last executing test programs: 3.676049634s ago: executing program 2 (id=424): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$gtp(&(0x7f0000000440), r0) sendmsg$GTP_CMD_GETPDP(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000480)={0x14, r1, 0x705, 0x70bd2d, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4004091}, 0x0) 3.55722621s ago: executing program 2 (id=426): ioctl$XFS_IOC_START_COMMIT(0xffffffffffffffff, 0x80585882, &(0x7f00000000c0)) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$nl_generic(0x10, 0x3, 0x10) ioctl$VIDIOC_QUERYMENU(0xffffffffffffffff, 0xc02c5625, &(0x7f0000000180)={0x8000, 0xc5f7, @name="ac2ad54970138065d4b1a10a14b7e65642722c3da99ba40f000026e78ffc1e0a"}) r3 = add_key$user(&(0x7f00000001c0), &(0x7f00000002c0)={'syz', 0x1}, &(0x7f0000000480)="fef0eda8c799a4a0c3cb5b0006020000009b7a000100e83ac55324dcd8bcb9ecf3e2a4b6f6c7d9", 0x27, 0xfffffffffffffffe) r4 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r4, r4, r3}, &(0x7f00000000c0)=""/83, 0x53, 0x0) 2.392031247s ago: executing program 2 (id=430): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_udp_encap(r0, 0x11, 0x68, &(0x7f0000000040)=0x2, 0x4) close(0x3) 2.280707497s ago: executing program 2 (id=432): prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, 0x0}}], 0x1, 0x2040000, 0x0) 2.183868232s ago: executing program 3 (id=435): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x38, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}]}]}, 0x38}}, 0x20040850) 2.138589838s ago: executing program 2 (id=436): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'syz_tun\x00', 0x0}) bind$packet(r0, &(0x7f0000000300)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @remote}, 0x14) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r2, 0x1, 0x3c, &(0x7f0000000000)=0x1, 0x4) r3 = socket(0x11, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000200)={'syz_tun\x00', 0x0}) sendmmsg$inet(r2, &(0x7f0000006180)=[{{&(0x7f00000000c0)={0x2, 0x4e24, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000002240)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r4, @dev={0xac, 0x14, 0x14, 0x40}, @private=0xa010102}}}], 0x20}}], 0x1, 0x4000800) 2.084139325s ago: executing program 3 (id=437): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0100, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'\x00', 0x2}) ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f0000000300)=ANY=[@ANYBLOB="006a3cb26fe85aa0e47ebffabed02e6d4077a8cdb5ab5f496730ceea42bdd254b9378e1a7ae531f3edd8fee15883a6923f61bce33f60d8"]) 1.732095904s ago: executing program 1 (id=441): r0 = syz_open_dev$media(&(0x7f0000001a80), 0x3, 0x0) ioctl$MEDIA_IOC_ENUM_LINKS(r0, 0xc0287c02, &(0x7f0000000940)={0x80000000, &(0x7f0000000340)=[{}, {0x80000000}], 0x0}) ioctl$MEDIA_IOC_SETUP_LINK(r0, 0xc0347c03, &(0x7f000000a300)={{r1, 0x0, 0x0, [0x0, 0x8]}, {0x80000000, 0x0, 0x0, [0x1, 0xfffffff9]}, 0x1}) 1.69181983s ago: executing program 1 (id=442): madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r1, 0x0) write$binfmt_script(r1, &(0x7f0000000140)={'#! ', './file0'}, 0xb) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) 953.34283ms ago: executing program 0 (id=443): r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r0, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4) r1 = socket$inet6(0xa, 0x5, 0x0) bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) bind$inet6(r0, &(0x7f0000000140)={0xa, 0xce20, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2e}}}, 0x1c) 764.012723ms ago: executing program 2 (id=444): r0 = socket$unix(0x1, 0x5, 0x0) r1 = socket$kcm(0x23, 0x5, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) listen(r1, 0x800) r3 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="1c0000f500000000000000862dfdff000000", @ANYRES64=r0], 0x78) 763.788599ms ago: executing program 0 (id=445): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_SWAP(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x34, 0x6, 0x6, 0x201, 0x0, 0x0, {0x1b5183713dbb9f22, 0x0, 0x3}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x20008064}, 0x4000000) 763.673726ms ago: executing program 1 (id=446): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x400000001, &(0x7f0000000300)={0xffffffffffffffff}, 0x13f, 0x9}}, 0x20) write$RDMA_USER_CM_CMD_NOTIFY(r0, &(0x7f0000000280)={0xf, 0x8, 0xfa00, {r1, 0x4}}, 0x10) 701.65587ms ago: executing program 1 (id=447): r0 = fsopen(&(0x7f00000001c0)='bpf\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x1, 0x0) fchdir(r1) file_setattr(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', &(0x7f00000003c0)={0xc020, 0x1, 0x0, 0x8, 0x653c}, 0x18, 0x100) 680.99585ms ago: executing program 3 (id=448): r0 = socket$packet(0x11, 0x3, 0x300) sendmmsg(r0, &(0x7f0000000580)=[{{&(0x7f0000000700)=@tipc=@name={0x1e, 0x2, 0x0, {{0x40, 0x1}, 0x1}}, 0x80, &(0x7f0000001d40)=[{&(0x7f0000001880)="b77aabb283be41c458eba609ea0c94", 0xf}], 0x1}}, {{&(0x7f0000000280)=@qipcrtr={0x2a, 0x4, 0x4001}, 0x80, 0x0, 0x0, &(0x7f0000004f00)=ANY=[@ANYBLOB="d000000000"], 0x14c8}}], 0x2, 0x0) 568.09953ms ago: executing program 0 (id=449): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000004a40)={0xc, 0x0, &(0x7f00000049c0)=[@free_buffer], 0x0, 0x0, 0x0}) 533.823354ms ago: executing program 3 (id=450): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)={0x1, &(0x7f0000000000)=[{0x6, 0xf, 0x0, 0x7fff8000}]}) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x4, 0x0, 0x0, 0x2) 518.780576ms ago: executing program 0 (id=451): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) socket(0x2, 0x80805, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) close(0x3) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f0000000180)=[@in={0x2, 0x4e23, @rand_addr=0x64010180}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x7a, &(0x7f0000000340)={r2, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84) setsockopt(r0, 0x84, 0x80, &(0x7f00000002c0)="1a00000002000000", 0x8) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r0, 0x84, 0x5, &(0x7f0000005400)={r3, @in={{0x2, 0x4e23, @remote}}}, 0x84) 400.512218ms ago: executing program 1 (id=452): r0 = syz_open_dev$vim2m(&(0x7f0000000580), 0x0, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000600)={0x2, @raw_data="1a27af7a10dd77b99f2ffe8a88a7c47f7665342343c9a0f33f09bae9a9cf22bb43052b46ac41dc36ed87a90b99c942e2b14d0d24fd34c58f0825825689903bf3793a4b8c1abe494c017e6fe13aae89ef60cc73cecc1abe988c513c79c50b817f180dc64f13416db34102df03b8e530fd2844744ed9ed82ae49803efe76ada296147f39236fd57bed15ecc5fd5db0576248026b7960b9baa04534c9de8e2462ea99881509e95d7fdbb4996490b41e9b5147755db6d496667d60e200"}) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000100)={0x410001, 0x2, 0x4}) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000140)=0x2) 400.264981ms ago: executing program 0 (id=453): r0 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401) ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000300)=@urb_type_iso={0x0, {0x1, 0x1}, 0xfffc, 0x0, 0x0, 0x0, 0xfffffffe, 0x5c0, 0x0, 0x10000, 0x1, 0x0}) 390.346827ms ago: executing program 3 (id=454): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r0, 0x7, &(0x7f0000001140)={0x1, 0x1, 0xfe5, 0x9}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r1, 0x26, &(0x7f0000000040)={0x1, 0x1, 0x5, 0x8000000a}) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r2, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) 321.212333ms ago: executing program 0 (id=455): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DREG={0x8, 0x1, 0x1, 0x0, 0xf5ffffff}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0) 251.984485ms ago: executing program 3 (id=456): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) shmget(0x1, 0x4000, 0xa20, &(0x7f0000ffb000/0x4000)=nil) ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, &(0x7f0000000000)={0x0, 0x834, 0x1, [0x2, 0x8, 0x0, 0x6, 0xf], [0x109, 0x81, 0x0, 0x0, 0x6, 0x3, 0x81, 0xe4, 0x5f1, 0xff, 0x3, 0x1, 0xffffffff, 0x6, 0x4, 0xffffffff, 0x9, 0x4, 0x7, 0x7, 0x6, 0x6, 0x2, 0xe15, 0xad, 0xfffffffffffffffe, 0x6, 0xcdd7, 0x2, 0x7, 0x0, 0x3ff, 0x1, 0x9, 0x7, 0x80000000, 0x8, 0x6, 0x4d1f, 0x9, 0xfffffffffffffff0, 0x0, 0x1000000000000000, 0x5c, 0x6, 0x3ff, 0xa, 0x0, 0x4, 0xffffffffffffffff, 0x8, 0x2, 0x6, 0x1, 0x5, 0x80, 0x0, 0x9, 0x3ff, 0x8, 0x7fffffff, 0x8, 0x0, 0x9, 0x2, 0x1, 0x3147, 0x79c, 0x9, 0x4, 0xa18, 0x1, 0x6, 0x8, 0x1, 0x9, 0x4, 0x0, 0xfffffffffffffffa, 0xbf0b72b, 0x18, 0x4, 0x93f8, 0xffff, 0x800, 0xa06a, 0x2, 0x0, 0x461e, 0xb05, 0x3, 0x1, 0x4, 0x7, 0xfffffffffffffff8, 0x8, 0x2, 0xfffffffffffffff7, 0x6, 0x4, 0x0, 0x1, 0x22f, 0x6, 0x3, 0x0, 0x800, 0xfffffffffffffff6, 0x800000000, 0xf42b, 0x75, 0x3, 0x9, 0x1, 0xf0, 0x6, 0x8001, 0x7, 0x6, 0x8, 0xaf]}) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r3, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) listen(r3, 0x90004) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e130100c90001"], 0x16) accept(r3, &(0x7f0000000280)=@can, 0x0) 0s ago: executing program 1 (id=457): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000002c0)={0x58, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x13, 0x3, 'hash:net,iface\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x58}}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.160' (ED25519) to the list of known hosts. [ 72.337781][ T5599] cgroup: Unknown subsys name 'net' [ 72.588840][ T5599] cgroup: Unknown subsys name 'cpuset' [ 72.635240][ T5599] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 74.260460][ T5599] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 76.488468][ T5611] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 76.491993][ T5611] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 76.493898][ T5611] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 76.521343][ T5611] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 76.526942][ T5611] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 76.591622][ T61] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 76.615694][ T61] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 76.618563][ T61] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 76.620362][ T61] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 76.621110][ T61] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 76.720712][ T5611] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 76.730241][ T5611] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 76.753486][ T5617] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 76.755953][ T5617] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 76.756643][ T5611] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 76.768323][ T5617] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 76.775966][ T5617] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 76.784164][ T5617] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 76.787301][ T5617] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 76.789407][ T61] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 78.391870][ T5610] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.393058][ T5610] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.393214][ T5610] bridge_slave_0: entered allmulticast mode [ 78.396350][ T5610] bridge_slave_0: entered promiscuous mode [ 78.436916][ T5610] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.437126][ T5610] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.437444][ T5610] bridge_slave_1: entered allmulticast mode [ 78.439253][ T5610] bridge_slave_1: entered promiscuous mode [ 78.571734][ T5610] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.616051][ T5610] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.616390][ T5614] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.616598][ T5614] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.616732][ T5614] bridge_slave_0: entered allmulticast mode [ 78.618598][ T5614] bridge_slave_0: entered promiscuous mode [ 78.626175][ T5622] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.626455][ T5622] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.626675][ T5622] bridge_slave_0: entered allmulticast mode [ 78.629799][ T5622] bridge_slave_0: entered promiscuous mode [ 78.655888][ T61] Bluetooth: hci0: command tx timeout [ 78.669778][ T5614] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.670075][ T5614] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.670299][ T5614] bridge_slave_1: entered allmulticast mode [ 78.673967][ T5614] bridge_slave_1: entered promiscuous mode [ 78.678962][ T5622] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.679633][ T5622] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.679859][ T5622] bridge_slave_1: entered allmulticast mode [ 78.683059][ T5622] bridge_slave_1: entered promiscuous mode [ 78.734691][ T61] Bluetooth: hci1: command tx timeout [ 78.780737][ T5610] team0: Port device team_slave_0 added [ 78.811281][ T5619] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.811648][ T5619] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.811849][ T5619] bridge_slave_0: entered allmulticast mode [ 78.813662][ T5619] bridge_slave_0: entered promiscuous mode [ 78.822327][ T5610] team0: Port device team_slave_1 added [ 78.828891][ T5614] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.840242][ T5622] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.840671][ T5619] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.840967][ T5619] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.841183][ T5619] bridge_slave_1: entered allmulticast mode [ 78.846540][ T5619] bridge_slave_1: entered promiscuous mode [ 78.880313][ T5614] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.887033][ T5622] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.894717][ T61] Bluetooth: hci3: command tx timeout [ 78.894829][ T61] Bluetooth: hci2: command tx timeout [ 79.150180][ T5610] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.150193][ T5610] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.150207][ T5610] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.203100][ T5619] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.205628][ T5610] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.205641][ T5610] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.205665][ T5610] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.210182][ T5614] team0: Port device team_slave_0 added [ 79.215654][ T5622] team0: Port device team_slave_0 added [ 79.225229][ T5619] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.248242][ T5614] team0: Port device team_slave_1 added [ 79.252494][ T5622] team0: Port device team_slave_1 added [ 79.367910][ T5619] team0: Port device team_slave_0 added [ 79.386233][ T5614] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.386244][ T5614] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.386259][ T5614] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.388002][ T5622] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.388010][ T5622] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.388025][ T5622] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.391661][ T5619] team0: Port device team_slave_1 added [ 79.416557][ T5614] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.416572][ T5614] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.416596][ T5614] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.419500][ T5622] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.419511][ T5622] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.419535][ T5622] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.458391][ T5610] hsr_slave_0: entered promiscuous mode [ 79.460544][ T5610] hsr_slave_1: entered promiscuous mode [ 79.536882][ T5619] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.536898][ T5619] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.536922][ T5619] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.550331][ T5619] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.550346][ T5619] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.550370][ T5619] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.706679][ T5614] hsr_slave_0: entered promiscuous mode [ 79.707900][ T5614] hsr_slave_1: entered promiscuous mode [ 79.709059][ T5614] debugfs: 'hsr0' already exists in 'hsr' [ 79.709140][ T5614] Cannot create hsr debugfs directory [ 79.716869][ T5622] hsr_slave_0: entered promiscuous mode [ 79.718894][ T5622] hsr_slave_1: entered promiscuous mode [ 79.720929][ T5622] debugfs: 'hsr0' already exists in 'hsr' [ 79.720951][ T5622] Cannot create hsr debugfs directory [ 79.826385][ T5619] hsr_slave_0: entered promiscuous mode [ 79.827583][ T5619] hsr_slave_1: entered promiscuous mode [ 79.828528][ T5619] debugfs: 'hsr0' already exists in 'hsr' [ 79.828551][ T5619] Cannot create hsr debugfs directory [ 80.736063][ T61] Bluetooth: hci0: command tx timeout [ 80.815097][ T61] Bluetooth: hci1: command tx timeout [ 80.857867][ T5610] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 80.905111][ T5610] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 80.911166][ T5610] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 80.938964][ T5610] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 80.953509][ T5610] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 80.975222][ T61] Bluetooth: hci2: command tx timeout [ 80.986642][ T61] Bluetooth: hci3: command tx timeout [ 80.996739][ T5610] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 81.016292][ T5610] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 81.059423][ T5610] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 81.149197][ T5622] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 81.212424][ T5622] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 81.216855][ T5622] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 81.259517][ T5622] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 81.262053][ T5622] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 81.280751][ T5622] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 81.312813][ T5622] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 81.338491][ T5622] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 81.501986][ T5619] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 81.552980][ T956] cfg80211: failed to load regulatory.db [ 81.561612][ T5619] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 81.606347][ T5619] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 81.640516][ T5619] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 81.677956][ T5619] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 81.725244][ T5619] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 81.773029][ T5619] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 81.812808][ T5619] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 81.926782][ T5614] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 81.967943][ T5614] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 81.974008][ T5614] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 82.007722][ T5614] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 82.014382][ T5614] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 82.048604][ T5614] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 82.055948][ T5614] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 82.099226][ T5614] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 82.209113][ T5610] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.289222][ T5610] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.310020][ T5622] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.341407][ T3305] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.341728][ T3305] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.393905][ T68] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.394490][ T68] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.440309][ T5622] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.478390][ T68] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.478898][ T68] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.537989][ T5619] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.559928][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.560062][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.649535][ T5619] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.675410][ T5614] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.696023][ T68] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.696177][ T68] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.759169][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.760028][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.815884][ T61] Bluetooth: hci0: command tx timeout [ 82.851878][ T5614] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.894662][ T61] Bluetooth: hci1: command tx timeout [ 82.934389][ T68] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.936166][ T68] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.010186][ T68] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.010429][ T68] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.061892][ T61] Bluetooth: hci3: command tx timeout [ 83.061909][ T4926] Bluetooth: hci2: command tx timeout [ 83.941159][ T5610] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.027015][ T5622] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.294240][ T5619] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.332650][ T5610] veth0_vlan: entered promiscuous mode [ 84.360846][ T5622] veth0_vlan: entered promiscuous mode [ 84.396719][ T5610] veth1_vlan: entered promiscuous mode [ 84.432599][ T5622] veth1_vlan: entered promiscuous mode [ 84.528314][ T5614] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.570631][ T5619] veth0_vlan: entered promiscuous mode [ 84.596376][ T5610] veth0_macvtap: entered promiscuous mode [ 84.621149][ T5610] veth1_macvtap: entered promiscuous mode [ 84.631517][ T5619] veth1_vlan: entered promiscuous mode [ 84.648148][ T5622] veth0_macvtap: entered promiscuous mode [ 84.693480][ T5622] veth1_macvtap: entered promiscuous mode [ 84.731111][ T5610] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.770747][ T5610] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.786942][ T5622] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.802278][ T5614] veth0_vlan: entered promiscuous mode [ 84.833167][ T5622] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.834344][ T1023] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.848242][ T5619] veth0_macvtap: entered promiscuous mode [ 84.858072][ T1023] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.872447][ T1023] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.883962][ T1023] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.884935][ T5614] veth1_vlan: entered promiscuous mode [ 84.896084][ T61] Bluetooth: hci0: command tx timeout [ 84.910632][ T5619] veth1_macvtap: entered promiscuous mode [ 84.922557][ T1023] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.977874][ T61] Bluetooth: hci1: command tx timeout [ 85.007456][ T1023] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.028040][ T1023] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.040827][ T1023] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.134918][ T61] Bluetooth: hci3: command tx timeout [ 85.136490][ T61] Bluetooth: hci2: command tx timeout [ 85.324173][ T5619] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.623960][ T5619] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.682035][ T1023] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.708217][ T1023] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.710410][ T5614] veth0_macvtap: entered promiscuous mode [ 85.722692][ T1023] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.732764][ T1023] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.745372][ T68] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.745399][ T68] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.781650][ T5614] veth1_macvtap: entered promiscuous mode [ 85.884586][ T68] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.884605][ T68] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.065800][ T3305] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.065816][ T3305] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.172968][ T5614] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.239459][ T5614] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.250787][ T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.250804][ T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.353051][ T1431] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.369523][ T1431] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.386352][ T1431] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.420078][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.420095][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.420794][ T1431] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.624952][ T1415] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.624970][ T1415] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.261831][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.261850][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.675755][ T148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.675775][ T148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.567096][ T5801] syz.0.1 uses obsolete (PF_INET,SOCK_PACKET) [ 89.129396][ T5813] overlayfs: failed to resolve './file0': -2 [ 89.355655][ T10] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 89.644726][ T10] usb 4-1: config 0 has no interfaces? [ 89.644765][ T10] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 89.644788][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 89.710223][ T10] usb 4-1: config 0 descriptor?? [ 90.237402][ T5765] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 90.379237][ T5688] usb 4-1: USB disconnect, device number 2 [ 90.455382][ T5765] usb 3-1: device descriptor read/64, error -71 [ 90.826723][ T5765] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 90.954864][ T5765] usb 3-1: device descriptor read/64, error -71 [ 91.079635][ T5765] usb usb3-port1: attempt power cycle [ 91.576961][ T5765] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 91.611251][ T5765] usb 3-1: device descriptor read/8, error -71 [ 91.856649][ T5765] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 91.880071][ T5765] usb 3-1: device descriptor read/8, error -71 [ 91.995970][ T5765] usb usb3-port1: unable to enumerate USB device [ 95.494142][ T5930] netlink: 'syz.3.62': attribute type 8 has an invalid length. [ 96.202208][ T5959] tmpfs: Bad value for 'mpol' [ 97.553783][ T5979] fuse: Bad value for 'fd' [ 98.957364][ T5983] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 98.957575][ T5983] block device autoloading is deprecated and will be removed. [ 100.806986][ T6045] process 'syz.1.100' launched './file0' with NULL argv: empty string added [ 101.550077][ T38] audit: type=1800 audit(1778972820.023:2): pid=6045 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.100" name="/" dev="fuse" ino=9 res=0 errno=0 [ 102.271088][ T6077] 9p: Bad value for 'port' [ 105.478787][ T6137] tap0: tun_chr_ioctl cmd 1074025692 [ 105.479066][ T6137] tap0: tun_chr_ioctl cmd 1074025675 [ 105.479082][ T6137] tap0: persist enabled [ 105.479333][ T6137] tap0: tun_chr_ioctl cmd 1074025681 [ 111.084448][ T6222] bridge0: port 2(bridge_slave_1) entered disabled state [ 111.124789][ T6222] bridge0: port 1(bridge_slave_0) entered disabled state [ 111.152193][ T6222] bridge0: entered allmulticast mode [ 111.238986][ T6232] bridge_slave_1: left allmulticast mode [ 111.239111][ T6232] bridge_slave_1: left promiscuous mode [ 111.298971][ T6232] bridge0: port 2(bridge_slave_1) entered disabled state [ 111.524310][ T6232] bridge_slave_0: left allmulticast mode [ 111.524342][ T6232] bridge_slave_0: left promiscuous mode [ 111.541863][ T6232] bridge0: port 1(bridge_slave_0) entered disabled state [ 112.786919][ T6273] overlayfs: maximum fs stacking depth exceeded [ 118.328018][ T6444] syz.1.257 (6444) used greatest stack depth: 16640 bytes left [ 118.757860][ T38] audit: type=1800 audit(1778973093.243:3): pid=6454 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.261" name="/" dev="fuse" ino=4 res=0 errno=0 [ 119.039810][ T6486] syzkaller0: entered promiscuous mode [ 119.039853][ T6486] syzkaller0: entered allmulticast mode [ 119.160658][ T6492] netlink: 32 bytes leftover after parsing attributes in process `syz.3.277'. [ 119.161698][ T6492] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 120.067070][ T6517] kernel read not supported for file /file1 (pid: 6517 comm: syz.3.288) [ 120.104161][ T38] audit: type=1800 audit(1778973094.563:4): pid=6517 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.288" name="file1" dev="mqueue" ino=10266 res=0 errno=0 [ 122.375525][ T6565] ======================================================= [ 122.375525][ T6565] WARNING: The mand mount option has been deprecated and [ 122.375525][ T6565] and is ignored by this kernel. Remove the mand [ 122.375525][ T6565] option from the mount to silence this warning. [ 122.375525][ T6565] ======================================================= [ 124.514592][ T6629] mmap: syz.0.331 (6629) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 125.657677][ T6666] CUSE: info not properly terminated [ 125.658307][ T6666] fuse: Unknown parameter 'dont_measure' [ 126.257675][ T6688] netlink: 4 bytes leftover after parsing attributes in process `syz.0.360'. [ 128.405009][ T6726] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 128.915665][ T6736] syzkaller0: entered promiscuous mode [ 128.915683][ T6736] syzkaller0: entered allmulticast mode [ 129.363329][ T6750] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 130.560974][ T6766] syzkaller1: entered promiscuous mode [ 130.561000][ T6766] syzkaller1: entered allmulticast mode [ 131.632871][ T5792] kernel read not supported for file /242/oom_adj (pid: 5792 comm: kworker/0:6) [ 131.750394][ T6786] Zero length message leads to an empty skb [ 131.786515][ T2258] wlan1: BSS 50:50:50:50:50:50 switches to unsupported channel (0 MHz), disconnecting [ 132.798903][ T1335] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.799102][ T1335] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.573066][ T6824] netlink: 16 bytes leftover after parsing attributes in process `syz.0.405'. [ 136.326992][ T6849] binder: BINDER_SET_CONTEXT_MGR already set [ 136.327007][ T6849] binder: 6848:6849 ioctl 4018620d 200000004a80 returned -16 [ 142.691575][ T6951] usb usb1: usbfs: process 6951 (syz.0.453) did not claim interface 0 before use [ 143.492450][ T61] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 143.492578][ T61] CPU: 1 UID: 0 PID: 61 Comm: kworker/u9:0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 143.492619][ T61] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 143.492633][ T61] Workqueue: hci3 hci_rx_work [ 143.492685][ T61] Call Trace: [ 143.492697][ T61] [ 143.492708][ T61] dump_stack_lvl+0xe8/0x150 [ 143.492740][ T61] sysfs_create_dir_ns+0x271/0x2a0 [ 143.492768][ T61] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 143.492799][ T61] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 143.492824][ T61] ? __rcu_read_unlock+0x83/0xe0 [ 143.492858][ T61] ? rt_spin_unlock+0x160/0x200 [ 143.492888][ T61] kobject_add_internal+0x631/0xd10 [ 143.492924][ T61] kobject_add+0x163/0x240 [ 143.492955][ T61] ? __pfx_kobject_add+0x10/0x10 [ 143.492988][ T61] ? get_device_parent+0x370/0x3a0 [ 143.493023][ T61] device_add+0x408/0xb90 [ 143.493056][ T61] hci_conn_add_sysfs+0xd5/0x210 [ 143.493088][ T61] le_conn_[ 143.493088][ T61] le_conn_complete_evt+0x10e6/0x16b0 [ 143.493124][ T61] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 143.493149][ T61] ? lockdep_hardirqs_on+0x7a/0x110 [ 143.493182][ T61] ? irqentry_exit+0x218/0x760 [ 143.493201][ T61] ? rcu_is_watching+0x15/0xb0 [ 143.493229][ T61] ? skb_pull_data+0xfb/0x200 [ 143.493256][ T61] hci_le_conn_complete_evt+0x187/0x470 [ 143.493289][ T61] hci_event_packet+0x659/0xef0 [ 143.493329][ T61] ? __pfx____migrate_enable+0x10/0x10 [ 143.493360][ T61] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 143.493383][ T61] ? __pfx_hci_event_packet+0x10/0x10 [ 143.493419][ T61] ? preempt_schedule_common+0x82/0xd0 [ 143.493451][ T61] ? preempt_schedule_thunk+0x16/0x40 [ 143.493489][ T61] ? hci_send_to_monitor+0xe2/0x590 [ 143.493520][ T61] hci_rx_work+0x3ee/0x1040 [ 143.493555][ T61] ? preempt_schedule_thunk+0x16/0x40 [ 143.493593][ T61] ? process_one_work+0x8be/0x1630 [ 143.493627][ T61] process_one_work+0x98b/0x1630 [ 143.493677][ T61] ? __pfx_process_one_work+0x10/0x10 [ 143.493703][ T61] ? do_raw_spin_lock+0x12b/0x2f0 [ 143.493751][ T61] worker_thread+0xb49/0x1140 [ 143.493808][ T61] kthread+0x388/0x470 [ 143.493832][ T61] ? __pfx_worker_thread+0x10/0x10 [ 143.493869][ T61] ? __pfx_kthread+0x10/0x10 [ 143.493892][ T61] ret_from_fork+0x514/0xb70 [ 143.493921][ T61] ? __pfx_ret_from_fork+0x10/0x10 [ 143.493946][ T61] ? __switch_to+0xc79/0x1410 [ 143.493983][ T61] ? __pfx_kthread+0x10/0x10 [ 143.494007][ T61] ret_from_fork_asm+0x1a/0x30 [ 143.494061][ T61] [ 143.497949][ T61] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 143.498232][ T61] Bluetooth: hci3: failed to register connection device [ 143.711458][ T61] ================================================================== [ 143.711475][ T61] BUG: KASAN: slab-use-after-free in l2cap_sock_new_connection_cb+0x208/0x2f0 [ 143.711518][ T61] Read of size 8 at addr ffff888028c5c7b0 by task kworker/u9:0/61 [ 143.711537][ T61] [ 143.711548][ T61] CPU: 1 UID: 0 PID: 61 Comm: kworker/u9:0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 143.711573][ T61] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 143.711587][ T61] Workqueue: hci3 hci_rx_work [ 143.711620][ T61] Call Trace: [ 143.711628][ T61] [ 143.711637][ T61] dump_stack_lvl+0xe8/0x150 [ 143.711672][ T61] print_address_description+0x55/0x1e0 [ 143.711701][ T61] ? l2cap_sock_new_connection_cb+0x208/0x2f0 [ 143.711732][ T61] print_report+0x58/0x70 [ 143.711757][ T61] kasan_report+0x117/0x150 [ 143.711788][ T61] ? l2cap_sock_new_connection_cb+0x208/0x2f0 [ 143.711823][ T61] l2cap_sock_new_connection_cb+0x208/0x2f0 [ 143.711855][ T61] l2cap_connect_cfm+0x368/0x1560 [ 143.711886][ T61] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 143.711915][ T61] ? _raw_spin_unlock_irqrestore+0x74/0x80 [ 143.711947][ T61] ? mutex_lock_nested+0x152/0x1d0 [ 143.711972][ T61] ? hci_connect_cfm+0x2c/0x140 [ 143.711995][ T61] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 143.712022][ T61] hci_connect_cfm+0x95/0x140 [ 143.712046][ T61] le_conn_complete_evt+0x1134/0x16b0 [ 143.712075][ T61] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 143.712100][ T61] ? lockdep_hardirqs_on+0x7a/0x110 [ 143.712131][ T61] ? irqentry_exit+0x218/0x760 [ 143.712149][ T61] ? rcu_is_watching+0x15/0xb0 [ 143.712173][ T61] ? skb_pull_data+0xfb/0x200 [ 143.712196][ T61] hci_le_conn_complete_evt+0x187/0x470 [ 143.712223][ T61] hci_event_packet+0x659/0xef0 [ 143.712258][ T61] ? __pfx____migrate_enable+0x10/0x10 [ 143.712289][ T61] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 143.712311][ T61] ? __pfx_hci_event_packet+0x10/0x10 [ 143.712342][ T61] ? preempt_schedule_common+0x82/0xd0 [ 143.712373][ T61] ? preempt_schedule_thunk+0x16/0x40 [ 143.712406][ T61] ? hci_send_to_monitor+0xe2/0x590 [ 143.712434][ T61] hci_rx_work+0x3ee/0x1040 [ 143.712466][ T61] ? preempt_schedule_thunk+0x16/0x40 [ 143.712499][ T61] ? process_one_work+0x8be/0x1630 [ 143.712525][ T61] process_one_work+0x98b/0x1630 [ 143.712561][ T61] ? __pfx_process_one_work+0x10/0x10 [ 143.712586][ T61] ? do_raw_spin_lock+0x12b/0x2f0 [ 143.712623][ T61] worker_thread+0xb49/0x1140 [ 143.712667][ T61] kthread+0x388/0x470 [ 143.712688][ T61] ? __pfx_worker_thread+0x10/0x10 [ 143.712715][ T61] ? __pfx_kthread+0x10/0x10 [ 143.712736][ T61] ret_from_fork+0x514/0xb70 [ 143.712761][ T61] ? __pfx_ret_from_fork+0x10/0x10 [ 143.712785][ T61] ? __switch_to+0xc79/0x1410 [ 143.712818][ T61] ? __pfx_kthread+0x10/0x10 [ 143.712838][ T61] ret_from_fork_asm+0x1a/0x30 [ 143.712873][ T61] [ 143.712881][ T61] [ 143.712886][ T61] Allocated by task 61: [ 143.712896][ T61] kasan_save_track+0x3e/0x80 [ 143.712921][ T61] __kasan_kmalloc+0x93/0xb0 [ 143.712946][ T61] __kmalloc_noprof+0x3e7/0x7b0 [ 143.712972][ T61] sk_prot_alloc+0xe7/0x210 [ 143.712998][ T61] sk_alloc+0x3a/0x390 [ 143.713023][ T61] bt_sock_alloc+0x3b/0x310 [ 143.713042][ T61] l2cap_sock_new_connection_cb+0xf1/0x2f0 [ 143.713071][ T61] l2cap_connect_cfm+0x368/0x1560 [ 143.713095][ T61] hci_connect_cfm+0x95/0x140 [ 143.713115][ T61] le_conn_complete_evt+0x1134/0x16b0 [ 143.713139][ T61] hci_le_conn_complete_evt+0x187/0x470 [ 143.713160][ T61] hci_event_packet+0x659/0xef0 [ 143.713187][ T61] hci_rx_work+0x3ee/0x1040 [ 143.713215][ T61] process_one_work+0x98b/0x1630 [ 143.713239][ T61] worker_thread+0xb49/0x1140 [ 143.713265][ T61] kthread+0x388/0x470 [ 143.713282][ T61] ret_from_fork+0x514/0xb70 [ 143.713302][ T61] ret_from_fork_asm+0x1a/0x30 [ 143.713327][ T61] [ 143.713332][ T61] Freed by task 6964: [ 143.713341][ T61] kasan_save_track+0x3e/0x80 [ 143.713365][ T61] kasan_save_free_info+0x46/0x50 [ 143.713384][ T61] __kasan_slab_free+0x5c/0x80 [ 143.713409][ T61] kfree+0x1c5/0x6c0 [ 143.713431][ T61] __sk_destruct+0x74b/0x9d0 [ 143.713457][ T61] l2cap_sock_cleanup_listen+0xe0/0x440 [ 143.713484][ T61] l2cap_sock_release+0x6e/0x270 [ 143.713509][ T61] __sock_release+0xb9/0x250 [ 143.713528][ T61] sock_close+0x1c/0x30 [ 143.713546][ T61] __fput+0x461/0xa70 [ 143.713567][ T61] task_work_run+0x1d9/0x270 [ 143.713587][ T61] get_signal+0x11eb/0x1330 [ 143.713611][ T61] arch_do_signal_or_restart+0xbc/0x840 [ 143.713630][ T61] exit_to_user_mode_loop+0x8c/0x4d0 [ 143.713665][ T61] do_syscall_64+0x33e/0xf80 [ 143.713683][ T61] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 143.713702][ T61] [ 143.713707][ T61] The buggy address belongs to the object at ffff888028c5c000 [ 143.713707][ T61] which belongs to the cache kmalloc-2k of size 2048 [ 143.713725][ T61] The buggy address is located 1968 bytes inside of [ 143.713725][ T61] freed 2048-byte region [ffff888028c5c000, ffff888028c5c800) [ 143.713747][ T61] [ 143.713752][ T61] The buggy address belongs to the physical page: [ 143.713768][ T61] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x28c58 [ 143.713788][ T61] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 143.713805][ T61] flags: 0x80000000000040(head|node=0|zone=1) [ 143.713827][ T61] page_type: f5(slab) [ 143.713848][ T61] raw: 0080000000000040 ffff88813fea2000 dead000000000100 dead000000000122 [ 143.713866][ T61] raw: 0000000000000000 0000000800080008 00000000f5000000 0000000000000000 [ 143.713887][ T61] head: 0080000000000040 ffff88813fea2000 dead000000000100 dead000000000122 [ 143.713905][ T61] head: 0000000000000000 0000000800080008 00000000f5000000 0000000000000000 [ 143.713924][ T61] head: 0080000000000003 fffffffffffffe01 00000000ffffffff 00000000ffffffff [ 143.713942][ T61] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008 [ 143.713953][ T61] page dumped because: kasan: bad access detected [ 143.713964][ T61] page_owner tracks the page as allocated [ 143.713971][ T61] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 7745189080, free_ts 0 [ 143.714006][ T61] post_alloc_hook+0x1f9/0x250 [ 143.714031][ T61] get_page_from_freelist+0x27d6/0x2850 [ 143.714061][ T61] __alloc_frozen_pages_noprof+0x18d/0x380 [ 143.714090][ T61] allocate_slab+0x74/0x5e0 [ 143.714110][ T61] refill_objects+0x33c/0x3d0 [ 143.714128][ T61] __pcs_replace_empty_main+0x373/0x720 [ 143.714150][ T61] __kmalloc_node_track_caller_noprof+0x60b/0x7e0 [ 143.714178][ T61] __alloc_skb+0x2c1/0x7d0 [ 143.714202][ T61] rtmsg_ifinfo_build_skb+0x84/0x260 [ 143.714223][ T61] rtmsg_ifinfo+0x8c/0x1a0 [ 143.714242][ T61] register_netdevice+0x1b07/0x1f10 [ 143.714271][ T61] virtnet_probe+0x2eec/0x47f0 [ 143.714293][ T61] virtio_dev_probe+0xd93/0x1050 [ 143.714316][ T61] really_probe+0x267/0xaf0 [ 143.714345][ T61] __driver_probe_device+0x1e2/0x350 [ 143.714373][ T61] driver_probe_device+0x4f/0x240 [ 143.714402][ T61] page_owner free stack trace missing [ 143.714415][ T61] [ 143.714420][ T61] Memory state around the buggy address: [ 143.714430][ T61] ffff888028c5c680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 143.714444][ T61] ffff888028c5c700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 143.714459][ T61] >ffff888028c5c780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 143.714469][ T61] ^ [ 143.714484][ T61] ffff888028c5c800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 143.714497][ T61] ffff888028c5c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 143.714506][ T61] ================================================================== [ 143.714549][ T61] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 143.714566][ T61] CPU: 1 UID: 0 PID: 61 Comm: kworker/u9:0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 143.714590][ T61] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 143.714604][ T61] Workqueue: hci3 hci_rx_work [ 143.714635][ T61] Call Trace: [ 143.714643][ T61] [ 143.714657][ T61] vpanic+0x56c/0xa60 [ 143.714690][ T61] ? __pfx_vpanic+0x10/0x10 [ 143.714720][ T61] ? irqentry_exit+0x218/0x760 [ 143.714743][ T61] panic+0xc5/0xd0 [ 143.714771][ T61] ? __pfx_panic+0x10/0x10 [ 143.714800][ T61] ? l2cap_sock_new_connection_cb+0x208/0x2f0 [ 143.714837][ T61] ? l2cap_sock_new_connection_cb+0x208/0x2f0 [ 143.714867][ T61] check_panic_on_warn+0x89/0xb0 [ 143.714890][ T61] ? l2cap_sock_new_connection_cb+0x208/0x2f0 [ 143.714921][ T61] end_report+0x73/0x170 [ 143.714950][ T61] ? l2cap_sock_new_connection_cb+0x208/0x2f0 [ 143.714980][ T61] kasan_report+0x128/0x150 [ 143.715010][ T61] ? l2cap_sock_new_connection_cb+0x208/0x2f0 [ 143.715044][ T61] l2cap_sock_new_connection_cb+0x208/0x2f0 [ 143.715077][ T61] l2cap_connect_cfm+0x368/0x1560 [ 143.715108][ T61] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 143.715136][ T61] ? _raw_spin_unlock_irqrestore+0x74/0x80 [ 143.715168][ T61] ? mutex_lock_nested+0x152/0x1d0 [ 143.715193][ T61] ? hci_connect_cfm+0x2c/0x140 [ 143.715215][ T61] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 143.715243][ T61] hci_connect_cfm+0x95/0x140 [ 143.715267][ T61] le_conn_complete_evt+0x1134/0x16b0 [ 143.715296][ T61] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 143.715321][ T61] ? lockdep_hardirqs_on+0x7a/0x110 [ 143.715352][ T61] ? irqentry_exit+0x218/0x760 [ 143.715370][ T61] ? rcu_is_watching+0x15/0xb0 [ 143.715394][ T61] ? skb_pull_data+0xfb/0x200 [ 143.715417][ T61] hci_le_conn_complete_evt+0x187/0x470 [ 143.715444][ T61] hci_event_packet+0x659/0xef0 [ 143.715477][ T61] ? __pfx____migrate_enable+0x10/0x10 [ 143.715508][ T61] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 143.715530][ T61] ? __pfx_hci_event_packet+0x10/0x10 [ 143.715561][ T61] ? preempt_schedule_common+0x82/0xd0 [ 143.715591][ T61] ? preempt_schedule_thunk+0x16/0x40 [ 143.715625][ T61] ? hci_send_to_monitor+0xe2/0x590 [ 143.715657][ T61] hci_rx_work+0x3ee/0x1040 [ 143.715689][ T61] ? preempt_schedule_thunk+0x16/0x40 [ 143.715723][ T61] ? process_one_work+0x8be/0x1630 [ 143.715750][ T61] process_one_work+0x98b/0x1630 [ 143.715786][ T61] ? __pfx_process_one_work+0x10/0x10 [ 143.715812][ T61] ? do_raw_spin_lock+0x12b/0x2f0 [ 143.715848][ T61] worker_thread+0xb49/0x1140 [ 143.715887][ T61] kthread+0x388/0x470 [ 143.715908][ T61] ? __pfx_worker_thread+0x10/0x10 [ 143.715935][ T61] ? __pfx_kthread+0x10/0x10 [ 143.715956][ T61] ret_from_fork+0x514/0xb70 [ 143.715981][ T61] ? __pfx_ret_from_fork+0x10/0x10 [ 143.716005][ T61] ? __switch_to+0xc79/0x1410 [ 143.716038][ T61] ? __pfx_kthread+0x10/0x10 [ 143.716059][ T61] ret_from_fork_asm+0x1a/0x30 [ 143.716093][ T61] [ 143.716425][ T61] Kernel Offset: disabled