last executing test programs: 22.132240656s ago: executing program 2 (id=105): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x74, 0x0, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) connect$can_bcm(0xffffffffffffffff, 0x0, 0x0) sendmsg$can_bcm(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0}, 0x1, 0x0, 0x0, 0x2000c014}, 0x800) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000540)={'vxcan0\x00'}) sendmsg$can_bcm(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x6, 0x0, 0x0, {}, {0x77359400}, {}, 0x1, @can={{}, 0x3, 0x2}}, 0x48}}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet_icmp(0x2, 0x2, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0xa, 0xd, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000000000000000000000000000851000000100000095000000000000001800000020646c2500000000002020207b1af8ff00000000bd21ffff0000000007010000f8ffffffb502020008040000b70300000000000085000000a400000095"], &(0x7f0000000080)='syzkaller\x00', 0x2, 0x0, 0x0, 0x41000}, 0x94) 20.379369931s ago: executing program 2 (id=111): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_GET(r0, 0x4b72, &(0x7f0000000400)={0x1, 0x0, 0x19, 0x5, 0x1a7}) 20.117315232s ago: executing program 2 (id=112): openat(0xffffffffffffff9c, 0x0, 0x42, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x9, 0x2) syz_open_procfs(0x0, 0x0) ioctl$vim2m_VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f0000000200)={0xfffffffc, 0x40002, 0x2, {0xd, @pix_mp={0x0, 0x3, 0x20303159, 0x0, 0xb, [{}, {}, {0x5}, {0xfffffffd}, {}, {}, {0x100000, 0x8000002}, {0x3ff}], 0x4, 0x0, 0x4, 0x0, 0x3}}}) 19.32002792s ago: executing program 2 (id=113): mkdir(&(0x7f0000000000)='./file1\x00', 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) mount$fuse(0x0, 0x0, 0x0, 0x100000, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x2, &(0x7f0000000400)) chdir(&(0x7f0000000180)='./file1\x00') r1 = syz_clone(0x904000, 0x0, 0x5f, 0x0, 0x0, 0x0) setpgid(r1, 0x0) r2 = getpgid(r1) setpgid(0x0, r2) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) 18.049238018s ago: executing program 2 (id=119): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10) unshare(0x24020400) r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000140), 0x8, 0x80000) io_setup(0x1, &(0x7f0000000b80)=0x0) io_submit(r2, 0x1, &(0x7f0000001d00)=[&(0x7f0000001a80)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) signalfd4(r1, &(0x7f0000000140), 0x8, 0x0) 16.474457771s ago: executing program 2 (id=123): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$unix(0x1, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000000)={'vxcan0\x00', 0x0}) r5 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r5, &(0x7f0000000200)={0x1d, r4}, 0x10) sendmsg$can_bcm(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="01000000d7fe68ca7e4d5d5bdbe70000", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=r4, @ANYRES64=r3, @ANYBLOB="3bf81b"], 0x20000600}}, 0x0) 16.024750167s ago: executing program 32 (id=123): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$unix(0x1, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000000)={'vxcan0\x00', 0x0}) r5 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r5, &(0x7f0000000200)={0x1d, r4}, 0x10) sendmsg$can_bcm(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="01000000d7fe68ca7e4d5d5bdbe70000", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=r4, @ANYRES64=r3, @ANYBLOB="3bf81b"], 0x20000600}}, 0x0) 15.669199774s ago: executing program 4 (id=128): r0 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r0, 0x80dc5521, &(0x7f00000000c0)=""/25) ioctl$SNDRV_PCM_IOCTL_STATUS_EXT32(0xffffffffffffffff, 0xc06c4124, 0x0) syz_open_dev$radio(&(0x7f0000000080), 0x3, 0x2) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0) r1 = syz_io_uring_setup(0x494, &(0x7f0000000200)={0x0, 0x7278, 0x400, 0x1, 0x385}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, 0x0, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) syz_open_dev$sndpcmc(&(0x7f0000000140), 0x2, 0xa0700) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r4, &(0x7f0000000180), 0x10) sendmsg$can_bcm(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x50}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) io_uring_enter(r1, 0x26c8, 0x0, 0x1, 0x0, 0x10) 13.937221547s ago: executing program 1 (id=131): r0 = socket$inet6(0xa, 0x80002, 0x0) r1 = socket$inet(0x2, 0x2, 0x1) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000000050005000200000c12000300686173683a6e65742c706f7274"], 0x4c}}, 0x2) r4 = socket(0x2a, 0x2, 0x0) getsockname$packet(r4, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$TIPC_NL_BEARER_ADD(r4, &(0x7f0000000400)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000280)={&(0x7f0000000540)={0x38, 0x0, 0x200, 0x70bd28, 0x25dfdbff, {}, [@TIPC_NLA_NET={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x4}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x2371}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x4}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x4) sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="50000000090601020000000000000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000070601080000001e000000000a00000405000100070000"], 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80) syz_usb_connect(0x5, 0x2d, 0x0, 0x0) socket$kcm(0x10, 0x2, 0x4) r5 = openat$userio(0xffffffffffffff9c, 0x0, 0x22242, 0x0) close_range(r1, r5, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f0000000440)={0x6, 0x1, 0x4, 0x0, 'syz1\x00', 0x53fb}) r6 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000480), 0x149000, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r6, 0xc018937a, &(0x7f0000000500)={{0x1, 0x1, 0x6b, 0xffffffffffffffff, {0x101}}, '\x00'}) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14) socket$nl_route(0x10, 0x3, 0x0) r7 = syz_open_dev$video(0x0, 0xa7, 0x0) ioctl$VIDIOC_S_FMT(r7, 0xc0d05605, 0x0) write$sysctl(0xffffffffffffffff, 0x0, 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000), 0xd) r8 = syz_open_procfs(0x0, &(0x7f0000000300)='net/ip_vs\x00') preadv(r8, &(0x7f0000000080)=[{&(0x7f00000001c0)=""/133, 0x85}], 0x1, 0x114a, 0x3) 13.750297096s ago: executing program 3 (id=132): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000140)=0x200000000) write$vhost_msg_v2(r0, &(0x7f0000002080)={0x2, 0x0, {&(0x7f0000000880)=""/175, 0xaf, 0x0, 0x0, 0x2}}, 0x48) write$vhost_msg_v2(r0, &(0x7f0000000200)={0x2, 0x0, {&(0x7f0000000780)=""/212, 0xd4, 0x0, 0x1, 0x2}}, 0x48) write$vhost_msg_v2(r0, &(0x7f00000003c0)={0x2, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}}, 0x48) 13.077321857s ago: executing program 4 (id=133): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10) unshare(0x24020400) r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000140), 0x8, 0x80000) io_setup(0x1, &(0x7f0000000b80)=0x0) io_submit(r2, 0x1, &(0x7f0000001d00)=[&(0x7f0000001a80)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) signalfd4(r1, &(0x7f0000000140), 0x8, 0x0) 12.931120293s ago: executing program 3 (id=134): pipe(&(0x7f0000000080)={0xffffffffffffffff}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) close(0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) pipe(0x0) tee(r0, 0xffffffffffffffff, 0x8f5, 0x100000000000000) write(r3, 0x0, 0x0) 12.525331831s ago: executing program 4 (id=135): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x80200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000000)="36f2f00fb074000f22c164f0fe8c984d66b9800000c00f326635000400000f300f79aec6960f01c4ea4c006c00ba4300b0ceee2626f087bafaff36660f388008", 0x40}], 0x1, 0x51, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 12.459552003s ago: executing program 3 (id=136): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0) readv(r2, &(0x7f0000000280)=[{&(0x7f0000000000)=""/41, 0x29}, {0x0}, {&(0x7f00000000c0)=""/167, 0xa7}, {&(0x7f0000000180)=""/213, 0xd5}], 0x4) 11.379347583s ago: executing program 3 (id=137): syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x9, 0x9d, 0xc3, 0x20, 0x12d1, 0x7ef3, 0x5468, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x10, 0x10, [{{0x9, 0x4, 0x59, 0x0, 0x0, 0xff, 0x6, 0x3d}}]}}]}}, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r0 = syz_io_uring_setup(0x304, &(0x7f0000000240)={0x0, 0x0, 0x10000, 0xffffffff, 0xe1}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) syz_io_uring_submit(0x0, r2, 0x0) write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB="06"], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x12, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 11.015660355s ago: executing program 4 (id=138): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r1 = dup(r0) write$FUSE_BMAP(r1, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000440)=ANY=[@ANYBLOB="b0000000000000ab284dc9a94095f54e34f11a5a480d2115805745f8a24d"], 0xb0) write$FUSE_NOTIFY_RETRIEVE(r1, &(0x7f00000000c0)={0x14c}, 0x137) removexattr(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)=@known='trusted.overlay.impure\x00') 10.785407149s ago: executing program 4 (id=139): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000280)=0x9) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r3 = socket$pppl2tp(0x18, 0x1, 0x1) r4 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r3, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r4, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xa}}, 0x2}}, 0x2e) r5 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r5, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, r5, {0x2, 0xfffc}, 0x2, 0x4}}, 0x26) ioctl$PPPIOCGL2TPSTATS(r5, 0x8004745a, 0x0) 9.554340849s ago: executing program 4 (id=141): unshare(0x6a040000) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$IP6T_SO_GET_INFO(r0, 0x29, 0x40, &(0x7f0000000080)={'filter\x00', 0x0, [0x7ff, 0x0, 0x0, 0x3, 0x7]}, &(0x7f0000000100)=0x54) 8.184502599s ago: executing program 1 (id=144): socket$nl_netfilter(0x10, 0x3, 0xc) openat$vimc0(0xffffffffffffff9c, &(0x7f0000000980), 0x2, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = io_uring_setup(0x6023, &(0x7f0000000280)={0x0, 0x2800006, 0x40, 0x1, 0x14a}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="4c0000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="ef00000000000000140012800b0001006970766c616e00000400028008000500", @ANYRES32=r1], 0x4c}}, 0x0) 7.949194488s ago: executing program 1 (id=145): pipe(&(0x7f0000000080)={0xffffffffffffffff}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) close(0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) pipe(0x0) tee(r0, 0xffffffffffffffff, 0x8f5, 0x100000000000000) write(r3, 0x0, 0x0) 7.905238317s ago: executing program 1 (id=146): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0) readv(r2, &(0x7f0000000280)=[{&(0x7f0000000000)=""/41, 0x29}, {0x0}, {&(0x7f00000000c0)=""/167, 0xa7}, {&(0x7f0000000180)=""/213, 0xd5}], 0x4) 6.812357034s ago: executing program 1 (id=147): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000200)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r1, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x48, r0, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x2}, @NL80211_ATTR_STA_WME={0xc, 0x81, [@NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x65}]}]}, 0x48}}, 0x0) 4.539520369s ago: executing program 3 (id=150): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000280)=0x9) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYRES16, @ANYRES8, @ANYRES64, @ANYRES64], 0x48) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) r2 = socket$pppl2tp(0x18, 0x1, 0x1) r3 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r2, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r3, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xa}}, 0x2}}, 0x2e) r4 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r4, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, r4, {0x2, 0xfffc}, 0x2, 0x4}}, 0x26) ioctl$PPPIOCGL2TPSTATS(r4, 0x8004745a, 0x0) 4.464391244s ago: executing program 0 (id=151): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) recvmmsg(r1, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)=""/189, 0xbd}, {&(0x7f00000002c0)=""/182, 0xb6}, {&(0x7f0000000380)=""/4096, 0x1000}, {&(0x7f0000001380)=""/198, 0xc6}], 0x4, &(0x7f0000002540)=""/216, 0xd8}}], 0x1, 0x0, 0x0) 3.480054703s ago: executing program 0 (id=152): r0 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r0, 0x80dc5521, &(0x7f00000000c0)=""/25) ioctl$SNDRV_PCM_IOCTL_STATUS_EXT32(0xffffffffffffffff, 0xc06c4124, 0x0) syz_open_dev$radio(&(0x7f0000000080), 0x3, 0x2) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0) r1 = syz_io_uring_setup(0x494, &(0x7f0000000200)={0x0, 0x7278, 0x400, 0x1, 0x385}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, 0x0, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) syz_open_dev$sndpcmc(&(0x7f0000000140), 0x2, 0xa0700) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r4, &(0x7f0000000180), 0x10) sendmsg$can_bcm(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x50}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) io_uring_enter(r1, 0x26c8, 0x0, 0x1, 0x0, 0x10) 2.455188376s ago: executing program 0 (id=153): r0 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f00000000c0)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(r1, 0x1, &(0x7f0000000180)=0x3) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x4004) shmget$private(0x0, 0x1000, 0x0, &(0x7f00008f0000/0x1000)=nil) shmat(0x0, &(0x7f0000ffd000/0x1000)=nil, 0x7000) shmctl$SHM_LOCK(0x0, 0xb) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r5, 0x0) 1.821884174s ago: executing program 3 (id=154): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240)) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, 0x2}, 0x28) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.378044276s ago: executing program 0 (id=155): pipe(&(0x7f0000000080)={0xffffffffffffffff}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) close(0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) pipe(0x0) tee(r0, 0xffffffffffffffff, 0x8f5, 0x100000000000000) write(r3, 0x0, 0x0) 1.19682579s ago: executing program 0 (id=156): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0) readv(r2, &(0x7f0000000280)=[{&(0x7f0000000080)=""/56, 0x38}, {&(0x7f00000000c0)=""/167, 0xa7}, {&(0x7f0000000180)=""/213, 0xd5}], 0x3) 1.018860594s ago: executing program 1 (id=157): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_SET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)={0x34, r1, 0x431, 0x70bd2b, 0xfffffffd, {}, [@ETHTOOL_A_PAUSE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_PAUSE_RX={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0x200048c4) 0s ago: executing program 0 (id=158): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r1 = dup(r0) write$FUSE_BMAP(r1, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000440)=ANY=[@ANYBLOB="b0000000000000ab284dc9a94095f54e34f11a5a480d2115805745f8a24d"], 0xb0) write$FUSE_NOTIFY_RETRIEVE(r1, &(0x7f00000000c0)={0x14c}, 0x137) removexattr(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)=@known='trusted.overlay.impure\x00') kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.23' (ED25519) to the list of known hosts. [ 84.781724][ T5819] cgroup: Unknown subsys name 'net' [ 84.917736][ T5819] cgroup: Unknown subsys name 'cpuset' [ 84.927543][ T5819] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 86.618824][ T5819] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 90.910071][ T5838] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 90.918504][ T5838] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 90.926263][ T5838] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 90.934496][ T5838] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 90.942339][ T5838] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 91.119169][ T5153] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 91.144502][ T5153] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 91.152704][ T5153] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 91.161577][ T5153] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 91.169628][ T5153] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 91.194052][ T5153] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 91.210040][ T5846] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 91.220207][ T5849] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 91.239417][ T5849] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 91.255397][ T5849] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 91.299658][ T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 91.314916][ T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 91.322717][ T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 91.331616][ T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 91.339688][ T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 91.358781][ T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 91.371987][ T5838] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 91.383427][ T5838] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 91.412585][ T5838] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 91.420604][ T5838] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 91.478480][ T5835] chnl_net:caif_netlink_parms(): no params data found [ 91.757939][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.765500][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.773105][ T5835] bridge_slave_0: entered allmulticast mode [ 91.780817][ T5835] bridge_slave_0: entered promiscuous mode [ 91.822735][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.830058][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.837976][ T5835] bridge_slave_1: entered allmulticast mode [ 91.845718][ T5835] bridge_slave_1: entered promiscuous mode [ 91.878163][ T1209] cfg80211: failed to load regulatory.db [ 91.972767][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.987266][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.108126][ T5835] team0: Port device team_slave_0 added [ 92.120484][ T5835] team0: Port device team_slave_1 added [ 92.151864][ T5840] chnl_net:caif_netlink_parms(): no params data found [ 92.222254][ T5842] chnl_net:caif_netlink_parms(): no params data found [ 92.278941][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.286226][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.313025][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.326704][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.333727][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.361064][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.449348][ T5844] chnl_net:caif_netlink_parms(): no params data found [ 92.521245][ T5850] chnl_net:caif_netlink_parms(): no params data found [ 92.632852][ T5835] hsr_slave_0: entered promiscuous mode [ 92.639421][ T5835] hsr_slave_1: entered promiscuous mode [ 92.648112][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.655786][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.662951][ T5840] bridge_slave_0: entered allmulticast mode [ 92.670955][ T5840] bridge_slave_0: entered promiscuous mode [ 92.709857][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.717353][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.724944][ T5840] bridge_slave_1: entered allmulticast mode [ 92.732228][ T5840] bridge_slave_1: entered promiscuous mode [ 92.781700][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.789121][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.796441][ T5842] bridge_slave_0: entered allmulticast mode [ 92.804317][ T5842] bridge_slave_0: entered promiscuous mode [ 92.849496][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.859377][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.866692][ T5842] bridge_slave_1: entered allmulticast mode [ 92.874478][ T5842] bridge_slave_1: entered promiscuous mode [ 92.897977][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.964364][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.979517][ T5844] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.986964][ T5844] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.994265][ T5844] bridge_slave_0: entered allmulticast mode [ 93.001529][ T5844] bridge_slave_0: entered promiscuous mode [ 93.004654][ T5838] Bluetooth: hci0: command tx timeout [ 93.010262][ T5844] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.020471][ T5844] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.028463][ T5844] bridge_slave_1: entered allmulticast mode [ 93.036226][ T5844] bridge_slave_1: entered promiscuous mode [ 93.125906][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.138618][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.149968][ T5840] team0: Port device team_slave_0 added [ 93.159297][ T5840] team0: Port device team_slave_1 added [ 93.199661][ T5844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.234487][ T5838] Bluetooth: hci1: command tx timeout [ 93.240934][ T5850] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.248503][ T5850] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.255840][ T5850] bridge_slave_0: entered allmulticast mode [ 93.263010][ T5850] bridge_slave_0: entered promiscuous mode [ 93.280361][ T5844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.313721][ T5838] Bluetooth: hci2: command tx timeout [ 93.322123][ T5850] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.329428][ T5850] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.336720][ T5850] bridge_slave_1: entered allmulticast mode [ 93.344028][ T5850] bridge_slave_1: entered promiscuous mode [ 93.371868][ T5842] team0: Port device team_slave_0 added [ 93.378868][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.386228][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.412709][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.423354][ T5838] Bluetooth: hci3: command tx timeout [ 93.473960][ T5838] Bluetooth: hci4: command tx timeout [ 93.482590][ T5842] team0: Port device team_slave_1 added [ 93.489617][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.496636][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.522605][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.562954][ T5850] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.583413][ T5844] team0: Port device team_slave_0 added [ 93.635364][ T5850] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.655221][ T5844] team0: Port device team_slave_1 added [ 93.661920][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.669442][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.695535][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.761041][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.768863][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.794944][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.811104][ T5840] hsr_slave_0: entered promiscuous mode [ 93.817666][ T5840] hsr_slave_1: entered promiscuous mode [ 93.824341][ T5840] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 93.832104][ T5840] Cannot create hsr debugfs directory [ 93.852914][ T5850] team0: Port device team_slave_0 added [ 93.898900][ T5850] team0: Port device team_slave_1 added [ 93.920749][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.927850][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.953911][ T5844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.969030][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.976212][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 94.003164][ T5844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.060557][ T5842] hsr_slave_0: entered promiscuous mode [ 94.067868][ T5842] hsr_slave_1: entered promiscuous mode [ 94.074530][ T5842] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 94.082105][ T5842] Cannot create hsr debugfs directory [ 94.134061][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 94.141068][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 94.167498][ T5850] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 94.180266][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 94.187439][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 94.213430][ T5850] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.328338][ T5844] hsr_slave_0: entered promiscuous mode [ 94.335695][ T5844] hsr_slave_1: entered promiscuous mode [ 94.341798][ T5844] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 94.349447][ T5844] Cannot create hsr debugfs directory [ 94.363065][ T5835] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 94.385263][ T5835] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 94.435119][ T5850] hsr_slave_0: entered promiscuous mode [ 94.441793][ T5850] hsr_slave_1: entered promiscuous mode [ 94.448216][ T5850] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 94.456200][ T5850] Cannot create hsr debugfs directory [ 94.469123][ T5835] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 94.506604][ T5835] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 94.936931][ T5840] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 94.949745][ T5840] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 94.961238][ T5840] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 94.977332][ T5840] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 95.056459][ T5842] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 95.071043][ T5842] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 95.077882][ T5838] Bluetooth: hci0: command tx timeout [ 95.105599][ T5842] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 95.119588][ T5842] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 95.197114][ T5844] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 95.216075][ T5844] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 95.240987][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.253504][ T5844] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 95.273417][ T5844] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 95.314256][ T5838] Bluetooth: hci1: command tx timeout [ 95.356493][ T5835] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.391699][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.394021][ T5838] Bluetooth: hci2: command tx timeout [ 95.399037][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.427605][ T5850] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 95.441221][ T5850] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 95.451664][ T5850] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 95.462970][ T5850] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 95.473936][ T5838] Bluetooth: hci3: command tx timeout [ 95.517886][ T3462] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.525111][ T3462] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.554636][ T5838] Bluetooth: hci4: command tx timeout [ 95.589317][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.692492][ T5840] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.712483][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.738986][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.746274][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.788215][ T3513] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.795563][ T3513] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.831053][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.860711][ T5842] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.930509][ T64] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.937673][ T64] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.957929][ T5844] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.993122][ T64] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.000425][ T64] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.030902][ T5850] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.056235][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.063399][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.089089][ T5840] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 96.141191][ T5850] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.153639][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.160815][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.231445][ T3500] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.238669][ T3500] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.263104][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.270309][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.377485][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.649544][ T5835] veth0_vlan: entered promiscuous mode [ 96.689021][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.719268][ T5835] veth1_vlan: entered promiscuous mode [ 96.847629][ T5835] veth0_macvtap: entered promiscuous mode [ 96.865546][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.895935][ T5835] veth1_macvtap: entered promiscuous mode [ 96.967373][ T5840] veth0_vlan: entered promiscuous mode [ 97.005250][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.022275][ T5840] veth1_vlan: entered promiscuous mode [ 97.049269][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.071023][ T5844] veth0_vlan: entered promiscuous mode [ 97.093068][ T5850] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.106968][ T5844] veth1_vlan: entered promiscuous mode [ 97.133297][ T3513] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.142863][ T3513] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.155427][ T5838] Bluetooth: hci0: command tx timeout [ 97.171191][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.178906][ T3513] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.188193][ T3513] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.213339][ T5840] veth0_macvtap: entered promiscuous mode [ 97.262218][ T5840] veth1_macvtap: entered promiscuous mode [ 97.363427][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.379113][ T5844] veth0_macvtap: entered promiscuous mode [ 97.396073][ T5838] Bluetooth: hci1: command tx timeout [ 97.402596][ T5844] veth1_macvtap: entered promiscuous mode [ 97.428521][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.474462][ T5838] Bluetooth: hci2: command tx timeout [ 97.496893][ T5850] veth0_vlan: entered promiscuous mode [ 97.520515][ T64] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.546997][ T64] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.554531][ T5838] Bluetooth: hci3: command tx timeout [ 97.579211][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.627765][ T3500] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.640415][ T5838] Bluetooth: hci4: command tx timeout [ 97.644593][ T3500] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.657009][ T5850] veth1_vlan: entered promiscuous mode [ 97.677486][ T3513] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.686357][ T3513] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.701457][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.727538][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.735990][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.761490][ T64] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.779456][ T64] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.822074][ T5835] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 97.838296][ T64] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.850988][ T64] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.980525][ T5850] veth0_macvtap: entered promiscuous mode [ 98.015391][ T1010] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.032269][ T1010] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.063301][ T5850] veth1_macvtap: entered promiscuous mode [ 98.113560][ T5842] veth0_vlan: entered promiscuous mode [ 98.147094][ T3513] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.168227][ T3513] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.231406][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.278924][ T5842] veth1_vlan: entered promiscuous mode [ 98.329074][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.366256][ T1010] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.383395][ T1010] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.409817][ T3513] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.480174][ T3513] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.509682][ T3513] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.565828][ T3513] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.575200][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.619462][ T3513] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.643490][ T3513] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.731247][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 98.807388][ T5842] veth0_macvtap: entered promiscuous mode [ 98.824003][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.833984][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 98.893920][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.904041][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.913776][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 98.924330][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.995930][ T5842] veth1_macvtap: entered promiscuous mode [ 99.030954][ T3500] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.081202][ T3500] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.244115][ T5838] Bluetooth: hci0: command tx timeout [ 99.414788][ T3500] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.425544][ T3500] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.437845][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.475779][ T5838] Bluetooth: hci1: command tx timeout [ 99.494785][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.554257][ T5838] Bluetooth: hci2: command tx timeout [ 99.634512][ T5838] Bluetooth: hci3: command tx timeout [ 99.702783][ T3500] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.714210][ T5838] Bluetooth: hci4: command tx timeout [ 99.727609][ T3500] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.832384][ T3500] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.856509][ T3500] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.621657][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.651484][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.433911][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.548532][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.572531][ T3513] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.681450][ T3513] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.956961][ T5838] Bluetooth: hci4: connection err: -111 [ 102.263044][ T5976] netlink: 176 bytes leftover after parsing attributes in process `syz.3.11'. [ 102.352852][ T5976] binder: 5969:5976 ioctl c0306201 0 returned -14 [ 102.395322][ T5978] binder: 5969:5978 ioctl 4018620d 0 returned -22 [ 102.875731][ T5987] netlink: 56 bytes leftover after parsing attributes in process `syz.2.15'. [ 103.208400][ T10] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 103.463746][ T10] usb 5-1: Using ep0 maxpacket: 16 [ 103.493284][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 103.518745][ T10] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 103.551988][ T10] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 103.587519][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 103.644795][ T10] usb 5-1: config 0 descriptor?? [ 103.784493][ T5996] netlink: 176 bytes leftover after parsing attributes in process `syz.2.18'. [ 103.961039][ T10] usbhid 5-1:0.0: can't add hid device: -71 [ 103.975219][ T10] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 103.991997][ T10] usb 5-1: USB disconnect, device number 2 [ 104.286725][ T1209] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 104.335002][ T6005] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 104.534652][ T1209] usb 1-1: Using ep0 maxpacket: 32 [ 104.545102][ T1209] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 104.570380][ T1209] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 104.618102][ T6005] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 104.637562][ T1209] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 104.654842][ T1209] usb 1-1: Product: syz [ 104.660535][ T1209] usb 1-1: Manufacturer: syz [ 104.669140][ T1209] usb 1-1: SerialNumber: syz [ 104.689749][ T1209] usb 1-1: config 0 descriptor?? [ 104.700872][ T5999] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 105.179729][ T6022] loop2: detected capacity change from 0 to 7 [ 105.238588][ T6022] Dev loop2: unable to read RDB block 7 [ 105.303269][ T6022] loop2: unable to read partition table [ 105.319594][ T9] usb 1-1: USB disconnect, device number 2 [ 105.365890][ T6022] loop2: partition table beyond EOD, truncated [ 105.386083][ T6022] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 106.582802][ T6035] netlink: 176 bytes leftover after parsing attributes in process `syz.1.30'. [ 106.639034][ T6036] binder: 6032:6036 ioctl c0306201 0 returned -14 [ 106.648190][ T6036] binder: 6032:6036 ioctl 4018620d 0 returned -22 [ 107.194478][ T6040] netlink: 4 bytes leftover after parsing attributes in process `syz.3.32'. [ 107.789080][ T6045] syz.0.34 uses obsolete (PF_INET,SOCK_PACKET) [ 107.819337][ T6045] syzkaller1: entered promiscuous mode [ 107.826770][ T6045] syzkaller1: entered allmulticast mode [ 111.507297][ T6069] netlink: 24 bytes leftover after parsing attributes in process `syz.3.40'. [ 112.409277][ T6069] netlink: 'syz.3.40': attribute type 4 has an invalid length. [ 113.450440][ T6085] random: crng reseeded on system resumption [ 114.630414][ T6101] netlink: 'syz.3.46': attribute type 10 has an invalid length. [ 114.638744][ T6101] netlink: 40 bytes leftover after parsing attributes in process `syz.3.46'. [ 114.652185][ T6101] dummy0: entered promiscuous mode [ 114.713985][ T6101] bridge0: port 3(dummy0) entered blocking state [ 114.731469][ T6101] bridge0: port 3(dummy0) entered disabled state [ 114.758757][ T6101] dummy0: entered allmulticast mode [ 115.136251][ T6101] bridge0: port 3(dummy0) entered blocking state [ 115.143117][ T6101] bridge0: port 3(dummy0) entered forwarding state [ 116.490282][ T6111] loop1: detected capacity change from 0 to 4096 [ 118.433069][ T6134] random: crng reseeded on system resumption [ 122.633737][ T6175] misc userio: Begin command sent, but we're already running [ 124.662493][ T6194] random: crng reseeded on system resumption [ 124.860352][ T6193] kvm: emulating exchange as write [ 126.319364][ T6211] loop0: detected capacity change from 0 to 40427 [ 127.018320][ T6211] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 131.794163][ T6264] netlink: 20 bytes leftover after parsing attributes in process `syz.0.98'. [ 131.828693][ T6264] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 132.315761][ T6267] loop2: detected capacity change from 0 to 40427 [ 132.422148][ T6276] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 132.433836][ T5838] Bluetooth: hci2: Invalid handle: 0x1102 > 0x0eff [ 132.490165][ T6267] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 132.870885][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.879210][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 135.006898][ T6301] veth0_to_team: entered promiscuous mode [ 135.012768][ T6301] veth0_to_team: entered allmulticast mode [ 135.483724][ T10] usb 4-1: new low-speed USB device number 2 using dummy_hcd [ 135.667426][ T10] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 136.370100][ T10] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 136.379516][ T10] usb 4-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 136.391373][ T10] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 136.402691][ T10] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 136.437461][ T10] usb 4-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 136.486501][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.514182][ T6305] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 136.536740][ T10] hub 4-1:1.0: bad descriptor, ignoring hub [ 136.562280][ T10] hub 4-1:1.0: probe with driver hub failed with error -5 [ 136.580272][ T10] cdc_wdm 4-1:1.0: skipping garbage [ 136.588019][ T10] cdc_wdm 4-1:1.0: skipping garbage [ 136.599204][ T10] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 136.623652][ T10] cdc_wdm 4-1:1.0: Unknown control protocol [ 137.741507][ T5840] syz-executor: attempt to access beyond end of device [ 137.741507][ T5840] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 137.780040][ T5840] CPU: 1 UID: 0 PID: 5840 Comm: syz-executor Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 137.780071][ T5840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 137.780093][ T5840] Call Trace: [ 137.780102][ T5840] [ 137.780111][ T5840] dump_stack_lvl+0x189/0x250 [ 137.780153][ T5840] ? __pfx_dump_stack_lvl+0x10/0x10 [ 137.780185][ T5840] ? __pfx_queue_work_on+0x10/0x10 [ 137.780216][ T5840] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 137.780246][ T5840] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 137.780277][ T5840] ? f2fs_hw_is_readonly+0x39b/0x470 [ 137.780310][ T5840] f2fs_handle_critical_error+0x37c/0x540 [ 137.780345][ T5840] f2fs_write_end_io+0x495/0x810 [ 137.780373][ T5840] ? blkg_put+0x22/0x240 [ 137.780418][ T5840] __submit_merged_bio+0x27a/0x6a0 [ 137.780453][ T5840] __submit_merged_write_cond+0x255/0x530 [ 137.780488][ T5840] f2fs_write_data_pages+0x261d/0x3000 [ 137.780568][ T5840] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 137.780687][ T5840] ? __lock_acquire+0xab9/0xd20 [ 137.780724][ T5840] ? do_raw_spin_lock+0x121/0x290 [ 137.780759][ T5840] ? do_raw_spin_unlock+0x122/0x240 [ 137.780780][ T5840] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 137.780811][ T5840] do_writepages+0x32e/0x550 [ 137.780855][ T5840] ? do_raw_spin_unlock+0x122/0x240 [ 137.780882][ T5840] filemap_fdatawrite+0x199/0x240 [ 137.780913][ T5840] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 137.781003][ T5840] ? do_raw_spin_unlock+0x122/0x240 [ 137.781030][ T5840] f2fs_sync_dirty_inodes+0x31f/0x830 [ 137.781080][ T5840] f2fs_write_checkpoint+0x95a/0x1df0 [ 137.781143][ T5840] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 137.781222][ T5840] ? try_to_wake_up+0x7e5/0x1290 [ 137.781251][ T5840] ? kill_f2fs_super+0x298/0x6c0 [ 137.781288][ T5840] kill_f2fs_super+0x2c3/0x6c0 [ 137.781326][ T5840] ? __pfx_kill_f2fs_super+0x10/0x10 [ 137.781354][ T5840] ? radix_tree_delete_item+0x2b6/0x400 [ 137.781393][ T5840] ? shrinker_free+0x2ce/0x3e0 [ 137.781421][ T5840] deactivate_locked_super+0xbc/0x130 [ 137.781451][ T5840] cleanup_mnt+0x425/0x4c0 [ 137.781476][ T5840] ? lockdep_hardirqs_on+0x9c/0x150 [ 137.781510][ T5840] task_work_run+0x1d1/0x260 [ 137.781536][ T5840] ? __pfx_task_work_run+0x10/0x10 [ 137.781568][ T5840] ? kmem_cache_free+0x18f/0x400 [ 137.781607][ T5840] do_exit+0x6b5/0x2300 [ 137.781636][ T5840] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 137.781662][ T5840] ? __pfx_do_exit+0x10/0x10 [ 137.781695][ T5840] ? _raw_spin_unlock_irq+0x23/0x50 [ 137.781723][ T5840] ? lockdep_hardirqs_on+0x9c/0x150 [ 137.781757][ T5840] do_group_exit+0x21c/0x2d0 [ 137.781785][ T5840] __x64_sys_exit_group+0x3f/0x40 [ 137.781806][ T5840] x64_sys_call+0x21ba/0x21c0 [ 137.781826][ T5840] do_syscall_64+0xfa/0x3b0 [ 137.781844][ T5840] ? lockdep_hardirqs_on+0x9c/0x150 [ 137.781873][ T5840] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 137.781893][ T5840] ? clear_bhb_loop+0x60/0xb0 [ 137.781919][ T5840] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 137.781938][ T5840] RIP: 0033:0x7f2a4158e929 [ 137.781963][ T5840] Code: Unable to access opcode bytes at 0x7f2a4158e8ff. [ 137.781973][ T5840] RSP: 002b:00007ffd6f7459e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 137.781995][ T5840] RAX: ffffffffffffffda RBX: 00007f2a41610931 RCX: 00007f2a4158e929 [ 137.782010][ T5840] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 137.782021][ T5840] RBP: 0000000000000002 R08: 00007ffd6f743787 R09: 00007ffd6f746ca0 [ 137.782034][ T5840] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd6f746ca0 [ 137.782047][ T5840] R13: 00007f2a41610925 R14: 00000000000215f4 R15: 00007ffd6f748e60 [ 137.782083][ T5840] [ 137.782092][ T5840] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 138.150398][ T6305] cdc_wdm 4-1:1.0: Error autopm - -16 [ 138.163107][ T5887] usb 4-1: USB disconnect, device number 2 [ 138.315140][ T6340] veth0_to_team: entered promiscuous mode [ 138.321121][ T6340] veth0_to_team: entered allmulticast mode [ 138.826540][ T5941] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 138.993671][ T5941] usb 1-1: Using ep0 maxpacket: 32 [ 139.000759][ T5941] usb 1-1: config 0 has an invalid interface number: 89 but max is 0 [ 139.011240][ T5941] usb 1-1: config 0 has no interface number 0 [ 139.037813][ T5941] usb 1-1: New USB device found, idVendor=12d1, idProduct=7ef3, bcdDevice=54.68 [ 139.054211][ T5941] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 139.093992][ T5941] usb 1-1: Product: syz [ 139.102238][ T5941] usb 1-1: Manufacturer: syz [ 139.115345][ T5941] usb 1-1: SerialNumber: syz [ 139.132722][ T5941] usb 1-1: config 0 descriptor?? [ 139.152897][ T5941] hub 1-1:0.89: bad descriptor, ignoring hub [ 139.173758][ T5941] hub 1-1:0.89: probe with driver hub failed with error -5 [ 139.211476][ T5941] option 1-1:0.89: GSM modem (1-port) converter detected [ 139.312179][ T6227] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.450237][ T6227] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.504434][ T10] usb 1-1: USB disconnect, device number 3 [ 139.525485][ T10] option 1-1:0.89: device disconnected [ 139.578829][ T6227] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.721784][ T6227] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 140.974299][ T6363] netlink: 176 bytes leftover after parsing attributes in process `syz.1.129'. [ 140.986417][ T6363] binder: 6360:6363 ioctl c0306201 0 returned -14 [ 140.995682][ T6363] binder: 6360:6363 ioctl 4018620d 0 returned -22 [ 141.069710][ T6227] bridge_slave_1: left allmulticast mode [ 141.279389][ T6227] bridge_slave_1: left promiscuous mode [ 141.292850][ T6227] bridge0: port 2(bridge_slave_1) entered disabled state [ 142.067068][ T6227] bridge_slave_0: left allmulticast mode [ 142.106069][ T6227] bridge_slave_0: left promiscuous mode [ 142.145716][ T6227] bridge0: port 1(bridge_slave_0) entered disabled state [ 142.948473][ T5153] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 143.007849][ T5153] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 143.018609][ T5153] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 143.032043][ T5153] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 143.041701][ T5153] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 145.106375][ T5153] Bluetooth: hci1: command tx timeout [ 145.486312][ T6227] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 146.213441][ T6227] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 146.254559][ T6227] bond0 (unregistering): Released all slaves [ 147.153883][ T5153] Bluetooth: hci1: command tx timeout [ 147.664647][ T6421] netlink: 16 bytes leftover after parsing attributes in process `syz.1.144'. [ 147.706342][ T6421] ip_vti0: Master is either lo or non-ether device [ 148.941256][ T9] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 149.713805][ T5153] Bluetooth: hci1: command tx timeout [ 149.804091][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 149.826970][ T9] usb 4-1: config 0 has an invalid interface number: 89 but max is 0 [ 149.883745][ T6227] hsr_slave_0: left promiscuous mode [ 149.889214][ T9] usb 4-1: config 0 has no interface number 0 [ 149.907421][ T9] usb 4-1: New USB device found, idVendor=12d1, idProduct=7ef3, bcdDevice=54.68 [ 149.920335][ T6227] hsr_slave_1: left promiscuous mode [ 149.944661][ T6227] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 149.952195][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 149.976327][ T6227] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 149.984910][ T9] usb 4-1: Product: syz [ 149.994225][ T9] usb 4-1: Manufacturer: syz [ 149.999024][ T9] usb 4-1: SerialNumber: syz [ 150.011947][ T6227] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 150.023721][ T9] usb 4-1: config 0 descriptor?? [ 150.046643][ T9] hub 4-1:0.89: bad descriptor, ignoring hub [ 150.055121][ T6227] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 150.071434][ T9] hub 4-1:0.89: probe with driver hub failed with error -5 [ 150.110261][ T9] option 4-1:0.89: GSM modem (1-port) converter detected [ 150.151813][ T6227] veth1_macvtap: left promiscuous mode [ 150.179814][ T6227] veth0_macvtap: left promiscuous mode [ 150.199307][ T6227] veth1_vlan: left promiscuous mode [ 150.218850][ T6227] veth0_vlan: left promiscuous mode [ 151.253733][ T5887] usb 4-1: USB disconnect, device number 4 [ 151.283100][ T5887] option 4-1:0.89: device disconnected [ 151.794000][ T5838] Bluetooth: hci1: command tx timeout [ 152.285826][ T6227] team0 (unregistering): Port device team_slave_1 removed [ 153.213326][ T6227] team0 (unregistering): Port device team_slave_0 removed [ 156.868723][ T6478] ================================================================== [ 156.876939][ T6478] BUG: KASAN: slab-out-of-bounds in pause_parse_request+0x40/0x160 [ 156.884876][ T6478] Read of size 8 at addr ffff88814c921130 by task syz.1.157/6478 [ 156.892611][ T6478] [ 156.894973][ T6478] CPU: 0 UID: 0 PID: 6478 Comm: syz.1.157 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 156.895000][ T6478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 156.895014][ T6478] Call Trace: [ 156.895023][ T6478] [ 156.895031][ T6478] dump_stack_lvl+0x189/0x250 [ 156.895067][ T6478] ? __virt_addr_valid+0x1c8/0x5c0 [ 156.895086][ T6478] ? rcu_is_watching+0x15/0xb0 [ 156.895113][ T6478] ? __kasan_check_byte+0x12/0x40 [ 156.895146][ T6478] ? __pfx_dump_stack_lvl+0x10/0x10 [ 156.895176][ T6478] ? rcu_is_watching+0x15/0xb0 [ 156.895204][ T6478] ? lock_release+0x4b/0x3e0 [ 156.895231][ T6478] ? __virt_addr_valid+0x1c8/0x5c0 [ 156.895248][ T6478] ? __virt_addr_valid+0x4a5/0x5c0 [ 156.895267][ T6478] print_report+0xd2/0x2b0 [ 156.895294][ T6478] ? pause_parse_request+0x40/0x160 [ 156.895323][ T6478] kasan_report+0x118/0x150 [ 156.895342][ T6478] ? pause_parse_request+0x40/0x160 [ 156.895376][ T6478] ? __pfx_pause_parse_request+0x10/0x10 [ 156.895405][ T6478] pause_parse_request+0x40/0x160 [ 156.895436][ T6478] ? __pfx_pause_parse_request+0x10/0x10 [ 156.895466][ T6478] ethnl_default_set_doit+0x2c1/0xa40 [ 156.895489][ T6478] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 156.895521][ T6478] genl_family_rcv_msg_doit+0x215/0x300 [ 156.895551][ T6478] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 156.895584][ T6478] ? bpf_lsm_capable+0x9/0x20 [ 156.895613][ T6478] ? security_capable+0x7e/0x2e0 [ 156.895648][ T6478] genl_rcv_msg+0x60e/0x790 [ 156.895677][ T6478] ? __pfx_genl_rcv_msg+0x10/0x10 [ 156.895700][ T6478] ? ref_tracker_free+0x63a/0x7d0 [ 156.895726][ T6478] ? __pfx_ethnl_default_set_doit+0x10/0x10 [ 156.895749][ T6478] ? __pfx_ref_tracker_free+0x10/0x10 [ 156.895780][ T6478] netlink_rcv_skb+0x205/0x470 [ 156.895800][ T6478] ? __pfx_genl_rcv_msg+0x10/0x10 [ 156.895825][ T6478] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 156.895865][ T6478] ? down_read+0x1ad/0x2e0 [ 156.895886][ T6478] genl_rcv+0x28/0x40 [ 156.895909][ T6478] netlink_unicast+0x758/0x8d0 [ 156.895944][ T6478] netlink_sendmsg+0x805/0xb30 [ 156.895968][ T6478] ? __pfx_netlink_sendmsg+0x10/0x10 [ 156.895990][ T6478] ? aa_sock_msg_perm+0xf1/0x1d0 [ 156.896017][ T6478] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 156.896041][ T6478] ? __pfx_netlink_sendmsg+0x10/0x10 [ 156.896061][ T6478] __sock_sendmsg+0x21c/0x270 [ 156.896092][ T6478] ____sys_sendmsg+0x505/0x830 [ 156.896118][ T6478] ? __pfx_____sys_sendmsg+0x10/0x10 [ 156.896146][ T6478] ? import_iovec+0x74/0xa0 [ 156.896172][ T6478] ___sys_sendmsg+0x21f/0x2a0 [ 156.896196][ T6478] ? __pfx____sys_sendmsg+0x10/0x10 [ 156.896238][ T6478] ? __fget_files+0x2a/0x420 [ 156.896257][ T6478] ? __fget_files+0x3a0/0x420 [ 156.896282][ T6478] __x64_sys_sendmsg+0x19b/0x260 [ 156.896307][ T6478] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 156.896336][ T6478] ? rcu_is_watching+0x15/0xb0 [ 156.896366][ T6478] ? do_syscall_64+0xbe/0x3b0 [ 156.896387][ T6478] do_syscall_64+0xfa/0x3b0 [ 156.896405][ T6478] ? lockdep_hardirqs_on+0x9c/0x150 [ 156.896434][ T6478] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 156.896455][ T6478] ? clear_bhb_loop+0x60/0xb0 [ 156.896477][ T6478] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 156.896497][ T6478] RIP: 0033:0x7fc846f8e929 [ 156.896515][ T6478] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 156.896532][ T6478] RSP: 002b:00007fc847dd8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 156.896554][ T6478] RAX: ffffffffffffffda RBX: 00007fc8471b5fa0 RCX: 00007fc846f8e929 [ 156.896569][ T6478] RDX: 00000000200048c4 RSI: 0000200000000000 RDI: 0000000000000003 [ 156.896583][ T6478] RBP: 00007fc847010b39 R08: 0000000000000000 R09: 0000000000000000 [ 156.896595][ T6478] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 156.896607][ T6478] R13: 0000000000000000 R14: 00007fc8471b5fa0 R15: 00007ffdae943e38 [ 156.896630][ T6478] [ 156.896638][ T6478] [ 157.278058][ T6478] Allocated by task 6478: [ 157.282394][ T6478] kasan_save_track+0x3e/0x80 [ 157.287087][ T6478] __kasan_kmalloc+0x93/0xb0 [ 157.291689][ T6478] __kmalloc_noprof+0x27a/0x4f0 [ 157.296549][ T6478] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 157.302639][ T6478] genl_family_rcv_msg_doit+0xb8/0x300 [ 157.308124][ T6478] genl_rcv_msg+0x60e/0x790 [ 157.312641][ T6478] netlink_rcv_skb+0x205/0x470 [ 157.317419][ T6478] genl_rcv+0x28/0x40 [ 157.321501][ T6478] netlink_unicast+0x758/0x8d0 [ 157.326281][ T6478] netlink_sendmsg+0x805/0xb30 [ 157.331055][ T6478] __sock_sendmsg+0x21c/0x270 [ 157.335750][ T6478] ____sys_sendmsg+0x505/0x830 [ 157.340518][ T6478] ___sys_sendmsg+0x21f/0x2a0 [ 157.345203][ T6478] __x64_sys_sendmsg+0x19b/0x260 [ 157.350145][ T6478] do_syscall_64+0xfa/0x3b0 [ 157.354649][ T6478] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.360546][ T6478] [ 157.362873][ T6478] The buggy address belongs to the object at ffff88814c921100 [ 157.362873][ T6478] which belongs to the cache kmalloc-64 of size 64 [ 157.376845][ T6478] The buggy address is located 8 bytes to the right of [ 157.376845][ T6478] allocated 40-byte region [ffff88814c921100, ffff88814c921128) [ 157.391263][ T6478] [ 157.393604][ T6478] The buggy address belongs to the physical page: [ 157.400032][ T6478] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14c921 [ 157.408884][ T6478] flags: 0x57ff00000000000(node=1|zone=2|lastcpupid=0x7ff) [ 157.416095][ T6478] page_type: f5(slab) [ 157.420085][ T6478] raw: 057ff00000000000 ffff88801a4418c0 ffffea0000bce5c0 dead000000000004 [ 157.428759][ T6478] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 157.437344][ T6478] page dumped because: kasan: bad access detected [ 157.443770][ T6478] page_owner tracks the page as allocated [ 157.449485][ T6478] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 23602149195, free_ts 22855511616 [ 157.467987][ T6478] post_alloc_hook+0x240/0x2a0 [ 157.472779][ T6478] get_page_from_freelist+0x21e4/0x22c0 [ 157.478345][ T6478] __alloc_frozen_pages_noprof+0x181/0x370 [ 157.484162][ T6478] alloc_pages_mpol+0x232/0x4a0 [ 157.489033][ T6478] allocate_slab+0x8a/0x370 [ 157.493545][ T6478] ___slab_alloc+0xbeb/0x1410 [ 157.498226][ T6478] __kmalloc_noprof+0x305/0x4f0 [ 157.503086][ T6478] kobject_get_path+0xc5/0x2d0 [ 157.507857][ T6478] kobject_uevent_env+0x292/0x8c0 [ 157.512890][ T6478] driver_register+0x2d4/0x320 [ 157.517658][ T6478] do_one_initcall+0x233/0x820 [ 157.522425][ T6478] do_initcall_level+0x137/0x1f0 [ 157.527370][ T6478] do_initcalls+0x69/0xd0 [ 157.531705][ T6478] kernel_init_freeable+0x3d9/0x570 [ 157.536907][ T6478] kernel_init+0x1d/0x1d0 [ 157.541241][ T6478] ret_from_fork+0x3fc/0x770 [ 157.545837][ T6478] page last free pid 1 tgid 1 stack trace: [ 157.551641][ T6478] __free_frozen_pages+0xb80/0xd80 [ 157.556762][ T6478] vfree+0x25a/0x400 [ 157.560669][ T6478] tpg_free+0x55/0x430 [ 157.564758][ T6478] vivid_dev_release+0xc5/0x120 [ 157.569613][ T6478] v4l2_device_put+0x81/0xd0 [ 157.574243][ T6478] vivid_probe+0x49a5/0x7180 [ 157.578836][ T6478] platform_probe+0x145/0x1d0 [ 157.583517][ T6478] really_probe+0x26d/0x9a0 [ 157.588026][ T6478] __driver_probe_device+0x18c/0x2f0 [ 157.593322][ T6478] driver_probe_device+0x4f/0x430 [ 157.598358][ T6478] __driver_attach+0x452/0x700 [ 157.603131][ T6478] bus_for_each_dev+0x233/0x2b0 [ 157.607983][ T6478] bus_add_driver+0x345/0x640 [ 157.612662][ T6478] driver_register+0x23a/0x320 [ 157.617431][ T6478] vivid_init+0x663/0x7c0 [ 157.621774][ T6478] do_one_initcall+0x233/0x820 [ 157.626540][ T6478] [ 157.628864][ T6478] Memory state around the buggy address: [ 157.634494][ T6478] ffff88814c921000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 157.642566][ T6478] ffff88814c921080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 157.650633][ T6478] >ffff88814c921100: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 157.658701][ T6478] ^ [ 157.664338][ T6478] ffff88814c921180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 157.672397][ T6478] ffff88814c921200: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 157.680452][ T6478] ================================================================== [ 157.897478][ T6478] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 157.904756][ T6478] CPU: 1 UID: 0 PID: 6478 Comm: syz.1.157 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 157.916155][ T6478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 157.926328][ T6478] Call Trace: [ 157.929637][ T6478] [ 157.932587][ T6478] dump_stack_lvl+0x99/0x250 [ 157.937212][ T6478] ? __asan_memcpy+0x40/0x70 [ 157.941816][ T6478] ? __pfx_dump_stack_lvl+0x10/0x10 [ 157.947029][ T6478] ? __pfx__printk+0x10/0x10 [ 157.951631][ T6478] panic+0x2db/0x790 [ 157.955563][ T6478] ? __pfx_panic+0x10/0x10 [ 157.960009][ T6478] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 157.965923][ T6478] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 157.972267][ T6478] ? print_memory_metadata+0x314/0x400 [ 157.977743][ T6478] ? pause_parse_request+0x40/0x160 [ 157.982955][ T6478] check_panic_on_warn+0x89/0xb0 [ 157.987900][ T6478] ? pause_parse_request+0x40/0x160 [ 157.993107][ T6478] end_report+0x78/0x160 [ 157.997363][ T6478] kasan_report+0x129/0x150 [ 158.001866][ T6478] ? pause_parse_request+0x40/0x160 [ 158.007082][ T6478] ? __pfx_pause_parse_request+0x10/0x10 [ 158.012731][ T6478] pause_parse_request+0x40/0x160 [ 158.017782][ T6478] ? __pfx_pause_parse_request+0x10/0x10 [ 158.023446][ T6478] ethnl_default_set_doit+0x2c1/0xa40 [ 158.028838][ T6478] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 158.035180][ T6478] genl_family_rcv_msg_doit+0x215/0x300 [ 158.040740][ T6478] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 158.046819][ T6478] ? bpf_lsm_capable+0x9/0x20 [ 158.051509][ T6478] ? security_capable+0x7e/0x2e0 [ 158.056476][ T6478] genl_rcv_msg+0x60e/0x790 [ 158.060988][ T6478] ? __pfx_genl_rcv_msg+0x10/0x10 [ 158.066024][ T6478] ? ref_tracker_free+0x63a/0x7d0 [ 158.071063][ T6478] ? __pfx_ethnl_default_set_doit+0x10/0x10 [ 158.076962][ T6478] ? __pfx_ref_tracker_free+0x10/0x10 [ 158.082349][ T6478] netlink_rcv_skb+0x205/0x470 [ 158.087116][ T6478] ? __pfx_genl_rcv_msg+0x10/0x10 [ 158.092146][ T6478] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 158.097446][ T6478] ? down_read+0x1ad/0x2e0 [ 158.101866][ T6478] genl_rcv+0x28/0x40 [ 158.105856][ T6478] netlink_unicast+0x758/0x8d0 [ 158.110635][ T6478] netlink_sendmsg+0x805/0xb30 [ 158.115409][ T6478] ? __pfx_netlink_sendmsg+0x10/0x10 [ 158.120701][ T6478] ? aa_sock_msg_perm+0xf1/0x1d0 [ 158.125652][ T6478] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 158.130946][ T6478] ? __pfx_netlink_sendmsg+0x10/0x10 [ 158.136237][ T6478] __sock_sendmsg+0x21c/0x270 [ 158.140934][ T6478] ____sys_sendmsg+0x505/0x830 [ 158.145706][ T6478] ? __pfx_____sys_sendmsg+0x10/0x10 [ 158.151096][ T6478] ? import_iovec+0x74/0xa0 [ 158.155629][ T6478] ___sys_sendmsg+0x21f/0x2a0 [ 158.160320][ T6478] ? __pfx____sys_sendmsg+0x10/0x10 [ 158.165549][ T6478] ? __fget_files+0x2a/0x420 [ 158.170160][ T6478] ? __fget_files+0x3a0/0x420 [ 158.174854][ T6478] __x64_sys_sendmsg+0x19b/0x260 [ 158.179809][ T6478] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 158.185283][ T6478] ? rcu_is_watching+0x15/0xb0 [ 158.190064][ T6478] ? do_syscall_64+0xbe/0x3b0 [ 158.194742][ T6478] do_syscall_64+0xfa/0x3b0 [ 158.199247][ T6478] ? lockdep_hardirqs_on+0x9c/0x150 [ 158.204458][ T6478] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.210533][ T6478] ? clear_bhb_loop+0x60/0xb0 [ 158.215227][ T6478] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.221138][ T6478] RIP: 0033:0x7fc846f8e929 [ 158.225570][ T6478] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 158.245197][ T6478] RSP: 002b:00007fc847dd8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 158.253627][ T6478] RAX: ffffffffffffffda RBX: 00007fc8471b5fa0 RCX: 00007fc846f8e929 [ 158.261616][ T6478] RDX: 00000000200048c4 RSI: 0000200000000000 RDI: 0000000000000003 [ 158.269591][ T6478] RBP: 00007fc847010b39 R08: 0000000000000000 R09: 0000000000000000 [ 158.277568][ T6478] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 158.285538][ T6478] R13: 0000000000000000 R14: 00007fc8471b5fa0 R15: 00007ffdae943e38 [ 158.293524][ T6478] [ 158.296951][ T6478] Kernel Offset: disabled [ 158.301272][ T6478] Rebooting in 86400 seconds..