last executing test programs: 3m29.565186746s ago: executing program 4 (id=425): r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_int(r0, 0x29, 0x46, 0x0, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r1, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) bpf$MAP_CREATE(0x0, 0x0, 0x50) quotactl$Q_GETNEXTQUOTA(0xffffffff80000901, &(0x7f00000080c0)=@loop={'/dev/loop', 0x0}, 0x0, 0x0) listen(r1, 0x90004) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e130100c90001"], 0x16) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ppoll(&(0x7f00000000c0)=[{0xffffffffffffffff, 0x80}, {r1, 0x90}, {0xffffffffffffffff, 0x500}, {}, {r1, 0x60}], 0x5, &(0x7f0000000140)={0x77359400}, &(0x7f0000000180)={[0xd]}, 0x8) 3m27.901273575s ago: executing program 4 (id=431): r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$SIOCX25GCALLUSERDATA(r0, 0x89e4, &(0x7f00000000c0)={0x40, "c3582fc4ade71139d901a4195333460e523a8a743181b17e9e0d8598d9aee120ef963fecda8b546bd15ec4e7e0611fbe11ea2a9da24f82e48bf1cbafd9c18bd096d21184c1e8bcaa9401e0531e26451aab6d401e150982fc92e52c16801387180455159641307de4ae0fb538bfabf6d47141c2a3f09a41de452677f19428e956"}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$PPPIOCSMRU(r2, 0x40047452, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x3e, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r3 = getpid() poll(0x0, 0x0, 0xa) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x6) socket(0x10, 0x3, 0x9) socket$nl_netfilter(0x10, 0x3, 0xc) r6 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x80800) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r6, 0xc05064a7, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000002c0)=[0x0], &(0x7f0000000340), 0x0, 0x1, 0x0, 0x0, r7}) ioctl$DRM_IOCTL_MODE_SETPROPERTY(r6, 0xc01064ab, &(0x7f0000000380)={0x1, r8, r7}) r9 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='setgroups\x00') r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000210000000000000000000000000a6c000000160a3f360000000000000000020000000900010073797a30000000004000038008000240000000002c0003801400010076657468305f746f5f626f6e64000000140001007665746830000000000000000000000008000140000000000900020073797a300000000014000000110001"], 0x94}}, 0x8000) sendmsg$NFT_MSG_GETFLOWTABLE(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000b80)=ANY=[@ANYBLOB="20000000170a0103"], 0x20}, 0x1, 0x0, 0x0, 0x20000005}, 0x4000000) close_range(r9, 0xffffffffffffffff, 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x7c, 0x0, 0x4, 0x70bd2c, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x2040}, @NL80211_ATTR_SCAN_FREQUENCIES={0xc, 0x2c, 0x0, 0x1, [{0x8, 0x0, 0x4}]}, @NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST={0x6, 0xf7, {0x0, 0xf7}}, @NL80211_ATTR_SCAN_FREQUENCIES={0x34, 0x2c, 0x0, 0x1, [{0x8, 0x0, 0x7}, {0x8, 0x0, 0x7}, {0x8, 0x0, 0x9}, {0x8, 0x0, 0xaf}, {0x8, 0x0, 0x9}, {0x8, 0x0, 0xff}]}, @NL80211_ATTR_SCHED_SCAN_INTERVAL={0x8, 0x77, 0x4}, @NL80211_ATTR_MAC={0xa}]}, 0x7c}, 0x1, 0x0, 0x0, 0x24000005}, 0x4000) 3m26.661188485s ago: executing program 4 (id=433): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_MAXSEG(r0, 0x84, 0xd, 0x0, 0xfffffffffffffffd) 3m26.388068992s ago: executing program 4 (id=434): syz_open_dev$tty1(0xc, 0x4, 0x3) r0 = syz_open_procfs(0x0, &(0x7f0000000200)='task\x00') lseek(r0, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet6_buf(r0, 0x29, 0x14, &(0x7f0000000440)=""/156, &(0x7f0000000180)=0x9c) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r1, 0x0) setpgid(0x0, r1) mount$9p_fd(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x10000, 0x0) r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) ioctl$AUTOFS_IOC_READY(r2, 0x9360, 0x800000000000001) 3m25.843734637s ago: executing program 4 (id=437): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/address_bits', 0x0, 0x0) lseek(r0, 0x1, 0x0) 3m21.713431167s ago: executing program 4 (id=452): r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_int(r0, 0x29, 0x46, 0x0, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r1, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) bpf$MAP_CREATE(0x0, 0x0, 0x50) quotactl$Q_GETNEXTQUOTA(0xffffffff80000901, &(0x7f00000080c0)=@loop={'/dev/loop', 0x0}, 0x0, 0x0) listen(r1, 0x90004) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e130100c90001"], 0x16) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ppoll(&(0x7f00000000c0)=[{0xffffffffffffffff, 0x80}, {0xffffffffffffffff, 0x5d}, {0xffffffffffffffff, 0x500}, {}, {r1, 0x60}], 0x5, &(0x7f0000000140)={0x77359400}, &(0x7f0000000180)={[0xd]}, 0x8) 3m20.893865102s ago: executing program 32 (id=452): r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_int(r0, 0x29, 0x46, 0x0, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r1, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) bpf$MAP_CREATE(0x0, 0x0, 0x50) quotactl$Q_GETNEXTQUOTA(0xffffffff80000901, &(0x7f00000080c0)=@loop={'/dev/loop', 0x0}, 0x0, 0x0) listen(r1, 0x90004) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e130100c90001"], 0x16) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ppoll(&(0x7f00000000c0)=[{0xffffffffffffffff, 0x80}, {0xffffffffffffffff, 0x5d}, {0xffffffffffffffff, 0x500}, {}, {r1, 0x60}], 0x5, &(0x7f0000000140)={0x77359400}, &(0x7f0000000180)={[0xd]}, 0x8) 2m42.100066078s ago: executing program 0 (id=553): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'syz_tun\x00'}) sendmsg$ETHTOOL_MSG_LINKINFO_SET(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)={0x14, r1, 0x603, 0x70bd25, 0x25dfdbfc}, 0x14}}, 0x10) 2m41.308886304s ago: executing program 0 (id=557): timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ppoll(&(0x7f0000000000)=[{r1, 0x130}], 0x1, 0x0, &(0x7f0000000100)={[0x80000003]}, 0x8) 2m39.387950067s ago: executing program 0 (id=563): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) write$binfmt_misc(r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r1, &(0x7f00000000c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) write$vga_arbiter(0xffffffffffffffff, &(0x7f0000000240)=@other={'trylock', ' ', 'mem'}, 0xc) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) ioctl$FBIOBLANK(0xffffffffffffffff, 0x4611, 0x3) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r3) sendmsg$NLBL_MGMT_C_ADDDEF(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000000400000014000500fc01000000000000000000000000080008000200050000000a0006"], 0x4c}, 0x1, 0x0, 0x0, 0x40800}, 0x0) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wpan0\x00', 0x0}) sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r3, &(0x7f00000004c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000480)={&(0x7f00000001c0)={0x2c, 0x0, 0x20, 0x70bd26, 0x25dfdbfc, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r5}, @IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0x2}, @IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xaaa2}]}, 0x2c}}, 0x20000804) r6 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r6) ptrace$setregs(0xd, r6, 0x9, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb") ptrace$cont(0x9, r6, 0x6, 0x1) ptrace$getregset(0x4204, r6, 0x1, &(0x7f0000000340)={&(0x7f0000000240)=""/204, 0xcc}) socket$kcm(0xa, 0x2, 0x3a) r7 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000001880)={'bond_slave_0\x00'}) sendmsg$nl_route_sched(r7, 0x0, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r8 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000300)="d8000000180081054e81f782db4cb904021d080406037c09e8fe55a10a0015400400142603600e122f00160006000400a8000600200003400700027c035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9a941", 0xd8}], 0x1, 0x0, 0x0, 0x4a0f0000}, 0xc000) r9 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=@newlink={0x20, 0x10, 0xff05, 0x0, 0x0, {0x0, 0x0, 0x4a00, 0x0, 0x157f}}, 0x20}}, 0x0) 2m35.175216354s ago: executing program 0 (id=576): r0 = socket$kcm(0x10, 0x2, 0x0) recvmsg(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001340)=[{&(0x7f0000002b00)=""/4074, 0xfea}, {&(0x7f0000000580)=""/87, 0x57}, {0x0}, {&(0x7f0000000180)=""/244, 0xf4}, {&(0x7f0000000c00)=""/131, 0x83}], 0x5}, 0x40000002) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b18, &(0x7f0000000000)={'wlan1\x00', @random="010000000700"}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000300)={0x54, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FRAME={0x2e, 0x33, @action={{{}, {}, @device_b}, @channel_switch={0x0, 0x4, {{0x25, 0x3, {0x1, 0xb7, 0x2}}, @val={0x3e, 0x1, 0x1}, @val={0x76, 0x6, {0x4, 0x3, 0x26, 0x9}}}}}}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x8, 0xcd, [0x5, 0x5]}]}, 0x54}}, 0x0) 2m33.182770881s ago: executing program 0 (id=582): r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_DECODER_CMD(r0, 0xc0485660, &(0x7f0000000140)={0x1, 0x1, @raw_data=[0x9, 0xfff, 0x1, 0x7, 0x31, 0x3, 0x10, 0x80000000, 0x80, 0x1, 0x12a, 0x0, 0x9, 0x2, 0x7, 0x4378]}) 2m32.991212497s ago: executing program 0 (id=584): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r2 = socket$inet6(0xa, 0x80003, 0x6) connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r2, &(0x7f0000000480), 0x2e9, 0x0) 2m17.858538143s ago: executing program 33 (id=584): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r2 = socket$inet6(0xa, 0x80003, 0x6) connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r2, &(0x7f0000000480), 0x2e9, 0x0) 10.448822372s ago: executing program 5 (id=938): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast6-avx\x00'}, 0x4e) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)}, {&(0x7f0000000440)="9472aef1629418da78f7", 0xa}], 0x2}], 0x1, 0x8001) recvmsg$qrtr(r2, 0x0, 0x0, 0x10020) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5) sched_setaffinity(0x0, 0xff43, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r3, 0x1, &(0x7f0000000040)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) r4 = timerfd_create(0x0, 0x0) read(r4, &(0x7f0000000080)=""/149, 0x95) 8.693531018s ago: executing program 1 (id=946): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000"], &(0x7f0000001b80)='syzkaller\x00', 0x5, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff9}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={&(0x7f0000000580)='io_uring_register\x00', r0, 0x0, 0x3}, 0x18) r1 = io_uring_setup(0x775, &(0x7f0000000340)={0x0, 0xa8c3, 0x1000, 0x3, 0xba}) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f0000000000)=[{0x0}], 0x1) 8.58390626s ago: executing program 2 (id=949): pipe(&(0x7f0000000500)) fsopen(&(0x7f0000000080)='autofs\x00', 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000b40)=ANY=[@ANYBLOB="0200000004000000"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r0}, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$PPPIOCSACTIVE(0xffffffffffffffff, 0x40107446, &(0x7f0000000080)={0x0, 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=@newqdisc={0xbc, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x12, 0x0, {0x0, 0xffe0}, {}, {0x0, 0x9}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x8c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x2, 0x0, 0xf, 0xff, 0x0, 0x2, 0xb, 0x3, 0x0, 0x0, 0x0, 0x0, 0xfd, 0x1], 0x1, [0x1, 0x0, 0x6, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000], [0x0, 0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x30, 0xc, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_CMD={0x5, 0x2, 0x49}, @TCA_TAPRIO_SCHED_ENTRY_CMD={0x5}, @TCA_TAPRIO_SCHED_ENTRY_CMD={0x5}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0x9}, @TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x8}]}]}]}}]}, 0xbc}, 0x1, 0x0, 0x0, 0x4040000}, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000340)={'bridge0\x00', 0x0}) r6 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r5, @ANYBLOB="00000000000000001c001a800800028004000500080000003e"], 0x44}}, 0x0) 8.525446495s ago: executing program 5 (id=950): r0 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r0, &(0x7f0000000080), 0x10) listen(r0, 0xfffffffe) r1 = open(0x0, 0x48062, 0x0) fcntl$setlease(r1, 0x400, 0x0) ioctl$BINDER_SET_MAX_THREADS(r1, 0x40046205, &(0x7f0000000040)=0xff) r2 = socket(0x2, 0x80805, 0x0) getsockopt$bt_hci(r2, 0x84, 0x85, 0x0, &(0x7f0000001040)) ioctl$PTP_EXTTS_REQUEST2(r1, 0x40103d0b, &(0x7f0000000000)={0x9}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000700), 0xffffffffffffffff) sendmsg$IEEE802154_ASSOCIATE_RESP(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, r4, 0x1, 0x70bd2b, 0x25dfdbfe, {}, [@IEEE802154_ATTR_STATUS={0x5, 0x3, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004010}, 0x4000014) r5 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r6, 0x6, 0x1e, &(0x7f0000000180)=0x400000001, 0xc2) setsockopt$inet6_tcp_int(r6, 0x6, 0x2000000000000022, &(0x7f0000000140)=0x1, 0x4) connect$inet6(r6, &(0x7f0000000240)={0xa, 0x4e23, 0xa4e4, @remote, 0x3}, 0x1c) ioctl$FS_IOC_GETFSUUID(r2, 0x80111500, &(0x7f0000000200)) sendmmsg(r6, &(0x7f0000001000)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4010) io_setup(0x30, 0x0) r7 = openat$qrtrtun(0xffffffffffffff9c, 0x0, 0x101002) io_submit(0x0, 0x1, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, r7, 0x0}]) 8.392161963s ago: executing program 1 (id=951): r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCDELRT(r0, 0x890c, &(0x7f00000000c0)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x6, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bpq0, 0x1, [@bcast, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default]}) 6.961473224s ago: executing program 2 (id=952): syz_open_dev$dri(&(0x7f00000000c0), 0xfffffffffffffffd, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f00000001c0), 0x101000, 0x0) ioctl$SNDCTL_DSP_GETBLKSIZE(r0, 0xc0045004, &(0x7f0000000240)) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0x0, 0x1000, 0x3}, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) landlock_create_ruleset(&(0x7f00000000c0)={0x501b, 0x2, 0x1}, 0x18, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f0000000300)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x80}) io_uring_enter(r3, 0x3516, 0xf3f, 0x0, 0x0, 0xfffffdcf) 6.785444174s ago: executing program 1 (id=953): r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newtaction={0x70, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x5c, 0x1, [@m_sample={0x58, 0x1, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8}, @TCA_SAMPLE_RATE={0x8, 0x3, 0x526}, @TCA_SAMPLE_PARMS={0x18}]}, {0x4}, {0xc}, {0xc, 0x4}}}]}]}, 0x70}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000004500)=@newtaction={0x48, 0x31, 0x53b, 0x0, 0x0, {0x9}, [{0x34, 0x1, [@m_sample={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc, 0x4}}}]}]}, 0x48}}, 0x0) 6.738287912s ago: executing program 3 (id=954): socket$inet6_udp(0xa, 0x2, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) shmctl$SHM_UNLOCK(0x0, 0xc) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) ioctl$PTP_PIN_GETFUNC2(0xffffffffffffffff, 0xc0603d0f, &(0x7f0000000400)={'\x00', 0x55b, 0x3, 0x400}) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x8, @remote}, 0x9) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0xff56, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0x400c044}, 0x5a7779894798f085) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000500)={{{@in=@loopback, @in6=@remote, 0x4e20, 0x8, 0x4e23, 0x6, 0x2, 0x0, 0x80, 0x2b}, {0x6, 0x10001, 0x8, 0xd5, 0x3b, 0x9, 0x8, 0x2}, {0x5, 0x1000008, 0x3, 0x1ff}, 0x4, 0x0, 0x2, 0x0, 0x2, 0x25f5fb577be13f14}, {{@in=@remote, 0x4d3, 0x33}, 0x2, @in=@empty, 0x3504, 0x3, 0x3, 0x2, 0x903, 0xace0, 0x28}}, 0xe8) setsockopt$inet_tcp_int(r2, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10) connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f00000001c0), 0xc7) sendto$inet(r2, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2002, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000000000000014d564b0000000001"]) ioctl$KVM_KVMCLOCK_CTRL(r5, 0xaead) 6.592190083s ago: executing program 5 (id=956): syz_usb_connect(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="1201100153a48e08f00a71729188010203010902240001060000000904000002ffffff0009050b0000000000000905ec"], 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x7f}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffeda}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1b000000000008140005000000000000000000006bfbad785eee3ca8b4978cca83522b7fbfb608a8eea0ff", @ANYRES32=0x1, @ANYBLOB='<}\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="05000000050000000400"/28], 0x50) r6 = syz_open_procfs(r2, &(0x7f00000003c0)='statm\x00') ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r6, 0xc08c5332, &(0x7f00000004c0)={0xc1, 0x7, 0x0, 'queue0\x00', 0x2}) read$FUSE(r6, &(0x7f0000004180)={0x2020}, 0x2020) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f00000001c0)='ext4_allocate_inode\x00'}, 0x18) socket(0x10, 0x80002, 0x0) r7 = socket(0xa, 0x3, 0xff) setsockopt$inet6_int(r7, 0x29, 0x4a, &(0x7f0000000000)=0x9, 0x4) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x20, r8, 0x9c3fa077fa966179, 0xfffffffd, 0x0, {{0x7e}, {@void, @val={0xc, 0x99, {0x916d, 0x15}}}}}, 0x20}}, 0x4000054) creat(&(0x7f0000000340)='./file0\x00', 0x14) syz_pidfd_open(0x0, 0x0) getsockopt$IP_VS_SO_GET_SERVICES(r0, 0x0, 0x482, &(0x7f0000001640)=""/139, 0x0) 5.888140219s ago: executing program 1 (id=957): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000740)={'team0\x00', 0x0}) r3 = syz_genetlink_get_family_id$team(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TEAM_CMD_OPTIONS_SET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)={0x20, r3, 0x809, 0x70bd29, 0x3, {}, [{{0x8, 0x1, r2}, {0x4}}]}, 0x20}, 0x1, 0x0, 0x0, 0x4040}, 0x4004000) 5.797485133s ago: executing program 6 (id=958): bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="0a00000004000000dd0000000a00000000000000", @ANYRES32], 0x50) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000880)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000780)="08b5a71534e47c5cde7582fa3b023d4b8c6b93b4e81cd3347471666373cd1c78989c6c8311de5fdc28fca2420c2ab26daac232c722df9f83ffe2c4c359dcb0a687832cd6c0658097a993f613be2698a85660a9e682c4", 0x56}], 0x1, 0x0, 0x0, 0x4008000}], 0x1, 0x40800) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00'}) sendmsg$NL80211_CMD_FRAME(r0, 0x0, 0x0) 5.765409895s ago: executing program 3 (id=959): r0 = syz_io_uring_setup(0x3b, &(0x7f0000000200)={0x0, 0x86, 0x10100, 0x3, 0x30c}, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000600)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000019c0)=[{0x0}], 0x1}, 0x0, 0x80002101}) io_uring_enter(r0, 0xd81, 0x0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f0000000280), r3) sendmsg$SEG6_CMD_GET_TUNSRC(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)=ANY=[], 0x60}, 0x1, 0x0, 0x0, 0x40}, 0x20008005) 5.639977099s ago: executing program 1 (id=960): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast6-avx\x00'}, 0x4e) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)}, {&(0x7f0000000440)="9472aef1629418da78f7", 0xa}], 0x2}], 0x1, 0x8001) recvmsg$qrtr(r2, 0x0, 0x0, 0x10020) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5) sched_setaffinity(0x0, 0xff43, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r3, 0x1, &(0x7f0000000040)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) r4 = timerfd_create(0x0, 0x0) read(r4, &(0x7f0000000080)=""/149, 0x95) 5.239659681s ago: executing program 6 (id=961): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000100), 0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00') r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00') bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e) ioctl$SIOCRSGL2CALL(r2, 0x89e5, &(0x7f0000000300)) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r6, 0x29, 0x8, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000140)='uid_map\x00') r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, 0x0, 0x0) sendmsg$NFT_BATCH(r7, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={0x0}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) fanotify_mark(0xffffffffffffffff, 0x1, 0x40001019, 0xffffffffffffffff, 0x0) sendmsg$FOU_CMD_ADD(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x1c, r1, 0xd1bd17c4b9ef5e5b, 0x70bd26, 0x25dfdbff, {}, [@FOU_ATTR_TYPE={0x5, 0x4, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x200040d0) sendmsg$FOU_CMD_ADD(r0, 0x0, 0x4000000) 4.101072141s ago: executing program 6 (id=962): pipe(&(0x7f0000000500)) fsopen(&(0x7f0000000080)='autofs\x00', 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000b40)=ANY=[@ANYBLOB="0200000004000000"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r0}, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$PPPIOCSACTIVE(0xffffffffffffffff, 0x40107446, &(0x7f0000000080)={0x0, 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=@newqdisc={0xbc, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x12, 0x0, {0x0, 0xffe0}, {}, {0x0, 0x9}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x8c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x2, 0x0, 0xf, 0xff, 0x0, 0x2, 0xb, 0x3, 0x0, 0x0, 0x0, 0x0, 0xfd, 0x1], 0x1, [0x1, 0x0, 0x6, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000], [0x0, 0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x30, 0xc, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_CMD={0x5, 0x2, 0x49}, @TCA_TAPRIO_SCHED_ENTRY_CMD={0x5}, @TCA_TAPRIO_SCHED_ENTRY_CMD={0x5}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0x9}, @TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x8}]}]}]}}]}, 0xbc}, 0x1, 0x0, 0x0, 0x4040000}, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000340)={'bridge0\x00', 0x0}) r6 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r5, @ANYBLOB="00000000000000001c001a800800028004000500080000003e"], 0x44}}, 0x0) 3.983176337s ago: executing program 3 (id=963): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@usrquota}]}) quotactl$Q_SYNC(0xffffffff80000100, 0x0, 0x0, 0x0) 2.480715593s ago: executing program 6 (id=964): mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) open$dir(&(0x7f0000000100)='./file0\x00', 0x149800, 0x0) r0 = syz_io_uring_setup(0x88d, &(0x7f0000000140)={0x0, 0x84c0, 0x0, 0xffffffff, 0x121}, &(0x7f0000000100)=0x0, &(0x7f00000003c0)) r2 = syz_open_procfs(0x0, &(0x7f0000001840)='environ\x00') r3 = socket$nl_xfrm(0x10, 0x3, 0x6) getresuid(&(0x7f0000000240)=0x0, &(0x7f0000000280), &(0x7f0000000300)) sendmsg$nl_xfrm(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)=@newsa={0x11c, 0x10, 0x20, 0x70bd28, 0x25dfdbff, {{@in=@broadcast, @in=@dev={0xac, 0x14, 0x14, 0x3a}, 0x4e21, 0x5c4, 0x4e23, 0xb81, 0xa, 0x20, 0xa0, 0x8, 0x0, r4}, {@in6=@mcast2, 0x4d4, 0x33}, @in6=@mcast2, {0xffffffffffffffff, 0x44, 0x76, 0xffff, 0x6, 0x52, 0xe5, 0xfffffffffffffffa}, {0xffffffffffffff00, 0x9, 0xa98, 0x1}, {0x7, 0xfffffffc, 0xd94}, 0x70bd2b, 0x0, 0x2, 0x4, 0x2}, [@lifetime_val={0x24, 0x9, {0x73a0, 0x101, 0x7, 0x2}}, @extra_flags={0x8, 0x18, 0x80000001}]}, 0x11c}}, 0x4000) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="ec000000210001000000000000000000fc010000000000000000000000000000ac1414aa00000000000000000000000000000000000002090200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000009c00110000000000000000000000000000000000fe"], 0xec}}, 0x0) read$FUSE(r2, &(0x7f0000001880)={0x2020}, 0x2020) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0) creat(&(0x7f00000001c0)='./file0\x00', 0x0) 2.3121618s ago: executing program 3 (id=965): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=@newlink={0x40, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x1, @dev}]}, 0x40}}, 0x4) 2.311722867s ago: executing program 2 (id=966): r0 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r0, &(0x7f0000000080), 0x10) listen(r0, 0xfffffffe) r1 = open(0x0, 0x48062, 0x0) fcntl$setlease(r1, 0x400, 0x0) ioctl$BINDER_SET_MAX_THREADS(r1, 0x40046205, &(0x7f0000000040)=0xff) r2 = socket(0x2, 0x80805, 0x0) getsockopt$bt_hci(r2, 0x84, 0x85, 0x0, &(0x7f0000001040)) ioctl$PTP_EXTTS_REQUEST2(r1, 0x40103d0b, &(0x7f0000000000)={0x9}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNDETACHFILTER(r3, 0x401054d6, 0x0) r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000700), 0xffffffffffffffff) sendmsg$IEEE802154_ASSOCIATE_RESP(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, r4, 0x1, 0x70bd2b, 0x25dfdbfe, {}, [@IEEE802154_ATTR_STATUS={0x5, 0x3, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004010}, 0x4000014) r5 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r6, 0x6, 0x1e, &(0x7f0000000180)=0x400000001, 0xc2) setsockopt$inet6_tcp_int(r6, 0x6, 0x2000000000000022, &(0x7f0000000140)=0x1, 0x4) connect$inet6(r6, &(0x7f0000000240)={0xa, 0x4e23, 0xa4e4, @remote, 0x3}, 0x1c) ioctl$FS_IOC_GETFSUUID(r2, 0x80111500, &(0x7f0000000200)) sendmmsg(r6, &(0x7f0000001000)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4010) io_setup(0x30, 0x0) r7 = openat$qrtrtun(0xffffffffffffff9c, 0x0, 0x101002) io_submit(0x0, 0x1, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, r7, 0x0}]) 2.309052264s ago: executing program 1 (id=967): socket$can_j1939(0x1d, 0x2, 0x7) r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) openat$audio(0xffffff9c, 0x0, 0x402, 0x0) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r3 = memfd_create(0x0, 0x3) ftruncate(r3, 0xffff) ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, &(0x7f00000000c0)={r3, 0x1, 0x10000}) syz_io_uring_submit(0x0, 0x0, 0x0) epoll_create(0x7fffffff) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f0000000400)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0xfc, 0x0, 0x0, @loopback, @empty}}}}) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r4, 0x89f5, &(0x7f0000000200)={'syztnl0\x00', &(0x7f0000000040)={'erspan0\x00', r5, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @dev={0xac, 0x14, 0x14, 0xd}, @initdev={0xac, 0x1e, 0xfe, 0x0}}}}}) syz_open_dev$loop(&(0x7f0000000100), 0xf01c, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) openat$cgroup_ro(r6, 0x0, 0x275a, 0x0) fsetxattr$security_capability(r1, &(0x7f0000000140), &(0x7f0000000280)=@v2={0x2000000, [{0x6, 0x224}, {0xfffffffa, 0x40}]}, 0x14, 0x1) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="2000000029000b0027bd700000000000050000000c00018008", @ANYRES32=0x0, @ANYBLOB="4a2425b28046f630ea27c1db1300"/27], 0x20}}, 0x0) 2.195328613s ago: executing program 3 (id=968): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000080)=0xb309) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x0) syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f0000000080)=ANY=[]) syz_usb_control_io(0xffffffffffffffff, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="0000080000000804"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_connect$printer(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201"], 0x0) syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, 0x0) 2.159671131s ago: executing program 6 (id=969): r0 = getpid() bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000180)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x4}, 0xd, 0x6, 0x3, 0x8000000000000001, 0x0, 0x0, 0x80}) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_inet6_SIOCDELRT(r4, 0x890c, &(0x7f0000000300)={@private1, @local, @remote, 0x2, 0x5, 0x4f, 0x400, 0x9, 0x1800200}) syz_pidfd_open(r0, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x2c) r5 = openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0) fsetxattr$system_posix_acl(r5, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f00000001c0)={{}, {0x1, 0x1}, [{}], {0x4, 0x1}, [], {0x10, 0x6}}, 0x2c, 0x0) fchmodat(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0xffffffd3) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$VIDIOC_SUBDEV_DV_TIMINGS_CAP(0xffffffffffffffff, 0xc0905664, &(0x7f0000000b40)={0x0, 0x0, '\x00', @bt={0xfffffffb, 0x8518, 0x0, 0xffffffff, 0x2, 0x4000000000000000, 0xe, 0xe}}) sendmsg$NFT_BATCH(r6, &(0x7f0000010100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000e00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) sendmsg$NFT_BATCH(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000800)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @queue={{0xa}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_QUEUE_NUM={0x6, 0x1, 0x1, 0x0, 0x10}, @NFTA_QUEUE_TOTAL={0x6, 0x2, 0x1, 0x0, 0xe98f}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x7c}, 0x1, 0x0, 0x0, 0x4000001}, 0x0) 1.468138426s ago: executing program 3 (id=970): openat$kvm(0xffffffffffffff9c, 0x0, 0x48001, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_genetlink_get_family_id$ieee802154(0x0, 0xffffffffffffffff) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8) write$rfkill(0xffffffffffffffff, 0x0, 0x0) r2 = syz_io_uring_setup(0x49a, &(0x7f0000000180)={0x0, 0x465f, 0x1000, 0x2, 0x306}, &(0x7f0000000340)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_CLOSE={0x13, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}) io_uring_enter(r2, 0x40f6, 0x4f7c, 0x0, 0x0, 0x0) 1.322888259s ago: executing program 5 (id=971): bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="0a00000004000000dd0000000a00000000000000", @ANYRES32], 0x50) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000880)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000780)="08b5a71534e47c5cde7582fa3b023d4b8c6b93b4e81cd3347471666373cd1c78989c6c8311de5fdc28fca2420c2ab26daac232c722df9f83ffe2c4c359dcb0a687832cd6c0658097a993f613be2698a85660a9e682c4", 0x56}], 0x1, 0x0, 0x0, 0x4008000}], 0x1, 0x40800) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00'}) sendmsg$NL80211_CMD_FRAME(r0, 0x0, 0x0) 1.237511885s ago: executing program 2 (id=972): sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x5, 0x8, 0x2, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r0) sendmsg$NFC_CMD_START_POLL(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000200)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010023484af53b607cc707000000080001"], 0x2c}}, 0x0) 696.126213ms ago: executing program 2 (id=973): r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$SIOCX25GCALLUSERDATA(r0, 0x89e4, &(0x7f00000000c0)={0x40, "c3582fc4ade71139d901a4195333460e523a8a743181b17e9e0d8598d9aee120ef963fecda8b546bd15ec4e7e0611fbe11ea2a9da24f82e48bf1cbafd9c18bd096d21184c1e8bcaa9401e0531e26451aab6d401e150982fc92e52c16801387180455159641307de4ae0fb538bfabf6d47141c2a3f09a41de452677f19428e956"}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$PPPIOCSMRU(r2, 0x40047452, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x3e, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r3 = getpid() poll(0x0, 0x0, 0xa) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x6) socket(0x10, 0x3, 0x9) r6 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x80800) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r6, 0xc05064a7, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000002c0)=[0x0], &(0x7f0000000340), 0x0, 0x1, 0x0, 0x0, r7}) ioctl$DRM_IOCTL_MODE_SETPROPERTY(r6, 0xc01064ab, &(0x7f0000000380)={0x1, r8, r7}) r9 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='setgroups\x00') r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r10, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x8000) sendmsg$NFT_BATCH(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000210000000000000000000000000a6c000000160a3f360000000000000000020000000900010073797a30000000004000038008000240000000002c0003801400010076657468305f746f5f626f6e64000000140001007665746830000000000000000000000008000140000000000900020073797a300000000014000000110001"], 0x94}}, 0x8000) sendmsg$NFT_MSG_GETFLOWTABLE(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000b80)=ANY=[@ANYBLOB="20000000170a0103"], 0x20}, 0x1, 0x0, 0x0, 0x20000005}, 0x4000000) close_range(r9, 0xffffffffffffffff, 0x0) sendmsg$NL80211_CMD_START_SCHED_SCAN(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x7c, 0x0, 0x4, 0x70bd2c, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x2040}, @NL80211_ATTR_SCAN_FREQUENCIES={0xc, 0x2c, 0x0, 0x1, [{0x8, 0x0, 0x4}]}, @NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST={0x6, 0xf7, {0x0, 0xf7}}, @NL80211_ATTR_SCAN_FREQUENCIES={0x34, 0x2c, 0x0, 0x1, [{0x8, 0x0, 0x7}, {0x8, 0x0, 0x7}, {0x8, 0x0, 0x9}, {0x8, 0x0, 0xaf}, {0x8, 0x0, 0x9}, {0x8, 0x0, 0xff}]}, @NL80211_ATTR_SCHED_SCAN_INTERVAL={0x8, 0x77, 0x4}, @NL80211_ATTR_MAC={0xa}]}, 0x7c}, 0x1, 0x0, 0x0, 0x24000005}, 0x4000) 586.591757ms ago: executing program 5 (id=974): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000400)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_AUTHENTICATE(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000040)={0x1c, r1, 0x1, 0x20000042, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 158.008584ms ago: executing program 2 (id=975): socket$can_bcm(0x1d, 0x2, 0x2) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e20, @remote}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18}, 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$inet6(0xa, 0x3, 0xff) socket$key(0xf, 0x3, 0x2) syz_open_dev$sndctrl(0x0, 0x2, 0xe8e80) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x28, 0x0, @fd_index=0x1, 0xfffffffffffffffc, 0x0, 0x0, 0x22}) syz_emit_ethernet(0x2a, &(0x7f0000000280)=ANY=[@ANYBLOB="9b4307000001aaaaaaaaaa000800bc41d14286078bff0001907800000000ffffffffe0009078fffd000062"], 0x0) io_uring_enter(0xffffffffffffffff, 0x48e9, 0x0, 0x6, 0x0, 0x0) connect$inet6(r2, &(0x7f0000000480)={0xa, 0xfffc, 0x3, @empty, 0x5}, 0x1c) ioctl$TIOCGPKT(0xffffffffffffffff, 0x80045438, &(0x7f0000000340)) r3 = socket(0x2b, 0x1, 0x1) r4 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000180)={@loopback, 0x8000000, 0x0, 0x0, 0x6, 0x0, 0x6e}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000180)={@mcast1, 0x8000000, 0x1, 0xff, 0x0, 0x4}, 0x20) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000008380), 0x400000000000174, 0x4008890) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x0, 0x0}) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) 85.047454ms ago: executing program 6 (id=976): syz_open_dev$dri(&(0x7f00000000c0), 0xfffffffffffffffd, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f00000001c0), 0x101000, 0x0) ioctl$SNDCTL_DSP_GETBLKSIZE(r0, 0xc0045004, &(0x7f0000000240)) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0x0, 0x1000, 0x3}, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) landlock_create_ruleset(&(0x7f00000000c0)={0x501b, 0x2, 0x1}, 0x18, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f0000000300)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x80}) io_uring_enter(r3, 0x3516, 0xf3f, 0x0, 0x0, 0xfffffdcf) 0s ago: executing program 5 (id=977): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast6-avx\x00'}, 0x4e) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)}, {&(0x7f0000000440)="9472aef1629418da78f7", 0xa}], 0x2}], 0x1, 0x8001) recvmsg$qrtr(r2, 0x0, 0x0, 0x10020) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5) sched_setaffinity(0x0, 0xff43, &(0x7f00000002c0)=0x2) syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000100)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r3, 0x1, &(0x7f0000000040)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) r4 = timerfd_create(0x0, 0x0) read(r4, &(0x7f0000000080)=""/149, 0x95) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.177' (ED25519) to the list of known hosts. [ 83.092589][ T5852] cgroup: Unknown subsys name 'net' [ 83.287862][ T5852] cgroup: Unknown subsys name 'cpuset' [ 83.297365][ T5852] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 84.956929][ T5852] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 87.827887][ T5879] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 87.836105][ T5879] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 87.844472][ T5882] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 87.863767][ T5882] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 87.883986][ T5882] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 87.891476][ T5882] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 87.896402][ T5879] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 87.905184][ T5881] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 87.915258][ T5882] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 87.922689][ T5881] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 87.923652][ T5879] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 87.930675][ T5881] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 87.944847][ T5882] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 87.956023][ T5882] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 87.963668][ T5879] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 87.971300][ T5882] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 87.976096][ T5884] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 87.978801][ T5879] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 87.985721][ T5881] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 88.000853][ T5884] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 88.004706][ T5879] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 88.009377][ T5884] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 88.023014][ T5881] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 88.032438][ T5884] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 88.042440][ T5884] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 88.702487][ T5865] chnl_net:caif_netlink_parms(): no params data found [ 88.862992][ T5862] chnl_net:caif_netlink_parms(): no params data found [ 88.975864][ T5863] chnl_net:caif_netlink_parms(): no params data found [ 89.013248][ T5864] chnl_net:caif_netlink_parms(): no params data found [ 89.080038][ T5868] chnl_net:caif_netlink_parms(): no params data found [ 89.169490][ T5865] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.176945][ T5865] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.185007][ T5865] bridge_slave_0: entered allmulticast mode [ 89.192471][ T5865] bridge_slave_0: entered promiscuous mode [ 89.247830][ T5865] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.255117][ T5865] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.262337][ T5865] bridge_slave_1: entered allmulticast mode [ 89.269922][ T5865] bridge_slave_1: entered promiscuous mode [ 89.380673][ T5862] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.387969][ T5862] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.395884][ T5862] bridge_slave_0: entered allmulticast mode [ 89.403191][ T5862] bridge_slave_0: entered promiscuous mode [ 89.444954][ T5863] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.452155][ T5863] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.459692][ T5863] bridge_slave_0: entered allmulticast mode [ 89.467676][ T5863] bridge_slave_0: entered promiscuous mode [ 89.476764][ T5862] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.484194][ T5862] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.491403][ T5862] bridge_slave_1: entered allmulticast mode [ 89.498888][ T5862] bridge_slave_1: entered promiscuous mode [ 89.505645][ T5864] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.512784][ T5864] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.520284][ T5864] bridge_slave_0: entered allmulticast mode [ 89.527824][ T5864] bridge_slave_0: entered promiscuous mode [ 89.538573][ T5865] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.551817][ T5865] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.590806][ T5863] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.598845][ T5863] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.606221][ T5863] bridge_slave_1: entered allmulticast mode [ 89.613617][ T5863] bridge_slave_1: entered promiscuous mode [ 89.632746][ T5864] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.640110][ T5864] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.647846][ T5864] bridge_slave_1: entered allmulticast mode [ 89.656248][ T5864] bridge_slave_1: entered promiscuous mode [ 89.678936][ T5868] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.686225][ T5868] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.694454][ T5868] bridge_slave_0: entered allmulticast mode [ 89.703068][ T5868] bridge_slave_0: entered promiscuous mode [ 89.768411][ T5865] team0: Port device team_slave_0 added [ 89.774620][ T5868] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.782361][ T5868] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.790173][ T5868] bridge_slave_1: entered allmulticast mode [ 89.798284][ T5868] bridge_slave_1: entered promiscuous mode [ 89.823070][ T5862] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.849277][ T5865] team0: Port device team_slave_1 added [ 89.901339][ T5863] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.913003][ T5862] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.940732][ T5864] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.964672][ T5865] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.971675][ T5865] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.998951][ T5865] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.019229][ T5868] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.036425][ T5868] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.047338][ T5878] Bluetooth: hci2: command tx timeout [ 90.056739][ T5863] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.084522][ T5864] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.094482][ T5865] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.101431][ T5865] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.128189][ T5184] Bluetooth: hci4: command tx timeout [ 90.128741][ T5865] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.134850][ T5184] Bluetooth: hci0: command tx timeout [ 90.144795][ T5870] Bluetooth: hci3: command tx timeout [ 90.150453][ T5878] Bluetooth: hci1: command tx timeout [ 90.212127][ T5862] team0: Port device team_slave_0 added [ 90.221499][ T5862] team0: Port device team_slave_1 added [ 90.261293][ T5864] team0: Port device team_slave_0 added [ 90.269282][ T5868] team0: Port device team_slave_0 added [ 90.279300][ T5868] team0: Port device team_slave_1 added [ 90.331271][ T5864] team0: Port device team_slave_1 added [ 90.367214][ T5863] team0: Port device team_slave_0 added [ 90.429832][ T5863] team0: Port device team_slave_1 added [ 90.436998][ T5868] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.445011][ T5868] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.471603][ T5868] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.483902][ T5862] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.490873][ T5862] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.517156][ T5862] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.534988][ T5865] hsr_slave_0: entered promiscuous mode [ 90.541547][ T5865] hsr_slave_1: entered promiscuous mode [ 90.548974][ T5864] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.556387][ T5864] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.582429][ T5864] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.609067][ T5868] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.616198][ T5868] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.642300][ T5868] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.663767][ T5862] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.670844][ T5862] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.697631][ T5862] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.721557][ T5864] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.728799][ T5864] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.755114][ T5864] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.782572][ T5863] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.789615][ T5863] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.815681][ T5863] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.828794][ T5863] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.835834][ T5863] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.862270][ T5863] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.998455][ T5868] hsr_slave_0: entered promiscuous mode [ 91.006983][ T5868] hsr_slave_1: entered promiscuous mode [ 91.013257][ T5868] debugfs: 'hsr0' already exists in 'hsr' [ 91.022588][ T5868] Cannot create hsr debugfs directory [ 91.049087][ T5862] hsr_slave_0: entered promiscuous mode [ 91.056060][ T5862] hsr_slave_1: entered promiscuous mode [ 91.062218][ T5862] debugfs: 'hsr0' already exists in 'hsr' [ 91.068066][ T5862] Cannot create hsr debugfs directory [ 91.177634][ T5864] hsr_slave_0: entered promiscuous mode [ 91.184398][ T5864] hsr_slave_1: entered promiscuous mode [ 91.190645][ T5864] debugfs: 'hsr0' already exists in 'hsr' [ 91.196455][ T5864] Cannot create hsr debugfs directory [ 91.327444][ T5863] hsr_slave_0: entered promiscuous mode [ 91.334806][ T5863] hsr_slave_1: entered promiscuous mode [ 91.341146][ T5863] debugfs: 'hsr0' already exists in 'hsr' [ 91.347154][ T5863] Cannot create hsr debugfs directory [ 91.839346][ T5865] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 91.852575][ T5865] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 91.881160][ T5865] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 91.913639][ T5865] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 91.972709][ T5864] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 91.985689][ T5864] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 91.998626][ T5864] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 92.010044][ T5864] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 92.097266][ T5862] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 92.116700][ T5862] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 92.124331][ T5184] Bluetooth: hci2: command tx timeout [ 92.140595][ T5862] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 92.171489][ T5862] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 92.204783][ T5878] Bluetooth: hci1: command tx timeout [ 92.206844][ T5884] Bluetooth: hci3: command tx timeout [ 92.210254][ T5878] Bluetooth: hci4: command tx timeout [ 92.221549][ T5184] Bluetooth: hci0: command tx timeout [ 92.230890][ T2154] cfg80211: failed to load regulatory.db [ 92.338215][ T5868] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 92.351213][ T5868] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 92.366276][ T5868] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 92.402925][ T5868] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 92.497604][ T5863] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 92.509179][ T5863] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 92.521549][ T5863] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 92.533047][ T5863] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 92.594918][ T5865] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.622107][ T5864] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.655153][ T5865] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.676678][ T3023] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.683972][ T3023] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.696340][ T3023] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.703560][ T3023] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.719743][ T5864] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.759432][ T3023] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.766625][ T3023] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.800440][ T3023] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.807652][ T3023] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.822873][ T5862] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.879454][ T5862] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.942210][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.949423][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.001205][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.008429][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.068196][ T5868] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.118946][ T5863] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.137505][ T5868] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.186722][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.193955][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.242685][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.249964][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.287105][ T5863] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.352619][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.359844][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.448897][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.456143][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.639442][ T5864] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.689955][ T5863] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 93.723362][ T5865] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.847539][ T5864] veth0_vlan: entered promiscuous mode [ 93.892420][ T5862] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.902224][ T5864] veth1_vlan: entered promiscuous mode [ 93.919225][ T5865] veth0_vlan: entered promiscuous mode [ 93.961159][ T5865] veth1_vlan: entered promiscuous mode [ 94.061849][ T5865] veth0_macvtap: entered promiscuous mode [ 94.097653][ T5864] veth0_macvtap: entered promiscuous mode [ 94.118134][ T5865] veth1_macvtap: entered promiscuous mode [ 94.148344][ T5864] veth1_macvtap: entered promiscuous mode [ 94.199649][ T5865] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.214647][ T5878] Bluetooth: hci2: command tx timeout [ 94.280584][ T5865] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.288756][ T5878] Bluetooth: hci3: command tx timeout [ 94.294278][ T5878] Bluetooth: hci1: command tx timeout [ 94.299711][ T5878] Bluetooth: hci4: command tx timeout [ 94.304117][ T5184] Bluetooth: hci0: command tx timeout [ 94.338327][ T5864] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.373039][ T5864] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.387805][ T37] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.418279][ T37] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.440061][ T5863] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.461676][ T37] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.471250][ T37] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.496983][ T37] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.507554][ T37] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.520656][ T5868] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.537321][ T37] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.546491][ T37] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.680772][ T5862] veth0_vlan: entered promiscuous mode [ 94.740845][ T5863] veth0_vlan: entered promiscuous mode [ 94.756257][ T5862] veth1_vlan: entered promiscuous mode [ 94.769648][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.781976][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.817484][ T2998] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.826572][ T2998] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.848619][ T5868] veth0_vlan: entered promiscuous mode [ 94.880715][ T5863] veth1_vlan: entered promiscuous mode [ 94.921458][ T5868] veth1_vlan: entered promiscuous mode [ 94.935481][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.937452][ T5862] veth0_macvtap: entered promiscuous mode [ 94.943351][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.972122][ T5862] veth1_macvtap: entered promiscuous mode [ 95.042219][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.043136][ T5864] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 95.064129][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.077842][ T5862] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.110618][ T5862] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.151232][ T5868] veth0_macvtap: entered promiscuous mode [ 95.178450][ T5868] veth1_macvtap: entered promiscuous mode [ 95.229765][ T3023] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.242638][ T3023] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.524617][ T5868] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.604721][ T5990] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 96.341110][ T5184] Bluetooth: hci2: command tx timeout [ 96.363924][ T5184] Bluetooth: hci0: command tx timeout [ 96.373555][ T5184] Bluetooth: hci4: command tx timeout [ 96.379124][ T5884] Bluetooth: hci1: command tx timeout [ 96.385515][ T5878] Bluetooth: hci3: command tx timeout [ 96.615324][ T5863] veth0_macvtap: entered promiscuous mode [ 96.628575][ T5868] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.650915][ T3023] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.023591][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.060938][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.125926][ T37] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.142012][ T37] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.176197][ T5863] veth1_macvtap: entered promiscuous mode [ 97.213146][ T3023] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.265540][ T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.275231][ T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.327050][ T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.362603][ T5863] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.381454][ T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.586658][ T37] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.643297][ T5863] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.670422][ T37] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.750222][ T6005] Invalid source name [ 97.754396][ T6005] UBIFS error (pid: 6005): cannot open "/dev/sg0", error -22 [ 98.036672][ T3023] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.314542][ T3023] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.323527][ T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.431276][ T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.556745][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.593109][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.597545][ T6012] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 98.730777][ T6017] netlink: 'syz.2.11': attribute type 1 has an invalid length. [ 98.743817][ T37] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.751700][ T37] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.764233][ T6017] netlink: 'syz.2.11': attribute type 2 has an invalid length. [ 98.779035][ T6017] netlink: 148 bytes leftover after parsing attributes in process `syz.2.11'. [ 98.871999][ T2998] wlan1: BSS 50:50:50:50:50:50 switches to unsupported channel (0 MHz), disconnecting [ 98.885723][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.936023][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.359800][ T1166] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.374274][ T1166] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.463579][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 101.302132][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 101.443841][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.452615][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.461311][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.470511][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.506984][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 101.516770][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.767124][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.873782][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 102.380609][ T6039] ======================================================= [ 102.380609][ T6039] WARNING: The mand mount option has been deprecated and [ 102.380609][ T6039] and is ignored by this kernel. Remove the mand [ 102.380609][ T6039] option from the mount to silence this warning. [ 102.380609][ T6039] ======================================================= [ 102.448961][ T6039] I/O error, dev loop4, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2 [ 102.596704][ T6039] EXT4-fs (loop4): unable to read superblock [ 102.638443][ T6046] 9pnet: p9_errstr2errno: server reported unknown error [ 102.907657][ T6051] batman_adv: batadv0: Adding interface: dummy0 [ 102.918281][ T6051] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 102.955699][ T6051] batman_adv: batadv0: Interface activated: dummy0 [ 103.297016][ T6017] syz.2.11 (6017): drop_caches: 2 [ 104.702270][ T6066] I/O error, dev loop1, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2 [ 104.724448][ T6066] EXT4-fs (loop1): unable to read superblock [ 104.756475][ T6066] I/O error, dev loop1, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 104.766803][ T6066] I/O error, dev loop1, sector 256 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 104.776340][ T6066] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 104.787258][ T6066] I/O error, dev loop1, sector 512 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 104.796671][ T6066] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512 [ 104.806267][ T6066] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 104.813952][ T6066] UDF-fs: Scanning with blocksize 512 failed [ 104.820760][ T6066] I/O error, dev loop1, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 104.830271][ T6066] I/O error, dev loop1, sector 512 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 104.839731][ T6066] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 104.849612][ T6066] I/O error, dev loop1, sector 1024 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 104.859326][ T6066] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512 [ 104.868909][ T6066] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 104.876603][ T6066] UDF-fs: Scanning with blocksize 1024 failed [ 104.883172][ T6066] I/O error, dev loop1, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 104.893981][ T6066] I/O error, dev loop1, sector 1024 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 104.903602][ T6066] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 104.913342][ T6066] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512 [ 104.922985][ T6066] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 104.930829][ T6066] UDF-fs: Scanning with blocksize 2048 failed [ 104.937569][ T6066] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 104.947349][ T6066] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512 [ 104.957040][ T6066] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 104.964716][ T6066] UDF-fs: Scanning with blocksize 4096 failed [ 104.970781][ T6066] UDF-fs: warning (device loop1): udf_fill_super: No partition found (1) [ 105.198218][ T2154] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 105.783540][ T2154] usb 1-1: Using ep0 maxpacket: 16 [ 105.802065][ T2154] usb 1-1: config 1 has an invalid interface number: 185 but max is 0 [ 105.949950][ T2154] usb 1-1: config 1 has no interface number 0 [ 106.023089][ T2154] usb 1-1: New USB device found, idVendor=05ac, idProduct=120a, bcdDevice=60.45 [ 106.613563][ T2154] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 106.621633][ T2154] usb 1-1: Product: syz [ 106.636694][ T2154] usb 1-1: Manufacturer: syz [ 106.647517][ T2154] usb 1-1: SerialNumber: syz [ 106.760933][ T6085] warning: `syz.4.23' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 106.857183][ T6090] 9pnet: p9_errstr2errno: server reported unknown error [ 107.009790][ T6088] Bluetooth: MGMT ver 1.23 [ 107.015175][ T6088] Bluetooth: hci0: load_link_keys: expected 51203 bytes, got 7 bytes [ 107.276740][ T2154] usb-storage 1-1:1.185: USB Mass Storage device detected [ 107.351172][ T2154] usb-storage 1-1:1.185: Quirks match for vid 05ac pid 120a: 10 [ 107.537459][ T2154] apple-mfi-fastcharge 1-1: USB disconnect, device number 2 [ 108.067625][ T6109] blk_print_req_error: 4 callbacks suppressed [ 108.067645][ T6109] I/O error, dev loop0, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2 [ 108.097847][ T6109] EXT4-fs (loop0): unable to read superblock [ 108.158987][ T6109] I/O error, dev loop0, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 108.170469][ T6109] I/O error, dev loop0, sector 256 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 108.179995][ T6109] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 108.189814][ T6109] I/O error, dev loop0, sector 512 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 108.199245][ T6109] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=512, location=512 [ 108.210978][ T6109] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 108.218753][ T6109] UDF-fs: Scanning with blocksize 512 failed [ 108.225499][ T6109] I/O error, dev loop0, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 108.235172][ T6109] I/O error, dev loop0, sector 512 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 108.244559][ T6109] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 108.254377][ T6109] I/O error, dev loop0, sector 1024 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 108.263983][ T6109] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=512, location=512 [ 108.274540][ T6109] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 108.282186][ T6109] UDF-fs: Scanning with blocksize 1024 failed [ 108.289079][ T6109] I/O error, dev loop0, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 108.298571][ T6109] I/O error, dev loop0, sector 1024 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 108.308169][ T6109] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 108.317927][ T6109] I/O error, dev loop0, sector 2048 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 108.327403][ T6109] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=512, location=512 [ 108.337001][ T6109] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 108.344661][ T6109] UDF-fs: Scanning with blocksize 2048 failed [ 108.351375][ T6109] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 108.361155][ T6109] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=512, location=512 [ 108.372111][ T6109] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 108.379801][ T6109] UDF-fs: Scanning with blocksize 4096 failed [ 108.385890][ T6109] UDF-fs: warning (device loop0): udf_fill_super: No partition found (1) [ 109.734017][ T5184] Bluetooth: hci4: command tx timeout [ 110.087003][ T6126] 9pnet: p9_errstr2errno: server reported unknown error [ 111.723520][ T5944] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 111.966764][ T5944] usb 2-1: device descriptor read/64, error -71 [ 112.936307][ T5944] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 113.169253][ T6159] syz.2.56 uses obsolete (PF_INET,SOCK_PACKET) [ 114.263546][ T5944] usb 2-1: device descriptor read/64, error -71 [ 114.473967][ T5944] usb usb2-port1: attempt power cycle [ 114.904255][ T6180] netlink: 64 bytes leftover after parsing attributes in process `syz.2.62'. [ 115.551085][ T6143] syz.0.48 (6143): drop_caches: 2 [ 116.910338][ T5184] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 116.920292][ T5184] CPU: 0 UID: 0 PID: 5184 Comm: kworker/u9:1 Not tainted syzkaller #0 PREEMPT(full) [ 116.920320][ T5184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 116.920334][ T5184] Workqueue: hci2 hci_rx_work [ 116.920389][ T5184] Call Trace: [ 116.920398][ T5184] [ 116.920408][ T5184] dump_stack_lvl+0x189/0x250 [ 116.920441][ T5184] ? __pfx_dump_stack_lvl+0x10/0x10 [ 116.920467][ T5184] ? __pfx__printk+0x10/0x10 [ 116.920504][ T5184] ? kernfs_path_from_node+0x250/0x290 [ 116.920530][ T5184] ? kernfs_path_from_node+0x2f/0x290 [ 116.920561][ T5184] sysfs_create_dir_ns+0x259/0x280 [ 116.920593][ T5184] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 116.920621][ T5184] ? do_raw_spin_unlock+0x122/0x240 [ 116.920650][ T5184] kobject_add_internal+0x59f/0xb40 [ 116.920681][ T5184] kobject_add+0x155/0x220 [ 116.920707][ T5184] ? __pfx_kobject_add+0x10/0x10 [ 116.920729][ T5184] ? _raw_spin_unlock+0x28/0x50 [ 116.920760][ T5184] ? get_device_parent+0x366/0x3a0 [ 116.920789][ T5184] device_add+0x408/0xb50 [ 116.920819][ T5184] hci_conn_add_sysfs+0xd5/0x1e0 [ 116.920848][ T5184] le_conn_complete_evt+0xc3a/0x1220 [ 116.920895][ T5184] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 116.920929][ T5184] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 116.920947][ T5184] ? __asan_memcpy+0x40/0x70 [ 116.920982][ T5184] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 116.920999][ T5184] ? skb_pull_data+0xfb/0x200 [ 116.921043][ T5184] hci_le_conn_complete_evt+0x187/0x450 [ 116.921086][ T5184] hci_event_packet+0x78f/0x1200 [ 116.921116][ T5184] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 116.921148][ T5184] ? __pfx_hci_event_packet+0x10/0x10 [ 116.921176][ T5184] ? kcov_remote_start+0x4d3/0x7f0 [ 116.921201][ T5184] ? lockdep_hardirqs_on+0x90/0x150 [ 116.921234][ T5184] ? hci_send_to_monitor+0xe2/0x570 [ 116.921257][ T5184] hci_rx_work+0x46a/0xe80 [ 116.921293][ T5184] ? process_scheduled_works+0x9ef/0x17b0 [ 116.921325][ T5184] process_scheduled_works+0xae1/0x17b0 [ 116.921387][ T5184] ? __pfx_process_scheduled_works+0x10/0x10 [ 116.921439][ T5184] worker_thread+0x8a0/0xda0 [ 116.921474][ T5184] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 116.921513][ T5184] ? __kthread_parkme+0x7b/0x200 [ 116.921545][ T5184] kthread+0x711/0x8a0 [ 116.921571][ T5184] ? __pfx_worker_thread+0x10/0x10 [ 116.921601][ T5184] ? __pfx_kthread+0x10/0x10 [ 116.921626][ T5184] ? _raw_spin_unlock_irq+0x23/0x50 [ 116.921655][ T5184] ? lockdep_hardirqs_on+0x9c/0x150 [ 116.921684][ T5184] ? __pfx_kthread+0x10/0x10 [ 116.921709][ T5184] ret_from_fork+0x4bc/0x870 [ 116.921743][ T5184] ? __pfx_ret_from_fork+0x10/0x10 [ 116.921782][ T5184] ? __switch_to_asm+0x39/0x70 [ 116.921809][ T5184] ? __switch_to_asm+0x33/0x70 [ 116.921834][ T5184] ? __pfx_kthread+0x10/0x10 [ 116.921859][ T5184] ret_from_fork_asm+0x1a/0x30 [ 116.921907][ T5184] [ 116.921940][ T5184] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 117.216129][ T5184] Bluetooth: hci2: failed to register connection device [ 117.921517][ T6208] blk_print_req_error: 3 callbacks suppressed [ 117.921537][ T6208] I/O error, dev loop2, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2 [ 117.956533][ T6208] EXT4-fs (loop2): unable to read superblock [ 118.474642][ T6228] EXT4-fs: Ignoring removed nobh option [ 118.480882][ T6228] I/O error, dev loop3, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 1 [ 118.490442][ T6228] EXT4-fs (loop3): unable to read superblock [ 119.191958][ T5184] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection [ 119.259654][ T5184] Bluetooth: hci2: command tx timeout [ 119.747374][ T6249] I/O error, dev loop2, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2 [ 119.813565][ T6249] EXT4-fs (loop2): unable to read superblock [ 120.319297][ T6264] Invalid source name [ 120.653729][ T5965] usb 3-1: new full-speed USB device number 2 using dummy_hcd [ 120.726293][ T6275] EXT4-fs: Ignoring removed nobh option [ 120.732655][ T6275] I/O error, dev loop0, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 1 [ 120.742443][ T6275] EXT4-fs (loop0): unable to read superblock [ 121.569824][ T5965] usb 3-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 121.661103][ T5965] usb 3-1: New USB device found, idVendor=3344, idProduct=22f0, bcdDevice=ef.4d [ 121.713667][ T5965] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 121.721993][ T5965] usb 3-1: Product: syz [ 121.726822][ T5965] usb 3-1: Manufacturer: syz [ 121.731505][ T5965] usb 3-1: SerialNumber: syz [ 121.999303][ T5965] usb 3-1: selecting invalid altsetting 1 [ 122.137546][ T6285] overlayfs: failed to decode file handle (len=6, type=251, flags=0, err=-22) [ 122.582990][ T5965] LME2510(C): Firmware Status: 00 00 00 00 00 00 [ 122.583139][ T5965] dvb_usb_lmedm04 3-1:2.0: probe with driver dvb_usb_lmedm04 failed with error -22 [ 122.706992][ T5930] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 122.715586][ T5965] usb 3-1: USB disconnect, device number 2 [ 122.899004][ T5930] usb 5-1: config 0 has no interfaces? [ 122.942944][ T5930] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 122.977005][ T5930] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 122.985491][ T5184] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection [ 122.997477][ T5930] usb 5-1: Product: syz [ 123.001799][ T5930] usb 5-1: Manufacturer: syz [ 123.008794][ T5930] usb 5-1: SerialNumber: syz [ 123.026562][ T5930] usb 5-1: config 0 descriptor?? [ 123.833343][ T6302] netlink: 8 bytes leftover after parsing attributes in process `syz.3.103'. [ 124.282459][ T6314] EXT4-fs: Ignoring removed nobh option [ 124.288822][ T6314] I/O error, dev loop1, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 1 [ 124.298551][ T6314] EXT4-fs (loop1): unable to read superblock [ 126.476104][ T6325] tty tty2: ldisc open failed (-12), clearing slot 1 [ 127.189081][ T9] usb 5-1: USB disconnect, device number 2 [ 127.274525][ T5184] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 127.286188][ T5184] CPU: 0 UID: 0 PID: 5184 Comm: kworker/u9:1 Not tainted syzkaller #0 PREEMPT(full) [ 127.286216][ T5184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 127.286226][ T5184] Workqueue: hci0 hci_rx_work [ 127.286250][ T5184] Call Trace: [ 127.286256][ T5184] [ 127.286264][ T5184] dump_stack_lvl+0x189/0x250 [ 127.286287][ T5184] ? __pfx_dump_stack_lvl+0x10/0x10 [ 127.286306][ T5184] ? __pfx__printk+0x10/0x10 [ 127.286332][ T5184] ? kernfs_path_from_node+0x250/0x290 [ 127.286351][ T5184] ? kernfs_path_from_node+0x2f/0x290 [ 127.286374][ T5184] sysfs_create_dir_ns+0x259/0x280 [ 127.286396][ T5184] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 127.286417][ T5184] ? do_raw_spin_unlock+0x122/0x240 [ 127.286439][ T5184] kobject_add_internal+0x59f/0xb40 [ 127.286461][ T5184] kobject_add+0x155/0x220 [ 127.286479][ T5184] ? __pfx_kobject_add+0x10/0x10 [ 127.286494][ T5184] ? _raw_spin_unlock+0x28/0x50 [ 127.286518][ T5184] ? get_device_parent+0x366/0x3a0 [ 127.286540][ T5184] device_add+0x408/0xb50 [ 127.286562][ T5184] hci_conn_add_sysfs+0xd5/0x1e0 [ 127.286583][ T5184] le_conn_complete_evt+0xc3a/0x1220 [ 127.286618][ T5184] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 127.286643][ T5184] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 127.286655][ T5184] ? __asan_memcpy+0x40/0x70 [ 127.286680][ T5184] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 127.286693][ T5184] ? skb_pull_data+0xfb/0x200 [ 127.286715][ T5184] hci_le_conn_complete_evt+0x187/0x450 [ 127.286747][ T5184] hci_event_packet+0x78f/0x1200 [ 127.286769][ T5184] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 127.286793][ T5184] ? __pfx_hci_event_packet+0x10/0x10 [ 127.286814][ T5184] ? kcov_remote_start+0x4d3/0x7f0 [ 127.286833][ T5184] ? lockdep_hardirqs_on+0x90/0x150 [ 127.286858][ T5184] ? hci_send_to_monitor+0xe2/0x570 [ 127.286875][ T5184] hci_rx_work+0x46a/0xe80 [ 127.286900][ T5184] ? process_scheduled_works+0x9ef/0x17b0 [ 127.286924][ T5184] process_scheduled_works+0xae1/0x17b0 [ 127.286968][ T5184] ? __pfx_process_scheduled_works+0x10/0x10 [ 127.287004][ T5184] worker_thread+0x8a0/0xda0 [ 127.287029][ T5184] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 127.287056][ T5184] ? __kthread_parkme+0x7b/0x200 [ 127.287078][ T5184] kthread+0x711/0x8a0 [ 127.287096][ T5184] ? __pfx_worker_thread+0x10/0x10 [ 127.287118][ T5184] ? __pfx_kthread+0x10/0x10 [ 127.287136][ T5184] ? _raw_spin_unlock_irq+0x23/0x50 [ 127.287156][ T5184] ? lockdep_hardirqs_on+0x9c/0x150 [ 127.287176][ T5184] ? __pfx_kthread+0x10/0x10 [ 127.287193][ T5184] ret_from_fork+0x4bc/0x870 [ 127.287224][ T5184] ? __pfx_ret_from_fork+0x10/0x10 [ 127.287251][ T5184] ? __switch_to_asm+0x39/0x70 [ 127.287270][ T5184] ? __switch_to_asm+0x33/0x70 [ 127.287289][ T5184] ? __pfx_kthread+0x10/0x10 [ 127.287307][ T5184] ret_from_fork_asm+0x1a/0x30 [ 127.287342][ T5184] [ 127.287364][ T5184] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 127.584729][ T5184] Bluetooth: hci0: failed to register connection device [ 127.904752][ T6344] syz.2.109 (6344): drop_caches: 2 [ 128.205376][ T6353] EXT4-fs: Ignoring removed nobh option [ 128.211641][ T6353] I/O error, dev loop4, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 1 [ 128.221253][ T6353] EXT4-fs (loop4): unable to read superblock [ 129.343163][ T6358] netlink: 20 bytes leftover after parsing attributes in process `syz.3.119'. [ 129.644297][ T5184] Bluetooth: hci0: command tx timeout [ 130.301656][ T6376] netlink: 12 bytes leftover after parsing attributes in process `syz.1.126'. [ 130.829632][ T6388] EXT4-fs: Ignoring removed nobh option [ 130.835707][ T6388] I/O error, dev loop1, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 1 [ 130.845249][ T6388] EXT4-fs (loop1): unable to read superblock [ 131.013731][ T6052] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 131.265700][ T6052] usb 4-1: config 0 has an invalid interface number: 50 but max is 0 [ 131.388463][ T6052] usb 4-1: config 0 has no interface number 0 [ 131.491076][ T6399] sctp: [Deprecated]: syz.2.132 (pid 6399) Use of int in maxseg socket option. [ 131.491076][ T6399] Use struct sctp_assoc_value instead [ 131.590084][ T6398] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5 [ 131.620817][ T6052] usb 4-1: New USB device found, idVendor=0b48, idProduct=1009, bcdDevice=87.f7 [ 131.712994][ T6052] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 131.859230][ T6052] usb 4-1: Product: syz [ 131.913136][ T6052] usb 4-1: Manufacturer: syz [ 132.044052][ T6052] usb 4-1: SerialNumber: syz [ 132.148841][ T6052] usb 4-1: config 0 descriptor?? [ 132.202633][ T6052] ttusb_dec_send_command: command bulk message failed: error -22 [ 132.250372][ T6052] ttusb-dec 4-1:0.50: probe with driver ttusb-dec failed with error -22 [ 132.403257][ T6052] usb 4-1: USB disconnect, device number 2 [ 133.959077][ T6425] EXT4-fs: Ignoring removed nobh option [ 133.965233][ T6425] I/O error, dev loop4, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 1 [ 133.976201][ T6425] EXT4-fs (loop4): unable to read superblock [ 134.145256][ T5867] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 134.530402][ T5867] usb 1-1: Using ep0 maxpacket: 8 [ 134.706976][ T5867] usb 1-1: config index 0 descriptor too short (expected 6427, got 27) [ 134.801310][ T5867] usb 1-1: config 0 has an invalid descriptor of length 28, skipping remainder of the config [ 134.917181][ T5867] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 135.116371][ T5867] usb 1-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 135.147353][ T5867] usb 1-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0 [ 135.169339][ T5867] usb 1-1: Product: syz [ 135.311953][ T5867] usb 1-1: config 0 descriptor?? [ 137.462693][ T5867] usb 1-1: USB disconnect, device number 3 [ 138.543612][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.989530][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 139.744006][ T6479] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 139.744006][ T6479] program syz.1.159 not setting count and/or reply_len properly [ 142.652240][ T6498] netlink: 20 bytes leftover after parsing attributes in process `syz.4.167'. [ 142.763709][ T2154] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 143.043500][ T2154] usb 3-1: Using ep0 maxpacket: 16 [ 146.009424][ T6528] netlink: 20 bytes leftover after parsing attributes in process `syz.4.178'. [ 146.180078][ T2154] usb 3-1: device descriptor read/all, error -71 [ 149.891647][ T6576] netlink: 20 bytes leftover after parsing attributes in process `syz.0.193'. [ 150.301175][ T6583] netlink: 4 bytes leftover after parsing attributes in process `syz.1.194'. [ 152.680491][ T6605] netlink: 4 bytes leftover after parsing attributes in process `syz.1.203'. [ 153.083356][ T6605] bond0: (slave bond_slave_1): Releasing backup interface [ 153.380963][ T6609] netlink: 20 bytes leftover after parsing attributes in process `syz.2.205'. [ 155.558986][ T5184] Bluetooth: hci3: ISO packet for unknown connection handle 0 [ 156.014788][ T6639] netlink: 368 bytes leftover after parsing attributes in process `syz.0.215'. [ 157.886866][ T44] usb 2-1: new full-speed USB device number 5 using dummy_hcd [ 158.010039][ T6669] netlink: 36 bytes leftover after parsing attributes in process `syz.0.225'. [ 158.117372][ T5965] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 158.408561][ T44] usb 2-1: unable to get BOS descriptor or descriptor too short [ 158.422885][ T44] usb 2-1: not running at top speed; connect to a high speed hub [ 158.459922][ T5965] usb 3-1: Using ep0 maxpacket: 8 [ 158.489029][ T5965] usb 3-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config [ 158.500208][ T5965] usb 3-1: config 179 has 0 interfaces, different from the descriptor's value: 1 [ 158.510922][ T44] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 158.522829][ T5965] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 158.542516][ T44] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 158.566156][ T5965] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 158.618537][ T44] usb 2-1: string descriptor 0 read error: -22 [ 158.627906][ T44] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 158.638362][ T44] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 158.673829][ T44] usb 2-1: 0:2 : does not exist [ 158.744027][ T6681] usb usb8: usbfs: process 6681 (syz.4.227) did not claim interface 0 before use [ 158.957902][ T6661] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 159.016250][ T6661] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 159.031243][ T5965] usb 3-1: USB disconnect, device number 5 [ 159.393182][ T44] usb 2-1: 5:0: cannot get min/max values for control 2 (id 5) [ 159.424760][ T44] usb 2-1: 5:0: cannot get min/max values for control 3 (id 5) [ 159.472403][ T44] usb 2-1: 5:0: failed to get current value for ch 1 (-22) [ 159.830113][ T6691] Zero length message leads to an empty skb [ 159.958146][ T44] usb 2-1: 5:0: cannot get min/max values for control 3 (id 5) [ 159.994112][ T44] usb 2-1: USB disconnect, device number 5 [ 161.482465][ T6706] netlink: 12 bytes leftover after parsing attributes in process `syz.1.237'. [ 166.334888][ T6754] tipc: Enabling of bearer rejected, failed to enable media [ 166.440646][ T6755] fuse: Bad value for 'fd' [ 169.212869][ T5184] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 173.671139][ T5884] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 176.423002][ T6843] tipc: Started in network mode [ 176.459801][ T6843] tipc: Node identity , cluster identity 4711 [ 176.479672][ T6843] tipc: Failed to obtain node identity [ 176.491767][ T6843] tipc: Enabling of bearer rejected, failed to enable media [ 180.327809][ T5184] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 180.338375][ T5184] CPU: 1 UID: 0 PID: 5184 Comm: kworker/u9:1 Not tainted syzkaller #0 PREEMPT(full) [ 180.338404][ T5184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 180.338418][ T5184] Workqueue: hci1 hci_rx_work [ 180.338451][ T5184] Call Trace: [ 180.338460][ T5184] [ 180.338469][ T5184] dump_stack_lvl+0x189/0x250 [ 180.338501][ T5184] ? __pfx_dump_stack_lvl+0x10/0x10 [ 180.338526][ T5184] ? __pfx__printk+0x10/0x10 [ 180.338561][ T5184] ? kernfs_path_from_node+0x250/0x290 [ 180.338587][ T5184] ? kernfs_path_from_node+0x2f/0x290 [ 180.338618][ T5184] sysfs_create_dir_ns+0x259/0x280 [ 180.338648][ T5184] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 180.338677][ T5184] ? do_raw_spin_unlock+0x122/0x240 [ 180.338707][ T5184] kobject_add_internal+0x59f/0xb40 [ 180.338738][ T5184] kobject_add+0x155/0x220 [ 180.338765][ T5184] ? __pfx_kobject_add+0x10/0x10 [ 180.338786][ T5184] ? _raw_spin_unlock+0x28/0x50 [ 180.338819][ T5184] ? get_device_parent+0x366/0x3a0 [ 180.338848][ T5184] device_add+0x408/0xb50 [ 180.338877][ T5184] hci_conn_add_sysfs+0xd5/0x1e0 [ 180.338905][ T5184] le_conn_complete_evt+0xc3a/0x1220 [ 180.338965][ T5184] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 180.338998][ T5184] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 180.339015][ T5184] ? __asan_memcpy+0x40/0x70 [ 180.339049][ T5184] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 180.339068][ T5184] ? skb_pull_data+0xfb/0x200 [ 180.339099][ T5184] hci_le_conn_complete_evt+0x187/0x450 [ 180.339140][ T5184] hci_event_packet+0x78f/0x1200 [ 180.339171][ T5184] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 180.339204][ T5184] ? __pfx_hci_event_packet+0x10/0x10 [ 180.339233][ T5184] ? kcov_remote_start+0x4d3/0x7f0 [ 180.339260][ T5184] ? lockdep_hardirqs_on+0x90/0x150 [ 180.339295][ T5184] ? hci_send_to_monitor+0xe2/0x570 [ 180.339318][ T5184] hci_rx_work+0x46a/0xe80 [ 180.339354][ T5184] ? process_scheduled_works+0x9ef/0x17b0 [ 180.339387][ T5184] process_scheduled_works+0xae1/0x17b0 [ 180.339450][ T5184] ? __pfx_process_scheduled_works+0x10/0x10 [ 180.339500][ T5184] worker_thread+0x8a0/0xda0 [ 180.339535][ T5184] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 180.339574][ T5184] ? __kthread_parkme+0x7b/0x200 [ 180.339605][ T5184] kthread+0x711/0x8a0 [ 180.339631][ T5184] ? __pfx_worker_thread+0x10/0x10 [ 180.339661][ T5184] ? __pfx_kthread+0x10/0x10 [ 180.339686][ T5184] ? _raw_spin_unlock_irq+0x23/0x50 [ 180.339714][ T5184] ? lockdep_hardirqs_on+0x9c/0x150 [ 180.339742][ T5184] ? __pfx_kthread+0x10/0x10 [ 180.339767][ T5184] ret_from_fork+0x4bc/0x870 [ 180.339800][ T5184] ? __pfx_ret_from_fork+0x10/0x10 [ 180.339838][ T5184] ? __switch_to_asm+0x39/0x70 [ 180.339877][ T5184] ? __switch_to_asm+0x33/0x70 [ 180.339902][ T5184] ? __pfx_kthread+0x10/0x10 [ 180.339947][ T5184] ret_from_fork_asm+0x1a/0x30 [ 180.339996][ T5184] [ 180.340028][ T5184] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 180.637976][ T5184] Bluetooth: hci1: failed to register connection device [ 182.250230][ T6901] mkiss: ax0: crc mode is auto. [ 183.311368][ T6923] netlink: 'syz.2.310': attribute type 10 has an invalid length. [ 183.344849][ T6923] netlink: 40 bytes leftover after parsing attributes in process `syz.2.310'. [ 183.994863][ T6923] team0: entered promiscuous mode [ 184.000136][ T6923] team_slave_0: entered promiscuous mode [ 184.025812][ T6923] team_slave_1: entered promiscuous mode [ 184.052533][ T6923] team0: entered allmulticast mode [ 184.058431][ T6923] team_slave_0: entered allmulticast mode [ 184.064726][ T6923] team_slave_1: entered allmulticast mode [ 184.090692][ T6923] bridge0: port 3(team0) entered blocking state [ 184.111293][ T6923] bridge0: port 3(team0) entered disabled state [ 184.253969][ T6923] bridge0: port 3(team0) entered blocking state [ 184.260812][ T6923] bridge0: port 3(team0) entered forwarding state [ 184.393618][ T6930] exFAT-fs (nullb0): invalid boot record signature [ 184.400366][ T6930] exFAT-fs (nullb0): failed to read boot sector [ 184.407046][ T6930] exFAT-fs (nullb0): failed to recognize exfat type [ 185.040220][ T5184] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 187.049012][ T6973] netlink: 12 bytes leftover after parsing attributes in process `syz.2.319'. [ 188.307449][ T6987] netlink: 'syz.2.330': attribute type 2 has an invalid length. [ 188.315393][ T6987] netlink: 'syz.2.330': attribute type 11 has an invalid length. [ 188.323486][ T6987] netlink: 132 bytes leftover after parsing attributes in process `syz.2.330'. [ 188.557871][ T5184] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 191.163547][ T7023] netlink: 12 bytes leftover after parsing attributes in process `syz.1.339'. [ 191.937251][ T7026] binder: 7025:7026 ioctl c0306201 200000000680 returned -14 [ 192.083659][ T7028] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 192.329794][ T7033] netlink: 'syz.2.343': attribute type 4 has an invalid length. [ 192.832664][ T7037] input: syz0 as /devices/virtual/input/input7 [ 192.932061][ T5884] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 192.943226][ T5884] CPU: 1 UID: 0 PID: 5884 Comm: kworker/u9:8 Not tainted syzkaller #0 PREEMPT(full) [ 192.943255][ T5884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 192.943269][ T5884] Workqueue: hci3 hci_rx_work [ 192.943300][ T5884] Call Trace: [ 192.943309][ T5884] [ 192.943319][ T5884] dump_stack_lvl+0x189/0x250 [ 192.943355][ T5884] ? __pfx_dump_stack_lvl+0x10/0x10 [ 192.943379][ T5884] ? __pfx__printk+0x10/0x10 [ 192.943414][ T5884] ? kernfs_path_from_node+0x250/0x290 [ 192.943439][ T5884] ? kernfs_path_from_node+0x2f/0x290 [ 192.943469][ T5884] sysfs_create_dir_ns+0x259/0x280 [ 192.943500][ T5884] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 192.943528][ T5884] ? do_raw_spin_unlock+0x122/0x240 [ 192.943556][ T5884] kobject_add_internal+0x59f/0xb40 [ 192.943588][ T5884] kobject_add+0x155/0x220 [ 192.943615][ T5884] ? __pfx_kobject_add+0x10/0x10 [ 192.943635][ T5884] ? _raw_spin_unlock+0x28/0x50 [ 192.943667][ T5884] ? get_device_parent+0x366/0x3a0 [ 192.943699][ T5884] device_add+0x408/0xb50 [ 192.943731][ T5884] hci_conn_add_sysfs+0xd5/0x1e0 [ 192.943762][ T5884] le_conn_complete_evt+0xc3a/0x1220 [ 192.943812][ T5884] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 192.943843][ T5884] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 192.943860][ T5884] ? __asan_memcpy+0x40/0x70 [ 192.943895][ T5884] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 192.943913][ T5884] ? skb_pull_data+0xfb/0x200 [ 192.943943][ T5884] hci_le_conn_complete_evt+0x187/0x450 [ 192.943984][ T5884] hci_event_packet+0x78f/0x1200 [ 192.944024][ T5884] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 192.944060][ T5884] ? __pfx_hci_event_packet+0x10/0x10 [ 192.944089][ T5884] ? kcov_remote_start+0x4d3/0x7f0 [ 192.944118][ T5884] ? lockdep_hardirqs_on+0x90/0x150 [ 192.944153][ T5884] ? hci_send_to_monitor+0xe2/0x570 [ 192.944178][ T5884] hci_rx_work+0x46a/0xe80 [ 192.944216][ T5884] ? process_scheduled_works+0x9ef/0x17b0 [ 192.944250][ T5884] process_scheduled_works+0xae1/0x17b0 [ 192.944315][ T5884] ? __pfx_process_scheduled_works+0x10/0x10 [ 192.944364][ T5884] worker_thread+0x8a0/0xda0 [ 192.944424][ T5884] kthread+0x711/0x8a0 [ 192.944451][ T5884] ? __pfx_worker_thread+0x10/0x10 [ 192.944482][ T5884] ? __pfx_kthread+0x10/0x10 [ 192.944508][ T5884] ? _raw_spin_unlock_irq+0x23/0x50 [ 192.944537][ T5884] ? lockdep_hardirqs_on+0x9c/0x150 [ 192.944566][ T5884] ? __pfx_kthread+0x10/0x10 [ 192.944590][ T5884] ret_from_fork+0x4bc/0x870 [ 192.944624][ T5884] ? __pfx_ret_from_fork+0x10/0x10 [ 192.944663][ T5884] ? __switch_to_asm+0x39/0x70 [ 192.944690][ T5884] ? __switch_to_asm+0x33/0x70 [ 192.944716][ T5884] ? __pfx_kthread+0x10/0x10 [ 192.944741][ T5884] ret_from_fork_asm+0x1a/0x30 [ 192.944790][ T5884] [ 193.208446][ T5884] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 193.222717][ T5884] Bluetooth: hci3: failed to register connection device [ 196.147942][ T1133] Bluetooth: hci5: Frame reassembly failed (-84) [ 196.601172][ T5184] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection [ 198.203571][ T5184] Bluetooth: hci5: command 0x1003 tx timeout [ 198.203585][ T5884] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 199.204571][ T5884] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 199.754600][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.761079][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 202.698649][ T7129] overlayfs: failed to clone upperpath [ 202.935169][ T5184] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 204.007223][ T7155] netlink: 56 bytes leftover after parsing attributes in process `syz.1.388'. [ 206.337622][ T7177] netlink: 8 bytes leftover after parsing attributes in process `syz.4.395'. [ 207.256819][ T5884] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 208.184861][ T1166] wlan1: BSS 50:50:50:50:50:50 switches to unsupported channel (0 MHz), disconnecting [ 208.313505][ T1166] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 208.334685][ T1166] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 210.387873][ T5881] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 211.803625][ T30] audit: type=1326 audit(1758075599.853:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7227 comm="syz.1.413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd3b78eba9 code=0x7ffc0000 [ 211.939144][ T30] audit: type=1326 audit(1758075599.853:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7227 comm="syz.1.413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd3b78eba9 code=0x7ffc0000 [ 212.062431][ T5881] Bluetooth: hci1: command 0x0406 tx timeout [ 212.071834][ T5875] Bluetooth: hci3: command 0x0406 tx timeout [ 212.085924][ T5881] Bluetooth: hci2: command 0x0406 tx timeout [ 212.092008][ T5881] Bluetooth: hci0: command 0x0406 tx timeout [ 212.123534][ T2154] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 212.151609][ T30] audit: type=1326 audit(1758075599.853:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7227 comm="syz.1.413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7fcd3b78eba9 code=0x7ffc0000 [ 212.218866][ T30] audit: type=1326 audit(1758075599.853:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7227 comm="syz.1.413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd3b78eba9 code=0x7ffc0000 [ 212.259259][ T30] audit: type=1326 audit(1758075599.853:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7227 comm="syz.1.413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fcd3b78eba9 code=0x7ffc0000 [ 212.286436][ T30] audit: type=1326 audit(1758075599.853:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7227 comm="syz.1.413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd3b78eba9 code=0x7ffc0000 [ 212.317096][ T30] audit: type=1326 audit(1758075599.853:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7227 comm="syz.1.413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd3b78eba9 code=0x7ffc0000 [ 212.346007][ T30] audit: type=1326 audit(1758075599.853:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7227 comm="syz.1.413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcd3b78eba9 code=0x7ffc0000 [ 212.377555][ T2154] usb 3-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 212.390375][ T2154] usb 3-1: config 0 interface 0 has no altsetting 0 [ 212.403665][ T30] audit: type=1326 audit(1758075599.853:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7227 comm="syz.1.413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd3b78eba9 code=0x7ffc0000 [ 212.463704][ T2154] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 212.506694][ T2154] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 212.525297][ T30] audit: type=1326 audit(1758075599.853:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7227 comm="syz.1.413" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd3b78eba9 code=0x7ffc0000 [ 212.573873][ T2154] usb 3-1: Product: syz [ 212.578101][ T2154] usb 3-1: Manufacturer: syz [ 212.602980][ T2154] usb 3-1: SerialNumber: syz [ 212.667250][ T2154] usb 3-1: config 0 descriptor?? [ 212.696369][ T2154] usb 3-1: selecting invalid altsetting 0 [ 212.978423][ T2154] usb 3-1: USB disconnect, device number 6 [ 213.795756][ T7243] udevd[7243]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 214.002346][ T7248] tipc: Started in network mode [ 214.034129][ T7248] tipc: Node identity 8e360451f555, cluster identity 4711 [ 214.076806][ T7248] tipc: Enabled bearer , priority 0 [ 214.878629][ T7255] netlink: 12 bytes leftover after parsing attributes in process `syz.3.419'. [ 215.623497][ T2154] tipc: Node number set to 2070086737 [ 215.678131][ T7249] syzkaller0: entered promiscuous mode [ 215.747806][ T7249] syzkaller0: entered allmulticast mode [ 215.755320][ T7249] tipc: Resetting bearer [ 216.060494][ T7247] tipc: Resetting bearer [ 217.754148][ T5878] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 219.877014][ T7298] netlink: 12 bytes leftover after parsing attributes in process `syz.4.431'. [ 221.236815][ T7313] netlink: 'syz.1.432': attribute type 1 has an invalid length. [ 221.910399][ T7319] netlink: 20 bytes leftover after parsing attributes in process `syz.0.440'. [ 222.058813][ T5184] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 223.985340][ T7247] tipc: Disabling bearer [ 225.541552][ T7348] serio: Serial port ptm0 [ 227.644682][ T5930] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 227.803470][ T5930] usb 3-1: Using ep0 maxpacket: 8 [ 227.820783][ T5930] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 227.841238][ T5930] usb 3-1: config 0 has no interfaces? [ 227.847214][ T5930] usb 3-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 227.873482][ T5930] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 227.892906][ T5930] usb 3-1: config 0 descriptor?? [ 228.124962][ T7362] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 228.155249][ T7362] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 228.211010][ T5878] Bluetooth: hci2: Malformed LE Event: 0x0d [ 228.219562][ T5930] usb 3-1: USB disconnect, device number 7 [ 228.297189][ T5184] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 228.308090][ T5184] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 228.316194][ T5184] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 228.423142][ T5184] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 228.439109][ T5184] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 229.857238][ T7380] chnl_net:caif_netlink_parms(): no params data found [ 229.992847][ T2154] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 230.186813][ T2154] usb 3-1: config 0 interface 0 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 230.187616][ T7380] bridge0: port 1(bridge_slave_0) entered blocking state [ 230.206505][ T7380] bridge0: port 1(bridge_slave_0) entered disabled state [ 230.215013][ T7380] bridge_slave_0: entered allmulticast mode [ 230.224202][ T7380] bridge_slave_0: entered promiscuous mode [ 230.230369][ T2154] usb 3-1: config 0 interface 0 altsetting 128 endpoint 0x81 has invalid wMaxPacketSize 0 [ 230.235990][ T7380] bridge0: port 2(bridge_slave_1) entered blocking state [ 230.404314][ T7380] bridge0: port 2(bridge_slave_1) entered disabled state [ 230.412126][ T7380] bridge_slave_1: entered allmulticast mode [ 230.420376][ T7380] bridge_slave_1: entered promiscuous mode [ 230.466177][ T2154] usb 3-1: config 0 interface 0 has no altsetting 0 [ 230.477488][ T2154] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 230.554554][ T5184] Bluetooth: hci0: command tx timeout [ 230.561476][ T2154] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 231.106777][ T2154] usb 3-1: config 0 descriptor?? [ 231.381992][ T7380] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 231.604028][ T7380] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 232.253812][ T2154] usb 3-1: string descriptor 0 read error: -22 [ 232.320700][ T7380] team0: Port device team_slave_0 added [ 232.537951][ T2154] uclogic 0003:256C:006D.0001: failed retrieving string descriptor #100: -71 [ 232.559897][ T2154] uclogic 0003:256C:006D.0001: failed retrieving pen parameters: -71 [ 232.572591][ T2154] uclogic 0003:256C:006D.0001: failed probing pen v1 parameters: -71 [ 233.212552][ T5184] Bluetooth: hci0: command tx timeout [ 233.219035][ T7380] team0: Port device team_slave_1 added [ 233.274475][ T7424] ip6gretap0 speed is unknown, defaulting to 1000 [ 233.284571][ T7424] ip6gretap0 speed is unknown, defaulting to 1000 [ 233.292716][ T7424] ip6gretap0 speed is unknown, defaulting to 1000 [ 233.446994][ T7424] infiniband syz2: set active [ 233.451891][ T7424] infiniband syz2: added ip6gretap0 [ 233.463843][ T5930] ip6gretap0 speed is unknown, defaulting to 1000 [ 233.510494][ T2154] uclogic 0003:256C:006D.0001: failed probing parameters: -71 [ 233.527685][ T7424] RDS/IB: syz2: added [ 233.532415][ T7424] smc: adding ib device syz2 with port count 1 [ 233.539142][ T7424] smc: ib device syz2 port 1 has no pnetid [ 233.546994][ T2154] uclogic 0003:256C:006D.0001: probe with driver uclogic failed with error -71 [ 233.595216][ T2154] usb 3-1: USB disconnect, device number 8 [ 233.697372][ T7380] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 233.731979][ T7380] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 233.784412][ T7380] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 233.801979][ T7424] ip6gretap0 speed is unknown, defaulting to 1000 [ 233.804226][ T7380] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 233.825074][ T7380] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 233.861991][ T7380] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 234.001300][ T7424] ip6gretap0 speed is unknown, defaulting to 1000 [ 234.168425][ T5930] ip6gretap0 speed is unknown, defaulting to 1000 [ 234.176263][ T7424] ip6gretap0 speed is unknown, defaulting to 1000 [ 234.341758][ T7424] ip6gretap0 speed is unknown, defaulting to 1000 [ 234.503966][ T7424] ip6gretap0 speed is unknown, defaulting to 1000 [ 234.671908][ T7424] ip6gretap0 speed is unknown, defaulting to 1000 [ 234.925706][ T7380] hsr_slave_0: entered promiscuous mode [ 235.033279][ T7380] hsr_slave_1: entered promiscuous mode [ 235.243527][ T5878] Bluetooth: hci0: command tx timeout [ 235.301952][ T7380] debugfs: 'hsr0' already exists in 'hsr' [ 235.311642][ T7380] Cannot create hsr debugfs directory [ 235.597311][ T36] Bluetooth: (null): Invalid header checksum [ 235.661671][ T7439] mmap: syz.3.476 (7439) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 235.691012][ T36] Bluetooth: (null): Invalid header checksum [ 235.715942][ T36] Bluetooth: (null): Invalid header checksum [ 235.882064][ T7436] mkiss: ax0: crc mode is auto. [ 236.960644][ T7380] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 237.024867][ T7380] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 237.041576][ T7380] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 237.339480][ T5878] Bluetooth: hci0: command tx timeout [ 237.495170][ T7380] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 237.583821][ T7459] use of bytesused == 0 is deprecated and will be removed in the future, [ 237.641068][ T7459] use the actual size instead. [ 237.667944][ T7467] netlink: 28 bytes leftover after parsing attributes in process `syz.2.483'. [ 237.690527][ T7467] netlink: 28 bytes leftover after parsing attributes in process `syz.2.483'. [ 237.799447][ T7467] netlink: 24 bytes leftover after parsing attributes in process `syz.2.483'. [ 239.247022][ T7380] 8021q: adding VLAN 0 to HW filter on device bond0 [ 239.275051][ T7380] 8021q: adding VLAN 0 to HW filter on device team0 [ 239.356660][ T6809] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.363922][ T6809] bridge0: port 1(bridge_slave_0) entered forwarding state [ 239.748828][ T6809] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.756124][ T6809] bridge0: port 2(bridge_slave_1) entered forwarding state [ 241.127665][ T7496] lo: entered promiscuous mode [ 241.132560][ T7496] lo: entered allmulticast mode [ 241.163914][ T7496] tunl0: entered promiscuous mode [ 241.169071][ T7496] tunl0: entered allmulticast mode [ 241.181319][ T7496] gre0: entered promiscuous mode [ 241.186478][ T7496] gre0: entered allmulticast mode [ 241.196045][ T7496] gretap0: entered promiscuous mode [ 241.201375][ T7496] gretap0: entered allmulticast mode [ 241.210363][ T7496] erspan0: entered promiscuous mode [ 241.234619][ T7496] erspan0: entered allmulticast mode [ 241.244506][ T7496] ip_vti0: entered promiscuous mode [ 241.249830][ T7496] ip_vti0: entered allmulticast mode [ 241.259975][ T7496] ip6_vti0: entered promiscuous mode [ 241.265515][ T7496] ip6_vti0: entered allmulticast mode [ 241.276165][ T7496] sit0: entered promiscuous mode [ 241.281222][ T7496] sit0: entered allmulticast mode [ 241.292463][ T7496] ip6tnl0: entered promiscuous mode [ 241.297843][ T7496] ip6tnl0: entered allmulticast mode [ 241.307878][ T7496] ip6gre0: entered promiscuous mode [ 241.313180][ T7496] ip6gre0: entered allmulticast mode [ 241.322680][ T7496] syz_tun: entered promiscuous mode [ 241.329181][ T7496] syz_tun: entered allmulticast mode [ 241.339005][ T7496] ip6gretap0: entered promiscuous mode [ 241.347814][ T7496] ip6gretap0: entered allmulticast mode [ 241.357353][ T7496] bridge0: entered promiscuous mode [ 241.362660][ T7496] bridge0: entered allmulticast mode [ 241.372757][ T7496] vcan0: entered promiscuous mode [ 241.377942][ T7496] vcan0: entered allmulticast mode [ 241.388086][ T7496] bond0: entered promiscuous mode [ 241.393225][ T7496] bond_slave_0: entered promiscuous mode [ 241.400536][ T7496] bond_slave_1: entered promiscuous mode [ 241.408303][ T7496] bond0: entered allmulticast mode [ 241.413540][ T7496] bond_slave_0: entered allmulticast mode [ 241.419336][ T7496] bond_slave_1: entered allmulticast mode [ 241.439153][ T7496] dummy0: entered promiscuous mode [ 241.444691][ T7496] dummy0: entered allmulticast mode [ 241.457187][ T7496] nlmon0: entered promiscuous mode [ 241.462423][ T7496] nlmon0: entered allmulticast mode [ 241.635606][ T7496] caif0: entered promiscuous mode [ 241.640699][ T7496] caif0: entered allmulticast mode [ 241.646533][ T7496] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 242.460957][ T7380] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 242.842790][ T7516] netlink: 'syz.2.493': attribute type 1 has an invalid length. [ 242.850681][ T7516] netlink: 'syz.2.493': attribute type 2 has an invalid length. [ 243.483912][ T5184] Bluetooth: hci0: command 0x0405 tx timeout [ 243.681477][ T5965] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 244.885822][ T5965] usb 2-1: New USB device found, idVendor=1235, idProduct=0018, bcdDevice=f0.ee [ 244.928463][ T5965] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 244.938392][ T7533] tipc: Enabling of bearer rejected, failed to enable media [ 245.062306][ T5965] usb 2-1: config 0 descriptor?? [ 245.115185][ T5965] usb 2-1: selecting invalid altsetting 1 [ 245.162563][ T7380] veth0_vlan: entered promiscuous mode [ 245.187393][ T7380] veth1_vlan: entered promiscuous mode [ 245.277250][ T5965] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -22 [ 245.351993][ T7380] veth0_macvtap: entered promiscuous mode [ 245.552644][ T7380] veth1_macvtap: entered promiscuous mode [ 245.584452][ T7380] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 246.388378][ T7380] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 246.468370][ T7548] process 'syz.2.503' launched './file1' with NULL argv: empty string added [ 246.502125][ T1133] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 246.522888][ T5937] usb 2-1: USB disconnect, device number 6 [ 246.582497][ T1133] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 246.836639][ T1133] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 246.902431][ T1133] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 247.097757][ T6810] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 247.118412][ T6810] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 247.295408][ T2998] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 247.316568][ T2998] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 247.766611][ T7564] qrtr: Invalid version 0 [ 249.234974][ T7574] netlink: 12 bytes leftover after parsing attributes in process `syz.2.508'. [ 250.959839][ T7586] binder: 7570:7586 ioctl c0306201 2000000003c0 returned -14 [ 250.968072][ T7586] binder: 7570:7586 ioctl c0306201 0 returned -14 [ 252.532814][ T7604] rdma_rxe: rxe_newlink: failed to add syz_tun [ 252.936801][ T7622] netlink: 'syz.2.520': attribute type 4 has an invalid length. [ 252.967358][ T7622] netlink: 'syz.2.520': attribute type 4 has an invalid length. [ 253.187701][ T7631] netlink: 'syz.0.519': attribute type 16 has an invalid length. [ 253.195808][ T7631] netlink: 64138 bytes leftover after parsing attributes in process `syz.0.519'. [ 253.889380][ T7628] : renamed from bridge_slave_0 (while UP) [ 255.862799][ T7660] netlink: 8 bytes leftover after parsing attributes in process `syz.0.528'. [ 258.093533][ T5965] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 258.343458][ T5965] usb 3-1: Using ep0 maxpacket: 16 [ 258.495552][ T5965] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 258.544370][ T5965] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 258.583429][ T5965] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 258.726811][ T5965] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 258.768903][ T5965] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 258.823769][ T5965] usb 3-1: config 0 descriptor?? [ 260.152200][ T5965] usbhid 3-1:0.0: can't add hid device: -71 [ 260.160466][ T5965] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 260.198469][ T5965] usb 3-1: USB disconnect, device number 9 [ 260.512966][ T7711] netlink: 240 bytes leftover after parsing attributes in process `syz.1.540'. [ 260.627207][ T7710] netlink: 132 bytes leftover after parsing attributes in process `syz.5.538'. [ 260.713465][ T5965] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 261.000620][ T5965] usb 3-1: config 0 has an invalid interface number: 114 but max is 0 [ 261.012645][ T5965] usb 3-1: config 0 has no interface number 0 [ 261.024741][ T5965] usb 3-1: New USB device found, idVendor=0547, idProduct=2720, bcdDevice=13.67 [ 261.036923][ T5965] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 261.051997][ T5965] usb 3-1: Product: syz [ 261.056769][ T5965] usb 3-1: Manufacturer: syz [ 261.068178][ T5965] usb 3-1: SerialNumber: syz [ 261.095772][ T5965] usb 3-1: config 0 descriptor?? [ 261.281353][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 261.287741][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 261.980355][ T5965] cdc_subset 3-1:0.114: probe with driver cdc_subset failed with error -71 [ 262.075644][ T5965] usb 3-1: USB disconnect, device number 10 [ 265.275844][ T7742] netlink: 'syz.2.548': attribute type 2 has an invalid length. [ 266.184993][ T7757] netlink: 12 bytes leftover after parsing attributes in process `syz.2.554'. [ 268.166614][ T7783] netlink: 'syz.0.563': attribute type 21 has an invalid length. [ 268.174675][ T7783] netlink: 128 bytes leftover after parsing attributes in process `syz.0.563'. [ 268.195484][ T7783] netlink: 'syz.0.563': attribute type 4 has an invalid length. [ 268.265808][ T7783] netlink: 3 bytes leftover after parsing attributes in process `syz.0.563'. [ 269.833198][ T7799] netlink: 12 bytes leftover after parsing attributes in process `syz.3.568'. [ 272.389136][ T1152] wlan1: BSS 50:50:50:50:50:50 switches to unsupported channel (0 MHz), disconnecting [ 272.465519][ T1152] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 272.512879][ T1152] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 275.168066][ T7859] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 276.600922][ T7872] netlink: 8 bytes leftover after parsing attributes in process `syz.5.590'. [ 278.598747][ T1166] wlan1: BSS 50:50:50:50:50:50 switches to unsupported channel (0 MHz), disconnecting [ 278.805952][ T2998] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 278.814081][ T2998] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 279.639074][ T7889] netlink: 'syz.5.596': attribute type 1 has an invalid length. [ 279.852390][ T30] kauditd_printk_skb: 58 callbacks suppressed [ 279.852404][ T30] audit: type=1326 audit(1758075667.923:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7890 comm="syz.3.597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8df3b8eba9 code=0x7ffc0000 [ 280.335769][ T7900] netlink: 'syz.5.599': attribute type 1 has an invalid length. [ 280.409449][ T7900] veth3: entered promiscuous mode [ 280.522872][ T30] audit: type=1326 audit(1758075667.983:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7890 comm="syz.3.597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f8df3b8eba9 code=0x7ffc0000 [ 280.560860][ T30] audit: type=1326 audit(1758075667.983:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7890 comm="syz.3.597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8df3b8eba9 code=0x7ffc0000 [ 281.100440][ T30] audit: type=1326 audit(1758075667.983:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7890 comm="syz.3.597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f8df3b8eba9 code=0x7ffc0000 [ 281.349148][ T30] audit: type=1326 audit(1758075667.983:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7890 comm="syz.3.597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8df3b8eba9 code=0x7ffc0000 [ 281.609716][ T30] audit: type=1326 audit(1758075667.993:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7890 comm="syz.3.597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f8df3b8eba9 code=0x7ffc0000 [ 281.792316][ T30] audit: type=1326 audit(1758075668.323:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7890 comm="syz.3.597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8df3b8eba9 code=0x7ffc0000 [ 281.948579][ T30] audit: type=1326 audit(1758075668.323:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7890 comm="syz.3.597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8df3b8eba9 code=0x7ffc0000 [ 282.544221][ T7910] netlink: 8 bytes leftover after parsing attributes in process `syz.1.602'. [ 285.135980][ T7928] rdma_rxe: rxe_newlink: failed to add ip6gretap0 [ 286.693925][ T7937] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 286.865120][ T7940] netlink: 20 bytes leftover after parsing attributes in process `syz.2.611'. [ 291.752284][ T7972] netlink: 20 bytes leftover after parsing attributes in process `syz.5.623'. [ 293.212428][ T5184] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 293.222892][ T5184] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 293.240827][ T5184] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 293.258577][ T5184] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 293.267079][ T5184] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 295.359340][ T5184] Bluetooth: hci5: command tx timeout [ 295.385777][ T7986] ip6gretap0 speed is unknown, defaulting to 1000 [ 297.138942][ T8013] netlink: 20 bytes leftover after parsing attributes in process `syz.1.634'. [ 297.150224][ T6810] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 297.403607][ T5184] Bluetooth: hci5: command tx timeout [ 297.735604][ T6810] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 299.101040][ T8033] netlink: 12 bytes leftover after parsing attributes in process `syz.3.638'. [ 299.483836][ T5184] Bluetooth: hci5: command tx timeout [ 299.741252][ T6810] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 300.742026][ T6810] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 301.581876][ T5184] Bluetooth: hci5: command tx timeout [ 302.353864][ T6810] bridge_slave_1: left allmulticast mode [ 302.359812][ T6810] bridge_slave_1: left promiscuous mode [ 302.499167][ T6810] bridge0: port 2(bridge_slave_1) entered disabled state [ 302.804770][ T8071] netlink: 20 bytes leftover after parsing attributes in process `syz.5.647'. [ 302.914705][ T6810] bridge_slave_0: left allmulticast mode [ 302.945363][ T6810] bridge_slave_0: left promiscuous mode [ 302.951264][ T6810] bridge0: port 1(bridge_slave_0) entered disabled state [ 303.803951][ T3023] smc: removing ib device syz2 [ 307.725053][ T6810] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 307.777479][ T6810] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 307.816092][ T6810] bond0 (unregistering): Released all slaves [ 307.865304][ T8119] netlink: 20 bytes leftover after parsing attributes in process `syz.1.657'. [ 307.876630][ T7986] chnl_net:caif_netlink_parms(): no params data found [ 307.920022][ T5867] ip6gretap0 speed is unknown, defaulting to 1000 [ 307.931194][ T5867] syz2: Port: 1 Link DOWN [ 307.931258][ T5965] ip6gretap0 speed is unknown, defaulting to 1000 [ 310.553567][ T8136] netlink: 8 bytes leftover after parsing attributes in process `syz.1.661'. [ 311.384597][ T8153] netlink: 8 bytes leftover after parsing attributes in process `syz.1.666'. [ 312.838474][ T8165] netlink: 20 bytes leftover after parsing attributes in process `syz.2.668'. [ 313.023634][ T7986] bridge0: port 1(bridge_slave_0) entered blocking state [ 313.030862][ T7986] bridge0: port 1(bridge_slave_0) entered disabled state [ 313.102316][ T7986] bridge_slave_0: entered allmulticast mode [ 313.305717][ T7986] bridge_slave_0: entered promiscuous mode [ 313.333929][ T7986] bridge0: port 2(bridge_slave_1) entered blocking state [ 313.343626][ T7986] bridge0: port 2(bridge_slave_1) entered disabled state [ 313.393649][ T7986] bridge_slave_1: entered allmulticast mode [ 313.506312][ T7986] bridge_slave_1: entered promiscuous mode [ 314.074185][ T6052] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 314.231996][ T7986] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 314.273428][ T6052] usb 6-1: Using ep0 maxpacket: 16 [ 314.418364][ T6052] usb 6-1: unable to get BOS descriptor or descriptor too short [ 314.494794][ T7986] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 314.536769][ T6052] usb 6-1: config 229 has an invalid interface number: 152 but max is 1 [ 314.662512][ T8192] netlink: 8 bytes leftover after parsing attributes in process `syz.3.676'. [ 315.163429][ T6052] usb 6-1: config 229 has an invalid interface number: 12 but max is 1 [ 315.253831][ T6052] usb 6-1: config 229 has no interface number 0 [ 315.283391][ T6052] usb 6-1: config 229 has no interface number 1 [ 315.289812][ T6052] usb 6-1: config 229 interface 152 has no altsetting 0 [ 315.358542][ T6052] usb 6-1: config 229 interface 12 has no altsetting 0 [ 315.410757][ T6052] usb 6-1: New USB device found, idVendor=413c, idProduct=81a3, bcdDevice=25.ca [ 315.452213][ T6052] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 315.622648][ T6052] usb 6-1: Product: syz [ 315.628849][ T6052] usb 6-1: Manufacturer: syz [ 315.642295][ T6052] usb 6-1: SerialNumber: syz [ 316.763517][ T6052] usb 6-1: USB disconnect, device number 2 [ 316.874936][ T8210] netlink: 20 bytes leftover after parsing attributes in process `syz.3.681'. [ 317.004983][ T7986] team0: Port device team_slave_0 added [ 317.094315][ T7986] team0: Port device team_slave_1 added [ 317.171148][ T8217] netlink: 32 bytes leftover after parsing attributes in process `syz.3.684'. [ 317.847161][ T7986] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 317.912304][ T7986] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 317.938414][ C1] vkms_vblank_simulate: vblank timer overrun [ 317.954796][ T8235] netlink: 12 bytes leftover after parsing attributes in process `syz.5.689'. [ 318.011276][ T7986] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 318.066497][ T7986] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 318.168261][ T7986] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 318.480891][ T7986] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 319.174548][ T7986] hsr_slave_0: entered promiscuous mode [ 319.199793][ T7986] hsr_slave_1: entered promiscuous mode [ 319.230855][ T7986] debugfs: 'hsr0' already exists in 'hsr' [ 319.242181][ T7986] Cannot create hsr debugfs directory [ 319.784337][ T8260] ubi31: attaching mtd0 [ 320.323094][ T8260] ubi31: scanning is finished [ 320.327907][ T8260] ubi31: empty MTD device detected [ 320.592545][ T8260] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4 [ 321.884363][ T8285] netlink: 'syz.5.702': attribute type 10 has an invalid length. [ 321.914767][ T8285] netlink: 40 bytes leftover after parsing attributes in process `syz.5.702'. [ 322.207723][ T8285] team0: entered promiscuous mode [ 322.214359][ T8285] team_slave_0: entered promiscuous mode [ 322.222194][ T8285] team_slave_1: entered promiscuous mode [ 322.230326][ T8285] team0: entered allmulticast mode [ 322.235926][ T8285] team_slave_0: entered allmulticast mode [ 322.241791][ T8285] team_slave_1: entered allmulticast mode [ 322.255536][ T8285] bridge0: port 3(team0) entered blocking state [ 322.262940][ T8285] bridge0: port 3(team0) entered disabled state [ 322.307961][ T8285] bridge0: port 3(team0) entered blocking state [ 322.314736][ T8285] bridge0: port 3(team0) entered forwarding state [ 322.558840][ T8289] exFAT-fs (nullb0): invalid boot record signature [ 322.565923][ T8289] exFAT-fs (nullb0): failed to read boot sector [ 322.572594][ T8289] exFAT-fs (nullb0): failed to recognize exfat type [ 322.609926][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.616431][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 322.710047][ T6810] hsr_slave_0: left promiscuous mode [ 322.789250][ T6810] hsr_slave_1: left promiscuous mode [ 322.814500][ T6810] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 322.854309][ T6810] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 322.872303][ T30] audit: type=1804 audit(1758075710.933:78): pid=8294 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.703" name="/newroot/131/file1" dev="fuse" ino=1 res=1 errno=0 [ 322.924920][ T6810] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 322.964055][ T6810] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 322.984938][ T30] audit: type=1800 audit(1758075710.933:79): pid=8294 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.703" name="/" dev="fuse" ino=1 res=0 errno=0 [ 323.008423][ T6810] batman_adv: batadv0: Interface deactivated: dummy0 [ 323.037861][ T6810] batman_adv: batadv0: Removing interface: dummy0 [ 323.086121][ T6810] veth1_macvtap: left promiscuous mode [ 323.108841][ T6810] veth0_macvtap: left promiscuous mode [ 323.120252][ T6810] veth1_vlan: left promiscuous mode [ 323.157150][ T6810] veth0_vlan: left promiscuous mode [ 323.383483][ T5965] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 324.253406][ T5965] usb 2-1: Using ep0 maxpacket: 32 [ 324.265309][ T5965] usb 2-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 324.291898][ T5965] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 324.333003][ T5965] usb 2-1: config 0 descriptor?? [ 324.370990][ T5965] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 324.425573][ T5944] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 324.593795][ T5944] usb 6-1: Using ep0 maxpacket: 8 [ 324.612834][ T5944] usb 6-1: config 6 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 324.625947][ T5944] usb 6-1: config 6 interface 0 altsetting 0 has an endpoint descriptor with address 0xEC, changing to 0x8C [ 324.639760][ T5944] usb 6-1: config 6 interface 0 altsetting 0 endpoint 0x8C has invalid wMaxPacketSize 0 [ 324.668932][ T5944] usb 6-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91 [ 324.679726][ T5944] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 324.688191][ T5944] usb 6-1: Product: syz [ 324.692493][ T5944] usb 6-1: Manufacturer: syz [ 324.697633][ T5944] usb 6-1: SerialNumber: syz [ 324.718884][ T5944] hso 6-1:6.0: Can't find BULK IN endpoint [ 324.941096][ T6810] team0 (unregistering): Port device team_slave_1 removed [ 324.991045][ T6810] team0 (unregistering): Port device team_slave_0 removed [ 325.008335][ T5965] usb 2-1: USB disconnect, device number 7 [ 326.596679][ T7986] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 326.620934][ T7986] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 326.667495][ T7986] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 326.697456][ T7986] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 327.004140][ T7986] 8021q: adding VLAN 0 to HW filter on device bond0 [ 327.063546][ T7986] 8021q: adding VLAN 0 to HW filter on device team0 [ 327.241363][ T7986] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 327.252906][ T7986] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 327.290996][ T8311] syz.5.709 (8311) used greatest stack depth: 17832 bytes left [ 327.301111][ T5873] usb 6-1: USB disconnect, device number 3 [ 327.314113][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 327.321349][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 327.413225][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 327.420473][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 330.166698][ T8364] netlink: 12 bytes leftover after parsing attributes in process `syz.3.719'. [ 330.196477][ T7986] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 330.489583][ T8366] comedi comedi4: bad chanlist[0]=0x032c0000 chan=0 range length=2 [ 330.835818][ T8384] netlink: 368 bytes leftover after parsing attributes in process `syz.5.724'. [ 331.593103][ T7986] veth0_vlan: entered promiscuous mode [ 331.672135][ T7986] veth1_vlan: entered promiscuous mode [ 331.892956][ T7986] veth0_macvtap: entered promiscuous mode [ 331.922690][ T7986] veth1_macvtap: entered promiscuous mode [ 331.990346][ T7986] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 332.077770][ T7986] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 332.105465][ T8406] netlink: 116 bytes leftover after parsing attributes in process `syz.3.728'. [ 333.519808][ T6810] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 333.732091][ T6810] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 333.815105][ T6810] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 333.859398][ T6810] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 334.446790][ T6809] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 334.501054][ T6809] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 334.588482][ T8424] netlink: 12 bytes leftover after parsing attributes in process `syz.1.731'. [ 334.731424][ T8045] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 334.772734][ T8045] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 335.217383][ T8434] wg1: entered promiscuous mode [ 335.222323][ T8434] wg1: entered allmulticast mode [ 335.248027][ T8437] netlink: 368 bytes leftover after parsing attributes in process `syz.1.736'. [ 335.433493][ T5873] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 335.615503][ T5873] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 335.630501][ T5873] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 335.640438][ T5873] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 335.656121][ T5873] usb 3-1: config 0 descriptor?? [ 335.674660][ T5873] pwc: Askey VC010 type 2 USB webcam detected. [ 336.556789][ T5873] pwc: recv_control_msg error -32 req 02 val 2b00 [ 336.570617][ T5873] pwc: recv_control_msg error -32 req 02 val 2700 [ 336.873597][ T5873] pwc: recv_control_msg error -71 req 04 val 1000 [ 336.926392][ T5873] pwc: recv_control_msg error -71 req 04 val 1300 [ 336.961727][ T5873] pwc: recv_control_msg error -71 req 04 val 1400 [ 337.024313][ T5873] pwc: recv_control_msg error -71 req 02 val 2000 [ 337.428013][ T8462] i2c i2c-0: Invalid block write size 34 [ 337.605399][ T5873] pwc: recv_control_msg error -71 req 02 val 2100 [ 338.113787][ T5873] pwc: recv_control_msg error -71 req 04 val 1500 [ 338.203713][ T5873] pwc: recv_control_msg error -71 req 02 val 2500 [ 338.217633][ T5873] pwc: recv_control_msg error -71 req 02 val 2400 [ 338.301735][ T5873] pwc: recv_control_msg error -71 req 02 val 2600 [ 338.325667][ T5873] pwc: recv_control_msg error -71 req 02 val 2900 [ 338.409835][ T5873] pwc: recv_control_msg error -71 req 02 val 2800 [ 338.514867][ T5873] pwc: recv_control_msg error -71 req 04 val 1100 [ 338.526700][ T5873] pwc: recv_control_msg error -71 req 04 val 1200 [ 338.575911][ T5873] pwc: Registered as video103. [ 338.623511][ T5873] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input8 [ 338.655521][ T5873] usb 3-1: USB disconnect, device number 11 [ 339.014051][ T8485] netlink: 368 bytes leftover after parsing attributes in process `syz.5.751'. [ 342.121530][ T8510] i2c i2c-0: Invalid block write size 34 [ 343.906310][ T8520] libceph: resolve '. [ 343.906310][ T8520] #)|.fǝa2sow?'%ЏKAqfCzeSb3L)HyoǤYMhE$ [ 343.906310][ T8520] ' (ret=-3): failed [ 347.997619][ T8562] i2c i2c-0: Invalid block write size 34 [ 352.083757][ T8612] netlink: 'syz.2.781': attribute type 8 has an invalid length. [ 353.587800][ T8625] i2c i2c-0: Invalid block write size 34 [ 355.544687][ T5944] IPVS: starting estimator thread 0... [ 356.493578][ T8651] IPVS: using max 28 ests per chain, 67200 per kthread [ 359.221526][ T8686] i2c i2c-0: Invalid block write size 34 [ 369.361363][ T8826] overlayfs: failed to resolve './file0': -2 [ 369.472374][ T8827] sctp: [Deprecated]: syz.6.818 (pid 8827) Use of int in maxseg socket option. [ 369.472374][ T8827] Use struct sctp_assoc_value instead [ 372.808324][ T8851] bridge_slave_0: left allmulticast mode [ 372.814373][ T8851] bridge_slave_0: left promiscuous mode [ 372.821220][ T8851] bridge0: port 1(bridge_slave_0) entered disabled state [ 374.738949][ T8851] bridge_slave_1: left allmulticast mode [ 374.745569][ T8851] bridge_slave_1: left promiscuous mode [ 374.752844][ T8851] bridge0: port 2(bridge_slave_1) entered disabled state [ 374.771138][ T8851] bond0: (slave bond_slave_0): Releasing backup interface [ 374.851295][ T8851] bond0: (slave bond_slave_1): Releasing backup interface [ 375.049500][ T8851] team0: Port device team_slave_0 removed [ 375.690669][ T8851] team0: Port device team_slave_1 removed [ 375.837731][ T8851] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 375.859987][ T8851] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 375.903764][ T5965] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 375.915067][ T8851] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 375.972208][ T8851] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 376.045967][ T8851] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 376.123515][ T5965] usb 3-1: Using ep0 maxpacket: 32 [ 376.161174][ T5965] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 376.193405][ T5965] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 376.233459][ T5965] usb 3-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 376.292518][ T5965] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 376.505547][ T5965] usb 3-1: config 0 descriptor?? [ 377.407719][ T5965] ft260 0003:0403:6030.0002: unknown main item tag 0x7 [ 377.637808][ T5965] ft260 0003:0403:6030.0002: chip code: 6424 8183 [ 378.012531][ T5965] ft260 0003:0403:6030.0002: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.2-1/input0 [ 378.198230][ T5965] ft260 0003:0403:6030.0002: failed to retrieve status: -32, no wakeup [ 378.221961][ T5965] ft260 0003:0403:6030.0002: failed to retrieve status: -32 [ 378.464493][ T5867] usb 3-1: USB disconnect, device number 12 [ 380.250060][ T5965] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 380.423536][ T5965] usb 6-1: Using ep0 maxpacket: 8 [ 382.112099][ T5965] usb 6-1: unable to get BOS descriptor or descriptor too short [ 382.124586][ T5965] usb 6-1: unable to read config index 0 descriptor/start: -71 [ 382.132195][ T5965] usb 6-1: can't read configurations, error -71 [ 382.624779][ T5965] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 382.793400][ T5965] usb 6-1: Using ep0 maxpacket: 8 [ 382.815366][ T5965] usb 6-1: config 6 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 382.849752][ T5965] usb 6-1: config 6 interface 0 altsetting 0 has an endpoint descriptor with address 0xEC, changing to 0x8C [ 382.876873][ T5965] usb 6-1: config 6 interface 0 altsetting 0 endpoint 0x8C has invalid wMaxPacketSize 0 [ 382.918682][ T5965] usb 6-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91 [ 382.933345][ T5965] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 382.954511][ T5965] usb 6-1: Product: syz [ 382.958736][ T5965] usb 6-1: Manufacturer: syz [ 382.976426][ T5965] usb 6-1: SerialNumber: syz [ 382.999739][ T5965] hso 6-1:6.0: Can't find BULK IN endpoint [ 384.144477][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 384.150843][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 386.983732][ T5965] usb 6-1: USB disconnect, device number 5 [ 388.331416][ T8987] usb usb8: usbfs: process 8987 (syz.1.859) did not claim interface 0 before use [ 388.621224][ T8998] netlink: 8 bytes leftover after parsing attributes in process `syz.3.863'. [ 389.953684][ T5965] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 390.285936][ T5965] usb 7-1: Using ep0 maxpacket: 8 [ 390.302764][ T5965] usb 7-1: config 6 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 390.321845][ T5965] usb 7-1: config 6 interface 0 altsetting 0 has an endpoint descriptor with address 0xEC, changing to 0x8C [ 390.379152][ T5965] usb 7-1: config 6 interface 0 altsetting 0 endpoint 0x8C has invalid wMaxPacketSize 0 [ 390.580651][ T5965] usb 7-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91 [ 390.594212][ T5965] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 390.629760][ T5965] usb 7-1: Product: syz [ 390.656529][ T5965] usb 7-1: Manufacturer: syz [ 390.718817][ T5965] usb 7-1: SerialNumber: syz [ 390.745565][ T5965] hso 7-1:6.0: Can't find BULK IN endpoint [ 390.966348][ T9029] netlink: 8 bytes leftover after parsing attributes in process `syz.3.875'. [ 392.255159][ T30] audit: type=1326 audit(1758075780.323:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9026 comm="syz.5.874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f79fd18eba9 code=0x7ffc0000 [ 392.699826][ T30] audit: type=1326 audit(1758075780.353:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9026 comm="syz.5.874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f79fd18eba9 code=0x7ffc0000 [ 392.774755][ T30] audit: type=1326 audit(1758075780.353:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9026 comm="syz.5.874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f79fd18eba9 code=0x7ffc0000 [ 393.157444][ T5873] usb 7-1: USB disconnect, device number 2 [ 393.168163][ T30] audit: type=1326 audit(1758075780.353:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9026 comm="syz.5.874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f79fd18eba9 code=0x7ffc0000 [ 393.193452][ T30] audit: type=1326 audit(1758075780.353:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9026 comm="syz.5.874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f79fd18eba9 code=0x7ffc0000 [ 393.316531][ T30] audit: type=1326 audit(1758075780.353:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9026 comm="syz.5.874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f79fd18eba9 code=0x7ffc0000 [ 393.413565][ T30] audit: type=1326 audit(1758075780.353:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9026 comm="syz.5.874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f79fd18eba9 code=0x7ffc0000 [ 393.501966][ T30] audit: type=1326 audit(1758075780.353:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9026 comm="syz.5.874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=117 compat=0 ip=0x7f79fd18eba9 code=0x7ffc0000 [ 393.572051][ T30] audit: type=1326 audit(1758075780.353:88): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=unconfined pid=9026 comm="syz.5.874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f79fd18eba9 code=0x7ffc0000 [ 393.650037][ T30] audit: type=1326 audit(1758075780.353:89): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=unconfined pid=9026 comm="syz.5.874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=117 compat=0 ip=0x7f79fd18eba9 code=0x7ffc0000 [ 394.187562][ T9058] netlink: 'syz.2.882': attribute type 1 has an invalid length. [ 394.217258][ T9058] netlink: 8 bytes leftover after parsing attributes in process `syz.2.882'. [ 394.258003][ T9060] netlink: 8 bytes leftover after parsing attributes in process `syz.3.883'. [ 394.324009][ T9056] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 398.424468][ T9105] netlink: 56 bytes leftover after parsing attributes in process `syz.3.896'. [ 398.436359][ T9107] netlink: 8 bytes leftover after parsing attributes in process `syz.5.897'. [ 402.535503][ T9140] netlink: 'syz.1.902': attribute type 1 has an invalid length. [ 402.761772][ T9141] netlink: 'syz.5.906': attribute type 10 has an invalid length. [ 402.807282][ T9141] netlink: 40 bytes leftover after parsing attributes in process `syz.5.906'. [ 402.834955][ T9133] overlayfs: failed to clone upperpath [ 403.355268][ T9153] binder: 9149:9153 ioctl 4018620d 0 returned -22 [ 404.067493][ T9148] exFAT-fs (nullb0): invalid boot record signature [ 404.075163][ T9148] exFAT-fs (nullb0): failed to read boot sector [ 404.082943][ T9148] exFAT-fs (nullb0): failed to recognize exfat type [ 406.603748][ T5878] Bluetooth: hci0: command 0x0405 tx timeout [ 406.792893][ T9177] netlink: 56 bytes leftover after parsing attributes in process `syz.6.915'. [ 408.025506][ T9184] netlink: 12 bytes leftover after parsing attributes in process `syz.5.918'. [ 409.959936][ T6809] wlan1: BSS 50:50:50:50:50:50 switches to unsupported channel (0 MHz), disconnecting [ 411.980055][ T6809] wlan1: Selected IBSS BSSID 50:50:50:50:50:50 based on configured SSID [ 412.438674][ T9229] ip6gretap0 speed is unknown, defaulting to 1000 [ 412.473605][ T9229] ip6gretap0 speed is unknown, defaulting to 1000 [ 412.513355][ T9229] ip6gretap0 speed is unknown, defaulting to 1000 [ 413.107950][ T9229] infiniband syz2: set active [ 413.113870][ T9229] infiniband syz2: added ip6gretap0 [ 413.122262][ T5930] ip6gretap0 speed is unknown, defaulting to 1000 [ 413.150277][ T9229] RDS/IB: syz2: added [ 413.154484][ T9229] smc: adding ib device syz2 with port count 1 [ 413.160744][ T9229] smc: ib device syz2 port 1 has no pnetid [ 413.167904][ T9229] ip6gretap0 speed is unknown, defaulting to 1000 [ 413.326408][ T9229] ip6gretap0 speed is unknown, defaulting to 1000 [ 413.484257][ T9229] ip6gretap0 speed is unknown, defaulting to 1000 [ 413.643901][ T9229] ip6gretap0 speed is unknown, defaulting to 1000 [ 413.799945][ T9229] ip6gretap0 speed is unknown, defaulting to 1000 [ 413.957585][ T9229] ip6gretap0 speed is unknown, defaulting to 1000 [ 414.101877][ T2154] ip6gretap0 speed is unknown, defaulting to 1000 [ 414.216688][ T5930] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 414.505195][ T5930] usb 6-1: Using ep0 maxpacket: 8 [ 414.514358][ T9237] netlink: 12 bytes leftover after parsing attributes in process `syz.2.932'. [ 415.132541][ T9243] binder: 9240:9243 ioctl 4018620d 0 returned -22 [ 415.983404][ T5930] usb 6-1: unable to get BOS descriptor or descriptor too short [ 416.061755][ T5930] usb 6-1: unable to read config index 0 descriptor/start: -71 [ 416.113473][ T5930] usb 6-1: can't read configurations, error -71 [ 421.433877][ T5944] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 421.634528][ T5944] usb 6-1: Using ep0 maxpacket: 8 [ 421.739725][ T5944] usb 6-1: config 6 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 421.858571][ T5944] usb 6-1: config 6 interface 0 altsetting 0 has an endpoint descriptor with address 0xEC, changing to 0x8C [ 421.985826][ T5944] usb 6-1: config 6 interface 0 altsetting 0 endpoint 0x8C has invalid wMaxPacketSize 0 [ 422.032587][ T5944] usb 6-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91 [ 422.077551][ T5944] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 422.285339][ T5944] usb 6-1: Product: syz [ 422.300637][ T5944] usb 6-1: Manufacturer: syz [ 422.933257][ T5944] usb 6-1: SerialNumber: syz [ 423.063869][ T5944] hso 6-1:6.0: Can't find BULK IN endpoint [ 425.166102][ T9347] netlink: 'syz.1.967': attribute type 1 has an invalid length. [ 425.792095][ T5965] usb 6-1: USB disconnect, device number 8 [ 426.287246][ T9356] netlink: 16 bytes leftover after parsing attributes in process `syz.2.972'. [ 426.646311][ T9364] netlink: 12 bytes leftover after parsing attributes in process `syz.2.973'. [ 427.220111][ T9374] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 445.554268][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.560630][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 533.033243][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 533.040289][ C1] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P8045/1:b..l [ 533.048602][ C1] rcu: (detected by 1, t=10502 jiffies, g=31425, q=131 ncpus=2) [ 533.056318][ C1] task:kworker/u8:16 state:R running task stack:24168 pid:8045 tgid:8045 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 533.070721][ C1] Workqueue: bat_events batadv_nc_worker [ 533.076393][ C1] Call Trace: [ 533.079677][ C1] [ 533.082611][ C1] __schedule+0x1798/0x4cc0 [ 533.087143][ C1] ? __pfx___schedule+0x10/0x10 [ 533.092003][ C1] ? do_raw_spin_unlock+0x122/0x240 [ 533.097235][ C1] ? preempt_schedule_irq+0xaa/0x150 [ 533.102547][ C1] preempt_schedule_irq+0xb5/0x150 [ 533.107678][ C1] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 533.113415][ C1] ? rcu_irq_exit_check_preempt+0xdf/0x210 [ 533.119278][ C1] irqentry_exit+0x6f/0x90 [ 533.123705][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 533.129701][ C1] RIP: 0010:__sanitizer_cov_trace_pc+0x8/0x70 [ 533.135783][ C1] Code: 8b 3d 84 e0 1e 0c 48 89 de 5b e9 d3 71 59 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 04 24 <65> 48 8b 0c 25 08 f0 c3 92 65 8b 15 88 1a 04 11 81 e2 00 01 ff 00 [ 533.155565][ C1] RSP: 0018:ffffc9000b2f7988 EFLAGS: 00000202 [ 533.161646][ C1] RAX: ffffffff8b51bff3 RBX: ffffffff8b51c2a0 RCX: 2fd9cdf4901ad200 [ 533.169619][ C1] RDX: ffff88802921bc80 RSI: ffffffff8c037de0 RDI: ffffffff8c037da0 [ 533.177604][ C1] RBP: ffff8880336079f8 R08: 0000000000000000 R09: ffffffff8b51bfaa [ 533.185586][ C1] R10: dffffc0000000000 R11: fffffbfff1f88787 R12: dffffc0000000000 [ 533.193564][ C1] R13: 1ffff1100cb70b13 R14: 0000000000000001 R15: ffff888065b84d80 [ 533.201542][ C1] ? __pfx_batadv_nc_fwd_flush+0x10/0x10 [ 533.207199][ C1] ? batadv_nc_process_nc_paths+0xba/0x3a0 [ 533.213024][ C1] ? batadv_nc_process_nc_paths+0x103/0x3a0 [ 533.218948][ C1] batadv_nc_process_nc_paths+0x103/0x3a0 [ 533.224790][ C1] ? batadv_nc_process_nc_paths+0xba/0x3a0 [ 533.230642][ C1] batadv_nc_worker+0x429/0x610 [ 533.235852][ C1] ? process_scheduled_works+0x9ef/0x17b0 [ 533.241589][ C1] process_scheduled_works+0xae1/0x17b0 [ 533.247162][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 533.253179][ C1] worker_thread+0x8a0/0xda0 [ 533.257793][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 533.264133][ C1] ? __kthread_parkme+0x7b/0x200 [ 533.269098][ C1] kthread+0x711/0x8a0 [ 533.273173][ C1] ? __pfx_worker_thread+0x10/0x10 [ 533.278296][ C1] ? __pfx_kthread+0x10/0x10 [ 533.282906][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 533.288173][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 533.293388][ C1] ? __pfx_kthread+0x10/0x10 [ 533.297988][ C1] ret_from_fork+0x4bc/0x870 [ 533.302589][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 533.307801][ C1] ? __switch_to_asm+0x39/0x70 [ 533.312570][ C1] ? __switch_to_asm+0x33/0x70 [ 533.317347][ C1] ? __pfx_kthread+0x10/0x10 [ 533.321957][ C1] ret_from_fork_asm+0x1a/0x30 [ 533.326754][ C1] [ 533.329804][ C1] rcu: rcu_preempt kthread starved for 8841 jiffies! g31425 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 533.340923][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 533.350939][ C1] rcu: RCU grace-period kthread stack dump: [ 533.356828][ C1] task:rcu_preempt state:R running task stack:26568 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00004000 [ 533.370328][ C1] Call Trace: [ 533.373609][ C1] [ 533.376576][ C1] __schedule+0x1798/0x4cc0 [ 533.381121][ C1] ? __pfx___schedule+0x10/0x10 [ 533.386040][ C1] ? schedule+0x91/0x360 [ 533.390294][ C1] schedule+0x165/0x360 [ 533.394462][ C1] schedule_timeout+0x12b/0x270 [ 533.399318][ C1] ? __pfx_schedule_timeout+0x10/0x10 [ 533.404690][ C1] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 533.410593][ C1] ? __pfx_process_timeout+0x10/0x10 [ 533.415886][ C1] ? prepare_to_swait_event+0x341/0x380 [ 533.421441][ C1] rcu_gp_fqs_loop+0x301/0x1540 [ 533.426314][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 533.431529][ C1] ? __pfx_rcu_watching_snap_recheck+0x10/0x10 [ 533.437700][ C1] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 533.442997][ C1] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 533.448901][ C1] ? finish_swait+0xcd/0x1f0 [ 533.453495][ C1] rcu_gp_kthread+0x99/0x390 [ 533.458102][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 533.463309][ C1] ? __kthread_parkme+0x7b/0x200 [ 533.468243][ C1] ? __kthread_parkme+0x1a1/0x200 [ 533.473284][ C1] kthread+0x711/0x8a0 [ 533.477360][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 533.482563][ C1] ? __pfx_kthread+0x10/0x10 [ 533.487160][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 533.492370][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 533.497575][ C1] ? __pfx_kthread+0x10/0x10 [ 533.502203][ C1] ret_from_fork+0x4bc/0x870 [ 533.506801][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 533.511927][ C1] ? __switch_to_asm+0x39/0x70 [ 533.516694][ C1] ? __switch_to_asm+0x33/0x70 [ 533.521463][ C1] ? __pfx_kthread+0x10/0x10 [ 533.526058][ C1] ret_from_fork_asm+0x1a/0x30 [ 533.530841][ C1] [ 533.533858][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 533.540191][ C1] Sending NMI from CPU 1 to CPUs 0: [ 533.545435][ C0] NMI backtrace for cpu 0 [ 533.545459][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 PREEMPT(full) [ 533.545486][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 533.545500][ C0] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 533.545532][ C0] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 03 7c 24 00 f3 0f 1e fa fb f4 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 533.545545][ C0] RSP: 0018:ffffffff8e007d80 EFLAGS: 000002c2 [ 533.545560][ C0] RAX: b72e08fb19932a00 RBX: ffffffff819697b8 RCX: b72e08fb19932a00 [ 533.545573][ C0] RDX: 0000000000000001 RSI: ffffffff8dbc0cb8 RDI: ffffffff8c037e00 [ 533.545585][ C0] RBP: ffffffff8e007ea8 R08: ffff8880b8632fdb R09: 1ffff110170c65fb [ 533.545596][ C0] R10: dffffc0000000000 R11: ffffed10170c65fc R12: ffffffff8fc43c30 [ 533.545609][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1c12a38 [ 533.545619][ C0] FS: 0000000000000000(0000) GS:ffff8881259e1000(0000) knlGS:0000000000000000 [ 533.545632][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 533.545643][ C0] CR2: 00007f2b45e4a3bf CR3: 000000006a226000 CR4: 00000000003526f0 [ 533.545658][ C0] Call Trace: [ 533.545665][ C0] [ 533.545671][ C0] default_idle+0x13/0x20 [ 533.545688][ C0] default_idle_call+0x74/0xb0 [ 533.545705][ C0] do_idle+0x1e8/0x510 [ 533.545734][ C0] ? __pfx_do_idle+0x10/0x10 [ 533.545766][ C0] cpu_startup_entry+0x44/0x60 [ 533.545790][ C0] rest_init+0x2de/0x300 [ 533.545809][ C0] start_kernel+0x3ae/0x410 [ 533.545836][ C0] x86_64_start_reservations+0x24/0x30 [ 533.545856][ C0] x86_64_start_kernel+0x143/0x1c0 [ 533.545875][ C0] common_startup_64+0x13e/0x147 [ 533.545903][ C0] [ 535.006734][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 535.013110][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 536.686866][ T5870] Bluetooth: hci5: command tx timeout SYZFAIL: failed to send rpc fd=3 want=8368 sent=0 n=-1 (errno 32: Broken pipe) [ 541.234505][ T1133] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 541.347391][ T1133] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 541.432562][ T1133] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 541.629497][ T1133] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 542.243948][ T1133] bond0 (unregistering): Released all slaves [ 542.812057][ T1133] hsr_slave_0: left promiscuous mode [ 542.831062][ T1133] hsr_slave_1: left promiscuous mode [ 542.858420][ T1133] veth1_macvtap: left promiscuous mode [ 542.864450][ T1133] veth0_macvtap: left promiscuous mode [ 542.870145][ T1133] veth1_vlan: left promiscuous mode [ 542.876706][ T1133] veth0_vlan: left promiscuous mode