last executing test programs: 6.07475936s ago: executing program 0 (id=137): socket$inet6(0xa, 0x3, 0x8000000003c) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x63b5, &(0x7f0000006680)) process_vm_readv(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0) r2 = socket$l2tp(0x2, 0x2, 0x73) ioctl$IMADDTIMER(0xffffffffffffffff, 0x80044940, &(0x7f0000000600)=0x14) ioctl$IMADDTIMER(0xffffffffffffffff, 0x80044940, &(0x7f0000000080)=0x26) writev(0xffffffffffffffff, &(0x7f00000003c0)=[{0x0}], 0x1) close(0xffffffffffffffff) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) syz_open_procfs$pagemap(0x0, &(0x7f0000000600)) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xd}}, 0x10) connect$inet(r2, &(0x7f00000000c0)={0x2, 0x4e24, @empty}, 0x10) sendmmsg$inet(r2, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="02142000110000000040000000000000030005000000000002000000ffffffff000000000000000008001200000001000000"], 0x88}}, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x4e24, 0x2, @empty}, 0x1c) setsockopt$inet6_IPV6_DSTOPTS(0xffffffffffffffff, 0x29, 0x3b, 0x0, 0xd8) 5.204056339s ago: executing program 3 (id=144): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) recvmsg$unix(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x2000) ioctl$TUNSETNOCSUM(r2, 0xc040ff0b, 0x110c2300fe) 5.090133391s ago: executing program 3 (id=146): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) r4 = dup(r3) write$UHID_INPUT(r4, &(0x7f0000001040)={0xe, {"a2e3ad21ed6b0af9fcfbf4c087f74f9b3e096eff7fc6e5539b9b18098b9b4a1b2352091b080d29428f0e1ac6e7049b3468959b189a242a9b60f3988f7ef319520100ffe8d178708c523c921b1b25380a169b63d336cd3b78130daa61d8e81aea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00305d3f46635eb016d5b1dda98e2d749be7bd1d020000000000000075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801000000005b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b412435111c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269caf12c31357c8219793e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a687974e7b4ab01b7f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da3710ac000000001a527777a5371f87d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f103000000416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d601005c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac292d9e53803ed000000009737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441984cb51682a8ae4d24ad0465f3927f889b09114edb8e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb67ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe529003d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f236c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f070077d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85e654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b405177548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd84e935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba30b4279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227edff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b30f0b932a4d02da711b757fe43c06d21e759595e4e98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d0000010000000000fcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d080e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed704887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6ff7ffb1d62458d0741a12830052fcc460db043afe525629b40d7cee65802cb5e930ed624806c43a006dc9336d07c2b8081c188d26558f48261f7897084c2a1a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c0ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264c7b34252600c9654e502dcea39cb0800eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc640df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c6000064b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa7082ead01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058093fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) 4.840139229s ago: executing program 0 (id=147): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x2000) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) 4.13649894s ago: executing program 3 (id=148): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r0) sendmsg$NFC_CMD_ACTIVATE_TARGET(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000500)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010023010000340200001c00000008000100", @ANYRES32, @ANYBLOB="080004"], 0x2c}}, 0x0) 4.054837585s ago: executing program 3 (id=149): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) r4 = dup(r3) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x7}], 0x1c) sendmsg$inet6(r3, &(0x7f0000000800)={&(0x7f0000000000)={0xa, 0x4e24, 0x8, @ipv4={'\x00', '\xff\xff', @local}, 0x2}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, 0x0, 0x0) r5 = dup(r3) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000740)='team_slave_1\x00', 0x10) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e22, @empty}}, 0x3, 0xfffc, 0xe652, 0x2, 0x85, 0x8, 0xff}, 0x9c) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x4e24, 0x5, @empty, 0xb055}}, 0xff80, 0x1, 0xf06, 0x0, 0xac, 0x7d, 0x5}, 0x9c) 2.915951864s ago: executing program 2 (id=150): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)={0x98, r1, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_PEERS={0x4c, 0x8, 0x0, 0x1, [{0x48, 0x0, 0x0, 0x1, [@WGPEER_A_ALLOWEDIPS={0x20, 0x9, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5}}]}]}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g}]}]}, @WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @b}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}]}, 0x98}, 0x1, 0x0, 0x0, 0x4004840}, 0x40000) 2.71363588s ago: executing program 2 (id=151): write$eventfd(0xffffffffffffffff, 0x0, 0x0) write$bt_hci(0xffffffffffffffff, 0x0, 0x8) listxattr(0x0, 0x0, 0x0) r0 = gettid() r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) write$RDMA_USER_CM_CMD_GET_EVENT(r1, &(0x7f00000001c0)={0xc, 0x8, 0xfa00, {0x0}}, 0x10) timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) 2.524070214s ago: executing program 0 (id=152): r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000140)={[0x1]}, 0x8, 0x0) ppoll(&(0x7f0000000000)=[{r0, 0x4180}], 0x1, 0x0, 0x0, 0x0) signalfd4(r0, &(0x7f0000000040)={[0x2]}, 0x8, 0x800) 2.094132983s ago: executing program 1 (id=155): r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}, 0x4}, {{0x0, 0x0, 0x0}, 0xb22d}, {{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000880)=""/4098, 0x1002}, {&(0x7f00000007c0)=""/186, 0xba}, {&(0x7f0000000180)=""/21, 0x15}, {&(0x7f00000032c0)=""/246, 0xf6}, {&(0x7f0000000080)=""/231, 0xe7}, {&(0x7f00000034c0)=""/197, 0xc5}], 0x6}, 0xffffffff}, {{0x0, 0x0, 0x0}, 0x8}, {{0x0, 0x0, 0x0}, 0x5}, {{0x0, 0x0, 0x0}, 0x5}], 0x6, 0x2100, 0x0) 2.003915731s ago: executing program 3 (id=156): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000680)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000001a80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x10000000000) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000080)={0x0, 0x5afdbf8e}, &(0x7f00000000c0)=0x8) ioctl$FS_IOC_GETVERSION(r1, 0xc0145b0e, &(0x7f00000000c0)) 1.982368687s ago: executing program 1 (id=157): r0 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0xc4c85512, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x5, 0x3, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7d0a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}) 1.922924566s ago: executing program 1 (id=158): r0 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r0, &(0x7f0000000000)={0x18, 0x2, {0x0, @local}}, 0x1e) connect$pptp(r0, &(0x7f0000000080)={0x18, 0x2, {0x0, @rand_addr=0x64010102}}, 0x1e) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000100), 0x2300, 0x0) ioctl$PPPIOCATTCHAN(r1, 0x40047438, &(0x7f0000000040)=0x1) close(0x3) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x1c0) socket(0x80000000000000a, 0x2, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) 1.827841885s ago: executing program 1 (id=159): getrandom(&(0x7f0000000580)=""/265, 0xffffff3f, 0x3) r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SG_SET_FORCE_PACK_ID(r0, 0x227b, &(0x7f00000001c0)=0x2001) r1 = fcntl$dupfd(r0, 0x0, r0) readv(r1, &(0x7f0000000000)=[{&(0x7f0000001140)=""/136, 0x3f}], 0x1) write$FUSE_INIT(r1, &(0x7f0000000080)={0x50, 0x0, 0x0, {0x7, 0x2b, 0x81, 0x21004040, 0x5, 0xd65b, 0x1, 0x1850c00, 0x0, 0x0, 0x40, 0xa}}, 0x50) 1.753419218s ago: executing program 2 (id=160): r0 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0) landlock_restrict_self(r0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000d80)='./file1\x00', 0x143042, 0x0) 1.676133054s ago: executing program 2 (id=161): socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, 0x0, 0x0, 0x2, 0x0) setitimer(0x1, &(0x7f00000001c0)={{0x0, 0xea60}, {0x77359400}}, &(0x7f0000000240)) 1.527842814s ago: executing program 0 (id=162): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xf}, 0x1c) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000140)={0x2, 0x4e22, @loopback}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0100000000000000000001000000280001801400040000000000000002000000ffffac1414aa060001000a00"], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000) syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) 1.306624825s ago: executing program 0 (id=163): syz_open_dev$ndb(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeef, 0x8031, 0xffffffffffffffff, 0x55779000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_dev$sg(&(0x7f0000001940), 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x20000000) ioctl$BLKTRACESTART(r3, 0x227e, 0x1000000000000) 336.546054ms ago: executing program 0 (id=164): syz_io_uring_submit(0x0, 0x0, 0x0) r0 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) r1 = socket(0x2, 0x2, 0x0) r2 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x200) ioctl$NBD_DO_IT(r2, 0xab03) ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x200000a) 235.992458ms ago: executing program 1 (id=165): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x58, 0x2, 0x6, 0x101, 0x0, 0x0, {0x0, 0x0, 0x1}, [@IPSET_ATTR_REVISION={0x5, 0x4, 0x2}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x0, 0x0, 0x407}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x58}}, 0x0) 235.753372ms ago: executing program 2 (id=166): r0 = socket$inet6(0xa, 0x3, 0x1) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000340)={{{@in=@loopback, @in6=@ipv4={'\x00', '\xff\xff', @remote}, 0x4e23, 0xfffc, 0x4e23, 0x3, 0xa, 0x80, 0x30}, {0x100000000, 0x2, 0xfffffffffffffffe, 0x0, 0x2, 0x6, 0x8, 0x7fffffffffff}, {0x9, 0xfffffffffffffffe, 0x0, 0x9}, 0xd6, 0x0, 0x1, 0x0, 0x0, 0x1}, {{@in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x210000, 0x33}, 0x0, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0xfffffffb}}, 0xe8) sendmmsg(r0, &(0x7f0000000480), 0x2e9, 0xffe0) 163.191946ms ago: executing program 2 (id=167): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket(0x15, 0x5, 0x0) getsockopt(r3, 0x200000000114, 0x2710, 0x0, 0x0) 134.298947ms ago: executing program 1 (id=168): r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) r1 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r2, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000440)={r3, 0x0, 0x0, 0x0, 0x1, [0x0], [], [], [0x0, 0x100000000]}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0xb5}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000080)={r4, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000280)={r3, 0x0, 0x20000, 0x0, 0x0, [0x0], [0x0, 0x9], [0x4, 0x0, 0x6], [0xffffffefffffffff, 0x3, 0x400000008]}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000100)={r6}) ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000340)={r3, 0x0, 0x0, 0x0, 0x0, [0x0], [0xffffffff], [], [0xfffffffffffffffc]}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r5}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000040)={r7}) 0s ago: executing program 3 (id=169): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r0, &(0x7f00000001c0)={0x13, 0x10, 0xfa00, {0x0, r1, 0x2}}, 0x18) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.231' (ED25519) to the list of known hosts. [ 71.038892][ T5846] cgroup: Unknown subsys name 'net' [ 71.213648][ T5846] cgroup: Unknown subsys name 'cpuset' [ 71.221972][ T5846] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 72.639996][ T5846] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 76.237716][ T5858] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 76.245690][ T5858] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 76.253631][ T5858] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 76.261631][ T5858] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 76.269282][ T5858] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 76.360645][ T5183] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 76.368872][ T5183] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 76.376406][ T5183] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 76.384706][ T52] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 76.392531][ T52] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 76.400923][ T52] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 76.408891][ T52] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 76.450375][ T5865] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 76.466010][ T5864] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 76.474988][ T5864] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 76.476116][ T5865] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 76.489249][ T5864] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 76.490281][ T5865] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 76.505357][ T5865] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 76.518102][ T5865] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 76.772231][ T5855] chnl_net:caif_netlink_parms(): no params data found [ 76.928320][ T5855] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.935544][ T5855] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.943227][ T5855] bridge_slave_0: entered allmulticast mode [ 76.950575][ T5855] bridge_slave_0: entered promiscuous mode [ 76.995144][ T5855] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.003059][ T5855] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.010457][ T5855] bridge_slave_1: entered allmulticast mode [ 77.018378][ T5855] bridge_slave_1: entered promiscuous mode [ 77.061439][ T5855] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.077592][ T5855] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.161909][ T5860] chnl_net:caif_netlink_parms(): no params data found [ 77.249759][ T5855] team0: Port device team_slave_0 added [ 77.256060][ T5866] chnl_net:caif_netlink_parms(): no params data found [ 77.295675][ T5855] team0: Port device team_slave_1 added [ 77.359886][ T5855] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 77.366961][ T5855] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.392907][ T5855] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 77.414863][ T5862] chnl_net:caif_netlink_parms(): no params data found [ 77.425415][ T5855] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 77.432399][ T5855] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.458951][ T5855] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 77.564686][ T5860] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.571963][ T5860] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.579063][ T5860] bridge_slave_0: entered allmulticast mode [ 77.586467][ T5860] bridge_slave_0: entered promiscuous mode [ 77.635971][ T5860] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.643350][ T5860] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.650896][ T5860] bridge_slave_1: entered allmulticast mode [ 77.657944][ T5860] bridge_slave_1: entered promiscuous mode [ 77.669679][ T5866] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.677172][ T5866] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.684708][ T5866] bridge_slave_0: entered allmulticast mode [ 77.692497][ T5866] bridge_slave_0: entered promiscuous mode [ 77.705723][ T5855] hsr_slave_0: entered promiscuous mode [ 77.712633][ T5855] hsr_slave_1: entered promiscuous mode [ 77.737449][ T5866] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.744764][ T5866] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.752229][ T5866] bridge_slave_1: entered allmulticast mode [ 77.759171][ T5866] bridge_slave_1: entered promiscuous mode [ 77.836714][ T5860] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.857760][ T5862] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.865290][ T5862] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.872506][ T5862] bridge_slave_0: entered allmulticast mode [ 77.879649][ T5862] bridge_slave_0: entered promiscuous mode [ 77.889159][ T5866] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.903186][ T5860] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.918957][ T5862] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.926395][ T5862] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.933674][ T5862] bridge_slave_1: entered allmulticast mode [ 77.941479][ T5862] bridge_slave_1: entered promiscuous mode [ 77.950356][ T5866] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.037535][ T5862] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.059754][ T5860] team0: Port device team_slave_0 added [ 78.068725][ T5860] team0: Port device team_slave_1 added [ 78.092011][ T5862] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.116955][ T5866] team0: Port device team_slave_0 added [ 78.153443][ T5866] team0: Port device team_slave_1 added [ 78.162707][ T5862] team0: Port device team_slave_0 added [ 78.197772][ T5862] team0: Port device team_slave_1 added [ 78.222620][ T5860] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.229556][ T5860] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.255792][ T5860] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.268605][ T5860] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.275624][ T5860] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.301915][ T5860] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.351969][ T5862] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.358913][ T5862] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.385380][ T5862] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.385448][ T5865] Bluetooth: hci0: command tx timeout [ 78.421208][ T5866] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.428178][ T5866] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.454592][ T5866] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.482308][ T5862] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.489258][ T5862] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.516520][ T5862] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.535006][ T5866] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.542045][ T5865] Bluetooth: hci2: command tx timeout [ 78.542092][ T5866] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.550314][ T5858] Bluetooth: hci1: command tx timeout [ 78.576404][ T5865] Bluetooth: hci3: command tx timeout [ 78.579494][ T5866] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.618569][ T5860] hsr_slave_0: entered promiscuous mode [ 78.625072][ T5860] hsr_slave_1: entered promiscuous mode [ 78.631444][ T5860] debugfs: 'hsr0' already exists in 'hsr' [ 78.637214][ T5860] Cannot create hsr debugfs directory [ 78.723390][ T5866] hsr_slave_0: entered promiscuous mode [ 78.730444][ T5866] hsr_slave_1: entered promiscuous mode [ 78.736678][ T5866] debugfs: 'hsr0' already exists in 'hsr' [ 78.743043][ T5866] Cannot create hsr debugfs directory [ 78.764488][ T5862] hsr_slave_0: entered promiscuous mode [ 78.771236][ T5862] hsr_slave_1: entered promiscuous mode [ 78.777211][ T5862] debugfs: 'hsr0' already exists in 'hsr' [ 78.783257][ T5862] Cannot create hsr debugfs directory [ 78.967775][ T5855] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 79.005495][ T5855] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 79.039446][ T5855] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 79.073859][ T5855] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 79.258734][ T5866] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 79.275002][ T5866] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 79.300865][ T5866] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 79.311613][ T5866] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 79.369732][ T5860] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 79.391713][ T5860] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 79.404730][ T5860] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 79.414886][ T5860] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 79.542489][ T5862] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 79.565035][ T5862] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 79.578406][ T5855] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.595616][ T5862] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 79.616316][ T5862] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 79.668680][ T5855] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.707553][ T2998] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.714829][ T2998] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.735219][ T5866] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.757899][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.765052][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.787023][ T5866] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.833598][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.840697][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.857783][ T5860] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.894167][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.901256][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.931636][ T5860] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.955355][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.962506][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.993241][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.000394][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.054804][ T5862] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.124600][ T5862] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.154447][ T5866] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 80.202082][ T5860] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 80.223799][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.230966][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.245380][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.252538][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.407260][ T5855] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.460446][ T5865] Bluetooth: hci0: command tx timeout [ 80.572827][ T5855] veth0_vlan: entered promiscuous mode [ 80.596424][ T5855] veth1_vlan: entered promiscuous mode [ 80.620575][ T5865] Bluetooth: hci3: command tx timeout [ 80.621523][ T5858] Bluetooth: hci1: command tx timeout [ 80.626192][ T5183] Bluetooth: hci2: command tx timeout [ 80.686521][ T5866] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.729439][ T5860] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.767623][ T5855] veth0_macvtap: entered promiscuous mode [ 80.783199][ T5862] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.812720][ T5855] veth1_macvtap: entered promiscuous mode [ 80.858934][ T5866] veth0_vlan: entered promiscuous mode [ 80.877945][ T5862] veth0_vlan: entered promiscuous mode [ 80.898277][ T5866] veth1_vlan: entered promiscuous mode [ 80.916052][ T5855] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.935432][ T5860] veth0_vlan: entered promiscuous mode [ 80.943435][ T5862] veth1_vlan: entered promiscuous mode [ 80.961082][ T5855] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 80.976542][ T2998] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.998820][ T5860] veth1_vlan: entered promiscuous mode [ 81.005990][ T2998] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.032093][ T36] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.044271][ T36] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.076248][ T5862] veth0_macvtap: entered promiscuous mode [ 81.105642][ T5862] veth1_macvtap: entered promiscuous mode [ 81.122011][ T5866] veth0_macvtap: entered promiscuous mode [ 81.153456][ T5860] veth0_macvtap: entered promiscuous mode [ 81.167673][ T5866] veth1_macvtap: entered promiscuous mode [ 81.186198][ T5860] veth1_macvtap: entered promiscuous mode [ 81.215967][ T5862] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 81.243231][ T5862] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 81.258947][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.267646][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.275281][ T5866] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 81.284311][ T5860] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 81.312694][ T995] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.321813][ T995] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.334191][ T5866] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 81.356786][ T995] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.366376][ T995] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.382019][ T5860] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 81.395136][ T995] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.425134][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.439380][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.441164][ T995] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.456578][ T995] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.482408][ T995] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.495330][ T995] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.515352][ T995] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.540418][ T995] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.568730][ T5855] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 81.602409][ T995] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.678992][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.708869][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.821497][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.844921][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.909643][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.921306][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.970086][ T30] audit: type=1326 audit(1757220520.118:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5949 comm="syz.1.5" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f87fd78ebe9 code=0x0 [ 82.023880][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.061181][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.187800][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.208217][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.226058][ T1165] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.248149][ T1165] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.490658][ T9] usb 4-1: new low-speed USB device number 2 using dummy_hcd [ 82.540509][ T5858] Bluetooth: hci0: command tx timeout [ 82.568871][ T5963] capability: warning: `syz.0.6' uses deprecated v2 capabilities in a way that may be insecure [ 82.637526][ T5969] cgroup: release_agent respecified [ 82.662779][ T9] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 82.672094][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 82.680410][ T1211] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 82.691671][ T9] usb 4-1: config 0 descriptor?? [ 82.701312][ T5858] Bluetooth: hci1: command tx timeout [ 82.702197][ T5183] Bluetooth: hci2: command tx timeout [ 82.706757][ T5858] Bluetooth: hci3: command tx timeout [ 82.844111][ T1211] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 82.853250][ T1211] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 82.865122][ T1211] usb 3-1: Product: syz [ 82.869323][ T1211] usb 3-1: Manufacturer: syz [ 82.874667][ T1211] usb 3-1: SerialNumber: syz [ 82.903318][ T1211] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 82.927003][ T9] asix 4-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random [ 82.942812][ T5928] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 82.953783][ T5960] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 83.060381][ T43] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 83.110955][ T5928] usb 1-1: Using ep0 maxpacket: 8 [ 83.117441][ T5928] usb 1-1: no configurations [ 83.122360][ T5928] usb 1-1: can't read configurations, error -22 [ 83.210492][ T43] usb 2-1: Using ep0 maxpacket: 16 [ 83.217474][ T43] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 83.228004][ T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 83.239194][ T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 83.249430][ T43] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 83.259374][ T43] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 83.274393][ T43] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 83.280550][ T5928] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 83.283915][ T43] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 83.299108][ T43] usb 2-1: Manufacturer: syz [ 83.320725][ T43] usb 2-1: config 0 descriptor?? [ 83.460260][ T5928] usb 1-1: Using ep0 maxpacket: 8 [ 83.466066][ T5928] usb 1-1: no configurations [ 83.471587][ T5928] usb 1-1: can't read configurations, error -22 [ 83.479065][ T5928] usb usb1-port1: attempt power cycle [ 83.534157][ T5972] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 83.597600][ T5959] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 83.615007][ T5959] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 83.629048][ T5945] usb 3-1: USB disconnect, device number 2 [ 83.645385][ T43] rc_core: IR keymap rc-hauppauge not found [ 83.658004][ T43] Registered IR keymap rc-empty [ 83.664886][ T43] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 83.691403][ T43] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 83.711690][ T43] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 83.728044][ T43] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input5 [ 83.748393][ T43] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 83.770645][ T43] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 83.790234][ T43] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 83.810236][ T43] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 83.825113][ T5928] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 83.830190][ T43] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 83.851552][ T5928] usb 1-1: Using ep0 maxpacket: 8 [ 83.857171][ T5928] usb 1-1: no configurations [ 83.860177][ T43] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 83.865165][ T5928] usb 1-1: can't read configurations, error -22 [ 83.880119][ T43] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 83.902231][ T43] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 83.921057][ T43] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 83.951901][ T43] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 83.973124][ T43] mceusb 2-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 83.982422][ T43] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 84.010141][ T5928] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 84.032194][ T5928] usb 1-1: Using ep0 maxpacket: 8 [ 84.044204][ T5928] usb 1-1: no configurations [ 84.048855][ T5928] usb 1-1: can't read configurations, error -22 [ 84.065039][ T5928] usb usb1-port1: unable to enumerate USB device [ 84.122778][ T5928] usb 2-1: USB disconnect, device number 2 [ 84.152646][ T9] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 84.175110][ T9] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 84.205833][ T9] asix 4-1:0.0: probe with driver asix failed with error -71 [ 84.222112][ T5960] usb 3-1: Service connection timeout for: 256 [ 84.243039][ T9] usb 4-1: USB disconnect, device number 2 [ 84.248917][ T5960] ath9k_htc 3-1:1.0: ath9k_htc: Unable to initialize HTC services [ 84.269290][ T5960] ath9k_htc: Failed to initialize the device [ 84.283071][ T5945] usb 3-1: ath9k_htc: USB layer deinitialized [ 84.310183][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 84.335696][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 84.344769][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 84.412878][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 84.438731][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 84.541797][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 84.642873][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 84.651936][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 84.745338][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 84.754345][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 84.780887][ T5858] Bluetooth: hci3: command tx timeout [ 84.790150][ T5183] Bluetooth: hci1: command tx timeout [ 84.795662][ T5858] Bluetooth: hci2: command tx timeout [ 85.094681][ T5979] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 85.113054][ T5979] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 85.187569][ T5979] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 85.231173][ T5979] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 85.249260][ T5979] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 85.270880][ T5979] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 85.283838][ T5979] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 85.310108][ T5979] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 85.338038][ T5987] netlink: 84 bytes leftover after parsing attributes in process `syz.1.14'. [ 85.353965][ T5979] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 85.369482][ T5979] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 85.379357][ T5989] syz.3.13 uses obsolete (PF_INET,SOCK_PACKET) [ 85.388414][ T5979] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 85.410063][ T5979] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 85.750177][ T5945] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 86.146784][ T5945] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 86.181980][ T5945] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 86.205017][ T5945] usb 3-1: Product: syz [ 86.215064][ T5945] usb 3-1: Manufacturer: syz [ 86.226324][ T5945] usb 3-1: SerialNumber: syz [ 86.234579][ T6004] process 'syz.1.19' launched './file0' with NULL argv: empty string added [ 86.264744][ T6003] 9pnet: p9_errstr2errno: server reported unknown error 1844674 [ 86.407507][ T6008] sctp: [Deprecated]: syz.0.21 (pid 6008) Use of int in max_burst socket option. [ 86.407507][ T6008] Use struct sctp_assoc_value instead [ 86.461712][ T5858] Bluetooth: hci0: command 0x0c1a tx timeout [ 86.712989][ T24] cfg80211: failed to load regulatory.db [ 87.290740][ T5858] Bluetooth: hci1: command 0x0c1a tx timeout [ 87.341784][ T5858] Bluetooth: hci2: command 0x0c1a tx timeout [ 87.433479][ T5858] Bluetooth: hci3: command 0x0c1a tx timeout [ 87.965572][ T5945] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO [ 88.019390][ T5945] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001000. ret = -EPROTO [ 88.044452][ T5945] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x0000011c. ret = -EPROTO [ 88.101403][ T5945] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 88.135142][ T5945] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 88.159719][ T5945] lan78xx 3-1:1.0: probe with driver lan78xx failed with error -71 [ 88.203858][ T5945] usb 3-1: USB disconnect, device number 3 [ 88.540087][ T5858] Bluetooth: hci0: command 0x0c1a tx timeout [ 89.010136][ T5960] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 89.341424][ T5960] usb 4-1: Using ep0 maxpacket: 8 [ 89.348810][ T5858] Bluetooth: hci1: command 0x0c1a tx timeout [ 89.358817][ T5960] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 89.369753][ T5960] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 89.381783][ T5960] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 89.392959][ T5960] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 89.404438][ T5960] usb 4-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 89.413518][ T5960] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 89.421639][ T5858] Bluetooth: hci2: command 0x0c1a tx timeout [ 89.451646][ T5960] hub 4-1:1.0: bad descriptor, ignoring hub [ 89.458805][ T5960] hub 4-1:1.0: probe with driver hub failed with error -5 [ 89.467126][ T5960] cdc_wdm 4-1:1.0: skipping garbage [ 89.473592][ T5960] cdc_wdm 4-1:1.0: skipping garbage [ 89.490743][ T5960] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 89.496665][ T5960] cdc_wdm 4-1:1.0: Unknown control protocol [ 89.506883][ T5858] Bluetooth: hci3: command 0x0c1a tx timeout [ 90.558912][ T6071] netlink: 'syz.2.45': attribute type 10 has an invalid length. [ 90.575594][ T6071] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 90.622922][ T5858] Bluetooth: hci0: command 0x0c1a tx timeout [ 90.741054][ T5945] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 91.420160][ T5858] Bluetooth: hci1: command 0x0c1a tx timeout [ 91.500173][ T5858] Bluetooth: hci2: command 0x0c1a tx timeout [ 91.599703][ T5945] usb 2-1: config 0 has too many interfaces: 204, using maximum allowed: 32 [ 91.615922][ T5858] Bluetooth: hci3: command 0x0c1a tx timeout [ 91.620237][ T5945] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 204 [ 91.650126][ T5945] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 91.666760][ T5945] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 91.724633][ T5945] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 91.764333][ T5945] usb 2-1: New USB device found, idVendor=28bd, idProduct=0909, bcdDevice= 0.00 [ 91.774742][ T5945] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 91.794086][ T5945] usb 2-1: config 0 descriptor?? [ 92.234228][ T5945] input: HID 28bd:0909 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:28BD:0909.0001/input/input6 [ 92.421549][ T5945] uclogic 0003:28BD:0909.0001: input,hidraw0: USB HID v0.00 Mouse [HID 28bd:0909] on usb-dummy_hcd.1-1/input0 [ 92.495898][ T6090] &+, [ 92.512108][ T5945] usb 2-1: USB disconnect, device number 3 [ 92.678491][ T6089] fido_id[6089]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 92.873220][ T43] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 93.034878][ T43] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 93.046857][ T43] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 93.055948][ T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 93.070701][ T43] usb 1-1: config 0 descriptor?? [ 93.485522][ T43] keytouch 0003:0926:3333.0002: fixing up Keytouch IEC report descriptor [ 93.497416][ T43] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.0002/input/input7 [ 93.590656][ T43] keytouch 0003:0926:3333.0002: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0 [ 93.658163][ T5960] usb 4-1: USB disconnect, device number 3 [ 93.664493][ T6043] cdc_wdm 4-1:1.0: Error autopm - -16 [ 93.914372][ T43] usb 1-1: USB disconnect, device number 6 [ 97.552947][ T24] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 97.730458][ T24] usb 4-1: Using ep0 maxpacket: 32 [ 97.752983][ T24] usb 4-1: config 0 has an invalid interface number: 67 but max is 0 [ 97.775662][ T24] usb 4-1: config 0 has no interface number 0 [ 97.797076][ T24] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 97.823025][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 97.856241][ T24] usb 4-1: Product: syz [ 97.863993][ T24] usb 4-1: Manufacturer: syz [ 97.875175][ T24] usb 4-1: SerialNumber: syz [ 97.896270][ T24] usb 4-1: config 0 descriptor?? [ 97.924193][ T24] smsc95xx v2.0.0 [ 98.400974][ T24] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 98.432463][ T24] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 98.540634][ T43] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 98.706936][ T43] usb 1-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 98.718999][ T43] usb 1-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 98.734404][ T43] usb 1-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 98.746479][ T43] usb 1-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 98.757532][ T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 98.772968][ T6183] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 99.194740][ T43] aiptek 1-1:17.0: Aiptek using 400 ms programming speed [ 99.209662][ T43] input: Aiptek as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:17.0/input/input8 [ 99.239519][ C1] aiptek 1-1:17.0: aiptek_irq - usb_submit_urb failed with result -19 [ 99.250010][ T43] usb 1-1: USB disconnect, device number 7 [ 99.850014][ T5960] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 99.865565][ T24] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000038: -71 [ 99.883426][ T24] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -71 [ 99.902146][ T24] usb 4-1: USB disconnect, device number 4 [ 100.004747][ T5960] usb 3-1: config 0 has too many interfaces: 204, using maximum allowed: 32 [ 100.015216][ T5960] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 204 [ 100.030174][ T5960] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 100.050155][ T5960] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 100.060622][ T5960] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 100.082045][ T5960] usb 3-1: New USB device found, idVendor=28bd, idProduct=0909, bcdDevice= 0.00 [ 100.100423][ T5960] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 100.129155][ T5960] usb 3-1: config 0 descriptor?? [ 101.336622][ T5960] input: HID 28bd:0909 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:28BD:0909.0003/input/input9 [ 101.544468][ T5960] uclogic 0003:28BD:0909.0003: input,hidraw0: USB HID v0.00 Mouse [HID 28bd:0909] on usb-dummy_hcd.2-1/input0 [ 103.160179][ T5945] usb 3-1: reset high-speed USB device number 4 using dummy_hcd [ 103.445976][ T6266] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 104.204237][ T24] usb 3-1: USB disconnect, device number 4 [ 105.780194][ T24] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 105.943481][ T24] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 105.966702][ T24] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 105.979195][ T24] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 105.990319][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 106.004062][ T6317] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 106.017256][ T24] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 106.359961][ T6332] netlink: 24 bytes leftover after parsing attributes in process `syz.0.111'. [ 106.773094][ T5960] usb 1-1: USB disconnect, device number 8 [ 106.920055][ T5919] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 107.117476][ T5960] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x4 [ 107.195747][ T5919] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 107.207907][ T5960] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x2 [ 107.215619][ T5919] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 107.223759][ T5960] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0 [ 107.231838][ T5919] usb 4-1: Product: syz [ 107.236003][ T5919] usb 4-1: Manufacturer: syz [ 107.241067][ T5960] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0 [ 107.249339][ T5960] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0 [ 107.257034][ T5919] usb 4-1: SerialNumber: syz [ 107.263411][ T5960] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0 [ 107.271110][ T5960] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0 [ 107.291568][ T5960] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0 [ 107.299485][ T5960] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0 [ 107.307265][ T5960] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0 [ 107.469854][ T5960] hid-generic 0000:3000000:0000.0004: hidraw0: HID v0.00 Device [sy] on syz0 [ 108.266376][ T6349] fido_id[6349]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 108.363853][ T5858] Bluetooth: hci1: unexpected event for opcode 0x1004 [ 108.589005][ T6364] overlayfs: conflicting options: userxattr,metacopy=on [ 109.114408][ T5919] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000404. ret = -EPROTO [ 109.150007][ T5919] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 109.231426][ T5919] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 109.324497][ T5919] lan78xx 4-1:1.0: probe with driver lan78xx failed with error -71 [ 109.374958][ T5919] usb 4-1: USB disconnect, device number 5 [ 110.304186][ T24] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 110.460022][ T24] usb 2-1: Using ep0 maxpacket: 16 [ 110.467935][ T24] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 110.482169][ T24] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 110.496816][ T24] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 110.508072][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 110.518485][ T24] usb 2-1: Product: syz [ 110.524625][ T24] usb 2-1: Manufacturer: syz [ 110.529438][ T24] usb 2-1: SerialNumber: syz [ 110.697249][ T5858] Bluetooth: hci1: unexpected event for opcode 0x2003 [ 110.749076][ T24] usb 2-1: 0:2 : does not exist [ 110.768630][ T24] usb 2-1: 5:0: failed to get current value for ch 0 (-22) [ 110.802117][ T24] usb 2-1: USB disconnect, device number 4 [ 110.925483][ T5856] udevd[5856]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 111.176492][ T2998] Bluetooth: hci4: Frame reassembly failed (-90) [ 111.624475][ T6417] netlink: 36 bytes leftover after parsing attributes in process `syz.1.143'. [ 112.580925][ T5928] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 112.709521][ T6430] netlink: 8 bytes leftover after parsing attributes in process `syz.3.148'. [ 112.763156][ T5928] usb 2-1: Using ep0 maxpacket: 8 [ 112.774530][ T5928] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 112.828990][ T5928] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 112.839619][ T5928] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 112.852611][ T5928] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 112.862900][ T5928] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 112.877200][ T5928] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 112.886476][ T5928] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 113.514768][ T5858] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 114.012724][ T5928] usb 2-1: GET_CAPABILITIES returned 0 [ 114.018241][ T5928] usbtmc 2-1:16.0: can't read capabilities [ 114.044157][ T5928] usb 2-1: USB disconnect, device number 5 [ 114.538473][ T6446] netlink: 8 bytes leftover after parsing attributes in process `syz.1.153'. [ 115.040029][ T5945] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 115.238874][ T5945] usb 4-1: Using ep0 maxpacket: 8 [ 115.260503][ T5945] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 115.411272][ T6466] netlink: 8 bytes leftover after parsing attributes in process `syz.0.162'. [ 115.422324][ T6466] netlink: 8 bytes leftover after parsing attributes in process `syz.0.162'. [ 115.432219][ T6466] netlink: 8 bytes leftover after parsing attributes in process `syz.0.162'. [ 115.453447][ T5945] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 115.475888][ T5945] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 115.508956][ T5945] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 115.532230][ T5945] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 115.542180][ T5945] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 116.121037][ T5945] usb 4-1: GET_CAPABILITIES returned 0 [ 116.344501][ T5945] usbtmc 4-1:16.0: can't read capabilities [ 116.371781][ T5945] usb 4-1: USB disconnect, device number 6 [ 116.620352][ T6474] nbd0: detected capacity change from 0 to 1024 [ 116.708864][ T6478] nbd0: detected capacity change from 1024 to 67108884 [ 116.821895][ T5856] block nbd0: Send control failed (result -89) [ 116.849586][ T5856] block nbd0: Request send failed, requeueing [ 116.863857][ T6482] ================================================================== [ 116.871927][ T6482] BUG: KASAN: slab-out-of-bounds in change_page_attr_set_clr+0x625/0xfc0 [ 116.880350][ T6482] Read of size 8 at addr ffff88802740c160 by task syz.1.168/6482 [ 116.888053][ T6482] [ 116.890385][ T6482] CPU: 0 UID: 0 PID: 6482 Comm: syz.1.168 Not tainted syzkaller #0 PREEMPT(full) [ 116.890406][ T6482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 116.890423][ T6482] Call Trace: [ 116.890435][ T6482] [ 116.890443][ T6482] dump_stack_lvl+0x189/0x250 [ 116.890462][ T6482] ? __kasan_check_byte+0x12/0x40 [ 116.890482][ T6482] ? __pfx_dump_stack_lvl+0x10/0x10 [ 116.890497][ T6482] ? lock_release+0x4b/0x3e0 [ 116.890518][ T6482] ? __virt_addr_valid+0x4a5/0x5c0 [ 116.890543][ T6482] print_report+0xca/0x240 [ 116.890559][ T6482] ? change_page_attr_set_clr+0x625/0xfc0 [ 116.890577][ T6482] kasan_report+0x118/0x150 [ 116.890596][ T6482] ? change_page_attr_set_clr+0x625/0xfc0 [ 116.890618][ T6482] change_page_attr_set_clr+0x625/0xfc0 [ 116.890639][ T6482] ? __pfx_change_page_attr_set_clr+0x10/0x10 [ 116.890657][ T6482] ? __pfx_pagerange_is_ram_callback+0x10/0x10 [ 116.890687][ T6482] ? memtype_reserve+0x874/0xb30 [ 116.890718][ T6482] _set_pages_array+0x145/0x270 [ 116.890740][ T6482] drm_gem_shmem_get_pages_locked+0x2d0/0x440 [ 116.890767][ T6482] ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10 [ 116.890795][ T6482] drm_gem_shmem_pin_locked+0x22c/0x460 [ 116.890820][ T6482] ? __pfx_drm_gem_shmem_pin_locked+0x10/0x10 [ 116.890845][ T6482] ? ww_mutex_lock+0x3f/0x1c0 [ 116.890863][ T6482] drm_gem_map_attach+0x19c/0x1f0 [ 116.890888][ T6482] dma_buf_dynamic_attach+0x1ea/0x3d0 [ 116.890911][ T6482] ? __fget_files+0x3a0/0x420 [ 116.890933][ T6482] ? __pfx_drm_gem_shmem_prime_import_no_map+0x10/0x10 [ 116.890950][ T6482] drm_gem_shmem_prime_import_no_map+0xc1/0x2f0 [ 116.890966][ T6482] ? drm_gem_prime_fd_to_handle+0x185/0x4d0 [ 116.890990][ T6482] ? __pfx_drm_gem_shmem_prime_import_no_map+0x10/0x10 [ 116.891006][ T6482] drm_gem_prime_fd_to_handle+0x196/0x4d0 [ 116.891033][ T6482] drm_ioctl_kernel+0x2cc/0x390 [ 116.891053][ T6482] ? __pfx_drm_prime_fd_to_handle_ioctl+0x10/0x10 [ 116.891078][ T6482] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 116.891102][ T6482] drm_ioctl+0x67f/0xb10 [ 116.891123][ T6482] ? __pfx_drm_prime_fd_to_handle_ioctl+0x10/0x10 [ 116.891150][ T6482] ? __pfx_drm_ioctl+0x10/0x10 [ 116.891174][ T6482] ? __fget_files+0x3a0/0x420 [ 116.891194][ T6482] ? __fget_files+0x2a/0x420 [ 116.891216][ T6482] ? bpf_lsm_file_ioctl+0x9/0x20 [ 116.891231][ T6482] ? __pfx_drm_ioctl+0x10/0x10 [ 116.891250][ T6482] __se_sys_ioctl+0xf9/0x170 [ 116.891267][ T6482] do_syscall_64+0xfa/0xfa0 [ 116.891282][ T6482] ? lockdep_hardirqs_on+0x9c/0x150 [ 116.891296][ T6482] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.891312][ T6482] ? clear_bhb_loop+0x60/0xb0 [ 116.891329][ T6482] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.891345][ T6482] RIP: 0033:0x7f87fd78ebe9 [ 116.891364][ T6482] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 116.891379][ T6482] RSP: 002b:00007f87fe59b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 116.891397][ T6482] RAX: ffffffffffffffda RBX: 00007f87fd9c5fa0 RCX: 00007f87fd78ebe9 [ 116.891410][ T6482] RDX: 0000200000000300 RSI: 00000000c00c642e RDI: 0000000000000004 [ 116.891421][ T6482] RBP: 00007f87fd811e19 R08: 0000000000000000 R09: 0000000000000000 [ 116.891440][ T6482] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 116.891451][ T6482] R13: 00007f87fd9c6038 R14: 00007f87fd9c5fa0 R15: 00007ffcf57cde88 [ 116.891470][ T6482] [ 116.891476][ T6482] [ 117.222864][ T6482] Allocated by task 6482: [ 117.227174][ T6482] kasan_save_track+0x3e/0x80 [ 117.231840][ T6482] __kasan_kmalloc+0x93/0xb0 [ 117.236447][ T6482] __kvmalloc_node_noprof+0x5cd/0x910 [ 117.241806][ T6482] drm_gem_get_pages+0x166/0xa20 [ 117.246730][ T6482] drm_gem_shmem_get_pages_locked+0x201/0x440 [ 117.252789][ T6482] drm_gem_shmem_pin_locked+0x22c/0x460 [ 117.258339][ T6482] drm_gem_map_attach+0x19c/0x1f0 [ 117.263378][ T6482] dma_buf_dynamic_attach+0x1ea/0x3d0 [ 117.268754][ T6482] drm_gem_shmem_prime_import_no_map+0xc1/0x2f0 [ 117.274986][ T6482] drm_gem_prime_fd_to_handle+0x196/0x4d0 [ 117.280704][ T6482] drm_ioctl_kernel+0x2cc/0x390 [ 117.285547][ T6482] drm_ioctl+0x67f/0xb10 [ 117.289782][ T6482] __se_sys_ioctl+0xf9/0x170 [ 117.294362][ T6482] do_syscall_64+0xfa/0xfa0 [ 117.298860][ T6482] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.304740][ T6482] [ 117.307051][ T6482] The buggy address belongs to the object at ffff88802740c100 [ 117.307051][ T6482] which belongs to the cache kmalloc-96 of size 96 [ 117.320922][ T6482] The buggy address is located 0 bytes to the right of [ 117.320922][ T6482] allocated 96-byte region [ffff88802740c100, ffff88802740c160) [ 117.335321][ T6482] [ 117.337636][ T6482] The buggy address belongs to the physical page: [ 117.344042][ T6482] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2740c [ 117.352789][ T6482] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 117.359890][ T6482] page_type: f5(slab) [ 117.363862][ T6482] raw: 00fff00000000000 ffff88801a841280 ffffea00017c2a00 dead000000000004 [ 117.372430][ T6482] raw: 0000000000000000 0000000000200020 00000000f5000000 0000000000000000 [ 117.380992][ T6482] page dumped because: kasan: bad access detected [ 117.387394][ T6482] page_owner tracks the page as allocated [ 117.393089][ T6482] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5856, tgid 5856 (udevd), ts 83734705929, free_ts 83610622685 [ 117.411567][ T6482] post_alloc_hook+0x240/0x2a0 [ 117.416328][ T6482] get_page_from_freelist+0x21e4/0x22c0 [ 117.421864][ T6482] __alloc_frozen_pages_noprof+0x181/0x370 [ 117.427667][ T6482] alloc_pages_mpol+0x232/0x4a0 [ 117.432507][ T6482] allocate_slab+0x8a/0x330 [ 117.437006][ T6482] ___slab_alloc+0xbd1/0x13f0 [ 117.441674][ T6482] __slab_alloc+0x55/0xa0 [ 117.445993][ T6482] __kmalloc_noprof+0x471/0x7f0 [ 117.450829][ T6482] tomoyo_encode+0x28b/0x550 [ 117.455421][ T6482] tomoyo_realpath_from_path+0x58d/0x5d0 [ 117.461058][ T6482] tomoyo_check_open_permission+0x1c1/0x3b0 [ 117.466944][ T6482] security_file_open+0xb1/0x270 [ 117.471870][ T6482] do_dentry_open+0x384/0x13f0 [ 117.476626][ T6482] vfs_open+0x3b/0x340 [ 117.480689][ T6482] path_openat+0x2ee5/0x3830 [ 117.485268][ T6482] do_filp_open+0x1fa/0x410 [ 117.489757][ T6482] page last free pid 36 tgid 36 stack trace: [ 117.495716][ T6482] __free_frozen_pages+0xbc4/0xd30 [ 117.500814][ T6482] __tlb_remove_table+0x2d2/0x3b0 [ 117.505826][ T6482] tlb_remove_table_rcu+0x85/0x100 [ 117.510927][ T6482] rcu_core+0xcab/0x1770 [ 117.515158][ T6482] handle_softirqs+0x283/0x870 [ 117.519915][ T6482] do_softirq+0xec/0x180 [ 117.524154][ T6482] __local_bh_enable_ip+0x17d/0x1c0 [ 117.529341][ T6482] batadv_nc_purge_paths+0x318/0x3b0 [ 117.534638][ T6482] batadv_nc_worker+0x369/0x610 [ 117.539480][ T6482] process_scheduled_works+0xade/0x17b0 [ 117.545012][ T6482] worker_thread+0x8a0/0xda0 [ 117.549593][ T6482] kthread+0x70e/0x8a0 [ 117.553659][ T6482] ret_from_fork+0x47c/0x820 [ 117.558246][ T6482] ret_from_fork_asm+0x1a/0x30 [ 117.562996][ T6482] [ 117.565303][ T6482] Memory state around the buggy address: [ 117.570917][ T6482] ffff88802740c000: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 117.578959][ T6482] ffff88802740c080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 117.587011][ T6482] >ffff88802740c100: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 117.595059][ T6482] ^ [ 117.602238][ T6482] ffff88802740c180: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 117.610284][ T6482] ffff88802740c200: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 117.618327][ T6482] ================================================================== [ 117.636562][ T6482] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 117.643772][ T6482] CPU: 1 UID: 0 PID: 6482 Comm: syz.1.168 Not tainted syzkaller #0 PREEMPT(full) [ 117.652967][ T6482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 117.663014][ T6482] Call Trace: [ 117.666281][ T6482] [ 117.669199][ T6482] dump_stack_lvl+0x99/0x250 [ 117.673779][ T6482] ? __asan_memcpy+0x40/0x70 [ 117.678364][ T6482] ? __pfx_dump_stack_lvl+0x10/0x10 [ 117.683550][ T6482] ? __pfx__printk+0x10/0x10 [ 117.688146][ T6482] vpanic+0x237/0x6d0 [ 117.692124][ T6482] ? __pfx_vpanic+0x10/0x10 [ 117.696619][ T6482] ? preempt_schedule+0xae/0xc0 [ 117.701462][ T6482] ? __pfx_preempt_schedule+0x10/0x10 [ 117.706829][ T6482] panic+0xb9/0xc0 [ 117.710542][ T6482] ? __pfx_panic+0x10/0x10 [ 117.714951][ T6482] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 117.720844][ T6482] ? change_page_attr_set_clr+0x625/0xfc0 [ 117.726556][ T6482] check_panic_on_warn+0x89/0xb0 [ 117.731479][ T6482] ? change_page_attr_set_clr+0x625/0xfc0 [ 117.737185][ T6482] end_report+0x78/0x160 [ 117.741420][ T6482] kasan_report+0x129/0x150 [ 117.745914][ T6482] ? change_page_attr_set_clr+0x625/0xfc0 [ 117.751625][ T6482] change_page_attr_set_clr+0x625/0xfc0 [ 117.757160][ T6482] ? __pfx_change_page_attr_set_clr+0x10/0x10 [ 117.763212][ T6482] ? __pfx_pagerange_is_ram_callback+0x10/0x10 [ 117.769365][ T6482] ? memtype_reserve+0x874/0xb30 [ 117.774306][ T6482] _set_pages_array+0x145/0x270 [ 117.779158][ T6482] drm_gem_shmem_get_pages_locked+0x2d0/0x440 [ 117.785226][ T6482] ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10 [ 117.791814][ T6482] drm_gem_shmem_pin_locked+0x22c/0x460 [ 117.797394][ T6482] ? __pfx_drm_gem_shmem_pin_locked+0x10/0x10 [ 117.803459][ T6482] ? ww_mutex_lock+0x3f/0x1c0 [ 117.808127][ T6482] drm_gem_map_attach+0x19c/0x1f0 [ 117.813147][ T6482] dma_buf_dynamic_attach+0x1ea/0x3d0 [ 117.818513][ T6482] ? __fget_files+0x3a0/0x420 [ 117.823186][ T6482] ? __pfx_drm_gem_shmem_prime_import_no_map+0x10/0x10 [ 117.830027][ T6482] drm_gem_shmem_prime_import_no_map+0xc1/0x2f0 [ 117.836266][ T6482] ? drm_gem_prime_fd_to_handle+0x185/0x4d0 [ 117.842158][ T6482] ? __pfx_drm_gem_shmem_prime_import_no_map+0x10/0x10 [ 117.849003][ T6482] drm_gem_prime_fd_to_handle+0x196/0x4d0 [ 117.854734][ T6482] drm_ioctl_kernel+0x2cc/0x390 [ 117.859583][ T6482] ? __pfx_drm_prime_fd_to_handle_ioctl+0x10/0x10 [ 117.865998][ T6482] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 117.871370][ T6482] drm_ioctl+0x67f/0xb10 [ 117.875609][ T6482] ? __pfx_drm_prime_fd_to_handle_ioctl+0x10/0x10 [ 117.882027][ T6482] ? __pfx_drm_ioctl+0x10/0x10 [ 117.886792][ T6482] ? __fget_files+0x3a0/0x420 [ 117.891463][ T6482] ? __fget_files+0x2a/0x420 [ 117.896056][ T6482] ? bpf_lsm_file_ioctl+0x9/0x20 [ 117.900992][ T6482] ? __pfx_drm_ioctl+0x10/0x10 [ 117.905752][ T6482] __se_sys_ioctl+0xf9/0x170 [ 117.910334][ T6482] do_syscall_64+0xfa/0xfa0 [ 117.914832][ T6482] ? lockdep_hardirqs_on+0x9c/0x150 [ 117.920016][ T6482] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.926075][ T6482] ? clear_bhb_loop+0x60/0xb0 [ 117.930745][ T6482] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.936628][ T6482] RIP: 0033:0x7f87fd78ebe9 [ 117.941032][ T6482] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 117.960627][ T6482] RSP: 002b:00007f87fe59b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 117.969030][ T6482] RAX: ffffffffffffffda RBX: 00007f87fd9c5fa0 RCX: 00007f87fd78ebe9 [ 117.976988][ T6482] RDX: 0000200000000300 RSI: 00000000c00c642e RDI: 0000000000000004 [ 117.984948][ T6482] RBP: 00007f87fd811e19 R08: 0000000000000000 R09: 0000000000000000 [ 117.992908][ T6482] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 118.000867][ T6482] R13: 00007f87fd9c6038 R14: 00007f87fd9c5fa0 R15: 00007ffcf57cde88 [ 118.008845][ T6482] [ 118.012076][ T6482] Kernel Offset: disabled [ 118.016378][ T6482] Rebooting in 86400 seconds..