last executing test programs: 12.528147771s ago: executing program 0 (id=1786): r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000300)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1) 12.279346691s ago: executing program 0 (id=1789): mkdirat(0xffffffffffffff9c, 0x0, 0x0) syz_open_dev$sg(0x0, 0x0, 0x38dd80) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0xc8000) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x24004080) r1 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/rt_acct\x00') connect$pppoe(0xffffffffffffffff, 0x0, 0x0) sendfile(0xffffffffffffffff, r1, 0x0, 0x8) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) open$dir(0x0, 0x101000, 0x94) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4) connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) recvmmsg(r2, &(0x7f00000031c0)=[{{0x0, 0x0, &(0x7f0000000a40)=[{&(0x7f00000008c0)=""/135, 0x87}], 0x1}}, {{0x0, 0x0, 0x0}, 0x2}], 0x2, 0x22, 0x0) 9.005204625s ago: executing program 1 (id=1796): r0 = socket$inet6(0xa, 0x3, 0x5) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000000)=0xffffffc3, 0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="02000000040000000500100001"], 0x48) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) getsockname(r1, &(0x7f0000000040)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x0) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0x20, &(0x7f0000000240)={&(0x7f0000000140)=""/212, 0xd4, 0x0, &(0x7f0000000400)=""/247, 0xf7}}, 0x10) recvmmsg(r0, &(0x7f0000001e80), 0x0, 0x0, &(0x7f0000001f00)={0x77359400}) r2 = socket(0x10, 0x3, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x10, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000021bf0000000000000500000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000f4e2b87601000000000095000000000000007ba0080000000400bf91000000000000b7020000010000008500000084000000b7000000000000009500000000000000"], &(0x7f0000000200)='syzkaller\x00', 0x4}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendto$rxrpc(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000140)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e21, 0xc, @mcast2, 0x5}}, 0x24) r5 = socket(0x10, 0x80002, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r6, &(0x7f0000032680)=""/102392, 0x18ff8) shutdown(0xffffffffffffffff, 0x2) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001440)=ANY=[@ANYBLOB="1c0000005e0021a5553f8c6b23cbff070000e5"], 0x1c}}, 0x0) recvmmsg$unix(r5, &(0x7f0000002380)=[{{0x0, 0x0, &(0x7f0000001340)}}], 0x1, 0x34000, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=@newqdisc={0x38, 0x24, 0xd0f, 0x470bd2d, 0xfffffffd, {0x60, 0x0, 0x0, r7, {0x0, 0xfffb}, {0xfff1, 0xffff}, {0x7, 0xfff3}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x5}]}, 0x38}, 0x1, 0x0, 0x0, 0x24000040}, 0x44080) sendmmsg(r0, &(0x7f0000000280)=[{{&(0x7f0000000340)=@l2tp6={0xa, 0x500, 0x80000, @dev={0xfe, 0x80, '\x00', 0x25}, 0x20000007, 0x1}, 0x1b, 0x0}, 0x5b4}], 0x1, 0x850) socket(0x28, 0x1, 0x0) 8.861764406s ago: executing program 3 (id=1798): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_BINDTODEVICE_wg(r1, 0x1, 0x19, &(0x7f00000003c0)='wg1\x00', 0x4) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) socket$inet6(0xa, 0x2, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000480)={0x24, r4, 0x101, 0x0, 0xfffffff8, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_SSID={0x5, 0x34, @random="c0"}]}, 0x24}, 0x1, 0x0, 0x0, 0x4044015}, 0x48040) sendmsg$NL80211_CMD_DEL_KEY(r0, &(0x7f00000005c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000300)={&(0x7f0000000240)={0x38, 0x0, 0x2, 0x70bd26, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0xfffffff8, 0x7f}}}}, [@NL80211_ATTR_KEY_TYPE={0x8}, @NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xfac01}]}, 0x38}, 0x1, 0x0, 0x0, 0x568c3dd6c88d3891}, 0x1) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000080)={0x32, 0x0, &(0x7f0000000400)=[@increfs], 0xfffffcb0, 0x0, 0x0}) r7 = dup3(r6, r2, 0x0) r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r8, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r8, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000540)={@fd={0x66642a85, 0x0, r7}, @ptr={0x70742a85, 0x0, &(0x7f0000000440)=""/210, 0xd2, 0x1, 0x29}, @ptr={0x70742a85, 0x5, 0x0, 0x0, 0x1}}, &(0x7f0000000600)={0x0, 0x18, 0x40}}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f00000006c0)="04d28058b5784467c8653b87a1f87d65338b1454020a802f9281193011fd0c74dff60b5c210dc156a140e2b78131b04293383f13bc30aed52d2ae624c4e1fe79f9a8dd0ecba22be33f6e4d3e1b0039c1"}) r9 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r9, 0x8933, &(0x7f0000000080)={'wg1\x00'}) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000040)={0x1c, 0x2d, 0x9, 0x70bd27, 0x0, {0x4}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}, 0x1, 0x0, 0x0, 0x24008080}, 0x200c0084) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)={0x38, 0x1, 0x1, 0x801, 0x0, 0x0, {0x2, 0x0, 0x7}, [@CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @private=0xa010100}, {0x8, 0x2, @remote}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000}, 0x4000) 8.237979096s ago: executing program 3 (id=1802): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90) prctl$PR_SET_SECCOMP(0x4e, 0x1, 0x0) 8.197493079s ago: executing program 3 (id=1803): mkdir(0x0, 0x58) r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000001340)) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000180)=0x6f) read$dsp(0xffffffffffffffff, &(0x7f00000002c0)=""/4096, 0x1000) socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0) write$dsp(r0, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000) r1 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x4000000, 0x0, 0x1, 0x10d}, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r1, 0x47ba, 0x0, 0x0, 0x0, 0x0) r4 = creat(0x0, 0x0) io_setup(0x800, &(0x7f0000000500)=0x0) io_submit(r5, 0x2, &(0x7f00000004c0)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x3, 0x0, r4, 0x0, 0x0, 0x0, 0x0, 0x2}, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x47, r4, 0x0, 0x0, 0x5, 0x300, 0x2}]) mount$9p_tcp(&(0x7f0000000180), &(0x7f0000002500)='./file0\x00', &(0x7f0000002540), 0x0, &(0x7f00000000c0)={'trans=tcp,', {'port', 0x3d, 0x4e22}, 0x2c, {[], [{@uid_gt}, {@smackfshat={'smackfshat', 0x3d, '127.0.0.1\x00'}}, {@subj_role={'subj_role', 0x3d, 'port'}}, {@fsuuid={'fsuuid', 0x3d, {[0x63, 0x35, 0x39, 0x35, 0x38, 0x38, 0x36, 0x33], 0x2d, [0x54, 0x66, 0x32, 0x37], 0x2d, [0x63, 0x65, 0x33, 0x37], 0x2d, [0x37, 0x38, 0x31, 0x5e], 0x2d, [0x5f, 0x30, 0x64, 0x33, 0x34, 0x39, 0x30, 0x33]}}}, {@appraise_type}, {@obj_type={'obj_type', 0x3d, 'port'}}]}}) 7.792722342s ago: executing program 0 (id=1805): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r1) mount(0x0, 0x0, &(0x7f0000000000)='proc\x00', 0x0, 0x0) r2 = syz_open_procfs(r0, &(0x7f00000001c0)='smaps_rollup\x00') syz_usb_disconnect(0xffffffffffffffff) preadv(r2, &(0x7f00000002c0)=[{&(0x7f0000000100)=""/89, 0x59}], 0x1, 0x7, 0x126) 7.272658794s ago: executing program 2 (id=1807): io_uring_register$IORING_REGISTER_ENABLE_RINGS(0xffffffffffffffff, 0xc, 0xf0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xf, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00}, 0x94) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e23, 0x3, @empty}, 0x1c) socket$netlink(0x10, 0x3, 0x10) socket$netlink(0x10, 0x3, 0x10) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xb}, 0xe) sendmmsg$sock(r2, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x0) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000600)=ANY=[@ANYBLOB="180001000000000000000046f392c378dba3d6ee3ba522563ac9ed377b80bf147ddd5d561e05b78a604876e46303bd00c878c6ca07dc201ed90e00abca586b197c8e8fea1b55459fa83f425f9189bdedda94aae455ae042bd754ab372cea397abda07f38685b8b9ec8eed1b959595282445804ee725e5750e0ca6d481003ad57e60414ba114dc2b077f645b00a24853621e88ace2edfea71f901b095d7b70b2098a8e12d31ee9410cf5ef4f699e450e2276183706b953d16acdb00f96b0aa62ffedf2e2405de00b1be9464f990a7fb37e636a997b675ad8ecaf1e2b5db6802737a0aee20390dd2a63e487bad6e42a9a1cf58ede8d7ab84099f9e555f5a0ae7c69aa611eca807b48c1b1cf55115cdcca417e00850ea8f3c8cafdac78f20871830fbadf7b9cf261aa1bae836fda498613edb22181cee2a18e814a9c55eb24e8209f4f906e44e9381c0116abd54102ef348cd1aa1fed7688507072be74a8721417db6424e6f40d3b7409700"/373], 0x0}, 0x94) socket$packet(0x11, 0x3, 0x300) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={r3, 0x0, 0x25, 0x0, @val=@uprobe_multi={&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)=[0x9, 0x5, 0x6, 0xd24, 0x258, 0x2], &(0x7f0000000440)=[0x3, 0x2, 0x5, 0x3, 0x5], 0x7, 0x6}}, 0x3c) shutdown(r2, 0x1) 7.231264547s ago: executing program 3 (id=1808): sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x5, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = syz_open_dev$MSR(0x0, 0x0, 0x0) read$msr(r0, 0x0, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_BIND_IP(r3, &(0x7f0000000500)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e21, 0x8, @mcast2, 0x2}}}, 0x30) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r4, 0x0, r6, 0x0, 0xf3a, 0x0) timer_settime(r2, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) read$FUSE(r5, &(0x7f0000000980)={0x2020}, 0x2020) sendmsg$NL802154_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x34, 0x0, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}, @NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan3\x00'}, @NL802154_ATTR_EXTENDED_ADDR={0xc, 0x17, {0xaaaaaaaaaaaa0002}}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10) add_key(&(0x7f0000000280)='rxrpc\x00', 0x0, &(0x7f0000000100)="01000000020000000000006bb55a2a630b00c145f94cd977", 0x18, 0xffffffffffffffff) getdents64(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x48050) socket(0x10, 0x3, 0x0) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00'}) 6.917873833s ago: executing program 0 (id=1809): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r4 = accept4(r3, 0x0, 0x0, 0x0) r5 = dup(r4) write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c) read$FUSE(r5, &(0x7f0000000880)={0x2020}, 0x2020) 5.573886121s ago: executing program 2 (id=1810): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000480)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0xff, 0x7fff0010}]}) fstat(r0, &(0x7f0000000100)) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/custom1\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="07000000040000002000", @ANYBLOB, @ANYRES32=0x0, @ANYBLOB='\x00'/15], 0x50) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETOWNER(r3, 0x400454cc, 0xffffffffffffffff) bpf$BPF_GET_MAP_INFO(0x3, &(0x7f00000006c0)={r2, 0x58, &(0x7f0000000100)}, 0x87) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB]) renameat2(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000600)='./file5\x00', 0x2) r4 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r4, &(0x7f00000000c0)={0x1d, r5}, 0x18) userfaultfd(0x400) r6 = mq_open(&(0x7f0000000000)='eth0\x00', 0x42, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r6, &(0x7f0000000080)) r7 = mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x11, 0x0) r8 = syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x41c3, 0x800, 0x0, 0x335}, &(0x7f0000000080)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r9, r10, &(0x7f0000000300)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r6, 0x3, 0x0}) io_uring_enter(r8, 0x47ba, 0x1c5c, 0x20, 0x0, 0xfffffffe) mq_timedsend(r7, 0x0, 0x0, 0x6, 0x0) io_setup(0xfffffbff, &(0x7f0000000080)) 5.360324219s ago: executing program 1 (id=1812): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x0, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="1802000000000000000000000000000085000000170000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000009b00000095"], 0x0, 0xffffffff}, 0x94) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x3, 0xc, &(0x7f0000000000)=ANY=[], &(0x7f0000000080)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000580)="ec00"/14, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 5.289854064s ago: executing program 1 (id=1813): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0) fstat(r0, &(0x7f0000000500)) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/custom1\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="07000000040000002000", @ANYBLOB, @ANYRES32=0x0, @ANYBLOB='\x00'/15], 0x50) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETOWNER(r3, 0x400454cc, 0xffffffffffffffff) bpf$BPF_GET_MAP_INFO(0x3, &(0x7f00000006c0)={r2, 0x58, &(0x7f0000000100)}, 0x87) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB]) renameat2(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000600)='./file5\x00', 0x2) r4 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r4, &(0x7f00000000c0)={0x1d, r5}, 0x18) syz_genetlink_get_family_id$SEG6(0x0, 0xffffffffffffffff) sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x80}, 0x1) userfaultfd(0x400) r6 = mq_open(&(0x7f0000000000)='eth0\x00', 0x42, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r6, &(0x7f0000000080)) r7 = mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x11, 0x0) r8 = syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x41c3, 0x800, 0x0, 0x335}, &(0x7f0000000080)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r9, r10, &(0x7f0000000300)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r6, 0x3, 0x0}) io_uring_enter(r8, 0x47ba, 0x1c5c, 0x20, 0x0, 0xfffffffe) mq_timedsend(r7, 0x0, 0x0, 0x6, 0x0) io_setup(0xfffffbff, &(0x7f0000000080)) 5.270166625s ago: executing program 4 (id=1814): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10) r0 = socket$netlink(0x10, 0x3, 0x4) fcntl$setsig(0xffffffffffffffff, 0xa, 0x13) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) timer_create(0x7, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000280)) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone(0x60001600, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(0xffffffffffffffff, 0x8, r3) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) truncate(&(0x7f0000000040)='./file0\x00', 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 4.320265112s ago: executing program 3 (id=1815): mkdirat(0xffffffffffffff9c, 0x0, 0x0) syz_open_dev$sg(0x0, 0x0, 0x38dd80) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0xc8000) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x24004080) r1 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/rt_acct\x00') connect$pppoe(0xffffffffffffffff, 0x0, 0x0) sendfile(0xffffffffffffffff, r1, 0x0, 0x8) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) open$dir(0x0, 0x101000, 0x94) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4) connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) recvmmsg(r2, &(0x7f00000031c0)=[{{0x0, 0x0, &(0x7f0000000a40)=[{&(0x7f00000008c0)=""/135, 0x87}], 0x1}}, {{0x0, 0x0, &(0x7f0000000d00)}, 0x2}], 0x2, 0x22, 0x0) 4.202699082s ago: executing program 2 (id=1816): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_io_uring_setup(0x3b, 0x0, &(0x7f0000000240)=0x0, &(0x7f0000000100)) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x3, &(0x7f0000000340)=ANY=[@ANYRES8, @ANYRESHEX=r0, @ANYRES16=r1], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x3, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x4040001) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5) ioctl$SG_IO(r2, 0x2285, 0x0) writev(r2, &(0x7f0000000400)=[{0x0}, {&(0x7f0000000040)="aa1d489355d67ea72c6774e253765eda27e0a00000f7fc08fcd111fbdf23ea32db0e8f21d5bc27bd49eb06", 0x2b}], 0x2) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x180, 0x16, 0xa, 0x203, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x14c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x80000001}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x68, 0x3, 0x0, 0x1, [{0x14, 0x1, 'ipvlan0\x00'}, {0x14, 0x1, 'dummy0\x00'}, {0x14, 0x1, 'erspan0\x00'}, {0x14, 0x1, 'batadv_slave_0\x00'}, {0x14, 0x1, 'batadv_slave_1\x00'}]}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x80}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x4}, @NFTA_FLOWTABLE_HOOK_DEVS={0x7c, 0x3, 0x0, 0x1, [{0x14, 0x1, 'team_slave_1\x00'}, {0x14, 0x1, 'dvmrp0\x00'}, {0x14, 0x1, 'bond_slave_0\x00'}, {0x14, 0x1, 'virt_wifi0\x00'}, {0x14, 0x1, 'netdevsim0\x00'}, {0x14, 0x1, 'veth0_to_bridge\x00'}]}, @NFTA_FLOWTABLE_HOOK_DEVS={0x2c, 0x3, 0x0, 0x1, [{0x14, 0x1, 'veth1_to_batadv\x00'}, {0x14, 0x1, 'batadv_slave_1\x00'}]}]}, @NFTA_FLOWTABLE_HOOK={0x14, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}]}]}], {0x14}}, 0x1a8}}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x30, 0x16, 0xa, 0x801, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x4}]}], {0x14}}, 0x58}, 0x1, 0x0, 0x0, 0x4008000}, 0x24040880) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000840), 0x2, 0x0) ioctl$UI_DEV_SETUP(r6, 0x405c5503, &(0x7f0000000280)={{0x5}, 'syz1\x00', 0x10}) r7 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c00000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="00f7ffffff1e00ff130012800b00010062617461647600000400028008000a00", @ANYRES32], 0x3c}}, 0x0) ioctl$UI_DEV_CREATE(r6, 0x5501) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x5, &(0x7f0000006680)) ustat(0x5, &(0x7f0000000000)) ioctl$UI_DEV_DESTROY(r6, 0x5502) 4.124513138s ago: executing program 1 (id=1817): mkdir(&(0x7f0000001e00)='./file0\x00', 0x58) getresuid(&(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)) madvise(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x19) r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000001340)) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000180)=0x6f) r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) read$dsp(r1, &(0x7f00000002c0)=""/4096, 0x1000) r2 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r2, 0x0, 0x0) connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0) write$dsp(r0, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000) r3 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x4000000, 0x0, 0x1, 0x10d}, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r3, 0x47ba, 0x0, 0x0, 0x0, 0x0) 3.820196132s ago: executing program 4 (id=1818): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r0, 0x400448ca, 0x0) ioctl$sock_bt_hci(r0, 0x400448c9, 0x0) 3.664486305s ago: executing program 0 (id=1819): mkdir(0x0, 0x58) r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000001340)) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000180)=0x6f) read$dsp(0xffffffffffffffff, &(0x7f00000002c0)=""/4096, 0x1000) socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e22, @loopback}, 0x2, 0x4}}, 0x26) write$dsp(r0, 0x0, 0x0) r1 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x4000000, 0x0, 0x1, 0x10d}, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r1, 0x47ba, 0x0, 0x0, 0x0, 0x0) r4 = creat(0x0, 0x0) io_setup(0x800, &(0x7f0000000500)=0x0) io_submit(r5, 0x2, &(0x7f00000004c0)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x3, 0x0, r4, 0x0, 0x0, 0x0, 0x0, 0x2}, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x47, r4, 0x0, 0x0, 0x5, 0x300, 0x2}]) mount$9p_tcp(&(0x7f0000000180), &(0x7f0000002500)='./file0\x00', &(0x7f0000002540), 0x0, &(0x7f00000000c0)={'trans=tcp,', {'port', 0x3d, 0x4e22}, 0x2c, {[], [{@uid_gt}, {@smackfshat={'smackfshat', 0x3d, '127.0.0.1\x00'}}, {@subj_role={'subj_role', 0x3d, 'port'}}, {@fsuuid={'fsuuid', 0x3d, {[0x63, 0x35, 0x39, 0x35, 0x38, 0x38, 0x36, 0x33], 0x2d, [0x54, 0x66, 0x32, 0x37], 0x2d, [0x63, 0x65, 0x33, 0x37], 0x2d, [0x37, 0x38, 0x31, 0x5e], 0x2d, [0x5f, 0x30, 0x64, 0x33, 0x34, 0x39, 0x30, 0x33]}}}, {@appraise_type}, {@obj_type={'obj_type', 0x3d, 'port'}}]}}) 3.481789789s ago: executing program 0 (id=1820): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) pipe(0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWCHAIN={0x88, 0x3, 0xa, 0x201, 0x0, 0x0, {0x2, 0x0, 0x9}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_POLICY={0x8, 0x5, 0x1, 0x0, 0xfffffffffffffffe}, @NFTA_CHAIN_COUNTERS={0x58, 0x8, 0x0, 0x1, [@NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x5}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x48}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x2}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x1}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x8}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x4}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0xe}]}, @NFTA_CHAIN_POLICY={0x8, 0x5, 0x1, 0x0, 0xfffffffffffffffe}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}]}, @NFT_MSG_NEWRULE={0x30, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_USERDATA={0x5, 0x7, 0x1, 0x0, '\b'}]}], {0x14, 0x11, 0x1, 0x4}}, 0x10c}, 0x1, 0x0, 0x0, 0x4c899}, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f00000002c0)={'gre0\x00', 0x0}) r4 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r4, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4) setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000200), 0x4) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000006c0)={0x9c, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x44, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x9c}}, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)={0x14, 0x2, 0x1, 0x5, 0x0, 0x0, {0x2, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x20044804}, 0x40040) sendmsg$IPCTNL_MSG_CT_GET_DYING(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x14, 0x6, 0x1, 0x301, 0x0, 0x0, {0xa, 0x0, 0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x2404c031}, 0x20000000) r7 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="340000001400010000000000fbdbdf250a00a1", @ANYRES32=r9, @ANYBLOB="14000100ff05000000000000dfce00000000000108000800026e"], 0x34}}, 0x0) r10 = socket(0x10, 0x803, 0x0) mkdir(&(0x7f00000003c0)='./file0\x00', 0x21) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x1092010, 0x0) sendmsg$nl_route(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3400000015"], 0x34}, 0x1, 0x0, 0x0, 0x41c1}, 0x4040800) prctl$PR_SET_PTRACER(0x59616d61, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r11, 0x1, 0x34, &(0x7f0000000380), 0x26) 3.385399497s ago: executing program 2 (id=1821): io_uring_register$IORING_REGISTER_ENABLE_RINGS(0xffffffffffffffff, 0xc, 0xf0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xf, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00}, 0x94) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e23, 0x3, @empty}, 0x1c) socket$netlink(0x10, 0x3, 0x10) socket$netlink(0x10, 0x3, 0x10) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r2, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xb}, 0xe) sendmmsg$sock(r2, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000600)=ANY=[@ANYBLOB="180001000000000000000046f392c378dba3d6ee3ba522563ac9ed377b80bf147ddd5d561e05b78a604876e46303bd00c878c6ca07dc201ed90e00abca586b197c8e8fea1b55459fa83f425f9189bdedda94aae455ae042bd754ab372cea397abda07f38685b8b9ec8eed1b959595282445804ee725e5750e0ca6d481003ad57e60414ba114dc2b077f645b00a24853621e88ace2edfea71f901b095d7b70b2098a8e12d31ee9410cf5ef4f699e450e2276183706b953d16acdb00f96b0aa62ffedf2e2405de00b1be9464f990a7fb37e636a997b675ad8ecaf1e2b5db6802737a0aee20390dd2a63e487bad6e42a9a1cf58ede8d7ab84099f9e555f5a0ae7c69aa611eca807b48c1b1cf55115cdcca417e00850ea8f3c8cafdac78f20871830fbadf7b9cf261aa1bae836fda498613edb22181cee2a18e814a9c55eb24e8209f4f906e44e9381c0116abd54102ef348cd1aa1fed7688507072be74a8721417db6424e6f40d3b7409700"/373], &(0x7f00000001c0)='syzkaller\x00'}, 0x94) socket$packet(0x11, 0x3, 0x300) bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) shutdown(r2, 0x1) 3.248264738s ago: executing program 1 (id=1822): socket$nl_route(0x10, 0x3, 0x0) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000000400)='.\x00', 0xa4000271) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000080)='cdg\x00', 0x4) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) connect$inet6(r2, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000180)='bbr\x00', 0x4) fsopen(&(0x7f00000000c0)='hfs\x00', 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x1c1341, 0x0) r3 = socket(0x10, 0x803, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r5 = dup(r4) write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c) ioctl$vim2m_VIDIOC_G_FMT(0xffffffffffffffff, 0xc0cc5604, &(0x7f00000003c0)={0x386db4e99dc99fb8, @pix_mp={0xca, 0x5, 0x3231564e, 0x8, 0x5, [{0x2, 0x7}, {0x2, 0x7}, {0x3, 0x9}, {0x0, 0x401}, {0x2, 0xd9}, {0x1, 0x10}, {0x80000000, 0x7}, {0xd0000000, 0xb552}], 0xb, 0x9, 0x2, 0x0, 0x4}}) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r3, 0x89f8, &(0x7f00000004c0)={'sit0\x00', &(0x7f00000002c0)={'syztnl2\x00', 0x0, 0x700, 0x80, 0xd, 0x11, {{0x9, 0x4, 0x1, 0x2, 0x24, 0x64, 0x0, 0x2, 0x5549ca03dbffd6cb, 0x0, @remote, @rand_addr=0x64010100, {[@generic={0x82, 0xd, "caec392d6b0ef1b412848b"}, @noop, @noop]}}}}}) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYRESDEC=r5], 0x1c}}, 0x0) socket$packet(0x11, 0x3, 0x300) socket$inet_smc(0x2b, 0x1, 0x0) r6 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x14d002) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r6, 0xab00, r7) read(r0, 0x0, 0x0) close(r0) 1.642634598s ago: executing program 4 (id=1823): r0 = socket(0x40000000015, 0x5, 0x0) bind$inet(r0, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) sendmsg(r0, &(0x7f0000000200)={&(0x7f0000000040)=@in={0x2, 0x0, @private=0xa010101}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=[{0xc, 0x10a, 0x2}, {0xc, 0x19d, 0x9}], 0x18}, 0x0) 1.293822646s ago: executing program 4 (id=1824): r0 = openat$6lowpan_enable(0xffffff9c, &(0x7f00000001c0), 0x2, 0x0) write$6lowpan_enable(r0, 0x0, 0x0) 1.219997642s ago: executing program 2 (id=1825): socket$inet(0xa, 0x801, 0x84) syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) recvmmsg(r0, &(0x7f0000001640)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000004c0)=""/4096, 0x1e1c}, {&(0x7f00000000c0)=""/250, 0x4}], 0x2, 0x0, 0xd64}}], 0x300, 0x34000, 0x0) sendmsg$ETHTOOL_MSG_TSINFO_GET(r0, 0x0, 0x0) 1.11286798s ago: executing program 4 (id=1826): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000480)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0xff, 0x7fff0010}]}) fstat(r0, &(0x7f0000000100)) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/custom1\x00', 0x802, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="07000000040000002000", @ANYBLOB, @ANYRES32=0x0, @ANYBLOB='\x00'/15], 0x50) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETOWNER(r3, 0x400454cc, 0xffffffffffffffff) bpf$BPF_GET_MAP_INFO(0x3, &(0x7f00000006c0)={r2, 0x58, &(0x7f0000000100)}, 0x87) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB]) renameat2(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000600)='./file5\x00', 0x2) r4 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r4, &(0x7f00000000c0)={0x1d, r5}, 0x18) userfaultfd(0x400) r6 = mq_open(&(0x7f0000000000)='eth0\x00', 0x42, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r6, &(0x7f0000000080)) r7 = mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x11, 0x0) r8 = syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x41c3, 0x800, 0x0, 0x335}, &(0x7f0000000080)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r9, r10, &(0x7f0000000300)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r6, 0x3, 0x0}) io_uring_enter(r8, 0x47ba, 0x1c5c, 0x20, 0x0, 0xfffffffe) mq_timedsend(r7, 0x0, 0x0, 0x6, 0x0) io_setup(0xfffffbff, &(0x7f0000000080)) 1.073293373s ago: executing program 3 (id=1827): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0xc008ae88, 0x0) 153.323708ms ago: executing program 1 (id=1828): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10) r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setsig(r0, 0xa, 0x13) fcntl$setlease(r0, 0x400, 0x0) timer_create(0x7, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f0000000280)) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) syz_clone(0x60001600, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = getpid() fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x2, r2}) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f00000001c0)=0x0) fcntl$setown(r0, 0x8, r3) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) truncate(&(0x7f0000000040)='./file0\x00', 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 607.05µs ago: executing program 2 (id=1829): mkdirat(0xffffffffffffff9c, 0x0, 0x1c0) mkdir(0x0, 0x0) r0 = inotify_init() ftruncate(r0, 0x3) mount$overlay(0x0, 0x0, 0x0, 0x4, &(0x7f00000002c0)={[{@lowerdir={'lowerdir', 0x3d, './bus'}}]}) prctl$PR_GET_TIMERSLACK(0x1e) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x40c0, 0x0) r1 = socket(0x10, 0x3, 0x0) ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r1, 0x80089419, &(0x7f0000000180)) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) r5 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r5, 0x0, 0xc8, &(0x7f0000003d40), 0x4) setsockopt$MRT_ADD_VIF(r5, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10) r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r7 = socket$igmp(0x2, 0x3, 0x2) setsockopt$inet_mreq(r6, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8) syz_emit_ethernet(0x2a, &(0x7f0000000180)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x80, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @echo_reply={0x0, 0x0, 0x0, 0x64, 0xd2}}}}}, 0x0) setsockopt$MRT_ADD_MFC_PROXY(r7, 0x0, 0xd2, &(0x7f0000000200)={@empty, @multicast2=0xe0000300, 0x0, "028a3f6c58b274e6d8451697efe42811ee1df06e9264f7d866b1970548fc3c7b", 0xb2, 0xfffffff7, 0x4, 0x40000006}, 0x3c) 0s ago: executing program 4 (id=1830): mkdir(0x0, 0x58) r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000001340)) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000180)=0x6f) read$dsp(0xffffffffffffffff, &(0x7f00000002c0)=""/4096, 0x1000) socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e22, @loopback}, 0x2, 0x4}}, 0x26) write$dsp(r0, 0x0, 0x0) r1 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x4000000, 0x0, 0x1, 0x10d}, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r1, 0x47ba, 0x0, 0x0, 0x0, 0x0) r4 = creat(0x0, 0x0) io_setup(0x800, &(0x7f0000000500)=0x0) io_submit(r5, 0x2, &(0x7f00000004c0)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x3, 0x0, r4, 0x0, 0x0, 0x0, 0x0, 0x2}, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x47, r4, 0x0, 0x0, 0x5, 0x300, 0x2}]) mount$9p_tcp(&(0x7f0000000180), &(0x7f0000002500)='./file0\x00', &(0x7f0000002540), 0x0, &(0x7f00000000c0)={'trans=tcp,', {'port', 0x3d, 0x4e22}, 0x2c, {[], [{@uid_gt}, {@smackfshat={'smackfshat', 0x3d, '127.0.0.1\x00'}}, {@subj_role={'subj_role', 0x3d, 'port'}}, {@fsuuid={'fsuuid', 0x3d, {[0x63, 0x35, 0x39, 0x35, 0x38, 0x38, 0x36, 0x33], 0x2d, [0x54, 0x66, 0x32, 0x37], 0x2d, [0x63, 0x65, 0x33, 0x37], 0x2d, [0x37, 0x38, 0x31, 0x5e], 0x2d, [0x5f, 0x30, 0x64, 0x33, 0x34, 0x39, 0x30, 0x33]}}}, {@appraise_type}, {@obj_type={'obj_type', 0x3d, 'port'}}]}}) kernel console output (not intermixed with test programs): an0: link becomes ready [ 55.620518][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 55.629096][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 55.637740][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 55.645884][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 55.654403][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 55.665689][ T4196] device veth1_vlan entered promiscuous mode [ 55.681590][ T4183] device veth1_vlan entered promiscuous mode [ 55.689909][ T4191] device veth0_vlan entered promiscuous mode [ 55.746488][ T4183] device veth0_macvtap entered promiscuous mode [ 55.759728][ T906] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 55.768271][ T906] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 55.776198][ T906] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 55.784634][ T906] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 55.793155][ T906] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 55.801746][ T906] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 55.811847][ T906] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 55.820988][ T906] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 55.830359][ T906] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 55.838498][ T906] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 55.845907][ T906] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 55.858142][ T4191] device veth1_vlan entered promiscuous mode [ 55.865209][ T4196] device veth0_macvtap entered promiscuous mode [ 55.885001][ T4196] device veth1_macvtap entered promiscuous mode [ 55.896472][ T4193] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.908080][ T4183] device veth1_macvtap entered promiscuous mode [ 55.934380][ T906] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.964397][ T906] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.967534][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 55.984662][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 55.995723][ T4183] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.006093][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 56.016858][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.027805][ T4183] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.040477][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 56.051421][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 56.059588][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 56.067731][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 56.075509][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 56.083770][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 56.092005][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 56.100951][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 56.109938][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 56.118838][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 56.127684][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 56.136110][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 56.163467][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.172469][ T4183] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.181786][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.185423][ T4183] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.201562][ T4183] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.211256][ T4183] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.222689][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 56.231726][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 56.240518][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 56.249155][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 56.258097][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 56.265766][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 56.276109][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 56.285409][ T4191] device veth0_macvtap entered promiscuous mode [ 56.307292][ T4196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 56.317855][ T4196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.328934][ T4196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 56.339630][ T4196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.351632][ T4196] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.362036][ T4193] device veth0_vlan entered promiscuous mode [ 56.374864][ T4193] device veth1_vlan entered promiscuous mode [ 56.386400][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 56.399578][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 56.412157][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 56.428466][ T4196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 56.441472][ T4196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.452282][ T4196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 56.462956][ T4196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.473961][ T4196] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.485844][ T4191] device veth1_macvtap entered promiscuous mode [ 56.519130][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 56.531742][ T4292] binder_alloc: 4291: binder_alloc_buf, no vma [ 56.551659][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 56.579821][ T4196] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.606560][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #202!!! [ 56.616589][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #202!!! [ 56.626545][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #202!!! [ 56.636551][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #202!!! [ 56.646549][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #202!!! [ 56.656079][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #202!!! [ 56.665070][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #282!!! [ 56.674051][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #282!!! [ 56.683012][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #282!!! [ 56.691989][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #282!!! [ 56.712566][ T4196] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.724968][ T4196] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.734139][ T4196] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.829263][ T4191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 56.880942][ T4191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.896847][ T4191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 56.917010][ T4191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.936743][ T4191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 56.956565][ T4191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.994512][ T4191] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 57.017243][ T13] Bluetooth: hci4: command 0x040f tx timeout [ 57.026647][ T13] Bluetooth: hci1: command 0x040f tx timeout [ 57.034139][ T13] Bluetooth: hci3: command 0x040f tx timeout [ 57.035939][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 57.052451][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 57.072483][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 57.075616][ T13] Bluetooth: hci0: command 0x040f tx timeout [ 57.082056][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 57.092122][ T13] Bluetooth: hci2: command 0x040f tx timeout [ 57.102075][ T4193] device veth0_macvtap entered promiscuous mode [ 57.133377][ T1276] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.136016][ T4191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.141848][ T1276] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.164516][ T4191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.183766][ T4191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.206947][ T4191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.217461][ T4191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.237060][ T4191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.263416][ T4191] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 57.295905][ T4193] device veth1_macvtap entered promiscuous mode [ 57.322770][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 57.334792][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 57.489812][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 57.571885][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 57.586912][ T1276] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 57.633777][ T4191] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.647380][ T4191] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.656192][ T4191] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.666789][ T4191] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.698334][ T4193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.717193][ T4193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.728154][ T4193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.739244][ T4193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.749571][ T4193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.760333][ T4193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.770670][ T4193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.781526][ T4193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.796736][ T4193] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 57.826857][ T906] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 57.846629][ T906] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 57.863607][ T4193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.876213][ T4193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.890910][ T4193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.901581][ T4193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.911757][ T4193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.922332][ T4193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.932778][ T4193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.944036][ T4193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.955741][ T4193] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 57.969269][ T1276] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.978244][ T1276] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.002014][ T906] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 58.007007][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 58.019884][ T906] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.027325][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 58.028033][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 58.050024][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 58.059467][ T4193] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.071516][ T4193] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.080471][ T4193] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.089637][ T4193] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.189228][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 58.205292][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.206839][ T4273] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 58.226035][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 58.228975][ T4273] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.254966][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 58.278098][ T4273] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 58.302530][ T4273] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.446193][ T4273] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 58.555652][ T4273] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 58.569593][ T4305] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 58.678683][ T4273] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.834085][ T4311] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 59.087274][ T4238] Bluetooth: hci3: command 0x0419 tx timeout [ 59.099605][ T4238] Bluetooth: hci1: command 0x0419 tx timeout [ 59.202630][ T4310] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.227545][ T4238] Bluetooth: hci4: command 0x0419 tx timeout [ 59.237938][ T4310] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.249818][ T4310] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 59.289653][ T13] Bluetooth: hci2: command 0x0419 tx timeout [ 59.295841][ T13] Bluetooth: hci0: command 0x0419 tx timeout [ 60.334326][ T4341] tipc: Started in network mode [ 60.353138][ T4341] tipc: Node identity 12672f9ca73f, cluster identity 4711 [ 60.388073][ T4341] tipc: Enabled bearer , priority 0 [ 60.410709][ T4343] binder: 4342:4343 unknown command 0 [ 60.449561][ T4340] tipc: Disabling bearer [ 60.461244][ T4343] binder: 4342:4343 ioctl c0306201 200000000080 returned -22 [ 62.522986][ T4372] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 62.573017][ T4374] binder: 4371:4374 unknown command 0 [ 62.581415][ T4374] binder: 4371:4374 ioctl c0306201 200000000080 returned -22 [ 62.665392][ T4379] device syzkaller0 entered promiscuous mode [ 62.822222][ T4382] tipc: Started in network mode [ 62.828689][ T4382] tipc: Node identity c29e31026798, cluster identity 4711 [ 62.836043][ T4382] tipc: Enabled bearer , priority 0 [ 62.881954][ T4381] tipc: Disabling bearer [ 64.548093][ T4412] binder: 4410:4412 unknown command 0 [ 64.548105][ T4412] binder: 4410:4412 ioctl c0306201 200000000080 returned -22 [ 64.555256][ T4412] binder: BINDER_SET_CONTEXT_MGR already set [ 64.555286][ T4412] binder: 4410:4412 ioctl 4018620d 200000000040 returned -16 [ 65.173120][ T4417] netlink: 84 bytes leftover after parsing attributes in process `syz.0.36'. [ 65.362520][ T4419] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(12) [ 65.369350][ T4419] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 65.399610][ T4400] block nbd0: shutting down sockets [ 65.475275][ T4419] vhci_hcd vhci_hcd.0: Device attached [ 65.674866][ T4424] vhci_hcd: connection closed [ 65.677022][ T144] vhci_hcd: stop threads [ 65.687104][ T144] vhci_hcd: release socket [ 65.692067][ T144] vhci_hcd: disconnect device [ 65.736997][ T4231] usb 37-1: new high-speed USB device number 2 using vhci_hcd [ 65.780578][ T4231] usb 37-1: enqueue for inactive port 0 [ 65.880928][ T4428] device syzkaller0 entered promiscuous mode [ 65.896913][ T4231] vhci_hcd: vhci_device speed not set [ 65.900579][ T4428] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready [ 66.107359][ T4446] tipc: Enabled bearer , priority 0 [ 66.935092][ T4445] tipc: Disabling bearer [ 67.304155][ T4474] syz.1.50 uses obsolete (PF_INET,SOCK_PACKET) [ 70.345257][ T4527] binder: 4526:4527 unknown command 0 [ 70.362605][ T4527] binder: 4526:4527 ioctl c0306201 200000000080 returned -22 [ 70.472426][ T4527] binder: BINDER_SET_CONTEXT_MGR already set [ 70.795035][ T4527] binder: 4526:4527 ioctl 4018620d 200000000040 returned -16 [ 71.254782][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.261351][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 75.082832][ T4591] tipc: Started in network mode [ 75.094146][ T4591] tipc: Node identity 9e6248f6579, cluster identity 4711 [ 75.107479][ T4591] tipc: Enabled bearer , priority 0 [ 75.168363][ T4587] tipc: Disabling bearer [ 75.190195][ T4596] netlink: 4 bytes leftover after parsing attributes in process `syz.3.83'. [ 75.236166][ T4596] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 75.254421][ T4596] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 75.264594][ T4596] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 75.273539][ T4596] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 75.383488][ T4602] binder: 4601:4602 unknown command 0 [ 75.389230][ T4602] binder: 4601:4602 ioctl c0306201 200000000080 returned -22 [ 75.488713][ T4607] comedi comedi3: comedi_test: 20263 microvolt, 2 microsecond waveform attached [ 76.368935][ T23] cfg80211: failed to load regulatory.db [ 77.260300][ T4238] Bluetooth: hci5: command 0x1003 tx timeout [ 77.267450][ T4188] Bluetooth: hci5: sending frame failed (-49) [ 77.511656][ T4633] tipc: Started in network mode [ 77.517239][ T4633] tipc: Node identity 0641fe206b, cluster identity 4711 [ 77.524373][ T4633] tipc: Enabled bearer , priority 0 [ 77.534283][ T4631] tipc: Disabling bearer [ 77.795414][ T4642] binder: 4641:4642 unknown command 0 [ 77.855951][ T4642] binder: 4641:4642 ioctl c0306201 200000000080 returned -22 [ 78.673060][ T26] audit: type=1326 audit(1756339006.715:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4649 comm="syz.2.100" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5cb721fbe9 code=0x0 [ 79.342700][ T1107] Bluetooth: hci5: command 0x1001 tx timeout [ 79.349233][ T4188] Bluetooth: hci5: sending frame failed (-49) [ 79.433629][ T4664] fuse: blksize only supported for fuseblk [ 81.754213][ T4238] Bluetooth: hci5: command 0x1009 tx timeout [ 83.066739][ T4700] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6) [ 83.073275][ T4700] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 83.114245][ T4700] vhci_hcd vhci_hcd.0: Device attached [ 83.376610][ T4231] usb 37-1: new low-speed USB device number 3 using vhci_hcd [ 83.928764][ T4701] vhci_hcd: connection reset by peer [ 83.934454][ T4308] vhci_hcd: stop threads [ 83.964262][ T4308] vhci_hcd: release socket [ 83.983301][ T4308] vhci_hcd: disconnect device [ 85.203306][ T4741] netlink: 830 bytes leftover after parsing attributes in process `syz.4.118'. [ 85.212610][ T4741] device bond_slave_0 entered promiscuous mode [ 85.219041][ T4741] device bond_slave_1 entered promiscuous mode [ 87.259121][ T4224] Bluetooth: hci4: command 0x0411 tx timeout [ 87.358213][ T4775] netlink: 4 bytes leftover after parsing attributes in process `syz.1.127'. [ 88.536649][ T4231] vhci_hcd: vhci_device speed not set [ 90.502381][ T4224] Bluetooth: hci5: command 0x1003 tx timeout [ 90.528502][ T4188] Bluetooth: hci5: sending frame failed (-49) [ 90.734230][ T4811] 9pnet: p9_fd_create_tcp (4811): problem connecting socket to 127.0.0.1 [ 91.897109][ T4838] Zero length message leads to an empty skb [ 92.721004][ T4238] Bluetooth: hci5: command 0x1001 tx timeout [ 92.770372][ T4188] Bluetooth: hci5: sending frame failed (-49) [ 92.841077][ T4850] binder: BINDER_SET_CONTEXT_MGR already set [ 92.847669][ T4850] binder: 4848:4850 ioctl 4018620d 200000000040 returned -16 [ 93.116632][ T4224] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 93.866372][ T4858] ODEBUG: Out of memory. ODEBUG disabled [ 94.136731][ T4224] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 94.233201][ T4224] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 94.264270][ T4224] usb 4-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 94.273636][ T4224] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 94.306934][ T4224] usb 4-1: config 0 descriptor?? [ 94.321197][ T4858] syz.4.154 (4858): drop_caches: 2 [ 94.359717][ T4224] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 94.368695][ T4864] 9pnet: p9_fd_create_tcp (4864): problem connecting socket to 127.0.0.1 [ 94.397074][ T4224] dvb-usb: bulk message failed: -22 (3/0) [ 94.447263][ T4224] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 94.480128][ T4224] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 94.498879][ T4224] usb 4-1: media controller created [ 94.508564][ T4224] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 94.554547][ T4224] dvb-usb: bulk message failed: -22 (6/0) [ 94.569637][ T4224] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 94.619074][ T4224] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input5 [ 96.080485][ T4224] dvb-usb: schedule remote query interval to 150 msecs. [ 96.137819][ T4224] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 96.288528][ T4224] usb 4-1: USB disconnect, device number 2 [ 96.430840][ T4275] Bluetooth: hci5: command 0x1009 tx timeout [ 96.450895][ T7] dvb-usb: bulk message failed: -22 (1/0) [ 96.491789][ T7] dvb-usb: error while querying for an remote control event. [ 96.501906][ T4881] netlink: 120 bytes leftover after parsing attributes in process `syz.4.163'. [ 97.346425][ T4224] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 98.479461][ T4889] nvme_fabrics: missing parameter 'transport=%s' [ 98.587221][ T4889] nvme_fabrics: missing parameter 'nqn=%s' [ 99.738627][ T4190] Bluetooth: hci4: link tx timeout [ 99.744022][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 99.754239][ T4190] Bluetooth: hci4: link tx timeout [ 99.759656][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 99.767792][ T4190] Bluetooth: hci4: link tx timeout [ 99.772935][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 99.781765][ T4190] Bluetooth: hci4: link tx timeout [ 99.786939][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 99.794778][ T4190] Bluetooth: hci4: link tx timeout [ 99.799923][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 99.808194][ T4190] Bluetooth: hci4: link tx timeout [ 99.813331][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 99.822826][ T4190] Bluetooth: hci4: link tx timeout [ 99.828279][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 99.898496][ T4190] Bluetooth: hci4: link tx timeout [ 99.903681][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 99.960021][ T4190] Bluetooth: hci4: link tx timeout [ 99.965170][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 99.973092][ T4190] Bluetooth: hci4: link tx timeout [ 99.978243][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 100.153375][ T4190] Bluetooth: hci4: link tx timeout [ 100.158650][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 100.166918][ T4190] Bluetooth: hci4: link tx timeout [ 100.172105][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 100.180425][ T4190] Bluetooth: hci4: link tx timeout [ 100.386659][ T4913] binder: 4908:4913 ioctl c0306201 0 returned -14 [ 100.398541][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 100.489294][ T4190] Bluetooth: hci4: link tx timeout [ 100.494470][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 100.505808][ T4190] Bluetooth: hci4: link tx timeout [ 100.511087][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 100.525593][ T4190] Bluetooth: hci4: link tx timeout [ 100.530828][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 100.533397][ T4913] binder: BINDER_SET_CONTEXT_MGR already set [ 100.563103][ T4913] binder: 4908:4913 ioctl 4018620d 200000004a80 returned -16 [ 100.570580][ T4190] Bluetooth: hci4: link tx timeout [ 100.575695][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 100.583757][ T4190] Bluetooth: hci4: link tx timeout [ 100.589230][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 100.597140][ T4190] Bluetooth: hci4: link tx timeout [ 100.602247][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 100.610189][ T4190] Bluetooth: hci4: link tx timeout [ 100.615296][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 100.623204][ T4190] Bluetooth: hci4: link tx timeout [ 100.628370][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 101.619817][ T4918] 9pnet: p9_fd_create_tcp (4918): problem connecting socket to 127.0.0.1 [ 101.831393][ T4275] Bluetooth: hci4: command 0x0406 tx timeout [ 102.958846][ T4933] ubi0: attaching mtd0 [ 102.967894][ T4938] device syzkaller0 entered promiscuous mode [ 102.977853][ T4933] ubi0: scanning is finished [ 102.994789][ T4933] ubi0: empty MTD device detected [ 103.070658][ T4933] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 103.078350][ T4933] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 103.085667][ T4933] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 103.093383][ T4933] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 103.111692][ T4933] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 103.185107][ T4933] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 103.235319][ T4933] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 3349782049 [ 103.289541][ T4933] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 103.337736][ T4943] ubi0: background thread "ubi_bgt0d" started, PID 4943 [ 103.338444][ T4939] ubi0: detaching mtd0 [ 103.350313][ T4951] binder: 4950:4951 ioctl c0306201 0 returned -14 [ 103.397851][ T4939] ubi0: mtd0 is detached [ 103.528956][ T4190] Bluetooth: hci4: link tx timeout [ 103.534135][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 103.542484][ T4190] Bluetooth: hci4: link tx timeout [ 103.547775][ T4231] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 103.555335][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 103.563883][ T4190] Bluetooth: hci4: link tx timeout [ 103.569075][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 103.577160][ T4190] Bluetooth: hci4: link tx timeout [ 103.582384][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 103.703601][ T4190] Bluetooth: hci4: link tx timeout [ 103.709448][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 103.717517][ T4190] Bluetooth: hci4: link tx timeout [ 103.722851][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 103.731480][ T4190] Bluetooth: hci4: link tx timeout [ 103.736817][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 103.744711][ T4190] Bluetooth: hci4: link tx timeout [ 103.750006][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 103.757785][ T4190] Bluetooth: hci4: link tx timeout [ 103.762927][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 103.770950][ T4190] Bluetooth: hci4: link tx timeout [ 103.776128][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 103.784817][ T4190] Bluetooth: hci4: link tx timeout [ 103.790002][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 103.799114][ T4190] Bluetooth: hci4: link tx timeout [ 103.804405][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 103.815336][ T4190] Bluetooth: hci4: link tx timeout [ 103.820947][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 103.830156][ T4190] Bluetooth: hci4: link tx timeout [ 103.835921][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 103.982611][ T4190] Bluetooth: hci4: link tx timeout [ 103.987801][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 103.995683][ T4190] Bluetooth: hci4: link tx timeout [ 104.000828][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 104.008963][ T4190] Bluetooth: hci4: link tx timeout [ 104.014428][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 104.022457][ T4190] Bluetooth: hci4: link tx timeout [ 104.027662][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 104.035611][ T4190] Bluetooth: hci4: link tx timeout [ 104.040761][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 104.048742][ T4190] Bluetooth: hci4: link tx timeout [ 104.053864][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 104.062037][ T4190] Bluetooth: hci4: link tx timeout [ 104.067337][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 104.075156][ T4190] Bluetooth: hci4: link tx timeout [ 104.080288][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 104.088279][ T4190] Bluetooth: hci4: link tx timeout [ 104.093401][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 104.101366][ T4190] Bluetooth: hci4: link tx timeout [ 104.106489][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 104.114554][ T4190] Bluetooth: hci4: link tx timeout [ 104.120307][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 104.128221][ T4190] Bluetooth: hci4: link tx timeout [ 104.133325][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 104.141388][ T4190] Bluetooth: hci4: link tx timeout [ 104.146496][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 104.162824][ T4190] Bluetooth: hci4: link tx timeout [ 104.168009][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 104.175758][ T4190] Bluetooth: hci4: link tx timeout [ 104.180946][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 104.189123][ T4190] Bluetooth: hci4: link tx timeout [ 104.194250][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 104.202289][ T4190] Bluetooth: hci4: link tx timeout [ 104.207476][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 104.223147][ T4190] Bluetooth: hci4: link tx timeout [ 104.228351][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 104.237317][ T4190] Bluetooth: hci4: link tx timeout [ 104.242442][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 104.251109][ T4190] Bluetooth: hci4: link tx timeout [ 104.256218][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 104.265125][ T4190] Bluetooth: hci4: link tx timeout [ 104.270341][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 104.279096][ T4190] Bluetooth: hci4: link tx timeout [ 104.284197][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 104.293117][ T4190] Bluetooth: hci4: link tx timeout [ 104.298271][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 104.307311][ T4190] Bluetooth: hci4: link tx timeout [ 104.312418][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 104.322112][ T4231] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 104.334109][ T4190] Bluetooth: hci4: link tx timeout [ 104.339257][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 104.348118][ T4190] Bluetooth: hci4: link tx timeout [ 104.353222][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 104.362113][ T4190] Bluetooth: hci4: link tx timeout [ 104.367277][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 104.375129][ T4190] Bluetooth: hci4: link tx timeout [ 104.380324][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 104.399760][ T4231] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 104.409695][ T4190] Bluetooth: hci4: link tx timeout [ 104.414799][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 104.439907][ T4231] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 104.463200][ T4231] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.507864][ T4949] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 106.510089][ T4976] usb 1-1: USB disconnect, device number 2 [ 106.547832][ T4973] 9pnet: p9_fd_create_tcp (4973): problem connecting socket to 127.0.0.1 [ 106.934480][ T4987] device syzkaller0 entered promiscuous mode [ 108.191992][ T5000] binder: 4999:5000 ioctl c0306201 0 returned -14 [ 108.757142][ T4190] Bluetooth: hci4: link tx timeout [ 108.762323][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 108.771894][ T4190] Bluetooth: hci4: link tx timeout [ 108.777113][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 108.785176][ T4190] Bluetooth: hci4: link tx timeout [ 108.790528][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 108.798454][ T4190] Bluetooth: hci4: link tx timeout [ 108.803570][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 108.814942][ T4190] Bluetooth: hci4: link tx timeout [ 108.820674][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 108.831645][ T4190] Bluetooth: hci4: link tx timeout [ 108.837102][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 108.845832][ T4190] Bluetooth: hci4: link tx timeout [ 108.851254][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 108.859290][ T4190] Bluetooth: hci4: link tx timeout [ 108.864561][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 108.872661][ T4190] Bluetooth: hci4: link tx timeout [ 108.878019][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.040037][ T4190] Bluetooth: hci4: link tx timeout [ 109.045159][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.054062][ T4190] Bluetooth: hci4: link tx timeout [ 109.059245][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.069383][ T4190] Bluetooth: hci4: link tx timeout [ 109.074484][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.082519][ T4190] Bluetooth: hci4: link tx timeout [ 109.087786][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.095666][ T4190] Bluetooth: hci4: link tx timeout [ 109.100808][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.124791][ T4190] Bluetooth: hci4: link tx timeout [ 109.130173][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.138158][ T4190] Bluetooth: hci4: link tx timeout [ 109.138198][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.151487][ T4190] Bluetooth: hci4: link tx timeout [ 109.156785][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.164811][ T4190] Bluetooth: hci4: link tx timeout [ 109.170170][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.178155][ T4190] Bluetooth: hci4: link tx timeout [ 109.183262][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.191556][ T4190] Bluetooth: hci4: link tx timeout [ 109.196679][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.204670][ T4190] Bluetooth: hci4: link tx timeout [ 109.209816][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.218112][ T4190] Bluetooth: hci4: link tx timeout [ 109.223217][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.231186][ T4190] Bluetooth: hci4: link tx timeout [ 109.236558][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.244920][ T4190] Bluetooth: hci4: link tx timeout [ 109.250068][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.266833][ T4190] Bluetooth: hci4: link tx timeout [ 109.271970][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.280139][ T4190] Bluetooth: hci4: link tx timeout [ 109.285249][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.293160][ T4190] Bluetooth: hci4: link tx timeout [ 109.298299][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.306658][ T4190] Bluetooth: hci4: link tx timeout [ 109.311761][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.319717][ T4190] Bluetooth: hci4: link tx timeout [ 109.324826][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.333272][ T4190] Bluetooth: hci4: link tx timeout [ 109.338677][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.346613][ T4190] Bluetooth: hci4: link tx timeout [ 109.351716][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.360142][ T4190] Bluetooth: hci4: link tx timeout [ 109.365242][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.373182][ T4190] Bluetooth: hci4: link tx timeout [ 109.378310][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.388087][ T4190] Bluetooth: hci4: link tx timeout [ 109.393201][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.401157][ T4190] Bluetooth: hci4: link tx timeout [ 109.406262][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.414251][ T4190] Bluetooth: hci4: link tx timeout [ 109.419376][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.427261][ T4190] Bluetooth: hci4: link tx timeout [ 109.432358][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.440216][ T4190] Bluetooth: hci4: link tx timeout [ 109.445570][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.453453][ T4190] Bluetooth: hci4: link tx timeout [ 109.458568][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.466443][ T4190] Bluetooth: hci4: link tx timeout [ 109.471579][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.479529][ T4190] Bluetooth: hci4: link tx timeout [ 109.484735][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.503827][ T4190] Bluetooth: hci4: link tx timeout [ 109.509011][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.517669][ T4190] Bluetooth: hci4: link tx timeout [ 109.522773][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.530670][ T4190] Bluetooth: hci4: link tx timeout [ 109.535770][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.549588][ T4190] Bluetooth: hci4: link tx timeout [ 109.554726][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.562714][ T4190] Bluetooth: hci4: link tx timeout [ 109.567888][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.577980][ T4190] Bluetooth: hci4: link tx timeout [ 109.583087][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.592381][ T4190] Bluetooth: hci4: link tx timeout [ 109.597684][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.615685][ T4190] Bluetooth: hci4: link tx timeout [ 109.621004][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.710343][ T4190] Bluetooth: hci4: link tx timeout [ 109.715478][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.830788][ T4190] Bluetooth: hci4: link tx timeout [ 109.835950][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.848217][ T4190] Bluetooth: hci4: link tx timeout [ 109.853530][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.872315][ T4190] Bluetooth: hci4: link tx timeout [ 109.877542][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.885391][ T4190] Bluetooth: hci4: link tx timeout [ 109.890759][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.917162][ T4190] Bluetooth: hci4: link tx timeout [ 109.922309][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.930487][ T4190] Bluetooth: hci4: link tx timeout [ 109.935592][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.944875][ T4190] Bluetooth: hci4: link tx timeout [ 109.950054][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.958658][ T4190] Bluetooth: hci4: link tx timeout [ 109.963761][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.971735][ T4190] Bluetooth: hci4: link tx timeout [ 109.976872][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.985222][ T4190] Bluetooth: hci4: link tx timeout [ 109.990375][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 109.998552][ T4190] Bluetooth: hci4: link tx timeout [ 110.003687][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 110.011711][ T4190] Bluetooth: hci4: link tx timeout [ 110.016868][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 110.029797][ T4190] Bluetooth: hci4: link tx timeout [ 110.034947][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 110.043081][ T4190] Bluetooth: hci4: link tx timeout [ 110.048264][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 110.065314][ T4190] Bluetooth: hci4: link tx timeout [ 110.070601][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 110.081089][ T4190] Bluetooth: hci4: link tx timeout [ 110.086211][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 110.094529][ T4190] Bluetooth: hci4: link tx timeout [ 110.099813][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 110.157114][ T4190] Bluetooth: hci4: link tx timeout [ 110.162432][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 110.221109][ T4190] Bluetooth: hci4: link tx timeout [ 110.226247][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 111.886043][ T5056] fuse: Unknown parameter 'use00000000000000000000' [ 111.996958][ T4190] Bluetooth: hci4: link tx timeout [ 112.003473][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 112.011419][ T4190] Bluetooth: hci4: link tx timeout [ 112.016618][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 112.024407][ T4190] Bluetooth: hci4: link tx timeout [ 112.029733][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 112.037751][ T4190] Bluetooth: hci4: link tx timeout [ 112.043064][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 112.052266][ T4190] Bluetooth: hci4: link tx timeout [ 112.057620][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 112.069268][ T4190] Bluetooth: hci4: link tx timeout [ 112.074484][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 112.082545][ T4190] Bluetooth: hci4: link tx timeout [ 112.087894][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 112.095824][ T4190] Bluetooth: hci4: link tx timeout [ 112.101137][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 112.111185][ T4190] Bluetooth: hci4: link tx timeout [ 112.116649][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 112.124619][ T4190] Bluetooth: hci4: link tx timeout [ 112.130137][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 112.263001][ T4190] Bluetooth: hci4: link tx timeout [ 112.268264][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 112.473280][ T4190] Bluetooth: hci4: link tx timeout [ 112.478944][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 112.488266][ T4190] Bluetooth: hci4: link tx timeout [ 112.493403][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 112.502597][ T4190] Bluetooth: hci4: link tx timeout [ 112.507771][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 112.516773][ T4190] Bluetooth: hci4: link tx timeout [ 112.525896][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 112.534111][ T4190] Bluetooth: hci4: link tx timeout [ 112.539269][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 112.547082][ T4190] Bluetooth: hci4: link tx timeout [ 112.552209][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 112.560096][ T4190] Bluetooth: hci4: link tx timeout [ 112.565203][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 112.573069][ T4190] Bluetooth: hci4: link tx timeout [ 112.578192][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 112.585959][ T4190] Bluetooth: hci4: link tx timeout [ 112.591095][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 112.599105][ T4190] Bluetooth: hci4: link tx timeout [ 112.604226][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 112.617079][ T4190] Bluetooth: hci4: link tx timeout [ 112.622212][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 112.630040][ T4190] Bluetooth: hci4: link tx timeout [ 112.635183][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 112.642983][ T4190] Bluetooth: hci4: link tx timeout [ 112.648118][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 112.655909][ T4190] Bluetooth: hci4: link tx timeout [ 112.661048][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 112.669921][ T4190] Bluetooth: hci4: link tx timeout [ 112.675048][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 112.682862][ T4190] Bluetooth: hci4: link tx timeout [ 112.688060][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 112.695799][ T4190] Bluetooth: hci4: link tx timeout [ 112.700952][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 112.708748][ T4190] Bluetooth: hci4: link tx timeout [ 112.713851][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 112.723080][ T4190] Bluetooth: hci4: link tx timeout [ 112.728244][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 112.736357][ T4190] Bluetooth: hci4: link tx timeout [ 112.741515][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 112.749291][ T4190] Bluetooth: hci4: link tx timeout [ 112.754409][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 112.762194][ T4190] Bluetooth: hci4: link tx timeout [ 112.767371][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 112.775205][ T4190] Bluetooth: hci4: link tx timeout [ 112.780482][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 112.788285][ T4190] Bluetooth: hci4: link tx timeout [ 112.793405][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 112.801271][ T4190] Bluetooth: hci4: link tx timeout [ 112.806372][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 112.819637][ T4190] Bluetooth: hci4: link tx timeout [ 112.824959][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 112.833616][ T4190] Bluetooth: hci4: link tx timeout [ 112.839142][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 112.852972][ T4190] Bluetooth: hci4: link tx timeout [ 112.858420][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 112.866278][ T4190] Bluetooth: hci4: link tx timeout [ 112.871465][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 112.879339][ T4190] Bluetooth: hci4: link tx timeout [ 112.884461][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 112.893466][ T4190] Bluetooth: hci4: link tx timeout [ 112.898633][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 112.909790][ T4190] Bluetooth: hci4: link tx timeout [ 112.914933][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 112.923649][ T4190] Bluetooth: hci4: link tx timeout [ 112.928854][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 112.937419][ T4190] Bluetooth: hci4: link tx timeout [ 112.942526][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 112.955082][ T4190] Bluetooth: hci4: link tx timeout [ 112.960248][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 112.970207][ T4190] Bluetooth: hci4: link tx timeout [ 112.975307][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 112.993866][ T4190] Bluetooth: hci4: link tx timeout [ 112.999022][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 113.007373][ T4190] Bluetooth: hci4: link tx timeout [ 113.012490][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 113.024364][ T4190] Bluetooth: hci4: link tx timeout [ 113.029669][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 113.037499][ T4190] Bluetooth: hci4: link tx timeout [ 113.043509][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 113.052010][ T4190] Bluetooth: hci4: link tx timeout [ 113.057155][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 113.077320][ T4190] Bluetooth: hci4: link tx timeout [ 113.082439][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 113.096120][ T4190] Bluetooth: hci4: link tx timeout [ 113.101284][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 113.118886][ T4190] Bluetooth: hci4: link tx timeout [ 113.124026][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 113.133684][ T4190] Bluetooth: hci4: link tx timeout [ 113.138840][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 113.147104][ T4190] Bluetooth: hci4: link tx timeout [ 113.152221][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 113.168315][ T4190] Bluetooth: hci4: link tx timeout [ 113.173415][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 113.181894][ T4190] Bluetooth: hci4: link tx timeout [ 113.187089][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 113.204414][ T4190] Bluetooth: hci4: link tx timeout [ 113.209576][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 113.218510][ T4190] Bluetooth: hci4: link tx timeout [ 113.223611][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 113.233106][ T4190] Bluetooth: hci4: link tx timeout [ 113.238271][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 113.247420][ T4190] Bluetooth: hci4: link tx timeout [ 113.252547][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 113.272791][ T4190] Bluetooth: hci4: link tx timeout [ 113.278059][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 113.288055][ T4190] Bluetooth: hci4: link tx timeout [ 113.293171][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 113.301390][ T4190] Bluetooth: hci4: link tx timeout [ 113.306496][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 113.323391][ T4190] Bluetooth: hci4: link tx timeout [ 113.328626][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 113.338419][ T4190] Bluetooth: hci4: link tx timeout [ 113.343526][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 113.356574][ T4190] Bluetooth: hci4: link tx timeout [ 113.361702][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 113.378309][ T4190] Bluetooth: hci4: link tx timeout [ 113.383448][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 113.406696][ T4190] Bluetooth: hci4: link tx timeout [ 113.412175][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 114.166622][ T21] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 114.426653][ T21] usb 1-1: Using ep0 maxpacket: 8 [ 115.234283][ T21] usb 1-1: config 1 interface 0 altsetting 8 bulk endpoint 0x1 has invalid maxpacket 16 [ 115.250259][ T21] usb 1-1: config 1 interface 0 altsetting 8 bulk endpoint 0x82 has invalid maxpacket 64 [ 115.319762][ T21] usb 1-1: config 1 interface 0 has no altsetting 0 [ 115.596733][ T21] usb 1-1: New USB device found, idVendor=03f0, idProduct=0004, bcdDevice= 0.40 [ 115.627491][ T21] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 115.635499][ T21] usb 1-1: Product: syz [ 115.711575][ T21] usb 1-1: Manufacturer: 폏蹃晡ᘌ疈澢ᢹλ樵ݡᙚ꽂髏韙䛒﷭⃃ᶏ覯뿄ų쎯褈⤗䜚툖萳殯Ȝꃈ㹡䒔肃僂ͣ๾憱롢嬭땶玍艱㒷唞鋫ॉ㸐峻哹ཧꛋᢌ낎ͳ섪뵞謟孌쨳뒮଄ꅵ迲龈汗令뢄䒎앐襎ネ㬡쟰糇拓ᡫ懤ㄕ⌔䫋ꤣጺዴ菌殺 [ 116.203956][ T21] usb 1-1: SerialNumber: syz [ 116.475032][ T5085] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 116.505677][ T5085] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 117.086053][ T5078] Set syz1 is full, maxelem 65536 reached [ 117.287247][ T21] usblp0: Disabling reads from problematic bidirectional printer [ 117.310834][ T5115] netlink: 830 bytes leftover after parsing attributes in process `syz.3.226'. [ 117.375593][ T5115] device bond_slave_0 entered promiscuous mode [ 117.378895][ T21] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 3 if 0 alt 8 proto 3 vid 0x03F0 pid 0x0004 [ 117.381881][ T5115] device bond_slave_1 entered promiscuous mode [ 117.649490][ T21] usb 1-1: USB disconnect, device number 3 [ 117.697521][ T21] usblp0: removed [ 117.757458][ T5135] device syzkaller0 entered promiscuous mode [ 118.058664][ T5142] tipc: Enabled bearer , priority 0 [ 118.253413][ T5136] tipc: Resetting bearer [ 118.669104][ T5136] tipc: Disabling bearer [ 119.210656][ T5167] netlink: 830 bytes leftover after parsing attributes in process `syz.2.240'. [ 119.585980][ T5167] device bond_slave_0 entered promiscuous mode [ 119.592254][ T5167] device bond_slave_1 entered promiscuous mode [ 119.759860][ T5170] block device autoloading is deprecated and will be removed. [ 120.073129][ T5180] ptrace attach of "./syz-executor exec"[4191] was attempted by "./syz-executor exec"[5180] [ 120.216332][ T5178] netlink: 4 bytes leftover after parsing attributes in process `syz.0.242'. [ 122.397757][ T5191] syz.2.246 (5191): drop_caches: 2 [ 123.426963][ T4190] Bluetooth: hci4: link tx timeout [ 123.432130][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 123.440744][ T4190] Bluetooth: hci4: link tx timeout [ 123.446083][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 123.454491][ T4190] Bluetooth: hci4: link tx timeout [ 123.460065][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 123.468030][ T4190] Bluetooth: hci4: link tx timeout [ 123.475328][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 123.483323][ T4190] Bluetooth: hci4: link tx timeout [ 123.488633][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 123.503316][ T4190] Bluetooth: hci4: link tx timeout [ 123.508471][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 124.271774][ T5221] netlink: 4 bytes leftover after parsing attributes in process `syz.3.253'. [ 124.886183][ T5231] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 124.935329][ T5231] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 125.013704][ T5230] tmpfs: Unknown parameter 'usrquota$' [ 125.064278][ T5237] netlink: 8 bytes leftover after parsing attributes in process `syz.4.257'. [ 125.098965][ T5250] fuse: Unknown parameter 'user_id00000000000000000000' [ 125.299165][ T5258] binder: BINDER_SET_CONTEXT_MGR already set [ 125.299178][ T5258] binder: 5256:5258 ioctl 4018620d 200000004a80 returned -16 [ 125.373599][ T5263] 9pnet_virtio: no channels available for device syz [ 125.963944][ T5283] overlayfs: failed to resolve './file0': -2 [ 126.722091][ T5342] syz.0.276 (5342): drop_caches: 2 [ 127.379274][ T5344] mkiss: ax0: crc mode is auto. [ 127.420479][ T5344] netlink: 4 bytes leftover after parsing attributes in process `syz.1.275'. [ 129.346970][ T5347] fuse: Unknown parameter 'user_id00000000000000000000' [ 129.702055][ T5351] kvm: pic: single mode not supported [ 129.703151][ T5351] kvm: pic: single mode not supported [ 129.712628][ T5351] kvm: pic: single mode not supported [ 129.723648][ T5351] kvm: pic: single mode not supported [ 129.742962][ T5351] kvm: pic: single mode not supported [ 129.756057][ T5351] kvm: pic: single mode not supported [ 129.774279][ T5351] kvm: pic: single mode not supported [ 129.796099][ T5351] kvm: pic: single mode not supported [ 129.822708][ T5351] kvm: pic: single mode not supported [ 129.843271][ T5351] kvm: pic: single mode not supported [ 130.249452][ T5365] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 130.682957][ T5375] syz.0.287 (5375): drop_caches: 2 [ 132.316673][ T5386] fuse: Bad value for 'fd' [ 132.689250][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.695556][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.782750][ T5401] netlink: 12 bytes leftover after parsing attributes in process `syz.2.296'. [ 133.980330][ T5399] 9pnet_virtio: no channels available for device syz [ 136.437905][ T5417] 9pnet: p9_fd_create_tcp (5417): problem connecting socket to 127.0.0.1 [ 136.648822][ T5427] syz.4.303 (5427): drop_caches: 2 [ 137.424331][ T5431] fuse: Bad value for 'fd' [ 139.102940][ T4876] hid-generic 00A0:0008:0003.0001: unknown main item tag 0x7 [ 139.162277][ T4876] hid-generic 00A0:0008:0003.0001: item fetching failed at offset 14/15 [ 139.201498][ T4876] hid-generic: probe of 00A0:0008:0003.0001 failed with error -22 [ 139.309516][ T5467] tipc: Enabling of bearer rejected, failed to enable media [ 139.364103][ T5468] device syzkaller0 entered promiscuous mode [ 141.857581][ T5502] tipc: Enabling of bearer rejected, failed to enable media [ 141.937407][ T4190] Bluetooth: hci4: link tx timeout [ 141.942636][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 141.950809][ T4190] Bluetooth: hci4: link tx timeout [ 141.956124][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 141.964443][ T4190] Bluetooth: hci4: link tx timeout [ 141.969962][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 141.978590][ T4190] Bluetooth: hci4: link tx timeout [ 141.984131][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 141.993025][ T4190] Bluetooth: hci4: link tx timeout [ 141.998325][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 143.353711][ T5507] device syzkaller0 entered promiscuous mode [ 143.690502][ T5517] netlink: 24 bytes leftover after parsing attributes in process `syz.3.335'. [ 143.769943][ T5521] netlink: 4 bytes leftover after parsing attributes in process `syz.3.335'. [ 144.008089][ T5528] sp0: Synchronizing with TNC [ 145.544151][ T5536] netlink: 830 bytes leftover after parsing attributes in process `syz.2.339'. [ 145.692749][ T5544] tipc: Enabling of bearer rejected, failed to enable media [ 145.726126][ T5544] device syzkaller0 entered promiscuous mode [ 145.834885][ T5554] ======================================================= [ 145.834885][ T5554] WARNING: The mand mount option has been deprecated and [ 145.834885][ T5554] and is ignored by this kernel. Remove the mand [ 145.834885][ T5554] option from the mount to silence this warning. [ 145.834885][ T5554] ======================================================= [ 145.889725][ T5554] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 146.888269][ T5566] netlink: 830 bytes leftover after parsing attributes in process `syz.0.353'. [ 146.897896][ T5566] device bond_slave_0 entered promiscuous mode [ 146.904099][ T5566] device bond_slave_1 entered promiscuous mode [ 147.044837][ T5571] tipc: Enabled bearer , priority 0 [ 147.117158][ T5571] device syzkaller0 entered promiscuous mode [ 147.129092][ T5581] tipc: Enabling of bearer rejected, failed to enable media [ 147.157736][ T5571] tipc: Resetting bearer [ 147.190045][ T5581] device syzkaller0 entered promiscuous mode [ 147.220270][ T5570] tipc: Resetting bearer [ 147.233963][ T5570] tipc: Disabling bearer [ 149.521161][ T5609] netlink: 830 bytes leftover after parsing attributes in process `syz.4.366'. [ 149.646354][ T5615] binder: 5614:5615 unknown command 0 [ 149.659958][ T5615] binder: 5614:5615 ioctl c0306201 200000000080 returned -22 [ 149.723224][ T5617] netlink: 4 bytes leftover after parsing attributes in process `syz.4.372'. [ 149.761317][ T5613] fuse: root generation should be zero [ 149.773352][ T5617] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 149.786073][ T5617] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 149.833507][ T5617] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 149.843260][ T5617] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 150.061247][ T5630] tipc: Enabled bearer , priority 0 [ 150.072019][ T5629] tipc: Resetting bearer [ 150.105675][ T5629] tipc: Disabling bearer [ 150.302884][ T5641] device veth0_to_bridge entered promiscuous mode [ 150.545045][ T5646] netlink: 830 bytes leftover after parsing attributes in process `syz.1.382'. [ 150.604508][ T5646] device bond_slave_0 entered promiscuous mode [ 150.610775][ T5646] device bond_slave_1 entered promiscuous mode [ 151.816193][ T5637] device veth0_to_bridge left promiscuous mode [ 152.126643][ T3520] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 152.267092][ T5672] input: syz1 as /devices/virtual/input/input6 [ 152.416794][ T3520] usb 2-1: too many configurations: 9, using maximum allowed: 8 [ 152.516814][ T3520] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 152.611752][ T3520] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 152.683015][ T5691] binder: BINDER_SET_CONTEXT_MGR already set [ 152.879641][ T5691] binder: 5690:5691 ioctl 4018620d 200000000040 returned -16 [ 152.905462][ T3520] usb 2-1: config 0 interface 0 has no altsetting 0 [ 153.126746][ T3520] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 153.530732][ T3520] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 153.681995][ T3520] usb 2-1: config 0 interface 0 has no altsetting 0 [ 153.744001][ T5737] tipc: Enabling of bearer rejected, failed to enable media [ 153.766418][ T5737] device syzkaller0 entered promiscuous mode [ 153.798249][ T3520] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 153.822485][ T3520] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 153.870160][ T3520] usb 2-1: config 0 interface 0 has no altsetting 0 [ 153.966796][ T3520] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 153.976620][ T3520] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 153.990549][ T3520] usb 2-1: config 0 interface 0 has no altsetting 0 [ 154.076892][ T3520] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 154.109740][ T3520] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 154.155245][ T3520] usb 2-1: config 0 interface 0 has no altsetting 0 [ 154.246843][ T3520] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 154.281283][ T3520] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 154.588468][ T3520] usb 2-1: config 0 interface 0 has no altsetting 0 [ 154.657907][ T5760] input: syz1 as /devices/virtual/input/input7 [ 154.718357][ T3520] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 154.739062][ T3520] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 154.783495][ T3520] usb 2-1: config 0 interface 0 has no altsetting 0 [ 154.919768][ T3520] usb 2-1: unable to read config index 7 descriptor/start: -71 [ 154.941763][ T3520] usb 2-1: can't read configurations, error -71 [ 156.012399][ T5771] syz.4.407 (5771): drop_caches: 2 [ 156.350107][ T5776] binder: 5775:5776 ioctl c0306201 0 returned -14 [ 156.589291][ T5779] tipc: Enabling of bearer rejected, failed to enable media [ 156.644809][ T5785] device syzkaller0 entered promiscuous mode [ 157.104430][ T5800] netlink: 24 bytes leftover after parsing attributes in process `syz.2.415'. [ 157.167543][ T5798] device syzkaller1 entered promiscuous mode [ 158.202336][ T5812] netlink: 8 bytes leftover after parsing attributes in process `syz.0.419'. [ 158.357005][ T5815] binder: 5814:5815 ioctl c0306201 0 returned -14 [ 158.459946][ T5804] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 158.585815][ T26] audit: type=1326 audit(1756339086.626:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5822 comm="syz.0.424" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa2635cdbe9 code=0x0 [ 158.699864][ T5829] capability: warning: `syz.4.425' uses 32-bit capabilities (legacy support in use) [ 159.495189][ T5833] netlink: 24 bytes leftover after parsing attributes in process `syz.4.427'. [ 159.556389][ T5839] fuse: Unknown parameter '0x0000000000000004' [ 159.677177][ T5837] netlink: 4 bytes leftover after parsing attributes in process `syz.4.427'. [ 159.815892][ T5845] netlink: 3 bytes leftover after parsing attributes in process `syz.3.426'. [ 160.911833][ T5727] batman_adv: batadv0: adding TT local entry 33:33:00:00:00:01 to non-existent VLAN -1 [ 161.152296][ T5859] binder: 5858:5859 ioctl c0306201 0 returned -14 [ 163.007827][ T5872] netlink: 830 bytes leftover after parsing attributes in process `syz.4.439'. [ 163.847499][ T5878] md2: error: failed to get bitmap file [ 164.861892][ T5894] binder: 5890:5894 ioctl 4018620d 0 returned -22 [ 164.875672][ T5894] binder: 5890:5894 unknown command 0 [ 164.883001][ T5894] binder: 5890:5894 ioctl c0306201 200000000080 returned -22 [ 166.146304][ T5919] netlink: 3 bytes leftover after parsing attributes in process `syz.3.447'. [ 167.588589][ T5923] sched: RT throttling activated [ 169.992135][ T5958] netlink: 'syz.1.465': attribute type 1 has an invalid length. [ 170.103474][ T5965] netlink: 24 bytes leftover after parsing attributes in process `syz.4.466'. [ 170.212917][ T5969] netlink: 4 bytes leftover after parsing attributes in process `syz.4.466'. [ 170.355664][ T5973] netlink: 3 bytes leftover after parsing attributes in process `syz.0.469'. [ 170.920679][ T5980] binder: BINDER_SET_CONTEXT_MGR already set [ 170.960103][ T5980] binder: 5979:5980 ioctl 4018620d 200000000040 returned -16 [ 173.248050][ T6004] device syzkaller0 entered promiscuous mode [ 173.379640][ T6008] netlink: 24 bytes leftover after parsing attributes in process `syz.0.481'. [ 173.459468][ T6010] netlink: 4 bytes leftover after parsing attributes in process `syz.0.481'. [ 174.318470][ T6041] netlink: 'syz.2.489': attribute type 6 has an invalid length. [ 174.773433][ T6043] tmpfs: Unknown parameter 'usrquota' [ 175.094519][ T6050] bad cache= option: none : no [ 175.094519][ T6050] blocksize : 1 [ 175.094519][ T6050] ivsize : 12 [ 175.094519][ T6050] maxauthsize : 16 [ 175.094519][ T6050] geniv : [ 175.094519][ T6050] [ 175.094519][ T6050] name : ctr(aes) [ 175.094519][ T6050] driver : ctr(aes-aesni) [ 175.094519][ T6050] module : kernel [ 175.094519][ T6050] priority : 300 [ 175.094519][ T6050] refcnt : 1 [ 175.094519][ T6050] selftest : passed [ 175.094519][ T6050] internal : no [ 175.094519][ T6050] type : skcipher [ 175.094519][ T6050] async : no [ 175.094519][ T6050] blocksize : 1 [ 175.094519][ T6050] min keysize : 16 [ 175.094519][ T6050] max keysize : 32 [ 175.094519][ T6050] ivsize : 16 [ 175.094519][ T6050] chunksize : 16 [ 175.094519][ T6050] walksize : 16 [ 175.094519][ T6050] [ 175.094519][ T6050] name : hmac(md5) [ 175.094519][ T6050] driver : hmac(md5-generic) [ 175.593999][ T6050] CIFS: VFS: bad cache= option: none : no [ 175.593999][ T6050] blocksize : 1 [ 175.593999][ T6050] ivsize : 12 [ 175.593999][ T6050] maxauthsize : 16 [ 175.593999][ T6050] geniv : [ 175.593999][ T6050] [ 175.593999][ T6050] name : ctr(aes) [ 175.593999][ T6050] driver : ctr(aes-aesni) [ 175.593999][ T6050] module : kernel [ 175.593999][ T6050] priority : 300 [ 175.593999][ T6050] refcnt : 1 [ 175.593999][ T6050] selftest : passed [ 175.593999][ T6050] internal : no [ 175.593999][ T6050] type : skcipher [ 175.593999][ T6050] async : no [ 175.593999][ T6050] blocksize : 1 [ 175.593999][ T6050] min keysize : 16 [ 175.593999][ T6050] max keysize : 32 [ 175.593999][ T6050] ivsize : 16 [ 175.593999][ T6050] chunksize : 16 [ 175.593999][ T6050] walksize : 16 [ 175.593999][ T6050] [ 175.593999][ T6050] name : hmac(md5) [ 175.780676][ T4976] Bluetooth: hci0: command 0x0406 tx timeout [ 175.928700][ T4224] Bluetooth: hci1: command 0x0406 tx timeout [ 175.936789][ T4224] Bluetooth: hci3: command 0x0406 tx timeout [ 175.966304][ T4224] Bluetooth: hci2: command 0x0406 tx timeout [ 176.665491][ T6075] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 179.683875][ T6136] block device autoloading is deprecated and will be removed. [ 179.753982][ T6140] block device autoloading is deprecated and will be removed. [ 183.534283][ T6196] syz.4.526 (6196): drop_caches: 2 [ 184.486749][ T4190] Bluetooth: hci4: link tx timeout [ 184.491991][ T4190] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 184.500840][ T4190] Bluetooth: hci4: link tx timeout [ 184.506063][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 184.513838][ T4190] Bluetooth: hci4: link tx timeout [ 184.519143][ T4190] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 184.527089][ T4190] Bluetooth: hci4: link tx timeout [ 184.532260][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 184.541418][ T4190] Bluetooth: hci4: link tx timeout [ 184.546801][ T4190] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 184.554673][ T4190] Bluetooth: hci4: link tx timeout [ 184.560123][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 184.570233][ T4190] Bluetooth: hci4: link tx timeout [ 184.575468][ T4190] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 184.583239][ T4190] Bluetooth: hci4: link tx timeout [ 184.588447][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 184.596167][ T4190] Bluetooth: hci4: link tx timeout [ 184.601436][ T4190] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 184.609789][ T4190] Bluetooth: hci4: link tx timeout [ 184.614959][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 184.623002][ T4190] Bluetooth: hci4: link tx timeout [ 184.628371][ T4190] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 184.636603][ T4190] Bluetooth: hci4: link tx timeout [ 184.641888][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 184.772232][ T4190] Bluetooth: hci4: link tx timeout [ 184.777436][ T4190] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 184.785133][ T4190] Bluetooth: hci4: link tx timeout [ 184.790301][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 184.798449][ T4190] Bluetooth: hci4: link tx timeout [ 184.803605][ T4190] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 184.811889][ T4190] Bluetooth: hci4: link tx timeout [ 184.817090][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 184.825124][ T4190] Bluetooth: hci4: link tx timeout [ 184.830550][ T4190] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 184.978329][ T4190] Bluetooth: hci4: link tx timeout [ 184.983465][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 185.017760][ T4190] Bluetooth: hci4: link tx timeout [ 185.022909][ T4190] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 185.030611][ T4190] Bluetooth: hci4: link tx timeout [ 185.035708][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 185.102844][ T4190] Bluetooth: hci4: link tx timeout [ 185.108134][ T4190] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 185.116077][ T4190] Bluetooth: hci4: link tx timeout [ 185.199663][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 185.209230][ T4190] Bluetooth: hci4: link tx timeout [ 185.214450][ T4190] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 185.223092][ T4190] Bluetooth: hci4: link tx timeout [ 185.228248][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 185.236052][ T4190] Bluetooth: hci4: link tx timeout [ 185.241212][ T4190] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 185.249407][ T4190] Bluetooth: hci4: link tx timeout [ 185.255381][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 185.263882][ T4190] Bluetooth: hci4: link tx timeout [ 185.269004][ T4190] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 185.277607][ T4190] Bluetooth: hci4: link tx timeout [ 185.282699][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 185.298378][ T4190] Bluetooth: hci4: link tx timeout [ 185.303498][ T4190] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 185.311533][ T4190] Bluetooth: hci4: link tx timeout [ 185.316968][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 185.325056][ T4190] Bluetooth: hci4: link tx timeout [ 185.330304][ T4190] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 185.338019][ T4190] Bluetooth: hci4: link tx timeout [ 185.343123][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 185.454721][ T4190] Bluetooth: hci4: link tx timeout [ 185.460028][ T4190] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 185.467811][ T4190] Bluetooth: hci4: link tx timeout [ 185.473144][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 185.529317][ T4190] Bluetooth: hci4: link tx timeout [ 185.534735][ T4190] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 185.542663][ T4190] Bluetooth: hci4: link tx timeout [ 185.549792][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 185.557793][ T4190] Bluetooth: hci4: link tx timeout [ 185.562899][ T4190] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 185.573130][ T4190] Bluetooth: hci4: link tx timeout [ 185.578618][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 185.607777][ T4190] Bluetooth: hci4: link tx timeout [ 185.612931][ T4190] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 185.620805][ T4190] Bluetooth: hci4: link tx timeout [ 185.627844][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 185.635507][ T4190] Bluetooth: hci4: link tx timeout [ 185.640839][ T4190] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 185.648532][ T4190] Bluetooth: hci4: link tx timeout [ 185.653618][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 185.666591][ T4190] Bluetooth: hci4: link tx timeout [ 185.671733][ T4190] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 185.679463][ T4190] Bluetooth: hci4: link tx timeout [ 185.684571][ T4190] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 186.262348][ T6236] syz.3.539 (6236): drop_caches: 2 [ 186.759285][ T3520] Bluetooth: hci4: command 0x0406 tx timeout [ 188.214987][ T6245] 9pnet: p9_fd_create_tcp (6245): problem connecting socket to 127.0.0.1 [ 190.887574][ T7] Bluetooth: hci4: command 0x0405 tx timeout [ 192.315251][ T6280] syz.3.552 (6280): drop_caches: 2 [ 193.804500][ T6297] binder: 6296:6297 ioctl c0306201 0 returned -14 [ 194.141680][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.148036][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 197.595880][ T6326] netlink: 830 bytes leftover after parsing attributes in process `syz.0.566'. [ 197.817609][ T6333] binder: 6332:6333 unknown command 1074553619 [ 197.837490][ T6333] binder: 6332:6333 ioctl c0306201 200000000040 returned -22 [ 197.847627][ T6333] binder: 6332:6333 ioctl 40044591 0 returned -22 [ 197.907363][ T6338] binder: 6332:6338 unknown command 1074553620 [ 197.918704][ T6338] binder: 6332:6338 ioctl c0306201 200000000640 returned -22 [ 197.969149][ T6343] device syzkaller0 entered promiscuous mode [ 198.074402][ T6349] tipc: Enabling of bearer rejected, failed to enable media [ 199.501501][ T6373] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 199.551259][ T23] Bluetooth: hci5: command 0x1003 tx timeout [ 200.026158][ T4186] Bluetooth: hci5: sending frame failed (-49) [ 200.280512][ T6384] netlink: 4 bytes leftover after parsing attributes in process `syz.0.578'. [ 201.557664][ T23] Bluetooth: hci6: command 0x1003 tx timeout [ 201.558373][ T4186] Bluetooth: hci6: sending frame failed (-49) [ 201.563442][ T6384] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 201.563542][ T6384] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 201.565428][ T6384] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 201.565451][ T6384] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 201.997946][ T6393] kAFS: No cell specified [ 202.149616][ T23] Bluetooth: hci5: command 0x1001 tx timeout [ 202.149698][ T4186] Bluetooth: hci5: sending frame failed (-49) [ 202.880063][ T6400] device syzkaller0 entered promiscuous mode [ 203.740189][ T23] Bluetooth: hci6: command 0x1001 tx timeout [ 203.746266][ T4186] Bluetooth: hci6: sending frame failed (-49) [ 204.206663][ T3520] Bluetooth: hci5: command 0x1009 tx timeout [ 206.805206][ T23] Bluetooth: hci6: command 0x1009 tx timeout [ 206.848188][ T6431] netlink: 830 bytes leftover after parsing attributes in process `syz.1.591'. [ 207.043884][ T6439] kAFS: No cell specified [ 209.478865][ T6451] device syzkaller0 entered promiscuous mode [ 209.964782][ T6454] netlink: 4 bytes leftover after parsing attributes in process `syz.0.595'. [ 213.308644][ T6484] netlink: 830 bytes leftover after parsing attributes in process `syz.0.606'. [ 213.335857][ T6485] kAFS: No cell specified [ 214.975547][ T6498] binder: 6493:6498 ioctl c0306201 0 returned -14 [ 215.153350][ T6503] device syzkaller0 entered promiscuous mode [ 215.320431][ T6510] netlink: 4 bytes leftover after parsing attributes in process `syz.3.613'. [ 215.486640][ T6455] Bluetooth: hci5: command 0x1003 tx timeout [ 216.318077][ T4190] Bluetooth: hci5: sending frame failed (-49) [ 216.801606][ T6531] kAFS: No cell specified [ 217.945055][ T6545] device syzkaller0 entered promiscuous mode [ 218.273735][ T6550] netlink: 4 bytes leftover after parsing attributes in process `syz.2.626'. [ 218.308499][ T6550] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 218.330624][ T6550] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 218.350898][ T6550] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 218.359599][ T6550] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 218.376698][ T23] Bluetooth: hci5: command 0x1001 tx timeout [ 218.386382][ T4190] Bluetooth: hci5: sending frame failed (-49) [ 220.446967][ T4976] Bluetooth: hci5: command 0x1009 tx timeout [ 221.915199][ T6597] binder: 6596:6597 ioctl c0306201 0 returned -14 [ 221.983777][ T6601] device syzkaller0 entered promiscuous mode [ 222.229480][ T6626] netlink: 4 bytes leftover after parsing attributes in process `syz.2.640'. [ 225.040272][ T6661] device syzkaller0 entered promiscuous mode [ 225.482290][ T6682] netlink: 4 bytes leftover after parsing attributes in process `syz.0.654'. [ 225.604382][ T6691] binder: 6688:6691 ioctl c0306201 0 returned -14 [ 228.263900][ T4245] Bluetooth: hci5: command 0x1003 tx timeout [ 228.297123][ T4190] Bluetooth: hci5: sending frame failed (-49) [ 228.620467][ T6720] tipc: Enabled bearer , priority 0 [ 228.633774][ T6720] tipc: Resetting bearer [ 228.649973][ T6719] tipc: Disabling bearer [ 230.139478][ T6767] netlink: 4 bytes leftover after parsing attributes in process `syz.3.673'. [ 230.366874][ T4245] Bluetooth: hci5: command 0x1001 tx timeout [ 230.373036][ T4190] Bluetooth: hci5: sending frame failed (-49) [ 230.981872][ T6782] tipc: Enabled bearer , priority 0 [ 231.025150][ T6782] tipc: Resetting bearer [ 231.061445][ T6781] tipc: Disabling bearer [ 232.304299][ T6806] netlink: 4 bytes leftover after parsing attributes in process `syz.3.686'. [ 232.446665][ T21] Bluetooth: hci5: command 0x1009 tx timeout [ 234.192095][ T6825] tipc: Started in network mode [ 234.197504][ T6825] tipc: Node identity 1278b1cb3108, cluster identity 4711 [ 234.213493][ T6825] tipc: Enabled bearer , priority 0 [ 234.236500][ T6825] tipc: Resetting bearer [ 234.254668][ T6824] tipc: Disabling bearer [ 239.461140][ T6870] tipc: Enabling of bearer rejected, failed to enable media [ 242.908312][ T6923] netlink: 4 bytes leftover after parsing attributes in process `syz.2.714'. [ 243.225287][ T6940] tipc: Enabled bearer , priority 0 [ 243.257474][ T6940] device syzkaller0 entered promiscuous mode [ 243.299010][ T6939] tipc: Resetting bearer [ 243.325152][ T6939] tipc: Disabling bearer [ 244.278077][ T4290] tipc: Node number set to 2768646402 [ 244.927500][ T3520] Bluetooth: hci5: command 0x1003 tx timeout [ 246.358266][ T4190] Bluetooth: hci5: sending frame failed (-49) [ 246.504873][ T6978] netlink: 4 bytes leftover after parsing attributes in process `syz.0.730'. [ 246.822074][ T6998] tipc: Enabled bearer , priority 0 [ 246.845158][ T6998] device syzkaller0 entered promiscuous mode [ 246.859277][ T6997] tipc: Resetting bearer [ 246.881877][ T6997] tipc: Disabling bearer [ 248.456919][ T3520] Bluetooth: hci5: command 0x1001 tx timeout [ 248.995795][ T4190] Bluetooth: hci5: sending frame failed (-49) [ 251.006732][ T3520] Bluetooth: hci5: command 0x1009 tx timeout [ 251.508344][ T7055] netlink: 4 bytes leftover after parsing attributes in process `syz.3.745'. [ 251.649084][ T7066] tipc: Enabled bearer , priority 0 [ 251.662260][ T7066] device syzkaller0 entered promiscuous mode [ 251.677316][ T7066] tipc: Resetting bearer [ 251.684689][ T7065] tipc: Resetting bearer [ 251.713571][ T7065] tipc: Disabling bearer [ 255.464385][ T7122] netlink: 4 bytes leftover after parsing attributes in process `syz.0.760'. [ 255.577660][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.583954][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.616162][ T7127] tipc: Enabled bearer , priority 0 [ 255.624249][ T7127] device syzkaller0 entered promiscuous mode [ 255.696232][ T7135] tipc: Resetting bearer [ 256.080030][ T7126] tipc: Resetting bearer [ 256.099248][ T7126] tipc: Disabling bearer [ 257.758284][ T4976] Bluetooth: hci5: command 0x1003 tx timeout [ 257.836228][ T4190] Bluetooth: hci5: sending frame failed (-49) [ 258.268362][ T7173] binder: BINDER_SET_CONTEXT_MGR already set [ 258.294792][ T7173] binder: 7172:7173 ioctl 4018620d 200000004a80 returned -16 [ 258.944044][ T7173] binder: 7172:7173 ioctl c0306201 0 returned -14 [ 259.415963][ T7192] netlink: 4 bytes leftover after parsing attributes in process `syz.2.776'. [ 259.485874][ T7195] tipc: Enabled bearer , priority 0 [ 259.495864][ T7195] device syzkaller0 entered promiscuous mode [ 259.522253][ T7195] tipc: Resetting bearer [ 259.538168][ T7194] tipc: Resetting bearer [ 259.572975][ T7194] tipc: Disabling bearer [ 260.920210][ T21] Bluetooth: hci5: command 0x1001 tx timeout [ 260.974363][ T4190] Bluetooth: hci5: sending frame failed (-49) [ 261.652802][ T7226] binder: 7224:7226 ioctl c0306201 0 returned -14 [ 262.945403][ T7254] netlink: 4 bytes leftover after parsing attributes in process `syz.0.790'. [ 262.981740][ T7253] tipc: Enabled bearer , priority 0 [ 263.006624][ T21] Bluetooth: hci5: command 0x1009 tx timeout [ 263.026699][ T7253] device syzkaller0 entered promiscuous mode [ 263.071946][ T7253] tipc: Resetting bearer [ 263.095491][ T7251] tipc: Resetting bearer [ 263.121051][ T7251] tipc: Disabling bearer [ 266.642559][ T7297] binder: 7296:7297 ioctl c0306201 0 returned -14 [ 266.785464][ T7308] tipc: Enabled bearer , priority 0 [ 266.795444][ T7308] device syzkaller0 entered promiscuous mode [ 266.822674][ T7308] tipc: Resetting bearer [ 266.839578][ T7304] tipc: Resetting bearer [ 266.860055][ T7304] tipc: Disabling bearer [ 266.874465][ T7313] netlink: 4 bytes leftover after parsing attributes in process `syz.4.803'. [ 269.176783][ T4173] Bluetooth: hci5: command 0x1003 tx timeout [ 269.188642][ T4190] Bluetooth: hci5: sending frame failed (-49) [ 269.809639][ T7372] tipc: Enabled bearer , priority 0 [ 269.839303][ T7372] device syzkaller0 entered promiscuous mode [ 269.891145][ T7372] tipc: Resetting bearer [ 269.911508][ T7371] tipc: Resetting bearer [ 269.922829][ T7371] tipc: Disabling bearer [ 269.982366][ T7384] netlink: 4 bytes leftover after parsing attributes in process `syz.4.820'. [ 271.390360][ T4173] Bluetooth: hci5: command 0x1001 tx timeout [ 271.409001][ T4190] Bluetooth: hci5: sending frame failed (-49) [ 273.056908][ T7428] tipc: Enabled bearer , priority 0 [ 273.070491][ T7428] device syzkaller0 entered promiscuous mode [ 273.091494][ T7428] tipc: Resetting bearer [ 273.112227][ T7427] tipc: Resetting bearer [ 273.132660][ T7427] tipc: Disabling bearer [ 273.194969][ T7432] netlink: 4 bytes leftover after parsing attributes in process `syz.3.834'. [ 273.486675][ T4173] Bluetooth: hci5: command 0x1009 tx timeout [ 274.806086][ T7485] tipc: Enabled bearer , priority 0 [ 274.817882][ T7485] device syzkaller0 entered promiscuous mode [ 274.849591][ T7485] tipc: Resetting bearer [ 274.867213][ T7484] tipc: Resetting bearer [ 274.888904][ T7484] tipc: Disabling bearer [ 275.251234][ T7497] netlink: 4 bytes leftover after parsing attributes in process `syz.2.848'. [ 277.201305][ T7536] tipc: Enabled bearer , priority 0 [ 277.290874][ T7543] device syzkaller0 entered promiscuous mode [ 277.476182][ T7536] tipc: Resetting bearer [ 277.530366][ T7551] netlink: 4 bytes leftover after parsing attributes in process `syz.2.860'. [ 277.636495][ T7533] tipc: Resetting bearer [ 277.698671][ T7533] tipc: Disabling bearer [ 279.920988][ T7602] tipc: Enabled bearer , priority 0 [ 279.943969][ T7606] netlink: 4 bytes leftover after parsing attributes in process `syz.3.873'. [ 279.955977][ T7602] device syzkaller0 entered promiscuous mode [ 279.991345][ T7602] tipc: Resetting bearer [ 280.025262][ T7601] tipc: Resetting bearer [ 280.095912][ T7601] tipc: Disabling bearer [ 282.555943][ T4245] Bluetooth: hci5: command 0x1003 tx timeout [ 282.568366][ T4190] Bluetooth: hci5: sending frame failed (-49) [ 283.049476][ T7674] tipc: Enabled bearer , priority 0 [ 283.077014][ T7675] netlink: 4 bytes leftover after parsing attributes in process `syz.2.888'. [ 283.099499][ T7674] device syzkaller0 entered promiscuous mode [ 283.131422][ T7674] tipc: Resetting bearer [ 283.181851][ T7673] tipc: Resetting bearer [ 283.230616][ T7673] tipc: Disabling bearer [ 284.650927][ T4245] Bluetooth: hci5: command 0x1001 tx timeout [ 284.670593][ T4190] Bluetooth: hci5: sending frame failed (-49) [ 286.111914][ T7734] tipc: Enabled bearer , priority 0 [ 286.129554][ T7734] device syzkaller0 entered promiscuous mode [ 286.168008][ T7734] tipc: Resetting bearer [ 286.199753][ T7738] netlink: 4 bytes leftover after parsing attributes in process `syz.0.901'. [ 286.229455][ T7733] tipc: Resetting bearer [ 286.250948][ T7733] tipc: Disabling bearer [ 286.687973][ T4976] Bluetooth: hci5: command 0x1009 tx timeout [ 288.682569][ T7795] tipc: Enabled bearer , priority 0 [ 288.703092][ T7795] device syzkaller0 entered promiscuous mode [ 288.726311][ T7795] tipc: Resetting bearer [ 288.752290][ T7793] tipc: Resetting bearer [ 288.781181][ T7793] tipc: Disabling bearer [ 290.423339][ T7802] netlink: 4 bytes leftover after parsing attributes in process `syz.1.917'. [ 290.466972][ T7802] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 290.511553][ T7802] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 290.531843][ T7802] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 290.539900][ T7802] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 292.333080][ T7851] tipc: Enabled bearer , priority 0 [ 292.377339][ T7851] device syzkaller0 entered promiscuous mode [ 292.407350][ T7851] tipc: Resetting bearer [ 292.434453][ T7850] tipc: Resetting bearer [ 292.457456][ T7850] tipc: Disabling bearer [ 293.168029][ T7889] netlink: 4 bytes leftover after parsing attributes in process `syz.1.937'. [ 294.783619][ T7915] tipc: Enabled bearer , priority 0 [ 294.792577][ T7915] device syzkaller0 entered promiscuous mode [ 294.808743][ T7915] tipc: Resetting bearer [ 294.861993][ T7913] tipc: Resetting bearer [ 294.873530][ T7913] tipc: Disabling bearer [ 295.281664][ T7943] netlink: 4 bytes leftover after parsing attributes in process `syz.4.951'. [ 297.343002][ T7978] tipc: Enabled bearer , priority 0 [ 297.353211][ T7978] device syzkaller0 entered promiscuous mode [ 297.403069][ T7978] tipc: Resetting bearer [ 297.415574][ T7977] tipc: Resetting bearer [ 297.428128][ T7977] tipc: Disabling bearer [ 298.290075][ T8005] netlink: 4 bytes leftover after parsing attributes in process `syz.4.965'. [ 299.681350][ T8016] tipc: Enabled bearer , priority 0 [ 299.701701][ T8016] device syzkaller0 entered promiscuous mode [ 299.767927][ T8016] tipc: Resetting bearer [ 299.797629][ T8015] tipc: Resetting bearer [ 299.812471][ T8015] tipc: Disabling bearer [ 302.043565][ T8056] netlink: 4 bytes leftover after parsing attributes in process `syz.0.983'. [ 302.308443][ T8070] tipc: Enabled bearer , priority 0 [ 302.322546][ T8070] device syzkaller0 entered promiscuous mode [ 302.355681][ T8070] tipc: Resetting bearer [ 302.387047][ T8069] tipc: Resetting bearer [ 302.442695][ T8069] tipc: Disabling bearer [ 305.199251][ T8135] netlink: 4 bytes leftover after parsing attributes in process `syz.4.999'. [ 305.297454][ T8140] tipc: Enabled bearer , priority 0 [ 305.305029][ T8140] device syzkaller0 entered promiscuous mode [ 305.340399][ T8140] tipc: Resetting bearer [ 305.361518][ T8139] tipc: Resetting bearer [ 305.373372][ T8139] tipc: Disabling bearer [ 307.960619][ T4238] Bluetooth: hci5: command 0x1003 tx timeout [ 307.967464][ T4190] Bluetooth: hci5: sending frame failed (-49) [ 308.324405][ T8185] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1017'. [ 308.533659][ T8190] tipc: Enabled bearer , priority 0 [ 308.554494][ T8190] device syzkaller0 entered promiscuous mode [ 308.594647][ T8190] tipc: Resetting bearer [ 308.613984][ T8189] tipc: Resetting bearer [ 308.647824][ T8189] tipc: Disabling bearer [ 310.512064][ T4238] Bluetooth: hci5: command 0x1001 tx timeout [ 310.525576][ T4190] Bluetooth: hci5: sending frame failed (-49) [ 310.721552][ T8237] tipc: Enabled bearer , priority 0 [ 310.729351][ T8237] device syzkaller0 entered promiscuous mode [ 310.766271][ T8237] tipc: Resetting bearer [ 310.791656][ T8236] tipc: Resetting bearer [ 310.805608][ T8236] tipc: Disabling bearer [ 310.833429][ T8246] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1031'. [ 313.190805][ T4275] Bluetooth: hci5: command 0x1009 tx timeout [ 313.400203][ T8300] tipc: Enabled bearer , priority 0 [ 313.417427][ T8300] device syzkaller0 entered promiscuous mode [ 313.468461][ T8300] tipc: Resetting bearer [ 313.486229][ T8299] tipc: Resetting bearer [ 313.534975][ T8299] tipc: Disabling bearer [ 313.660142][ T8322] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1047'. [ 316.387152][ T8373] tipc: Enabled bearer , priority 0 [ 316.395922][ T8373] device syzkaller0 entered promiscuous mode [ 316.431336][ T8373] tipc: Resetting bearer [ 316.439271][ T8372] tipc: Resetting bearer [ 316.450137][ T8372] tipc: Disabling bearer [ 316.703605][ T8383] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1064'. [ 317.011232][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.017606][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.805556][ T8418] tipc: Enabled bearer , priority 0 [ 318.820599][ T8418] device syzkaller0 entered promiscuous mode [ 318.844777][ T8414] 9pnet: p9_fd_create_tcp (8414): problem connecting socket to 127.0.0.1 [ 318.863763][ T8418] tipc: Resetting bearer [ 318.882593][ T8417] tipc: Resetting bearer [ 318.908507][ T8417] tipc: Disabling bearer [ 319.338298][ T8441] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1077'. [ 319.452303][ T8447] binder: BINDER_SET_CONTEXT_MGR already set [ 319.476847][ T8447] binder: 8445:8447 ioctl 4018620d 200000004a80 returned -16 [ 321.252103][ T4238] Bluetooth: hci5: command 0x1003 tx timeout [ 321.259410][ T4190] Bluetooth: hci5: sending frame failed (-49) [ 321.297207][ T8470] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1083'. [ 321.324295][ T8470] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1083'. [ 321.731744][ T8479] tipc: Enabled bearer , priority 0 [ 321.763403][ T8479] device syzkaller0 entered promiscuous mode [ 321.899917][ T8479] tipc: Resetting bearer [ 321.963745][ T8478] tipc: Resetting bearer [ 322.034372][ T8478] tipc: Disabling bearer [ 323.699649][ T4290] Bluetooth: hci5: command 0x1001 tx timeout [ 323.721007][ T4190] Bluetooth: hci5: sending frame failed (-49) [ 323.910388][ T8503] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1090'. [ 324.037576][ T8502] 9pnet: p9_fd_create_tcp (8502): problem connecting socket to 127.0.0.1 [ 325.816763][ T23] Bluetooth: hci5: command 0x1009 tx timeout [ 325.854257][ T8547] tipc: Enabled bearer , priority 0 [ 325.871663][ T8547] device syzkaller0 entered promiscuous mode [ 326.021366][ T8547] tipc: Resetting bearer [ 326.070310][ T8546] tipc: Resetting bearer [ 326.165928][ T8546] tipc: Disabling bearer [ 327.806175][ T8573] 9pnet: p9_fd_create_tcp (8573): problem connecting socket to 127.0.0.1 [ 327.811060][ T8580] netlink: 3 bytes leftover after parsing attributes in process `syz.3.1108'. [ 331.639162][ T8617] binder: BINDER_SET_CONTEXT_MGR already set [ 331.645527][ T8617] binder: 8616:8617 ioctl 4018620d 200000004a80 returned -16 [ 334.540641][ T8638] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 334.699124][ T8638] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 334.861623][ T8638] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 334.997441][ T8638] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 335.008358][ T4245] Bluetooth: hci5: command 0x1003 tx timeout [ 335.015906][ T4190] Bluetooth: hci5: sending frame failed (-49) [ 335.261199][ T8638] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 335.305461][ T8638] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 335.456331][ T8638] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 335.488025][ T8638] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 335.561272][ T8652] input: syz0 as /devices/virtual/input/input12 [ 337.086709][ T21] Bluetooth: hci5: command 0x1001 tx timeout [ 337.093211][ T4190] Bluetooth: hci5: sending frame failed (-49) [ 339.056700][ T8665] binder: 8663:8665 ioctl c0306201 0 returned -14 [ 339.166665][ T3520] Bluetooth: hci5: command 0x1009 tx timeout [ 341.017461][ T8685] befs: (nbd1): No write support. Marking filesystem read-only [ 341.032775][ T6239] block nbd1: Attempted send on invalid socket [ 341.039735][ T6239] blk_update_request: I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 341.052607][ T8685] befs: (nbd1): unable to read superblock [ 341.858836][ T8705] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1145'. [ 341.940513][ T8705] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1145'. [ 342.275506][ T8711] binder: 8710:8711 ioctl c0306201 0 returned -14 [ 344.034428][ T8718] syz.2.1149 (8718): drop_caches: 2 [ 344.529629][ T8731] 9pnet_virtio: no channels available for device syz [ 345.561634][ T8749] binder: 8748:8749 ioctl c0306201 0 returned -14 [ 345.705042][ T8752] process 'syz.0.1159' launched './file0' with NULL argv: empty string added [ 349.369342][ T8778] syz.3.1164 (8778): drop_caches: 2 [ 350.148510][ T8777] netlink: 'syz.0.1167': attribute type 10 has an invalid length. [ 350.156433][ T8777] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1167'. [ 350.165761][ T8777] device dummy0 entered promiscuous mode [ 350.172689][ T8777] bridge0: port 3(dummy0) entered blocking state [ 350.179919][ T8777] bridge0: port 3(dummy0) entered disabled state [ 350.190820][ T8777] bridge0: port 3(dummy0) entered blocking state [ 350.197664][ T8777] bridge0: port 3(dummy0) entered forwarding state [ 354.437599][ T8832] tipc: Enabling of bearer rejected, failed to enable media [ 354.717964][ T8839] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1181'. [ 360.026018][ T23] Bluetooth: hci5: command 0x1003 tx timeout [ 360.035720][ T4190] Bluetooth: hci5: sending frame failed (-49) [ 361.106008][ T8903] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1200'. [ 361.240555][ T8903] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1200'. [ 361.589962][ T8916] tipc: Enabled bearer , priority 0 [ 361.598562][ T8916] device syzkaller0 entered promiscuous mode [ 361.615187][ T8916] tipc: Resetting bearer [ 361.622969][ T8915] tipc: Resetting bearer [ 361.634767][ T8915] tipc: Disabling bearer [ 361.726361][ T8918] binder: 8917:8918 unknown command 0 [ 361.748788][ T8918] binder: 8917:8918 ioctl c0306201 200000000080 returned -22 [ 362.046839][ T23] Bluetooth: hci5: command 0x1001 tx timeout [ 362.054801][ T4190] Bluetooth: hci5: sending frame failed (-49) [ 364.126770][ T23] Bluetooth: hci5: command 0x1009 tx timeout [ 364.475479][ T8951] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1216'. [ 364.580753][ T8958] binder: 8957:8958 unknown command 0 [ 364.586153][ T8958] binder: 8957:8958 ioctl c0306201 200000000080 returned -22 [ 364.599141][ T8951] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1216'. [ 371.510258][ T9055] syz.1.1239 (9055): drop_caches: 2 [ 372.871479][ T9058] binder: 9057:9058 unknown command 0 [ 372.881189][ T9058] binder: 9057:9058 ioctl c0306201 200000000080 returned -22 [ 373.239175][ T5716] Bluetooth: Error in BCSP hdr checksum [ 373.859334][ T9016] delete_channel: no stack [ 373.867474][ T4573] Bluetooth: Error in BCSP hdr checksum [ 375.118255][ T4245] Bluetooth: hci5: command 0x1003 tx timeout [ 375.129722][ T4190] Bluetooth: hci5: sending frame failed (-49) [ 375.471416][ T9071] 9pnet: p9_fd_create_tcp (9071): problem connecting socket to 127.0.0.1 [ 375.596345][ T9079] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1247'. [ 376.761754][ T9095] syz.1.1253 (9095): drop_caches: 2 [ 377.191681][ T4245] Bluetooth: hci5: command 0x1001 tx timeout [ 377.198759][ T4190] Bluetooth: hci5: sending frame failed (-49) [ 378.448948][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.455302][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.637461][ T9113] fuse: Bad value for 'fd' [ 380.063752][ T21] Bluetooth: hci5: command 0x1009 tx timeout [ 380.386425][ T9131] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1262'. [ 381.379170][ T9144] syz.2.1267 (9144): drop_caches: 2 [ 382.259022][ T9148] binder: 9147:9148 unknown command 0 [ 382.276759][ T9148] binder: 9147:9148 ioctl c0306201 200000000080 returned -22 [ 382.296075][ T9148] binder: 9147:9148 ioctl 4018620d 0 returned -22 [ 384.572375][ T9179] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1276'. [ 384.662133][ T9177] syz.4.1280 (9177): drop_caches: 2 [ 384.736839][ T9185] binder: 9184:9185 unknown command 0 [ 384.750756][ T9185] binder: 9184:9185 ioctl c0306201 200000000080 returned -22 [ 384.797427][ T9185] binder: 9184:9185 ioctl 4018620d 0 returned -22 [ 387.949036][ T9227] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1291'. [ 388.017735][ T9230] syz.2.1294 (9230): drop_caches: 2 [ 388.120516][ T9232] netlink: 3 bytes leftover after parsing attributes in process `syz.0.1295'. [ 389.285143][ T9238] binder: 9237:9238 unknown command 0 [ 389.290817][ T9238] binder: 9237:9238 ioctl c0306201 200000000080 returned -22 [ 389.312372][ T9238] binder: 9237:9238 ioctl c0306201 0 returned -14 [ 389.700017][ T7] Bluetooth: hci5: command 0x1003 tx timeout [ 390.796345][ T4190] Bluetooth: hci5: sending frame failed (-49) [ 392.063740][ T9270] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1306'. [ 392.197736][ T9274] 9pnet: p9_fd_create_tcp (9274): problem connecting socket to 127.0.0.1 [ 393.112187][ T7] Bluetooth: hci5: command 0x1001 tx timeout [ 393.419867][ T4190] Bluetooth: hci5: sending frame failed (-49) [ 395.035579][ T9288] syz.3.1310 (9288): drop_caches: 2 [ 396.007226][ T7] Bluetooth: hci5: command 0x1009 tx timeout [ 396.418678][ T9306] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1319'. [ 401.051363][ T9341] syz.1.1328 (9341): drop_caches: 2 [ 403.102812][ T9359] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1332'. [ 405.140915][ T4976] Bluetooth: hci5: command 0x1003 tx timeout [ 405.490475][ T4190] Bluetooth: hci5: sending frame failed (-49) [ 405.975233][ T9407] syz.1.1342 (9407): drop_caches: 2 [ 407.566908][ T4173] Bluetooth: hci5: command 0x1001 tx timeout [ 408.352071][ T4190] Bluetooth: hci5: sending frame failed (-49) [ 408.892890][ T9448] 9pnet: p9_fd_create_tcp (9448): problem connecting socket to 127.0.0.1 [ 409.842537][ T9475] syz.2.1355 (9475): drop_caches: 2 [ 410.366646][ T4185] Bluetooth: hci5: command 0x1009 tx timeout [ 412.264861][ T9509] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1360'. [ 413.909029][ T9539] syz.0.1367 (9539): drop_caches: 2 [ 416.692994][ T9570] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1373'. [ 418.932804][ T9609] syz.2.1381 (9609): drop_caches: 2 [ 419.807319][ T4185] Bluetooth: hci5: command 0x1003 tx timeout [ 419.813416][ T4190] Bluetooth: hci5: sending frame failed (-49) [ 420.375804][ T9628] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1385'. [ 421.113658][ T9639] netlink: 3 bytes leftover after parsing attributes in process `syz.0.1387'. [ 421.414503][ T9653] 9pnet: p9_fd_create_tcp (9653): problem connecting socket to 127.0.0.1 [ 422.191020][ T4976] Bluetooth: hci5: command 0x1001 tx timeout [ 422.201607][ T4190] Bluetooth: hci5: sending frame failed (-49) [ 423.821935][ T9664] syz.2.1393 (9664): drop_caches: 2 [ 424.286642][ T23] Bluetooth: hci5: command 0x1009 tx timeout [ 427.334158][ T9692] 9pnet: p9_fd_create_tcp (9692): problem connecting socket to 127.0.0.1 [ 430.154446][ T9714] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1408'. [ 430.179245][ T9714] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1408'. [ 430.282582][ T9727] input: syz1 as /devices/virtual/input/input15 [ 431.509652][ T9738] 9pnet: p9_fd_create_tcp (9738): problem connecting socket to 127.0.0.1 [ 433.355795][ T9750] syz.1.1417 (9750): drop_caches: 2 [ 433.613102][ T9758] tipc: Enabled bearer , priority 0 [ 433.722491][ T9758] tipc: Resetting bearer [ 433.827193][ T9763] device syzkaller0 entered promiscuous mode [ 433.854607][ T9763] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready [ 433.921625][ T9755] tipc: Resetting bearer [ 433.986266][ T9755] tipc: Disabling bearer [ 436.546157][ T9784] 9pnet: p9_fd_create_tcp (9784): problem connecting socket to 127.0.0.1 [ 438.645662][ T9797] syz.1.1431 (9797): drop_caches: 2 [ 439.718295][ T9807] input: syz1 as /devices/virtual/input/input16 [ 439.889198][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.895501][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.006939][ T9816] tipc: Enabled bearer , priority 0 [ 440.040588][ T9816] device syzkaller0 entered promiscuous mode [ 440.091668][ T9816] tipc: Resetting bearer [ 440.146682][ T9814] tipc: Resetting bearer [ 441.617973][ T9814] tipc: Disabling bearer [ 441.689821][ T4976] tipc: Node number set to 3042455452 [ 442.058420][ T9834] 9pnet: p9_fd_create_tcp (9834): problem connecting socket to 127.0.0.1 [ 442.542897][ T9840] binder: 9839:9840 unknown command 0 [ 442.553421][ T9840] binder: 9839:9840 ioctl c0306201 200000000080 returned -22 [ 442.601279][ T9840] binder: 9839:9840 ioctl c0306201 0 returned -14 [ 443.453799][ T9853] syz.4.1448 (9853): drop_caches: 2 [ 446.807915][ T9870] input: syz1 as /devices/virtual/input/input17 [ 446.924783][ T9873] binder: 9872:9873 unknown command 0 [ 446.996614][ T9873] binder: 9872:9873 ioctl c0306201 200000000080 returned -22 [ 447.106940][ T9873] binder: 9872:9873 ioctl c0306201 0 returned -14 [ 448.222324][ T9883] tipc: Enabled bearer , priority 0 [ 448.247379][ T9883] device syzkaller0 entered promiscuous mode [ 448.327096][ T9883] tipc: Resetting bearer [ 448.365285][ T9888] 9pnet: p9_fd_create_tcp (9888): problem connecting socket to 127.0.0.1 [ 448.376886][ T9882] tipc: Resetting bearer [ 448.391867][ T9882] tipc: Disabling bearer [ 448.437246][ T9890] fuse: Bad value for 'fd' [ 448.596358][ T9900] syz.1.1459 (9900): drop_caches: 2 [ 452.291371][ T9923] binder: 9922:9923 unknown command 0 [ 452.315228][ T9923] binder: 9922:9923 ioctl c0306201 200000000080 returned -22 [ 452.368197][ T9925] fuse: Bad value for 'fd' [ 452.618895][ T9933] syz.4.1473 (9933): drop_caches: 2 [ 452.624424][ T9932] tipc: Enabled bearer , priority 0 [ 452.675416][ T9932] device syzkaller0 entered promiscuous mode [ 452.777903][ T9932] tipc: Resetting bearer [ 452.815691][ T9929] tipc: Resetting bearer [ 452.897228][ T9929] tipc: Disabling bearer [ 453.097886][ T9942] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1476'. [ 453.188639][ T9947] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1476'. [ 453.231861][ T9952] 9pnet: p9_fd_create_tcp (9952): problem connecting socket to 127.0.0.1 [ 455.520505][ T9971] binder: 9970:9971 unknown command 0 [ 455.555994][ T9971] binder: 9970:9971 ioctl c0306201 200000000080 returned -22 [ 456.637231][ T9980] syz.3.1486 (9980): drop_caches: 2 [ 457.587861][ T9983] tipc: Enabling of bearer rejected, failed to enable media [ 458.658187][T10004] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1491'. [ 458.734691][T10004] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1491'. [ 460.519850][T10017] binder: 10016:10017 unknown command 0 [ 460.556612][T10017] binder: 10016:10017 ioctl c0306201 200000000080 returned -22 [ 460.777481][T10023] 9pnet: p9_fd_create_tcp (10023): problem connecting socket to 127.0.0.1 [ 463.053603][T10043] tipc: Enabled bearer , priority 0 [ 463.073506][T10043] device syzkaller0 entered promiscuous mode [ 463.122667][T10043] tipc: Resetting bearer [ 463.137057][T10042] tipc: Resetting bearer [ 463.154050][T10042] tipc: Disabling bearer [ 465.092118][T10070] binder: 10067:10070 unknown command 0 [ 465.161601][T10070] binder: 10067:10070 ioctl c0306201 200000000080 returned -22 [ 465.397444][T10076] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1508'. [ 465.615179][T10076] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1508'. [ 467.340160][T10108] tipc: Enabled bearer , priority 0 [ 467.360555][T10108] device syzkaller0 entered promiscuous mode [ 467.394407][T10108] tipc: Resetting bearer [ 467.418512][T10105] tipc: Resetting bearer [ 467.455918][T10105] tipc: Disabling bearer [ 469.412681][T10134] syz.2.1520 (10134): drop_caches: 2 [ 470.139712][T10138] input: syz1 as /devices/virtual/input/input18 [ 473.548944][T10170] tipc: Enabled bearer , priority 0 [ 473.653691][T10170] device syzkaller0 entered promiscuous mode [ 475.154388][T10169] tipc: Resetting bearer [ 475.203494][T10169] tipc: Disabling bearer [ 478.775219][T10215] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1541'. [ 478.805837][T10215] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1541'. [ 480.769920][T10232] syz.0.1545 (10232): drop_caches: 2 [ 485.206930][T10274] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1558'. [ 485.319293][T10277] syz.4.1559 (10277): drop_caches: 2 [ 486.350638][T10278] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1558'. [ 487.363691][T10289] tipc: Enabled bearer , priority 0 [ 487.379209][T10289] device syzkaller0 entered promiscuous mode [ 487.398526][T10289] tipc: Resetting bearer [ 487.411237][T10286] tipc: Resetting bearer [ 487.428315][T10286] tipc: Disabling bearer [ 491.773362][T10324] syz.1.1572 (10324): drop_caches: 2 [ 494.189144][T10343] netlink: 3 bytes leftover after parsing attributes in process `syz.2.1574'. [ 497.205027][T10387] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1583'. [ 497.304731][T10387] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1583'. [ 497.962788][T10408] tipc: Enabled bearer , priority 0 [ 497.998128][T10408] device syzkaller0 entered promiscuous mode [ 498.053915][T10408] tipc: Resetting bearer [ 498.093877][T10406] tipc: Resetting bearer [ 498.105477][T10406] tipc: Disabling bearer [ 500.886907][T10427] binder: 10423:10427 unknown command 0 [ 500.928833][T10427] binder: 10423:10427 ioctl c0306201 200000000080 returned -22 [ 501.328089][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.335155][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.393330][T10451] netlink: 3 bytes leftover after parsing attributes in process `syz.3.1596'. [ 501.925572][T10462] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1600'. [ 505.799347][T10495] binder: 10492:10495 unknown command 0 [ 505.805074][T10495] binder: 10492:10495 ioctl c0306201 200000000080 returned -22 [ 508.571198][T10538] binder: 10537:10538 unknown command 0 [ 508.807657][T10538] binder: 10537:10538 ioctl c0306201 200000000080 returned -22 [ 509.440854][T10540] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1619'. [ 509.587873][T10540] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1619'. [ 509.899647][T10566] netlink: 3 bytes leftover after parsing attributes in process `syz.1.1623'. [ 509.969338][T10569] input: syz1 as /devices/virtual/input/input19 [ 510.555127][T10576] tipc: Enabled bearer , priority 0 [ 510.577344][T10576] device syzkaller0 entered promiscuous mode [ 510.642176][T10576] tipc: Resetting bearer [ 510.670406][T10575] tipc: Resetting bearer [ 510.727348][T10575] tipc: Disabling bearer [ 511.603573][T10596] binder: 10595:10596 unknown command 0 [ 511.772560][T10596] binder: 10595:10596 ioctl c0306201 200000000080 returned -22 [ 512.994495][T10600] binder: BINDER_SET_CONTEXT_MGR already set [ 513.035570][T10600] binder: 10595:10600 ioctl 4018620d 200000000040 returned -16 [ 514.651448][T10627] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1636'. [ 514.723573][T10627] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1636'. [ 514.825441][T10640] fuse: Bad value for 'group_id' [ 515.159163][T10645] netlink: 3 bytes leftover after parsing attributes in process `syz.0.1640'. [ 515.210504][T10650] input: syz1 as /devices/virtual/input/input20 [ 516.930688][T10661] binder: 10657:10661 unknown command 0 [ 516.936256][T10661] binder: 10657:10661 ioctl c0306201 200000000080 returned -22 [ 516.978372][T10661] binder: BINDER_SET_CONTEXT_MGR already set [ 516.990272][T10661] binder: 10657:10661 ioctl 4018620d 200000000040 returned -16 [ 519.107559][T10684] fuse: Bad value for 'group_id' [ 521.263172][T10719] netlink: 3 bytes leftover after parsing attributes in process `syz.4.1658'. [ 522.289931][T10728] input: syz1 as /devices/virtual/input/input21 [ 522.420651][T10738] fuse: Bad value for 'group_id' [ 522.543287][T10743] tipc: Enabled bearer , priority 0 [ 522.560751][T10743] device syzkaller0 entered promiscuous mode [ 522.674373][T10743] tipc: Resetting bearer [ 522.700715][T10741] tipc: Resetting bearer [ 522.718916][T10741] tipc: Disabling bearer [ 526.295263][ C0] IPv4: Oversized IP packet from 172.20.20.24 [ 526.427956][T10785] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1674'. [ 526.455581][T10786] tipc: Enabling of bearer rejected, failed to enable media [ 526.795719][T10794] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1677'. [ 526.883376][T10794] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1677'. [ 527.696680][T10816] syz.1.1682 (10816): drop_caches: 2 [ 527.708217][T10801] block nbd3: shutting down sockets [ 528.205112][T10829] syz.0.1687 (10829): drop_caches: 2 [ 529.815809][T10847] tipc: Enabling of bearer rejected, failed to enable media [ 530.990035][T10876] syz.1.1694 (10876): drop_caches: 2 [ 532.447886][T10879] block nbd2: shutting down sockets [ 533.587289][T10924] tipc: Enabling of bearer rejected, failed to enable media [ 535.571881][T10946] syz.4.1707 (10946): drop_caches: 2 [ 536.585547][T10956] 9pnet_virtio: no channels available for device syz [ 536.697358][T10957] netlink: 'syz.0.1710': attribute type 10 has an invalid length. [ 536.705578][T10957] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1710'. [ 537.076019][T10957] team0: Port device geneve0 added [ 537.671773][T10965] block nbd2: shutting down sockets [ 538.059285][T10986] hub 1-0:1.0: USB hub found [ 538.069302][T10986] hub 1-0:1.0: 1 port detected [ 538.671302][T10988] nbd4: detected capacity change from 0 to 1024 [ 539.566875][T11000] block nbd4: NBD_DISCONNECT [ 539.571955][T11000] block nbd4: Send disconnect failed -89 [ 539.630323][T10988] block nbd4: Disconnected due to user request. [ 539.641387][ T8947] blk_update_request: I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 539.652441][ T8947] Buffer I/O error on dev nbd4, logical block 0, async page read [ 539.661892][ T8947] blk_update_request: I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 539.672738][ T8947] Buffer I/O error on dev nbd4, logical block 0, async page read [ 539.681087][ T8947] blk_update_request: I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 539.691896][ T8947] Buffer I/O error on dev nbd4, logical block 0, async page read [ 539.700371][ T8947] blk_update_request: I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 539.711277][ T8947] Buffer I/O error on dev nbd4, logical block 0, async page read [ 539.719418][ T8947] blk_update_request: I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 539.731385][ T8947] Buffer I/O error on dev nbd4, logical block 0, async page read [ 539.739450][ T8947] blk_update_request: I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 539.750300][ T8947] Buffer I/O error on dev nbd4, logical block 0, async page read [ 539.761399][ T8947] blk_update_request: I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 539.772225][ T8947] Buffer I/O error on dev nbd4, logical block 0, async page read [ 539.780163][ T8947] blk_update_request: I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 539.790984][ T8947] Buffer I/O error on dev nbd4, logical block 0, async page read [ 539.798790][ T4899] ldm_validate_partition_table(): Disk read failed. [ 539.805892][ T8947] blk_update_request: I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 539.816786][ T8947] Buffer I/O error on dev nbd4, logical block 0, async page read [ 539.826741][T10988] block nbd4: shutting down sockets [ 539.833149][ T6239] blk_update_request: I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 539.844075][ T6239] Buffer I/O error on dev nbd4, logical block 0, async page read [ 539.862625][ T4899] Dev nbd4: unable to read RDB block 0 [ 539.877188][ T4899] nbd4: unable to read partition table [ 539.936813][ T4899] ldm_validate_partition_table(): Disk read failed. [ 539.975546][ T4899] Dev nbd4: unable to read RDB block 0 [ 539.982982][ T4899] nbd4: unable to read partition table [ 541.850740][T11033] syz.4.1722 (11033): drop_caches: 2 [ 543.636734][T11064] block nbd3: shutting down sockets [ 545.649045][T11090] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 545.671445][T11090] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 545.685072][T11090] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 545.693395][T11090] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 547.888285][T11141] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 549.370808][T11129] block nbd1: shutting down sockets [ 551.052453][T11170] fuse: Unknown parameter 'grou00000000000000000000' [ 554.969570][T11210] fuse: Unknown parameter 'grou00000000000000000000' [ 555.979958][T11241] syz.3.1774 (11241): drop_caches: 2 [ 556.306715][ T4275] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 556.716694][ T3520] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 556.726716][ T4275] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 557.981915][ T4275] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 557.990932][ T4275] usb 4-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 558.000084][ T4275] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 558.012557][ T4275] usb 4-1: config 0 descriptor?? [ 558.145127][ T4275] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 558.156632][ T3520] usb 1-1: Using ep0 maxpacket: 8 [ 558.198967][T11261] netlink: 3 bytes leftover after parsing attributes in process `syz.4.1781'. [ 558.206673][ T4275] dvb-usb: bulk message failed: -22 (3/0) [ 558.262331][ T4275] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 558.296167][ T3520] usb 1-1: config 0 interface 0 has no altsetting 0 [ 558.296994][ T4275] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 558.310287][ T3520] usb 1-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 558.353709][ T4275] usb 4-1: media controller created [ 558.361460][ T4275] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 558.373948][T11268] input: syz1 as /devices/virtual/input/input22 [ 558.394967][ T3520] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 559.187547][ T4275] dvb-usb: bulk message failed: -22 (6/0) [ 559.193372][ T4275] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 559.239083][ T3520] usb 1-1: config 0 descriptor?? [ 559.277428][ T4275] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input23 [ 559.306949][ T4275] dvb-usb: schedule remote query interval to 150 msecs. [ 559.326161][ T4275] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 559.356767][ T4275] usb 4-1: USB disconnect, device number 3 [ 559.417902][ T4275] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 559.565031][T11281] syz.0.1786 (11281): drop_caches: 2 [ 559.571054][ T3520] usbhid 1-1:0.0: can't add hid device: -71 [ 559.577124][ T3520] usbhid: probe of 1-1:0.0 failed with error -71 [ 559.632102][ T3520] usb 1-1: USB disconnect, device number 4 [ 562.768570][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.774952][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.327194][T11320] syz.2.1799 (11320): drop_caches: 2 [ 563.342467][T11316] binder: 11314:11316 unknown command 0 [ 563.401920][T11316] binder: 11314:11316 ioctl c0306201 200000000080 returned -22 [ 563.526941][T11319] binder_alloc: 11314: binder_alloc_buf, no vma [ 563.545381][T11319] binder: 11314:11319 ioctl c0306201 200000000280 returned -11 [ 563.731155][T11327] netlink: 3 bytes leftover after parsing attributes in process `syz.4.1800'. [ 563.871922][T11335] input: syz1 as /devices/virtual/input/input24 [ 568.146974][T11382] netlink: 3 bytes leftover after parsing attributes in process `syz.2.1816'. [ 568.201539][T11384] input: syz1 as /devices/virtual/input/input25 [ 570.571629][T11392] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1820'. [ 570.729988][T11392] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1820'. [ 570.932115][T11398] block nbd1: shutting down sockets [ 572.041037][T11423] [ 572.043399][T11423] ============================= [ 572.048505][T11423] WARNING: suspicious RCU usage [ 572.053426][T11423] 5.15.189-syzkaller #0 Not tainted [ 572.058951][T11423] ----------------------------- [ 572.063863][T11423] include/linux/rhashtable.h:594 suspicious rcu_dereference_check() usage! [ 572.074066][T11423] [ 572.074066][T11423] other info that might help us debug this: [ 572.074066][T11423] [ 572.087606][T11423] [ 572.087606][T11423] rcu_scheduler_active = 2, debug_locks = 1 [ 572.106778][T11423] 1 lock held by syz.2.1829/11423: [ 572.115601][T11423] #0: ffffffff8d235f48 (rtnl_mutex){+.+.}-{3:3}, at: ip_mroute_setsockopt+0x105/0x11a0 [ 572.129058][T11423] [ 572.129058][T11423] stack backtrace: [ 572.135112][T11423] CPU: 1 PID: 11423 Comm: syz.2.1829 Not tainted 5.15.189-syzkaller #0 [ 572.143362][T11423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 572.153445][T11423] Call Trace: [ 572.156741][T11423] [ 572.159682][T11423] dump_stack_lvl+0x168/0x230 [ 572.164379][T11423] ? load_image+0x3b0/0x3b0 [ 572.168899][T11423] ? show_regs_print_info+0x20/0x20 [ 572.174126][T11423] ? lockdep_rcu_suspicious+0x110/0x180 [ 572.179686][T11423] ? local_bh_enable+0x20/0x20 [ 572.184468][T11423] rhltable_lookup+0x77b/0x790 [ 572.189266][T11423] ? lock_chain_count+0x20/0x20 [ 572.194133][T11423] ? mr_mfc_find_parent+0x190/0x190 [ 572.199348][T11423] ? local_bh_enable+0x20/0x20 [ 572.204119][T11423] ? preempt_schedule+0xa7/0xb0 [ 572.209098][T11423] ? ipmr_mfc_add+0x21ad/0x2eb0 [ 572.213965][T11423] ? preempt_schedule+0xa7/0xb0 [ 572.218827][T11423] ? schedule_preempt_disabled+0x20/0x20 [ 572.224478][T11423] ? lock_chain_count+0x20/0x20 [ 572.229352][T11423] mr_mfc_find_any_parent+0xb6/0x1e0 [ 572.234658][T11423] ? local_bh_enable+0x20/0x20 [ 572.239451][T11423] ip_mr_forward+0x24c/0xf90 [ 572.244059][T11423] ipmr_mfc_add+0x2466/0x2eb0 [ 572.248753][T11423] ? ipmr_mfc_delete+0x5c0/0x5c0 [ 572.253721][T11423] ? __lock_acquire+0x7c60/0x7c60 [ 572.258775][T11423] ip_mroute_setsockopt+0xe33/0x11a0 [ 572.264082][T11423] ? ipmr_rule_default+0x70/0x70 [ 572.269049][T11423] ? __might_sleep+0xf0/0xf0 [ 572.273647][T11423] ip_setsockopt+0x4ad/0x3070 [ 572.278440][T11423] ? ipv4_pktinfo_prepare+0x6f0/0x6f0 [ 572.283821][T11423] ? aa_sk_perm+0x7b4/0x8f0 [ 572.288337][T11423] ? aa_af_perm+0x2b0/0x2b0 [ 572.292844][T11423] ? __fget_files+0x40f/0x480 [ 572.297532][T11423] ? aa_sock_opt_perm+0x74/0x100 [ 572.302486][T11423] ? sock_common_setsockopt+0x32/0xb0 [ 572.308040][T11423] ? raw_setsockopt+0xc5/0x180 [ 572.312812][T11423] ? sock_common_recvmsg+0x1b0/0x1b0 [ 572.318187][T11423] __sys_setsockopt+0x2bf/0x3d0 [ 572.323052][T11423] __x64_sys_setsockopt+0xb1/0xc0 [ 572.328092][T11423] do_syscall_64+0x4c/0xa0 [ 572.332515][T11423] ? clear_bhb_loop+0x30/0x80 [ 572.337192][T11423] ? clear_bhb_loop+0x30/0x80 [ 572.341873][T11423] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 572.347789][T11423] RIP: 0033:0x7f5cb721fbe9 [ 572.352209][T11423] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 572.371826][T11423] RSP: 002b:00007f5cb5466038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 572.380296][T11423] RAX: ffffffffffffffda RBX: 00007f5cb7447090 RCX: 00007f5cb721fbe9 [ 572.388281][T11423] RDX: 00000000000000d2 RSI: 0000000000000000 RDI: 000000000000000a [ 572.396261][T11423] RBP: 00007f5cb72a2e19 R08: 000000000000003c R09: 0000000000000000 [ 572.404246][T11423] R10: 0000200000000200 R11: 0000000000000246 R12: 0000000000000000 [ 572.412235][T11423] R13: 00007f5cb7447128 R14: 00007f5cb7447090 R15: 00007ffc6d1a7fd8 [ 572.420234][T11423] [ 572.427195][T11423] [ 572.429894][T11423] ============================= [ 572.434833][T11423] WARNING: suspicious RCU usage [ 572.439862][T11423] 5.15.189-syzkaller #0 Not tainted [ 572.446152][T11423] ----------------------------- [ 572.451393][T11423] include/linux/rhashtable.h:369 suspicious rcu_dereference_check() usage! [ 572.466660][T11423] [ 572.466660][T11423] other info that might help us debug this: [ 572.466660][T11423] [ 572.485179][T11423] [ 572.485179][T11423] rcu_scheduler_active = 2, debug_locks = 1 [ 572.493393][T11423] 1 lock held by syz.2.1829/11423: [ 572.500210][T11423] #0: ffffffff8d235f48 (rtnl_mutex){+.+.}-{3:3}, at: ip_mroute_setsockopt+0x105/0x11a0 [ 572.510109][T11423] [ 572.510109][T11423] stack backtrace: [ 572.516130][T11423] CPU: 1 PID: 11423 Comm: syz.2.1829 Not tainted 5.15.189-syzkaller #0 [ 572.524372][T11423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 572.534435][T11423] Call Trace: [ 572.537715][T11423] [ 572.540645][T11423] dump_stack_lvl+0x168/0x230 [ 572.545329][T11423] ? load_image+0x3b0/0x3b0 [ 572.549837][T11423] ? show_regs_print_info+0x20/0x20 [ 572.555046][T11423] ? lockdep_rcu_suspicious+0x110/0x180 [ 572.560592][T11423] ? local_bh_enable+0x20/0x20 [ 572.565361][T11423] rhltable_lookup+0x504/0x790 [ 572.570138][T11423] ? local_bh_enable+0x20/0x20 [ 572.574905][T11423] ? mr_mfc_find_parent+0x190/0x190 [ 572.580116][T11423] ? local_bh_enable+0x20/0x20 [ 572.584880][T11423] ? preempt_schedule+0xa7/0xb0 [ 572.589726][T11423] ? ipmr_mfc_add+0x21ad/0x2eb0 [ 572.594581][T11423] ? preempt_schedule+0xa7/0xb0 [ 572.599444][T11423] ? schedule_preempt_disabled+0x20/0x20 [ 572.605079][T11423] ? lock_chain_count+0x20/0x20 [ 572.609937][T11423] mr_mfc_find_any_parent+0xb6/0x1e0 [ 572.615235][T11423] ? local_bh_enable+0x20/0x20 [ 572.620003][T11423] ip_mr_forward+0x24c/0xf90 [ 572.624610][T11423] ipmr_mfc_add+0x2466/0x2eb0 [ 572.629304][T11423] ? ipmr_mfc_delete+0x5c0/0x5c0 [ 572.634244][T11423] ? __lock_acquire+0x7c60/0x7c60 [ 572.639290][T11423] ip_mroute_setsockopt+0xe33/0x11a0 [ 572.644588][T11423] ? ipmr_rule_default+0x70/0x70 [ 572.649541][T11423] ? __might_sleep+0xf0/0xf0 [ 572.654133][T11423] ip_setsockopt+0x4ad/0x3070 [ 572.658829][T11423] ? ipv4_pktinfo_prepare+0x6f0/0x6f0 [ 572.664201][T11423] ? aa_sk_perm+0x7b4/0x8f0 [ 572.668719][T11423] ? aa_af_perm+0x2b0/0x2b0 [ 572.673228][T11423] ? __fget_files+0x40f/0x480 [ 572.677910][T11423] ? aa_sock_opt_perm+0x74/0x100 [ 572.682858][T11423] ? sock_common_setsockopt+0x32/0xb0 [ 572.688337][T11423] ? raw_setsockopt+0xc5/0x180 [ 572.693106][T11423] ? sock_common_recvmsg+0x1b0/0x1b0 [ 572.698402][T11423] __sys_setsockopt+0x2bf/0x3d0 [ 572.703259][T11423] __x64_sys_setsockopt+0xb1/0xc0 [ 572.708292][T11423] do_syscall_64+0x4c/0xa0 [ 572.712711][T11423] ? clear_bhb_loop+0x30/0x80 [ 572.717384][T11423] ? clear_bhb_loop+0x30/0x80 [ 572.722073][T11423] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 572.727972][T11423] RIP: 0033:0x7f5cb721fbe9 [ 572.732388][T11423] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 572.752002][T11423] RSP: 002b:00007f5cb5466038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 572.760422][T11423] RAX: ffffffffffffffda RBX: 00007f5cb7447090 RCX: 00007f5cb721fbe9 [ 572.768402][T11423] RDX: 00000000000000d2 RSI: 0000000000000000 RDI: 000000000000000a [ 572.776374][T11423] RBP: 00007f5cb72a2e19 R08: 000000000000003c R09: 0000000000000000 [ 572.784361][T11423] R10: 0000200000000200 R11: 0000000000000246 R12: 0000000000000000 [ 572.792337][T11423] R13: 00007f5cb7447128 R14: 00007f5cb7447090 R15: 00007ffc6d1a7fd8 [ 572.800419][T11423] [ 572.815865][T11423] [ 572.821217][T11423] ============================= [ 572.826170][T11423] WARNING: suspicious RCU usage [ 572.831262][T11423] 5.15.189-syzkaller #0 Not tainted [ 572.836731][T11423] ----------------------------- [ 572.841628][T11423] include/linux/rhashtable.h:614 suspicious rcu_dereference_check() usage! [ 572.850586][T11423] [ 572.850586][T11423] other info that might help us debug this: [ 572.850586][T11423] [ 572.860970][T11423] [ 572.860970][T11423] rcu_scheduler_active = 2, debug_locks = 1 [ 572.869080][T11423] 1 lock held by syz.2.1829/11423: [ 572.874248][T11423] #0: ffffffff8d235f48 (rtnl_mutex){+.+.}-{3:3}, at: ip_mroute_setsockopt+0x105/0x11a0 [ 572.884291][T11423] [ 572.884291][T11423] stack backtrace: [ 572.890360][T11423] CPU: 0 PID: 11423 Comm: syz.2.1829 Not tainted 5.15.189-syzkaller #0 [ 572.898856][T11423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 572.908914][T11423] Call Trace: [ 572.912187][T11423] [ 572.915108][T11423] dump_stack_lvl+0x168/0x230 [ 572.919967][T11423] ? load_image+0x3b0/0x3b0 [ 572.924623][T11423] ? show_regs_print_info+0x20/0x20 [ 572.929821][T11423] ? lockdep_rcu_suspicious+0x110/0x180 [ 572.935355][T11423] ? local_bh_enable+0x20/0x20 [ 572.940108][T11423] rhltable_lookup+0x5f8/0x790 [ 572.944883][T11423] ? local_bh_enable+0x20/0x20 [ 572.949637][T11423] ? mr_mfc_find_parent+0x190/0x190 [ 572.954826][T11423] ? local_bh_enable+0x20/0x20 [ 572.959575][T11423] ? preempt_schedule+0xa7/0xb0 [ 572.964412][T11423] ? ipmr_mfc_add+0x21ad/0x2eb0 [ 572.969278][T11423] ? preempt_schedule+0xa7/0xb0 [ 572.974114][T11423] ? schedule_preempt_disabled+0x20/0x20 [ 572.979737][T11423] ? lock_chain_count+0x20/0x20 [ 572.984677][T11423] mr_mfc_find_any_parent+0xb6/0x1e0 [ 572.989962][T11423] ? local_bh_enable+0x20/0x20 [ 572.994756][T11423] ip_mr_forward+0x24c/0xf90 [ 572.999337][T11423] ipmr_mfc_add+0x2466/0x2eb0 [ 573.004009][T11423] ? ipmr_mfc_delete+0x5c0/0x5c0 [ 573.008939][T11423] ? __lock_acquire+0x7c60/0x7c60 [ 573.013967][T11423] ip_mroute_setsockopt+0xe33/0x11a0 [ 573.019254][T11423] ? ipmr_rule_default+0x70/0x70 [ 573.024194][T11423] ? __might_sleep+0xf0/0xf0 [ 573.028821][T11423] ip_setsockopt+0x4ad/0x3070 [ 573.033622][T11423] ? ipv4_pktinfo_prepare+0x6f0/0x6f0 [ 573.038999][T11423] ? aa_sk_perm+0x7b4/0x8f0 [ 573.043499][T11423] ? aa_af_perm+0x2b0/0x2b0 [ 573.048121][T11423] ? __fget_files+0x40f/0x480 [ 573.052824][T11423] ? aa_sock_opt_perm+0x74/0x100 [ 573.057753][T11423] ? sock_common_setsockopt+0x32/0xb0 [ 573.063140][T11423] ? raw_setsockopt+0xc5/0x180 [ 573.067913][T11423] ? sock_common_recvmsg+0x1b0/0x1b0 [ 573.073200][T11423] __sys_setsockopt+0x2bf/0x3d0 [ 573.078044][T11423] __x64_sys_setsockopt+0xb1/0xc0 [ 573.083069][T11423] do_syscall_64+0x4c/0xa0 [ 573.087491][T11423] ? clear_bhb_loop+0x30/0x80 [ 573.092158][T11423] ? clear_bhb_loop+0x30/0x80 [ 573.096825][T11423] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 573.102724][T11423] RIP: 0033:0x7f5cb721fbe9 [ 573.107127][T11423] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 573.126728][T11423] RSP: 002b:00007f5cb5466038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 573.135132][T11423] RAX: ffffffffffffffda RBX: 00007f5cb7447090 RCX: 00007f5cb721fbe9 [ 573.143115][T11423] RDX: 00000000000000d2 RSI: 0000000000000000 RDI: 000000000000000a [ 573.151075][T11423] RBP: 00007f5cb72a2e19 R08: 000000000000003c R09: 0000000000000000 [ 573.159031][T11423] R10: 0000200000000200 R11: 0000000000000246 R12: 0000000000000000 [ 573.166990][T11423] R13: 00007f5cb7447128 R14: 00007f5cb7447090 R15: 00007ffc6d1a7fd8 [ 573.174971][T11423]