] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 194.900032][ T50] Bluetooth: hci3: command tx timeout [ 194.905960][ T50] Bluetooth: hci0: command tx timeout [ 194.948376][ T5800] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 194.958918][ T5801] Bluetooth: hci2: command tx timeout [ 194.965052][ T50] Bluetooth: hci1: command tx timeout [ 194.999056][ T5800] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 195.033958][ T5801] Bluetooth: hci4: command tx timeout [ 195.056615][ T5800] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 195.631578][ T5791] 8021q: adding VLAN 0 to HW filter on device bond0 [ 195.863233][ T5796] 8021q: adding VLAN 0 to HW filter on device bond0 [ 195.954424][ T5791] 8021q: adding VLAN 0 to HW filter on device team0 [ 195.975416][ T5792] 8021q: adding VLAN 0 to HW filter on device bond0 [ 196.030389][ T3702] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.038156][ T3702] bridge0: port 1(bridge_slave_0) entered forwarding state [ 196.125544][ T5796] 8021q: adding VLAN 0 to HW filter on device team0 [ 196.171968][ T3702] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.179541][ T3702] bridge0: port 2(bridge_slave_1) entered forwarding state [ 196.222344][ T5806] 8021q: adding VLAN 0 to HW filter on device bond0 [ 196.271715][ T3702] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.279296][ T3702] bridge0: port 1(bridge_slave_0) entered forwarding state [ 196.338997][ T5792] 8021q: adding VLAN 0 to HW filter on device team0 [ 196.369255][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.376845][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 196.478443][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.485995][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 196.515121][ T5806] 8021q: adding VLAN 0 to HW filter on device team0 [ 196.607241][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.614795][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 196.640854][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.648492][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 196.697516][ T5800] 8021q: adding VLAN 0 to HW filter on device bond0 [ 196.750526][ T3702] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.758265][ T3702] bridge0: port 2(bridge_slave_1) entered forwarding state [ 196.961813][ T5800] 8021q: adding VLAN 0 to HW filter on device team0 [ 197.165603][ T3702] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.173499][ T3702] bridge0: port 1(bridge_slave_0) entered forwarding state [ 197.267497][ T3702] bridge0: port 2(bridge_slave_1) entered blocking state [ 197.275097][ T3702] bridge0: port 2(bridge_slave_1) entered forwarding state [ 198.482633][ T5791] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 198.949987][ T5791] veth0_vlan: entered promiscuous mode [ 199.076844][ T5796] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 199.104286][ T5806] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 199.150218][ T5792] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 199.167052][ T5791] veth1_vlan: entered promiscuous mode [ 199.417091][ T5800] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 199.538404][ T5791] veth0_macvtap: entered promiscuous mode [ 199.631297][ T5791] veth1_macvtap: entered promiscuous mode [ 199.666580][ T5806] veth0_vlan: entered promiscuous mode [ 199.806637][ T5806] veth1_vlan: entered promiscuous mode [ 199.828472][ T5796] veth0_vlan: entered promiscuous mode [ 199.843289][ T5791] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 199.958453][ T5791] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 200.076277][ T5026] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 200.138807][ T5796] veth1_vlan: entered promiscuous mode [ 200.158169][ T5026] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 200.183286][ T5800] veth0_vlan: entered promiscuous mode [ 200.208567][ T5026] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 200.272991][ T5026] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 200.326299][ T5800] veth1_vlan: entered promiscuous mode [ 200.353683][ T5806] veth0_macvtap: entered promiscuous mode [ 200.511915][ T5796] veth0_macvtap: entered promiscuous mode [ 200.529625][ T5806] veth1_macvtap: entered promiscuous mode [ 200.590046][ T5796] veth1_macvtap: entered promiscuous mode [ 200.617469][ T5800] veth0_macvtap: entered promiscuous mode [ 200.692785][ T5800] veth1_macvtap: entered promiscuous mode [ 200.721058][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 200.817824][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 200.878715][ T5806] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 200.935060][ T5806] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 200.948287][ T5800] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 201.014115][ T5026] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 201.044347][ T5026] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 201.089551][ T5800] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 201.097496][ T5026] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 201.165898][ T5026] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 201.239736][ T5026] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 201.276548][ T5026] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 201.312696][ T5026] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 201.381079][ T5026] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 201.464163][ T5026] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 201.473181][ T5026] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 201.568031][ T5026] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 201.604297][ T5026] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 201.810148][ T5792] veth0_vlan: entered promiscuous mode [ 201.911003][ T5792] veth1_vlan: entered promiscuous mode [ 202.217806][ T5792] veth0_macvtap: entered promiscuous mode [ 202.282349][ T5792] veth1_macvtap: entered promiscuous mode [ 202.481305][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 202.592603][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 202.678071][ T3588] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 202.742873][ T3588] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 202.802846][ T3588] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 202.856868][ T3588] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 206.328189][ T4336] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 206.337442][ T4336] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 206.543229][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 206.551668][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 207.053129][ T5791] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 207.132672][ T3588] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 207.141066][ T3588] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 207.166314][ T3702] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 207.174435][ T3702] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 207.402921][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 207.411380][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 207.427384][ T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 207.437868][ T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 207.748913][ T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 207.759015][ T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 208.038115][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 208.046581][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 208.137087][ T5980] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.147005][ T5980] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.953991][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 208.962022][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 209.282461][ T3588] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 209.290854][ T3588] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 211.290913][ T6017] loop8: detected capacity change from 0 to 8 [ 211.324917][ T6017] Dev loop8: unable to read RDB block 8 [ 211.330965][ T6017] loop8: unable to read partition table [ 211.359776][ T6017] loop8: partition table beyond EOD, truncated [ 211.367068][ T6017] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 211.888370][ T6022] netlink: 830 bytes leftover after parsing attributes in process `syz.1.13'. [ 211.898105][ T6022] bond_slave_0: entered promiscuous mode [ 211.904198][ T6022] bond_slave_1: entered promiscuous mode [ 212.795079][ T42] usb 4-1: new low-speed USB device number 2 using dummy_hcd [ 213.003846][ T2233] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 213.046412][ T42] usb 4-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 213.057891][ T42] usb 4-1: config 0 interface 0 has no altsetting 0 [ 213.064868][ T42] usb 4-1: New USB device found, idVendor=05ac, idProduct=0273, bcdDevice= 0.00 [ 213.074339][ T42] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 213.149966][ T42] usb 4-1: config 0 descriptor?? [ 213.205280][ T42] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input5 [ 213.244120][ T2233] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 213.255539][ T2233] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 213.265825][ T2233] usb 1-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 213.275177][ T2233] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 213.314452][ T2233] usb 1-1: config 0 descriptor?? [ 213.487019][ T5133] bcm5974 4-1:0.0: could not read from device [ 213.512529][ T5133] bcm5974 4-1:0.0: could not read from device [ 213.570963][ T42] usb 4-1: USB disconnect, device number 2 [ 213.777669][ T2233] cp2112 0003:10C4:EA90.0001: item fetching failed at offset 5/7 [ 213.802957][ T2233] cp2112 0003:10C4:EA90.0001: parse failed [ 213.809814][ T2233] cp2112 0003:10C4:EA90.0001: probe with driver cp2112 failed with error -22 [ 214.951322][ T6044] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 216.031131][ T42] usb 1-1: USB disconnect, device number 2 [ 216.326049][ T6057] netlink: 830 bytes leftover after parsing attributes in process `syz.3.26'. [ 216.336264][ T6057] bond_slave_0: entered promiscuous mode [ 216.342243][ T6057] bond_slave_1: entered promiscuous mode [ 216.581922][ T6061] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 218.214409][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 218.669842][ T6090] CUSE: zero length info key specified [ 220.783848][ T42] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 220.993832][ T42] usb 4-1: device descriptor read/64, error -71 [ 221.314066][ T42] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 221.474391][ T42] usb 4-1: device descriptor read/64, error -71 [ 221.594020][ T42] usb usb4-port1: attempt power cycle [ 221.957418][ T42] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 222.002124][ T42] usb 4-1: device descriptor read/8, error -71 [ 222.256726][ T42] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 222.296868][ T42] usb 4-1: device descriptor read/8, error -71 [ 222.406220][ T42] usb usb4-port1: unable to enumerate USB device [ 223.898220][ T6132] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 225.464675][ T6146] Bluetooth: MGMT ver 1.23 [ 225.469329][ T6146] Bluetooth: hci0: invalid length 0, exp 2 for type 11 [ 226.559432][ T6155] loop8: detected capacity change from 0 to 8 [ 226.635184][ T6155] Dev loop8: unable to read RDB block 8 [ 226.641205][ T6155] loop8: unable to read partition table [ 226.696102][ T6155] loop8: partition table beyond EOD, truncated [ 226.702706][ T6155] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 226.963816][ T5421] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 227.163848][ T5421] usb 3-1: device descriptor read/64, error -71 [ 227.444615][ T5421] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 227.598159][ T5421] usb 3-1: device descriptor read/64, error -71 [ 227.725636][ T5421] usb usb3-port1: attempt power cycle [ 228.064456][ T30] audit: type=1326 audit(1760403880.928:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6169 comm="" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd539 code=0x7ffc0000 [ 228.095438][ T5421] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 228.150498][ T5421] usb 3-1: device descriptor read/8, error -71 [ 228.173965][ T30] audit: type=1326 audit(1760403880.958:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6169 comm="" exe="/root/syz-executor" sig=0 arch=40000003 syscall=366 compat=1 ip=0xf70dd539 code=0x7ffc0000 [ 228.199797][ T30] audit: type=1326 audit(1760403880.968:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6169 comm="" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd539 code=0x7ffc0000 [ 228.424082][ T5421] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 228.476864][ T5421] usb 3-1: device descriptor read/8, error -71 [ 228.530016][ T6172] Bluetooth: hci0: invalid length 0, exp 2 for type 11 [ 228.594391][ T5421] usb usb3-port1: unable to enumerate USB device [ 229.187187][ T6178] bridge0: port 3(macsec1) entered blocking state [ 229.194463][ T6178] bridge0: port 3(macsec1) entered disabled state [ 229.201641][ T6178] macsec1: entered allmulticast mode [ 229.211436][ T6178] bridge0: entered allmulticast mode [ 229.338734][ T6178] macsec1: left allmulticast mode [ 229.344284][ T6178] bridge0: left allmulticast mode [ 229.485818][ T6185] netlink: 260 bytes leftover after parsing attributes in process `syz.4.78'. [ 229.495235][ T6185] netlink: 260 bytes leftover after parsing attributes in process `syz.4.78'. [ 229.716426][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 229.725550][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 230.013263][ T6187] loop8: detected capacity change from 0 to 8 [ 230.075179][ T6187] Dev loop8: unable to read RDB block 8 [ 230.081055][ T6187] loop8: unable to read partition table [ 230.104670][ T6187] loop8: partition table beyond EOD, truncated [ 230.111247][ T6187] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 231.447114][ T6206] Bluetooth: hci0: invalid length 0, exp 2 for type 11 [ 231.527017][ T6211] ufs: You didn't specify the type of your ufs filesystem [ 231.527017][ T6211] [ 231.527017][ T6211] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ... [ 231.527017][ T6211] [ 231.527017][ T6211] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old [ 231.558242][ T6211] ufs: ufstype=old is supported read-only [ 233.003410][ T42] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 233.217643][ T42] usb 1-1: device descriptor read/64, error -71 [ 233.521793][ T42] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 233.683985][ T42] usb 1-1: device descriptor read/64, error -71 [ 233.797689][ T42] usb usb1-port1: attempt power cycle [ 233.847414][ T6225] input: syz0 as /devices/virtual/input/input6 [ 233.904573][ T6227] netlink: 260 bytes leftover after parsing attributes in process `syz.1.93'. [ 233.914246][ T6227] netlink: 260 bytes leftover after parsing attributes in process `syz.1.93'. [ 234.209780][ T42] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 234.244405][ T42] usb 1-1: device descriptor read/8, error -71 [ 234.523929][ T42] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 234.605208][ T42] usb 1-1: device descriptor read/8, error -71 [ 234.733945][ T42] usb usb1-port1: unable to enumerate USB device [ 235.415226][ T6242] Bluetooth: hci0: invalid length 0, exp 2 for type 0 [ 236.193832][ T42] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 236.410109][ T42] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 236.420672][ T42] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 236.544156][ T42] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 236.553438][ T42] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 236.561807][ T42] usb 2-1: SerialNumber: syz [ 236.744614][ T6259] netlink: 260 bytes leftover after parsing attributes in process `syz.0.106'. [ 236.754085][ T6259] netlink: 260 bytes leftover after parsing attributes in process `syz.0.106'. [ 236.865044][ T42] usb 2-1: 0:2 : does not exist [ 236.870304][ T42] usb 2-1: unit 255 not found! [ 236.977997][ T42] usb 2-1: USB disconnect, device number 2 [ 237.244181][ T6035] udevd[6035]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 238.054240][ T6273] Bluetooth: hci0: invalid length 0, exp 2 for type 0 [ 238.735400][ T5421] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 238.950766][ T5421] usb 4-1: Using ep0 maxpacket: 32 [ 238.976450][ T5421] usb 4-1: no configurations [ 238.981275][ T5421] usb 4-1: can't read configurations, error -22 [ 239.164065][ T5421] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 239.355310][ T42] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 239.368726][ T5421] usb 4-1: Using ep0 maxpacket: 32 [ 239.380777][ T6290] netlink: 260 bytes leftover after parsing attributes in process `syz.2.118'. [ 239.380901][ T5421] usb 4-1: no configurations [ 239.390203][ T6290] netlink: 260 bytes leftover after parsing attributes in process `syz.2.118'. [ 239.394954][ T5421] usb 4-1: can't read configurations, error -22 [ 239.480691][ T5421] usb usb4-port1: attempt power cycle [ 239.533105][ T42] usb 2-1: Using ep0 maxpacket: 32 [ 239.556327][ T42] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 239.565941][ T42] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 239.620434][ T42] usb 2-1: config 0 descriptor?? [ 239.798554][ T6294] netlink: 72 bytes leftover after parsing attributes in process `syz.4.120'. [ 239.854288][ T42] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 239.884188][ T5421] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 239.893206][ T42] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 239.969194][ T42] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 239.976722][ T42] usb 2-1: media controller created [ 240.015834][ T5421] usb 4-1: Using ep0 maxpacket: 32 [ 240.024340][ T5421] usb 4-1: no configurations [ 240.029230][ T5421] usb 4-1: can't read configurations, error -22 [ 240.076321][ T42] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 240.091421][ T6286] ===================================================== [ 240.098914][ T6286] BUG: KMSAN: uninit-value in __i2c_smbus_xfer+0x23e7/0x2f60 [ 240.106608][ T6286] __i2c_smbus_xfer+0x23e7/0x2f60 [ 240.111839][ T6286] i2c_smbus_xfer+0x31d/0x4d0 [ 240.116944][ T6286] i2cdev_ioctl_smbus+0x4a1/0x660 [ 240.122130][ T6286] compat_i2cdev_ioctl+0x48f/0xb40 [ 240.127902][ T6286] __ia32_compat_sys_ioctl+0x7f9/0x1270 [ 240.133800][ T6286] ia32_sys_call+0x2d5f/0x4310 [ 240.138772][ T6286] __do_fast_syscall_32+0xb0/0x150 [ 240.144297][ T6286] do_fast_syscall_32+0x38/0x80 [ 240.149360][ T6286] do_SYSENTER_32+0x1f/0x30 [ 240.154356][ T6286] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 240.160910][ T6286] [ 240.169028][ T6286] Local variable msgbuf1.i created at: [ 240.176313][ T6286] __i2c_smbus_xfer+0x86a/0x2f60 [ 240.181437][ T6286] i2c_smbus_xfer+0x31d/0x4d0 [ 240.186510][ T6286] [ 240.188969][ T6286] CPU: 1 UID: 0 PID: 6286 Comm: syz.1.116 Not tainted syzkaller #0 PREEMPT(none) [ 240.198491][ T6286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 240.208791][ T6286] ===================================================== [ 240.216370][ T6286] Disabling lock debugging due to kernel taint [ 240.222633][ T6286] Kernel panic - not syncing: kmsan.panic set ... [ 240.229184][ T6286] CPU: 1 UID: 0 PID: 6286 Comm: syz.1.116 Tainted: G B syzkaller #0 PREEMPT(none) [ 240.240224][ T6286] Tainted: [B]=BAD_PAGE [ 240.244466][ T6286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 240.254742][ T6286] Call Trace: [ 240.258126][ T6286] [ 240.261200][ T6286] __dump_stack+0x26/0x30 [ 240.265776][ T6286] dump_stack_lvl+0x53/0x270 [ 240.270556][ T6286] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 240.276539][ T6286] dump_stack+0x1e/0x25 [ 240.280864][ T6286] vpanic+0x435/0xd30 [ 240.285139][ T6286] panic+0x15d/0x160 [ 240.289348][ T6286] kmsan_report+0x31c/0x320 [ 240.294032][ T6286] ? __msan_warning+0x1b/0x30 [ 240.298874][ T6286] ? __i2c_smbus_xfer+0x23e7/0x2f60 [ 240.304280][ T6286] ? i2c_smbus_xfer+0x31d/0x4d0 [ 240.309298][ T6286] ? i2cdev_ioctl_smbus+0x4a1/0x660 [ 240.314643][ T6286] ? compat_i2cdev_ioctl+0x48f/0xb40 [ 240.320159][ T6286] ? __ia32_compat_sys_ioctl+0x7f9/0x1270 [ 240.326066][ T6286] ? ia32_sys_call+0x2d5f/0x4310 [ 240.331187][ T6286] ? __do_fast_syscall_32+0xb0/0x150 [ 240.336682][ T6286] ? do_fast_syscall_32+0x38/0x80 [ 240.341878][ T6286] ? do_SYSENTER_32+0x1f/0x30 [ 240.346749][ T6286] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 240.353413][ T6286] ? az6027_i2c_xfer+0x2bdf/0x2c40 [ 240.358737][ T6286] ? kmsan_get_metadata+0xfb/0x160 [ 240.364026][ T6286] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 240.370545][ T6286] ? kmsan_get_metadata+0xfb/0x160 [ 240.375834][ T6286] ? kmsan_get_metadata+0xfb/0x160 [ 240.381120][ T6286] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 240.387122][ T6286] ? i2c_smbus_msg_pec+0x678/0x6c0 [ 240.392425][ T6286] __msan_warning+0x1b/0x30 [ 240.397103][ T6286] __i2c_smbus_xfer+0x23e7/0x2f60 [ 240.402305][ T6286] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 240.408606][ T6286] ? rt_mutex_lock+0x3e/0x70 [ 240.413317][ T6286] ? __pfx_i2c_adapter_lock_bus+0x10/0x10 [ 240.419179][ T6286] i2c_smbus_xfer+0x31d/0x4d0 [ 240.424025][ T6286] i2cdev_ioctl_smbus+0x4a1/0x660 [ 240.429207][ T6286] compat_i2cdev_ioctl+0x48f/0xb40 [ 240.434525][ T6286] ? __pfx_compat_i2cdev_ioctl+0x10/0x10 [ 240.440362][ T6286] __ia32_compat_sys_ioctl+0x7f9/0x1270 [ 240.446097][ T6286] ? kmsan_get_metadata+0xfb/0x160 [ 240.451362][ T6286] ? kmsan_get_metadata+0xfb/0x160 [ 240.456644][ T6286] ia32_sys_call+0x2d5f/0x4310 [ 240.461603][ T6286] __do_fast_syscall_32+0xb0/0x150 [ 240.466930][ T6286] do_fast_syscall_32+0x38/0x80 [ 240.471977][ T6286] do_SYSENTER_32+0x1f/0x30 [ 240.476696][ T6286] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 240.483175][ T6286] RIP: 0023:0xf705d539 [ 240.487356][ T6286] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 240.507214][ T6286] RSP: 002b:00000000f544d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 240.515757][ T6286] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000720 [ 240.523817][ T6286] RDX: 0000000080000080 RSI: 0000000000000000 RDI: 0000000000000000 [ 240.531881][ T6286] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 240.539959][ T6286] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 240.548011][ T6286] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 240.556101][ T6286] [ 240.559361][ T6286] Kernel Offset: disabled [ 240.563735][ T6286] Rebooting in 86400 seconds..