last executing test programs: 12.713242286s ago: executing program 1 (id=983): socket(0x2a, 0x2, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newqdisc={0x44, 0x28, 0x4ee4e6a52ff56561, 0x4000, 0xfffffdfc, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x0, 0x6}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x0, 0xe, 0x0, 0x5}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x400dc}, 0x4000810) 12.306374344s ago: executing program 1 (id=986): prlimit64(0x0, 0xe, &(0x7f0000000440)={0x6, 0x8c}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019380)=""/102400, 0x19000) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[], 0x54}, 0x1, 0x0, 0x0, 0x4000}, 0x0) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0xfffffffd) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r2, 0x800448f0, &(0x7f00000000c0)={0x0, 0x2, '\x00', 0x9, 0x1}) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r3, 0x0, 0x0) write(r3, &(0x7f0000000040)="05000000010000", 0x7) mkdirat(r0, &(0x7f0000000080)='./file0\x00', 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000280)) fchdir(0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f0000000340)='ns\x00') 10.288205506s ago: executing program 4 (id=989): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x1c5ed000) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1ff) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="600000000206010100000000000000000000000005000400000000000900020073798830000000000500010007000000050005000a000000140007800800114000000001080012400000ffff11000300686173683a69702c706f727400000000"], 0x60}}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) r5 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r5, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="000000070601080000800000000000000000000500"], 0x1c}}, 0x0) setsockopt$inet_mtu(r5, 0x0, 0xa, 0x0, 0x0) connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000040)='sit0\x00', 0x10) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) ftruncate(r7, 0x2000009) sendfile(r5, r7, 0x0, 0x7ffff004) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) write(r4, &(0x7f0000000000)="e6cd3eb12aa06cea743213171bb8891a69d9f2ecfd926affa5b8832b291d383b312dae79abd7fab9a19cd22d8d0748b2c3ba41464189a258bde1648bd2fd6eba8133ce05d420d2fb14b31a12736fdbe55ce2", 0x52) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000200)={0x10003, 0x1, 0xf000, 0x2000, &(0x7f0000ffc000/0x2000)=nil}) r8 = socket(0x40000000002, 0x3, 0x80000000002) setsockopt$SO_BINDTODEVICE(r8, 0x1, 0x19, &(0x7f0000000240)='wg1\x00', 0x10) sendto$unix(r8, 0x0, 0x0, 0x0, &(0x7f0000000180)=@abs={0x0, 0x0, 0x10000e0}, 0x6e) ioctl$KVM_SET_VAPIC_ADDR(0xffffffffffffffff, 0x4008ae93, &(0x7f00000000c0)=0x6000) ioctl$sock_TIOCINQ(r8, 0x541b, &(0x7f0000000080)) ioctl$KVM_SET_VAPIC_ADDR(0xffffffffffffffff, 0x4008ae93, &(0x7f0000000100)=0xffff) sendmsg$NFT_BATCH(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000060a01040000000000000000020000002c000480280001800b0001006f626a7265660029a07ddf407f00180002800900020073797a300000000008000140000000090900010073797a30000000000900020073797a3200000000140000001100010000000000000000000000000a"], 0x80}}, 0x0) write$binfmt_elf64(r0, &(0x7f0000000340)=ANY=[@ANYRES64=r4], 0x78) 9.54986855s ago: executing program 0 (id=991): r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000280), 0x80a00, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000180)={0x80000001, "0600000000000000c64c3b6e6ff82a75e5318fca4288c2ffbdbec772020acd2c", 0xffffffffffffffff}) dup3(r1, r0, 0x0) r2 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0x39f2, 0x1000, 0xfffffffd, 0xbfe02000}, &(0x7f0000000000)=0x0, &(0x7f00000000c0)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) io_uring_enter(r2, 0x47f6, 0x0, 0x0, 0x0, 0x0) 9.181376168s ago: executing program 0 (id=994): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) io_uring_register$IORING_REGISTER_PBUF_RING(0xffffffffffffffff, 0x16, 0x0, 0x1) io_uring_enter(0xffffffffffffffff, 0x3516, 0x0, 0x0, 0x0, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r3 = dup(r2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r3, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1) connect$unix(0xffffffffffffffff, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) 9.161438866s ago: executing program 3 (id=995): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8) socket$inet6_udplite(0xa, 0x2, 0x88) socket(0x1e, 0x1, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000fc0)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) bind$inet6(r1, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00'}) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), 0xffffffffffffffff) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000240)={0x8, 0x8169, 0x6}) 7.824882233s ago: executing program 3 (id=997): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x20940, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_XEN_HVM_CONFIG(r1, 0x4038ae7a, &(0x7f0000000040)={0x80, 0x40000105, 0x0, 0x0, 0xfffffd30}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4400ae8f, &(0x7f0000000080)=@arm64={0x10, 0x2, 0xff, '\x00', 0x400006}) ioctl$KVM_SET_MP_STATE(r4, 0x4004ae99, &(0x7f0000000040)=0x3) ioctl$KVM_RUN(r4, 0xae80, 0x0) 6.94546003s ago: executing program 4 (id=999): r0 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x4, 0x8000, 0xd9}, &(0x7f0000000340)=0x0, &(0x7f0000000040)=0x0) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/key-users\x00', 0x0, 0x0) ioctl$NBD_SET_SOCK(0xffffffffffffffff, 0xab00, 0xffffffffffffffff) pread64(r5, 0x0, 0x0, 0x29) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) eventfd2(0xff, 0x80001) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x40, 0x0, r2, 0x0, 0x0, 0x0, 0x2}) io_uring_enter(r2, 0x627, 0x4c1, 0x43, 0x0, 0x0) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x42031, 0xffffffffffffffff, 0x0) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_int(r6, 0x6, 0x19, 0x0, 0x0) io_uring_register$IORING_REGISTER_PROBE(r2, 0x8, &(0x7f0000000200)={0x0, 0x0, 0x0, '\x00', [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}]}, 0x14) sendmmsg$inet(r6, &(0x7f0000004980)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000340)="b9cd14c222ee3c0cb00182", 0xb}], 0x1}}], 0x1, 0x20008000) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0xc, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ba000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000003900000095"], &(0x7f0000000140)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @cgroup_sock_addr=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94) 6.226815817s ago: executing program 2 (id=1000): r0 = socket(0x2b, 0x80801, 0x1) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4, 0x3ff, @empty, 0x1}, 0x1c) setsockopt$MRT_ADD_MFC_PROXY(r0, 0x0, 0xd2, 0x0, 0x0) 6.211922127s ago: executing program 3 (id=1001): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) open$dir(&(0x7f0000000080)='./file0\x00', 0x4447e, 0x8) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20c01, 0x0) r1 = gettid() timer_create(0x1, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, 0x0) write$vhost_msg_v2(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x3a8bc000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) r2 = gettid() kcmp(r2, r2, 0x300, 0xffffffffffffffff, 0xffffffffffffffff) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/cpuinfo\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x20000023896) ioctl$TCSETSW2(r3, 0x402c542c, &(0x7f0000000140)={0x106, 0x8001, 0xe, 0x3, 0x7, "63ff08000000000010000100000100000000fc", 0x64, 0x1}) ioctl$TIOCSWINSZ(r0, 0x5414, &(0x7f0000000040)={0x8, 0x7a, 0x4081, 0xfd}) syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) r5 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r5, 0x29, 0x2a, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast2}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r5, 0x29, 0x30, &(0x7f0000000780)={0xb, {{0xa, 0xfffe, 0x0, @mcast2}}, 0x1, 0x2, [{{0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}}}, {{0xa, 0x4e22, 0x31f, @remote, 0x1f757fe}}]}, 0x18c) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$ifreq_SIOCGIFINDEX_wireguard(r8, 0x8933, &(0x7f0000000340)={'wg0\x00', 0x0}) sendmsg$WG_CMD_SET_DEVICE(r6, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="780300", @ANYRES16=r7, @ANYBLOB="37040000000000000000010000005c03088030000080060005000000000024000100f44da367a88ee6564f020211456727082f5cebee8b1bf5eb7337341b459b39223400002004000980060005000080000024000100f44da367a88ee6564f020211456727082f5cebee8b1bf5eb7337341b459b3922f4020080cc02098034000080060001000200000008000200ac1414aa0500030003000000060001000200000008000200640101010500030000000000a0000080060001000a00000014000200000000000000000000000000000000000500030003000000060001000a00000014000200000000000000000000000000000000010500030001000000060001000200000008000200ac1414bb0500030002000000060001000200000008000200e00000010500030000000000060001000a00000014000200fe80000000000000000000000000003305000300020000001c000080060001000200000008000200ac1414bb050003000200000028000080060001000a00000014000200fc000000000000000000000000000001050003000000000034000080060001000200000008000200ac1414bb0500030003000000060001000200000008000204e0000002050003000000000088000080060001000a00000014000200ff0100000000000000000000000000010500030003000000060001000a00000014000200fe80000000000000000000000000002e0500030003000000060001000a00000014000200fe8000000000000000000000000000aa0500030001000000060001000200000008000200e00000020500030001000000f4000080060001000a00000014000200fe80000000000000000000000000002f0500030003000000060001000a00000014000200fe8000000000000000000000000000bb0500030000000000060001000200000008000200e00000010500030001000000060001000a00000014000200200100000000000000000000000000010500030001000000060001000200000008000200ac1414300500030000000000060001000200000008000200ac1e00010500030002000000060001000200000008000200000000000500030003000000060001000a00000014000200fc010000000000000000000000000000050003000200000024000100000000000000000000000000000000000000000000000000000000000000000008000100", @ANYRES32=r9], 0x378}}, 0x0) syz_emit_ethernet(0x66, &(0x7f0000000080)={@multicast, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "003a04", 0x4, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "508359", 0x0, 0x0, 0x0, @private1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}}}}}, 0x0) 6.164560775s ago: executing program 4 (id=1002): syz_open_procfs(0x0, &(0x7f0000002380)='net/ip_mr_cache\x00') r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r0, 0x0, 0xc8, 0x0, 0x0) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev={0xac, 0x14, 0x14, 0x15}}, 0x10) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r1) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r2 = gettid() r3 = syz_open_procfs(r2, &(0x7f0000000040)='timerslack_ns\x00') write$tun(r3, &(0x7f0000000380)=ANY=[@ANYRESOCT=r1], 0xfce) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r4 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r5, 0x0, 0x0) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x1e, 0x13, &(0x7f0000002980)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x3, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0, 0x0, 0x0, 0x0, 0x4000, @void, @value}, 0x94) connect$inet6(0xffffffffffffffff, 0x0, 0x0) r7 = syz_open_dev$tty1(0xc, 0x4, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) ioctl$TIOCL_SETSEL(r7, 0x541c, &(0x7f0000001900)={0x2, {0xc, 0xa00, 0x0, 0x80, 0x100}}) 5.944508806s ago: executing program 2 (id=1003): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0) userfaultfd(0x80001) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x0, 0x2}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x79af, 0x80, 0x28004, 0x40024e}, &(0x7f0000000340)=0x0, &(0x7f0000000140)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f0000000380)=@IORING_OP_POLL_ADD={0x6, 0x40, 0x0, @fd_index=0x6}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) 5.717564967s ago: executing program 1 (id=1004): r0 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x20) connect$l2tp6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x22}, 0x7, 0x4}, 0x20) getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f0000000140)=0x2000) 5.61879846s ago: executing program 2 (id=1005): r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000280), 0x80a00, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000180)={0x80000001, "0600000000000000c64c3b6e6ff82a75e5318fca4288c2ffbdbec772020acd2c", 0xffffffffffffffff}) dup3(r1, r0, 0x0) r2 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0x39f2, 0x1000, 0xfffffffd, 0xbfe02000}, &(0x7f0000000000)=0x0, &(0x7f00000000c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r2, 0x47f6, 0x0, 0x0, 0x0, 0x0) 5.512797263s ago: executing program 0 (id=1006): r0 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f00000009c0), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r2}, 0x18) dup(0xffffffffffffffff) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000300)=@abs={0x0, 0x0, 0xb}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) shutdown(0xffffffffffffffff, 0x2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r6 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r6, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r6, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x3}, 0x1c) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TCSETS2(r0, 0x402c542b, &(0x7f0000000a00)={0x0, 0x0, 0xaaca, 0xffff, 0x0, "87d3514787b8c600004a903184033c6700"}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000002c0)=0x84) 5.510438065s ago: executing program 1 (id=1007): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8) socket$inet6_udplite(0xa, 0x2, 0x88) socket(0x1e, 0x1, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000fc0)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) bind$inet6(r1, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00'}) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), 0xffffffffffffffff) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000240)={0x8, 0x8169, 0x6}) 5.280584849s ago: executing program 2 (id=1008): r0 = syz_open_dev$video(0x0, 0x101, 0x80081) ioctl$VIDIOC_G_CROP(r0, 0xc014563b, &(0x7f0000000cc0)={0x9, {0x0, 0x8000, 0x1000}}) 4.447819228s ago: executing program 1 (id=1009): r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r1, 0x4b67, &(0x7f0000001ec0)={0x0, 0x0}) socket(0x1d, 0x2, 0x7) r2 = syz_io_uring_setup(0x1e1a, &(0x7f0000000440)={0x0, 0x430, 0x10100, 0x0, 0x83}, &(0x7f0000002000)=0x0, &(0x7f0000000040)=0x0) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_features={{0xb, 0xb}, {0x80, 0xc9, "7e118e8456ee1d14"}}}, 0xe) syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x23}) io_uring_enter(r2, 0x100048ed, 0x0, 0x2, 0x0, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @rand_addr=0x64010101}, 0x10) listen(r0, 0xda90) r5 = openat$sequencer(0xffffff9c, &(0x7f0000000480), 0x0, 0x0) socket(0x1, 0x5, 0x8) ioctl$SNDCTL_SEQ_NRMIDIS(r5, 0xc0046d00, &(0x7f0000001500)) accept4(r0, 0x0, 0x0, 0x0) 4.42795194s ago: executing program 2 (id=1010): setsockopt$TIPC_GROUP_LEAVE(0xffffffffffffffff, 0x10f, 0x88) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0205649, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x810, 0xffffffffffffffff, 0x0) sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, 0x0, 0x40c0080) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x1, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x8001, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x8000, r2}, 0x38) r3 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x101000) ioctl$IOC_PR_REGISTER(r3, 0x401870c8, 0x0) r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r4, 0x4601, &(0x7f0000000940)={0x60, 0x80, 0x0, 0x20, 0x0, 0x0, 0x8, 0x0, {}, {0x0, 0x1000}, {}, {0x4000}, 0x2, 0x100}) 4.271675202s ago: executing program 0 (id=1011): socket$nl_route(0x10, 0x3, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) open(0x0, 0x10f0c2, 0x0) creat(&(0x7f0000001180)='./file0\x00', 0x8) ioctl$VT_RESIZE(r3, 0x5609, &(0x7f0000000040)={0x3, 0x2}) 3.968512478s ago: executing program 4 (id=1012): r0 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x4, 0x8000, 0xd9}, &(0x7f0000000340)=0x0, &(0x7f0000000040)=0x0) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/key-users\x00', 0x0, 0x0) ioctl$NBD_SET_SOCK(0xffffffffffffffff, 0xab00, 0xffffffffffffffff) pread64(r5, 0x0, 0x0, 0x29) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) eventfd2(0xff, 0x80001) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x40, 0x0, r2, 0x0, 0x0, 0x0, 0x2}) io_uring_enter(r2, 0x627, 0x4c1, 0x43, 0x0, 0x0) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x42031, 0xffffffffffffffff, 0x0) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_int(r6, 0x6, 0x19, 0x0, 0x0) io_uring_register$IORING_REGISTER_PROBE(r2, 0x8, &(0x7f0000000200)={0x0, 0x0, 0x0, '\x00', [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}]}, 0x14) sendmmsg$inet(r6, &(0x7f0000004980)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000340)="b9cd14c222ee3c0cb00182", 0xb}], 0x1}}], 0x1, 0x20008000) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0xc, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ba000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000003900000095"], &(0x7f0000000140)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @cgroup_sock_addr=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94) 2.583110966s ago: executing program 4 (id=1013): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_io_uring_setup(0x1104, &(0x7f0000000300)={0x0, 0x0, 0x80, 0x0, 0x8000021e}, &(0x7f00000001c0)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) io_uring_enter(r2, 0x47fa, 0x0, 0x0, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x20, 0x2, r5, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0, 0x0, 0x1}) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) 2.564232162s ago: executing program 1 (id=1014): prlimit64(0x0, 0xe, &(0x7f0000000440)={0x6, 0x8c}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019380)=""/102400, 0x19000) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[], 0x54}, 0x1, 0x0, 0x0, 0x4000}, 0x0) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0xfffffffd) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r2, 0x800448f0, &(0x7f00000000c0)={0x0, 0x2, '\x00', 0x9, 0x1}) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r3, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6) write(r3, 0x0, 0x0) mkdirat(r0, &(0x7f0000000080)='./file0\x00', 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000280)) fchdir(0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f0000000340)='ns\x00') 2.405126181s ago: executing program 3 (id=1015): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0) userfaultfd(0x80001) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x0, 0x2}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) r4 = syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x79af, 0x80, 0x28004, 0x40024e}, &(0x7f0000000340)=0x0, &(0x7f0000000140)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) io_uring_enter(r4, 0x627, 0x4c1, 0x43, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) 2.404414348s ago: executing program 0 (id=1016): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000009c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_DELCHAIN={0x20, 0x5, 0xa, 0x201, 0x0, 0x0, {0x2, 0x0, 0x9}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x48}}, 0x40880) 1.508615801s ago: executing program 0 (id=1017): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) io_uring_register$IORING_REGISTER_PBUF_RING(0xffffffffffffffff, 0x16, 0x0, 0x1) io_uring_enter(0xffffffffffffffff, 0x3516, 0x0, 0x0, 0x0, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r3 = dup(r2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r3, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1) connect$unix(0xffffffffffffffff, 0x0, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) 1.455939581s ago: executing program 3 (id=1018): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x28, 0x3e, 0x107, 0x3, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x8, 0x0, 0x0, @str='\x84;'}]}, @nested={0x4, 0x2}]}, 0x28}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) 698.484361ms ago: executing program 3 (id=1019): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8) socket$inet6_udplite(0xa, 0x2, 0x88) socket(0x1e, 0x1, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000fc0)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) bind$inet6(r1, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00'}) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), 0xffffffffffffffff) r3 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000240)={0x8, 0x8169, 0x6}) 461.276746ms ago: executing program 4 (id=1020): r0 = syz_open_dev$video(0x0, 0x101, 0x80081) ioctl$VIDIOC_G_CROP(r0, 0xc014563b, &(0x7f0000000cc0)={0x9, {0x0, 0x8000, 0x1000}}) 0s ago: executing program 2 (id=1021): r0 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f00000009c0), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r2}, 0x18) dup(0xffffffffffffffff) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000300)=@abs={0x0, 0x0, 0xb}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) shutdown(0xffffffffffffffff, 0x2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r6 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r6, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r6, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x3}, 0x1c) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TCSETS2(r0, 0x402c542b, &(0x7f0000000a00)={0x0, 0x0, 0xaaca, 0xffff, 0x0, "87d3514787b8c600004a903184033c6700"}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000002c0)=0x84) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.171' (ED25519) to the list of known hosts. [ 82.837303][ T5817] cgroup: Unknown subsys name 'net' [ 82.955960][ T5817] cgroup: Unknown subsys name 'cpuset' [ 82.964956][ T5817] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 84.679035][ T5817] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 87.474006][ T5831] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 87.489903][ T5831] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 87.497606][ T5831] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 87.506954][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 87.515216][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 87.524304][ T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 87.532630][ T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 87.601090][ T5149] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 87.609905][ T5837] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 87.617742][ T5835] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 87.631517][ T5835] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 87.640007][ T5835] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 87.647221][ T5837] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 87.656816][ T5831] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 87.664676][ T5831] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 87.698535][ T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 87.706723][ T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 87.714496][ T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 87.723929][ T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 87.733036][ T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 87.747174][ T5831] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 87.764595][ T5831] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 87.772626][ T5831] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 87.780908][ T5831] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 87.793329][ T5831] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 88.448509][ T5828] chnl_net:caif_netlink_parms(): no params data found [ 88.502168][ T5838] chnl_net:caif_netlink_parms(): no params data found [ 88.548801][ T5833] chnl_net:caif_netlink_parms(): no params data found [ 88.654265][ T5841] chnl_net:caif_netlink_parms(): no params data found [ 88.774244][ T5842] chnl_net:caif_netlink_parms(): no params data found [ 88.873955][ T5828] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.881625][ T5828] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.889063][ T5828] bridge_slave_0: entered allmulticast mode [ 88.898737][ T5828] bridge_slave_0: entered promiscuous mode [ 88.923118][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.930330][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.937496][ T5833] bridge_slave_0: entered allmulticast mode [ 88.945748][ T5833] bridge_slave_0: entered promiscuous mode [ 88.953108][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.960745][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.967872][ T5838] bridge_slave_0: entered allmulticast mode [ 88.975887][ T5838] bridge_slave_0: entered promiscuous mode [ 88.983615][ T5828] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.991662][ T5828] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.999090][ T5828] bridge_slave_1: entered allmulticast mode [ 89.006446][ T5828] bridge_slave_1: entered promiscuous mode [ 89.031502][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.038646][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.046117][ T5833] bridge_slave_1: entered allmulticast mode [ 89.053366][ T5833] bridge_slave_1: entered promiscuous mode [ 89.060859][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.067993][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.075598][ T5838] bridge_slave_1: entered allmulticast mode [ 89.083057][ T5838] bridge_slave_1: entered promiscuous mode [ 89.201382][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.215029][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.226703][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.238687][ T5828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.283736][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.309902][ T5828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.319432][ T5841] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.326603][ T5841] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.333872][ T5841] bridge_slave_0: entered allmulticast mode [ 89.342311][ T5841] bridge_slave_0: entered promiscuous mode [ 89.418150][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.425801][ T5841] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.433577][ T5841] bridge_slave_1: entered allmulticast mode [ 89.440956][ T5841] bridge_slave_1: entered promiscuous mode [ 89.464528][ T5833] team0: Port device team_slave_0 added [ 89.474877][ T5833] team0: Port device team_slave_1 added [ 89.483467][ T5838] team0: Port device team_slave_0 added [ 89.492640][ T5838] team0: Port device team_slave_1 added [ 89.512782][ T5828] team0: Port device team_slave_0 added [ 89.532577][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.539883][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.547048][ T5842] bridge_slave_0: entered allmulticast mode [ 89.555265][ T5842] bridge_slave_0: entered promiscuous mode [ 89.591623][ T5828] team0: Port device team_slave_1 added [ 89.598411][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.605730][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.632333][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.644204][ T5835] Bluetooth: hci0: command tx timeout [ 89.675013][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.682784][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.690665][ T5842] bridge_slave_1: entered allmulticast mode [ 89.699362][ T5842] bridge_slave_1: entered promiscuous mode [ 89.709379][ T5835] Bluetooth: hci1: command tx timeout [ 89.709799][ T5831] Bluetooth: hci2: command tx timeout [ 89.739907][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.746904][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.775520][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.789609][ T5831] Bluetooth: hci3: command tx timeout [ 89.790839][ T5841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.806626][ T5841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.842950][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.850202][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.877460][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.888406][ T5831] Bluetooth: hci4: command tx timeout [ 89.947376][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.958051][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.968420][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.994753][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.006744][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.013806][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.042426][ T5828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.057577][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.067049][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.093835][ T5828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.115010][ T5841] team0: Port device team_slave_0 added [ 90.125626][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.207009][ T5841] team0: Port device team_slave_1 added [ 90.216902][ T5842] team0: Port device team_slave_0 added [ 90.244616][ T5838] hsr_slave_0: entered promiscuous mode [ 90.253204][ T5838] hsr_slave_1: entered promiscuous mode [ 90.291098][ T5842] team0: Port device team_slave_1 added [ 90.333857][ T5828] hsr_slave_0: entered promiscuous mode [ 90.341327][ T5828] hsr_slave_1: entered promiscuous mode [ 90.347551][ T5828] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 90.355322][ T5828] Cannot create hsr debugfs directory [ 90.383782][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.390949][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.418121][ T5841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.431064][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.438017][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.464017][ T5841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.543837][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.550940][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.577326][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.625654][ T5833] hsr_slave_0: entered promiscuous mode [ 90.633057][ T5833] hsr_slave_1: entered promiscuous mode [ 90.639770][ T5833] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 90.647342][ T5833] Cannot create hsr debugfs directory [ 90.656160][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.664183][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.692947][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.852018][ T5841] hsr_slave_0: entered promiscuous mode [ 90.858263][ T5841] hsr_slave_1: entered promiscuous mode [ 90.866021][ T5841] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 90.873684][ T5841] Cannot create hsr debugfs directory [ 91.051144][ T5842] hsr_slave_0: entered promiscuous mode [ 91.057710][ T5842] hsr_slave_1: entered promiscuous mode [ 91.064205][ T5842] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 91.072426][ T5842] Cannot create hsr debugfs directory [ 91.397205][ T5838] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 91.427921][ T5838] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 91.455390][ T5838] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 91.481435][ T5838] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 91.554065][ T5828] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 91.585663][ T5828] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 91.614944][ T5828] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 91.634537][ T5828] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 91.709551][ T5831] Bluetooth: hci0: command tx timeout [ 91.723665][ T5841] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 91.734989][ T5841] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 91.748434][ T5841] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 91.776467][ T5841] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 91.790329][ T5831] Bluetooth: hci1: command tx timeout [ 91.795789][ T5831] Bluetooth: hci2: command tx timeout [ 91.869478][ T5831] Bluetooth: hci3: command tx timeout [ 91.895958][ T5833] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 91.908570][ T5833] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 91.945389][ T5833] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 91.953737][ T5831] Bluetooth: hci4: command tx timeout [ 91.961858][ T10] cfg80211: failed to load regulatory.db [ 91.974838][ T5833] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 92.037833][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.094534][ T5842] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 92.110398][ T5842] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 92.127265][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.150318][ T5842] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 92.183596][ T5842] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 92.201484][ T5838] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.225058][ T5828] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.265032][ T64] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.272424][ T64] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.297313][ T64] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.304505][ T64] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.316643][ T64] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.323849][ T64] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.343204][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.350394][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.522035][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.632100][ T5841] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.657686][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.691131][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.698392][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.760137][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.767405][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.803233][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.814750][ T5833] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.874648][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.881786][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.927340][ T5842] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.949044][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.956321][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.974615][ T5841] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 92.997643][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.004860][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.033856][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.041060][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.067484][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.096147][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.196264][ T5833] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 93.342232][ T5838] veth0_vlan: entered promiscuous mode [ 93.381680][ T5828] veth0_vlan: entered promiscuous mode [ 93.427356][ T5838] veth1_vlan: entered promiscuous mode [ 93.486882][ T5828] veth1_vlan: entered promiscuous mode [ 93.562885][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.643814][ T5838] veth0_macvtap: entered promiscuous mode [ 93.697746][ T5838] veth1_macvtap: entered promiscuous mode [ 93.784132][ T5828] veth0_macvtap: entered promiscuous mode [ 93.794353][ T5831] Bluetooth: hci0: command tx timeout [ 93.822294][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.836445][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.863056][ T5828] veth1_macvtap: entered promiscuous mode [ 93.870748][ T5831] Bluetooth: hci2: command tx timeout [ 93.876269][ T5831] Bluetooth: hci1: command tx timeout [ 93.880243][ T36] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.892102][ T36] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.917713][ T36] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.928316][ T36] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.950878][ T5831] Bluetooth: hci3: command tx timeout [ 93.958775][ T5841] veth0_vlan: entered promiscuous mode [ 93.987636][ T5841] veth1_vlan: entered promiscuous mode [ 94.008078][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.027632][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.030022][ T5831] Bluetooth: hci4: command tx timeout [ 94.087354][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.136882][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.204878][ T5841] veth0_macvtap: entered promiscuous mode [ 94.219021][ T49] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.245386][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.257506][ T49] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.274014][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.281580][ T49] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.295989][ T5841] veth1_macvtap: entered promiscuous mode [ 94.318944][ T49] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.417514][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.451604][ T1034] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.465030][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.469462][ T1034] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.482688][ T5833] veth0_vlan: entered promiscuous mode [ 94.573170][ T5833] veth1_vlan: entered promiscuous mode [ 94.581574][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.598364][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.615047][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.626995][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.641495][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.662481][ T5838] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 94.691692][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.745981][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.764463][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.875425][ T5833] veth0_macvtap: entered promiscuous mode [ 94.898419][ T5842] veth0_vlan: entered promiscuous mode [ 94.962760][ T5833] veth1_macvtap: entered promiscuous mode [ 94.983022][ T5950] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 95.034377][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.046080][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.068963][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.089985][ T5842] veth1_vlan: entered promiscuous mode [ 95.384097][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.697413][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 95.731943][ T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.754533][ T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.776035][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.784234][ T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.784290][ T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.804365][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.871350][ T5831] Bluetooth: hci0: command tx timeout [ 95.950399][ T5831] Bluetooth: hci1: command tx timeout [ 95.956864][ T5835] Bluetooth: hci2: command tx timeout [ 96.024805][ T5957] netlink: 16 bytes leftover after parsing attributes in process `syz.2.7'. [ 96.035313][ T5831] Bluetooth: hci3: command tx timeout [ 96.046882][ T5842] veth0_macvtap: entered promiscuous mode [ 96.091430][ T5955] Zero length message leads to an empty skb [ 96.111056][ T5831] Bluetooth: hci4: command tx timeout [ 96.149915][ T5957] geneve2: entered promiscuous mode [ 96.210252][ T0] NOHZ tick-stop error: local softirq work is pending, handler #242!!! [ 96.414408][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 96.685670][ T1164] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.716558][ T1164] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.793937][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 96.838774][ T5842] veth1_macvtap: entered promiscuous mode [ 97.037998][ T5964] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 97.056525][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.722192][ T5970] netlink: 12 bytes leftover after parsing attributes in process `syz.3.9'. [ 97.751199][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.930616][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.983478][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.029709][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 98.064376][ T5960] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.082763][ T5976] loop2: detected capacity change from 0 to 7 [ 98.168801][ T5960] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.201137][ T5976] Dev loop2: unable to read RDB block 7 [ 98.220164][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.239520][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.255834][ T5976] loop2: AHDI p2 [ 98.269675][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 98.300481][ T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.320917][ T5976] loop2: partition table partially beyond EOD, truncated [ 98.387682][ T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.409521][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.559683][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.174695][ T6005] syz_tun: entered allmulticast mode [ 101.456490][ T1164] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.456531][ T1164] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.487006][ T6009] wireguard0: entered promiscuous mode [ 101.725729][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.886224][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.089527][ T6036] capability: warning: `syz.1.27' uses 32-bit capabilities (legacy support in use) [ 104.408357][ T6044] IPVS: set_ctl: invalid protocol: 11612 172.30.1.4:20003 [ 104.560955][ T6052] syz_tun: entered allmulticast mode [ 105.137004][ T6059] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 105.186932][ T6059] CIFS mount error: No usable UNC path provided in device string! [ 105.186932][ T6059] [ 105.242741][ T6059] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 108.409409][ T6103] CIFS mount error: No usable UNC path provided in device string! [ 108.409409][ T6103] [ 108.694087][ T6103] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 110.373068][ T6125] process 'syz.1.54' launched './file2' with NULL argv: empty string added [ 111.587879][ T5917] IPVS: starting estimator thread 0... [ 111.719348][ T6139] IPVS: using max 25 ests per chain, 60000 per kthread [ 112.902426][ T6146] syz_tun: entered allmulticast mode [ 113.414187][ T6154] CIFS mount error: No usable UNC path provided in device string! [ 113.414187][ T6154] [ 113.450883][ T6154] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 115.246410][ T6168] block nbd3: NBD_DISCONNECT [ 115.260715][ T6168] block nbd3: Send disconnect failed -22 [ 115.268519][ T6167] block nbd3: Disconnected due to user request. [ 115.276343][ T6167] block nbd3: shutting down sockets [ 115.885797][ T6185] CIFS mount error: No usable UNC path provided in device string! [ 115.885797][ T6185] [ 115.928228][ T6185] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 116.681693][ T6198] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 117.102804][ T6203] vlan2: entered allmulticast mode [ 117.107984][ T6203] bond0: entered allmulticast mode [ 117.123794][ T6203] bond_slave_0: entered allmulticast mode [ 117.129779][ T6203] bond_slave_1: entered allmulticast mode [ 117.178006][ T6204] netlink: 2384 bytes leftover after parsing attributes in process `syz.2.80'. [ 117.191268][ T6203] bridge0: port 3(vlan2) entered blocking state [ 117.191412][ T6203] bridge0: port 3(vlan2) entered disabled state [ 117.268087][ T6203] vlan2: entered promiscuous mode [ 117.268112][ T6203] bond0: entered promiscuous mode [ 117.268123][ T6203] bond_slave_0: entered promiscuous mode [ 117.268360][ T6203] bond_slave_1: entered promiscuous mode [ 117.446383][ T6203] bridge0: port 3(vlan2) entered blocking state [ 117.446586][ T6203] bridge0: port 3(vlan2) entered forwarding state [ 117.938015][ T6222] syz_tun: entered allmulticast mode [ 123.547080][ T6292] loop3: detected capacity change from 0 to 1024 [ 123.557031][ T6292] EXT4-fs: Ignoring removed orlov option [ 123.578451][ T5199] udevd[5199]: worker [5958] terminated by signal 33 (Unknown signal 33) [ 123.616440][ T6292] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 123.639817][ T5199] udevd[5199]: worker [5958] failed while handling '/devices/virtual/block/loop3' [ 124.276274][ T6292] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 128.196881][ T6331] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 128.515224][ T6336] loop3: detected capacity change from 0 to 1024 [ 128.522787][ T6336] EXT4-fs: Ignoring removed orlov option [ 128.811697][ T6336] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 129.407504][ T5838] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 131.160842][ T6358] netlink: 24 bytes leftover after parsing attributes in process `syz.0.130'. [ 131.326198][ T6360] netlink: 28 bytes leftover after parsing attributes in process `syz.0.130'. [ 131.338975][ T6360] netlink: 28 bytes leftover after parsing attributes in process `syz.0.130'. [ 131.348141][ T6360] netlink: 'syz.0.130': attribute type 6 has an invalid length. [ 131.871773][ T6345] devtmpfs: Unknown parameter 'nr_Inode' [ 133.001076][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.007494][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.142470][ T6374] tipc: Enabling of bearer rejected, failed to enable media [ 134.300371][ T6383] loop0: detected capacity change from 0 to 1024 [ 134.309662][ T6383] EXT4-fs: Ignoring removed orlov option [ 134.383864][ T6383] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 134.879742][ T6388] syz_tun: entered promiscuous mode [ 134.892836][ T5841] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 134.923325][ T6388] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 134.996413][ T6391] netlink: 212 bytes leftover after parsing attributes in process `syz.3.142'. [ 135.156770][ T5917] IPVS: starting estimator thread 0... [ 135.319314][ T6395] IPVS: using max 22 ests per chain, 52800 per kthread [ 136.124318][ T6423] loop0: detected capacity change from 0 to 1024 [ 136.131431][ T6423] EXT4-fs: Ignoring removed orlov option [ 136.661362][ T6423] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 136.892977][ T5841] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 137.152207][ T6435] netlink: 212 bytes leftover after parsing attributes in process `syz.0.153'. [ 138.869460][ T5903] IPVS: starting estimator thread 0... [ 139.026011][ T6464] loop3: detected capacity change from 0 to 1024 [ 139.033555][ T6464] EXT4-fs: Ignoring removed orlov option [ 139.083573][ T6464] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 139.119280][ T6460] IPVS: using max 27 ests per chain, 64800 per kthread [ 139.722389][ T5838] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 142.092776][ T6491] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 142.179245][ T6491] netdevsim netdevsim1 netdevsim0: entered allmulticast mode [ 145.798731][ T6540] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 145.817603][ T6540] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 146.569179][ C0] hrtimer: interrupt took 40758 ns [ 147.446503][ T6563] loop0: detected capacity change from 0 to 1024 [ 147.453910][ T6563] EXT4-fs: Ignoring removed orlov option [ 147.619932][ T6563] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 148.073951][ T5841] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 150.059763][ T6595] CIFS mount error: No usable UNC path provided in device string! [ 150.059763][ T6595] [ 150.059979][ T6595] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 150.828024][ T6594] capability: warning: `syz.3.202' uses deprecated v2 capabilities in a way that may be insecure [ 151.378939][ T6600] use of bytesused == 0 is deprecated and will be removed in the future, [ 151.408980][ T6600] use the actual size instead. [ 155.080045][ T5835] Bluetooth: hci4: command 0x0405 tx timeout [ 155.117646][ T6632] overlay: Unknown parameter '/dev/cpu/#/msr' [ 155.741636][ T6641] CIFS mount error: No usable UNC path provided in device string! [ 155.741636][ T6641] [ 155.751902][ T6641] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 156.889397][ T5940] IPVS: starting estimator thread 0... [ 157.079461][ T6658] IPVS: using max 23 ests per chain, 55200 per kthread [ 159.640896][ T6677] [U] „ [ 159.789533][ C1] af_packet: tpacket_rcv: packet too big, clamped from 56 to 4294967272. macoff=96 [ 160.215190][ T6681] cifs: Unknown parameter 'mode' [ 164.473731][ T6723] cifs: Unknown parameter 'mode' [ 165.596861][ T6729] fuse: Bad value for 'fd' [ 167.047305][ T6759] [U] „ [ 167.993153][ T6765] CIFS mount error: No usable UNC path provided in device string! [ 167.993153][ T6765] [ 168.003232][ T6765] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 168.204071][ T6771] warning: `syz.2.257' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 170.529486][ T6801] [U] „ [ 171.663087][ T6802] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 175.288671][ T5940] usb 3-1: new full-speed USB device number 2 using dummy_hcd [ 175.892869][ T6845] netlink: 12 bytes leftover after parsing attributes in process `syz.1.281'. [ 175.915109][ T5940] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 175.954406][ T5940] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 176.885032][ T5940] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 176.894544][ T5940] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 177.213346][ T5940] usb 3-1: usb_control_msg returned -71 [ 177.262808][ T5940] usbtmc 3-1:16.0: can't read capabilities [ 177.845554][ T5940] usb 3-1: USB disconnect, device number 2 [ 182.666595][ T6919] gtp0: entered promiscuous mode [ 186.735639][ T6964] netlink: 8 bytes leftover after parsing attributes in process `syz.4.318'. [ 186.745356][ T6964] netlink: 8 bytes leftover after parsing attributes in process `syz.4.318'. [ 188.765782][ T6981] netlink: 12 bytes leftover after parsing attributes in process `syz.4.321'. [ 189.082704][ T6987] input: syz1 as /devices/virtual/input/input6 [ 189.260091][ T6989] netlink: 68 bytes leftover after parsing attributes in process `syz.0.324'. [ 189.630673][ T6992] cifs: Unknown parameter 'mode' [ 191.965847][ T7003] Illegal XDP return value 2948153837 on prog (id 67) dev syz_tun, expect packet loss! [ 193.166115][ T7013] netlink: 8 bytes leftover after parsing attributes in process `syz.0.331'. [ 193.208961][ T7013] netlink: 8 bytes leftover after parsing attributes in process `syz.0.331'. [ 194.397410][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.404021][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.929332][ T5832] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 195.124851][ T5832] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 195.143048][ T5832] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 195.192035][ T5832] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 195.215831][ T5832] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 195.237604][ T5832] usb 1-1: Product: syz [ 195.255527][ T5832] usb 1-1: Manufacturer: syz [ 195.324679][ T5832] usb 1-1: SerialNumber: syz [ 195.340842][ T5832] usb 1-1: config 0 descriptor?? [ 195.400789][ T5832] usb 1-1: 0:0 : invalid sync pipe. bmAttributes 00, bLength 9, bSynchAddress aa [ 195.794997][ T7048] netlink: 8 bytes leftover after parsing attributes in process `syz.1.343'. [ 196.519795][ T7048] netlink: 8 bytes leftover after parsing attributes in process `syz.1.343'. [ 196.697199][ T5832] usb 1-1: USB disconnect, device number 2 [ 196.910201][ T7062] udevd[7062]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 197.323843][ T7072] gtp0: entered promiscuous mode [ 198.172122][ T7082] netlink: 8 bytes leftover after parsing attributes in process `syz.4.358'. [ 198.203925][ T7082] netlink: 8 bytes leftover after parsing attributes in process `syz.4.358'. [ 199.536889][ T7102] ubi31: attaching mtd0 [ 199.547759][ T7102] ubi31: scanning is finished [ 199.563323][ T7102] ubi31: empty MTD device detected [ 200.224991][ T7102] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 200.276289][ T7102] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 200.290125][ T7102] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 200.297200][ T7102] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 200.312371][ T7102] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 200.359331][ T7102] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 200.453254][ T7102] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 3960038815 [ 200.509416][ T7102] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 200.528806][ T7112] ubi31: background thread "ubi_bgt31d" started, PID 7112 [ 201.397344][ T7124] netlink: 8 bytes leftover after parsing attributes in process `syz.0.369'. [ 201.459595][ T7124] netlink: 8 bytes leftover after parsing attributes in process `syz.0.369'. [ 203.858471][ T7160] netlink: 8 bytes leftover after parsing attributes in process `syz.4.383'. [ 203.868808][ T7160] netlink: 8 bytes leftover after parsing attributes in process `syz.4.383'. [ 205.620941][ T5832] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 205.692788][ T7196] netlink: 8 bytes leftover after parsing attributes in process `syz.3.397'. [ 205.939324][ T5832] usb 2-1: Using ep0 maxpacket: 8 [ 205.954441][ T5832] usb 2-1: config 0 has no interfaces? [ 205.971999][ T5832] usb 2-1: New USB device found, idVendor=04e2, idProduct=1414, bcdDevice=c5.b9 [ 205.981536][ T5832] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 206.895461][ T5832] usb 2-1: Product: syz [ 206.930199][ T5832] usb 2-1: Manufacturer: syz [ 206.934952][ T5832] usb 2-1: SerialNumber: syz [ 206.992368][ T5832] usb 2-1: config 0 descriptor?? [ 207.256564][ T7185] netlink: 'syz.1.393': attribute type 12 has an invalid length. [ 207.396425][ T5832] usb 2-1: USB disconnect, device number 2 [ 210.347875][ T7232] netlink: 8 bytes leftover after parsing attributes in process `syz.1.408'. [ 213.042108][ T7228] Bluetooth: hci0: command 0x0406 tx timeout [ 213.049515][ T7228] Bluetooth: hci1: command 0x0406 tx timeout [ 213.055643][ T7228] Bluetooth: hci2: command 0x0406 tx timeout [ 213.062701][ T7228] Bluetooth: hci3: command 0x0406 tx timeout [ 213.472167][ T7258] gtp0: entered promiscuous mode [ 214.521034][ T7277] netlink: 8 bytes leftover after parsing attributes in process `syz.2.422'. [ 219.625120][ T7333] Bluetooth: MGMT ver 1.23 [ 219.647294][ T7336] Bluetooth: hci0: Opcode 0x0401 failed: -112 [ 221.639452][ T51] Bluetooth: hci0: command 0x0406 tx timeout [ 221.669796][ T5837] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 223.725884][ T5837] Bluetooth: hci0: command 0x0406 tx timeout [ 230.194054][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 232.264083][ T7458] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 232.274602][ T7458] batadv_slave_0: entered promiscuous mode [ 232.280812][ T7458] batadv_slave_0: entered allmulticast mode [ 232.541469][ T7457] nbd: socks must be embedded in a SOCK_ITEM attr [ 232.550357][ T7457] block nbd0: shutting down sockets [ 239.441547][ T7515] netlink: 68 bytes leftover after parsing attributes in process `syz.1.494'. [ 246.481380][ T7569] netlink: 68 bytes leftover after parsing attributes in process `syz.4.512'. [ 254.172388][ T7658] netlink: 68 bytes leftover after parsing attributes in process `syz.3.540'. [ 254.847959][ T30] audit: type=1800 audit(1750548580.350:2): pid=7664 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.542" name="nullb0" dev="tmpfs" ino=635 res=0 errno=0 [ 255.020822][ T7666] netlink: 4 bytes leftover after parsing attributes in process `syz.3.544'. [ 255.808246][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.814865][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 260.714866][ T7734] syz_tun: left allmulticast mode [ 263.020175][ T5888] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 263.692309][ T5888] usb 1-1: config 0 has no interfaces? [ 264.607850][ T5888] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 264.634946][ T5888] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 264.643824][ T5888] usb 1-1: Product: syz [ 264.649293][ T5888] usb 1-1: Manufacturer: syz [ 264.654246][ T5888] usb 1-1: SerialNumber: syz [ 264.685918][ T5888] usb 1-1: config 0 descriptor?? [ 266.523230][ T7791] netlink: 56 bytes leftover after parsing attributes in process `syz.4.588'. [ 267.550744][ T7795] syz_tun: entered allmulticast mode [ 268.109321][ T5837] Bluetooth: hci4: command 0x0405 tx timeout [ 268.521217][ T5904] usb 1-1: USB disconnect, device number 3 [ 268.599625][ T5903] usb 3-1: new full-speed USB device number 3 using dummy_hcd [ 268.830732][ T5903] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 268.916011][ T5903] usb 3-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 268.939221][ T5903] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 268.975671][ T5903] usb 3-1: Product: syz [ 268.985226][ T5903] usb 3-1: Manufacturer: syz [ 269.019175][ T5903] usb 3-1: SerialNumber: syz [ 269.041024][ T5903] usb 3-1: config 0 descriptor?? [ 273.263588][ T7828] syz_tun: left allmulticast mode [ 273.345616][ T5940] usb 3-1: USB disconnect, device number 3 [ 273.486820][ T7849] syz_tun: entered allmulticast mode [ 277.286690][ T7887] input: syz0 as /devices/virtual/input/input7 [ 277.430469][ T7894] unsupported nlmsg_type 40 [ 285.834478][ T7980] syz_tun: entered allmulticast mode [ 292.367496][ T8046] syz_tun: left allmulticast mode [ 296.951642][ T8074] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 300.983080][ T8094] syz.3.677 uses obsolete (PF_INET,SOCK_PACKET) [ 302.021371][ T8099] futex_wake_op: syz.1.683 tries to shift op by -1; fix this program [ 303.568565][ T8115] syz_tun: entered allmulticast mode [ 304.422496][ T8126] cifs: Unknown parameter 'mode' [ 306.302516][ T8144] syz_tun: left allmulticast mode [ 306.879593][ T8151] trusted_key: encrypted_key: master key parameter 'user:' is invalid [ 309.779626][ T8166] CIFS mount error: No usable UNC path provided in device string! [ 309.779626][ T8166] [ 309.789874][ T8166] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 315.815154][ T8216] CIFS mount error: No usable UNC path provided in device string! [ 315.815154][ T8216] [ 315.825342][ T8216] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 317.422756][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.429469][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 321.708974][ T8289] syz.0.741: attempt to access beyond end of device [ 321.708974][ T8289] loop0: rw=4096, sector=2, nr_sectors = 2 limit=0 [ 321.723860][ T8289] EXT4-fs (loop0): unable to read superblock [ 324.062828][ T30] audit: type=1800 audit(1750548649.580:3): pid=8308 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz.3.748" name="/nullb0" dev="devtmpfs" ino=696 res=0 errno=0 [ 324.110368][ T8308] overlayfs: failed to resolve './file1': -2 [ 324.451009][ T8329] overlayfs: failed to clone upperpath [ 326.870162][ T8366] netlink: 4 bytes leftover after parsing attributes in process `syz.1.769'. [ 327.504193][ T6708] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 327.770656][ T6708] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 327.926170][ T6708] usb 2-1: config 0 interface 0 has no altsetting 0 [ 328.066230][ T6708] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 328.102425][ T6708] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 329.696814][ T6708] usb 2-1: Product: syz [ 329.702705][ T6708] usb 2-1: Manufacturer: syz [ 329.707419][ T6708] usb 2-1: SerialNumber: syz [ 329.716077][ T6708] usb 2-1: config 0 descriptor?? [ 330.846471][ T6708] usb 2-1: can't set config #0, error -71 [ 330.878416][ T8413] tipc: Started in network mode [ 330.903712][ T8413] tipc: Node identity fe80000000000000000000000000001, cluster identity 4711 [ 330.933055][ T6708] usb 2-1: USB disconnect, device number 3 [ 330.978260][ T8413] tipc: Enabled bearer , priority 10 [ 331.461734][ T8424] gtp0: entered promiscuous mode [ 333.047827][ T6708] tipc: Node number set to 4269801488 [ 336.324178][ T8428] syz_tun: entered allmulticast mode [ 337.169637][ T5903] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 337.372221][ T5903] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 337.390650][ T5903] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 337.419492][ T5903] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 337.448279][ T5903] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 337.503854][ T5903] usb 1-1: Product: syz [ 337.521044][ T5903] usb 1-1: Manufacturer: syz [ 337.559391][ T5903] usb 1-1: SerialNumber: syz [ 337.586002][ T5903] usb 1-1: config 0 descriptor?? [ 337.616173][ T5903] usb 1-1: 0:0 : invalid sync pipe. bmAttributes 00, bLength 9, bSynchAddress aa [ 337.962903][ T5903] usb 1-1: USB disconnect, device number 4 [ 339.953703][ T8462] netlink: zone id is out of range [ 339.958881][ T8462] netlink: zone id is out of range [ 339.966621][ T8462] netlink: zone id is out of range [ 339.983631][ T8462] netlink: zone id is out of range [ 339.988780][ T8462] netlink: zone id is out of range [ 340.031389][ T8462] netlink: zone id is out of range [ 340.036692][ T8462] netlink: zone id is out of range [ 340.078973][ T8462] netlink: zone id is out of range [ 340.144583][ T8462] netlink: zone id is out of range [ 340.153916][ T8462] netlink: zone id is out of range [ 343.049734][ T848] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 343.275360][ T848] usb 2-1: Using ep0 maxpacket: 16 [ 343.296550][ T848] usb 2-1: config 0 has an invalid interface number: 145 but max is 0 [ 343.329304][ T848] usb 2-1: config 0 has no interface number 0 [ 343.354675][ T848] usb 2-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25 [ 343.374262][ T848] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 343.404673][ T848] usb 2-1: Product: syz [ 343.416666][ T848] usb 2-1: Manufacturer: syz [ 343.428210][ T848] usb 2-1: SerialNumber: syz [ 343.468291][ T848] usb 2-1: config 0 descriptor?? [ 343.494947][ T848] hub 2-1:0.145: bad descriptor, ignoring hub [ 343.539276][ T848] hub 2-1:0.145: probe with driver hub failed with error -5 [ 344.645788][ T848] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.145/input/input8 [ 345.221603][ T848] usb 2-1: USB disconnect, device number 4 [ 358.191055][ C0] net_ratelimit: 506 callbacks suppressed [ 358.191077][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 359.491699][ T848] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 359.659680][ T848] usb 2-1: Using ep0 maxpacket: 16 [ 360.063951][ T848] usb 2-1: unable to get BOS descriptor or descriptor too short [ 360.176160][ T848] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 360.244388][ T848] usb 2-1: can't read configurations, error -71 [ 361.317141][ T8625] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 369.367771][ T5832] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 369.542971][ T5832] usb 1-1: config 0 has no interfaces? [ 369.575353][ T5832] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 369.589162][ T5832] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 369.599271][ T5832] usb 1-1: Product: syz [ 369.603518][ T5832] usb 1-1: Manufacturer: syz [ 369.608264][ T5832] usb 1-1: SerialNumber: syz [ 369.622778][ T5832] usb 1-1: config 0 descriptor?? [ 372.349546][ T8734] cifs: Unknown parameter 'mode' [ 374.058180][ T6708] usb 1-1: USB disconnect, device number 5 [ 375.519563][ T848] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 375.866613][ T848] usb 4-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.05 [ 375.884782][ T848] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 375.894359][ T848] usb 4-1: Product: syz [ 375.898559][ T848] usb 4-1: Manufacturer: syz [ 375.926502][ T848] usb 4-1: SerialNumber: syz [ 375.971593][ T848] usb 4-1: config 0 descriptor?? [ 376.011656][ T848] go7007 4-1:0.0: probe with driver go7007 failed with error -12 [ 376.054177][ T8766] netlink: 24 bytes leftover after parsing attributes in process `syz.0.900'. [ 376.184826][ T51] Bluetooth: hci2: Invalid handle: 0x21e5 > 0x0eff [ 376.235964][ T8766] netlink: 148 bytes leftover after parsing attributes in process `syz.0.900'. [ 376.449318][ T8777] CIFS mount error: No usable UNC path provided in device string! [ 376.449318][ T8777] [ 376.449398][ T8777] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 377.273843][ T848] usb 4-1: USB disconnect, device number 2 [ 377.486108][ T48] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 377.759274][ T48] usb 1-1: Using ep0 maxpacket: 16 [ 377.775114][ T48] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 377.810795][ T48] usb 1-1: New USB device found, idVendor=041e, idProduct=3100, bcdDevice= 0.00 [ 378.081833][ T48] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 378.117928][ T48] usb 1-1: config 0 descriptor?? [ 378.676145][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.684131][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.017964][ T48] input: HID 041e:3100 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:041E:3100.0001/input/input9 [ 379.638146][ T48] creative-sb0540 0003:041E:3100.0001: input,hidraw0: USB HID v0.00 Device [HID 041e:3100] on usb-dummy_hcd.0-1/input0 [ 380.797418][ T48] usb 1-1: USB disconnect, device number 6 [ 381.237710][ T8824] cifs: Unknown parameter 'mode' [ 381.736150][ T8819] fido_id[8819]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 385.380703][ T8866] cifs: Unknown parameter 'mode' [ 385.847853][ T8868] netlink: 8 bytes leftover after parsing attributes in process `syz.3.928'. [ 385.856869][ T8868] netlink: 'syz.3.928': attribute type 30 has an invalid length. [ 385.889721][ T8868] netlink: 8 bytes leftover after parsing attributes in process `syz.3.928'. [ 385.899267][ T8868] netlink: 'syz.3.928': attribute type 30 has an invalid length. [ 385.910571][ T8868] netlink: 'syz.3.928': attribute type 10 has an invalid length. [ 385.934781][ T8868] 8021q: adding VLAN 0 to HW filter on device team0 [ 385.945113][ T8868] team0: entered promiscuous mode [ 385.950435][ T8868] team_slave_0: entered promiscuous mode [ 385.957640][ T8868] team_slave_1: entered promiscuous mode [ 386.052463][ T8868] team0: entered allmulticast mode [ 386.057717][ T8868] team_slave_0: entered allmulticast mode [ 386.063555][ T8868] team_slave_1: entered allmulticast mode [ 386.071542][ T8868] bond0: (slave team0): Enslaving as an active interface with an up link [ 386.105406][ T6307] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 386.134335][ T6307] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 386.174922][ T6307] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 386.244278][ T6307] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 386.454582][ T8868] syz.3.928 (8868) used greatest stack depth: 19344 bytes left [ 387.153494][ T5903] usb 3-1: new full-speed USB device number 4 using dummy_hcd [ 387.319255][ T5903] usb 3-1: device descriptor read/64, error -71 [ 387.701335][ T5903] usb 3-1: new full-speed USB device number 5 using dummy_hcd [ 388.109623][ T5903] usb 3-1: device descriptor read/64, error -71 [ 389.120611][ T5903] usb usb3-port1: attempt power cycle [ 389.513056][ T5903] usb 3-1: new full-speed USB device number 6 using dummy_hcd [ 389.564202][ T8902] CIFS mount error: No usable UNC path provided in device string! [ 389.564202][ T8902] [ 389.574351][ T8902] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 390.240095][ T48] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 390.426672][ T5903] usb 3-1: device descriptor read/8, error -71 [ 390.433405][ T48] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 390.469703][ T48] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 390.509366][ T48] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 390.569866][ T48] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 390.605271][ T48] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 390.777508][ T48] usb 4-1: config 0 descriptor?? [ 392.185194][ T8911] tipc: Started in network mode [ 392.190324][ T8911] tipc: Node identity 42afaff62eaa, cluster identity 4711 [ 392.206483][ T8911] tipc: Enabled bearer , priority 0 [ 392.229028][ T8911] syzkaller0: entered promiscuous mode [ 392.252409][ T8911] syzkaller0: entered allmulticast mode [ 392.305681][ T8911] tipc: Resetting bearer [ 392.458641][ T8911] tipc: Disabling bearer [ 392.718316][ T48] usbhid 4-1:0.0: can't add hid device: -71 [ 392.726254][ T48] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 392.790309][ T48] usb 4-1: USB disconnect, device number 3 [ 397.782145][ T9000] [U] „ [ 400.275143][ T9037] [U] „ [ 403.214064][ T9031] tty tty4: ldisc open failed (-12), clearing slot 3 [ 403.932671][ T9053] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 404.604196][ T9066] raw_sendmsg: syz.4.989 forgot to set AF_INET. Fix it! [ 404.914655][ T9078] [U] „ [ 405.429609][ T9080] netlink: 24 bytes leftover after parsing attributes in process `syz.4.989'. [ 405.469979][ T51] Bluetooth: hci0: command 0x0406 tx timeout [ 405.491585][ T9080] netlink: 24 bytes leftover after parsing attributes in process `syz.4.989'. [ 408.697074][ T9116] [U] „ [ 412.097320][ T9145] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 412.611088][ T9154] openvswitch: netlink: Key 8 has unexpected len 2 expected 40 [ 413.512326][ T51] Bluetooth: hci0: command 0x0406 tx timeout [ 413.677469][ T9157] ================================================================== [ 413.685579][ T9157] BUG: KASAN: slab-use-after-free in do_sync_mmap_readahead+0x4bf/0x830 [ 413.694026][ T9157] Read of size 8 at addr ffff888078d2a690 by task syz.0.1017/9157 [ 413.701834][ T9157] [ 413.704155][ T9157] CPU: 0 UID: 0 PID: 9157 Comm: syz.0.1017 Not tainted 6.16.0-rc2-next-20250620-syzkaller #0 PREEMPT(full) [ 413.704170][ T9157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 413.704177][ T9157] Call Trace: [ 413.704184][ T9157] [ 413.704190][ T9157] dump_stack_lvl+0x189/0x250 [ 413.704210][ T9157] ? __virt_addr_valid+0x1c8/0x5c0 [ 413.704220][ T9157] ? rcu_is_watching+0x15/0xb0 [ 413.704235][ T9157] ? __kasan_check_byte+0x12/0x40 [ 413.704252][ T9157] ? __pfx_dump_stack_lvl+0x10/0x10 [ 413.704266][ T9157] ? rcu_is_watching+0x15/0xb0 [ 413.704280][ T9157] ? lock_release+0x4b/0x3e0 [ 413.704295][ T9157] ? __virt_addr_valid+0x1c8/0x5c0 [ 413.704305][ T9157] ? __virt_addr_valid+0x4a5/0x5c0 [ 413.704314][ T9157] print_report+0xd2/0x2b0 [ 413.704328][ T9157] ? do_sync_mmap_readahead+0x4bf/0x830 [ 413.704340][ T9157] kasan_report+0x118/0x150 [ 413.704356][ T9157] ? do_sync_mmap_readahead+0x4bf/0x830 [ 413.704369][ T9157] do_sync_mmap_readahead+0x4bf/0x830 [ 413.704385][ T9157] ? __pfx_do_sync_mmap_readahead+0x10/0x10 [ 413.704398][ T9157] ? count_memcg_event_mm+0x1d/0x250 [ 413.704410][ T9157] ? count_memcg_event_mm+0x1d/0x250 [ 413.704422][ T9157] filemap_fault+0x62c/0x1200 [ 413.704436][ T9157] ? __pfx_filemap_fault+0x10/0x10 [ 413.704448][ T9157] ? __pfx_filemap_map_pages+0x10/0x10 [ 413.704459][ T9157] ? __handle_mm_fault+0x296f/0x5620 [ 413.704476][ T9157] __do_fault+0x138/0x390 [ 413.704487][ T9157] __handle_mm_fault+0x37ed/0x5620 [ 413.704506][ T9157] ? __pfx___handle_mm_fault+0x10/0x10 [ 413.704523][ T9157] ? follow_page_pte+0x8c0/0x14c0 [ 413.704539][ T9157] handle_mm_fault+0x40a/0x8e0 [ 413.704555][ T9157] __get_user_pages+0x1aef/0x30b0 [ 413.704568][ T9157] ? lockdep_hardirqs_on+0x9c/0x150 [ 413.704586][ T9157] ? __pfx___get_user_pages+0x10/0x10 [ 413.704601][ T9157] populate_vma_page_range+0x29f/0x3a0 [ 413.704615][ T9157] ? __pfx_populate_vma_page_range+0x10/0x10 [ 413.704628][ T9157] ? apply_vma_lock_flags+0x344/0x3c0 [ 413.704641][ T9157] ? down_read+0x1ad/0x2e0 [ 413.704653][ T9157] __mm_populate+0x24c/0x380 [ 413.704666][ T9157] ? __pfx___mm_populate+0x10/0x10 [ 413.704680][ T9157] ? up_write+0x1c4/0x420 [ 413.704691][ T9157] do_mlock+0x625/0x740 [ 413.704705][ T9157] ? __pfx_do_mlock+0x10/0x10 [ 413.704721][ T9157] ? rcu_is_watching+0x15/0xb0 [ 413.704737][ T9157] __x64_sys_mlock+0x60/0x70 [ 413.704749][ T9157] do_syscall_64+0xfa/0x3b0 [ 413.704759][ T9157] ? lockdep_hardirqs_on+0x9c/0x150 [ 413.704776][ T9157] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 413.704786][ T9157] ? clear_bhb_loop+0x60/0xb0 [ 413.704798][ T9157] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 413.704808][ T9157] RIP: 0033:0x7fe767d8e929 [ 413.704820][ T9157] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 413.704829][ T9157] RSP: 002b:00007fe768c09038 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 413.704843][ T9157] RAX: ffffffffffffffda RBX: 00007fe767fb6240 RCX: 00007fe767d8e929 [ 413.704851][ T9157] RDX: 0000000000000000 RSI: 0000000000800000 RDI: 0000200000000000 [ 413.704859][ T9157] RBP: 00007fe767e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 413.704866][ T9157] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 413.704873][ T9157] R13: 0000000000000000 R14: 00007fe767fb6240 R15: 00007fff16e93f08 [ 413.704884][ T9157] [ 413.704888][ T9157] [ 414.036995][ T9157] Allocated by task 9156: [ 414.041336][ T9157] kasan_save_track+0x3e/0x80 [ 414.046011][ T9157] __kasan_slab_alloc+0x6c/0x80 [ 414.050871][ T9157] kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 414.056329][ T9157] vm_area_alloc+0x24/0x140 [ 414.060825][ T9157] mmap_region+0xe0d/0x2080 [ 414.065323][ T9157] do_mmap+0xc45/0x10d0 [ 414.069562][ T9157] vm_mmap_pgoff+0x31b/0x4c0 [ 414.074252][ T9157] ksys_mmap_pgoff+0x51f/0x760 [ 414.079005][ T9157] do_syscall_64+0xfa/0x3b0 [ 414.083499][ T9157] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 414.089387][ T9157] [ 414.091723][ T9157] Freed by task 1108: [ 414.095693][ T9157] kasan_save_track+0x3e/0x80 [ 414.100376][ T9157] kasan_save_free_info+0x46/0x50 [ 414.105403][ T9157] __kasan_slab_free+0x62/0x70 [ 414.110352][ T9157] slab_free_after_rcu_debug+0x129/0x2a0 [ 414.115985][ T9157] rcu_core+0xca5/0x1710 [ 414.120267][ T9157] handle_softirqs+0x286/0x870 [ 414.125057][ T9157] __irq_exit_rcu+0xca/0x1f0 [ 414.129675][ T9157] irq_exit_rcu+0x9/0x30 [ 414.133963][ T9157] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 414.139622][ T9157] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 414.145604][ T9157] [ 414.148007][ T9157] Last potentially related work creation: [ 414.153725][ T9157] kasan_save_stack+0x3e/0x60 [ 414.158414][ T9157] kasan_record_aux_stack+0xbd/0xd0 [ 414.163624][ T9157] kmem_cache_free+0x2f6/0x400 [ 414.168390][ T9157] vms_complete_munmap_vmas+0x626/0x8a0 [ 414.173934][ T9157] mmap_region+0x1221/0x2080 [ 414.178528][ T9157] do_mmap+0xc45/0x10d0 [ 414.182683][ T9157] vm_mmap_pgoff+0x31b/0x4c0 [ 414.187281][ T9157] ksys_mmap_pgoff+0x587/0x760 [ 414.192048][ T9157] do_syscall_64+0xfa/0x3b0 [ 414.196551][ T9157] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 414.202442][ T9157] [ 414.204763][ T9157] The buggy address belongs to the object at ffff888078d2a640 [ 414.204763][ T9157] which belongs to the cache vm_area_struct of size 256 [ 414.219074][ T9157] The buggy address is located 80 bytes inside of [ 414.219074][ T9157] freed 256-byte region [ffff888078d2a640, ffff888078d2a740) [ 414.232783][ T9157] [ 414.235103][ T9157] The buggy address belongs to the physical page: [ 414.241514][ T9157] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78d2a [ 414.250285][ T9157] memcg:ffff888078d05601 [ 414.254524][ T9157] ksm flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 414.261989][ T9157] page_type: f5(slab) [ 414.265976][ T9157] raw: 00fff00000000000 ffff88801bad4b40 ffffea0001f70940 dead000000000003 [ 414.274641][ T9157] raw: 0000000000000000 00000000000c000c 00000000f5000000 ffff888078d05601 [ 414.283216][ T9157] page dumped because: kasan: bad access detected [ 414.289624][ T9157] page_owner tracks the page as allocated [ 414.295330][ T9157] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5735, tgid 5735 (cmp), ts 71468360489, free_ts 27878803902 [ 414.313904][ T9157] post_alloc_hook+0x240/0x2a0 [ 414.318673][ T9157] get_page_from_freelist+0x21e4/0x22c0 [ 414.324224][ T9157] __alloc_frozen_pages_noprof+0x181/0x370 [ 414.330026][ T9157] alloc_pages_mpol+0x232/0x4a0 [ 414.334885][ T9157] allocate_slab+0x8a/0x370 [ 414.339395][ T9157] ___slab_alloc+0xbeb/0x1410 [ 414.344071][ T9157] kmem_cache_alloc_noprof+0x283/0x3c0 [ 414.349530][ T9157] vm_area_dup+0x2b/0x680 [ 414.353872][ T9157] __split_vma+0x1a9/0xa00 [ 414.358303][ T9157] vms_gather_munmap_vmas+0x2de/0x12b0 [ 414.363768][ T9157] mmap_region+0x71a/0x2080 [ 414.368284][ T9157] do_mmap+0xc45/0x10d0 [ 414.372451][ T9157] vm_mmap_pgoff+0x31b/0x4c0 [ 414.377051][ T9157] ksys_mmap_pgoff+0x51f/0x760 [ 414.381814][ T9157] do_syscall_64+0xfa/0x3b0 [ 414.386342][ T9157] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 414.392239][ T9157] page last free pid 1 tgid 1 stack trace: [ 414.398039][ T9157] __free_frozen_pages+0xc71/0xe70 [ 414.403145][ T9157] free_contig_range+0x1bd/0x4a0 [ 414.408081][ T9157] destroy_args+0x7e/0x5d0 [ 414.412500][ T9157] debug_vm_pgtable+0x412/0x450 [ 414.417349][ T9157] do_one_initcall+0x233/0x820 [ 414.422108][ T9157] do_initcall_level+0x137/0x1f0 [ 414.427042][ T9157] do_initcalls+0x69/0xd0 [ 414.431365][ T9157] kernel_init_freeable+0x3d9/0x570 [ 414.436559][ T9157] kernel_init+0x1d/0x1d0 [ 414.440889][ T9157] ret_from_fork+0x3fc/0x770 [ 414.445483][ T9157] ret_from_fork_asm+0x1a/0x30 [ 414.450253][ T9157] [ 414.452672][ T9157] Memory state around the buggy address: [ 414.458305][ T9157] ffff888078d2a580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 414.466532][ T9157] ffff888078d2a600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 414.474592][ T9157] >ffff888078d2a680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 414.482649][ T9157] ^ [ 414.487259][ T9157] ffff888078d2a700: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 414.495322][ T9157] ffff888078d2a780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 414.503375][ T9157] ================================================================== [ 414.511577][ C0] vkms_vblank_simulate: vblank timer overrun [ 414.639646][ T9157] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 414.646913][ T9157] CPU: 1 UID: 0 PID: 9157 Comm: syz.0.1017 Not tainted 6.16.0-rc2-next-20250620-syzkaller #0 PREEMPT(full) [ 414.658825][ T9157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 414.668890][ T9157] Call Trace: [ 414.672177][ T9157] [ 414.675114][ T9157] dump_stack_lvl+0x99/0x250 [ 414.679720][ T9157] ? __asan_memcpy+0x40/0x70 [ 414.684338][ T9157] ? __pfx_dump_stack_lvl+0x10/0x10 [ 414.689566][ T9157] ? __pfx__printk+0x10/0x10 [ 414.694184][ T9157] panic+0x2db/0x790 [ 414.698139][ T9157] ? __pfx_panic+0x10/0x10 [ 414.702574][ T9157] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 414.708566][ T9157] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 414.715072][ T9157] ? print_memory_metadata+0x314/0x400 [ 414.720537][ T9157] ? do_sync_mmap_readahead+0x4bf/0x830 [ 414.726085][ T9157] check_panic_on_warn+0x89/0xb0 [ 414.731026][ T9157] ? do_sync_mmap_readahead+0x4bf/0x830 [ 414.736584][ T9157] end_report+0x78/0x160 [ 414.740925][ T9157] kasan_report+0x129/0x150 [ 414.745437][ T9157] ? do_sync_mmap_readahead+0x4bf/0x830 [ 414.750984][ T9157] do_sync_mmap_readahead+0x4bf/0x830 [ 414.756360][ T9157] ? __pfx_do_sync_mmap_readahead+0x10/0x10 [ 414.762339][ T9157] ? count_memcg_event_mm+0x1d/0x250 [ 414.767634][ T9157] ? count_memcg_event_mm+0x1d/0x250 [ 414.772924][ T9157] filemap_fault+0x62c/0x1200 [ 414.777606][ T9157] ? __pfx_filemap_fault+0x10/0x10 [ 414.782810][ T9157] ? __pfx_filemap_map_pages+0x10/0x10 [ 414.788269][ T9157] ? __handle_mm_fault+0x296f/0x5620 [ 414.793562][ T9157] __do_fault+0x138/0x390 [ 414.797891][ T9157] __handle_mm_fault+0x37ed/0x5620 [ 414.803014][ T9157] ? __pfx___handle_mm_fault+0x10/0x10 [ 414.808490][ T9157] ? follow_page_pte+0x8c0/0x14c0 [ 414.813529][ T9157] handle_mm_fault+0x40a/0x8e0 [ 414.818302][ T9157] __get_user_pages+0x1aef/0x30b0 [ 414.823329][ T9157] ? lockdep_hardirqs_on+0x9c/0x150 [ 414.828633][ T9157] ? __pfx___get_user_pages+0x10/0x10 [ 414.834020][ T9157] populate_vma_page_range+0x29f/0x3a0 [ 414.839487][ T9157] ? __pfx_populate_vma_page_range+0x10/0x10 [ 414.845466][ T9157] ? apply_vma_lock_flags+0x344/0x3c0 [ 414.850845][ T9157] ? down_read+0x1ad/0x2e0 [ 414.855349][ T9157] __mm_populate+0x24c/0x380 [ 414.859937][ T9157] ? __pfx___mm_populate+0x10/0x10 [ 414.865054][ T9157] ? up_write+0x1c4/0x420 [ 414.869385][ T9157] do_mlock+0x625/0x740 [ 414.873553][ T9157] ? __pfx_do_mlock+0x10/0x10 [ 414.878245][ T9157] ? rcu_is_watching+0x15/0xb0 [ 414.883050][ T9157] __x64_sys_mlock+0x60/0x70 [ 414.887643][ T9157] do_syscall_64+0xfa/0x3b0 [ 414.892147][ T9157] ? lockdep_hardirqs_on+0x9c/0x150 [ 414.897340][ T9157] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 414.903410][ T9157] ? clear_bhb_loop+0x60/0xb0 [ 414.908085][ T9157] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 414.914152][ T9157] RIP: 0033:0x7fe767d8e929 [ 414.918568][ T9157] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 414.938173][ T9157] RSP: 002b:00007fe768c09038 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 414.946591][ T9157] RAX: ffffffffffffffda RBX: 00007fe767fb6240 RCX: 00007fe767d8e929 [ 414.954561][ T9157] RDX: 0000000000000000 RSI: 0000000000800000 RDI: 0000200000000000 [ 414.962586][ T9157] RBP: 00007fe767e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 414.970558][ T9157] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 414.978534][ T9157] R13: 0000000000000000 R14: 00007fe767fb6240 R15: 00007fff16e93f08 [ 414.986594][ T9157] [ 414.989965][ T9157] Kernel Offset: disabled [ 414.994284][ T9157] Rebooting in 86400 seconds..