last executing test programs: 22.815566738s ago: executing program 2 (id=1313): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x38, &(0x7f00000000c0)=[@in6={0xa, 0x4e24, 0x8, @private0={0xfc, 0x0, '\x00', 0x1}, 0x778}, @in6={0xa, 0x4e20, 0xec, @private2, 0x200}]}, &(0x7f0000000180)=0x10) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a80000000060a0b0400000000000000000200fffe540004802800018007000100637400001c0002800800014000000002080002400000001005000300010000002800018007000100637400001c0002800800024000000011080004400000000c05000300010000000900010073797a30000000000900020073797a320000000014000000110001"], 0xa8}, 0x1, 0x0, 0x0, 0x840}, 0x0) 21.572307432s ago: executing program 2 (id=1317): socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$netlink(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$packet(0x11, 0x3, 0x300) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket(0x11, 0x3, 0x0) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000200)=0xe9, 0x4) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000140)={0x11, 0x19, r5, 0x1, 0x0, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2f}}, 0x14) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0) 18.103819687s ago: executing program 2 (id=1325): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendmsg$IPSET_CMD_RENAME(0xffffffffffffffff, 0x0, 0x20005004) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000) getsockopt$inet_sctp6_SCTP_RECVRCVINFO(0xffffffffffffffff, 0x84, 0x20, &(0x7f0000000340), &(0x7f0000000380)=0x4) ioctl$DRM_IOCTL_MODE_SETPLANE(0xffffffffffffffff, 0xc03064b7, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, 0x0, 0x0) syz_usb_connect(0x0, 0x24, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup.net/syz1\x00', 0x200002, 0x0) 15.632317899s ago: executing program 3 (id=1329): prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000040)={0x40000006}) epoll_pwait(r3, &(0x7f0000000100)=[{}], 0x1, 0xfffeffff, 0x0, 0x443c000000000000) connect$unix(r1, &(0x7f0000000140)=@abs={0x0, 0x0, 0x4e20}, 0x6e) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) capget(&(0x7f0000000100)={0x20080522}, 0x0) r4 = syz_usb_connect(0x0, 0x24, &(0x7f0000000440)=ANY=[@ANYBLOB="12011f00abbe6740e9174e8b089c000000010902"], 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) syz_usb_disconnect(r4) 15.529101027s ago: executing program 4 (id=1332): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x5, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=@newqdisc={0x38, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r4, {0xfff3}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x8, 0x2, 0x7}}]}, 0x38}, 0x1, 0x0, 0x0, 0x400dc}, 0x4000080) r5 = socket(0x400000000010, 0x3, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r7, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) 15.251337179s ago: executing program 2 (id=1334): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r4 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r4, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2c}}, 0x10) sendmmsg$inet(r4, &(0x7f0000004540)=[{{&(0x7f0000000040)={0x2, 0x4e22, @multicast1}, 0x10, 0x0}, 0xee0000b0}, {{0x0, 0x0, &(0x7f00000012c0)=[{0x0}], 0x1}}, {{0x0, 0x0, &(0x7f00000017c0)}}], 0x3, 0x0) 14.203870479s ago: executing program 0 (id=1335): r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fchdir(r1) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)=0x0) timer_settime(r3, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f000000cffc)=0x1, 0x86, 0x2, 0x0, 0x0, 0xfffffffc) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r4, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9) bpf$MAP_CREATE(0x0, 0x0, 0x0) 12.897470973s ago: executing program 4 (id=1338): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x8002, 0x0) r3 = memfd_secret(0x80000) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0xa, 0x11, r3, 0x0) ftruncate(r3, 0x51a9497) 12.678154451s ago: executing program 2 (id=1339): userfaultfd(0x80801) r0 = socket$netlink(0x10, 0x3, 0x0) getsockname$packet(r0, 0x0, 0x0) sendmsg$NL80211_CMD_SET_BSS(0xffffffffffffffff, 0x0, 0x4000800) socket(0x26, 0x3, 0x0) r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f0000000180)=0x6f) openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) write$dsp(r1, &(0x7f00000012c0)="a52876830a602214f6b4", 0xa) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x1ff, 0x7, 0x0, 0x8000, 0x4, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) 12.677587345s ago: executing program 1 (id=1340): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, &(0x7f0000000040)={0x0, 0x1000, 0xb28, 0x6}, 0x8) r3 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_GETCRTC(r3, 0xc06864a1, 0x0) ioctl$DRM_IOCTL_MODE_SETCRTC(r3, 0xc06864a2, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x7, {0x1fffe, 0x9, 0x0, 0x0, 0x8, 0x0, 0x3, 0x0, 0x0, 0x0, 0x5, 0xff, 0x8, 0x0, "d20bddda92e75aec79ff0300d28001000b0000000000001000000900"}}) 11.702134133s ago: executing program 3 (id=1341): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x20, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff0000", @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x73cea2d47785b264, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) fcntl$lock(0xffffffffffffffff, 0x26, &(0x7f00000000c0)={0x1, 0x2, 0x9, 0xe71}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mknodat$null(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x103) unlinkat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) 11.493106097s ago: executing program 4 (id=1342): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r0) creat(&(0x7f00000002c0)='./file0\x00', 0x0) r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r2 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000a40)={r2, 0x0, 0x9, 0x0, &(0x7f0000000380)="f6f4e9a1d78ad62cee", 0x0, 0xa1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x50) r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0xc402, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000003bc0)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000}, 0x94) write$P9_RVERSION(r2, &(0x7f0000000c40)=ANY=[], 0x13) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r4, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000280)='./file0\x00', &(0x7f0000000300)=[0x5, 0x7], &(0x7f0000000380), 0x0, 0x2}}, 0x40) mmap$xdp(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000006, 0x12, r1, 0x0) 11.492264875s ago: executing program 1 (id=1343): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, 0x0) r1 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a000008048002000905", @ANYRES64], 0x0) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r2, 0x0, 0x0) r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) write$char_usb(r3, 0x0, 0x0) syz_usb_disconnect(r1) gettid() close_range(r0, 0xffffffffffffffff, 0x0) 11.415850857s ago: executing program 2 (id=1344): ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x9a974000) syz_open_procfs(0x0, &(0x7f0000000180)='net/ip_vs_stats_percpu\x00') r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x800000, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x854}, 0x0) mremap(&(0x7f00003ef000/0x3000)=nil, 0x3000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) madvise(&(0x7f000042f000/0x800000)=nil, 0x800000, 0x15) sched_setattr(0x0, 0x0, 0x0) 11.393201666s ago: executing program 0 (id=1345): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r3, &(0x7f0000000100)={0x18, 0x2, {0x7fc, @loopback}}, 0x1e) r4 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r4, &(0x7f0000000000)={0x18, 0x2, {0x0, @local}}, 0x1e) connect$pptp(r3, &(0x7f0000000080)={0x18, 0x2, {0x0, @loopback}}, 0x1e) 10.001432517s ago: executing program 3 (id=1346): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, 0x0, &(0x7f0000000000)) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f0000000200)={0x0, @in={{0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x3a}}}}, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0) 8.787825041s ago: executing program 3 (id=1347): memfd_create(0x0, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = io_uring_setup(0x2e01, &(0x7f0000000700)={0x0, 0xafd3, 0x1000, 0x2, 0x2d2}) r4 = io_uring_setup(0x7625, &(0x7f0000000600)={0x0, 0x43b6, 0x1, 0x0, 0x28e}) io_uring_register$IORING_REGISTER_FILES(r4, 0x1e, &(0x7f0000000000)=[r3], 0x1) 8.78672776s ago: executing program 0 (id=1348): syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) read(r0, &(0x7f00000019c0)=""/4097, 0x1001) inotify_add_watch(0xffffffffffffffff, 0x0, 0x28000063) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) socket$inet6_tcp(0xa, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840), 0x0) syz_open_dev$tty1(0xc, 0x4, 0x2) 8.711930634s ago: executing program 4 (id=1349): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socketpair$unix(0x1, 0x1, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000480)=ANY=[@ANYRES32=r3, @ANYRES32, @ANYBLOB="05"], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r3}, &(0x7f00000006c0), &(0x7f0000000100)}, 0x20) 8.700090365s ago: executing program 1 (id=1350): setresuid(0xffffffffffffffff, 0x0, 0xee00) r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='uid_map\x00') bind$inet(r0, 0x0, 0x0) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$ETHTOOL_MSG_PAUSE_GET(r1, &(0x7f0000000700)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000600)={0x3c, 0x0, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xcd5690c40c0851f1}]}]}, 0x3c}}, 0x4000851) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'lo\x00'}) getsockopt$IP_SET_OP_GET_BYNAME(r0, 0x1, 0x53, &(0x7f0000000240)={0x6, 0x7, 'syz1\x00'}, &(0x7f00000002c0)=0x28) sendto$inet6(r0, &(0x7f0000000300)="a759f321b96c158abf54da764d7e910ac197a06aa035d8564a7a2d4353e579a254ed1dc022964af3a20056ff13255e1ddc1dea13d4b6dfe532d5cad7978862d76578c5d578503301fe817223bb07f794347f95cb78cfa077bfdab5b45d18e3bb23de2b6389f493e1a5382c8a944abceefeb129d072979413eb8d7784b78a08664a3f1d9ab22d0da2c61ac17d96b40ceaeebf93f6f5a1c120", 0x98, 0x20000090, &(0x7f00000003c0)={0xa, 0x4e21, 0xf76, @empty, 0x4}, 0x1c) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000ec0)=@deltaction={0x14, 0x31, 0x20, 0x70bd25, 0x25dfdbff}, 0x14}}, 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSETMODE(r4, 0x4b45, 0x1) 7.518231434s ago: executing program 3 (id=1351): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x40) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r0, &(0x7f0000002300)={0x0, 0x0, &(0x7f00000022c0)={&(0x7f0000002280)={0x30, 0x7, 0x6, 0x5, 0x0, 0x0, {0xa, 0x0, 0x5}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000000}, 0x40000) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f00000011c0)=ANY=[@ANYBLOB='dyn']) r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000300)=ANY=[@ANYBLOB="180100002d0001fff00000000000000006"], 0x118}], 0x1}, 0x180) 7.352818762s ago: executing program 0 (id=1352): r0 = epoll_create1(0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) socket$kcm(0x2, 0xa, 0x2) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x28048810) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) r1 = socket(0x1, 0x80802, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0xa000000d}) bpf$PROG_LOAD(0x5, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x10000001}) epoll_pwait(r2, &(0x7f0000000080)=[{}], 0x1, 0x80000000, 0x0, 0x0) close(r2) shutdown(r1, 0x0) close(r0) 7.349112233s ago: executing program 4 (id=1353): r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$sierra_net(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, 0x0) syz_usb_control_io$sierra_net(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f00000010c0)={0x84, &(0x7f0000000b80)={0x20, 0x6}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 1.665727867s ago: executing program 1 (id=1354): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) connect$llc(0xffffffffffffffff, 0x0, 0x0) r3 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) ioctl$VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f00000002c0)={0x1, @pix={0x0, 0xe55, 0x33565348, 0x9, 0x0, 0x0, 0x0, 0xfeedcafe, 0x3, 0x8}}) 353.665909ms ago: executing program 3 (id=1355): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x9, 0x1, 0x7fe2, 0x1}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)="ad9ebf11ada0330a6c939a51d7", 0x0, 0xd, r0, 0x4}, 0x38) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000040)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2d}}, 0x10) setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = creat(&(0x7f0000000000)='./file1\x00', 0x0) io_setup(0x200, &(0x7f0000000140)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r2}, 0x10) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000940)={{r3}, &(0x7f00000008c0), &(0x7f0000000900)='%-5lx \x00'}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x17, 0x0, 0x0, &(0x7f00000002c0)='syzkaller\x00', 0x1, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @cgroup_sysctl, r3, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, r3, 0x2, 0x0, &(0x7f0000000a00)=[{0x2, 0x1, 0xd, 0x2}, {0x2, 0x2, 0x4, 0x1}], 0x10, 0xffff}, 0x94) sendto$inet(r1, 0x0, 0x0, 0xc806, &(0x7f0000000180)={0x2, 0x4e21, @multicast1}, 0x10) sendto$inet(r1, &(0x7f0000000100)='J', 0xfdbe, 0x4004084, 0x0, 0x11000a00) 327.075086ms ago: executing program 1 (id=1356): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x4}, 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1, 0x4, 0x7fe2, 0x1, 0x1, 0xffffffffffffffff, 0xfff}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000640)={{r0, 0xffffffffffffffff}, &(0x7f0000000600), &(0x7f00000001c0)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000180)=r2, 0x4) sendmsg$inet(r4, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20000000) bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) 227.661149ms ago: executing program 4 (id=1357): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/fib_triestat\x00') lseek(r3, 0x10000000005, 0x0) kexec_load(0x5, 0x0, 0x0, 0x0) 225.387639ms ago: executing program 1 (id=1358): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000000203010400000000ffffffff000000000800010001"], 0x28}}, 0x0) sendmsg$NFQNL_MSG_VERDICT_BATCH(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000500)={0x20, 0x3, 0x3, 0x101, 0x0, 0x0, {}, [@NFQA_VERDICT_HDR={0xc}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) 201.923166ms ago: executing program 0 (id=1359): socket$nl_route(0x10, 0x3, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket$kcm(0x10, 0x2, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) socket(0x400000000010, 0x3, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x9, 0x3, 0xc, 0x3, 0x0, 0xffffffffffffffff, 0x3}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0500000004000000080000000a"], 0x48) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000008000000020000000900000001"], 0x50) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r0, @ANYBLOB="08000100", @ANYRES32=r1], 0x90}}, 0x0) 0s ago: executing program 0 (id=1360): r0 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x3, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, r0}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = semget$private(0x0, 0x4, 0x29b) semctl$IPC_RMID(r4, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.53' (ED25519) to the list of known hosts. [ 81.535933][ T5787] cgroup: Unknown subsys name 'net' [ 81.799890][ T5787] cgroup: Unknown subsys name 'cpuset' [ 81.852436][ T5787] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 83.522596][ T5787] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 86.295948][ T5804] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 86.297636][ T5804] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 86.298366][ T5804] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 86.299819][ T5804] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 86.300756][ T5804] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 86.436311][ T5119] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 86.439570][ T5119] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 86.441013][ T5119] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 86.442766][ T5119] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 86.443637][ T5119] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 86.524145][ T5811] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 86.526559][ T5811] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 86.528036][ T5811] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 86.530236][ T5811] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 86.535845][ T5815] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 86.538469][ T5815] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 86.541920][ T5815] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 86.563817][ T5815] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 86.565620][ T5815] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 86.600986][ T5815] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 86.611197][ T5809] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 86.614335][ T5119] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 86.617913][ T5809] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 86.690773][ T5815] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 86.691727][ T5815] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 86.886381][ T994] cfg80211: failed to load regulatory.db [ 87.269390][ T5805] chnl_net:caif_netlink_parms(): no params data found [ 87.346605][ T5800] chnl_net:caif_netlink_parms(): no params data found [ 87.840679][ T5805] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.842340][ T5805] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.842952][ T5805] bridge_slave_0: entered allmulticast mode [ 87.845794][ T5805] bridge_slave_0: entered promiscuous mode [ 87.956145][ T5805] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.956242][ T5805] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.956543][ T5805] bridge_slave_1: entered allmulticast mode [ 87.957998][ T5805] bridge_slave_1: entered promiscuous mode [ 88.172895][ T5800] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.173047][ T5800] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.173158][ T5800] bridge_slave_0: entered allmulticast mode [ 88.174646][ T5800] bridge_slave_0: entered promiscuous mode [ 88.322765][ T5800] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.322908][ T5800] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.323071][ T5800] bridge_slave_1: entered allmulticast mode [ 88.324861][ T5800] bridge_slave_1: entered promiscuous mode [ 88.366013][ T5805] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.385464][ T61] Bluetooth: hci0: command tx timeout [ 88.470459][ T5805] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.542271][ T61] Bluetooth: hci1: command tx timeout [ 88.582980][ T5812] chnl_net:caif_netlink_parms(): no params data found [ 88.685741][ T5800] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.693552][ T5806] chnl_net:caif_netlink_parms(): no params data found [ 88.703278][ T61] Bluetooth: hci2: command tx timeout [ 88.780281][ T5800] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.781829][ T61] Bluetooth: hci4: command tx timeout [ 88.781839][ T5815] Bluetooth: hci3: command tx timeout [ 88.806831][ T5805] team0: Port device team_slave_0 added [ 88.807433][ T5807] chnl_net:caif_netlink_parms(): no params data found [ 88.943660][ T5805] team0: Port device team_slave_1 added [ 89.184705][ T5800] team0: Port device team_slave_0 added [ 89.344239][ T5800] team0: Port device team_slave_1 added [ 89.554610][ T5805] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.554621][ T5805] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.554635][ T5805] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.699857][ T5805] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.699869][ T5805] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.699882][ T5805] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.916751][ T5800] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.916763][ T5800] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.916776][ T5800] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.917279][ T5812] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.918421][ T5812] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.918555][ T5812] bridge_slave_0: entered allmulticast mode [ 89.920520][ T5812] bridge_slave_0: entered promiscuous mode [ 90.113610][ T5800] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.113622][ T5800] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.113636][ T5800] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.114106][ T5812] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.114221][ T5812] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.114329][ T5812] bridge_slave_1: entered allmulticast mode [ 90.115842][ T5812] bridge_slave_1: entered promiscuous mode [ 90.116653][ T5806] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.116768][ T5806] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.116872][ T5806] bridge_slave_0: entered allmulticast mode [ 90.118401][ T5806] bridge_slave_0: entered promiscuous mode [ 90.383489][ T5806] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.383668][ T5806] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.383803][ T5806] bridge_slave_1: entered allmulticast mode [ 90.385303][ T5806] bridge_slave_1: entered promiscuous mode [ 90.388239][ T5807] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.388351][ T5807] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.388545][ T5807] bridge_slave_0: entered allmulticast mode [ 90.390765][ T5807] bridge_slave_0: entered promiscuous mode [ 90.462779][ T5815] Bluetooth: hci0: command tx timeout [ 90.621984][ T5815] Bluetooth: hci1: command tx timeout [ 90.643551][ T5807] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.643647][ T5807] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.643753][ T5807] bridge_slave_1: entered allmulticast mode [ 90.645248][ T5807] bridge_slave_1: entered promiscuous mode [ 90.648711][ T5812] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.658515][ T5805] hsr_slave_0: entered promiscuous mode [ 90.660033][ T5805] hsr_slave_1: entered promiscuous mode [ 90.782063][ T5815] Bluetooth: hci2: command tx timeout [ 90.863052][ T61] Bluetooth: hci3: command tx timeout [ 90.863143][ T5815] Bluetooth: hci4: command tx timeout [ 90.875868][ T5812] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.880695][ T5806] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.086272][ T5806] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.091386][ T5800] hsr_slave_0: entered promiscuous mode [ 91.093824][ T5800] hsr_slave_1: entered promiscuous mode [ 91.094835][ T5800] debugfs: 'hsr0' already exists in 'hsr' [ 91.094948][ T5800] Cannot create hsr debugfs directory [ 91.100625][ T5807] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.335960][ T5807] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.337498][ T5812] team0: Port device team_slave_0 added [ 91.474431][ T5812] team0: Port device team_slave_1 added [ 91.624358][ T5806] team0: Port device team_slave_0 added [ 92.088452][ T5806] team0: Port device team_slave_1 added [ 92.090234][ T5807] team0: Port device team_slave_0 added [ 92.294060][ T5807] team0: Port device team_slave_1 added [ 92.294993][ T5812] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.295003][ T5812] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.295016][ T5812] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.453230][ T5812] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.453243][ T5812] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.453256][ T5812] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.477492][ T5806] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.477510][ T5806] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.477532][ T5806] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.551834][ T5815] Bluetooth: hci0: command tx timeout [ 92.605443][ T5806] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.605455][ T5806] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.605469][ T5806] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.606603][ T5807] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.606612][ T5807] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.606628][ T5807] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.640300][ T5807] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.640316][ T5807] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.640339][ T5807] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.711869][ T5815] Bluetooth: hci1: command tx timeout [ 92.861969][ T5815] Bluetooth: hci2: command tx timeout [ 92.942088][ T61] Bluetooth: hci3: command tx timeout [ 92.942184][ T5815] Bluetooth: hci4: command tx timeout [ 93.110132][ T5812] hsr_slave_0: entered promiscuous mode [ 93.111261][ T5812] hsr_slave_1: entered promiscuous mode [ 93.113775][ T5812] debugfs: 'hsr0' already exists in 'hsr' [ 93.113801][ T5812] Cannot create hsr debugfs directory [ 93.313956][ T5806] hsr_slave_0: entered promiscuous mode [ 93.315377][ T5806] hsr_slave_1: entered promiscuous mode [ 93.316229][ T5806] debugfs: 'hsr0' already exists in 'hsr' [ 93.316249][ T5806] Cannot create hsr debugfs directory [ 93.468460][ T5807] hsr_slave_0: entered promiscuous mode [ 93.469293][ T5807] hsr_slave_1: entered promiscuous mode [ 93.469893][ T5807] debugfs: 'hsr0' already exists in 'hsr' [ 93.469913][ T5807] Cannot create hsr debugfs directory [ 94.203370][ T5805] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 94.280267][ T5805] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 94.404267][ T5805] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 94.465625][ T5805] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 94.622171][ T5815] Bluetooth: hci0: command tx timeout [ 94.666947][ T5800] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 94.710318][ T5800] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 94.754788][ T5800] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 94.782075][ T5815] Bluetooth: hci1: command tx timeout [ 94.799554][ T5800] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 94.877654][ T5812] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 94.911417][ T5812] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 94.941985][ T5815] Bluetooth: hci2: command tx timeout [ 94.946443][ T5812] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 95.016432][ T5812] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 95.021874][ T5815] Bluetooth: hci4: command tx timeout [ 95.021904][ T5815] Bluetooth: hci3: command tx timeout [ 95.155674][ T5806] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 95.202464][ T5806] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 95.238690][ T5806] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 95.281454][ T5806] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 95.400632][ T5807] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 95.433648][ T5807] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 95.476385][ T5805] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.479163][ T5807] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 95.527694][ T5807] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 95.609703][ T5805] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.645789][ T5800] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.648663][ T1312] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.649195][ T1312] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.697520][ T1312] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.697662][ T1312] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.759869][ T5800] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.779779][ T5812] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.805665][ T2371] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.806004][ T2371] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.846837][ T2371] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.846966][ T2371] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.900287][ T5812] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.925009][ T5806] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.945664][ T2371] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.945818][ T2371] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.008771][ T1312] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.009084][ T1312] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.074727][ T5807] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.090068][ T5806] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.140166][ T2371] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.140378][ T2371] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.193383][ T1335] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.193521][ T1335] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.236050][ T5807] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.294203][ T2371] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.294557][ T2371] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.347302][ T2371] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.347450][ T2371] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.484632][ T5805] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.666402][ T5800] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.931234][ T5812] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.987597][ T5800] veth0_vlan: entered promiscuous mode [ 97.076395][ T5800] veth1_vlan: entered promiscuous mode [ 97.188878][ T5806] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.225696][ T5812] veth0_vlan: entered promiscuous mode [ 97.261339][ T5800] veth0_macvtap: entered promiscuous mode [ 97.283672][ T5812] veth1_vlan: entered promiscuous mode [ 97.289971][ T5800] veth1_macvtap: entered promiscuous mode [ 97.306046][ T5807] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.339421][ T5805] veth0_vlan: entered promiscuous mode [ 97.379293][ T5800] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.395330][ T5805] veth1_vlan: entered promiscuous mode [ 97.419362][ T5800] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.421364][ T5806] veth0_vlan: entered promiscuous mode [ 97.465518][ T5812] veth0_macvtap: entered promiscuous mode [ 97.466688][ T3599] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.487130][ T3599] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.494734][ T3599] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.512714][ T5812] veth1_macvtap: entered promiscuous mode [ 97.513627][ T3599] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.526194][ T5806] veth1_vlan: entered promiscuous mode [ 97.606960][ T5807] veth0_vlan: entered promiscuous mode [ 97.663778][ T5805] veth0_macvtap: entered promiscuous mode [ 97.670652][ T5812] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.766020][ T5807] veth1_vlan: entered promiscuous mode [ 97.768396][ T5805] veth1_macvtap: entered promiscuous mode [ 97.785859][ T5812] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.839038][ T69] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.865182][ T69] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.868943][ T69] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.874475][ T5806] veth0_macvtap: entered promiscuous mode [ 97.882576][ T69] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.896842][ T3599] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.896863][ T3599] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.918993][ T5806] veth1_macvtap: entered promiscuous mode [ 97.929797][ T5805] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.001167][ T5805] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.050897][ T3599] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.050914][ T3599] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.136297][ T2371] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.140415][ T2371] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.157078][ T5807] veth0_macvtap: entered promiscuous mode [ 98.159086][ T2371] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.168204][ T5806] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.178059][ T2371] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.247610][ T5807] veth1_macvtap: entered promiscuous mode [ 98.283027][ T5806] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.291782][ T2371] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.291801][ T2371] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.419864][ T3599] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.435853][ T3599] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.444302][ T3599] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.547845][ T2371] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.547863][ T2371] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.548578][ T3599] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.585881][ T5807] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.748926][ T5807] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.781894][ T3599] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.781912][ T3599] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.913948][ T1312] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.976242][ T1312] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.977237][ T1312] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.977281][ T1312] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.125343][ T1294] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.125364][ T1294] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.939536][ T3599] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.939555][ T3599] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.444239][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.444258][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.690166][ T3599] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.690185][ T3599] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.875536][ T1312] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.875557][ T1312] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.220258][ T5949] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 101.239051][ T5952] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 101.384387][ T5952] netlink: 8 bytes leftover after parsing attributes in process `syz.0.14'. [ 103.503463][ T5985] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 105.559845][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 106.049589][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 106.947339][ T9] IPVS: starting estimator thread 0... [ 107.042392][ T6052] IPVS: using max 9 ests per chain, 21600 per kthread [ 110.273837][ T6063] krxrpcio/0 (6063) used greatest stack depth: 17960 bytes left [ 111.753348][ T6114] input: syz1 as /devices/virtual/input/input5 [ 112.450863][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 113.206035][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 113.276162][ T6143] warning: `syz.3.67' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 115.611890][ T6159] netlink: 'syz.2.71': attribute type 10 has an invalid length. [ 115.611912][ T6159] netlink: 40 bytes leftover after parsing attributes in process `syz.2.71'. [ 115.840728][ T6159] team0: Port device geneve0 added [ 116.274830][ T5866] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 116.329465][ T6172] wg2: entered promiscuous mode [ 116.329500][ T6172] wg2: entered allmulticast mode [ 116.507755][ T5866] usb 2-1: config 220 has an invalid interface number: 76 but max is 2 [ 116.507781][ T5866] usb 2-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 116.507797][ T5866] usb 2-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 116.507814][ T5866] usb 2-1: config 220 has no interface number 2 [ 116.507948][ T5866] usb 2-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 116.507971][ T5866] usb 2-1: config 220 interface 0 has no altsetting 0 [ 116.507987][ T5866] usb 2-1: config 220 interface 76 has no altsetting 0 [ 116.508003][ T5866] usb 2-1: config 220 interface 1 has no altsetting 0 [ 116.587400][ T5866] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 116.587429][ T5866] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 116.587448][ T5866] usb 2-1: Product: syz [ 116.587461][ T5866] usb 2-1: Manufacturer: syz [ 116.587473][ T5866] usb 2-1: SerialNumber: syz [ 116.734348][ T991] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 116.745986][ T5951] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 116.894306][ T991] usb 4-1: Using ep0 maxpacket: 32 [ 116.897360][ T5951] usb 5-1: Using ep0 maxpacket: 16 [ 116.900626][ T991] usb 4-1: config 0 has an invalid interface number: 136 but max is 0 [ 116.900651][ T991] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 116.900668][ T991] usb 4-1: config 0 has no interface number 0 [ 116.900715][ T991] usb 4-1: New USB device found, idVendor=0763, idProduct=1021, bcdDevice=8e.c0 [ 116.900737][ T991] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 116.947095][ T5951] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 116.947127][ T5951] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 116.967922][ T5951] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 116.967950][ T5951] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 116.967966][ T5951] usb 5-1: Product: syz [ 116.967978][ T5951] usb 5-1: Manufacturer: syz [ 116.967991][ T5951] usb 5-1: SerialNumber: syz [ 117.042550][ T991] usb 4-1: config 0 descriptor?? [ 117.074409][ T5951] usb 5-1: config 0 descriptor?? [ 117.081299][ T5951] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 117.081325][ T5951] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class) [ 117.115298][ T5866] usb 2-1: selecting invalid altsetting 0 [ 117.119422][ T5866] uvcvideo 2-1:220.0: Found UVC 7.01 device syz (8086:0b07) [ 117.119455][ T5866] uvcvideo 2-1:220.0: No valid video chain found. [ 117.167129][ T5866] usb 2-1: selecting invalid altsetting 0 [ 117.167163][ T5866] usbtest 2-1:220.1: probe with driver usbtest failed with error -22 [ 117.233546][ T5866] usb 2-1: USB disconnect, device number 2 [ 117.753588][ T5951] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 117.754937][ T5951] em28xx 5-1:0.0: Config register raw data: 0xfffffffb [ 118.371164][ T5951] em28xx 5-1:0.0: Unknown AC97 audio processor detected! [ 118.578532][ T5951] em28xx 5-1:0.0: couldn't setup AC97 register 2 [ 118.579595][ T5951] em28xx 5-1:0.0: couldn't setup AC97 register 4 [ 118.581104][ T5951] em28xx 5-1:0.0: couldn't setup AC97 register 6 [ 118.581614][ T5951] em28xx 5-1:0.0: couldn't setup AC97 register 54 [ 118.583050][ T5951] em28xx 5-1:0.0: couldn't setup AC97 register 56 [ 118.630686][ T5951] usb 5-1: USB disconnect, device number 2 [ 118.704759][ T37] audit: type=1804 audit(1760896402.917:2): pid=6199 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.0.85" name="/newroot/17/file0" dev="tmpfs" ino=108 res=1 errno=0 [ 118.894200][ T10] usb 4-1: USB disconnect, device number 2 [ 120.322917][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 121.914616][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 121.946234][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 121.966359][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 122.005345][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 122.037664][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 124.946738][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805c9a5400: rx timeout, send abort [ 125.035159][ T37] audit: type=1326 audit(1760896409.320:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6265 comm="syz.1.107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f972069efc9 code=0x7fc00000 [ 125.447135][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805c9a5400: abort rx timeout. Force session deactivation [ 126.212470][ T37] audit: type=1326 audit(1760896410.490:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6265 comm="syz.1.107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f972069efc9 code=0x7fc00000 [ 127.028212][ T6288] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 127.509347][ T6296] netlink: 12 bytes leftover after parsing attributes in process `syz.0.117'. [ 127.689095][ T6296] 8021q: adding VLAN 0 to HW filter on device bond1 [ 127.881987][ T6304] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 127.883435][ T6304] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 128.101449][ T6290] syz.2.115 (6290) used greatest stack depth: 17864 bytes left [ 132.009299][ C0] vkms_vblank_simulate: vblank timer overrun [ 132.493042][ C0] vkms_vblank_simulate: vblank timer overrun [ 133.045669][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.045764][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.690820][ T6372] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 134.081339][ T6377] af_packet: tpacket_rcv: packet too big, clamped from 42 to 4294967286. macoff=82 [ 136.961073][ T6383] syz.4.147 (6383) used greatest stack depth: 17592 bytes left [ 137.234434][ T6410] netlink: 156 bytes leftover after parsing attributes in process `syz.4.154'. [ 137.344271][ T6412] evm: overlay not supported [ 137.450706][ T37] audit: type=1326 audit(1760896421.726:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6411 comm="syz.0.156" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5c9323efc9 code=0x0 [ 137.646126][ C0] vkms_vblank_simulate: vblank timer overrun [ 137.758321][ C0] vkms_vblank_simulate: vblank timer overrun [ 137.851246][ C0] vkms_vblank_simulate: vblank timer overrun [ 137.948968][ C0] vkms_vblank_simulate: vblank timer overrun [ 138.062813][ C0] vkms_vblank_simulate: vblank timer overrun [ 138.947134][ T6438] Zero length message leads to an empty skb [ 142.881809][ T6503] bond1: Unable to set peer notification delay as MII monitoring is disabled [ 143.129441][ T6503] bond1 (unregistering): Released all slaves [ 144.430436][ T37] audit: type=1800 audit(1760896428.379:6): pid=6509 uid=0 auid=4294967295 ses=4294967295 subj=_ op=set_data cause=unavailable-hash-algorithm comm="syz.3.189" name="/" dev="sockfs" ino=9735 res=0 errno=0 [ 145.998176][ T6532] netlink: 'syz.2.196': attribute type 4 has an invalid length. [ 146.599578][ T9] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 146.774337][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 146.786578][ T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 146.786594][ T9] usb 2-1: config 0 has no interfaces? [ 146.786613][ T9] usb 2-1: New USB device found, idVendor=07c0, idProduct=1125, bcdDevice= 0.00 [ 146.786623][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 146.923029][ T9] usb 2-1: config 0 descriptor?? [ 148.375725][ T6574] netlink: 8 bytes leftover after parsing attributes in process `syz.0.211'. [ 148.561083][ T6574] macvlan0: entered promiscuous mode [ 148.561113][ T6574] macvlan0: entered allmulticast mode [ 148.731513][ T6577] capability: warning: `syz.3.212' uses 32-bit capabilities (legacy support in use) [ 149.232096][ T5887] usb 2-1: USB disconnect, device number 3 [ 150.137707][ T37] audit: type=1326 audit(1760896434.412:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6596 comm="syz.3.216" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23ad39efc9 code=0x7ffc0000 [ 150.137765][ T37] audit: type=1326 audit(1760896434.412:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6596 comm="syz.3.216" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23ad39efc9 code=0x7ffc0000 [ 150.137804][ T37] audit: type=1326 audit(1760896434.412:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6596 comm="syz.3.216" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23ad39efc9 code=0x7ffc0000 [ 150.137842][ T37] audit: type=1326 audit(1760896434.412:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6596 comm="syz.3.216" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23ad39efc9 code=0x7ffc0000 [ 150.137881][ T37] audit: type=1326 audit(1760896434.412:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6596 comm="syz.3.216" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f23ad39efc9 code=0x7ffc0000 [ 150.137920][ T37] audit: type=1326 audit(1760896434.412:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6596 comm="syz.3.216" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23ad39efc9 code=0x7ffc0000 [ 150.180418][ T37] audit: type=1326 audit(1760896434.462:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6596 comm="syz.3.216" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23ad39efc9 code=0x7ffc0000 [ 150.180468][ T37] audit: type=1326 audit(1760896434.462:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6596 comm="syz.3.216" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f23ad39f003 code=0x7ffc0000 [ 150.180507][ T37] audit: type=1326 audit(1760896434.462:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6596 comm="syz.3.216" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23ad39efc9 code=0x7ffc0000 [ 150.180545][ T37] audit: type=1326 audit(1760896434.462:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6596 comm="syz.3.216" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23ad39efc9 code=0x7ffc0000 [ 150.693869][ T6604] netlink: 'syz.0.219': attribute type 12 has an invalid length. [ 151.304961][ T6613] netlink: 8 bytes leftover after parsing attributes in process `syz.4.223'. [ 151.342278][ T6613] netlink: 'syz.4.223': attribute type 12 has an invalid length. [ 151.343506][ T6614] netlink: 'syz.3.222': attribute type 3 has an invalid length. [ 151.345459][ T6614] netlink: 'syz.3.222': attribute type 3 has an invalid length. [ 151.741144][ T6617] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 159.095085][ T6726] fuse: root generation should be zero [ 162.812129][ T6762] delete_channel: no stack [ 165.196395][ T37] kauditd_printk_skb: 33 callbacks suppressed [ 165.196413][ T37] audit: type=1326 audit(1760896449.500:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6782 comm="syz.0.286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c9323efc9 code=0x7ffc0000 [ 165.196455][ T37] audit: type=1326 audit(1760896449.500:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6782 comm="syz.0.286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c9323efc9 code=0x7ffc0000 [ 165.365982][ T37] audit: type=1326 audit(1760896449.670:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6782 comm="syz.0.286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=166 compat=0 ip=0x7f5c9323efc9 code=0x7ffc0000 [ 166.997669][ T6806] overlayfs: failed to clone upperpath [ 169.822601][ T6850] overlayfs: failed to clone upperpath [ 171.561728][ T6870] sctp: [Deprecated]: syz.1.314 (pid 6870) Use of struct sctp_assoc_value in delayed_ack socket option. [ 171.561728][ T6870] Use struct sctp_sack_info instead [ 175.385002][ T6900] syz.4.325 uses obsolete (PF_INET,SOCK_PACKET) [ 176.479057][ T6899] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 181.052224][ T5879] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 181.221546][ T5879] usb 5-1: Using ep0 maxpacket: 32 [ 181.257384][ T5879] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 181.257416][ T5879] usb 5-1: config 0 has no interface number 0 [ 181.257460][ T5879] usb 5-1: config 0 interface 1 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 181.257479][ T5879] usb 5-1: config 0 interface 1 has no altsetting 0 [ 181.287668][ T5879] usb 5-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a [ 181.287697][ T5879] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 181.287715][ T5879] usb 5-1: Product: syz [ 181.287727][ T5879] usb 5-1: Manufacturer: syz [ 181.287740][ T5879] usb 5-1: SerialNumber: syz [ 181.352331][ T5879] usb 5-1: config 0 descriptor?? [ 181.573387][ T5879] cx231xx 5-1:0.1: New device syz syz @ 480 Mbps (0572:58a5) with 1 interfaces [ 181.674530][ T5879] cx231xx 5-1:0.1: Failed to read PCB config [ 181.674621][ T5879] cx231xx 5-1:0.1: probe with driver cx231xx failed with error -71 [ 181.742134][ T5879] usb 5-1: USB disconnect, device number 3 [ 182.163148][ T5879] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 182.394855][ T5879] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 182.394880][ T5879] usb 5-1: config 0 has no interface number 0 [ 182.394925][ T5879] usb 5-1: config 0 interface 1 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 182.394944][ T5879] usb 5-1: config 0 interface 1 has no altsetting 0 [ 182.489479][ T5879] usb 5-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a [ 182.489507][ T5879] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 182.489524][ T5879] usb 5-1: Product: syz [ 182.489536][ T5879] usb 5-1: Manufacturer: syz [ 182.489548][ T5879] usb 5-1: SerialNumber: syz [ 182.613038][ T5879] usb 5-1: config 0 descriptor?? [ 183.173064][ T5879] cx231xx 5-1:0.1: New device syz syz @ 12 Mbps (0572:58a5) with 1 interfaces [ 183.184143][ T5879] cx231xx 5-1:0.1: Identified as Conexant Hybrid TV - RDU253S (card=4) [ 183.295173][ T5879] cx231xx 5-1:0.1: cx231xx_send_gpio_cmd: failed with status --110 [ 183.295669][ T5879] cx231xx 5-1:0.1: cx231xx_send_gpio_cmd: failed with status --32 [ 183.296135][ T5879] cx231xx 5-1:0.1: cx231xx_send_gpio_cmd: failed with status --32 [ 183.296618][ T5879] cx231xx 5-1:0.1: cx231xx_send_gpio_cmd: failed with status --32 [ 183.297788][ T5879] cx231xx 5-1:0.1: cx231xx_send_gpio_cmd: failed with status --32 [ 183.297806][ T5879] cx231xx 5-1:0.1: Failed to set devmode to analog: error: -32 [ 183.623183][ T5879] i2c i2c-2: Added multiplexed i2c bus 4 [ 183.631784][ T5879] i2c i2c-2: Added multiplexed i2c bus 5 [ 183.637555][ T5879] cx231xx 5-1:0.1: cx231xx_dev_init: Failed to set Power - errCode [-71]! [ 183.637576][ T5879] cx231xx 5-1:0.1: cx231xx_init_dev: cx231xx_i2c_register - errCode [-71]! [ 184.623456][ T5879] cx231xx 5-1:0.1: probe with driver cx231xx failed with error -71 [ 184.636254][ T5879] usb 5-1: USB disconnect, device number 4 [ 185.516076][ T6998] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 192.271033][ T7074] netlink: 8 bytes leftover after parsing attributes in process `syz.0.387'. [ 192.271057][ T7074] netlink: 4 bytes leftover after parsing attributes in process `syz.0.387'. [ 192.354002][ T1335] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 192.356694][ T7074] netlink: 8 bytes leftover after parsing attributes in process `syz.0.387'. [ 192.356720][ T7074] netlink: 4 bytes leftover after parsing attributes in process `syz.0.387'. [ 192.363227][ T1335] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 192.363272][ T1335] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 192.363305][ T1335] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 192.578507][ T7076] fuse: Invalid rootmode [ 193.256629][ T7087] netlink: 8 bytes leftover after parsing attributes in process `syz.1.382'. [ 193.548190][ T7087] macvlan0: entered promiscuous mode [ 193.548217][ T7087] macvlan0: entered allmulticast mode [ 194.339057][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.339100][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.115193][ T7116] serio: Serial port ptm0 [ 197.397631][ T7154] serio: Serial port ptm0 [ 200.343088][ T37] audit: type=1326 audit(1760896484.627:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7178 comm="syz.0.418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c9323efc9 code=0x7ffc0000 [ 200.343138][ T37] audit: type=1326 audit(1760896484.657:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7178 comm="syz.0.418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c9323efc9 code=0x7ffc0000 [ 200.347669][ T37] audit: type=1326 audit(1760896484.667:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7178 comm="syz.0.418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f5c9323efc9 code=0x7ffc0000 [ 200.347705][ T37] audit: type=1326 audit(1760896484.667:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7178 comm="syz.0.418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c9323efc9 code=0x7ffc0000 [ 200.378459][ T37] audit: type=1326 audit(1760896484.667:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7178 comm="syz.0.418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c9323efc9 code=0x7ffc0000 [ 200.378516][ T37] audit: type=1326 audit(1760896484.697:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7178 comm="syz.0.418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f5c9323efc9 code=0x7ffc0000 [ 200.378553][ T37] audit: type=1326 audit(1760896484.697:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7178 comm="syz.0.418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c9323efc9 code=0x7ffc0000 [ 200.378589][ T37] audit: type=1326 audit(1760896484.697:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7178 comm="syz.0.418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f5c9323efc9 code=0x7ffc0000 [ 200.378625][ T37] audit: type=1326 audit(1760896484.697:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7178 comm="syz.0.418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c9323efc9 code=0x7ffc0000 [ 200.378662][ T37] audit: type=1326 audit(1760896484.697:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7178 comm="syz.0.418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f5c9323efc9 code=0x7ffc0000 [ 201.600778][ T7196] netlink: 'syz.0.423': attribute type 10 has an invalid length. [ 201.674726][ T7197] netlink: 'syz.0.423': attribute type 10 has an invalid length. [ 201.674741][ T7197] netlink: 40 bytes leftover after parsing attributes in process `syz.0.423'. [ 201.780993][ T7196] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 201.788249][ T7196] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 201.799552][ T7197] batadv0: entered promiscuous mode [ 201.799579][ T7197] batadv0: entered allmulticast mode [ 201.882595][ T7197] bond0: (slave batadv0): Releasing backup interface [ 201.928280][ T7197] bridge0: port 3(batadv0) entered blocking state [ 201.928580][ T7197] bridge0: port 3(batadv0) entered disabled state [ 202.401805][ T2213] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 202.401817][ T2213] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 202.832596][ T7212] tipc: Failed to remove unknown binding: 66,1,1/0:31332629/31332631 [ 202.973362][ T7212] tipc: Failed to remove unknown binding: 66,1,1/0:31332629/31332631 [ 202.973399][ T7212] tipc: Failed to remove unknown binding: 66,1,1/0:31332629/31332631 [ 203.782384][ T7226] netlink: 4 bytes leftover after parsing attributes in process `syz.0.435'. [ 205.766144][ T37] kauditd_printk_skb: 35 callbacks suppressed [ 205.766161][ T37] audit: type=1326 audit(1760896490.090:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7253 comm="syz.1.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f972069efc9 code=0x7ffc0000 [ 205.769374][ T37] audit: type=1326 audit(1760896490.090:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7253 comm="syz.1.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f972069efc9 code=0x7ffc0000 [ 205.832444][ T37] audit: type=1326 audit(1760896490.150:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7253 comm="syz.1.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f972069efc9 code=0x7ffc0000 [ 205.832739][ T37] audit: type=1326 audit(1760896490.150:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7253 comm="syz.1.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f972069efc9 code=0x7ffc0000 [ 205.833131][ T37] audit: type=1326 audit(1760896490.150:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7253 comm="syz.1.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f972069efc9 code=0x7ffc0000 [ 205.834587][ T37] audit: type=1326 audit(1760896490.150:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7253 comm="syz.1.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f972069efc9 code=0x7ffc0000 [ 205.873637][ T7255] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 205.936922][ T37] audit: type=1326 audit(1760896490.150:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7253 comm="syz.1.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f972069efc9 code=0x7ffc0000 [ 205.936970][ T37] audit: type=1326 audit(1760896490.260:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7253 comm="syz.1.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f972069efc9 code=0x7ffc0000 [ 205.965680][ T37] audit: type=1326 audit(1760896490.290:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7253 comm="syz.1.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f972069efc9 code=0x7ffc0000 [ 206.662756][ T7270] Driver unsupported XDP return value 0 on prog (id 97) dev N/A, expect packet loss! [ 207.500473][ T7302] netlink: 'syz.4.461': attribute type 7 has an invalid length. [ 207.500488][ T7302] netlink: 781 bytes leftover after parsing attributes in process `syz.4.461'. [ 207.500497][ T7302] netlink: 130080 bytes leftover after parsing attributes in process `syz.4.461'. [ 207.500515][ T7302] netlink: 'syz.4.461': attribute type 7 has an invalid length. [ 207.500522][ T7302] netlink: 781 bytes leftover after parsing attributes in process `syz.4.461'. [ 207.897860][ T7306] syzkaller0: entered promiscuous mode [ 207.897884][ T7306] syzkaller0: entered allmulticast mode [ 208.489157][ T7317] netlink: 'syz.0.467': attribute type 3 has an invalid length. [ 211.171113][ T7366] process 'syz.3.482' launched './file0' with NULL argv: empty string added [ 211.240432][ T7358] netlink: 8 bytes leftover after parsing attributes in process `syz.4.480'. [ 211.392070][ T7374] binder: BINDER_SET_CONTEXT_MGR already set [ 211.392085][ T7374] binder: 7373:7374 ioctl 4018620d 200000000240 returned -16 [ 211.395732][ T7374] binder: BINDER_SET_CONTEXT_MGR already set [ 211.395746][ T7374] binder: 7373:7374 ioctl 4018620d 200000004a80 returned -16 [ 211.790543][ T7343] Bluetooth: hci1: command 0x0406 tx timeout [ 211.790582][ T7343] Bluetooth: hci3: command 0x0406 tx timeout [ 211.790605][ T7343] Bluetooth: hci4: command 0x0406 tx timeout [ 211.790628][ T7343] Bluetooth: hci2: command 0x0406 tx timeout [ 211.790649][ T7343] Bluetooth: hci0: command 0x0406 tx timeout [ 211.884233][ T7378] ======================================================= [ 211.884233][ T7378] WARNING: The mand mount option has been deprecated and [ 211.884233][ T7378] and is ignored by this kernel. Remove the mand [ 211.884233][ T7378] option from the mount to silence this warning. [ 211.884233][ T7378] ======================================================= [ 212.608695][ T7391] netlink: 'syz.0.491': attribute type 4 has an invalid length. [ 212.673077][ T7397] netlink: 'syz.0.491': attribute type 4 has an invalid length. [ 215.040237][ T7430] netlink: 'syz.0.500': attribute type 1 has an invalid length. [ 215.259043][ T7430] 8021q: adding VLAN 0 to HW filter on device bond2 [ 215.353513][ T7434] bond2: (slave ip6gretap1): making interface the new active one [ 215.356191][ T7434] bond2: (slave ip6gretap1): Enslaving as an active interface with an up link [ 215.486740][ T7436] veth3: entered promiscuous mode [ 215.493165][ T7436] bond2: (slave veth3): Enslaving as an active interface with a down link [ 215.756932][ T7440] overlayfs: failed to clone upperpath [ 219.159462][ T7478] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 220.088364][ T7499] netlink: 'syz.0.519': attribute type 1 has an invalid length. [ 220.495287][ T7499] 8021q: adding VLAN 0 to HW filter on device bond3 [ 220.684316][ T7504] bond3: (slave gretap1): making interface the new active one [ 220.695808][ T7504] bond3: (slave gretap1): Enslaving as an active interface with an up link [ 221.033957][ T7513] netlink: 8 bytes leftover after parsing attributes in process `syz.1.522'. [ 221.033989][ T7513] netlink: 56 bytes leftover after parsing attributes in process `syz.1.522'. [ 221.076700][ T7513] geneve2: entered promiscuous mode [ 221.076724][ T7513] geneve2: entered allmulticast mode [ 221.589602][ T37] audit: type=1326 audit(1760896505.918:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7516 comm="syz.2.525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f17fbefc9 code=0x7ffc0000 [ 221.663963][ T37] audit: type=1326 audit(1760896505.948:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7516 comm="syz.2.525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f17fbefc9 code=0x7ffc0000 [ 221.882522][ T7526] binder: BINDER_SET_CONTEXT_MGR already set [ 221.882538][ T7526] binder: 7525:7526 ioctl 4018620d 2000000000c0 returned -16 [ 221.885549][ T7524] netlink: 48 bytes leftover after parsing attributes in process `syz.1.527'. [ 221.888475][ T7526] binder: BINDER_SET_CONTEXT_MGR already set [ 221.888487][ T7526] binder: 7525:7526 ioctl 4018620d 200000000040 returned -16 [ 222.261923][ T7539] syz.0.533 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 222.797053][ T7556] overlayfs: failed to clone upperpath [ 223.355129][ T7565] futex_wake_op: syz.2.542 tries to shift op by -1; fix this program [ 226.296584][ T7588] bridge0: entered promiscuous mode [ 226.296899][ T7588] vlan2: entered promiscuous mode [ 227.780436][ T7595] syz.4.551 (7595) used greatest stack depth: 15704 bytes left [ 229.667014][ T7618] netlink: 4 bytes leftover after parsing attributes in process `syz.2.558'. [ 230.849913][ T37] audit: type=1326 audit(1760896515.183:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7627 comm="syz.0.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c9323efc9 code=0x7ffc0000 [ 230.849961][ T37] audit: type=1326 audit(1760896515.183:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7627 comm="syz.0.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7f5c9323efc9 code=0x7ffc0000 [ 230.849999][ T37] audit: type=1326 audit(1760896515.183:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7627 comm="syz.0.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c9323efc9 code=0x7ffc0000 [ 230.850409][ T37] audit: type=1326 audit(1760896515.183:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7627 comm="syz.0.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=294 compat=0 ip=0x7f5c9323efc9 code=0x7ffc0000 [ 230.853463][ T37] audit: type=1326 audit(1760896515.183:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7627 comm="syz.0.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c9323efc9 code=0x7ffc0000 [ 230.853510][ T37] audit: type=1326 audit(1760896515.183:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7627 comm="syz.0.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c9323efc9 code=0x7ffc0000 [ 230.853549][ T37] audit: type=1326 audit(1760896515.183:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7627 comm="syz.0.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=254 compat=0 ip=0x7f5c9323efc9 code=0x7ffc0000 [ 230.853588][ T37] audit: type=1326 audit(1760896515.183:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7627 comm="syz.0.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c9323efc9 code=0x7ffc0000 [ 230.853626][ T37] audit: type=1326 audit(1760896515.183:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7627 comm="syz.0.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c9323efc9 code=0x7ffc0000 [ 230.853663][ T37] audit: type=1326 audit(1760896515.183:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7627 comm="syz.0.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7f5c9323efc9 code=0x7ffc0000 [ 231.161241][ T7636] binder: 7635:7636 unknown command 0 [ 231.161264][ T7636] binder: 7635:7636 ioctl c0306201 200000000080 returned -22 [ 231.200863][ T7636] binder: 7635:7636 ioctl c0306201 200000000300 returned -14 [ 231.270446][ T7638] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 231.369570][ T5866] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 231.369610][ T5866] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 231.374677][ T2371] wlan1: authenticated [ 231.378474][ T7638] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 231.428192][ T2371] wlan1: associate with 08:02:11:00:00:00 (try 1/3) [ 231.448477][ T2371] wlan1: RX AssocResp from 08:02:11:00:00:00 (capab=0x1 status=0 aid=1) [ 231.448789][ T2371] wlan1: associated [ 231.454721][ T7638] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 235.478895][ T7672] overlayfs: failed to clone upperpath [ 236.016309][ T991] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 236.178369][ T991] usb 4-1: Using ep0 maxpacket: 8 [ 236.182926][ T991] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 236.182949][ T991] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 236.211695][ T991] usb 4-1: New USB device found, idVendor=22b8, idProduct=6425, bcdDevice=d3.6c [ 236.211722][ T991] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 236.211739][ T991] usb 4-1: Product: syz [ 236.211751][ T991] usb 4-1: Manufacturer: syz [ 236.211764][ T991] usb 4-1: SerialNumber: syz [ 236.267582][ T991] usb 4-1: config 0 descriptor?? [ 237.046715][ T5887] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 237.207139][ T5887] usb 5-1: Using ep0 maxpacket: 16 [ 237.209891][ T5887] usb 5-1: config 0 has no interfaces? [ 237.209927][ T5887] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 237.209948][ T5887] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 237.237072][ T5887] usb 5-1: config 0 descriptor?? [ 237.511164][ T5887] usb 5-1: USB disconnect, device number 5 [ 239.884145][ C1] vkms_vblank_simulate: vblank timer overrun [ 240.085933][ C1] vkms_vblank_simulate: vblank timer overrun [ 240.484680][ C1] vkms_vblank_simulate: vblank timer overrun [ 240.526277][ C1] vkms_vblank_simulate: vblank timer overrun [ 240.828245][ C1] vkms_vblank_simulate: vblank timer overrun [ 240.910262][ T5887] usb 4-1: USB disconnect, device number 3 [ 241.030512][ C1] vkms_vblank_simulate: vblank timer overrun [ 241.723685][ T5887] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 241.891975][ T5887] usb 4-1: Using ep0 maxpacket: 32 [ 241.896656][ T5887] usb 4-1: config 0 has an invalid interface number: 184 but max is 0 [ 241.896679][ T5887] usb 4-1: config 0 has no interface number 0 [ 241.896706][ T5887] usb 4-1: config 0 interface 184 has no altsetting 0 [ 241.901013][ T5887] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 241.901137][ T5887] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 241.901155][ T5887] usb 4-1: Product: syz [ 241.901167][ T5887] usb 4-1: Manufacturer: syz [ 241.901179][ T5887] usb 4-1: SerialNumber: syz [ 242.092889][ T5887] usb 4-1: config 0 descriptor?? [ 242.129548][ T5887] smsc75xx v1.0.0 [ 242.129570][ T5887] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 242.130583][ T5887] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -22 [ 244.354265][ C1] vkms_vblank_simulate: vblank timer overrun [ 244.724475][ T5866] usb 4-1: USB disconnect, device number 4 [ 249.549237][ T61] block nbd0: Receive control failed (result -32) [ 249.727863][ T7821] nbd0: detected capacity change from 0 to 127 [ 249.734696][ T7825] netlink: 124 bytes leftover after parsing attributes in process `syz.3.608'. [ 249.734730][ T7825] nbd: couldn't find a device at index 768 [ 249.773576][ T6395] block nbd0: Dead connection, failed to find a fallback [ 249.773601][ T6395] block nbd0: shutting down sockets [ 249.773718][ T6395] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 249.773826][ T6395] Buffer I/O error on dev nbd0, logical block 0, async page read [ 249.774168][ T6395] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 249.774189][ T6395] Buffer I/O error on dev nbd0, logical block 1, async page read [ 249.776137][ T6395] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 249.776162][ T6395] Buffer I/O error on dev nbd0, logical block 2, async page read [ 249.776296][ T6395] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 249.776315][ T6395] Buffer I/O error on dev nbd0, logical block 3, async page read [ 249.776471][ T6395] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 249.776492][ T6395] Buffer I/O error on dev nbd0, logical block 0, async page read [ 249.776645][ T6395] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 249.776666][ T6395] Buffer I/O error on dev nbd0, logical block 1, async page read [ 249.776808][ T6395] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 249.776828][ T6395] Buffer I/O error on dev nbd0, logical block 2, async page read [ 249.777000][ T6395] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 249.777020][ T6395] Buffer I/O error on dev nbd0, logical block 3, async page read [ 249.777259][ T6395] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 249.777279][ T6395] Buffer I/O error on dev nbd0, logical block 0, async page read [ 249.777424][ T6395] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 249.777444][ T6395] Buffer I/O error on dev nbd0, logical block 1, async page read [ 249.989212][ T6395] ldm_validate_partition_table(): Disk read failed. [ 249.991613][ T6395] Dev nbd0: unable to read RDB block 0 [ 249.994734][ T6395] nbd0: unable to read partition table [ 250.589625][ T6395] ldm_validate_partition_table(): Disk read failed. [ 250.590866][ T6395] Dev nbd0: unable to read RDB block 0 [ 250.612343][ T6395] nbd0: unable to read partition table [ 250.634092][ T7838] 9pnet_fd: Insufficient options for proto=fd [ 250.726646][ T7845] overlayfs: failed to clone upperpath [ 252.624669][ T7860] binder_alloc: 7859: binder_alloc_buf size 1024 failed, no address space [ 252.624838][ T7860] binder_alloc: allocated: 12280 (num: 1 largest: 12280), free: 8 (num: 1 largest: 8) [ 255.876055][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.876124][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 262.437234][ T7934] cgroup: fork rejected by pids controller in /syz4 [ 265.209074][ T7970] netlink: 12 bytes leftover after parsing attributes in process `syz.1.653'. [ 265.363299][ T7960] syz.0.650 (7960) used greatest stack depth: 15464 bytes left [ 266.427581][ T7991] overlayfs: failed to clone upperpath [ 266.887744][ T7997] bond1: entered promiscuous mode [ 266.926618][ T8000] bond_slave_0: entered promiscuous mode [ 266.926671][ T8000] bond_slave_1: entered promiscuous mode [ 266.927186][ T8000] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 266.928727][ T8000] bond1: (slave macvlan2): making interface the new active one [ 266.928739][ T8000] macvlan2: entered promiscuous mode [ 266.928745][ T8000] bond0: entered promiscuous mode [ 267.025818][ T8000] bond1: (slave macvlan2): Enslaving as an active interface with an up link [ 269.171520][ T991] libceph: connect (1)[c::]:6789 error -101 [ 269.172183][ T991] libceph: mon0 (1)[c::]:6789 connect error [ 269.262642][ T8014] ceph: No mds server is up or the cluster is laggy [ 269.746435][ T8028] netlink: 'syz.2.670': attribute type 10 has an invalid length. [ 269.868193][ T8029] netlink: 'syz.2.670': attribute type 10 has an invalid length. [ 269.868213][ T8029] netlink: 40 bytes leftover after parsing attributes in process `syz.2.670'. [ 270.293834][ T8028] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 270.310215][ T8028] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 270.310330][ T8029] batadv0: entered promiscuous mode [ 270.310341][ T8029] batadv0: entered allmulticast mode [ 270.376971][ T8029] bond0: (slave batadv0): Releasing backup interface [ 270.466509][ T8029] bridge0: port 3(batadv0) entered blocking state [ 270.466650][ T8029] bridge0: port 3(batadv0) entered disabled state [ 270.567778][ T3670] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 270.567796][ T3670] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 271.232533][ T5815] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 271.249741][ T5815] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 271.254089][ T5815] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 271.268997][ T13] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 271.343840][ T5815] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 271.345331][ T5815] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 271.820205][ T8041] bridge0: port 3(gretap0) entered blocking state [ 271.820365][ T8041] bridge0: port 3(gretap0) entered disabled state [ 271.821241][ T8041] gretap0: entered allmulticast mode [ 271.858238][ T8041] gretap0: entered promiscuous mode [ 271.947809][ T8041] bridge0: port 3(gretap0) entered blocking state [ 271.947978][ T8041] bridge0: port 3(gretap0) entered forwarding state [ 272.467731][ T13] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 273.170149][ T8044] gretap0: left allmulticast mode [ 273.170178][ T8044] gretap0: left promiscuous mode [ 273.173186][ T8044] bridge0: port 3(gretap0) entered disabled state [ 273.497084][ T5815] Bluetooth: hci1: command tx timeout [ 273.764016][ T13] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 274.870284][ T13] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 275.580202][ T5815] Bluetooth: hci1: command tx timeout [ 276.152423][ T8038] chnl_net:caif_netlink_parms(): no params data found [ 276.467992][ T13] bridge_slave_1: left allmulticast mode [ 276.468187][ T13] bridge_slave_1: left promiscuous mode [ 276.482574][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 276.675715][ T13] bridge_slave_0: left allmulticast mode [ 276.675742][ T13] bridge_slave_0: left promiscuous mode [ 276.675898][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 277.677805][ T5815] Bluetooth: hci1: command tx timeout [ 278.055234][ T8111] netlink: 296 bytes leftover after parsing attributes in process `syz.2.692'. [ 279.889826][ T5815] Bluetooth: hci1: command tx timeout [ 280.852581][ T10] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 281.042158][ T10] usb 4-1: Using ep0 maxpacket: 32 [ 281.059407][ T10] usb 4-1: config 0 has an invalid interface number: 184 but max is 0 [ 281.059424][ T10] usb 4-1: config 0 has no interface number 0 [ 281.059452][ T10] usb 4-1: config 0 interface 184 has no altsetting 0 [ 281.089967][ T10] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 281.089992][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 281.090001][ T10] usb 4-1: Product: syz [ 281.090008][ T10] usb 4-1: Manufacturer: syz [ 281.090015][ T10] usb 4-1: SerialNumber: syz [ 281.125895][ T10] usb 4-1: config 0 descriptor?? [ 281.131589][ T10] smsc75xx v1.0.0 [ 281.751536][ T10] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 281.751566][ T10] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 281.803228][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 281.862547][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 281.896184][ T13] bond0 (unregistering): Released all slaves [ 282.076303][ T8124] v: renamed from vlan0 (while UP) [ 283.711803][ T8152] bridge: RTM_NEWNEIGH with invalid ether address [ 283.843759][ T10] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 283.843792][ T10] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 283.843809][ T10] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 283.844101][ T10] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -71 [ 283.906478][ T10] usb 4-1: USB disconnect, device number 5 [ 284.166716][ T8159] ip6gre1: entered allmulticast mode [ 284.189448][ T37] kauditd_printk_skb: 6 callbacks suppressed [ 284.189465][ T37] audit: type=1326 audit(1760896568.549:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8164 comm="syz.1.711" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f972069efc9 code=0x0 [ 284.310250][ T8168] mmap: syz.1.711 (8168) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 285.174037][ T8038] bridge0: port 1(bridge_slave_0) entered blocking state [ 285.174169][ T8038] bridge0: port 1(bridge_slave_0) entered disabled state [ 285.174397][ T8038] bridge_slave_0: entered allmulticast mode [ 285.177278][ T8038] bridge_slave_0: entered promiscuous mode [ 285.253742][ T8038] bridge0: port 2(bridge_slave_1) entered blocking state [ 285.253918][ T8038] bridge0: port 2(bridge_slave_1) entered disabled state [ 285.254207][ T8038] bridge_slave_1: entered allmulticast mode [ 285.257089][ T8176] futex_wake_op: syz.3.715 tries to shift op by 32; fix this program [ 285.263064][ T8038] bridge_slave_1: entered promiscuous mode [ 285.264596][ T8179] syz_tun: entered allmulticast mode [ 285.319417][ T8179] netlink: 4 bytes leftover after parsing attributes in process `syz.1.716'. [ 285.512205][ T13] hsr_slave_0: left promiscuous mode [ 285.550000][ T13] hsr_slave_1: left promiscuous mode [ 285.553665][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 285.553843][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 285.615659][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 285.615685][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 286.246624][ T13] veth1_macvtap: left promiscuous mode [ 286.246987][ T13] veth0_macvtap: left promiscuous mode [ 286.247306][ T13] veth1_vlan: left promiscuous mode [ 286.286563][ T13] veth0_vlan: left promiscuous mode [ 288.770294][ T8227] netlink: 'syz.3.726': attribute type 4 has an invalid length. [ 288.822418][ T8228] netlink: 'syz.3.726': attribute type 4 has an invalid length. [ 290.827784][ T13] team0 (unregistering): Port device team_slave_1 removed [ 291.140099][ T13] team0 (unregistering): Port device team_slave_0 removed [ 292.174913][ T8240] binder: 8239:8240 ioctl c0306201 200000000640 returned -14 [ 296.144161][ T8179] syz_tun (unregistering): left allmulticast mode [ 296.298302][ T8217] lo: entered allmulticast mode [ 296.299139][ T8217] tunl0: entered allmulticast mode [ 296.302829][ T8217] gre0: entered allmulticast mode [ 296.335798][ T8217] gretap0: entered allmulticast mode [ 296.379498][ T8217] erspan0: entered allmulticast mode [ 296.382590][ T8217] ip_vti0: entered allmulticast mode [ 296.395946][ T8217] ip6_vti0: entered allmulticast mode [ 296.398834][ T8217] sit0: entered allmulticast mode [ 296.402819][ T8217] ip6tnl0: entered allmulticast mode [ 296.426977][ T8217] ip6gre0: entered allmulticast mode [ 296.455184][ T8217] syz_tun: entered allmulticast mode [ 296.499827][ T8217] ip6gretap0: entered allmulticast mode [ 296.503985][ T8217] bridge0: port 2(bridge_slave_1) entered disabled state [ 296.529599][ T8217] bridge0: port 1(bridge_slave_0) entered disabled state [ 296.532465][ T8217] bridge0: entered allmulticast mode [ 296.550164][ T8217] vcan0: entered allmulticast mode [ 296.578977][ T8217] bond0: entered allmulticast mode [ 296.579002][ T8217] bond_slave_0: entered allmulticast mode [ 296.579012][ T8217] bond_slave_1: entered allmulticast mode [ 296.606337][ T8217] team0: entered allmulticast mode [ 296.606358][ T8217] team_slave_0: entered allmulticast mode [ 296.606375][ T8217] team_slave_1: entered allmulticast mode [ 296.606390][ T8217] geneve0: entered allmulticast mode [ 296.611315][ T8217] dummy0: entered allmulticast mode [ 296.687217][ T8217] nlmon0: entered allmulticast mode [ 296.689597][ T8217] caif0: entered allmulticast mode [ 296.690551][ T8217] veth0: entered allmulticast mode [ 296.697610][ T8217] veth1: entered allmulticast mode [ 296.824648][ T8217] wg0: entered allmulticast mode [ 296.925075][ T8217] wg1: entered allmulticast mode [ 297.014411][ T8217] wg2: entered allmulticast mode [ 297.018897][ T8217] veth0_to_bridge: entered allmulticast mode [ 297.027187][ T8217] veth1_to_bridge: entered allmulticast mode [ 297.040240][ T8217] veth0_to_bond: entered allmulticast mode [ 297.049605][ T8217] veth1_to_bond: entered allmulticast mode [ 297.062500][ T8217] veth0_to_team: entered allmulticast mode [ 297.077725][ T8217] veth1_to_team: entered allmulticast mode [ 297.087449][ T8217] veth0_to_batadv: entered allmulticast mode [ 297.091936][ T8217] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 297.092622][ T8217] batadv_slave_0: entered allmulticast mode [ 297.101322][ T8217] veth1_to_batadv: entered allmulticast mode [ 297.107790][ T8217] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 297.108589][ T8217] batadv_slave_1: entered allmulticast mode [ 297.113518][ T8217] xfrm0: entered allmulticast mode [ 297.131859][ T8217] veth0_to_hsr: entered allmulticast mode [ 297.137128][ T8217] hsr_slave_0: entered allmulticast mode [ 297.140795][ T8217] veth1_to_hsr: entered allmulticast mode [ 297.146175][ T8217] hsr_slave_1: entered allmulticast mode [ 297.167092][ T8217] hsr0: entered allmulticast mode [ 297.196132][ T8217] veth1_virt_wifi: entered allmulticast mode [ 297.198991][ T8217] veth0_virt_wifi: entered allmulticast mode [ 297.201258][ T8217] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 297.201884][ T8217] veth1_vlan: entered allmulticast mode [ 297.205334][ T8217] veth0_vlan: entered allmulticast mode [ 297.230686][ T8217] vlan0: entered allmulticast mode [ 297.230873][ T8217] vlan1: entered allmulticast mode [ 297.265772][ T8217] macvlan0: entered allmulticast mode [ 297.304088][ T8217] macvlan1: entered allmulticast mode [ 297.309665][ T8217] ipvlan0: entered allmulticast mode [ 297.309861][ T8217] ipvlan1: entered allmulticast mode [ 297.331290][ T8217] veth1_macvtap: entered allmulticast mode [ 297.342573][ T8217] veth0_macvtap: entered allmulticast mode [ 297.414115][ T8217] macvtap0: entered allmulticast mode [ 297.417564][ T8217] macsec0: entered allmulticast mode [ 297.584200][ T8217] geneve1: entered allmulticast mode [ 297.674988][ T8217] netdevsim netdevsim2 netdevsim0: entered allmulticast mode [ 297.764101][ T8217] netdevsim netdevsim2 netdevsim1: entered allmulticast mode [ 297.843961][ T8217] netdevsim netdevsim2 netdevsim2: entered allmulticast mode [ 297.904073][ T8217] netdevsim netdevsim2 netdevsim3: entered allmulticast mode [ 298.037415][ T8217] mac80211_hwsim hwsim8 wlan0: entered allmulticast mode [ 298.170682][ T8217] mac80211_hwsim hwsim9 wlan1: entered allmulticast mode [ 298.177473][ T8217] gre1: entered allmulticast mode [ 298.485654][ C1] vkms_vblank_simulate: vblank timer overrun [ 298.542755][ T6911] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 298.897377][ C1] vkms_vblank_simulate: vblank timer overrun [ 299.272767][ C1] vkms_vblank_simulate: vblank timer overrun [ 299.380989][ T8038] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 299.436880][ C1] vkms_vblank_simulate: vblank timer overrun [ 299.456441][ T6911] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 299.482428][ C1] vkms_vblank_simulate: vblank timer overrun [ 299.550477][ T8038] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 299.552878][ T6911] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 299.892964][ C1] vkms_vblank_simulate: vblank timer overrun [ 300.016251][ C1] vkms_vblank_simulate: vblank timer overrun [ 300.953652][ C1] vkms_vblank_simulate: vblank timer overrun [ 300.985057][ C1] vkms_vblank_simulate: vblank timer overrun [ 301.075887][ C1] vkms_vblank_simulate: vblank timer overrun [ 301.162017][ T6911] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 301.518972][ T8038] team0: Port device team_slave_0 added [ 301.531371][ T8038] team0: Port device team_slave_1 added [ 301.951344][ T8038] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 301.951356][ T8038] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 301.951369][ T8038] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 301.967522][ T8038] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 301.967537][ T8038] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 301.967666][ T8038] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 302.702042][ T8312] overlayfs: failed to clone upperpath [ 303.411901][ T8038] hsr_slave_0: entered promiscuous mode [ 303.418026][ T8038] hsr_slave_1: entered promiscuous mode [ 304.072341][ T8324] netlink: 60 bytes leftover after parsing attributes in process `syz.0.755'. [ 307.224787][ T8390] netlink: 24 bytes leftover after parsing attributes in process `syz.2.767'. [ 310.652780][ T8427] vlan2: entered promiscuous mode [ 310.652803][ T8427] gretap0: entered promiscuous mode [ 310.754962][ T8038] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 310.915430][ T8424] vlan2: left promiscuous mode [ 310.915450][ T8424] gretap0: left promiscuous mode [ 310.953635][ T8038] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 311.209833][ T8038] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 311.257149][ T8038] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 312.055263][ T8038] 8021q: adding VLAN 0 to HW filter on device bond0 [ 312.092946][ T8038] 8021q: adding VLAN 0 to HW filter on device team0 [ 312.102587][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 312.102880][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 312.163737][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 312.163925][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 315.823754][ T8038] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 316.012745][ T37] audit: type=1326 audit(1760896600.385:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8502 comm="syz.2.792" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6f17fbefc9 code=0x0 [ 317.171148][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.171223][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.248933][ T8038] veth0_vlan: entered promiscuous mode [ 318.267734][ T8038] veth1_vlan: entered promiscuous mode [ 318.380577][ T8038] veth0_macvtap: entered promiscuous mode [ 318.461145][ T8038] veth1_macvtap: entered promiscuous mode [ 318.568005][ T8038] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 318.675109][ T8038] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 318.762521][ T85] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 318.818186][ T85] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 318.819282][ T85] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 318.819344][ T85] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 319.619264][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 319.619284][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 319.758411][ T2213] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 319.758432][ T2213] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 321.071207][ T8584] netlink: 56 bytes leftover after parsing attributes in process `syz.2.806'. [ 321.943110][ T8575] ptrace attach of "./syz-executor exec"[5800] was attempted by "./syz-executor exec"[8575] [ 323.283621][ T5815] Bluetooth: hci3: unexpected event for opcode 0x2035 [ 327.702432][ T5815] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 327.702602][ T5815] Bluetooth: hci3: Injecting HCI hardware error event [ 327.751334][ T61] Bluetooth: hci3: hardware error 0x00 [ 328.101633][ T8645] netlink: 4 bytes leftover after parsing attributes in process `syz.0.824'. [ 328.101758][ T8645] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 330.027660][ T61] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 330.069869][ T8645] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 331.700040][ T8665] syz_tun: entered allmulticast mode [ 331.700705][ T8665] syz_tun: left allmulticast mode [ 335.359192][ T61] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 335.359227][ T61] CPU: 1 UID: 0 PID: 61 Comm: kworker/u9:0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 335.359240][ T61] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 335.359247][ T61] Workqueue: hci2 hci_rx_work [ 335.359273][ T61] Call Trace: [ 335.359280][ T61] [ 335.359285][ T61] dump_stack_lvl+0x189/0x250 [ 335.359301][ T61] ? __pfx_dump_stack_lvl+0x10/0x10 [ 335.359314][ T61] ? __pfx__printk+0x10/0x10 [ 335.359329][ T61] ? kernfs_path_from_node+0x2c/0x280 [ 335.359342][ T61] ? kernfs_path_from_node+0x243/0x280 [ 335.359353][ T61] ? kernfs_path_from_node+0x2c/0x280 [ 335.359367][ T61] sysfs_create_dir_ns+0x259/0x280 [ 335.359381][ T61] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 335.359393][ T61] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 335.359408][ T61] ? rt_spin_unlock+0x161/0x200 [ 335.359421][ T61] kobject_add_internal+0x5a5/0xb50 [ 335.359436][ T61] kobject_add+0x155/0x220 [ 335.359450][ T61] ? __pfx_kobject_add+0x10/0x10 [ 335.359464][ T61] ? get_device_parent+0x370/0x3a0 [ 335.359478][ T61] device_add+0x408/0xb50 [ 335.359492][ T61] hci_conn_add_sysfs+0xd5/0x1e0 [ 335.359506][ T61] le_conn_complete_evt+0xf39/0x1500 [ 335.359529][ T61] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 335.359544][ T61] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 335.359565][ T61] ? lockdep_hardirqs_on+0x9c/0x150 [ 335.359583][ T61] ? skb_pull_data+0xfb/0x200 [ 335.359597][ T61] hci_le_conn_complete_evt+0x187/0x450 [ 335.359616][ T61] hci_event_packet+0x78f/0x1200 [ 335.359630][ T61] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 335.359645][ T61] ? __pfx_hci_event_packet+0x10/0x10 [ 335.359663][ T61] ? hci_send_to_monitor+0xe2/0x570 [ 335.359674][ T61] hci_rx_work+0x46a/0xe80 [ 335.359690][ T61] ? process_scheduled_works+0x9ef/0x17b0 [ 335.359706][ T61] process_scheduled_works+0xae1/0x17b0 [ 335.359736][ T61] ? __pfx_process_scheduled_works+0x10/0x10 [ 335.359759][ T61] worker_thread+0x8a0/0xda0 [ 335.359783][ T61] kthread+0x711/0x8a0 [ 335.359795][ T61] ? __pfx_worker_thread+0x10/0x10 [ 335.359804][ T61] ? __pfx_kthread+0x10/0x10 [ 335.359813][ T61] ? rt_spin_unlock+0x150/0x200 [ 335.359827][ T61] ? rt_spin_unlock+0x161/0x200 [ 335.359837][ T61] ? __pfx_kthread+0x10/0x10 [ 335.359848][ T61] ret_from_fork+0x4bc/0x870 [ 335.359863][ T61] ? __pfx_ret_from_fork+0x10/0x10 [ 335.359881][ T61] ? __switch_to_asm+0x39/0x70 [ 335.359892][ T61] ? __switch_to_asm+0x33/0x70 [ 335.359902][ T61] ? __pfx_kthread+0x10/0x10 [ 335.359913][ T61] ret_from_fork_asm+0x1a/0x30 [ 335.359935][ T61] [ 335.359953][ T61] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 335.359976][ T61] Bluetooth: hci2: failed to register connection device [ 348.445855][ T8818] macvlan2: entered allmulticast mode [ 348.447041][ T8818] team0: Port device macvlan2 added [ 350.759820][ T8848] tipc: Started in network mode [ 350.759839][ T8848] tipc: Node identity 4, cluster identity 4711 [ 350.759850][ T8848] tipc: Node number set to 4 [ 353.946140][ T8877] netlink: 'syz.3.894': attribute type 1 has an invalid length. [ 353.946162][ T8877] netlink: 184 bytes leftover after parsing attributes in process `syz.3.894'. [ 353.946188][ T8877] netlink: 'syz.3.894': attribute type 1 has an invalid length. [ 355.149374][ T8887] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 359.294012][ T8915] netlink: 12 bytes leftover after parsing attributes in process `syz.4.908'. [ 360.318534][ T8921] capability: warning: `syz.1.909' uses deprecated v2 capabilities in a way that may be insecure [ 366.829430][ T5887] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 367.072017][ T5887] usb 4-1: Using ep0 maxpacket: 8 [ 367.669259][ T5887] usb 4-1: config 0 has an invalid interface number: 52 but max is 0 [ 367.669292][ T5887] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 367.669308][ T5887] usb 4-1: config 0 has no interface number 0 [ 367.669356][ T5887] usb 4-1: config 0 interface 52 altsetting 1 has an invalid descriptor for endpoint zero, skipping [ 367.669374][ T5887] usb 4-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 367.669395][ T5887] usb 4-1: config 0 interface 52 has no altsetting 0 [ 367.692532][ T5887] usb 4-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice= 0.00 [ 367.692561][ T5887] usb 4-1: New USB device strings: Mfr=0, Product=234, SerialNumber=34 [ 367.692579][ T5887] usb 4-1: Product: syz [ 367.692591][ T5887] usb 4-1: SerialNumber: syz [ 367.735653][ T5887] usb 4-1: config 0 descriptor?? [ 368.446845][ T5789] usb 4-1: USB disconnect, device number 6 [ 378.591285][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.591353][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 380.777282][ T9126] F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 380.777306][ T9126] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 380.777595][ T9126] F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 380.777611][ T9126] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock [ 380.783346][ T9128] overlayfs: failed to clone upperpath [ 385.655007][ T9189] netlink: 24 bytes leftover after parsing attributes in process `syz.3.989'. [ 386.473259][ T37] audit: type=1326 audit(1760896670.863:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9191 comm="syz.4.992" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c8d5befc9 code=0x7ffc0000 [ 386.495154][ T37] audit: type=1326 audit(1760896670.893:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9191 comm="syz.4.992" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c8d5befc9 code=0x7ffc0000 [ 386.696043][ T37] audit: type=1326 audit(1760896671.073:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9191 comm="syz.4.992" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c8d5befc9 code=0x7ffc0000 [ 386.696089][ T37] audit: type=1326 audit(1760896671.103:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9191 comm="syz.4.992" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c8d5befc9 code=0x7ffc0000 [ 386.696126][ T37] audit: type=1326 audit(1760896671.103:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9191 comm="syz.4.992" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0c8d5befc9 code=0x7ffc0000 [ 386.696164][ T37] audit: type=1326 audit(1760896671.103:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9191 comm="syz.4.992" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c8d5befc9 code=0x7ffc0000 [ 386.696848][ T37] audit: type=1326 audit(1760896671.103:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9191 comm="syz.4.992" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c8d5befc9 code=0x7ffc0000 [ 386.696890][ T37] audit: type=1326 audit(1760896671.103:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9191 comm="syz.4.992" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c8d5befc9 code=0x7ffc0000 [ 386.697139][ T37] audit: type=1326 audit(1760896671.103:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9191 comm="syz.4.992" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0c8d5befc9 code=0x7ffc0000 [ 386.697424][ T37] audit: type=1326 audit(1760896671.103:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9191 comm="syz.4.992" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c8d5befc9 code=0x7ffc0000 [ 387.520753][ T5866] usb 4-1: new full-speed USB device number 7 using dummy_hcd [ 388.366708][ T5866] usb 4-1: New USB device found, idVendor=13d8, idProduct=0020, bcdDevice=f7.31 [ 388.366736][ T5866] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 388.453438][ T5866] usb 4-1: config 0 descriptor?? [ 388.637021][ T5866] usb 4-1: selecting invalid altsetting 3 [ 388.637044][ T5866] comedi comedi5: could not set alternate setting 3 in high speed [ 388.637058][ T5866] usbduxsigma 4-1:0.0: driver 'usbduxsigma' failed to auto-configure device. [ 388.693175][ T5866] usbduxsigma 4-1:0.0: probe with driver usbduxsigma failed with error -22 [ 388.708620][ T5866] usb 4-1: USB disconnect, device number 7 [ 390.411145][ T9237] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1007'. [ 390.561088][ T9241] tipc: Started in network mode [ 390.561115][ T9241] tipc: Node identity ac14140f, cluster identity 4711 [ 390.563404][ T9241] tipc: New replicast peer: 255.255.255.255 [ 390.566005][ T9241] tipc: Enabled bearer , priority 10 [ 391.998237][ T5790] tipc: Node number set to 2886997007 [ 393.992441][ T9281] Device name cannot be null; rc = [-22] [ 396.269967][ T9274] syz.3.1021 (9274): drop_caches: 2 [ 397.533560][ T5815] Bluetooth: hci1: command 0x0406 tx timeout [ 401.059152][ T9318] overlayfs: missing 'lowerdir' [ 401.610166][ T9327] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1035'. [ 401.774714][ T37] kauditd_printk_skb: 22 callbacks suppressed [ 401.774730][ T37] audit: type=1326 audit(1760896686.183:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9329 comm="syz.3.1036" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23ad39efc9 code=0x7ffc0000 [ 401.775011][ T37] audit: type=1326 audit(1760896686.183:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9329 comm="syz.3.1036" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23ad39efc9 code=0x7ffc0000 [ 401.776214][ T37] audit: type=1326 audit(1760896686.183:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9329 comm="syz.3.1036" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23ad39efc9 code=0x7ffc0000 [ 401.776258][ T37] audit: type=1326 audit(1760896686.183:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9329 comm="syz.3.1036" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23ad39efc9 code=0x7ffc0000 [ 401.776664][ T37] audit: type=1326 audit(1760896686.183:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9329 comm="syz.3.1036" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f23ad39efc9 code=0x7ffc0000 [ 401.776703][ T37] audit: type=1326 audit(1760896686.183:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9329 comm="syz.3.1036" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23ad39efc9 code=0x7ffc0000 [ 401.776991][ T37] audit: type=1326 audit(1760896686.183:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9329 comm="syz.3.1036" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23ad39efc9 code=0x7ffc0000 [ 401.778099][ T37] audit: type=1326 audit(1760896686.183:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9329 comm="syz.3.1036" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23ad39efc9 code=0x7ffc0000 [ 401.778141][ T37] audit: type=1326 audit(1760896686.183:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9329 comm="syz.3.1036" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f23ad39efc9 code=0x7ffc0000 [ 401.778632][ T37] audit: type=1326 audit(1760896686.183:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9329 comm="syz.3.1036" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23ad39efc9 code=0x7ffc0000 [ 405.902366][ T9390] netlink: 341 bytes leftover after parsing attributes in process `syz.3.1055'. [ 408.541937][ T9409] Set syz0 is full, maxelem 0 reached [ 408.890917][ T5790] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 409.910020][ T5790] usb 4-1: Using ep0 maxpacket: 32 [ 409.926190][ T5790] usb 4-1: config index 0 descriptor too short (expected 8228, got 36) [ 409.926217][ T5790] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 409.926235][ T5790] usb 4-1: config 0 has no interfaces? [ 409.926265][ T5790] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 409.926286][ T5790] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 409.932296][ T5790] usb 4-1: config 0 descriptor?? [ 410.151725][ T5790] usb 4-1: string descriptor 0 read error: -71 [ 410.279809][ T5790] usb 4-1: USB disconnect, device number 8 [ 411.519964][ T9426] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1068'. [ 412.549996][ T9439] netlink: 'syz.3.1072': attribute type 1 has an invalid length. [ 412.632829][ T9442] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 412.634153][ T9442] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 412.802410][ T9439] gretap1: entered promiscuous mode [ 412.831358][ T9439] bond1: (slave gretap1): making interface the new active one [ 412.831848][ T9439] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 413.056157][ T9451] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 413.056191][ T9451] CIFS: Unable to determine destination address [ 416.719834][ T44] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 416.942948][ T44] usb 5-1: config 0 has an invalid interface number: 217 but max is 0 [ 416.942974][ T44] usb 5-1: config 0 has no interface number 0 [ 416.946258][ T44] usb 5-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69 [ 416.946285][ T44] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 416.946302][ T44] usb 5-1: Product: syz [ 416.946315][ T44] usb 5-1: Manufacturer: syz [ 416.946327][ T44] usb 5-1: SerialNumber: syz [ 417.024960][ T44] usb 5-1: config 0 descriptor?? [ 417.036627][ T44] hub 5-1:0.217: bad descriptor, ignoring hub [ 417.036665][ T44] hub 5-1:0.217: probe with driver hub failed with error -5 [ 418.184384][ T44] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in cold state, will try to load a firmware [ 418.282959][ T37] kauditd_printk_skb: 21 callbacks suppressed [ 418.282978][ T37] audit: type=1326 audit(1760896702.693:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9481 comm="syz.2.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f17fbefc9 code=0x7fc00000 [ 418.291662][ T37] audit: type=1326 audit(1760896702.703:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9481 comm="syz.2.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f6f17fbefc9 code=0x7fc00000 [ 418.519673][ T37] audit: type=1326 audit(1760896702.923:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9481 comm="syz.2.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f17fbefc9 code=0x7fc00000 [ 418.519718][ T37] audit: type=1326 audit(1760896702.923:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9481 comm="syz.2.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f17fbefc9 code=0x7fc00000 [ 418.519752][ T37] audit: type=1326 audit(1760896702.923:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9481 comm="syz.2.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f17fbefc9 code=0x7fc00000 [ 418.519784][ T37] audit: type=1326 audit(1760896702.923:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9481 comm="syz.2.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f17fbefc9 code=0x7fc00000 [ 418.519817][ T37] audit: type=1326 audit(1760896702.923:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9481 comm="syz.2.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f17fbefc9 code=0x7fc00000 [ 418.519851][ T37] audit: type=1326 audit(1760896702.923:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9481 comm="syz.2.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f17fbefc9 code=0x7fc00000 [ 418.519886][ T37] audit: type=1326 audit(1760896702.923:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9481 comm="syz.2.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f17fbefc9 code=0x7fc00000 [ 418.519922][ T37] audit: type=1326 audit(1760896702.923:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9481 comm="syz.2.1087" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f17fbefc9 code=0x7fc00000 [ 418.794964][ T44] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw' [ 418.795019][ T44] dib0700: firmware download failed at 7 with -22 [ 418.843374][ T44] usb 5-1: USB disconnect, device number 6 [ 419.083345][ T9501] bridge1: entered allmulticast mode [ 421.640319][ T5887] IPVS: starting estimator thread 0... [ 421.761253][ T9530] IPVS: using max 9 ests per chain, 21600 per kthread [ 428.554783][ T9586] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1117'. [ 430.718621][ T37] kauditd_printk_skb: 383 callbacks suppressed [ 430.718638][ T37] audit: type=1326 audit(1760896715.133:583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9605 comm="syz.2.1124" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6f17fbefc9 code=0x0 [ 430.771078][ T9610] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1126'. [ 430.771114][ T9610] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1126'. [ 437.146059][ T44] libceph: connect (1)[c::]:6789 error -101 [ 437.146266][ T44] libceph: mon0 (1)[c::]:6789 connect error [ 437.153620][ T44] libceph: connect (1)[c::]:6789 error -101 [ 437.153788][ T9681] ceph: No mds server is up or the cluster is laggy [ 437.153806][ T44] libceph: mon0 (1)[c::]:6789 connect error [ 439.790159][ T9698] bond1: entered promiscuous mode [ 439.792396][ T9698] 8021q: adding VLAN 0 to HW filter on device bond1 [ 439.810669][ T9698] bond0: (slave bond1): Enslaving as an active interface with an up link [ 440.008868][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.008940][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 449.654469][ T9821] Bluetooth: MGMT ver 1.23 [ 457.123753][ T9895] : entered promiscuous mode [ 465.447170][ T9947] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1207'. [ 465.447191][ T9947] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1207'. [ 465.447205][ T9947] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1207'. [ 465.447239][ T9947] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1207'. [ 479.973578][T10075] ptrace attach of "./syz-executor exec"[5807] was attempted by "./syz-executor exec"[10075] [ 480.344342][ T37] audit: type=1326 audit(1760896764.523:584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10077 comm="syz.2.1245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f17fbefc9 code=0x7ffc0000 [ 480.344527][ T37] audit: type=1326 audit(1760896764.753:585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10077 comm="syz.2.1245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f6f17fbefc9 code=0x7ffc0000 [ 480.344674][ T37] audit: type=1326 audit(1760896764.753:586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10077 comm="syz.2.1245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f17fbefc9 code=0x7ffc0000 [ 480.344816][ T37] audit: type=1326 audit(1760896764.753:587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10077 comm="syz.2.1245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f17fbefc9 code=0x7ffc0000 [ 497.243800][ T37] audit: type=1326 audit(1760896781.653:588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10214 comm="syz.3.1284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23ad39efc9 code=0x7ffc0000 [ 497.245068][ T37] audit: type=1326 audit(1760896781.653:589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10214 comm="syz.3.1284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f23ad39efc9 code=0x7ffc0000 [ 497.245114][ T37] audit: type=1326 audit(1760896781.653:590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10214 comm="syz.3.1284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23ad39efc9 code=0x7ffc0000 [ 497.245152][ T37] audit: type=1326 audit(1760896781.653:591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10214 comm="syz.3.1284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23ad39efc9 code=0x7ffc0000 [ 497.245190][ T37] audit: type=1326 audit(1760896781.653:592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10214 comm="syz.3.1284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f23ad39efc9 code=0x7ffc0000 [ 497.252341][ T37] audit: type=1326 audit(1760896781.663:593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10214 comm="syz.3.1284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23ad39efc9 code=0x7ffc0000 [ 497.337192][ T37] audit: type=1326 audit(1760896781.733:594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10214 comm="syz.3.1284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23ad39efc9 code=0x7ffc0000 [ 497.337475][ T37] audit: type=1326 audit(1760896781.733:595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10214 comm="syz.3.1284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f23ad39efc9 code=0x7ffc0000 [ 497.337674][ T37] audit: type=1326 audit(1760896781.733:596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10214 comm="syz.3.1284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23ad39efc9 code=0x7ffc0000 [ 497.337928][ T37] audit: type=1326 audit(1760896781.733:597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10214 comm="syz.3.1284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23ad39efc9 code=0x7ffc0000 [ 498.076451][T10210] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1280'. [ 501.622660][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.622733][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.970009][T10268] netlink: 'syz.2.1297': attribute type 1 has an invalid length. [ 504.120578][T10268] gretap1: entered promiscuous mode [ 504.177810][T10268] bond1: (slave gretap1): making interface the new active one [ 504.186909][T10268] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 509.952607][ C1] IPv4: Oversized IP packet from 172.20.20.170 [ 509.960302][ C1] IPv4: Oversized IP packet from 172.20.20.170 [ 509.979675][ C1] IPv4: Oversized IP packet from 172.20.20.170 [ 509.983245][ C1] IPv4: Oversized IP packet from 172.20.20.170 [ 509.984390][ C1] IPv4: Oversized IP packet from 172.20.20.170 [ 509.985591][ C1] IPv4: Oversized IP packet from 172.20.20.170 [ 509.986716][ C1] IPv4: Oversized IP packet from 172.20.20.170 [ 509.987838][ C1] IPv4: Oversized IP packet from 172.20.20.170 [ 509.989008][ C1] IPv4: Oversized IP packet from 172.20.20.170 [ 510.057258][ C1] IPv4: Oversized IP packet from 172.20.20.170 [ 515.179405][T10375] net_ratelimit: 22 callbacks suppressed [ 515.179453][T10375] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 517.724710][ T5789] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 518.782117][ T5789] usb 4-1: config 0 has no interfaces? [ 518.782160][ T5789] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 518.782183][ T5789] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 519.950701][ T5789] usb 4-1: config 0 descriptor?? [ 519.956435][ T5789] usb 4-1: can't set config #0, error -71 [ 520.130107][ T5789] usb 4-1: USB disconnect, device number 9 [ 520.461597][ T37] kauditd_printk_skb: 17 callbacks suppressed [ 520.461673][ T37] audit: type=1804 audit(1760896804.863:615): pid=10441 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.1342" name="file0" dev="tmpfs" ino=520 res=1 errno=0 [ 522.686728][T10448] ptm ptm0: ldisc open failed (-12), clearing slot 0 [ 531.485074][T10484] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1359'. [ 531.485108][T10484] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1359'. [ 531.516028][T10484] ip6gretap0: entered promiscuous mode [ 531.517723][T10484] syz_tun: entered promiscuous mode [ 532.613497][ C0] ------------[ cut here ]------------ [ 532.613513][ C0] refcount_t: addition on 0; use-after-free. [ 532.614051][ C0] WARNING: CPU: 0 PID: 16 at lib/refcount.c:25 refcount_warn_saturate+0xfa/0x1d0 [ 532.614093][ C0] Modules linked in: [ 532.614115][ C0] CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 532.614142][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 532.614155][ C0] RIP: 0010:refcount_warn_saturate+0xfa/0x1d0 [ 532.614186][ C0] Code: 00 00 e8 e9 f5 3d fd 5b 41 5e c3 cc cc cc cc cc e8 db f5 3d fd c6 05 a4 77 60 0a 01 90 48 c7 c7 20 9b 3e 8b e8 e7 3d 02 fd 90 <0f> 0b 90 90 eb d7 e8 bb f5 3d fd c6 05 85 77 60 0a 01 90 48 c7 c7 [ 532.614204][ C0] RSP: 0018:ffffc90000157830 EFLAGS: 00010246 [ 532.614223][ C0] RAX: 6cdc4f31a2988400 RBX: 0000000000000002 RCX: ffff88801baa5a00 [ 532.614239][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100 [ 532.614253][ C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000100 [ 532.614266][ C0] R10: dffffc0000000000 R11: ffffed101710487b R12: 1ffff9200002af18 [ 532.614283][ C0] R13: ffff888027284058 R14: ffff888027283c80 R15: dffffc0000000000 [ 532.614299][ C0] FS: 0000000000000000(0000) GS:ffff888126bc8000(0000) knlGS:0000000000000000 [ 532.614323][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 532.614339][ C0] CR2: 00007f4ce9c2bc68 CR3: 00000000287f0000 CR4: 00000000003526f0 [ 532.614357][ C0] Call Trace: [ 532.614366][ C0] [ 532.614377][ C0] mptcp_schedule_work+0x164/0x1a0 [ 532.614407][ C0] mptcp_tout_timer+0x21/0xa0 [ 532.614438][ C0] call_timer_fn+0x17e/0x5f0 [ 532.614460][ C0] ? __pfx_mptcp_tout_timer+0x10/0x10 [ 532.614488][ C0] ? __pfx_preempt_schedule+0x10/0x10 [ 532.614515][ C0] ? call_timer_fn+0xbe/0x5f0 [ 532.614536][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 532.614566][ C0] ? preempt_schedule_thunk+0x16/0x30 [ 532.614601][ C0] ? __pfx_mptcp_tout_timer+0x10/0x10 [ 532.614633][ C0] __run_timer_base+0x648/0x970 [ 532.614682][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 532.614733][ C0] run_timer_softirq+0xb7/0x180 [ 532.614754][ C0] handle_softirqs+0x22f/0x710 [ 532.614795][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 532.614839][ C0] run_ktimerd+0xcf/0x190 [ 532.614861][ C0] ? __pfx_run_ktimerd+0x10/0x10 [ 532.614881][ C0] ? schedule+0x91/0x360 [ 532.614919][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 532.614937][ C0] smpboot_thread_fn+0x542/0xa60 [ 532.614959][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 532.614989][ C0] kthread+0x711/0x8a0 [ 532.615018][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 532.615038][ C0] ? __pfx_kthread+0x10/0x10 [ 532.615059][ C0] ? rt_spin_unlock+0x150/0x200 [ 532.615091][ C0] ? rt_spin_unlock+0x161/0x200 [ 532.615114][ C0] ? __pfx_kthread+0x10/0x10 [ 532.615140][ C0] ret_from_fork+0x4bc/0x870 [ 532.615180][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 532.615220][ C0] ? __switch_to_asm+0x39/0x70 [ 532.615245][ C0] ? __switch_to_asm+0x33/0x70 [ 532.615268][ C0] ? __pfx_kthread+0x10/0x10 [ 532.615293][ C0] ret_from_fork_asm+0x1a/0x30 [ 532.615342][ C0] [ 532.615362][ C0] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 532.615385][ C0] CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 532.615410][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 532.615421][ C0] Call Trace: [ 532.615428][ C0] [ 532.615487][ C0] dump_stack_lvl+0x99/0x250 [ 532.615528][ C0] ? __asan_memcpy+0x40/0x70 [ 532.615555][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 532.615579][ C0] ? __pfx__printk+0x10/0x10 [ 532.615620][ C0] vpanic+0x237/0x6d0 [ 532.615641][ C0] ? __pfx_vpanic+0x10/0x10 [ 532.615674][ C0] panic+0xb9/0xc0 [ 532.615694][ C0] ? __pfx_panic+0x10/0x10 [ 532.615736][ C0] __warn+0x31b/0x4b0 [ 532.615755][ C0] ? refcount_warn_saturate+0xfa/0x1d0 [ 532.615781][ C0] ? refcount_warn_saturate+0xfa/0x1d0 [ 532.615804][ C0] report_bug+0x2be/0x4f0 [ 532.615834][ C0] ? refcount_warn_saturate+0xfa/0x1d0 [ 532.615858][ C0] ? refcount_warn_saturate+0xfa/0x1d0 [ 532.615880][ C0] ? refcount_warn_saturate+0xfc/0x1d0 [ 532.615904][ C0] handle_bug+0x84/0x160 [ 532.615928][ C0] exc_invalid_op+0x1a/0x50 [ 532.615952][ C0] asm_exc_invalid_op+0x1a/0x20 [ 532.615973][ C0] RIP: 0010:refcount_warn_saturate+0xfa/0x1d0 [ 532.615997][ C0] Code: 00 00 e8 e9 f5 3d fd 5b 41 5e c3 cc cc cc cc cc e8 db f5 3d fd c6 05 a4 77 60 0a 01 90 48 c7 c7 20 9b 3e 8b e8 e7 3d 02 fd 90 <0f> 0b 90 90 eb d7 e8 bb f5 3d fd c6 05 85 77 60 0a 01 90 48 c7 c7 [ 532.616016][ C0] RSP: 0018:ffffc90000157830 EFLAGS: 00010246 [ 532.616035][ C0] RAX: 6cdc4f31a2988400 RBX: 0000000000000002 RCX: ffff88801baa5a00 [ 532.616052][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100 [ 532.616067][ C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000100 [ 532.616083][ C0] R10: dffffc0000000000 R11: ffffed101710487b R12: 1ffff9200002af18 [ 532.616098][ C0] R13: ffff888027284058 R14: ffff888027283c80 R15: dffffc0000000000 [ 532.616139][ C0] mptcp_schedule_work+0x164/0x1a0 [ 532.616222][ C0] mptcp_tout_timer+0x21/0xa0 [ 532.616259][ C0] call_timer_fn+0x17e/0x5f0 [ 532.616283][ C0] ? __pfx_mptcp_tout_timer+0x10/0x10 [ 532.616311][ C0] ? __pfx_preempt_schedule+0x10/0x10 [ 532.616341][ C0] ? call_timer_fn+0xbe/0x5f0 [ 532.616363][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 532.616394][ C0] ? preempt_schedule_thunk+0x16/0x30 [ 532.616428][ C0] ? __pfx_mptcp_tout_timer+0x10/0x10 [ 532.616459][ C0] __run_timer_base+0x648/0x970 [ 532.616519][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 532.616571][ C0] run_timer_softirq+0xb7/0x180 [ 532.616593][ C0] handle_softirqs+0x22f/0x710 [ 532.616636][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 532.616680][ C0] run_ktimerd+0xcf/0x190 [ 532.616703][ C0] ? __pfx_run_ktimerd+0x10/0x10 [ 532.616724][ C0] ? schedule+0x91/0x360 [ 532.616762][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 532.616782][ C0] smpboot_thread_fn+0x542/0xa60 [ 532.616805][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 532.616837][ C0] kthread+0x711/0x8a0 [ 532.616865][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 532.616885][ C0] ? __pfx_kthread+0x10/0x10 [ 532.616906][ C0] ? rt_spin_unlock+0x150/0x200 [ 532.616938][ C0] ? rt_spin_unlock+0x161/0x200 [ 532.616962][ C0] ? __pfx_kthread+0x10/0x10 [ 532.616989][ C0] ret_from_fork+0x4bc/0x870 [ 532.617024][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 532.617064][ C0] ? __switch_to_asm+0x39/0x70 [ 532.617091][ C0] ? __switch_to_asm+0x33/0x70 [ 532.617116][ C0] ? __pfx_kthread+0x10/0x10 [ 532.617143][ C0] ret_from_fork_asm+0x1a/0x30 [ 532.617200][ C0] [ 532.617562][ C0] Kernel Offset: disabled