last executing test programs: 2m5.260026669s ago: executing program 2 (id=520): r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, 0x0) sendmsg$NL80211_CMD_DEL_NAN_FUNCTION(0xffffffffffffffff, 0x0, 0x11) syz_genetlink_get_family_id$team(0x0, r1) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010100000000000000008100000008000300", @ANYRES32=r3, @ANYBLOB="0a0006000802110000010000060066008e8800004a0033"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 1m41.899061599s ago: executing program 2 (id=520): r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, 0x0) sendmsg$NL80211_CMD_DEL_NAN_FUNCTION(0xffffffffffffffff, 0x0, 0x11) syz_genetlink_get_family_id$team(0x0, r1) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010100000000000000008100000008000300", @ANYRES32=r3, @ANYBLOB="0a0006000802110000010000060066008e8800004a0033"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 1m23.270038057s ago: executing program 2 (id=520): r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, 0x0) sendmsg$NL80211_CMD_DEL_NAN_FUNCTION(0xffffffffffffffff, 0x0, 0x11) syz_genetlink_get_family_id$team(0x0, r1) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010100000000000000008100000008000300", @ANYRES32=r3, @ANYBLOB="0a0006000802110000010000060066008e8800004a0033"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 1m10.183009762s ago: executing program 2 (id=520): r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, 0x0) sendmsg$NL80211_CMD_DEL_NAN_FUNCTION(0xffffffffffffffff, 0x0, 0x11) syz_genetlink_get_family_id$team(0x0, r1) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010100000000000000008100000008000300", @ANYRES32=r3, @ANYBLOB="0a0006000802110000010000060066008e8800004a0033"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 55.026321429s ago: executing program 2 (id=520): r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, 0x0) sendmsg$NL80211_CMD_DEL_NAN_FUNCTION(0xffffffffffffffff, 0x0, 0x11) syz_genetlink_get_family_id$team(0x0, r1) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010100000000000000008100000008000300", @ANYRES32=r3, @ANYBLOB="0a0006000802110000010000060066008e8800004a0033"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 33.318753811s ago: executing program 2 (id=520): r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, 0x0) sendmsg$NL80211_CMD_DEL_NAN_FUNCTION(0xffffffffffffffff, 0x0, 0x11) syz_genetlink_get_family_id$team(0x0, r1) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010100000000000000008100000008000300", @ANYRES32=r3, @ANYBLOB="0a0006000802110000010000060066008e8800004a0033"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 7.561100776s ago: executing program 4 (id=2347): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000800)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000060a0b040000000000000000020000000900010073797a30000000000900020073797a320000000014000000110001"], 0x54}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_DELRULE={0x38, 0x6, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x6}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x60}, 0x1, 0x0, 0x0, 0x4040010}, 0x0) 6.884034255s ago: executing program 1 (id=2348): keyctl$KEYCTL_PKEY_VERIFY(0x1c, &(0x7f0000000280)={0x0, 0x6e, 0xf6}, &(0x7f0000000440)={'enc=', 'pkcs1', ' hash=', {'blake2s-256-arm\x00'}}, &(0x7f0000000500)="04600eb5122eab350e13d0f69191ce0495036eb278d25fba08cfe2248877119cc87cc81610e9f37ace91efbee7876c4bd848ef9c534a87abdff9f0d45d07a1f50458bc50b38ce2b23780126a003dfa6d82b29ac90067a2241d7baa930e5e6b670cad5c670ab534fbc8af4831b9a6", &(0x7f0000000580)="8155e18a4af8d89cdb96e186c333c7221b1fd273fa2cde2ad135de5ba46d28dfd95dbf26ef8ee196047ae811fb14294eca7c2f0c402eac363b6a4e663a9f1360ce726a10543c5e95b653360a78ab41a84d3b8c42d2dbec71fdf81c019ac41106d5d36359817b636d2cd9813229b7f4c902c18e13dcde2dea72a7fc0c9ba10c174c24df0bfab5a14d0c0828a654dd1dc0113fcc6c79d2b75bd4b77f9947fc5c06b7e690de5bf5dc5f894a2fb6f90e094fe1fc3ef17a1f6c61153c4ee57544642664ea2ea6e3492ceac5cd93deeff7fcfa595cb1413794e15e358125010b39e253facfd722382bd66c329864b9d7cc561c8aefa5252613") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000380)=0x20000, 0x4) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_ext={0x1c, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x1f075, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x10000}, 0x94) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r2) ptrace$setregs(0xd, r2, 0x80000001, &(0x7f00000003c0)) ptrace$getregset(0x4205, r2, 0x1, &(0x7f0000000080)={&(0x7f0000019580)=""/120, 0x78}) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f0000000100)={&(0x7f0000000000)=""/5, 0x204000, 0x1000}, 0x20) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00'}) setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f0000000040)=0x4000, 0x4) setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f0000000200)=0x34010, 0x4) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x2, 0x0, 0x7fff0000}]}) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b40)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}], {0x14}}, 0x64}}, 0x0) sendmsg$NFT_MSG_GETOBJ(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)={0x14, 0x15, 0xa, 0x201, 0x0, 0x0, {0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x20008880}, 0x24000898) close_range(r4, 0xffffffffffffffff, 0x0) r7 = socket$qrtr(0x2a, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r7, 0x8914, &(0x7f0000000140)={'virt_wifi0\x00', 0x1}) 6.772145089s ago: executing program 4 (id=2349): syz_usb_connect(0x5, 0x24, &(0x7f0000001280)={{0x12, 0x1, 0x300, 0x0, 0x1f, 0x66, 0x8, 0x58f, 0x6610, 0x4805, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x4, 0x95, 0x70, 0x81, [{{0x9, 0x4, 0x0, 0x81, 0x0, 0xff, 0xff, 0xff, 0x2}}]}}]}}, &(0x7f0000001700)={0xffffffa0, 0x0, 0x0, 0x0, 0x23}) r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) signalfd(r0, &(0x7f00000000c0)={[0x8]}, 0x8) r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) ioctl$I2C_RDWR(r1, 0x707, &(0x7f00000001c0)={&(0x7f0000001200)=[{0x8000, 0x7001, 0x0, 0x0}, {0xc00, 0x8a10, 0x0, 0x0}], 0x2}) 5.785254555s ago: executing program 1 (id=2351): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r0, &(0x7f0000000e80)=[{{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f00000006c0)="0d18", 0x2}], 0x1}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000001800)="353a35d6094e4ee7d764b6993f65136c5d6b84d9b1324a0b25e094700c9a66f9181738098f32e3e48859c3878d53a9752474da0d6af299d849d48f2fa2c8c807d7a1521da940585790ff1e6f9da83e32b751d1af9cfac640c1361f5ae8b99c187dafe9ea854120f6eaab11e7fdeb3f2152ebdbc21520ca01f64bb821576deef4ed6696cdddc1768b5b4fbd68a687cb6ba52ecf5cc6f8f05062f26de19d6aaaeb6cbca00e46685f77d2b3e8dd9d0d099e799cd5a76c67ab283f790366f7f744508edc9e48fa101b89215bd330c4e706c1f09d781a5a50aef5e424a7a88b3241a338ca7411cda28aa167b5628b79e8a7d588efb69636181b9c54f6d296386c95f8a08e27d5792dcb20fa3b5b4f60c71f310b31bb1ab4a825c2dc10fac150a17d92bb51849d9eea53c78d427d8d1036dc906084046fcae09499c220ef50c2c7c475f392bc288eb5efb8032d1ade92e88e50a05a95dd5c6cbbdfb086fa53bca14d40c8c3f7149b39b16b7c7370978389366174db5fbc99dbe958f8c1690cd695dfbe6c384162a412c8d3cfd7cf223f9df4c67b92514111891f53d4e19826797302e1a87e7a627c52740bb3bd311771a68d349c0a68ef6f2a765f8220323add67b2b6695ca41adcda387a4264bcd94c8578a9ccca3b55ebcda45369b56068cfeec34abc2cbd94b9b12d057fa9d4328d57073f40e5ae64443e4a10ed400575bbd1168a170a0134b9ad28735dbd9603a9e417cce864f2141a92f57e1fdfcff4776f94a794d6db8d3e9e0ecc783956c7ab15a8d5639d3df1ac9da6057af913a563bd55b657f37cbf4cae2919aea6ff8a748eb4c036361b8866cc062bbad019f43d02b0c38bd6309f2baa53924466203ab8d00daaac4c9da846e645d64c10e47c32e9824e79ade4eeee7cbf71b1bb48f760800b04334745ab553dea12a85f0671eb07a4cc67ceaffa8269e0b052f25136cfb8a6b9327a2d165c42933642d3171ad00ebf0be485f5ed319021600a94072f251c8905a2451eba3ba7db2ec5fb8613463a796610629719166259ffa3261e06f09b5a69798b88848da9028ff7ed8a729c384374fc", 0x301}], 0x1}}], 0x3, 0x0) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 5.732145966s ago: executing program 0 (id=2352): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, r1) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, 0x0, 0x0) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'geneve0\x00'}}, 0x1e) r3 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r3, &(0x7f0000000000)={0x18, 0x0, {0xfffe, @local, 'geneve1\x00'}}, 0x1e) r4 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r4, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'veth0_virt_wifi\x00'}}, 0x1e) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x40800) r5 = openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$PPPIOCATTCHAN(r5, 0x40047438, &(0x7f0000000040)=0x2) ioctl$PPPIOCBRIDGECHAN(r5, 0x40047435, &(0x7f0000000100)=0x87a) 5.686619759s ago: executing program 1 (id=2353): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000006c0)=@newtaction={0x5c, 0x32, 0x871a15abc695fa3d, 0x0, 0x0, {}, [{0x48, 0x1, [@m_pedit={0x44, 0x1, 0x0, 0x0, {{0xa}, {0x4}, {0x16, 0x6, "a9801ff5b462e221a5a44bc0b71de8637ed1"}, {0xc}, {0xc}}}]}]}, 0x5c}}, 0x0) 5.602770989s ago: executing program 0 (id=2354): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000040)={'veth1_to_team\x00', 0x0}) r5 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r5, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r5, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f0000000040), 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r5, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000200), 0x4, r6}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_ATOMIC(r5, 0xc03864bc, &(0x7f0000000500)={0x200, 0x1, &(0x7f0000000180)=[r8], &(0x7f0000000200), &(0x7f0000000580)=[r7], &(0x7f0000000040)}) 5.520128526s ago: executing program 1 (id=2355): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x804e20}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r6 = syz_io_uring_setup(0x9e, &(0x7f0000000000)={0x0, 0x5867, 0x10, 0xfffffffc, 0x24d}, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) io_uring_enter(r6, 0x100847c0, 0xfffffffc, 0x1, 0x0, 0x0) mkdir(&(0x7f0000001c00)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x800400, &(0x7f0000000100)={[{@usrquota}, {@usrquota_block_hardlimit={'usrquota_block_hardlimit', 0x3d, [0x38]}}]}) chown(&(0x7f0000000240)='./file0\x00', 0xee00, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x4000850) ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000001ec0), 0xffffffffffffffff) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000) 4.688198703s ago: executing program 3 (id=2356): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000380)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000002b80)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0, 0x0, 0x5}, 0x18) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000009000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r3}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x22051, r1, 0x0) 4.494688402s ago: executing program 0 (id=2357): openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_trace_dev_match', 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000340)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80383, 0x0) close_range(r4, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0) r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) lseek(0xffffffffffffffff, 0x2000, 0x4) ioctl$SNDCTL_SEQ_TESTMIDI(r5, 0x40045108, &(0x7f0000000280)=0x4) mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(0xffffffffffffffff, &(0x7f0000004200)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000040)={0x50, 0x0, r6, {0x7, 0x1f}}, 0x50) acct(&(0x7f00000001c0)='./file0\x00') acct(0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) 4.443082181s ago: executing program 1 (id=2358): r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000001700), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000000)={0x0, "f3c492eb0165203d36bec7080089b42c000004002231a110000000005900"}) 4.397944787s ago: executing program 3 (id=2359): syz_genetlink_get_family_id$smc(&(0x7f0000000040), 0xffffffffffffffff) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1e, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='fib_table_lookup\x00', r2}, 0x10) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000280)={'wg2\x00'}) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='fib_table_lookup\x00', r3}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000040)={'wg2\x00', @multicast}) 4.182477947s ago: executing program 1 (id=2360): add_key$keyring(&(0x7f0000000000), 0x0, 0x0, 0x0, 0xfffffffffffffffe) mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) socket$kcm(0x21, 0x5, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x844}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5d4c29221000010400000000fcdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="0000000000140000240012800b00010065727370616e00001400028005001600020000000600030030000000"], 0x44}, 0x1, 0x0, 0x0, 0x5}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0xfffffffd, @local, 0x2}, 0x1c) sendmmsg$inet6(r4, &(0x7f0000003cc0), 0x0, 0x4001c00) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/profiling', 0xa0042, 0x0) r6 = fsopen(&(0x7f00000000c0)='ubifs\x00', 0x0) write$tcp_mem(r5, &(0x7f0000000280)={0x11, 0x2d, 0x0, 0x3a, 0xfffffffffffffffe, 0x2c}, 0x48) getsockopt$inet6_tcp_buf(r5, 0x6, 0xd, 0x0, &(0x7f0000000280)) close(r6) execve(&(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000500)={[0x0, &(0x7f0000000540)=' T\xfc\x81\x8e\x9f5\x0e \x043[B\xad\x13\x9f\xae\x8f\xbb\x9a\x0f\x9f\x13\xa5\xfc9\xbb\xa4.\xf4\xeb\x03\xf1\xb6\x8c\xc4E\x93\n&k\xec\xc8\\h\xd6\x1e\xcb\fA\\da/O\xdcn7\x1b@\xbf\xfb\x17J\xaaD\xe4\x01\xbc\xdc\n\x88\xfc\xcci\xc1\xe8\xf8\x1e6&\bE\x8f\x9b\xc6\x8d0\xa7 -\xecC8O*7\xfa&\xf9\aC\xab\x03g\x06\xda\x8c)\xae\xe3\x16\x9dz\x87\xd6OZX\xa4\xee\xa7\xebe\x14Qp\x96\x00\xd0VK\xe2$i\xd4\xcb-\xd4\x82w\x13\x98\xfcW\x9d\xff\xed\xd4\x14;]\xf8\xccS\xddl\x96v\x97\x988\xa7sQ\x1aN\xbdU.\x89\\\xfa\xc2\xcd\xde', &(0x7f0000000100)='security.', 0x0, 0x0, 0x0]}) socket$kcm(0x10, 0x2, 0x0) 3.773173717s ago: executing program 0 (id=2361): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc0}, 0x3a85ef35342a412e) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000240)={[0x74, 0x5, 0x6f8d8e6f, 0x4000000000, 0x6, 0x2, 0x1041, 0x4, 0x0, 0x32a, 0xfffffffffffffffe, 0xffffffff, 0x1, 0x9, 0x800005, 0x6a], 0x1, 0x1000d6}) ioctl$sock_SIOCSIFBR(0xffffffffffffffff, 0x890c, &(0x7f0000000000)=@add_del={0x2, 0x0}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3.575780347s ago: executing program 4 (id=2362): r0 = socket$inet_sctp(0x2, 0x5, 0x84) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) sendto$inet(r0, &(0x7f0000000300)="ab", 0x1, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10) sendmsg$inet_sctp(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000100)="8a", 0x1}], 0x1, &(0x7f0000000080)=ANY=[@ANYBLOB="20000000000000008400000002000000000041000900000000000002", @ANYRES32=0x0, @ANYBLOB='0\x00\x00'], 0x50}, 0x0) 3.57418801s ago: executing program 3 (id=2363): syz_usb_connect(0x6, 0x24, &(0x7f0000000800)={{0x12, 0x1, 0x110, 0x44, 0xbc, 0x2a, 0x20, 0x45e, 0x723, 0xb610, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x1, 0x3, 0x40, 0x5, [{{0x9, 0x4, 0x7c, 0x0, 0x0, 0xe, 0x1, 0x0, 0x2}}]}}]}}, 0x0) r0 = socket$inet6(0xa, 0x802, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x45, &(0x7f0000000700)="ff02810900000000000000000000e6e5846bc8cf97f1c330227275b706fdbc39b522caa330066e8f418749264fbbcdfdbefacd34e4f62701db04000000db442ef040d8b4b638c81ce2c16888f5769f7645439d4e7161b304efa3525b3aff2be069bb37007cb61c08b1b3dd3be806080d8f5e357dc4e3988816bd507de41c253793f74e5153a4898943594f0945987957a714dac1ac17dd883701ec03e3e26c7cb584aeebc6511dde9b3c46e10aa6bc", 0xaf) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x85, 0x85, 0x3, [@const={0xe, 0x0, 0x0, 0xa, 0x4}, @ptr={0x2}, @datasec={0x6, 0x4, 0x0, 0xf, 0x1, [{0x4, 0x9, 0x4}, {0x4, 0xffffffff, 0x5}, {0x3, 0x5, 0x3}, {0x5, 0xd, 0x8}], 'k'}, @enum64={0x5, 0x3, 0x0, 0x13, 0x0, 0x5, [{0xa, 0x7, 0x4}, {0x2, 0x2, 0x5}, {0x4, 0x2, 0x3}]}]}, {0x0, [0x0]}}, &(0x7f00000000c0)=""/115, 0xa3, 0x73, 0x0, 0x5b}, 0x28) recvmmsg(r2, &(0x7f0000000480), 0x400034f, 0x2, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040), 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair(0x18, 0x0, 0x2, &(0x7f0000000000)) syz_emit_ethernet(0x0, 0x0, 0x0) sendmmsg$inet6(r0, &(0x7f0000002940)=[{{0x0, 0x57, 0x0}}], 0x62, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='ns\x00') r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000a00)={0x1c, r6, 0x9c3fa077fa966179, 0x4, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) 3.285122877s ago: executing program 0 (id=2364): prctl$PR_SET_NAME(0xf, &(0x7f00000001c0)='w\xde\xa3\x05\xff\a\x00\x00\x00\x00\x00\x00\x8f\xc0\x9b\x86\xef\\\xc0\x89\av\x9f\xd6\xd1\x98<\xc8\x18E/\x8c\x1a\xe3\xbd') r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000014c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) socket$netlink(0x10, 0x3, 0x5) connect$unix(r4, &(0x7f0000001680)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='sched_switch\x00', r3, 0x0, 0x415}, 0x18) unshare(0x64000600) bpf$MAP_CREATE(0x0, 0x0, 0x48) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140100002800010004000000fcdbdf"], 0x114}], 0x1, 0x0, 0x0, 0x5}, 0x40) 2.544660111s ago: executing program 3 (id=2365): socket$nl_generic(0x10, 0x3, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(0xffffffffffffffff, 0x133d, 0x0, 0x8, 0x0, 0x0) io_uring_register$IORING_REGISTER_SYNC_CANCEL(0xffffffffffffffff, 0x18, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x1, {0x6, 0x6d4}, 0xf0}, 0x1) 1.350073845s ago: executing program 4 (id=2366): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'virt_wifi0\x00'}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_JOIN_OCB(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x24004015}, 0x44044) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) lsetxattr$security_evm(&(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="1ea2c2830000070000"], 0x9, 0x1) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000200), 0x101000, 0x0) ioctl$BLKREPORTZONE(r4, 0xc0101282, &(0x7f0000000340)={0x6, 0x4, 0x0, [{0x8, 0xcbc, 0x1000000100000000, 0x67, 0x7, 0x4b, 0x6, '\x00', 0xa}, {0x8, 0x2, 0x1, 0x4, 0x6, 0x0, 0x7f, '\x00', 0x3ac8}, {0x11, 0x37, 0x2, 0x6, 0x0, 0x7, 0x7, '\x00', 0x6}, {0xac, 0x76, 0x7, 0x4, 0x9, 0x6, 0x2f, '\x00', 0x5}]}) 1.284189073s ago: executing program 3 (id=2367): socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) socket(0x400000000010, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x3, 0x0, 0x3, 0x1}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x90) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0), 0x50) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r0, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70) 338.598758ms ago: executing program 4 (id=2368): r0 = socket(0x2, 0x80805, 0x0) sendmmsg$inet(r0, &(0x7f00000009c0)=[{{&(0x7f0000000040)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x38}}, 0x10, &(0x7f0000000380)=[{&(0x7f00000003c0)="47e9", 0x2}], 0x1}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000880)=ANY=[], 0x10}}], 0x2, 0x4000000) 110.120587ms ago: executing program 0 (id=2369): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x68942, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r3, 0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 125.283碌s ago: executing program 3 (id=2370): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="020000000400000005000000aa"], 0x50) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r0}, 0x38) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfdef) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 0s ago: executing program 4 (id=2371): r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000001700), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000000)={0x0, "f3c492eb0165203d36bec7080089b42c000004002231a110000000005900"}) kernel console output (not intermixed with test programs): (slave bond_slave_0): Releasing backup interface [ 379.246484][ T66] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 379.258030][ T66] bond0 (unregistering): Released all slaves [ 380.629239][ T9640] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1175'. [ 381.205520][ T66] hsr_slave_0: left promiscuous mode [ 381.331550][ T66] hsr_slave_1: left promiscuous mode [ 381.430270][ T66] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 381.520208][ T66] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 381.630586][ T66] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 381.720105][ T66] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 381.896791][ T66] veth1_macvtap: left promiscuous mode [ 381.937513][ T66] veth0_macvtap: left promiscuous mode [ 382.000725][ T66] veth1_vlan: left promiscuous mode [ 382.088970][ T66] veth0_vlan: left promiscuous mode [ 383.354407][ T30] kauditd_printk_skb: 5 callbacks suppressed [ 383.354428][ T30] audit: type=1326 audit(1751401177.493:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9647 comm="syz.0.1180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf13f8e929 code=0x7ffc0000 [ 384.344174][ T30] audit: type=1326 audit(1751401177.503:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9647 comm="syz.0.1180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf13f8e929 code=0x7ffc0000 [ 384.509830][ T30] audit: type=1326 audit(1751401177.503:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9647 comm="syz.0.1180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fdf13f8d290 code=0x7ffc0000 [ 384.567812][ T30] audit: type=1326 audit(1751401177.503:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9647 comm="syz.0.1180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fdf13f90157 code=0x7ffc0000 [ 384.812461][ T5826] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 384.823044][ T5826] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 384.831158][ T5826] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 384.839315][ T5826] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 384.847685][ T5826] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 385.364896][ T30] audit: type=1326 audit(1751401177.503:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9647 comm="syz.0.1180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fdf13f8e929 code=0x7ffc0000 [ 385.492471][ T30] audit: type=1326 audit(1751401177.503:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9647 comm="syz.0.1180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fdf13f90157 code=0x7ffc0000 [ 385.515604][ T30] audit: type=1326 audit(1751401177.503:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9647 comm="syz.0.1180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fdf13f8d58a code=0x7ffc0000 [ 385.554351][ T30] audit: type=1326 audit(1751401177.503:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9647 comm="syz.0.1180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf13f8e929 code=0x7ffc0000 [ 385.585032][ T30] audit: type=1326 audit(1751401177.503:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9647 comm="syz.0.1180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf13f8e929 code=0x7ffc0000 [ 385.610667][ T30] audit: type=1326 audit(1751401177.503:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9647 comm="syz.0.1180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7fdf13f8e929 code=0x7ffc0000 [ 385.611083][ T9668] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1183'. [ 385.941391][ T66] team0 (unregistering): Port device team_slave_1 removed [ 385.975728][ T66] team0 (unregistering): Port device team_slave_0 removed [ 386.367680][ T9665] netlink: 200 bytes leftover after parsing attributes in process `syz.1.1183'. [ 386.449679][ T9656] lo speed is unknown, defaulting to 1000 [ 386.812636][ T9700] netlink: 5 bytes leftover after parsing attributes in process `syz.0.1197'. [ 386.891949][ T9700] 0猉功D: renamed from gretap0 (while UP) [ 386.941231][ T9700] 0猉功D: entered allmulticast mode [ 386.976919][ T9700] A link change request failed with some changes committed already. Interface 30猉功D may have been left with an inconsistent configuration, please check. [ 387.115363][ T9709] netlink: 200 bytes leftover after parsing attributes in process `syz.1.1201'. [ 387.134241][ T9709] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1201'. [ 387.377361][ T9656] chnl_net:caif_netlink_parms(): no params data found [ 387.387084][ T9718] xt_hashlimit: size too large, truncated to 1048576 [ 387.591141][ T5826] Bluetooth: hci4: command tx timeout [ 387.949238][ T9656] bridge0: port 1(bridge_slave_0) entered blocking state [ 387.992975][ T9656] bridge0: port 1(bridge_slave_0) entered disabled state [ 388.042167][ T9656] bridge_slave_0: entered allmulticast mode [ 388.082062][ T9656] bridge_slave_0: entered promiscuous mode [ 388.118361][ T9656] bridge0: port 2(bridge_slave_1) entered blocking state [ 388.175074][ T9656] bridge0: port 2(bridge_slave_1) entered disabled state [ 388.202995][ T9656] bridge_slave_1: entered allmulticast mode [ 388.242180][ T9656] bridge_slave_1: entered promiscuous mode [ 388.388491][ T9656] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 388.431384][ T9656] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 388.545051][ T9656] team0: Port device team_slave_0 added [ 388.557917][ T9656] team0: Port device team_slave_1 added [ 388.568645][ T9754] netlink: 80 bytes leftover after parsing attributes in process `syz.4.1217'. [ 388.678518][ T9756] netlink: 200 bytes leftover after parsing attributes in process `syz.0.1218'. [ 388.692729][ T9756] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1218'. [ 388.694203][ T9656] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 388.718993][ T9656] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 388.747341][ T9656] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 388.759935][ T9656] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 388.767940][ T9656] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 388.804093][ T9656] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 388.824049][ T9765] netlink: 188 bytes leftover after parsing attributes in process `syz.3.1222'. [ 388.837680][ T9763] mac80211_hwsim hwsim8 syzkaller0: entered promiscuous mode [ 388.847895][ T9763] mac80211_hwsim hwsim8 syzkaller0: entered allmulticast mode [ 388.953066][ T9656] hsr_slave_0: entered promiscuous mode [ 388.980268][ T9656] hsr_slave_1: entered promiscuous mode [ 389.159037][ T9773] lo speed is unknown, defaulting to 1000 [ 389.281103][ T9783] netlink: 5 bytes leftover after parsing attributes in process `syz.3.1228'. [ 389.359153][ T9783] 0猉功D: renamed from 31猉功D (while UP) [ 389.385546][ T9783] A link change request failed with some changes committed already. Interface 30猉功D may have been left with an inconsistent configuration, please check. [ 389.664837][ T5826] Bluetooth: hci4: command tx timeout [ 390.673001][ T9815] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1239'. [ 390.807333][ T9770] mpoa:mpoad_close: () going down [ 390.848838][ T9819] 0猉功D: renamed from gretap0 (while UP) [ 390.867109][ T9819] 0猉功D: entered allmulticast mode [ 390.873074][ T9819] A link change request failed with some changes committed already. Interface 30猉功D may have been left with an inconsistent configuration, please check. [ 390.932569][ T9828] netlink: 'syz.0.1243': attribute type 64 has an invalid length. [ 390.933311][ T9656] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 391.093543][ T9838] Bluetooth: MGMT ver 1.23 [ 391.385445][ T9656] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 391.397485][ T9656] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 391.498537][ T9656] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 391.693238][ T9656] 8021q: adding VLAN 0 to HW filter on device bond0 [ 391.731428][ T9656] 8021q: adding VLAN 0 to HW filter on device team0 [ 391.738269][ T5826] Bluetooth: hci4: command tx timeout [ 391.756909][ T6382] bridge0: port 1(bridge_slave_0) entered blocking state [ 391.764136][ T6382] bridge0: port 1(bridge_slave_0) entered forwarding state [ 391.811200][ T6382] bridge0: port 2(bridge_slave_1) entered blocking state [ 391.818478][ T6382] bridge0: port 2(bridge_slave_1) entered forwarding state [ 392.196404][ T9884] __nla_validate_parse: 3 callbacks suppressed [ 392.196424][ T9884] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1257'. [ 392.249291][ T9886] mac80211_hwsim hwsim8 syzkaller0: left promiscuous mode [ 392.262378][ T9886] mac80211_hwsim hwsim8 syzkaller0: left allmulticast mode [ 392.353057][ T9656] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 392.565952][ T9656] veth0_vlan: entered promiscuous mode [ 392.595938][ T9656] veth1_vlan: entered promiscuous mode [ 392.672792][ T9656] veth0_macvtap: entered promiscuous mode [ 392.726288][ T9656] veth1_macvtap: entered promiscuous mode [ 392.821883][ T9656] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 393.153342][ T9656] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 393.173464][ T9656] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 393.187654][ T9656] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 393.197366][ T9656] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 393.209905][ T9656] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 393.391182][ T4510] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 393.512248][ T4510] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 393.590989][ T6382] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 393.615060][ T6382] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 393.870582][ T9930] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1280'. [ 394.764330][ T9947] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1286'. [ 394.845424][ T9951] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1288'. [ 394.857587][ T9951] netlink: 'syz.3.1288': attribute type 5 has an invalid length. [ 394.867014][ T9951] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1288'. [ 395.709359][ T4510] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 397.059509][ T4510] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 397.176408][ T4510] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 397.292353][ T4510] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 397.352882][ T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 397.366032][ T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 397.378275][ T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 397.381165][T10031] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1322'. [ 397.398742][ T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 397.407502][ T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 397.555735][T10029] lo speed is unknown, defaulting to 1000 [ 397.759446][ T4510] bridge_slave_1: left allmulticast mode [ 397.793345][ T4510] bridge_slave_1: left promiscuous mode [ 397.820125][ T4510] bridge0: port 2(bridge_slave_1) entered disabled state [ 398.803687][ T4510] bridge_slave_0: left allmulticast mode [ 398.809503][ T4510] bridge_slave_0: left promiscuous mode [ 398.816608][ T4510] bridge0: port 1(bridge_slave_0) entered disabled state [ 399.694383][ T5826] Bluetooth: hci4: command tx timeout [ 400.418352][ T4510] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 400.430289][ T4510] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 400.447315][ T4510] bond0 (unregistering): Released all slaves [ 400.472038][T10059] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1330'. [ 400.506847][T10059] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1330'. [ 400.557649][T10059] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 400.566564][T10059] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 400.575754][T10059] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 400.584986][T10059] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 400.755482][T10099] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1342'. [ 401.814034][ T5826] Bluetooth: hci4: command tx timeout [ 402.957801][ T4510] hsr_slave_0: left promiscuous mode [ 402.986126][ T4510] hsr_slave_1: left promiscuous mode [ 403.002992][ T4510] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 403.044862][ T4510] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 403.075553][ T4510] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 403.105906][ T4510] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 403.121338][T10129] netlink: 'syz.0.1356': attribute type 2 has an invalid length. [ 403.145303][T10129] netlink: 164 bytes leftover after parsing attributes in process `syz.0.1356'. [ 403.190993][ T4510] veth1_macvtap: left promiscuous mode [ 403.205914][ T4510] veth0_macvtap: left promiscuous mode [ 403.211595][ T4510] veth1_vlan: left promiscuous mode [ 403.221204][ T4510] veth0_vlan: left promiscuous mode [ 403.893987][ T5826] Bluetooth: hci4: command tx timeout [ 404.480279][ T4510] team0 (unregistering): Port device team_slave_1 removed [ 404.508830][T10157] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1364'. [ 404.546138][ T4510] team0 (unregistering): Port device team_slave_0 removed [ 405.974154][ T5826] Bluetooth: hci4: command tx timeout [ 406.323717][T10126] (unnamed net_device) (uninitialized): Removing last arp target with arp_interval on [ 406.334178][T10126] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 406.544136][T10029] chnl_net:caif_netlink_parms(): no params data found [ 406.748504][T10029] bridge0: port 1(bridge_slave_0) entered blocking state [ 406.756377][T10029] bridge0: port 1(bridge_slave_0) entered disabled state [ 406.763641][T10029] bridge_slave_0: entered allmulticast mode [ 406.771680][T10029] bridge_slave_0: entered promiscuous mode [ 406.780425][T10029] bridge0: port 2(bridge_slave_1) entered blocking state [ 406.788234][T10029] bridge0: port 2(bridge_slave_1) entered disabled state [ 406.795792][T10029] bridge_slave_1: entered allmulticast mode [ 406.803455][T10029] bridge_slave_1: entered promiscuous mode [ 406.852431][T10029] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 406.865788][T10029] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 406.928727][T10029] team0: Port device team_slave_0 added [ 406.938124][T10029] team0: Port device team_slave_1 added [ 406.992295][T10029] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 407.000612][T10029] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 407.027449][T10029] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 407.043191][T10029] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 407.050911][T10029] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 407.077073][T10029] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 407.145244][T10029] hsr_slave_0: entered promiscuous mode [ 407.152230][T10029] hsr_slave_1: entered promiscuous mode [ 407.376381][T10195] lo speed is unknown, defaulting to 1000 [ 407.536814][T10200] lo speed is unknown, defaulting to 1000 [ 408.156901][T10222] x_tables: duplicate underflow at hook 4 [ 408.182707][T10029] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 408.201515][T10222] bridge0: port 1(syz_tun) entered blocking state [ 408.209200][T10222] bridge0: port 1(syz_tun) entered disabled state [ 408.216448][T10222] syz_tun: entered allmulticast mode [ 408.226517][T10222] syz_tun: entered promiscuous mode [ 408.232832][T10222] bridge0: port 1(syz_tun) entered blocking state [ 408.239607][T10222] bridge0: port 1(syz_tun) entered listening state [ 408.254929][T10029] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 408.292396][T10029] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 408.440188][T10029] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 408.560297][T10232] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1394'. [ 408.777634][T10029] 8021q: adding VLAN 0 to HW filter on device bond0 [ 408.814544][T10029] 8021q: adding VLAN 0 to HW filter on device team0 [ 408.838348][ T6604] bridge0: port 1(bridge_slave_0) entered blocking state [ 408.845524][ T6604] bridge0: port 1(bridge_slave_0) entered forwarding state [ 408.875176][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 408.882410][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 409.264531][T10277] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1409'. [ 409.495295][T10029] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 409.592123][T10029] veth0_vlan: entered promiscuous mode [ 409.610118][T10029] veth1_vlan: entered promiscuous mode [ 409.703647][T10029] veth0_macvtap: entered promiscuous mode [ 409.734471][T10029] veth1_macvtap: entered promiscuous mode [ 409.786796][T10029] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 409.809149][T10029] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 409.837783][T10029] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 409.850729][T10029] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 409.862708][T10029] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 409.871491][T10029] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 410.022239][ T6382] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 410.036522][ T6382] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 410.082474][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 410.104657][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 410.229624][T10310] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1423'. [ 410.398968][T10316] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1426'. [ 410.669267][T10332] tipc: Started in network mode [ 410.695559][T10332] tipc: Node identity 111, cluster identity 4711 [ 410.711963][T10332] tipc: Node number set to 273 [ 410.761887][T10336] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1432'. [ 411.531863][ T49] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 411.610770][T10359] netlink: 1041 bytes leftover after parsing attributes in process `syz.0.1443'. [ 412.664841][ T49] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 412.712625][T10370] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1446'. [ 412.842154][ T49] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 412.895047][T10380] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1452'. [ 412.918902][T10380] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1452'. [ 412.953723][ T49] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 413.047155][ T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 413.056177][ T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 413.064052][ T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 413.072392][ T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 413.080062][ T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 413.125085][T10387] lo speed is unknown, defaulting to 1000 [ 413.309261][ T49] bridge_slave_1: left allmulticast mode [ 413.330033][ T49] bridge_slave_1: left promiscuous mode [ 413.362305][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 413.399083][ T49] bridge_slave_0: left allmulticast mode [ 413.418396][ T49] bridge_slave_0: left promiscuous mode [ 413.436171][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 413.833521][T10420] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1468'. [ 413.944927][ T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 413.956748][ T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 413.967365][ T49] bond0 (unregistering): Released all slaves [ 414.061208][T10419] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1468'. [ 414.456130][T10436] netlink: 260 bytes leftover after parsing attributes in process `syz.0.1475'. [ 414.482026][T10387] chnl_net:caif_netlink_parms(): no params data found [ 414.599790][ T49] hsr_slave_0: left promiscuous mode [ 414.613616][ T49] hsr_slave_1: left promiscuous mode [ 414.622796][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 414.638096][ T49] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 414.646653][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 414.660486][ T49] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 414.721324][ T49] veth1_macvtap: left promiscuous mode [ 414.731923][ T49] veth0_macvtap: left promiscuous mode [ 414.737698][ T49] veth1_vlan: left promiscuous mode [ 414.743328][ T49] veth0_vlan: left promiscuous mode [ 415.094550][ T51] Bluetooth: hci4: command tx timeout [ 415.433800][T10450] netlink: 248 bytes leftover after parsing attributes in process `syz.3.1481'. [ 415.763049][ T49] team0 (unregistering): Port device team_slave_1 removed [ 415.809925][ T49] team0 (unregistering): Port device team_slave_0 removed [ 416.603602][T10387] bridge0: port 1(bridge_slave_0) entered blocking state [ 416.621836][T10387] bridge0: port 1(bridge_slave_0) entered disabled state [ 416.642317][T10387] bridge_slave_0: entered allmulticast mode [ 416.651186][T10387] bridge_slave_0: entered promiscuous mode [ 416.680248][T10387] bridge0: port 2(bridge_slave_1) entered blocking state [ 416.717416][T10387] bridge0: port 2(bridge_slave_1) entered disabled state [ 416.744066][T10387] bridge_slave_1: entered allmulticast mode [ 416.765511][T10387] bridge_slave_1: entered promiscuous mode [ 416.827235][T10493] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1497'. [ 416.870269][T10387] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 416.916382][T10387] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 417.006400][T10387] team0: Port device team_slave_0 added [ 417.030186][T10387] team0: Port device team_slave_1 added [ 417.107178][T10387] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 417.119250][T10387] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 417.175033][ T51] Bluetooth: hci4: command tx timeout [ 417.185171][T10387] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 417.217381][T10387] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 417.224526][T10387] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 417.250687][T10387] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 417.402025][T10387] hsr_slave_0: entered promiscuous mode [ 417.418638][T10387] hsr_slave_1: entered promiscuous mode [ 417.761097][T10541] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1518'. [ 417.894212][T10551] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1522'. [ 417.994474][T10547] netlink: 92 bytes leftover after parsing attributes in process `syz.0.1521'. [ 419.180752][T10572] netlink: 248 bytes leftover after parsing attributes in process `syz.0.1532'. [ 419.313894][ T51] Bluetooth: hci4: command tx timeout [ 419.419847][T10578] netlink: 260 bytes leftover after parsing attributes in process `syz.4.1535'. [ 419.669550][T10387] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 419.732497][T10387] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 419.823192][T10387] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 419.938316][T10387] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 420.266449][T10387] 8021q: adding VLAN 0 to HW filter on device bond0 [ 420.355415][T10387] 8021q: adding VLAN 0 to HW filter on device team0 [ 420.431623][ T4510] bridge0: port 1(bridge_slave_0) entered blocking state [ 420.438883][ T4510] bridge0: port 1(bridge_slave_0) entered forwarding state [ 420.591468][ T6382] bridge0: port 2(bridge_slave_1) entered blocking state [ 420.598695][ T6382] bridge0: port 2(bridge_slave_1) entered forwarding state [ 421.334205][ T51] Bluetooth: hci4: command tx timeout [ 422.079789][T10387] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 422.283232][T10387] veth0_vlan: entered promiscuous mode [ 422.346540][T10387] veth1_vlan: entered promiscuous mode [ 423.604214][T10387] veth0_macvtap: entered promiscuous mode [ 423.905544][T10387] veth1_macvtap: entered promiscuous mode [ 424.134909][T10660] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1564'. [ 424.193130][T10657] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1563'. [ 424.269331][T10387] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 424.380776][T10387] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 424.680889][T10657] team0: entered promiscuous mode [ 424.747396][T10657] team_slave_0: entered promiscuous mode [ 424.783809][T10657] team_slave_1: entered promiscuous mode [ 424.844686][T10657] 8021q: adding VLAN 0 to HW filter on device macvlan0 [ 424.918514][T10657] team0: left promiscuous mode [ 424.941249][T10657] team_slave_0: left promiscuous mode [ 424.973457][T10657] team_slave_1: left promiscuous mode [ 425.293816][T10387] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 425.320826][T10387] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 425.329606][T10387] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 425.338518][T10387] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 425.531673][ T6382] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 425.543050][ T6382] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 425.551782][ T4510] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 425.563075][T10671] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1568'. [ 425.581148][ T4510] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 426.185035][T10691] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1577'. [ 426.424800][ T13] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 426.533072][ T13] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 426.659729][ T13] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 426.721200][ T13] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 426.910027][ T13] bridge_slave_1: left allmulticast mode [ 426.916679][ T13] bridge_slave_1: left promiscuous mode [ 426.922454][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 426.933049][ T13] bridge_slave_0: left allmulticast mode [ 426.939048][ T13] bridge_slave_0: left promiscuous mode [ 426.946254][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 427.216929][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 427.229117][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 427.239244][ T13] bond0 (unregistering): Released all slaves [ 427.721528][ T13] hsr_slave_0: left promiscuous mode [ 427.747568][ T13] hsr_slave_1: left promiscuous mode [ 427.764514][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 427.771972][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 427.804513][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 427.830984][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 427.892800][ T13] veth1_macvtap: left promiscuous mode [ 427.925621][ T13] veth0_macvtap: left promiscuous mode [ 427.950865][ T13] veth1_vlan: left promiscuous mode [ 427.985815][ T13] veth0_vlan: left promiscuous mode [ 428.099395][T10716] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1583'. [ 428.645086][ T5826] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 428.667353][ T5826] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 428.684241][ T5826] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 428.695049][ T5826] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 428.702858][ T5826] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 429.206627][ T13] team0 (unregistering): Port device team_slave_1 removed [ 429.255783][ T13] team0 (unregistering): Port device team_slave_0 removed [ 429.627721][T10713] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1583'. [ 429.647708][T10722] team0: Device vlan0 is already an upper device of the team interface [ 429.720342][T10725] lo speed is unknown, defaulting to 1000 [ 430.577823][T10725] chnl_net:caif_netlink_parms(): no params data found [ 430.733265][T10773] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1608'. [ 430.784020][ T51] Bluetooth: hci4: command tx timeout [ 430.950792][T10725] bridge0: port 1(bridge_slave_0) entered blocking state [ 430.975407][T10725] bridge0: port 1(bridge_slave_0) entered disabled state [ 430.983001][T10725] bridge_slave_0: entered allmulticast mode [ 431.001160][T10725] bridge_slave_0: entered promiscuous mode [ 431.025513][T10725] bridge0: port 2(bridge_slave_1) entered blocking state [ 431.041834][T10725] bridge0: port 2(bridge_slave_1) entered disabled state [ 431.070226][T10725] bridge_slave_1: entered allmulticast mode [ 431.095147][T10725] bridge_slave_1: entered promiscuous mode [ 431.114115][T10783] netlink: 1010 bytes leftover after parsing attributes in process `syz.3.1611'. [ 431.134099][T10783] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 431.154138][T10789] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 431.175544][T10789] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 431.360291][T10725] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 431.392798][T10725] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 431.470642][T10804] Cannot find set identified by id 2 to match [ 431.515749][T10725] team0: Port device team_slave_0 added [ 431.541445][T10725] team0: Port device team_slave_1 added [ 431.616665][T10725] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 431.625955][T10725] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 431.661028][T10725] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 431.679845][T10725] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 431.687123][T10725] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 431.716679][T10725] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 431.852952][T10725] hsr_slave_0: entered promiscuous mode [ 431.872731][T10725] hsr_slave_1: entered promiscuous mode [ 431.980627][T10821] team0: Port device team_slave_0 removed [ 431.996329][T10821] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 432.775059][T10725] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 432.803180][T10725] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 432.814076][T10725] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 432.836201][T10725] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 432.857096][ T51] Bluetooth: hci4: command tx timeout [ 432.991994][T10725] 8021q: adding VLAN 0 to HW filter on device bond0 [ 433.037354][T10725] 8021q: adding VLAN 0 to HW filter on device team0 [ 433.052966][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 433.060187][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 434.038625][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 434.045868][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 434.619730][T10725] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 434.935159][ T51] Bluetooth: hci4: command tx timeout [ 434.958704][T10725] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 435.044257][T10938] x_tables: duplicate underflow at hook 4 [ 435.058839][T10725] veth0_vlan: entered promiscuous mode [ 435.080127][T10938] bridge0: port 3(syz_tun) entered blocking state [ 435.112812][T10938] bridge0: port 3(syz_tun) entered disabled state [ 435.129692][T10938] syz_tun: entered allmulticast mode [ 435.148002][T10938] syz_tun: entered promiscuous mode [ 435.164885][T10938] bridge0: port 3(syz_tun) entered blocking state [ 435.171494][T10938] bridge0: port 3(syz_tun) entered forwarding state [ 435.219785][T10725] veth1_vlan: entered promiscuous mode [ 435.296727][T10725] veth0_macvtap: entered promiscuous mode [ 435.339408][T10725] veth1_macvtap: entered promiscuous mode [ 435.391029][T10725] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 435.432848][T10725] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 435.452898][T10725] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 435.475209][T10725] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 435.496921][T10725] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 435.514775][T10725] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 435.718553][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 435.751074][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 435.830655][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 435.854734][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 436.429860][T10986] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1696'. [ 437.385076][T11011] x_tables: duplicate underflow at hook 4 [ 437.400938][ T49] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 437.436579][T11011] bridge0: port 3(syz_tun) entered blocking state [ 437.443127][T11011] bridge0: port 3(syz_tun) entered disabled state [ 437.469595][T11011] syz_tun: entered allmulticast mode [ 437.477420][T11011] syz_tun: entered promiscuous mode [ 437.992553][ T49] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 438.058278][ T49] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 438.117593][ T49] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 438.229223][ T49] bridge_slave_1: left allmulticast mode [ 438.235009][ T49] bridge_slave_1: left promiscuous mode [ 438.240725][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 438.250424][ T49] bridge_slave_0: left allmulticast mode [ 438.256320][ T49] bridge_slave_0: left promiscuous mode [ 438.261979][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 438.528147][ T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 438.539526][ T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 438.558505][ T49] bond0 (unregistering): Released all slaves [ 438.705121][ C0] bridge0: port 1(syz_tun) entered learning state [ 439.155176][T11039] x_tables: duplicate underflow at hook 4 [ 439.172150][T11039] bridge0: port 3(syz_tun) entered blocking state [ 439.189203][T11039] bridge0: port 3(syz_tun) entered disabled state [ 439.225696][T11039] syz_tun: entered allmulticast mode [ 439.228080][ T5826] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 439.241249][ T5826] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 439.244771][T11039] syz_tun: entered promiscuous mode [ 439.256912][ T5826] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 439.272329][ T5826] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 439.280647][ T5826] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 439.860486][ T49] hsr_slave_0: left promiscuous mode [ 439.978242][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.031847][ T49] hsr_slave_1: left promiscuous mode [ 440.042660][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 440.080970][ T49] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 440.107640][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 440.135990][ T49] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 440.223338][ T49] veth1_macvtap: left promiscuous mode [ 440.229278][T11067] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1726'. [ 440.248214][ T49] veth0_macvtap: left promiscuous mode [ 440.278355][ T49] veth1_vlan: left promiscuous mode [ 440.288286][ T49] veth0_vlan: left promiscuous mode [ 440.341577][T11071] netlink: 'syz.4.1728': attribute type 10 has an invalid length. [ 440.349917][T11071] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1728'. [ 440.917851][ T49] team0 (unregistering): Port device team_slave_1 removed [ 440.956736][ T49] team0 (unregistering): Port device team_slave_0 removed [ 441.338899][ T5826] Bluetooth: hci4: command tx timeout [ 441.386422][T11052] syzkaller0: entered promiscuous mode [ 441.391957][T11052] syzkaller0: entered allmulticast mode [ 441.409034][T11067] bond0: entered promiscuous mode [ 441.414536][T11067] bond_slave_0: entered promiscuous mode [ 441.420379][T11067] bond_slave_1: entered promiscuous mode [ 441.426369][T11067] bond2: entered promiscuous mode [ 441.436691][T11067] 8021q: adding VLAN 0 to HW filter on device macvlan0 [ 441.445998][T11067] bond0: left promiscuous mode [ 441.450856][T11067] bond_slave_0: left promiscuous mode [ 441.459327][T11067] bond_slave_1: left promiscuous mode [ 441.465018][T11067] bond2: left promiscuous mode [ 441.511882][T11071] batadv0: entered promiscuous mode [ 441.520303][T11071] bridge0: port 2(batadv0) entered blocking state [ 441.537458][T11071] bridge0: port 2(batadv0) entered disabled state [ 441.564056][T11071] batadv0: entered allmulticast mode [ 441.572181][T11071] bridge0: port 2(batadv0) entered blocking state [ 441.578940][T11071] bridge0: port 2(batadv0) entered listening state [ 441.624839][ T6382] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 441.634397][ T6382] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 441.712605][T11042] lo speed is unknown, defaulting to 1000 [ 442.012367][T11096] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1737'. [ 442.559830][T11111] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1743'. [ 442.692447][T11042] chnl_net:caif_netlink_parms(): no params data found [ 442.863223][T11120] mac80211_hwsim hwsim8 syzkaller0: entered promiscuous mode [ 442.894065][T11120] mac80211_hwsim hwsim8 syzkaller0: entered allmulticast mode [ 443.147967][T11042] bridge0: port 1(bridge_slave_0) entered blocking state [ 443.152136][T11140] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1751'. [ 443.174024][T11042] bridge0: port 1(bridge_slave_0) entered disabled state [ 443.194054][T11042] bridge_slave_0: entered allmulticast mode [ 443.215846][T11042] bridge_slave_0: entered promiscuous mode [ 443.239407][T11042] bridge0: port 2(bridge_slave_1) entered blocking state [ 443.257315][T11042] bridge0: port 2(bridge_slave_1) entered disabled state [ 443.260459][T11143] x_tables: duplicate underflow at hook 4 [ 443.271842][T11145] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1753'. [ 443.299054][T11042] bridge_slave_1: entered allmulticast mode [ 443.309888][T11042] bridge_slave_1: entered promiscuous mode [ 443.376503][T11042] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 443.403524][T11042] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 443.420816][ T5826] Bluetooth: hci4: command tx timeout [ 443.494929][T11151] netlink: 'syz.1.1756': attribute type 2 has an invalid length. [ 443.505368][T11042] team0: Port device team_slave_0 added [ 443.522904][T11151] netlink: 143072 bytes leftover after parsing attributes in process `syz.1.1756'. [ 443.525158][T11042] team0: Port device team_slave_1 added [ 443.559210][T11151] nbd: must specify at least one socket [ 443.722404][T11042] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 443.751474][T11042] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 443.812178][T11042] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 443.856158][T11042] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 443.863159][T11042] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 443.996465][T11042] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 445.534134][ T5826] Bluetooth: hci4: command tx timeout [ 446.301139][T11190] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1766'. [ 446.525093][T11042] hsr_slave_0: entered promiscuous mode [ 446.531646][T11042] hsr_slave_1: entered promiscuous mode [ 446.773317][T11196] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1767'. [ 446.885764][T11198] x_tables: duplicate underflow at hook 4 [ 447.574120][ T5826] Bluetooth: hci4: command tx timeout [ 448.087723][T11042] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 448.131898][T11042] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 448.193236][T11042] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 448.203584][T11042] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 448.346412][T11234] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1778'. [ 448.481418][T11233] tipc: Enabling of bearer rejected, failed to enable media [ 448.586767][T11241] x_tables: duplicate underflow at hook 4 [ 448.722434][T11042] 8021q: adding VLAN 0 to HW filter on device bond0 [ 448.795943][T11042] 8021q: adding VLAN 0 to HW filter on device team0 [ 448.812392][ T6382] bridge0: port 1(bridge_slave_0) entered blocking state [ 448.819722][ T6382] bridge0: port 1(bridge_slave_0) entered forwarding state [ 448.992117][ T6382] bridge0: port 2(bridge_slave_1) entered blocking state [ 448.999353][ T6382] bridge0: port 2(bridge_slave_1) entered forwarding state [ 449.100405][T11042] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 449.111429][ T5826] Bluetooth: hci2: unexpected event 0x03 length: 1 < 11 [ 449.181030][T11042] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 450.223549][T11042] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 450.290930][T11278] x_tables: duplicate underflow at hook 4 [ 450.516389][T11042] veth0_vlan: entered promiscuous mode [ 450.554813][T11042] veth1_vlan: entered promiscuous mode [ 451.626437][T11042] veth0_macvtap: entered promiscuous mode [ 451.639287][T11042] veth1_macvtap: entered promiscuous mode [ 451.681198][T11042] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 451.719181][T11042] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 451.746062][T11042] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 451.763221][T11042] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 451.783020][T11042] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 451.803302][T11042] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 452.265270][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 452.273174][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 452.280727][ T6604] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 452.292834][ T6604] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 452.467301][T11300] tipc: Enabling of bearer rejected, failed to enable media [ 453.711079][T11313] x_tables: duplicate underflow at hook 4 [ 453.726629][ T4510] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 454.123303][ T4510] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 454.199129][ T4510] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 454.240138][ T4510] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 454.336695][ T4510] bridge_slave_1: left allmulticast mode [ 454.342381][ T4510] bridge_slave_1: left promiscuous mode [ 454.348133][ T4510] bridge0: port 2(bridge_slave_1) entered disabled state [ 454.358197][ T4510] bridge_slave_0: left allmulticast mode [ 454.364242][ T4510] bridge_slave_0: left promiscuous mode [ 454.369937][ T4510] bridge0: port 1(bridge_slave_0) entered disabled state [ 454.628760][ T4510] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 454.639387][ T4510] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 454.651670][ T4510] bond0 (unregistering): Released all slaves [ 454.920730][ T4510] hsr_slave_0: left promiscuous mode [ 454.926765][ T4510] hsr_slave_1: left promiscuous mode [ 454.932540][ T4510] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 454.943794][ T4510] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 454.954580][ T4510] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 454.961998][ T4510] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 454.984084][ T4510] veth1_macvtap: left promiscuous mode [ 454.989627][ T4510] veth0_macvtap: left promiscuous mode [ 454.995244][ T4510] veth1_vlan: left promiscuous mode [ 455.000532][ T4510] veth0_vlan: left promiscuous mode [ 456.180052][ T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 456.189638][ T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 456.197856][ T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 456.216545][ T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 456.225152][ T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 457.929426][ T4510] team0 (unregistering): Port device team_slave_1 removed [ 458.037639][T11346] kvm: emulating exchange as write [ 458.097320][ T4510] team0 (unregistering): Port device team_slave_0 removed [ 458.294017][ T5826] Bluetooth: hci4: command tx timeout [ 458.617359][T11354] x_tables: duplicate underflow at hook 4 [ 459.127023][T11335] lo speed is unknown, defaulting to 1000 [ 459.514006][ T8537] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 459.704176][ T8537] usb 4-1: Using ep0 maxpacket: 16 [ 460.342279][ T8537] usb 4-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 460.373165][ T8537] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 460.382894][ T5826] Bluetooth: hci4: command tx timeout [ 460.411689][ T8537] usb 4-1: config 0 descriptor?? [ 460.432621][ T8537] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 460.459251][T11335] chnl_net:caif_netlink_parms(): no params data found [ 461.987979][T11335] bridge0: port 1(bridge_slave_0) entered blocking state [ 462.008127][T11335] bridge0: port 1(bridge_slave_0) entered disabled state [ 462.022510][T11335] bridge_slave_0: entered allmulticast mode [ 462.064159][T11335] bridge_slave_0: entered promiscuous mode [ 462.091518][T11335] bridge0: port 2(bridge_slave_1) entered blocking state [ 462.124282][T11335] bridge0: port 2(bridge_slave_1) entered disabled state [ 462.154175][T11335] bridge_slave_1: entered allmulticast mode [ 462.182414][T11335] bridge_slave_1: entered promiscuous mode [ 462.286390][T11335] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 462.336117][T11335] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 462.440312][T11335] team0: Port device team_slave_0 added [ 462.452249][T11335] team0: Port device team_slave_1 added [ 462.464831][ T5826] Bluetooth: hci4: command tx timeout [ 462.561363][T11335] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 462.584066][T11335] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 462.653917][T11335] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 462.680361][T11335] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 462.706830][T11335] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 462.775879][T11335] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 462.921824][T11335] hsr_slave_0: entered promiscuous mode [ 462.955534][T11335] hsr_slave_1: entered promiscuous mode [ 463.043863][ T8537] gspca_sonixj: i2c_w8 err -71 [ 463.073951][ T8537] sonixj 4-1:0.0: probe with driver sonixj failed with error -71 [ 463.092728][ T8537] usb 4-1: USB disconnect, device number 11 [ 464.567794][ T5826] Bluetooth: hci4: command tx timeout [ 466.752386][T11426] lo speed is unknown, defaulting to 1000 [ 468.175993][T11335] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 468.211093][T11335] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 468.233642][T11335] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 468.253614][T11335] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 468.369483][T11453] binder: 11452:11453 ioctl c0306201 0 returned -14 [ 468.773982][ C0] bridge0: port 1(syz_tun) entered forwarding state [ 468.780779][ C0] bridge0: topology change detected, propagating [ 469.707609][T11462] netlink: 92 bytes leftover after parsing attributes in process `syz.3.1850'. [ 470.845546][T11335] 8021q: adding VLAN 0 to HW filter on device bond0 [ 471.049863][T11335] 8021q: adding VLAN 0 to HW filter on device team0 [ 471.083493][ T4510] bridge0: port 1(bridge_slave_0) entered blocking state [ 471.090660][ T4510] bridge0: port 1(bridge_slave_0) entered forwarding state [ 471.974930][ C0] bridge0: port 2(batadv0) entered learning state [ 473.595825][ T66] bridge0: port 2(bridge_slave_1) entered blocking state [ 473.603028][ T66] bridge0: port 2(bridge_slave_1) entered forwarding state [ 473.631285][ T5826] Bluetooth: hci2: unexpected event for opcode 0x1005 [ 475.122277][T11335] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 475.148952][T11496] netlink: 92 bytes leftover after parsing attributes in process `syz.1.1861'. [ 475.228708][T11335] veth0_vlan: entered promiscuous mode [ 475.260522][T11335] veth1_vlan: entered promiscuous mode [ 475.311294][ T30] kauditd_printk_skb: 5 callbacks suppressed [ 475.311312][ T30] audit: type=1326 audit(1751401269.493:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11502 comm="syz.3.1865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f70a218e929 code=0x7ffc0000 [ 475.386274][T11335] veth0_macvtap: entered promiscuous mode [ 475.430133][T11335] veth1_macvtap: entered promiscuous mode [ 475.449201][T11505] kvm: vcpu 2: requested 128 ns lapic timer period limited to 200000 ns [ 475.458950][ T30] audit: type=1326 audit(1751401269.543:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11502 comm="syz.3.1865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f70a218e929 code=0x7ffc0000 [ 475.688732][T11505] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 476.098035][T11335] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 476.455360][T11335] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 476.559530][T11335] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 476.609042][T11335] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 476.654620][T11335] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 476.764533][T11335] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 477.763525][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 477.786190][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 478.910996][ T6012] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 478.933378][T11518] delete_channel: no stack [ 478.938254][ T6012] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 479.634607][T11536] netlink: 92 bytes leftover after parsing attributes in process `syz.4.1876'. [ 480.146293][ T13] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 481.519041][ T13] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 481.639836][ T13] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 481.717568][ T13] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 481.857278][ T13] bridge_slave_1: left allmulticast mode [ 481.862949][ T13] bridge_slave_1: left promiscuous mode [ 481.868693][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 481.879075][ T13] bridge_slave_0: left allmulticast mode [ 481.885860][ T13] bridge_slave_0: left promiscuous mode [ 481.891529][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 482.232109][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 482.860726][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 482.898851][ T13] bond0 (unregistering): Released all slaves [ 483.223857][T11560] sctp: [Deprecated]: syz.0.1882 (pid 11560) Use of struct sctp_assoc_value in delayed_ack socket option. [ 483.223857][T11560] Use struct sctp_sack_info instead [ 484.387005][ T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 484.396606][ T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 484.414838][ T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 484.527700][ T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 484.545792][ T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 486.263932][ T13] hsr_slave_0: left promiscuous mode [ 486.301539][ T13] hsr_slave_1: left promiscuous mode [ 486.347412][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 486.372343][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 486.411773][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 486.463322][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 486.520865][ T13] veth1_macvtap: left promiscuous mode [ 486.543477][ T13] veth0_macvtap: left promiscuous mode [ 486.549389][ T13] veth1_vlan: left promiscuous mode [ 486.557691][ T13] veth0_vlan: left promiscuous mode [ 486.801757][ T51] Bluetooth: hci4: command tx timeout [ 488.857544][ T51] Bluetooth: hci4: command tx timeout [ 489.199561][T11612] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1896'. [ 489.753886][ T8541] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 489.926161][ T8541] usb 1-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 490.006210][ T8541] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 490.048128][ T8541] usb 1-1: config 0 descriptor?? [ 490.152218][ T13] team0 (unregistering): Port device team_slave_1 removed [ 490.202862][ T13] team0 (unregistering): Port device team_slave_0 removed [ 490.943964][ T51] Bluetooth: hci4: command tx timeout [ 491.077761][ T8541] elan 0003:04F3:0755.0007: unknown main item tag 0x0 [ 491.112665][ T8541] elan 0003:04F3:0755.0007: item fetching failed at offset 3/5 [ 491.123119][ T8541] elan 0003:04F3:0755.0007: Hid Parse failed [ 491.129980][ T8541] elan 0003:04F3:0755.0007: probe with driver elan failed with error -22 [ 492.151851][T11609] netlink: 'syz.3.1896': attribute type 32 has an invalid length. [ 492.203672][T11573] lo speed is unknown, defaulting to 1000 [ 492.643375][T11573] chnl_net:caif_netlink_parms(): no params data found [ 492.724072][ T8541] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 492.797815][T11573] bridge0: port 1(bridge_slave_0) entered blocking state [ 492.812811][T11573] bridge0: port 1(bridge_slave_0) entered disabled state [ 492.820174][T11573] bridge_slave_0: entered allmulticast mode [ 492.828284][T11573] bridge_slave_0: entered promiscuous mode [ 492.844208][T11573] bridge0: port 2(bridge_slave_1) entered blocking state [ 492.852637][T11573] bridge0: port 2(bridge_slave_1) entered disabled state [ 492.860725][T11573] bridge_slave_1: entered allmulticast mode [ 492.882491][T11573] bridge_slave_1: entered promiscuous mode [ 492.898533][ T8541] usb 5-1: New USB device found, idVendor=2770, idProduct=9052, bcdDevice=15.f5 [ 492.932627][ T8541] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 492.933567][ T5888] usb 1-1: USB disconnect, device number 14 [ 492.973923][ T8541] usb 5-1: Product: syz [ 492.978127][ T8541] usb 5-1: Manufacturer: syz [ 493.012187][ T8541] usb 5-1: SerialNumber: syz [ 493.024055][ T51] Bluetooth: hci4: command tx timeout [ 493.103455][ T8541] usb 5-1: config 0 descriptor?? [ 493.274811][ T8541] gspca_main: sq905c-2.14.0 probing 2770:9052 [ 493.908753][T11573] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 494.042335][ T8541] gspca_sq905c: sq905c_command: usb_control_msg failed (-110) [ 494.050927][ T8541] sq905c 5-1:0.0: Get version command failed [ 494.057311][ T8541] sq905c 5-1:0.0: probe with driver sq905c failed with error -110 [ 494.089949][T11573] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 494.785613][T11573] team0: Port device team_slave_0 added [ 494.809143][T11573] team0: Port device team_slave_1 added [ 494.891889][T11573] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 494.900059][T11573] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 494.928774][T11573] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 494.953342][T11573] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 495.050036][T11573] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 495.089449][T11573] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 495.512814][T11573] hsr_slave_0: entered promiscuous mode [ 495.521482][T11573] hsr_slave_1: entered promiscuous mode [ 495.861470][ T5888] usb 5-1: USB disconnect, device number 9 [ 496.390587][T11573] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 496.757421][T11573] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 496.791962][T11573] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 496.828246][T11573] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 497.081662][T11573] 8021q: adding VLAN 0 to HW filter on device bond0 [ 497.113914][T11573] 8021q: adding VLAN 0 to HW filter on device team0 [ 497.141720][ T4510] bridge0: port 1(bridge_slave_0) entered blocking state [ 497.149001][ T4510] bridge0: port 1(bridge_slave_0) entered forwarding state [ 497.831188][ T6012] bridge0: port 2(bridge_slave_1) entered blocking state [ 497.838420][ T6012] bridge0: port 2(bridge_slave_1) entered forwarding state [ 498.120924][T11756] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 498.179149][T11770] netlink: 'syz.4.1951': attribute type 10 has an invalid length. [ 498.194549][T11756] syzkaller0: entered promiscuous mode [ 498.200119][T11756] syzkaller0: entered allmulticast mode [ 498.220688][T11770] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1951'. [ 500.446494][T11573] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 500.572472][T11573] veth0_vlan: entered promiscuous mode [ 500.604481][T11573] veth1_vlan: entered promiscuous mode [ 500.650189][T11573] veth0_macvtap: entered promiscuous mode [ 500.676253][T11573] veth1_macvtap: entered promiscuous mode [ 500.702273][T11573] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 500.720981][T11573] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 500.742020][T11573] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 500.761657][T11573] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 500.783857][T11573] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 500.795196][T11573] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 500.811471][ T30] audit: type=1326 audit(1751401295.003:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11821 comm="syz.0.1971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf13f8e929 code=0x7ffc0000 [ 501.182754][ T30] audit: type=1326 audit(1751401295.003:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11821 comm="syz.0.1971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fdf13f8e929 code=0x7ffc0000 [ 501.374684][ T30] audit: type=1326 audit(1751401295.003:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11821 comm="syz.0.1971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf13f8e929 code=0x7ffc0000 [ 501.408877][ T30] audit: type=1326 audit(1751401295.003:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11821 comm="syz.0.1971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fdf13f8e929 code=0x7ffc0000 [ 501.446187][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.466431][ T30] audit: type=1326 audit(1751401295.033:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11821 comm="syz.0.1971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf13f8e929 code=0x7ffc0000 [ 501.490211][ T30] audit: type=1326 audit(1751401295.033:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11821 comm="syz.0.1971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf13f8e929 code=0x7ffc0000 [ 501.512561][ T30] audit: type=1326 audit(1751401295.033:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11821 comm="syz.0.1971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7fdf13f8e929 code=0x7ffc0000 [ 501.541485][ T30] audit: type=1326 audit(1751401295.033:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11821 comm="syz.0.1971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf13f8e929 code=0x7ffc0000 [ 501.592264][ T30] audit: type=1326 audit(1751401295.043:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11821 comm="syz.0.1971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fdf13f8e929 code=0x7ffc0000 [ 501.594406][ T6604] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 501.727278][ T6604] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 501.728841][ T30] audit: type=1326 audit(1751401295.043:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11821 comm="syz.0.1971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf13f8e929 code=0x7ffc0000 [ 501.828813][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 501.848797][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 502.053883][ C0] bridge0: port 2(batadv0) entered forwarding state [ 502.060551][ C0] bridge0: topology change detected, propagating [ 502.072325][T11845] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 502.105582][T11845] syzkaller0: entered promiscuous mode [ 502.111189][T11845] syzkaller0: entered allmulticast mode [ 502.247810][T11867] netlink: 'syz.1.1985': attribute type 10 has an invalid length. [ 502.256059][T11867] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1985'. [ 502.267990][T11867] batadv0: entered promiscuous mode [ 502.273583][T11867] bridge0: port 4(batadv0) entered blocking state [ 502.282378][T11867] bridge0: port 4(batadv0) entered disabled state [ 502.291271][T11867] batadv0: entered allmulticast mode [ 502.392022][ T6604] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 502.401809][ T6604] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 504.498449][ T66] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 504.590796][ T66] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 504.748542][ T66] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 504.826783][ T66] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 505.054160][ T66] bridge_slave_1: left allmulticast mode [ 505.061323][ T66] bridge_slave_1: left promiscuous mode [ 505.073853][ T66] bridge0: port 2(bridge_slave_1) entered disabled state [ 505.115171][ T66] bridge_slave_0: left allmulticast mode [ 505.128697][ T66] bridge_slave_0: left promiscuous mode [ 505.144239][ T66] bridge0: port 1(bridge_slave_0) entered disabled state [ 505.325399][ T5826] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 505.338404][ T5826] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 505.347165][ T5826] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 505.355876][ T5826] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 505.364185][ T5826] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 505.771091][T11922] overlayfs: missing 'lowerdir' [ 506.394027][ T66] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 506.406602][ T66] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 506.420114][ T66] bond0 (unregistering): Released all slaves [ 506.523119][T11916] lo speed is unknown, defaulting to 1000 [ 506.784767][T11940] mac80211_hwsim hwsim11 syzkaller0: left promiscuous mode [ 506.812141][T11940] mac80211_hwsim hwsim11 syzkaller0: left allmulticast mode [ 507.000517][T11938] syzkaller0: entered promiscuous mode [ 507.011676][T11938] syzkaller0: entered allmulticast mode [ 507.352497][ T66] hsr_slave_0: left promiscuous mode [ 507.375248][ T66] hsr_slave_1: left promiscuous mode [ 507.382170][ T66] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 507.392139][ T66] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 507.540715][ T5826] Bluetooth: hci4: command tx timeout [ 507.564893][ T66] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 507.598559][ T66] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 507.947231][ T66] veth1_macvtap: left promiscuous mode [ 507.952851][ T66] veth0_macvtap: left promiscuous mode [ 507.958940][ T66] veth1_vlan: left promiscuous mode [ 507.964379][ T66] veth0_vlan: left promiscuous mode [ 508.336501][ T66] team0 (unregistering): Port device team_slave_1 removed [ 508.372749][ T66] team0 (unregistering): Port device team_slave_0 removed [ 509.577459][ T5826] Bluetooth: hci4: command tx timeout [ 509.831238][T11968] tipc: Enabling of bearer rejected, failed to enable media [ 509.957503][T11982] mac80211_hwsim hwsim8 syzkaller0: left promiscuous mode [ 509.977168][T11982] mac80211_hwsim hwsim8 syzkaller0: left allmulticast mode [ 510.203966][ T8541] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 510.397785][ T8541] usb 4-1: Using ep0 maxpacket: 32 [ 510.476709][ T8541] usb 4-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c [ 510.523382][ T8541] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 510.592008][ T8541] usb 4-1: Product: syz [ 510.625296][ T8541] usb 4-1: Manufacturer: syz [ 510.652918][ T8541] usb 4-1: SerialNumber: syz [ 510.769312][ T8541] usb 4-1: config 0 descriptor?? [ 510.854543][ T8541] gspca_main: gspca_topro-2.14.0 probing 06a2:0003 [ 511.099989][T11916] chnl_net:caif_netlink_parms(): no params data found [ 511.664464][ T5826] Bluetooth: hci4: command tx timeout [ 511.820282][ T8522] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 512.339469][T11916] bridge0: port 1(bridge_slave_0) entered blocking state [ 512.354078][T11916] bridge0: port 1(bridge_slave_0) entered disabled state [ 512.361362][T11916] bridge_slave_0: entered allmulticast mode [ 512.371224][T11916] bridge_slave_0: entered promiscuous mode [ 512.386617][T11916] bridge0: port 2(bridge_slave_1) entered blocking state [ 512.394536][T11916] bridge0: port 2(bridge_slave_1) entered disabled state [ 512.401737][T11916] bridge_slave_1: entered allmulticast mode [ 512.409403][T11916] bridge_slave_1: entered promiscuous mode [ 512.461255][T11916] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 512.474907][ T8522] usb 1-1: Using ep0 maxpacket: 8 [ 512.488300][ T8522] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 512.501431][T11916] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 512.510840][ T8522] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 512.528136][ T8522] pvrusb2: Hardware description: Terratec Grabster AV400 [ 512.533183][ T8541] gspca_topro: reg_r err -71 [ 512.540334][ T8541] gspca_topro: Sensor soi763a [ 512.544159][ T8522] pvrusb2: ********** [ 512.550597][ T8522] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 512.572427][ T8522] pvrusb2: Important functionality might not be entirely working. [ 512.587002][ T8541] usb 4-1: USB disconnect, device number 12 [ 512.593016][ T8522] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 512.624485][ T8522] pvrusb2: ********** [ 512.638268][T11916] team0: Port device team_slave_0 added [ 512.657100][T11916] team0: Port device team_slave_1 added [ 512.721736][T11916] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 512.736770][T11916] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 512.774113][ T2342] pvrusb2: Invalid write control endpoint [ 512.797515][T11916] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 512.839700][T11916] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 512.863922][T11916] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 513.608075][ T8522] usb 1-1: USB disconnect, device number 15 [ 513.630527][ T2342] pvrusb2: Invalid write control endpoint [ 513.637077][T11916] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 513.650039][ T2342] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 513.667298][ T2342] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 513.681072][T12021] tipc: Enabling of bearer rejected, failed to enable media [ 513.690916][ T2342] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 513.702212][ T2342] pvrusb2: Device being rendered inoperable [ 513.711217][ T2342] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 513.718796][ T2342] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 513.735797][ T2342] pvrusb2: Attached sub-driver cx25840 [ 513.737070][ T5826] Bluetooth: hci4: command tx timeout [ 513.765665][ T2342] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 513.794019][ T2342] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 513.859810][T11916] hsr_slave_0: entered promiscuous mode [ 513.866404][T11916] hsr_slave_1: entered promiscuous mode [ 514.974065][ T8537] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 515.209813][ T8537] usb 2-1: Using ep0 maxpacket: 32 [ 515.228597][ T8537] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 515.243933][ T8537] usb 2-1: config 0 has no interfaces? [ 515.254816][ T8537] usb 2-1: New USB device found, idVendor=0c45, idProduct=762b, bcdDevice= 0.00 [ 515.278212][ T8537] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 515.296789][ T8537] usb 2-1: config 0 descriptor?? [ 515.563495][ T8541] usb 2-1: USB disconnect, device number 12 [ 515.864799][T11916] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 515.884583][T11916] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 515.905536][T11916] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 515.930972][T11916] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 516.160889][T11916] 8021q: adding VLAN 0 to HW filter on device bond0 [ 516.340276][T11916] 8021q: adding VLAN 0 to HW filter on device team0 [ 516.409077][ T6382] bridge0: port 1(bridge_slave_0) entered blocking state [ 516.416235][ T6382] bridge0: port 1(bridge_slave_0) entered forwarding state [ 516.447962][ T6382] bridge0: port 2(bridge_slave_1) entered blocking state [ 516.455176][ T6382] bridge0: port 2(bridge_slave_1) entered forwarding state [ 518.288262][T11916] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 518.373300][T11916] veth0_vlan: entered promiscuous mode [ 518.624191][T11916] veth1_vlan: entered promiscuous mode [ 518.848214][T11916] veth0_macvtap: entered promiscuous mode [ 518.886257][T11916] veth1_macvtap: entered promiscuous mode [ 518.948068][T11916] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 518.970885][T11916] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 518.985369][T11916] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 518.994328][T11916] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 519.003189][T11916] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 519.042262][T11916] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 519.051549][ T30] kauditd_printk_skb: 13 callbacks suppressed [ 519.051565][ T30] audit: type=1326 audit(1751401313.233:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12115 comm="syz.1.2064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa63d8e929 code=0x7ffc0000 [ 519.185339][ T30] audit: type=1326 audit(1751401313.283:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12115 comm="syz.1.2064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa63d8e929 code=0x7ffc0000 [ 519.208352][ T30] audit: type=1326 audit(1751401313.283:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12115 comm="syz.1.2064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ffa63d8e929 code=0x7ffc0000 [ 519.626160][ T30] audit: type=1326 audit(1751401313.283:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12115 comm="syz.1.2064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa63d8e929 code=0x7ffc0000 [ 519.736478][ T30] audit: type=1326 audit(1751401313.283:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12115 comm="syz.1.2064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa63d8e929 code=0x7ffc0000 [ 519.803583][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 519.831139][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 519.838728][ T30] audit: type=1326 audit(1751401313.303:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12115 comm="syz.1.2064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7ffa63d8e929 code=0x7ffc0000 [ 520.265019][ T66] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 520.286983][ T66] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 520.529207][ T30] audit: type=1326 audit(1751401313.313:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12115 comm="syz.1.2064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa63d8e929 code=0x7ffc0000 [ 520.941872][ T30] audit: type=1326 audit(1751401313.313:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12115 comm="syz.1.2064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa63d8e929 code=0x7ffc0000 [ 521.127226][ T30] audit: type=1326 audit(1751401313.323:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12115 comm="syz.1.2064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7ffa63d8e929 code=0x7ffc0000 [ 521.220003][ T30] audit: type=1326 audit(1751401313.323:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12115 comm="syz.1.2064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa63d8e929 code=0x7ffc0000 [ 521.664204][T12163] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2080'. [ 521.748233][ T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 522.015695][T12171] input: syz1 as /devices/virtual/input/input11 [ 522.607685][ T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 522.762212][ T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 522.826354][ T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 522.932677][ T12] bridge_slave_1: left allmulticast mode [ 522.940127][ T12] bridge_slave_1: left promiscuous mode [ 522.946355][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 522.956626][ T12] bridge_slave_0: left allmulticast mode [ 522.962364][ T12] bridge_slave_0: left promiscuous mode [ 522.968683][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 523.260128][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 523.271116][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 523.285029][ T12] bond0 (unregistering): Released all slaves [ 523.519484][ T12] hsr_slave_0: left promiscuous mode [ 523.526496][ T12] hsr_slave_1: left promiscuous mode [ 523.532292][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 523.539739][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 523.547487][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 523.554976][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 523.574342][ T12] veth1_macvtap: left promiscuous mode [ 523.580069][ T12] veth0_macvtap: left promiscuous mode [ 523.585907][ T12] veth1_vlan: left promiscuous mode [ 523.591174][ T12] veth0_vlan: left promiscuous mode [ 523.941215][ T12] team0 (unregistering): Port device team_slave_1 removed [ 523.978640][ T12] team0 (unregistering): Port device team_slave_0 removed [ 526.242093][ T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 526.251880][ T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 526.265649][ T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 526.278296][ T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 526.292917][ T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 526.671366][T12206] lo speed is unknown, defaulting to 1000 [ 526.835144][T12219] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2099'. [ 527.138944][T12228] netlink: 260 bytes leftover after parsing attributes in process `syz.4.2102'. [ 527.191738][T12226] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2101'. [ 527.223252][T12206] chnl_net:caif_netlink_parms(): no params data found [ 527.533281][T12206] bridge0: port 1(bridge_slave_0) entered blocking state [ 527.624138][T12206] bridge0: port 1(bridge_slave_0) entered disabled state [ 527.647429][T12206] bridge_slave_0: entered allmulticast mode [ 527.681524][T12206] bridge_slave_0: entered promiscuous mode [ 527.710099][T12206] bridge0: port 2(bridge_slave_1) entered blocking state [ 527.718938][T12206] bridge0: port 2(bridge_slave_1) entered disabled state [ 527.727185][T12206] bridge_slave_1: entered allmulticast mode [ 527.737212][T12206] bridge_slave_1: entered promiscuous mode [ 527.913384][T12206] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 527.926024][T12206] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 528.033012][T12206] team0: Port device team_slave_0 added [ 528.047897][T12206] team0: Port device team_slave_1 added [ 528.134383][T12206] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 528.151173][T12206] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 528.211516][T12206] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 528.226154][T12206] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 528.235535][T12206] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 528.262736][T12206] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 528.379632][T12265] netlink: 260 bytes leftover after parsing attributes in process `syz.1.2114'. [ 528.388879][ T51] Bluetooth: hci4: command tx timeout [ 528.416644][T12206] hsr_slave_0: entered promiscuous mode [ 528.431367][T12206] hsr_slave_1: entered promiscuous mode [ 529.868096][T12292] syz.4.2124: attempt to access beyond end of device [ 529.868096][T12292] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 530.454218][ T51] Bluetooth: hci4: command tx timeout [ 530.622692][T12206] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 530.640632][T12206] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 530.661092][T12206] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 530.689970][T12206] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 530.958943][T12206] 8021q: adding VLAN 0 to HW filter on device bond0 [ 531.028178][T12206] 8021q: adding VLAN 0 to HW filter on device team0 [ 531.059030][ T6382] bridge0: port 1(bridge_slave_0) entered blocking state [ 531.066230][ T6382] bridge0: port 1(bridge_slave_0) entered forwarding state [ 531.101235][ T6382] bridge0: port 2(bridge_slave_1) entered blocking state [ 531.108424][ T6382] bridge0: port 2(bridge_slave_1) entered forwarding state [ 531.260978][T12329] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2135'. [ 532.542310][ T51] Bluetooth: hci4: command tx timeout [ 532.586341][T12343] xt_CT: You must specify a L4 protocol and not use inversions on it [ 532.629405][T12343] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 532.707825][ T30] kauditd_printk_skb: 16 callbacks suppressed [ 532.707842][ T30] audit: type=1326 audit(1751401326.903:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12345 comm="syz.1.2140" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ffa63d8e929 code=0x0 [ 533.637635][T12206] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 533.794830][T12206] veth0_vlan: entered promiscuous mode [ 533.815729][T12206] veth1_vlan: entered promiscuous mode [ 533.833895][T12358] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4) [ 533.833946][T12358] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 533.834896][T12358] vhci_hcd vhci_hcd.0: Device attached [ 533.887073][T12206] veth0_macvtap: entered promiscuous mode [ 533.918710][T12359] vhci_hcd: connection closed [ 533.921136][ T4510] vhci_hcd: stop threads [ 533.934462][ T4510] vhci_hcd: release socket [ 533.938920][ T4510] vhci_hcd: disconnect device [ 533.962692][T12206] veth1_macvtap: entered promiscuous mode [ 534.008402][T12206] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 534.044705][T12206] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 534.067896][T12206] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 534.085419][T12206] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 534.103927][T12206] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 534.112660][T12206] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 534.256077][ T6382] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 534.280198][ T6382] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 534.349465][ T6382] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 534.379208][ T6382] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 534.851336][ T4510] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 534.983592][ T4510] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 535.087567][ T4510] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 535.190722][ T4510] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 535.325449][ T4510] bridge_slave_1: left allmulticast mode [ 535.331169][ T4510] bridge_slave_1: left promiscuous mode [ 535.337142][ T4510] bridge0: port 2(bridge_slave_1) entered disabled state [ 535.346390][ T4510] bridge_slave_0: left allmulticast mode [ 535.352091][ T4510] bridge_slave_0: left promiscuous mode [ 535.359192][ T4510] bridge0: port 1(bridge_slave_0) entered disabled state [ 535.751993][ T4510] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 535.762891][ T4510] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 535.775027][ T4510] bond0 (unregistering): Released all slaves [ 535.978600][ T4510] hsr_slave_0: left promiscuous mode [ 535.985110][ T4510] hsr_slave_1: left promiscuous mode [ 535.990887][ T4510] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 535.998395][ T4510] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 536.006606][ T4510] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 536.014070][ T4510] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 536.034840][ T4510] veth1_macvtap: left promiscuous mode [ 536.040382][ T4510] veth0_macvtap: left promiscuous mode [ 536.046888][ T4510] veth1_vlan: left promiscuous mode [ 536.052190][ T4510] veth0_vlan: left promiscuous mode [ 536.409206][ T4510] team0 (unregistering): Port device team_slave_1 removed [ 536.443783][ T4510] team0 (unregistering): Port device team_slave_0 removed [ 537.806931][T12405] binder: 12400:12405 ioctl c0306201 0 returned -14 [ 537.966747][ T5826] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 537.975845][ T5826] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 537.983677][ T5826] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 537.991840][ T5826] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 537.999464][ T5826] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 538.359636][ T5888] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 538.375732][T12416] dvmrp8: entered allmulticast mode [ 538.439504][T12407] lo speed is unknown, defaulting to 1000 [ 538.518165][ T5888] usb 5-1: New USB device found, idVendor=2770, idProduct=9052, bcdDevice=15.f5 [ 538.666560][ T5888] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 538.690467][ T5888] usb 5-1: Product: syz [ 538.698273][ T5888] usb 5-1: Manufacturer: syz [ 538.710919][ T5888] usb 5-1: SerialNumber: syz [ 538.727015][ T5888] usb 5-1: config 0 descriptor?? [ 538.749178][ T5888] gspca_main: sq905c-2.14.0 probing 2770:9052 [ 539.675488][ T5888] gspca_sq905c: sq905c_command: usb_control_msg failed (-110) [ 539.693962][ T5888] sq905c 5-1:0.0: Get version command failed [ 539.700227][ T5888] sq905c 5-1:0.0: probe with driver sq905c failed with error -110 [ 539.831008][T12407] chnl_net:caif_netlink_parms(): no params data found [ 540.054272][ T5826] Bluetooth: hci4: command tx timeout [ 540.249532][T12407] bridge0: port 1(bridge_slave_0) entered blocking state [ 540.257258][T12407] bridge0: port 1(bridge_slave_0) entered disabled state [ 540.264716][T12407] bridge_slave_0: entered allmulticast mode [ 540.273068][T12407] bridge_slave_0: entered promiscuous mode [ 540.282180][T12407] bridge0: port 2(bridge_slave_1) entered blocking state [ 540.289784][T12407] bridge0: port 2(bridge_slave_1) entered disabled state [ 540.298899][T12407] bridge_slave_1: entered allmulticast mode [ 540.307112][T12407] bridge_slave_1: entered promiscuous mode [ 540.363137][T12407] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 540.390461][T12407] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 540.469963][T12407] team0: Port device team_slave_0 added [ 540.479042][T12407] team0: Port device team_slave_1 added [ 540.511337][T12407] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 540.518392][T12407] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 540.544458][T12407] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 540.566341][T12407] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 540.573332][T12407] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 540.681502][T12407] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 540.819669][T12407] hsr_slave_0: entered promiscuous mode [ 540.838795][T12407] hsr_slave_1: entered promiscuous mode [ 541.133104][ T10] usb 5-1: USB disconnect, device number 10 [ 542.123888][ T10] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 542.135115][ T5826] Bluetooth: hci4: command tx timeout [ 542.305252][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 542.316098][T12463] binder: 12462:12463 ioctl c0306201 0 returned -14 [ 542.328970][ T10] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 16 [ 542.359109][ T10] usb 5-1: New USB device found, idVendor=04d8, idProduct=00df, bcdDevice= 0.00 [ 542.373504][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 542.391684][ T10] usb 5-1: config 0 descriptor?? [ 543.286292][ T10] mcp2200 0003:04D8:00DF.0008: unknown main item tag 0x0 [ 543.299345][ T10] mcp2200 0003:04D8:00DF.0008: unknown main item tag 0x0 [ 543.420687][ T10] mcp2200 0003:04D8:00DF.0008: unknown main item tag 0x0 [ 543.443907][ T10] mcp2200 0003:04D8:00DF.0008: unknown main item tag 0x0 [ 543.461963][ T10] mcp2200 0003:04D8:00DF.0008: item fetching failed at offset 4/5 [ 543.601065][ T10] mcp2200 0003:04D8:00DF.0008: can't parse reports [ 543.620249][ T10] mcp2200 0003:04D8:00DF.0008: probe with driver mcp2200 failed with error -22 [ 543.650120][ T10] usb 5-1: USB disconnect, device number 11 [ 543.657780][T12407] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 543.793934][T12407] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 543.834565][T12407] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 543.893589][T12407] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 544.167225][T12407] 8021q: adding VLAN 0 to HW filter on device bond0 [ 544.214184][ T5826] Bluetooth: hci4: command tx timeout [ 544.250796][T12407] 8021q: adding VLAN 0 to HW filter on device team0 [ 544.314686][T12486] ptrace attach of "./syz-executor exec"[5820] was attempted by ""[12486] [ 544.471230][ T6382] bridge0: port 1(bridge_slave_0) entered blocking state [ 544.478510][ T6382] bridge0: port 1(bridge_slave_0) entered forwarding state [ 544.509916][ T6382] bridge0: port 2(bridge_slave_1) entered blocking state [ 544.517157][ T6382] bridge0: port 2(bridge_slave_1) entered forwarding state [ 545.262677][T12407] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 546.342173][ T5826] Bluetooth: hci4: command tx timeout [ 547.037648][T12407] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 547.102611][T12407] veth0_vlan: entered promiscuous mode [ 547.132602][T12407] veth1_vlan: entered promiscuous mode [ 547.133135][ T10] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 547.172440][T12520] binder: 12519:12520 ioctl c0306201 0 returned -14 [ 547.200739][T12407] veth0_macvtap: entered promiscuous mode [ 547.216152][ T5826] Bluetooth: hci0: unexpected event 0x2f length: 983 > 260 [ 547.216194][ T5826] Bluetooth: hci0: Malformed Event: 0x2f [ 547.238015][T12407] veth1_macvtap: entered promiscuous mode [ 547.257802][T12407] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 547.269642][T12407] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 547.290432][T12407] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 547.314139][T12407] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 547.316177][ T10] usb 1-1: Using ep0 maxpacket: 8 [ 547.331846][T12407] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 547.353529][ T10] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 547.353919][T12407] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 547.373006][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 547.426695][ T10] pvrusb2: Hardware description: Terratec Grabster AV400 [ 547.458542][ T10] pvrusb2: ********** [ 547.462586][ T10] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 547.483973][ T10] pvrusb2: Important functionality might not be entirely working. [ 547.511541][ T10] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 547.584419][T12531] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2193'. [ 547.982001][ T10] pvrusb2: ********** [ 548.003992][ T2342] pvrusb2: Invalid write control endpoint [ 548.028849][ T10] usb 1-1: USB disconnect, device number 16 [ 548.127621][ T2342] pvrusb2: Invalid write control endpoint [ 548.146342][ T2342] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 548.194748][ T2342] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 548.202354][ T2342] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 548.276336][ T2342] pvrusb2: Device being rendered inoperable [ 548.292934][ T2342] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 548.323886][ T2342] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 548.334730][ T2342] pvrusb2: Attached sub-driver cx25840 [ 548.340242][ T2342] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 548.366802][ T2342] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 548.399046][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 548.418656][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 548.501367][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 548.509826][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 550.387062][ T6382] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 550.403919][ T5888] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 550.579771][ T5888] usb 1-1: New USB device found, idVendor=2770, idProduct=9052, bcdDevice=15.f5 [ 550.608419][ T5888] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 550.634296][ T5888] usb 1-1: Product: syz [ 550.638523][ T5888] usb 1-1: Manufacturer: syz [ 550.643141][ T5888] usb 1-1: SerialNumber: syz [ 550.654763][ T5888] usb 1-1: config 0 descriptor?? [ 550.663162][ T5888] gspca_main: sq905c-2.14.0 probing 2770:9052 [ 550.731208][ T6382] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 550.832401][ T6382] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 550.926350][ T6382] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 551.199835][ T6382] bridge_slave_1: left allmulticast mode [ 551.205868][ T6382] bridge_slave_1: left promiscuous mode [ 551.212689][ T6382] bridge0: port 2(bridge_slave_1) entered disabled state [ 551.276655][ T6382] bridge_slave_0: left allmulticast mode [ 551.293492][ T6382] bridge_slave_0: left promiscuous mode [ 551.318138][ T6382] bridge0: port 1(bridge_slave_0) entered disabled state [ 552.036929][ T6382] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 552.051126][ T6382] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 552.063564][ T6382] bond0 (unregistering): Released all slaves [ 552.235571][ T5888] gspca_sq905c: sq905c_read: usb_control_msg failed (-110) [ 552.242831][ T5888] sq905c 1-1:0.0: Reading version command failed [ 552.254063][ T5888] sq905c 1-1:0.0: probe with driver sq905c failed with error -110 [ 552.670442][ T6382] hsr_slave_0: left promiscuous mode [ 552.720807][ T6382] hsr_slave_1: left promiscuous mode [ 552.862775][T12587] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2211'. [ 552.870624][ T6382] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 552.879622][ T8520] usb 1-1: USB disconnect, device number 17 [ 552.888689][ T6382] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 552.924707][ T6382] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 552.935846][ T6382] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 553.008309][ T6382] veth1_macvtap: left promiscuous mode [ 553.023508][ T6382] veth0_macvtap: left promiscuous mode [ 553.042190][ T6382] veth1_vlan: left promiscuous mode [ 553.059449][ T6382] veth0_vlan: left promiscuous mode [ 553.211212][ T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 553.221065][ T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 553.229763][ T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 553.238529][ T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 553.248207][ T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 555.491877][ T51] Bluetooth: hci4: command tx timeout [ 555.691502][ T6382] team0 (unregistering): Port device team_slave_1 removed [ 555.827890][ T6382] team0 (unregistering): Port device team_slave_0 removed [ 557.242073][T12591] lo speed is unknown, defaulting to 1000 [ 557.593900][ T24] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 557.601682][ T51] Bluetooth: hci4: command tx timeout [ 557.888245][ T24] usb 2-1: New USB device found, idVendor=2770, idProduct=9052, bcdDevice=15.f5 [ 558.037027][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 558.204670][ T24] usb 2-1: Product: syz [ 558.298095][ T24] usb 2-1: Manufacturer: syz [ 558.316024][ T24] usb 2-1: SerialNumber: syz [ 558.359666][ T24] usb 2-1: config 0 descriptor?? [ 558.368232][ T24] gspca_main: sq905c-2.14.0 probing 2770:9052 [ 558.894483][ T24] gspca_sq905c: sq905c_command: usb_control_msg failed (-110) [ 558.902078][ T24] sq905c 2-1:0.0: Get version command failed [ 559.016857][ T24] sq905c 2-1:0.0: probe with driver sq905c failed with error -110 [ 559.124808][T12591] chnl_net:caif_netlink_parms(): no params data found [ 559.653992][ T51] Bluetooth: hci4: command tx timeout [ 560.192221][T12591] bridge0: port 1(bridge_slave_0) entered blocking state [ 560.222487][T12591] bridge0: port 1(bridge_slave_0) entered disabled state [ 560.248098][T12591] bridge_slave_0: entered allmulticast mode [ 560.281828][T12591] bridge_slave_0: entered promiscuous mode [ 560.318724][T12591] bridge0: port 2(bridge_slave_1) entered blocking state [ 560.339536][T12591] bridge0: port 2(bridge_slave_1) entered disabled state [ 560.360084][T12591] bridge_slave_1: entered allmulticast mode [ 560.387256][T12591] bridge_slave_1: entered promiscuous mode [ 560.416508][T12655] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2232'. [ 560.483356][T12591] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 560.547620][T12591] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 560.621832][ T8520] usb 2-1: USB disconnect, device number 13 [ 560.691403][T12591] team0: Port device team_slave_0 added [ 560.715235][T12591] team0: Port device team_slave_1 added [ 560.887770][T12591] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 560.936138][ T8520] IPVS: starting estimator thread 0... [ 560.955121][T12591] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 561.104331][T12672] IPVS: using max 25 ests per chain, 60000 per kthread [ 561.140940][T12591] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 561.733945][ T51] Bluetooth: hci4: command tx timeout [ 561.754815][T12591] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 561.761811][T12591] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 561.900181][T12591] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 562.043268][T12591] hsr_slave_0: entered promiscuous mode [ 562.076657][T12591] hsr_slave_1: entered promiscuous mode [ 562.413936][ T8520] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 563.048991][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.124161][T12697] snd_dummy snd_dummy.0: control 0:129:-2:syz0:5 is already present [ 563.183875][ T8520] usb 4-1: Using ep0 maxpacket: 32 [ 563.202464][ T8520] usb 4-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 563.226077][ T8520] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 563.267423][ T8520] usb 4-1: Product: syz [ 563.271661][ T8520] usb 4-1: Manufacturer: syz [ 563.277815][ T8520] usb 4-1: SerialNumber: syz [ 563.290293][ T8520] usb 4-1: config 0 descriptor?? [ 563.330881][ T8520] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 564.337717][T12591] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 564.372394][T12591] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 564.413578][ T8520] gspca_stk1135: reg_w 0x0 err -110 [ 564.420433][ T8520] gspca_stk1135: serial bus timeout: status=0x00 [ 564.427329][ T8520] gspca_stk1135: Sensor write failed [ 564.432674][ T8520] gspca_stk1135: serial bus timeout: status=0x00 [ 564.439790][ T8520] gspca_stk1135: Sensor write failed [ 564.445276][ T8520] gspca_stk1135: serial bus timeout: status=0x00 [ 564.451628][ T8520] gspca_stk1135: Sensor read failed [ 564.457368][ T8520] gspca_stk1135: serial bus timeout: status=0x00 [ 564.463727][ T8520] gspca_stk1135: Sensor read failed [ 564.469071][ T8520] gspca_stk1135: Detected sensor type unknown (0x0) [ 564.473753][T12591] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 564.475748][ T8520] gspca_stk1135: serial bus timeout: status=0x00 [ 564.475763][ T8520] gspca_stk1135: Sensor read failed [ 564.475794][ T8520] gspca_stk1135: serial bus timeout: status=0x00 [ 564.475803][ T8520] gspca_stk1135: Sensor read failed [ 564.475833][ T8520] gspca_stk1135: serial bus timeout: status=0x00 [ 564.521563][ T8520] gspca_stk1135: Sensor write failed [ 564.528490][ T8520] gspca_stk1135: serial bus timeout: status=0x00 [ 564.544553][T12591] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 564.576172][ T8520] gspca_stk1135: Sensor write failed [ 564.588332][ T8520] stk1135 4-1:0.0: probe with driver stk1135 failed with error -110 [ 564.772247][T12591] 8021q: adding VLAN 0 to HW filter on device bond0 [ 564.827274][T12591] 8021q: adding VLAN 0 to HW filter on device team0 [ 564.853197][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 564.860418][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 564.886231][ T51] Bluetooth: hci0: unexpected event 0x2f length: 983 > 260 [ 564.886263][ T51] Bluetooth: hci0: Malformed Event: 0x2f [ 564.896783][ T8522] usb 4-1: USB disconnect, device number 13 [ 564.908988][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 564.916163][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 564.980630][T12738] snd_dummy snd_dummy.0: control 0:129:-2:syz0:5 is already present [ 565.257468][T12591] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 565.349616][T12591] veth0_vlan: entered promiscuous mode [ 565.373197][T12591] veth1_vlan: entered promiscuous mode [ 565.403800][T12591] veth0_macvtap: entered promiscuous mode [ 565.431533][T12591] veth1_macvtap: entered promiscuous mode [ 565.453275][T12591] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 565.474177][T12591] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 565.491532][T12591] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 565.502429][T12591] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 565.514951][T12591] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 565.523866][T12591] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 565.619725][ T6012] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 565.632565][ T6012] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 565.917879][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 565.941983][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 567.933594][T12770] sctp: failed to load transform for md5: -2 [ 568.150935][ T30] audit: type=1326 audit(1751401362.333:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12774 comm="syz.1.2274" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ffa63d8e929 code=0x0 [ 568.429240][ T51] Bluetooth: hci1: unexpected event 0x2f length: 983 > 260 [ 568.429294][ T51] Bluetooth: hci1: Malformed Event: 0x2f [ 569.154305][ T8520] usb 5-1: new full-speed USB device number 12 using dummy_hcd [ 569.340007][T12794] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2278'. [ 569.368429][T12794] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2278'. [ 569.391826][ T51] Bluetooth: hci1: unexpected event for opcode 0x202a [ 569.934352][ T8520] usb 5-1: config 4 has an invalid interface number: 44 but max is 0 [ 569.952687][ T8520] usb 5-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 569.979467][ T8520] usb 5-1: config 4 has no interface number 0 [ 570.014840][ T8520] usb 5-1: New USB device found, idVendor=1044, idProduct=7001, bcdDevice= 5.20 [ 570.038196][ T8520] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 570.067785][ T8520] usb 5-1: Product: syz [ 570.095789][ T8520] usb 5-1: Manufacturer: syz [ 570.100435][ T8520] usb 5-1: SerialNumber: syz [ 570.107433][ T30] audit: type=1326 audit(1751401364.303:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12795 comm="syz.1.2281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa63d8e929 code=0x7ffc0000 [ 570.147669][ T30] audit: type=1326 audit(1751401364.303:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12795 comm="syz.1.2281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa63d8e929 code=0x7ffc0000 [ 570.187513][ T30] audit: type=1326 audit(1751401364.303:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12795 comm="syz.1.2281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ffa63d8e929 code=0x7ffc0000 [ 570.257110][ T30] audit: type=1326 audit(1751401364.303:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12795 comm="syz.1.2281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa63d8e929 code=0x7ffc0000 [ 570.463853][ T8520] dvb-usb: found a 'Gigabyte U7000' in cold state, will try to load a firmware [ 570.550742][ T30] audit: type=1326 audit(1751401364.303:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12795 comm="syz.1.2281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa63d8e929 code=0x7ffc0000 [ 570.573594][ T30] audit: type=1326 audit(1751401364.303:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12795 comm="syz.1.2281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7ffa63d8e929 code=0x7ffc0000 [ 571.361070][ T30] audit: type=1326 audit(1751401364.383:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12795 comm="syz.1.2281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa63d8e929 code=0x7ffc0000 [ 571.383844][ T30] audit: type=1326 audit(1751401364.383:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12795 comm="syz.1.2281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa63d8e929 code=0x7ffc0000 [ 571.408573][ T30] audit: type=1326 audit(1751401364.743:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12795 comm="syz.1.2281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ffa63d8e929 code=0x7ffc0000 [ 571.442006][ T8520] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw' [ 571.504676][ T8520] dib0700: firmware download failed at 7 with -22 [ 571.935860][ T8520] usb 5-1: USB disconnect, device number 12 [ 572.060854][ T6012] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 572.996870][ T6012] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 575.217069][ T6012] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 575.386244][ T6012] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 575.597055][ T6012] bridge_slave_1: left allmulticast mode [ 575.603935][ T6012] bridge_slave_1: left promiscuous mode [ 575.609679][ T6012] bridge0: port 2(bridge_slave_1) entered disabled state [ 575.658017][ T6012] bridge_slave_0: left allmulticast mode [ 575.663685][ T6012] bridge_slave_0: left promiscuous mode [ 575.695163][ T6012] bridge0: port 1(bridge_slave_0) entered disabled state [ 576.548402][ T6012] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 576.560279][ T6012] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 576.572333][ T6012] bond0 (unregistering): Released all slaves [ 576.874955][ T6012] hsr_slave_0: left promiscuous mode [ 576.883261][ T6012] hsr_slave_1: left promiscuous mode [ 576.889367][ T6012] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 576.904502][ T6012] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 576.914407][ T6012] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 576.921842][ T6012] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 577.019438][ T6012] veth1_macvtap: left promiscuous mode [ 577.063970][ T6012] veth0_macvtap: left promiscuous mode [ 577.074524][ T6012] veth1_vlan: left promiscuous mode [ 577.102530][ T6012] veth0_vlan: left promiscuous mode [ 578.346739][ T5826] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 578.356129][ T5826] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 578.364682][ T5826] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 578.372914][ T5826] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 578.381467][ T5826] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 578.589101][ T8541] Process accounting resumed [ 579.269689][ T51] Bluetooth: hci1: ACL packet for unknown connection handle 200 [ 579.644902][T12849] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2295'. [ 579.665168][T12849] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2295'. [ 579.678134][ T51] Bluetooth: hci0: unexpected event for opcode 0x202a [ 580.170188][ T30] kauditd_printk_skb: 14 callbacks suppressed [ 580.170219][ T30] audit: type=1326 audit(1751401374.353:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12844 comm="syz.0.2297" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fdf13f8e929 code=0x0 [ 580.543704][ T51] Bluetooth: hci4: command tx timeout [ 580.776967][ T6012] team0 (unregistering): Port device team_slave_1 removed [ 580.899476][T12860] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2296'. [ 580.919034][T12860] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2296'. [ 580.986632][ T51] Bluetooth: hci3: unexpected event for opcode 0x202a [ 581.385567][ T6012] team0 (unregistering): Port device team_slave_0 removed [ 581.654603][ T24] Process accounting resumed [ 582.614217][ T51] Bluetooth: hci4: command tx timeout [ 583.433864][ T8541] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 584.214133][ T8541] usb 1-1: Using ep0 maxpacket: 8 [ 584.261917][ T8541] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 584.302066][ T8541] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 584.611295][ T8541] pvrusb2: Hardware description: Terratec Grabster AV400 [ 584.628959][ T8541] pvrusb2: ********** [ 584.633110][ T8541] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 584.663260][T12888] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 584.663857][ T8541] pvrusb2: Important functionality might not be entirely working. [ 584.679636][ T8541] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 584.699694][ T51] Bluetooth: hci4: command tx timeout [ 584.750709][ T8541] pvrusb2: ********** [ 586.775249][ T51] Bluetooth: hci4: command tx timeout [ 587.618549][ T6009] libceph: connect (1)[c::]:6789 error -101 [ 587.628206][ T6009] libceph: mon0 (1)[c::]:6789 connect error [ 587.831750][T12896] ceph: No mds server is up or the cluster is laggy [ 587.910184][ T6009] libceph: connect (1)[c::]:6789 error -101 [ 587.918725][ T6009] libceph: mon0 (1)[c::]:6789 connect error [ 588.612767][T12833] lo speed is unknown, defaulting to 1000 [ 589.378964][ T2342] pvrusb2: Invalid write control endpoint [ 589.386973][ T8541] usb 1-1: USB disconnect, device number 18 [ 589.619170][ T2342] pvrusb2: Invalid write control endpoint [ 589.625068][ T2342] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 589.634915][ T2342] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 589.642503][ T2342] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 589.652809][ T2342] pvrusb2: Device being rendered inoperable [ 589.658991][ T2342] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 589.666259][ T2342] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 589.676502][ T2342] pvrusb2: Attached sub-driver cx25840 [ 589.681993][ T2342] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 589.692204][ T2342] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 589.993907][ T6009] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 590.003133][T12833] chnl_net:caif_netlink_parms(): no params data found [ 590.206593][ T6009] usb 2-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad [ 590.252453][ T6009] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 590.290539][ T6009] usb 2-1: config 0 descriptor?? [ 590.928170][ T6009] gspca_main: spca508-2.14.0 probing 8086:0110 [ 590.990172][ T6009] gspca_spca508: reg_read err -32 [ 591.051641][ T6009] gspca_spca508: reg_read err -32 [ 591.073325][ T6009] gspca_spca508: reg_read err -32 [ 591.114030][ T6009] gspca_spca508: reg_read err -32 [ 591.178780][T12833] bridge0: port 1(bridge_slave_0) entered blocking state [ 591.194167][T12833] bridge0: port 1(bridge_slave_0) entered disabled state [ 591.213347][T12833] bridge_slave_0: entered allmulticast mode [ 591.249042][T12833] bridge_slave_0: entered promiscuous mode [ 591.282165][T12833] bridge0: port 2(bridge_slave_1) entered blocking state [ 591.300875][T12833] bridge0: port 2(bridge_slave_1) entered disabled state [ 591.320563][T12833] bridge_slave_1: entered allmulticast mode [ 591.348593][ T6009] gspca_spca508: reg write: error -71 [ 591.354167][ T6009] spca508 2-1:0.0: probe with driver spca508 failed with error -71 [ 591.372353][ T6009] usb 2-1: USB disconnect, device number 14 [ 591.375943][T12833] bridge_slave_1: entered promiscuous mode [ 591.460930][T12833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 591.491514][T12833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 591.538469][T12833] team0: Port device team_slave_0 added [ 591.548733][T12833] team0: Port device team_slave_1 added [ 591.667183][T12833] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 591.683889][T12833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 591.744589][T12833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 591.758022][T12833] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 591.766664][T12833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 591.793308][T12833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 591.961419][T12833] hsr_slave_0: entered promiscuous mode [ 591.988047][ T51] Bluetooth: hci2: unexpected event 0x2f length: 983 > 260 [ 591.988077][ T51] Bluetooth: hci2: Malformed Event: 0x2f [ 591.988883][T12833] hsr_slave_1: entered promiscuous mode [ 592.190972][T12959] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2327'. [ 592.211976][T12962] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2328'. [ 592.251245][T12962] team0: entered promiscuous mode [ 592.285778][T12962] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 594.863350][T12985] 0猉功D: left allmulticast mode [ 596.361433][T12833] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 596.402289][T12833] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 596.433531][T12833] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 596.580594][T12833] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 598.382545][T12833] 8021q: adding VLAN 0 to HW filter on device bond0 [ 598.541922][T12833] 8021q: adding VLAN 0 to HW filter on device team0 [ 598.792410][ T4510] bridge0: port 1(bridge_slave_0) entered blocking state [ 598.799619][ T4510] bridge0: port 1(bridge_slave_0) entered forwarding state [ 598.904257][ T10] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 599.129208][ T6604] bridge0: port 2(bridge_slave_1) entered blocking state [ 599.136376][ T6604] bridge0: port 2(bridge_slave_1) entered forwarding state [ 599.143977][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 599.160482][ T10] usb 5-1: unable to get BOS descriptor or descriptor too short [ 599.200797][ T10] usb 5-1: config 4 interface 0 has no altsetting 0 [ 599.228631][ T10] usb 5-1: string descriptor 0 read error: -22 [ 599.235715][ T10] usb 5-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 599.283996][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 599.321401][T13048] tc_dump_action: action bad kind [ 599.330586][ T10] usb 5-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 599.376812][ T10] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 599.394920][ T10] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 599.424277][ T10] usb 5-1: media controller created [ 599.708734][ T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 599.719427][T13039] usb 5-1: dvb_usb_au6610: wlen=0, aborting [ 600.318716][ T10] zl10353_read_register: readreg error (reg=127, ret==0) [ 600.453673][T12833] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 600.542295][ T10] usb 5-1: USB disconnect, device number 13 [ 600.635728][T12833] veth0_vlan: entered promiscuous mode [ 600.649595][T12833] veth1_vlan: entered promiscuous mode [ 600.682607][T12833] veth0_macvtap: entered promiscuous mode [ 600.717458][T13069] wg2: entered promiscuous mode [ 600.722861][T13069] wg2: entered allmulticast mode [ 600.777540][T12833] veth1_macvtap: entered promiscuous mode [ 600.819168][T12833] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 600.900459][T13074] fuse: Bad value for 'fd' [ 601.184560][T12833] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 601.347830][T12833] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 601.363995][T12833] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 601.372819][T12833] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 601.393905][T12833] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 601.883978][T13083] kernel profiling enabled (shift: 17) [ 601.911920][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 601.920476][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 602.497974][T13092] netlink: 256 bytes leftover after parsing attributes in process `syz.0.2364'. [ 602.507441][T13092] ksmbd: Unknown IPC event: 0, ignore. [ 602.516674][T13091] lo speed is unknown, defaulting to 1000 [ 603.722950][ T4510] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 603.907009][ T4510] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 605.099959][T13107] ------------[ cut here ]------------ [ 605.105994][T13107] WARNING: CPU: 0 PID: 13107 at ./include/linux/memcontrol.h:371 folio_memcg+0x1a8/0x310 [ 605.115893][T13107] Modules linked in: [ 605.120010][T13107] CPU: 0 UID: 0 PID: 13107 Comm: syz.0.2369 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 605.132203][T13107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 605.142338][T13107] RIP: 0010:folio_memcg+0x1a8/0x310 [ 605.147636][T13107] Code: 80 3c 28 00 74 08 4c 89 f7 e8 b4 cc 1b 00 4d 8b 36 4c 89 f0 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 89 74 ba ff 90 <0f> 0b 90 eb c5 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c fe fe ff ff [ 605.167509][T13107] RSP: 0018:ffffc9000ae7f250 EFLAGS: 00010287 [ 605.173629][T13107] RAX: ffffffff8205d907 RBX: 0000000000000000 RCX: 0000000000080000 [ 605.181747][T13107] RDX: ffffc9000b3b9000 RSI: 0000000000001a2a RDI: 0000000000001a2b [ 605.189807][T13107] RBP: 0000000000000000 R08: ffffea0000b4d947 R09: 1ffffd4000169b28 [ 605.198441][T13107] R10: dffffc0000000000 R11: fffff94000169b29 R12: ffffea0000b4d970 [ 605.207068][T13107] R13: dffffc0000000000 R14: ffff88807b8f5780 R15: 0000000000000002 [ 605.215089][T13107] FS: 00007fdf14d506c0(0000) GS:ffff888125c84000(0000) knlGS:0000000000000000 [ 605.224071][T13107] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 605.230745][T13107] CR2: 0000000000000000 CR3: 0000000076da2000 CR4: 00000000003526f0 [ 605.238760][T13107] Call Trace: [ 605.242051][T13107] [ 605.245038][T13107] workingset_activation+0x5f/0x4a0 [ 605.250254][T13107] ? folio_mark_accessed+0x341/0x4a0 [ 605.255967][T13107] folio_mark_accessed+0x3b5/0x4a0 [ 605.261106][T13107] kvm_release_page_clean+0x9a/0xe0 [ 605.266382][T13107] kvm_tdp_page_fault+0x2dd/0x370 [ 605.271423][T13107] kvm_mmu_do_page_fault+0x2c5/0x640 [ 605.276826][T13107] ? vmx_vcpu_run+0xd8b/0x25d0 [ 605.281600][T13107] ? __pfx_kvm_mmu_do_page_fault+0x10/0x10 [ 605.287512][T13107] ? vmx_handle_exit_irqoff+0x29e/0xad0 [ 605.293075][T13107] kvm_mmu_page_fault+0x22f/0xb70 [ 605.298676][T13107] ? __pfx_handle_ept_violation+0x10/0x10 [ 605.304991][T13107] vmx_handle_exit+0x1093/0x18a0 [ 605.309956][T13107] ? vcpu_run+0x361c/0x6f70 [ 605.314573][T13107] vcpu_run+0x432e/0x6f70 [ 605.318929][T13107] ? vcpu_run+0x361c/0x6f70 [ 605.323518][T13107] ? __pfx_vcpu_run+0x10/0x10 [ 605.328250][T13107] ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940 [ 605.334107][T13107] ? rcu_is_watching+0x15/0xb0 [ 605.338897][T13107] kvm_arch_vcpu_ioctl_run+0xfc9/0x1940 [ 605.344536][T13107] ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940 [ 605.350263][T13107] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 605.356274][T13107] ? rcu_is_watching+0x15/0xb0 [ 605.361045][T13107] ? look_up_lock_class+0x74/0x170 [ 605.366261][T13107] ? register_lock_class+0x51/0x320 [ 605.371479][T13107] ? __lock_acquire+0xab9/0xd20 [ 605.376383][T13107] kvm_vcpu_ioctl+0x95c/0xe90 [ 605.381069][T13107] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 605.386359][T13107] ? __lock_acquire+0xab9/0xd20 [ 605.391263][T13107] ? __asan_memset+0x22/0x50 [ 605.395906][T13107] ? smack_file_ioctl+0x302/0x340 [ 605.401529][T13107] ? __pfx_smack_file_ioctl+0x10/0x10 [ 605.407443][T13107] ? __fget_files+0x2a/0x420 [ 605.412050][T13107] ? __fget_files+0x3a0/0x420 [ 605.416835][T13107] ? __fget_files+0x2a/0x420 [ 605.421436][T13107] ? bpf_lsm_file_ioctl+0x9/0x20 [ 605.426429][T13107] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 605.431638][T13107] __se_sys_ioctl+0xfc/0x170 [ 605.436260][T13107] do_syscall_64+0xfa/0x3b0 [ 605.440771][T13107] ? lockdep_hardirqs_on+0x9c/0x150 [ 605.446016][T13107] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 605.452118][T13107] ? clear_bhb_loop+0x60/0xb0 [ 605.456873][T13107] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 605.462775][T13107] RIP: 0033:0x7fdf13f8e929 [ 605.467244][T13107] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 605.486917][T13107] RSP: 002b:00007fdf14d50038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 605.495640][T13107] RAX: ffffffffffffffda RBX: 00007fdf141b5fa0 RCX: 00007fdf13f8e929 [ 605.504581][T13107] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000008 [ 605.512568][T13107] RBP: 00007fdf14010b39 R08: 0000000000000000 R09: 0000000000000000 [ 605.521122][T13107] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 605.529139][T13107] R13: 0000000000000000 R14: 00007fdf141b5fa0 R15: 00007ffdedb673e8 [ 605.537176][T13107] [ 605.540209][T13107] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 605.547487][T13107] CPU: 0 UID: 0 PID: 13107 Comm: syz.0.2369 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) [ 605.559551][T13107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 605.569604][T13107] Call Trace: [ 605.572879][T13107] [ 605.575809][T13107] dump_stack_lvl+0x99/0x250 [ 605.580425][T13107] ? __asan_memcpy+0x40/0x70 [ 605.585016][T13107] ? __pfx_dump_stack_lvl+0x10/0x10 [ 605.590224][T13107] ? __pfx__printk+0x10/0x10 [ 605.594833][T13107] panic+0x2db/0x790 [ 605.598746][T13107] ? __pfx_panic+0x10/0x10 [ 605.603197][T13107] __warn+0x31b/0x4b0 [ 605.607196][T13107] ? folio_memcg+0x1a8/0x310 [ 605.611800][T13107] ? folio_memcg+0x1a8/0x310 [ 605.616413][T13107] report_bug+0x2be/0x4f0 [ 605.620748][T13107] ? folio_memcg+0x1a8/0x310 [ 605.625344][T13107] ? folio_memcg+0x1a8/0x310 [ 605.629941][T13107] ? folio_memcg+0x1aa/0x310 [ 605.634542][T13107] handle_bug+0x84/0x160 [ 605.638795][T13107] exc_invalid_op+0x1a/0x50 [ 605.643309][T13107] asm_exc_invalid_op+0x1a/0x20 [ 605.648175][T13107] RIP: 0010:folio_memcg+0x1a8/0x310 [ 605.653388][T13107] Code: 80 3c 28 00 74 08 4c 89 f7 e8 b4 cc 1b 00 4d 8b 36 4c 89 f0 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 89 74 ba ff 90 <0f> 0b 90 eb c5 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c fe fe ff ff [ 605.673006][T13107] RSP: 0018:ffffc9000ae7f250 EFLAGS: 00010287 [ 605.679086][T13107] RAX: ffffffff8205d907 RBX: 0000000000000000 RCX: 0000000000080000 [ 605.687078][T13107] RDX: ffffc9000b3b9000 RSI: 0000000000001a2a RDI: 0000000000001a2b [ 605.695058][T13107] RBP: 0000000000000000 R08: ffffea0000b4d947 R09: 1ffffd4000169b28 [ 605.703038][T13107] R10: dffffc0000000000 R11: fffff94000169b29 R12: ffffea0000b4d970 [ 605.711012][T13107] R13: dffffc0000000000 R14: ffff88807b8f5780 R15: 0000000000000002 [ 605.718992][T13107] ? folio_memcg+0x1a7/0x310 [ 605.723600][T13107] workingset_activation+0x5f/0x4a0 [ 605.728803][T13107] ? folio_mark_accessed+0x341/0x4a0 [ 605.734088][T13107] folio_mark_accessed+0x3b5/0x4a0 [ 605.739204][T13107] kvm_release_page_clean+0x9a/0xe0 [ 605.744431][T13107] kvm_tdp_page_fault+0x2dd/0x370 [ 605.749507][T13107] kvm_mmu_do_page_fault+0x2c5/0x640 [ 605.754794][T13107] ? vmx_vcpu_run+0xd8b/0x25d0 [ 605.759585][T13107] ? __pfx_kvm_mmu_do_page_fault+0x10/0x10 [ 605.765408][T13107] ? vmx_handle_exit_irqoff+0x29e/0xad0 [ 605.770973][T13107] kvm_mmu_page_fault+0x22f/0xb70 [ 605.776007][T13107] ? __pfx_handle_ept_violation+0x10/0x10 [ 605.781872][T13107] vmx_handle_exit+0x1093/0x18a0 [ 605.786820][T13107] ? vcpu_run+0x361c/0x6f70 [ 605.791335][T13107] vcpu_run+0x432e/0x6f70 [ 605.795682][T13107] ? vcpu_run+0x361c/0x6f70 [ 605.800231][T13107] ? __pfx_vcpu_run+0x10/0x10 [ 605.804913][T13107] ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940 [ 605.810645][T13107] ? rcu_is_watching+0x15/0xb0 [ 605.815425][T13107] kvm_arch_vcpu_ioctl_run+0xfc9/0x1940 [ 605.820986][T13107] ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940 [ 605.826709][T13107] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 605.832707][T13107] ? rcu_is_watching+0x15/0xb0 [ 605.837485][T13107] ? look_up_lock_class+0x74/0x170 [ 605.842603][T13107] ? register_lock_class+0x51/0x320 [ 605.847828][T13107] ? __lock_acquire+0xab9/0xd20 [ 605.852714][T13107] kvm_vcpu_ioctl+0x95c/0xe90 [ 605.857389][T13107] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 605.862590][T13107] ? __lock_acquire+0xab9/0xd20 [ 605.867449][T13107] ? __asan_memset+0x22/0x50 [ 605.872036][T13107] ? smack_file_ioctl+0x302/0x340 [ 605.877057][T13107] ? __pfx_smack_file_ioctl+0x10/0x10 [ 605.882433][T13107] ? __fget_files+0x2a/0x420 [ 605.887027][T13107] ? __fget_files+0x3a0/0x420 [ 605.891707][T13107] ? __fget_files+0x2a/0x420 [ 605.896299][T13107] ? bpf_lsm_file_ioctl+0x9/0x20 [ 605.901238][T13107] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 605.906457][T13107] __se_sys_ioctl+0xfc/0x170 [ 605.911067][T13107] do_syscall_64+0xfa/0x3b0 [ 605.915586][T13107] ? lockdep_hardirqs_on+0x9c/0x150 [ 605.920810][T13107] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 605.926874][T13107] ? clear_bhb_loop+0x60/0xb0 [ 605.931549][T13107] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 605.937436][T13107] RIP: 0033:0x7fdf13f8e929 [ 605.941849][T13107] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 605.961463][T13107] RSP: 002b:00007fdf14d50038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 605.969883][T13107] RAX: ffffffffffffffda RBX: 00007fdf141b5fa0 RCX: 00007fdf13f8e929 [ 605.977853][T13107] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000008 [ 605.985820][T13107] RBP: 00007fdf14010b39 R08: 0000000000000000 R09: 0000000000000000 [ 605.993807][T13107] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 606.001803][T13107] R13: 0000000000000000 R14: 00007fdf141b5fa0 R15: 00007ffdedb673e8 [ 606.009792][T13107] [ 606.013146][T13107] Kernel Offset: disabled [ 606.017488][T13107] Rebooting in 86400 seconds..