last executing test programs: 6.901649601s ago: executing program 2 (id=618): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newlink={0x70, 0x10, 0x1, 0x70bd29, 0x25dfdbf4, {0x0, 0x0, 0x0, 0x0, 0x0, 0x20008}, [@IFLA_IFNAME={0x14, 0x3, 'team0\x00'}, @IFLA_ADDRESS={0xa, 0x1, @local}, @IFLA_VFINFO_LIST={0x30, 0x16, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, [@IFLA_VF_MAC={0x28, 0x1, {0xffffffff, @random="19ba5f2f5470"}}]}]}]}, 0x70}}, 0x8000) 6.515769235s ago: executing program 2 (id=622): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000820004000000000000000c00850000000f00000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r5 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r5, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0}, 0x18) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) wait4(0x0, 0x0, 0x8, 0x0) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000009400), 0x0) getgroups(0x0, 0x0) fstat(0xffffffffffffffff, 0x0) getgroups(0x0, &(0x7f00000003c0)) fstat(r4, &(0x7f000000b4c0)) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x55) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r8, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x14, r9, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@void, @void}}}, 0x14}}, 0x4000054) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r10 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r10, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x2a, 0x0, 0x0) 6.487212073s ago: executing program 3 (id=623): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee7, 0x8031, 0xffffffffffffffff, 0xaf183000) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x4000, 0x67) 6.195363706s ago: executing program 0 (id=626): r0 = socket$l2tp6(0xa, 0x2, 0x73) sendto$inet6(r0, &(0x7f0000000000)="8c", 0x1, 0x810, &(0x7f0000001280)={0xa, 0x4e20, 0x8, @dev={0xfe, 0x80, '\x00', 0x41}, 0x4}, 0x1c) 5.497177433s ago: executing program 0 (id=627): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sendmsg$AUDIT_USER_TTY(0xffffffffffffffff, 0x0, 0x40001) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x18) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00') unshare(0x24020400) socket$vsock_stream(0x28, 0x1, 0x0) ppoll(&(0x7f00000000c0)=[{}], 0x1, 0x0, 0x0, 0x0) lseek(r5, 0x6, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB='1-6'], 0x31) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000e80)={@cgroup, 0xffffffffffffffff, 0x2b, 0x0, 0x0, @void, @value}, 0x20) ioctl$KVM_X86_SETUP_MCE(r8, 0x4008ae9c, &(0x7f00000000c0)={0x1b, 0x5, 0xd}) openat$adsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x4c0, 0x0) ioctl$KVM_SET_MSRS(r8, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000000000009702"]) ioctl$KDFONTOP_SET(r0, 0x4b72, &(0x7f0000000100)={0x0, 0x0, 0xe, 0x6, 0x200, &(0x7f0000000880)="1ae19337aa151f36ae49bb3f8cb95c5bf840d4f1e55efaaf098d47a70eb36a7309000000000001000f4743f490c585108c1331c7749299a25a705f5096cb268cbc6070d680e1be250700000000000000472471ff550c0010000007f3c7b61abe4162256004ea8ca5e5b5f379c6eb3257eda08f7e6959090000004d13184d382747e035b4722525e00ade86b4c6d1e157c75d15c1f961ebc0a64d7f2a1d5b471edbc4f6c7f1b98ae74e909aa6f25b7fa77bf9cd4ed36d5c53dc519d11c3cc1c22a3b86cf3c645413fcea0c99ded703699d2bb6a4a663b99b6069da5aaf64785a5887c31261d2e6807b84e8e5155def6f255ca26108f11f02047d47f2d0fec30f7e92482f71496e184214a4e0c5fdc48b0af0c0478940016d8f0990a0e1090fd515380aae83c5eaeed338701574b64200a16ef2811fadcf1e0f49a514df529061e09ce45e3da03a03fe9b4a6bcfa7d04594e4f6d0714a2e14ea127ab37d64a5e0db630cd4f4a2e6c985a542ff20a9b2193f265f93a258a88dd6c9d6a926dd23d32425849c5d9210007660a617f22133b6cb5087f4c6057942aa18193172bd995fa70a1f949b196f2e2a3c175858575713be5ee3f7f4dcecc98123f9ded3afdebe13d79a7f7fcb2469ae0ac503111401612df7ee995f74fb97a51bf62d61f78c062f959119ab50c1f706a930121ebcd53ccb93d158186ed360750ca8e728150d988844b9a5cff46591ccaff4175b86ea6171b046b856168f403b5253a5cc393430a09a4489a0895571e597ac8846f945ffb372a88d3a2b46307001416c80c55773f917020751ed51cfd73c1e06fbadd156d56bedc117af95d242d6d07002ce34dccd6005e944afa92b22ec9a698469c6edc06caa2cfcd61912607f259b4c28ebea9745bcd4697d75c9601fd333d3cd797963a3c71b7cc5fdc756da8d97207936e5f53b53b732533c2722e03002293517966611602f297de6ff5408777b7a93c45cee3ee5c5601a4e94266b295ea7a86812a7ab8896ec5ea1b12643e1844b185734528399e62b1eb8700cc6cd491e4a4430d0a3ba329a5a2fa170fd0b1cc4ba8294de988cd35df2cd7344aa8a9f3432b96fb889c02f484f63520cc3466a3c2733d45f176931b2db18dba54991a9553cedb7f585786388d4042dbae1c95b769e3d4e036e8afea0a04c04f542b152ca1fd1f8efee60425c5a122fd1b90e98635284abd9f217d9e19cb2a64b354c9d79509cc47d7305114990548a7291cb0fe2d1c773a6664b66ae04aa62c534d072ae54c2ca0d5962cc58945d8924abfc4d5af922462507430d8f2c17479a6678b0b3700000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000800"}) 5.451644483s ago: executing program 1 (id=629): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000080), 0x76, 0x101301) ioctl$USBDEVFS_CLAIMINTERFACE(r3, 0x8004550f, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x7, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000100)}], 0x1) sched_setscheduler(0x0, 0x2, 0x0) r4 = userfaultfd(0x80801) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0xf0ffffff) timer_create(0x7, 0x0, 0x0) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000600)) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) 5.079828909s ago: executing program 4 (id=630): mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2, 0x10010, 0xffffffffffffffff, 0x0) openat$bsg(0xffffffffffffff9c, 0x0, 0x410002, 0x0) r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x12, 0x4, &(0x7f0000001300)=ANY=[@ANYBLOB], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x30, '\x00', 0x0, 0xe, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x8, [@typedef={0x4, 0x0, 0x0, 0x13, 0x1}]}, {0x0, [0x0, 0x0, 0x0, 0x2e, 0x61, 0x30]}}, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) mount(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', &(0x7f0000001200)='jffs2\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f0000000080)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea\x7f\x8cZ7`_4t\xcda\x9b\x11\x11\x0e\xa1\xcf\x00'/51, 0x2) fcntl$addseals(r4, 0x409, 0x7) ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000000)={r4, 0x0, 0xf500000000000000, 0x1000000}) r5 = syz_open_dev$vbi(&(0x7f0000002100), 0x1, 0x2) ioctl$VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f0000000180)={0xfffffffc, 0x5, 0x1}) mount(&(0x7f0000000180)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)='xfs\x00', 0x8000, 0x0) ioctl$VIDIOC_S_FMT(r5, 0xc0d05605, &(0x7f0000000280)={0x7, @raw_data="aba47109bc8591377f6d859b26e1e9beae5cdef51af0e56244b510d8020851e096c52293aa14f0c3b453d93452fd211c5de98ace86dd92331e8de2a8bca15f7264c4e68083e95940071555f792101c5131dfd212b10a7cf3d6c4ade89910536176932f7168ff5a2fa576e0ea3949e2dec73188081744476bc478e76e3491ca65718ce009cf8affd2e0c08fb1cce81c8786c609f912e34918e0f83b8a81d305bc06a6917992c9ffbf2639ab6f82dfacc93ab17429b298df6ead1d0b75549a052fb3e8783aa9eff741"}) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x13, 0x6, &(0x7f0000000100)=ANY=[@ANYBLOB="290a05000000000000007311430000000000851000000200000085000000c400060000000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 3.608196961s ago: executing program 1 (id=631): r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x8, @mcast1}, 0x18) 3.144889951s ago: executing program 4 (id=632): syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0xc}, @hci_rp_le_read_supported_states={{0x4}, {0x2, "58f91264c2294606"}}}}, 0xf) 3.126621694s ago: executing program 0 (id=633): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) flistxattr(0xffffffffffffffff, 0x0, 0x0) 3.056026517s ago: executing program 1 (id=634): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)={{0x14}, [@NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xd}, @NFTA_SET_KEY_TYPE={0x8}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x6c}}, 0x0) 2.978245356s ago: executing program 0 (id=635): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xc}]}, @NFT_MSG_NEWSETELEM={0x4c, 0xc, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_SET_ID={0x8}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x24, 0x3, 0x0, 0x1, [{0x20, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x8}, @NFTA_SET_ELEM_EXPRESSIONS={0x18, 0xb, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @counter={{0x10}, @val={0x4}}}]}]}]}]}], {0x14, 0x10}}, 0xd0}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) sched_setaffinity(0x0, 0xffffffffffffff5b, &(0x7f00000002c0)=0x400000bce) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) r6 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r6, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x1}, 0x1c) r7 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r7, 0x84, 0xc, &(0x7f0000000040)=@assoc_value={0x0}, &(0x7f0000000000)=0x8) setsockopt$inet_sctp6_SCTP_RTOINFO(r7, 0x84, 0x0, &(0x7f0000000100)={r8, 0x1000000, 0x5, 0x3}, 0x10) sendmsg(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x2c}, 0x44004) socket$inet6(0xa, 0x804, 0x800ff) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)={0xe000202b}) socket$netlink(0x10, 0x3, 0xf) bind$netlink(0xffffffffffffffff, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, &(0x7f00000003c0)=0x6, 0xdc) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)={0x28, r2, 0x5, 0x70bd25, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}, @mon_options=[@NL80211_ATTR_MNTR_FLAGS={0x4}]]}, 0x28}, 0x1, 0x0, 0x0, 0x40048}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0xf}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}, 0x1, 0x0, 0x0, 0x1}, 0x0) 2.928425586s ago: executing program 4 (id=636): r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl$sock_netrom_SIOCADDRT(r0, 0x890b, &(0x7f0000000000)={0x8000000, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x4, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]}) 2.867939889s ago: executing program 3 (id=637): syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="04220183"], 0x4) sched_setscheduler(0x0, 0x2, 0x0) 2.86781686s ago: executing program 1 (id=638): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000240)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x3, 0x0, 0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWTABLE={0x28, 0x0, 0xa, 0x201, 0x0, 0x0, {0x5, 0x0, 0x8}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x45df640af6c7e404}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0x70}, 0x1, 0x0, 0x0, 0x4}, 0x44) 2.833671736s ago: executing program 2 (id=639): mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2, 0x10010, 0xffffffffffffffff, 0x0) r0 = openat$bsg(0xffffffffffffff9c, 0x0, 0x410002, 0x0) r1 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x12, 0x4, &(0x7f0000001300)=ANY=[@ANYBLOB], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x30, '\x00', 0x0, 0xe, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x8, [@typedef={0x4, 0x0, 0x0, 0x13, 0x1}]}, {0x0, [0x0, 0x0, 0x0, 0x2e, 0x61, 0x30]}}, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) mount(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', &(0x7f0000001200)='jffs2\x00', 0x0, 0x0) r5 = memfd_create(&(0x7f0000000080)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea\x7f\x8cZ7`_4t\xcda\x9b\x11\x11\x0e\xa1\xcf\x00'/51, 0x2) fcntl$addseals(r5, 0x409, 0x7) ioctl$UDMABUF_CREATE(r1, 0x40187542, &(0x7f0000000000)={r5, 0x0, 0xf500000000000000, 0x1000000}) preadv2(r0, &(0x7f0000000040)=[{&(0x7f0000000000)=""/25, 0x19}], 0x1, 0x8, 0x9, 0x3d) ioctl$VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000180)={0xfffffffc, 0x5, 0x1}) mount(&(0x7f0000000180)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)='xfs\x00', 0x8000, 0x0) ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000280)={0x7, @raw_data="aba47109bc8591377f6d859b26e1e9beae5cdef51af0e56244b510d8020851e096c52293aa14f0c3b453d93452fd211c5de98ace86dd92331e8de2a8bca15f7264c4e68083e95940071555f792101c5131dfd212b10a7cf3d6c4ade89910536176932f7168ff5a2fa576e0ea3949e2dec73188081744476bc478e76e3491ca65718ce009cf8affd2e0c08fb1cce81c8786c609f912e34918e0f83b8a81d305bc06a6917992c9ffbf2639ab6f82dfacc93ab17429b298df6ead1d0b75549a052fb3e8783aa9eff741"}) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x13, 0x6, &(0x7f0000000100)=ANY=[@ANYBLOB="290a05000000000000007311430000000000851000000200000085000000c400060000000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 2.328359748s ago: executing program 4 (id=640): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a310000000054000000060a010400000000000000000100000008000b40000000002c0004802800018007000100637400001c0002800800014000000001080002400000000805000300730000000900010073797a30"], 0xc8}, 0x1, 0x0, 0x0, 0x5090}, 0x0) 2.324890033s ago: executing program 3 (id=641): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000080), 0x76, 0x101301) ioctl$USBDEVFS_CLAIMINTERFACE(r3, 0x8004550f, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x7, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000100)}], 0x1) sched_setscheduler(0x0, 0x2, 0x0) r4 = userfaultfd(0x80801) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0xf0ffffff) timer_create(0x7, 0x0, 0x0) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000600)) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) 1.156436759s ago: executing program 0 (id=642): mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2, 0x10010, 0xffffffffffffffff, 0x0) r0 = openat$bsg(0xffffffffffffff9c, 0x0, 0x410002, 0x0) openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x12, 0x4, &(0x7f0000001300)=ANY=[@ANYBLOB], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x30, '\x00', 0x0, 0xe, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x8, [@typedef={0x4, 0x0, 0x0, 0x13, 0x1}]}, {0x0, [0x0, 0x0, 0x0, 0x2e, 0x61, 0x30]}}, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) mount(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', &(0x7f0000001200)='jffs2\x00', 0x0, 0x0) r4 = memfd_create(&(0x7f0000000080)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea\x7f\x8cZ7`_4t\xcda\x9b\x11\x11\x0e\xa1\xcf\x00'/51, 0x2) fcntl$addseals(r4, 0x409, 0x7) preadv2(r0, &(0x7f0000000040)=[{&(0x7f0000000000)=""/25, 0x19}], 0x1, 0x8, 0x9, 0x3d) r5 = syz_open_dev$vbi(&(0x7f0000002100), 0x1, 0x2) ioctl$VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f0000000180)={0xfffffffc, 0x5, 0x1}) mount(&(0x7f0000000180)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)='xfs\x00', 0x8000, 0x0) ioctl$VIDIOC_S_FMT(r5, 0xc0d05605, &(0x7f0000000280)={0x7, @raw_data="aba47109bc8591377f6d859b26e1e9beae5cdef51af0e56244b510d8020851e096c52293aa14f0c3b453d93452fd211c5de98ace86dd92331e8de2a8bca15f7264c4e68083e95940071555f792101c5131dfd212b10a7cf3d6c4ade89910536176932f7168ff5a2fa576e0ea3949e2dec73188081744476bc478e76e3491ca65718ce009cf8affd2e0c08fb1cce81c8786c609f912e34918e0f83b8a81d305bc06a6917992c9ffbf2639ab6f82dfacc93ab17429b298df6ead1d0b75549a052fb3e8783aa9eff741"}) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x13, 0x6, &(0x7f0000000100)=ANY=[@ANYBLOB="290a05000000000000007311430000000000851000000200000085000000c400060000000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 1.15605167s ago: executing program 2 (id=643): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180200000000000000000000000000008500000020000000850000000500000095"], &(0x7f0000000080)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000001c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000000)="6a78bfa7b7275a5d8d977c28ec40", 0x0, 0xd2f, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.055984688s ago: executing program 1 (id=644): ioperm(0x0, 0x2, 0x7e) bpf$BPF_PROG_DETACH(0x8, 0x0, 0x20) 1.014482693s ago: executing program 3 (id=645): r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000000040)={0xfffffffc, 0x30364d54, 0x2, @stepwise={0x6, 0x8, 0x9, 0x401, 0xf, 0x9}}) 961.392866ms ago: executing program 4 (id=646): r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x1, {0x1, 0x0, 0x3}}, 0x10) 840.008267ms ago: executing program 2 (id=647): r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0xe8c, 0x258, 0x1, 0x1, 0xd59f80, 0x19f2, 0x3f, 0x10000, 0x3, 0x7, 0x6009, 0x9, 0x440, 0xd1, 0xc, 0x30, {0x1, 0xffffffff}, 0xd0, 0x9}}) 839.874064ms ago: executing program 1 (id=648): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="700000001000010026bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="0221000000000000140003006e657464657673696d300000", @ANYRES32=0x0, @ANYBLOB="34001680300001802c000c80140001000500edff"], 0x70}}, 0x24040800) 782.471915ms ago: executing program 3 (id=649): r0 = openat$smackfs_relabel_self(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$smackfs_labels_list(r0, 0x0, 0x0) 132.791165ms ago: executing program 2 (id=650): capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000180)) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x8, 0x4, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x8, 0x76}, [@call={0x27}]}, &(0x7f0000000040)='syzkaller\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffed8, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x3f) 96.481103ms ago: executing program 4 (id=651): r0 = socket$inet(0x2b, 0x801, 0x0) setsockopt$MRT_DEL_VIF(r0, 0x0, 0xcb, 0x0, 0x0) 95.484865ms ago: executing program 0 (id=652): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xc}]}, @NFT_MSG_NEWSETELEM={0x4c, 0xc, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_SET_ID={0x8}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x24, 0x3, 0x0, 0x1, [{0x20, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x8}, @NFTA_SET_ELEM_EXPRESSIONS={0x18, 0xb, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @counter={{0x10}, @val={0x4}}}]}]}]}]}], {0x14, 0x10}}, 0xd0}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3) sched_setaffinity(0x0, 0xffffffffffffff5b, &(0x7f00000002c0)=0x400000bce) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) r6 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r6, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x1}, 0x1c) r7 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r7, 0x84, 0xc, &(0x7f0000000040)=@assoc_value={0x0}, &(0x7f0000000000)=0x8) setsockopt$inet_sctp6_SCTP_RTOINFO(r7, 0x84, 0x0, &(0x7f0000000100)={r8, 0x1000000, 0x5, 0x3}, 0x10) sendmsg(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x2c}, 0x44004) socket$inet6(0xa, 0x804, 0x800ff) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)={0xe000202b}) socket$netlink(0x10, 0x3, 0xf) bind$netlink(0xffffffffffffffff, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, &(0x7f00000003c0)=0x6, 0xdc) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)={0x28, r2, 0x5, 0x70bd25, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}, @mon_options=[@NL80211_ATTR_MNTR_FLAGS={0x4}]]}, 0x28}, 0x1, 0x0, 0x0, 0x40048}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0xf}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}, 0x1, 0x0, 0x0, 0x1}, 0x0) 0s ago: executing program 3 (id=653): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newtaction={0x74, 0x30, 0x1, 0x0, 0x3, {}, [{0x60, 0x1, [@m_mpls={0x5c, 0x1, 0x0, 0x0, {{0x9}, {0x30, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{0x0, 0x0, 0x6, 0x0, 0x200000}, 0x1}}, @TCA_MPLS_LABEL={0x8}, @TCA_MPLS_PROTO={0x6, 0x4, 0x8848}]}, {0x4, 0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x74}}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.170' (ED25519) to the list of known hosts. [ 66.962247][ T5819] cgroup: Unknown subsys name 'net' [ 67.103490][ T5819] cgroup: Unknown subsys name 'cpuset' [ 67.112472][ T5819] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 68.520853][ T5819] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 71.473696][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.480159][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 72.271449][ T5835] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 72.279336][ T5835] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 72.287684][ T5835] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 72.296934][ T5835] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 72.304858][ T5835] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 72.312463][ T5835] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 72.320649][ T5835] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 72.321831][ T5849] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 72.329541][ T5835] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 72.363392][ T5848] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 72.369720][ T5835] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 72.370652][ T5849] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 72.385337][ T5835] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 72.387162][ T5849] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 72.400497][ T5849] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 72.408443][ T5849] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 72.409095][ T5851] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 72.423209][ T5849] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 72.424122][ T5851] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 72.437759][ T5849] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 72.438733][ T5851] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 72.452123][ T5835] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 72.461728][ T5838] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 72.461869][ T5849] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 72.482061][ T56] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 73.103172][ T5834] chnl_net:caif_netlink_parms(): no params data found [ 73.127293][ T5830] chnl_net:caif_netlink_parms(): no params data found [ 73.157475][ T5829] chnl_net:caif_netlink_parms(): no params data found [ 73.311964][ T5831] chnl_net:caif_netlink_parms(): no params data found [ 73.455016][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.463000][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.470520][ T5834] bridge_slave_0: entered allmulticast mode [ 73.477672][ T5834] bridge_slave_0: entered promiscuous mode [ 73.531797][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.538950][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.546283][ T5834] bridge_slave_1: entered allmulticast mode [ 73.553860][ T5834] bridge_slave_1: entered promiscuous mode [ 73.579935][ T5829] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.587115][ T5829] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.594365][ T5829] bridge_slave_0: entered allmulticast mode [ 73.602369][ T5829] bridge_slave_0: entered promiscuous mode [ 73.609469][ T5839] chnl_net:caif_netlink_parms(): no params data found [ 73.622901][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.630659][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.637882][ T5830] bridge_slave_0: entered allmulticast mode [ 73.645986][ T5830] bridge_slave_0: entered promiscuous mode [ 73.676841][ T5829] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.684209][ T5829] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.691463][ T5829] bridge_slave_1: entered allmulticast mode [ 73.698385][ T5829] bridge_slave_1: entered promiscuous mode [ 73.711662][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.718783][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.726094][ T5830] bridge_slave_1: entered allmulticast mode [ 73.733120][ T5830] bridge_slave_1: entered promiscuous mode [ 73.808849][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.823418][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 73.832744][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.840429][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.847550][ T5831] bridge_slave_0: entered allmulticast mode [ 73.854659][ T5831] bridge_slave_0: entered promiscuous mode [ 73.889035][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.910934][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.918498][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.926401][ T5831] bridge_slave_1: entered allmulticast mode [ 73.933496][ T5831] bridge_slave_1: entered promiscuous mode [ 73.942827][ T5829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.956071][ T5829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 73.982537][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.020115][ T5834] team0: Port device team_slave_0 added [ 74.080108][ T5834] team0: Port device team_slave_1 added [ 74.110814][ T5829] team0: Port device team_slave_0 added [ 74.123858][ T5830] team0: Port device team_slave_0 added [ 74.146413][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 74.158885][ T5829] team0: Port device team_slave_1 added [ 74.179853][ T5830] team0: Port device team_slave_1 added [ 74.212238][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.244759][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.252152][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.259244][ T5839] bridge_slave_0: entered allmulticast mode [ 74.267853][ T5839] bridge_slave_0: entered promiscuous mode [ 74.276113][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 74.284003][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.310398][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 74.356537][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.364401][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.371717][ T5839] bridge_slave_1: entered allmulticast mode [ 74.378693][ T5839] bridge_slave_1: entered promiscuous mode [ 74.386246][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 74.393564][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.420052][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 74.440206][ T5849] Bluetooth: hci0: command tx timeout [ 74.451021][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 74.457981][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.484288][ T5829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 74.496005][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 74.503541][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.529900][ T5849] Bluetooth: hci4: command tx timeout [ 74.529993][ T5843] Bluetooth: hci1: command tx timeout [ 74.535573][ T5849] Bluetooth: hci2: command tx timeout [ 74.541199][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 74.578401][ T5831] team0: Port device team_slave_0 added [ 74.584936][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 74.591024][ T5849] Bluetooth: hci3: command tx timeout [ 74.592243][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.623175][ T5829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 74.634870][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 74.641867][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.667899][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 74.700626][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 74.712578][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.724048][ T5831] team0: Port device team_slave_1 added [ 74.868853][ T5834] hsr_slave_0: entered promiscuous mode [ 74.875723][ T5834] hsr_slave_1: entered promiscuous mode [ 74.886263][ T5839] team0: Port device team_slave_0 added [ 74.895360][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 74.902386][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.929290][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 74.945929][ T5830] hsr_slave_0: entered promiscuous mode [ 74.952403][ T5830] hsr_slave_1: entered promiscuous mode [ 74.958445][ T5830] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 74.966325][ T5830] Cannot create hsr debugfs directory [ 74.976704][ T5829] hsr_slave_0: entered promiscuous mode [ 74.984853][ T5829] hsr_slave_1: entered promiscuous mode [ 74.991385][ T5829] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 74.998941][ T5829] Cannot create hsr debugfs directory [ 75.018858][ T5839] team0: Port device team_slave_1 added [ 75.027784][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 75.035058][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.061830][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 75.164257][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 75.171424][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.198406][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 75.217738][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 75.224740][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.251590][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 75.389007][ T5831] hsr_slave_0: entered promiscuous mode [ 75.396539][ T5831] hsr_slave_1: entered promiscuous mode [ 75.403466][ T5831] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 75.411054][ T5831] Cannot create hsr debugfs directory [ 75.432929][ T5839] hsr_slave_0: entered promiscuous mode [ 75.439072][ T5839] hsr_slave_1: entered promiscuous mode [ 75.445684][ T5839] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 75.453290][ T5839] Cannot create hsr debugfs directory [ 75.893869][ T5834] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 75.906438][ T5834] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 75.935050][ T5834] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 75.961498][ T5834] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 76.014496][ T5830] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 76.024540][ T5830] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 76.049290][ T5830] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 76.061507][ T5830] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 76.106658][ T5829] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 76.136273][ T5829] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 76.147346][ T5829] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 76.176578][ T5829] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 76.242314][ T5839] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 76.252182][ T5839] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 76.267778][ T5839] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 76.278452][ T5839] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 76.424807][ T5831] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 76.452333][ T5831] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 76.465977][ T5831] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 76.477376][ T5831] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 76.499780][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.510326][ T5849] Bluetooth: hci0: command tx timeout [ 76.571181][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.589836][ T5843] Bluetooth: hci4: command tx timeout [ 76.595256][ T5843] Bluetooth: hci2: command tx timeout [ 76.601582][ T5849] Bluetooth: hci1: command tx timeout [ 76.624609][ T5834] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.640762][ T5830] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.662671][ T3007] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.669996][ T3007] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.677814][ T5843] Bluetooth: hci3: command tx timeout [ 76.696923][ T5829] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.711492][ T3007] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.718576][ T3007] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.729333][ T3007] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.736470][ T3007] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.758154][ T3007] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.765411][ T3007] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.818727][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.858962][ T5829] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.890714][ T3000] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.897836][ T3000] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.914286][ T5839] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.935734][ T3000] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.942935][ T3000] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.997730][ T3007] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.005022][ T3007] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.049350][ T3007] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.056554][ T3007] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.082967][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.207248][ T5831] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.244267][ T5829] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 77.376389][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.383592][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.393484][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.400660][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.448175][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 77.492269][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 77.619409][ T5829] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 77.668269][ T5834] veth0_vlan: entered promiscuous mode [ 77.707638][ T5834] veth1_vlan: entered promiscuous mode [ 77.734816][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 77.786420][ T5830] veth0_vlan: entered promiscuous mode [ 77.852017][ T5830] veth1_vlan: entered promiscuous mode [ 77.867650][ T5829] veth0_vlan: entered promiscuous mode [ 77.884380][ T5829] veth1_vlan: entered promiscuous mode [ 77.895435][ T5834] veth0_macvtap: entered promiscuous mode [ 77.920591][ T5834] veth1_macvtap: entered promiscuous mode [ 77.969335][ T5839] veth0_vlan: entered promiscuous mode [ 77.987682][ T5829] veth0_macvtap: entered promiscuous mode [ 78.000660][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 78.012933][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 78.037846][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.049061][ T5834] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.058799][ T5834] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.067955][ T5834] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.076795][ T5834] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.092893][ T5829] veth1_macvtap: entered promiscuous mode [ 78.114822][ T5839] veth1_vlan: entered promiscuous mode [ 78.125510][ T5830] veth0_macvtap: entered promiscuous mode [ 78.151876][ T5829] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 78.163371][ T5829] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.175265][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 78.185322][ T5830] veth1_macvtap: entered promiscuous mode [ 78.225765][ T5829] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.237132][ T5829] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.250042][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 78.285118][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 78.297681][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.307680][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 78.318333][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.329830][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 78.341061][ T5829] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.351977][ T5829] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.361956][ T5829] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.370967][ T5829] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.413110][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.427004][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.443445][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.454053][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.474026][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 78.493280][ T5839] veth0_macvtap: entered promiscuous mode [ 78.515661][ T5830] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.526418][ T5830] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.535392][ T5830] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.544335][ T5830] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.577629][ T5839] veth1_macvtap: entered promiscuous mode [ 78.591333][ T5843] Bluetooth: hci0: command tx timeout [ 78.612483][ T83] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.626548][ T83] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.670033][ T5849] Bluetooth: hci1: command tx timeout [ 78.670300][ T56] Bluetooth: hci4: command tx timeout [ 78.675760][ T5843] Bluetooth: hci2: command tx timeout [ 78.699802][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 78.712497][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.722476][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 78.733146][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.742989][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 78.753786][ T5843] Bluetooth: hci3: command tx timeout [ 78.757632][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.772084][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 78.798656][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.811050][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.821999][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.836505][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.846419][ T5839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.856959][ T5839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.868908][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 78.891278][ T83] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.902013][ T5839] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.913151][ T83] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.921152][ T5839] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.931319][ T5839] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.940411][ T5839] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.985504][ T3007] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.000717][ T3007] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.033764][ T5831] veth0_vlan: entered promiscuous mode [ 79.055172][ T5831] veth1_vlan: entered promiscuous mode [ 79.072342][ T1157] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.088746][ T1157] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.136795][ T5834] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 79.167760][ T83] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.181463][ T83] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.189147][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.198930][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.248712][ T5831] veth0_macvtap: entered promiscuous mode [ 79.289094][ T5831] veth1_macvtap: entered promiscuous mode [ 79.354399][ T3000] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.397229][ T3000] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.494668][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 79.571432][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 79.617546][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.699556][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 79.749913][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 79.770276][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.781899][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 79.793477][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.805000][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 79.913422][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.925623][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 79.985828][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.007329][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 80.072058][ T5929] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 80.550169][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.567016][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.583698][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.595125][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.629627][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.656207][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.668112][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.678637][ T5843] Bluetooth: hci0: command tx timeout [ 80.792299][ T5843] Bluetooth: hci2: command tx timeout [ 80.797769][ T5843] Bluetooth: hci1: command tx timeout [ 80.803284][ T5843] Bluetooth: hci4: command tx timeout [ 80.816356][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 80.830704][ T5843] Bluetooth: hci3: command tx timeout [ 80.842051][ T3000] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.891037][ T3000] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.916256][ T5831] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.930836][ T5831] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.939831][ T5831] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.527341][ T5831] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.601637][ T3000] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.668439][ T3000] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.712096][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 84.001057][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 84.010057][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 84.205678][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 84.452930][ T5956] Zero length message leads to an empty skb [ 84.660283][ T5956] ./cgroup: Can't lookup blockdev [ 84.717711][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 84.828090][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 84.837098][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 85.772364][ T54] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.615901][ T5970] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 86.617580][ T54] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.906209][ T60] cfg80211: failed to load regulatory.db [ 88.004887][ T5985] mmap: syz.1.14 (5985) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 88.103603][ T5987] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 93.923542][ T6017] tty tty26: ldisc open failed (-12), clearing slot 25 [ 95.025104][ T6026] warning: `syz.3.23' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 95.380029][ T6034] process 'syz.4.24' launched '/dev/fd/7' with NULL argv: empty string added [ 95.882303][ T6036] ======================================================= [ 95.882303][ T6036] WARNING: The mand mount option has been deprecated and [ 95.882303][ T6036] and is ignored by this kernel. Remove the mand [ 95.882303][ T6036] option from the mount to silence this warning. [ 95.882303][ T6036] ======================================================= [ 96.386855][ T6036] syz.3.23: attempt to access beyond end of device [ 96.386855][ T6036] loop3: rw=0, sector=64, nr_sectors = 1 limit=0 [ 96.401624][ T6036] syz.3.23: attempt to access beyond end of device [ 96.401624][ T6036] loop3: rw=0, sector=256, nr_sectors = 1 limit=0 [ 96.414525][ T6036] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 96.425084][ T6036] syz.3.23: attempt to access beyond end of device [ 96.425084][ T6036] loop3: rw=0, sector=512, nr_sectors = 1 limit=0 [ 96.438684][ T6036] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512 [ 96.448353][ T6036] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 96.456053][ T6036] UDF-fs: Scanning with blocksize 512 failed [ 96.463380][ T6036] syz.3.23: attempt to access beyond end of device [ 96.463380][ T6036] loop3: rw=0, sector=64, nr_sectors = 2 limit=0 [ 96.476380][ T6036] syz.3.23: attempt to access beyond end of device [ 96.476380][ T6036] loop3: rw=0, sector=512, nr_sectors = 2 limit=0 [ 96.519039][ T6036] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 96.529041][ T6036] syz.3.23: attempt to access beyond end of device [ 96.529041][ T6036] loop3: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 96.542099][ T6036] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512 [ 96.551714][ T6036] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 96.559372][ T6036] UDF-fs: Scanning with blocksize 1024 failed [ 96.566197][ T6036] syz.3.23: attempt to access beyond end of device [ 96.566197][ T6036] loop3: rw=0, sector=64, nr_sectors = 4 limit=0 [ 96.582680][ T6036] syz.3.23: attempt to access beyond end of device [ 96.582680][ T6036] loop3: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 96.597355][ T6036] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 96.608027][ T6036] syz.3.23: attempt to access beyond end of device [ 96.608027][ T6036] loop3: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 96.621216][ T6036] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512 [ 96.648860][ T6036] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 96.656607][ T6036] UDF-fs: Scanning with blocksize 2048 failed [ 96.663246][ T6036] syz.3.23: attempt to access beyond end of device [ 96.663246][ T6036] loop3: rw=0, sector=64, nr_sectors = 8 limit=0 [ 96.676430][ T6036] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 96.686475][ T6036] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512 [ 96.696105][ T6036] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 96.705422][ T6036] UDF-fs: Scanning with blocksize 4096 failed [ 96.711586][ T6036] UDF-fs: warning (device loop3): udf_fill_super: No partition found (1) [ 108.101203][ T6075] sched: DL replenish lagged too much [ 108.477750][ T6093] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 113.475355][ T6125] pim6reg: entered allmulticast mode [ 113.501805][ T6125] pim6reg: left allmulticast mode [ 116.151497][ T6139] netlink: 36 bytes leftover after parsing attributes in process `syz.2.48'. [ 116.703800][ T6146] netlink: 24 bytes leftover after parsing attributes in process `syz.3.49'. [ 118.766373][ T6157] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 118.772652][ T6157] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 118.805455][ T6157] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 118.852075][ T6157] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 118.858043][ T6157] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 119.047022][ T6157] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 119.144117][ T6157] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 119.150304][ T6157] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 119.230382][ T6157] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 119.257533][ T6157] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 119.263777][ T6157] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 119.293467][ T6157] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 119.320089][ T6162] netlink: 116 bytes leftover after parsing attributes in process `syz.3.53'. [ 119.354202][ T6157] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 119.360715][ T6157] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 119.369465][ T6157] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 120.599604][ T5843] Bluetooth: hci0: command 0x0c1a tx timeout [ 120.929748][ T5843] Bluetooth: hci1: command 0x0c1a tx timeout [ 121.230380][ T5843] Bluetooth: hci2: command 0x0c1a tx timeout [ 121.309660][ T5843] Bluetooth: hci3: command 0x0c1a tx timeout [ 121.389966][ T5843] Bluetooth: hci4: command 0x0c1a tx timeout [ 121.952277][ T6186] netlink: 116 bytes leftover after parsing attributes in process `syz.1.61'. [ 122.918263][ T56] Bluetooth: hci0: command 0x0c1a tx timeout [ 123.037662][ T56] Bluetooth: hci1: command 0x0c1a tx timeout [ 123.311784][ T56] Bluetooth: hci2: command 0x0c1a tx timeout [ 123.547738][ T5843] Bluetooth: hci4: command 0x0c1a tx timeout [ 123.553913][ T56] Bluetooth: hci3: command 0x0c1a tx timeout [ 123.680539][ T6200] tipc: Started in network mode [ 123.685759][ T6200] tipc: Node identity 326b0000000000000080ffffffffffff, cluster identity 4711 [ 124.601051][ T9] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 125.188387][ T56] Bluetooth: hci0: command 0x0c1a tx timeout [ 125.230114][ T56] Bluetooth: hci1: command 0x0c1a tx timeout [ 125.536513][ T56] Bluetooth: hci2: command 0x0c1a tx timeout [ 125.639829][ T56] Bluetooth: hci3: command 0x0c1a tx timeout [ 125.646054][ T56] Bluetooth: hci4: command 0x0c1a tx timeout [ 126.802881][ T9] usb 5-1: unable to get BOS descriptor or descriptor too short [ 126.822109][ T6211] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 126.828305][ T6211] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 126.834528][ T6211] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 126.840723][ T6211] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 126.846810][ T6211] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 127.469433][ T9] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 127.487297][ T9] usb 5-1: can't read configurations, error -71 [ 129.452536][ T5849] Bluetooth: hci0: command 0x0c1a tx timeout [ 129.458752][ T5849] Bluetooth: hci4: command 0x0c1a tx timeout [ 129.466911][ T5849] Bluetooth: hci3: command 0x0c1a tx timeout [ 129.472998][ T56] Bluetooth: hci2: command 0x0c1a tx timeout [ 129.473049][ T56] Bluetooth: hci1: command 0x0c1a tx timeout [ 133.184968][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.194896][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 135.974520][ T6276] 9pnet_fd: Insufficient options for proto=fd [ 136.939721][ T978] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 138.127021][ T6284] tipc: Started in network mode [ 138.132024][ T6284] tipc: Node identity 326b0000000000000080ffffffffffff, cluster identity 4711 [ 139.373495][ T978] usb 1-1: unable to get BOS descriptor or descriptor too short [ 139.471401][ T978] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 139.623233][ T978] usb 1-1: can't read configurations, error -71 [ 145.619896][ T6325] ip6t_srh: unknown srh match flags 4000 [ 145.962483][ T6327] GUP no longer grows the stack in syz.1.91 (6327): 200000004000-200000008000 (200000002000) [ 146.068225][ T6327] CPU: 0 UID: 0 PID: 6327 Comm: syz.1.91 Not tainted 6.15.0-rc2-syzkaller-00037-g834a4a689699 #0 PREEMPT(full) [ 146.068260][ T6327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 146.068271][ T6327] Call Trace: [ 146.068279][ T6327] [ 146.068285][ T6327] dump_stack_lvl+0x241/0x360 [ 146.068328][ T6327] ? __pfx_dump_stack_lvl+0x10/0x10 [ 146.068358][ T6327] ? __wake_up_klogd+0xcc/0x110 [ 146.068389][ T6327] __get_user_pages+0x3b46/0x4180 [ 146.068446][ T6327] ? __pfx___get_user_pages+0x10/0x10 [ 146.068472][ T6327] ? mtree_load+0x23c/0x9c0 [ 146.068509][ T6327] get_user_pages_remote+0x339/0xb70 [ 146.068538][ T6327] ? __pfx_get_user_pages_remote+0x10/0x10 [ 146.068561][ T6327] ? __access_remote_vm+0x2ff/0x5f0 [ 146.068586][ T6327] __access_remote_vm+0x21a/0x5f0 [ 146.068615][ T6327] ? __pfx___access_remote_vm+0x10/0x10 [ 146.068634][ T6327] ? set_page_refcounted+0xa1/0x1e0 [ 146.068654][ T6327] ? alloc_pages_noprof+0x136/0x190 [ 146.068674][ T6327] proc_pid_cmdline_read+0x5de/0x960 [ 146.068704][ T6327] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 146.068728][ T6327] ? rw_verify_area+0x246/0x630 [ 146.068754][ T6327] vfs_readv+0x6be/0xa80 [ 146.068782][ T6327] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 146.068802][ T6327] ? __pfx_vfs_readv+0x10/0x10 [ 146.068837][ T6327] ? __fget_files+0x2a/0x420 [ 146.068859][ T6327] ? __fget_files+0x39d/0x420 [ 146.068876][ T6327] ? __fget_files+0x2a/0x420 [ 146.068904][ T6327] __x64_sys_preadv+0x1ba/0x2d0 [ 146.068931][ T6327] ? __pfx___x64_sys_preadv+0x10/0x10 [ 146.068961][ T6327] ? do_syscall_64+0xb6/0x230 [ 146.068983][ T6327] do_syscall_64+0xf3/0x230 [ 146.069003][ T6327] ? clear_bhb_loop+0x45/0xa0 [ 146.069024][ T6327] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 146.069047][ T6327] RIP: 0033:0x7f7e32f8e169 [ 146.069067][ T6327] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 146.069081][ T6327] RSP: 002b:00007f7e33e26038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 146.069100][ T6327] RAX: ffffffffffffffda RBX: 00007f7e331b5fa0 RCX: 00007f7e32f8e169 [ 146.069113][ T6327] RDX: 0000000000000001 RSI: 0000200000000d00 RDI: 0000000000000003 [ 146.069124][ T6327] RBP: 00007f7e33010a68 R08: 0000000000000200 R09: 0000000000000000 [ 146.069135][ T6327] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000 [ 146.069145][ T6327] R13: 0000000000000000 R14: 00007f7e331b5fa0 R15: 00007ffca0eb8d38 [ 146.069174][ T6327] [ 147.524769][ T6336] (unnamed net_device) (uninitialized): option active_slave: mode dependency failed, not supported in mode broadcast(3) [ 149.671334][ T6356] tipc: Started in network mode [ 149.676250][ T6356] tipc: Node identity 326b0000000000000080ffffffffffff, cluster identity 4711 [ 150.423182][ T6358] tipc: Started in network mode [ 150.428383][ T6358] tipc: Node identity 326b0000000000000080ffffffffffff, cluster identity 4711 [ 150.513967][ T5842] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 152.240264][ T6365] capability: warning: `syz.0.101' uses 32-bit capabilities (legacy support in use) [ 152.360991][ T5842] usb 2-1: unable to get BOS descriptor or descriptor too short [ 152.445951][ T5842] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 152.474384][ T5842] usb 2-1: can't read configurations, error -71 [ 152.650917][ T24] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x4 [ 152.660001][ T24] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x2 [ 152.668687][ T24] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 152.677007][ T24] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 152.685480][ T24] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 153.663957][ T24] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 154.582646][ T24] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 154.593527][ T24] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 154.675961][ T24] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 154.684310][ T24] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 154.694468][ T24] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 154.711613][ T24] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 154.720727][ T24] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 154.745405][ T24] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 154.754758][ T24] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 154.812159][ T24] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 155.000603][ T24] hid-generic 0000:3000000:0000.0001: hidraw0: HID v0.00 Device [sy] on syz0 [ 155.411853][ T6398] lo speed is unknown, defaulting to 1000 [ 155.417926][ T6398] lo speed is unknown, defaulting to 1000 [ 155.426905][ T6398] lo speed is unknown, defaulting to 1000 [ 155.441713][ T6398] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 155.496171][ T6398] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 156.029986][ T6398] lo speed is unknown, defaulting to 1000 [ 156.037175][ T6398] lo speed is unknown, defaulting to 1000 [ 156.044244][ T6398] lo speed is unknown, defaulting to 1000 [ 156.051074][ T6398] lo speed is unknown, defaulting to 1000 [ 156.057804][ T6398] lo speed is unknown, defaulting to 1000 [ 160.616033][ T6428] tipc: Cannot configure node identity twice [ 160.907278][ T6433] netlink: 12 bytes leftover after parsing attributes in process `syz.4.117'. [ 161.886913][ T9] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 164.546972][ T6451] syz.4.122 uses obsolete (PF_INET,SOCK_PACKET) [ 164.599806][ T5842] usb 1-1: new full-speed USB device number 4 using dummy_hcd [ 164.795697][ T6453] netlink: 32 bytes leftover after parsing attributes in process `syz.4.122'. [ 164.871274][ T6453] team0: entered promiscuous mode [ 164.876465][ T6453] team_slave_0: entered promiscuous mode [ 164.883915][ T6453] team_slave_1: entered promiscuous mode [ 165.922856][ T6450] team0: left promiscuous mode [ 165.928402][ T6450] team_slave_0: left promiscuous mode [ 165.936552][ T6450] team_slave_1: left promiscuous mode [ 168.059220][ T5842] usb 1-1: unable to get BOS descriptor set [ 168.344663][ T5842] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 168.352652][ T5842] usb 1-1: can't read configurations, error -71 [ 168.634585][ T6456] netlink: 20 bytes leftover after parsing attributes in process `syz.1.123'. [ 168.652604][ T9] usb 4-1: device descriptor read/all, error -110 [ 169.359655][ T9] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 169.561298][ T9] usb 4-1: device descriptor read/64, error -32 [ 169.669852][ T9] usb usb4-port1: attempt power cycle [ 170.758180][ T9] usb 4-1: new full-speed USB device number 4 using dummy_hcd [ 172.081601][ T9] usb 4-1: device descriptor read/8, error -32 [ 173.786210][ T6424] raw-gadget.0 gadget.3: failed to queue disconnect event [ 173.839765][ T9] usb 4-1: new full-speed USB device number 5 using dummy_hcd [ 174.059854][ T9] usb 4-1: device not accepting address 5, error -71 [ 175.039865][ T9] usb usb4-port1: unable to enumerate USB device [ 177.504131][ T24] IPVS: starting estimator thread 0... [ 177.649860][ T6505] IPVS: using max 32 ests per chain, 76800 per kthread [ 178.508510][ T6512] overlayfs: missing 'lowerdir' [ 178.560700][ T6506] ipip0: entered allmulticast mode [ 178.958916][ T6526] lo speed is unknown, defaulting to 1000 [ 178.967110][ T6526] lo speed is unknown, defaulting to 1000 [ 178.974075][ T6526] lo speed is unknown, defaulting to 1000 [ 179.097719][ T6526] infiniband sz1: set active [ 179.102579][ T6526] infiniband sz1: added lo [ 179.107944][ T6526] sz1: rxe_create_cq: returned err = -12 [ 179.113964][ T6526] infiniband sz1: Couldn't create ib_mad CQ [ 179.120238][ T6526] infiniband sz1: Couldn't open port 1 [ 179.146705][ T6526] RDS/IB: sz1: added [ 179.151289][ T6526] smc: adding ib device sz1 with port count 1 [ 179.157656][ T6526] smc: ib device sz1 port 1 has pnetid [ 179.173236][ T978] lo speed is unknown, defaulting to 1000 [ 179.199924][ T6526] lo speed is unknown, defaulting to 1000 [ 179.414769][ T6526] lo speed is unknown, defaulting to 1000 [ 179.599893][ T6526] lo speed is unknown, defaulting to 1000 [ 179.811553][ T6526] lo speed is unknown, defaulting to 1000 [ 180.022779][ T6526] lo speed is unknown, defaulting to 1000 [ 180.745405][ T978] lo speed is unknown, defaulting to 1000 [ 182.117213][ T6547] xt_CT: You must specify a L4 protocol and not use inversions on it [ 182.129557][ T6548] tipc: Cannot configure node identity twice [ 182.759828][ T978] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 183.410240][ T6560] trusted_key: encrypted_key: insufficient parameters specified [ 184.094645][ T6558] netlink: 20 bytes leftover after parsing attributes in process `syz.1.145'. [ 184.268357][ T978] usb 5-1: not running at top speed; connect to a high speed hub [ 184.664656][ T978] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 185.422810][ T978] usb 5-1: can't read configurations, error -71 [ 186.698772][ T6585] sp0: Synchronizing with TNC [ 186.729781][ T6585] [U] [ 187.842679][ T6576] netlink: 8 bytes leftover after parsing attributes in process `syz.2.151'. [ 189.719282][ T6607] netlink: 8 bytes leftover after parsing attributes in process `syz.2.154'. [ 191.193352][ T6615] tipc: Cannot configure node identity twice [ 193.475579][ T5916] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 194.336098][ T6636] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.371269][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.377671][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.545145][ T6637] netlink: 308 bytes leftover after parsing attributes in process `syz.2.160'. [ 196.043972][ T30] audit: type=1326 audit(1744720481.290:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6642 comm="syz.3.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efde438e169 code=0x7ffc0000 [ 196.426498][ T30] audit: type=1326 audit(1744720481.290:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6642 comm="syz.3.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efde438e169 code=0x7ffc0000 [ 196.449878][ T30] audit: type=1326 audit(1744720481.290:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6642 comm="syz.3.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7efde438e169 code=0x7ffc0000 [ 196.471466][ T30] audit: type=1326 audit(1744720481.300:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6642 comm="syz.3.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efde438e169 code=0x7ffc0000 [ 196.494696][ T30] audit: type=1326 audit(1744720481.300:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6642 comm="syz.3.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efde438e169 code=0x7ffc0000 [ 197.097833][ T30] audit: type=1326 audit(1744720481.300:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6642 comm="syz.3.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7efde438e169 code=0x7ffc0000 [ 197.148389][ T30] audit: type=1326 audit(1744720481.300:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6642 comm="syz.3.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efde438e169 code=0x7ffc0000 [ 197.285642][ T30] audit: type=1326 audit(1744720481.300:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6642 comm="syz.3.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efde438e169 code=0x7ffc0000 [ 197.887206][ T30] audit: type=1326 audit(1744720481.310:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6642 comm="syz.3.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7efde438e169 code=0x7ffc0000 [ 198.098470][ T30] audit: type=1326 audit(1744720481.310:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6642 comm="syz.3.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efde438e169 code=0x7ffc0000 [ 201.680799][ T6704] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 201.686869][ T6704] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 201.693025][ T6704] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 201.699124][ T6704] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 201.705391][ T6704] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 203.809813][ T56] Bluetooth: hci4: command 0x0c1a tx timeout [ 203.815887][ T56] Bluetooth: hci0: command 0x0c1a tx timeout [ 203.822077][ T56] Bluetooth: hci3: command 0x0c1a tx timeout [ 203.828107][ T56] Bluetooth: hci2: command 0x0c1a tx timeout [ 203.835043][ T5849] Bluetooth: hci1: command 0x0c1a tx timeout [ 204.144954][ T6725] input: syz0 as /devices/virtual/input/input5 [ 204.255312][ T6726] tipc: Cannot configure node identity twice [ 206.133690][ T5889] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 206.424403][ T5889] usb 1-1: unable to get BOS descriptor or descriptor too short [ 206.432803][ T5889] usb 1-1: not running at top speed; connect to a high speed hub [ 206.457940][ T5889] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 206.502399][ T5889] usb 1-1: New USB device found, idVendor=0b05, idProduct=1822, bcdDevice= 0.40 [ 206.759573][ T5889] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 206.767642][ T5889] usb 1-1: Product: syz [ 207.051777][ T5889] usb 1-1: SerialNumber: syz [ 207.868564][ T5849] Bluetooth: hci3: unexpected event for opcode 0x1408 [ 207.997389][ T5889] usb 1-1: can't set config #1, error -71 [ 208.209050][ T5889] usb 1-1: USB disconnect, device number 6 [ 208.386983][ T5888] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 208.454515][ T5849] Bluetooth: hci1: ACL packet for unknown connection handle 200 [ 209.351582][ T6753] block device autoloading is deprecated and will be removed. [ 211.719798][ T10] IPVS: starting estimator thread 0... [ 212.314832][ T6778] bio_check_eod: 2 callbacks suppressed [ 212.314874][ T6778] syz.2.184: attempt to access beyond end of device [ 212.314874][ T6778] nbd2: rw=0, sector=64, nr_sectors = 8 limit=0 [ 212.334461][ T6778] syz.2.184: attempt to access beyond end of device [ 212.334461][ T6778] nbd2: rw=0, sector=120, nr_sectors = 8 limit=0 [ 212.347638][ T6778] Mount JFS Failure: -5 [ 213.310392][ T24] lo speed is unknown, defaulting to 1000 [ 213.350116][ T6777] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 213.356654][ T6777] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 213.359631][ T6787] IPVS: using max 30 ests per chain, 72000 per kthread [ 213.363487][ T6777] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 213.375609][ T6777] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 213.381827][ T6777] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 214.203451][ T6805] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 215.813754][ T5849] Bluetooth: hci1: command 0x0c1a tx timeout [ 215.820071][ T56] Bluetooth: hci0: command 0x0c1a tx timeout [ 215.826151][ T56] Bluetooth: hci4: command 0x0c1a tx timeout [ 215.834496][ T5843] Bluetooth: hci3: command 0x0c1a tx timeout [ 215.834516][ T5838] Bluetooth: hci2: command 0x0c1a tx timeout [ 216.377682][ T6809] syz.4.188 (6809) used greatest stack depth: 18832 bytes left [ 217.240954][ T6815] xt_socket: unknown flags 0xd4 [ 217.740846][ T6822] netlink: 20 bytes leftover after parsing attributes in process `syz.3.195'. [ 217.940695][ T56] Bluetooth: hci0: command 0x0c1a tx timeout [ 218.402527][ T6830] tipc: Started in network mode [ 218.407545][ T6830] tipc: Node identity 326b0000000000000080ffffffffffff, cluster identity 4711 [ 218.709822][ T5888] usb 3-1: new full-speed USB device number 2 using dummy_hcd [ 219.722149][ T5888] usb 3-1: not running at top speed; connect to a high speed hub [ 220.589607][ T5888] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 220.638917][ T5888] usb 3-1: New USB device found, idVendor=0b05, idProduct=1822, bcdDevice= 0.40 [ 220.668482][ T5888] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 220.749988][ T5888] usb 3-1: Product: syz [ 220.754241][ T5888] usb 3-1: SerialNumber: syz [ 221.003924][ T5888] usbhid 3-1:1.0: couldn't find an input interrupt endpoint [ 221.440332][ T6853] 9pnet_fd: p9_fd_create_tcp (6853): problem connecting socket to 127.0.0.1 [ 221.787982][ T5888] usb 3-1: USB disconnect, device number 2 [ 221.973984][ T6856] (unnamed net_device) (uninitialized): option ad_select: invalid value (105) [ 222.948428][ T6864] netlink: 'syz.4.203': attribute type 4 has an invalid length. [ 223.760229][ T6862] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 223.766257][ T6862] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 223.795008][ T6862] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 223.803230][ T6862] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 223.809393][ T6862] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 223.815553][ T6862] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 225.881043][ T56] Bluetooth: hci3: command 0x0c1a tx timeout [ 225.881071][ T5843] Bluetooth: hci2: command 0x0c1a tx timeout [ 225.881169][ T5843] Bluetooth: hci1: command 0x0c1a tx timeout [ 225.887173][ T5851] Bluetooth: hci0: command 0x0c1a tx timeout [ 225.941504][ T5849] Bluetooth: hci4: command 0x0c1a tx timeout [ 228.135435][ T5849] Bluetooth: hci0: command 0x0c1a tx timeout [ 231.305353][ T6942] program syz.1.220 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 231.369733][ T6934] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 231.376321][ T6934] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 231.382467][ T6934] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 231.388456][ T6934] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 231.394503][ T6934] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 231.764288][ T6942] loop8: detected capacity change from 0 to 1 [ 231.844257][ T6942] Dev loop8: unable to read RDB block 1 [ 231.899654][ T6942] loop8: unable to read partition table [ 231.953584][ T6942] loop8: partition table beyond EOD, truncated [ 231.989808][ T24] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 232.043816][ T6942] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 232.245541][ T24] usb 5-1: config 180 has an invalid descriptor of length 0, skipping remainder of the config [ 232.821400][ T24] usb 5-1: config 180 has 0 interfaces, different from the descriptor's value: 14 [ 232.849717][ T24] usb 5-1: New USB device found, idVendor=046d, idProduct=c227, bcdDevice= 0.00 [ 232.858791][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 233.079731][ T5851] Bluetooth: hci0: command 0x0c1a tx timeout [ 233.146841][ T6944] netlink: 16 bytes leftover after parsing attributes in process `syz.4.219'. [ 233.506288][ T5851] Bluetooth: hci4: command 0x0c1a tx timeout [ 233.512717][ T5851] Bluetooth: hci3: command 0x0c1a tx timeout [ 233.519136][ T5851] Bluetooth: hci2: command 0x0c1a tx timeout [ 233.528456][ T5849] Bluetooth: hci1: command 0x0c1a tx timeout [ 234.591486][ T6965] ubi31: attaching mtd0 [ 234.608220][ T6965] ubi31: scanning is finished [ 234.613133][ T6965] ubi31: empty MTD device detected [ 235.500601][ T6971] netlink: 36 bytes leftover after parsing attributes in process `syz.3.225'. [ 236.303999][ T6965] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4 [ 236.425473][ T6975] netlink: 4 bytes leftover after parsing attributes in process `syz.1.226'. [ 237.033417][ T6979] netlink: 16 bytes leftover after parsing attributes in process `syz.3.227'. [ 237.874594][ T6979] netlink: 'syz.3.227': attribute type 11 has an invalid length. [ 237.874636][ T6979] netlink: 224 bytes leftover after parsing attributes in process `syz.3.227'. [ 237.876856][ T6976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 237.896493][ T6982] block device autoloading is deprecated and will be removed. [ 237.897970][ T6982] syz.2.228: attempt to access beyond end of device [ 237.897970][ T6982] md2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 238.068939][ T24] usb 5-1: string descriptor 0 read error: -32 [ 238.324057][ T6993] misc userio: Invalid payload size [ 238.346647][ T6993] misc userio: No port type given on /dev/userio [ 239.990433][ T7001] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 239.996773][ T7001] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 240.002922][ T7001] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 240.009012][ T7001] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 240.015161][ T7001] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 240.151882][ T5888] usb 5-1: USB disconnect, device number 6 [ 242.069703][ T5838] Bluetooth: hci4: command 0x0c1a tx timeout [ 242.075940][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 242.084234][ T5838] Bluetooth: hci0: command 0x0c1a tx timeout [ 242.091694][ T5838] Bluetooth: hci2: command 0x0c1a tx timeout [ 242.097866][ T5838] Bluetooth: hci1: command 0x0c1a tx timeout [ 243.227037][ T7040] overlayfs: failed to resolve './file1': -2 [ 245.625481][ T7044] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 245.661887][ T7044] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 245.668573][ T7044] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 245.677848][ T7044] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 245.684356][ T7044] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 246.775448][ T7065] ip6gre0: entered promiscuous mode [ 246.844927][ T7065] ip6gre0: entered allmulticast mode [ 246.989718][ T5851] Bluetooth: hci0: command 0x0c1a tx timeout [ 247.710942][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 247.717041][ T5838] Bluetooth: hci2: command 0x0c1a tx timeout [ 247.729846][ T5849] Bluetooth: hci1: command 0x0c1a tx timeout [ 247.735967][ T5851] Bluetooth: hci4: command 0x0c1a tx timeout [ 249.768912][ T30] kauditd_printk_skb: 12 callbacks suppressed [ 249.768929][ T30] audit: type=1326 audit(1744720535.730:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7093 comm="syz.1.250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e32f8e169 code=0x7ffc0000 [ 249.837179][ T30] audit: type=1326 audit(1744720535.760:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7093 comm="syz.1.250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=444 compat=0 ip=0x7f7e32f8e169 code=0x7ffc0000 [ 250.649261][ T30] audit: type=1326 audit(1744720535.760:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7093 comm="syz.1.250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e32f8e169 code=0x7ffc0000 [ 251.359612][ T30] audit: type=1326 audit(1744720535.770:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7093 comm="syz.1.250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7e32f90087 code=0x7ffc0000 [ 251.570819][ T30] audit: type=1326 audit(1744720535.770:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7093 comm="syz.1.250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f7e32f8fffc code=0x7ffc0000 [ 251.638410][ T30] audit: type=1326 audit(1744720535.770:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7093 comm="syz.1.250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f7e32f8ff34 code=0x7ffc0000 [ 252.422604][ T30] audit: type=1326 audit(1744720535.780:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7093 comm="syz.1.250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f7e32f8ff34 code=0x7ffc0000 [ 252.598226][ T7109] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 252.758556][ T7116] syz.1.255: attempt to access beyond end of device [ 252.758556][ T7116] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0 [ 252.773192][ T7116] syz.1.255: attempt to access beyond end of device [ 252.773192][ T7116] nbd1: rw=0, sector=120, nr_sectors = 8 limit=0 [ 252.786654][ T7116] Mount JFS Failure: -5 [ 253.141511][ T30] audit: type=1326 audit(1744720535.780:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7093 comm="syz.1.250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f7e32f8cdca code=0x7ffc0000 [ 253.163072][ T30] audit: type=1326 audit(1744720535.780:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7093 comm="syz.1.250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e32f8e169 code=0x7ffc0000 [ 253.259951][ T30] audit: type=1326 audit(1744720535.780:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7093 comm="syz.1.250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e32f8e169 code=0x7ffc0000 [ 253.639175][ T7118] netlink: 8 bytes leftover after parsing attributes in process `syz.4.254'. [ 256.260099][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.266498][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 258.249561][ T7152] lo speed is unknown, defaulting to 1000 [ 258.256208][ T7152] lo speed is unknown, defaulting to 1000 [ 258.364528][ T7152] lo speed is unknown, defaulting to 1000 [ 258.662001][ T7152] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 259.908169][ T7152] lo speed is unknown, defaulting to 1000 [ 260.697048][ T7152] lo speed is unknown, defaulting to 1000 [ 261.053058][ T7180] input: syz1 as /devices/virtual/input/input6 [ 261.583847][ T7152] lo speed is unknown, defaulting to 1000 [ 261.604770][ T7152] lo speed is unknown, defaulting to 1000 [ 261.863844][ T7152] lo speed is unknown, defaulting to 1000 [ 262.217841][ T7190] siw: device registration error -23 [ 263.457185][ T7197] netlink: 4 bytes leftover after parsing attributes in process `syz.2.273'. [ 265.349405][ T7197] bond0: (slave bond_slave_0): Releasing backup interface [ 267.975901][ T7225] Malformed UNC in devname [ 267.975901][ T7225] [ 267.982690][ T7225] CIFS: VFS: Malformed UNC in devname [ 268.069874][ T7227] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 268.081504][ T7227] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 268.789676][ T24] IPVS: starting estimator thread 0... [ 268.899603][ T7230] IPVS: using max 30 ests per chain, 72000 per kthread [ 272.379727][ T5928] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 272.699944][ T5928] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 272.735434][ T5928] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 272.872044][ T7270] netlink: 36 bytes leftover after parsing attributes in process `syz.2.289'. [ 273.321383][ T5928] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 273.563218][ T5928] usb 5-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 273.981212][ T5928] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 273.993497][ T5928] usb 5-1: Product: syz [ 273.998151][ T5928] usb 5-1: Manufacturer: syz [ 274.062539][ T7280] netlink: 8 bytes leftover after parsing attributes in process `syz.1.292'. [ 274.739915][ T5928] usb 5-1: SerialNumber: syz [ 274.753800][ T5928] usb 5-1: config 0 descriptor?? [ 274.764249][ T5928] usb 5-1: can't set config #0, error -71 [ 274.778534][ T5928] usb 5-1: USB disconnect, device number 7 [ 275.565196][ T7291] kAFS: Can only specify source 'none' with -o dyn [ 275.566236][ T7291] evm: overlay not supported [ 279.121208][ T7313] 9pnet_fd: p9_fd_create_tcp (7313): problem connecting socket to 127.0.0.1 [ 279.994964][ T7320] : renamed from bond0 (while UP) [ 285.169722][ T7363] tipc: Cannot configure node identity twice [ 285.870484][ T7364] netlink: 'syz.1.308': attribute type 11 has an invalid length. [ 285.878285][ T7364] netlink: 224 bytes leftover after parsing attributes in process `syz.1.308'. [ 286.379629][ T24] usb 3-1: new full-speed USB device number 3 using dummy_hcd [ 286.553169][ T24] usb 3-1: not running at top speed; connect to a high speed hub [ 286.593297][ T24] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 286.662872][ T24] usb 3-1: New USB device found, idVendor=0b05, idProduct=1822, bcdDevice= 0.40 [ 286.708813][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 286.908850][ T24] usb 3-1: Product: syz [ 286.925949][ T24] usb 3-1: SerialNumber: syz [ 288.115551][ T24] usb 3-1: can't set config #1, error -71 [ 288.158709][ T24] usb 3-1: USB disconnect, device number 3 [ 288.397847][ T7371] netlink: 36 bytes leftover after parsing attributes in process `syz.0.313'. [ 288.407847][ T7371] netlink: 8 bytes leftover after parsing attributes in process `syz.0.313'. [ 291.700251][ T7427] delete_channel: no stack [ 293.463671][ T7444] tipc: Cannot configure node identity twice [ 294.318709][ T5928] usb 3-1: new full-speed USB device number 4 using dummy_hcd [ 295.285407][ T7449] netlink: 'syz.0.326': attribute type 10 has an invalid length. [ 295.566900][ T7449] netlink: 40 bytes leftover after parsing attributes in process `syz.0.326'. [ 296.011683][ T5928] usb 3-1: not running at top speed; connect to a high speed hub [ 296.020675][ T5928] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 296.112987][ T7449] team0: Port device geneve0 added [ 296.285894][ T7456] vlan0: entered promiscuous mode [ 296.476994][ T5928] usb 3-1: string descriptor 0 read error: -71 [ 296.751986][ T7464] capability: warning: `syz.3.328' uses deprecated v2 capabilities in a way that may be insecure [ 297.012326][ T5928] usb 3-1: New USB device found, idVendor=0b05, idProduct=1822, bcdDevice= 0.40 [ 297.869633][ T5851] Bluetooth: hci5: command 0x1003 tx timeout [ 297.899616][ T5849] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 297.987717][ T5928] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 298.136538][ T5928] usb 3-1: can't set config #1, error -71 [ 298.192800][ T5928] usb 3-1: USB disconnect, device number 4 [ 300.233507][ T7497] serio: Serial port ptm0 [ 303.399134][ T7528] tipc: Cannot configure node identity twice [ 305.136296][ T60] usb 3-1: new full-speed USB device number 5 using dummy_hcd [ 306.838061][ T7553] netlink: 8 bytes leftover after parsing attributes in process `syz.3.343'. [ 306.846989][ T7553] netlink: 4 bytes leftover after parsing attributes in process `syz.3.343'. [ 306.856014][ T7553] netlink: 'syz.3.343': attribute type 7 has an invalid length. [ 307.159719][ T5889] usb 5-1: new full-speed USB device number 8 using dummy_hcd [ 308.307064][ T7559] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 308.381327][ T5889] usb 5-1: device descriptor read/all, error -71 [ 309.885928][ T7574] netlink: 4 bytes leftover after parsing attributes in process `syz.3.347'. [ 309.917920][ T7582] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 310.011955][ T7576] MTD: Couldn't look up '': -2 [ 310.220646][ T7576] workqueue: Failed to create a rescuer kthread for wq "xfs-inodegc/nullb0": -EINTR [ 310.287996][ T7574] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(17) [ 310.304231][ T7574] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 310.581916][ T7574] vhci_hcd vhci_hcd.0: Device attached [ 310.607339][ T7593] vhci_hcd: connection closed [ 310.610902][ T1040] vhci_hcd: stop threads [ 310.695064][ T1040] vhci_hcd: release socket [ 310.718899][ T1040] vhci_hcd: disconnect device [ 313.184748][ T7616] syzkaller1: entered promiscuous mode [ 313.200643][ T7616] syzkaller1: entered allmulticast mode [ 313.995064][ T7613] input: syz0 as /devices/virtual/input/input8 [ 315.414514][ T7640] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 316.200573][ T30] kauditd_printk_skb: 27 callbacks suppressed [ 316.200589][ T30] audit: type=1800 audit(1744720601.490:61): pid=7640 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.1.358" name="file0" dev="overlay" ino=428 res=0 errno=0 [ 317.235352][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.241805][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.851252][ T7673] lo speed is unknown, defaulting to 1000 [ 318.967530][ T7673] lo speed is unknown, defaulting to 1000 [ 320.913625][ T7695] netlink: 68 bytes leftover after parsing attributes in process `syz.4.366'. [ 322.081594][ T7702] MTD: Couldn't look up '': -2 [ 322.110385][ T7671] bond0: entered promiscuous mode [ 322.118362][ T7671] bond_slave_0: entered promiscuous mode [ 322.145357][ T7671] bond_slave_1: entered promiscuous mode [ 322.716596][ T7702] workqueue: Failed to create a rescuer kthread for wq "xfs-buf/nullb0": -EINTR [ 322.962068][ T5842] syz1: Port: 1 Link DOWN [ 323.907764][ T7711] Bluetooth: MGMT ver 1.23 [ 324.631631][ T7716] netlink: 68 bytes leftover after parsing attributes in process `syz.3.372'. [ 328.181501][ T7749] MTD: Couldn't look up '': -2 [ 329.132766][ T7752] netlink: 452 bytes leftover after parsing attributes in process `syz.3.378'. [ 331.331964][ T7769] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 331.339266][ T7769] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 331.345547][ T7769] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 331.351627][ T7769] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 332.565303][ T7781] vlan0: entered promiscuous mode [ 332.700894][ T7776] netlink: 'syz.3.383': attribute type 30 has an invalid length. [ 333.312158][ T5851] Bluetooth: hci1: command 0x0c1a tx timeout [ 333.495822][ T5851] Bluetooth: hci4: command 0x0c1a tx timeout [ 333.502206][ T5849] Bluetooth: hci3: command 0x0c1a tx timeout [ 333.508425][ T56] Bluetooth: hci2: command 0x0c1a tx timeout [ 336.136243][ T7805] MTD: Couldn't look up '': -2 [ 338.345902][ T7824] ntfs3(nullb0): Primary boot signature is not NTFS. [ 338.353444][ T7824] ntfs3(nullb0): try to read out of volume at offset 0x3e7ffffe00 [ 339.414600][ T7835] tipc: Cannot configure node identity twice [ 339.912925][ T7834] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 339.921757][ T7834] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 339.929758][ T7834] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 339.937063][ T7834] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 340.389146][ T7843] fuseblk: Bad value for 'user_id' [ 340.431114][ T7843] fuseblk: Bad value for 'user_id' [ 342.331402][ T56] Bluetooth: hci2: command 0x0c1a tx timeout [ 342.340666][ T5838] Bluetooth: hci1: command 0x0c1a tx timeout [ 342.347036][ T5849] Bluetooth: hci3: command 0x0c1a tx timeout [ 342.362637][ T5851] Bluetooth: hci4: command 0x0c1a tx timeout [ 342.842765][ T7861] netlink: 20 bytes leftover after parsing attributes in process `syz.0.399'. [ 347.073360][ T7897] netlink: 16 bytes leftover after parsing attributes in process `syz.3.406'. [ 347.428453][ T7895] ubi31: attaching mtd0 [ 347.449260][ T7895] ubi31: scanning is finished [ 349.036494][ T7895] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 349.046613][ T7895] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 349.056757][ T7895] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 349.067010][ T7895] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 349.146674][ T7895] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 349.153982][ T7895] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 349.162270][ T7895] ubi31: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 1447472333 [ 349.335334][ T7895] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 350.369757][ T7909] ubi31: background thread "ubi_bgt31d" started, PID 7909 [ 352.867275][ T7927] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 352.873629][ T7927] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 352.879798][ T7927] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 352.885948][ T7927] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 354.367025][ T7942] tipc: Cannot configure node identity twice [ 354.918529][ T5849] Bluetooth: hci1: command 0x0c1a tx timeout [ 354.925362][ T7943] overlay: ./file0 is not a directory [ 354.989735][ T5849] Bluetooth: hci4: command 0x0c1a tx timeout [ 354.995850][ T5849] Bluetooth: hci3: command 0x0c1a tx timeout [ 355.001965][ T5851] Bluetooth: hci2: command 0x0c1a tx timeout [ 355.139908][ T5842] usb 5-1: new full-speed USB device number 10 using dummy_hcd [ 355.741929][ T7934] netlink: 20 bytes leftover after parsing attributes in process `syz.3.416'. [ 355.881012][ T7950] xt_CT: You must specify a L4 protocol and not use inversions on it [ 356.039921][ T5842] usb 5-1: not running at top speed; connect to a high speed hub [ 356.106391][ T5842] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 356.167916][ T5842] usb 5-1: New USB device found, idVendor=0b05, idProduct=1822, bcdDevice= 0.40 [ 356.238744][ T5842] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 356.279281][ T5842] usb 5-1: Product: syz [ 356.304040][ T5842] usb 5-1: SerialNumber: syz [ 356.358653][ T5842] usbhid 5-1:1.0: couldn't find an input interrupt endpoint [ 357.688455][ T978] usb 5-1: USB disconnect, device number 10 [ 360.230940][ T7980] libceph: resolve '0' (ret=-3): failed [ 361.096526][ T7987] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 361.104197][ T7987] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 361.110223][ T7987] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 361.116213][ T7987] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 361.905817][ T7994] tipc: Cannot configure node identity twice [ 362.250486][ T60] usb 2-1: new full-speed USB device number 6 using dummy_hcd [ 362.521859][ T60] usb 2-1: not running at top speed; connect to a high speed hub [ 363.229805][ T5849] Bluetooth: hci1: command 0x0c1a tx timeout [ 363.229815][ T5838] Bluetooth: hci2: command 0x0c1a tx timeout [ 363.229852][ T5838] Bluetooth: hci3: command 0x0c1a tx timeout [ 363.235911][ T5849] Bluetooth: hci4: command 0x0c1a tx timeout [ 363.242155][ T5928] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 363.303934][ T60] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 363.367868][ T60] usb 2-1: New USB device found, idVendor=0b05, idProduct=1822, bcdDevice= 0.40 [ 363.451390][ T60] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 363.509698][ T5928] usb 3-1: Using ep0 maxpacket: 16 [ 364.150958][ T60] usb 2-1: Product: syz [ 364.155170][ T60] usb 2-1: SerialNumber: syz [ 364.207702][ T5928] usb 3-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 364.207954][ T60] usbhid 2-1:1.0: couldn't find an input interrupt endpoint [ 364.355344][ T8018] netlink: 224 bytes leftover after parsing attributes in process `syz.0.435'. [ 364.405347][ T60] usb 2-1: USB disconnect, device number 6 [ 364.509717][ T5928] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 364.518870][ T5928] usb 3-1: Product: syz [ 364.541256][ T5928] usb 3-1: Manufacturer: syz [ 365.278295][ T5928] usb 3-1: SerialNumber: syz [ 365.408876][ T5928] usb 3-1: config 0 descriptor?? [ 365.447964][ T5928] visor 3-1:0.0: Sony Clie 3.5 converter detected [ 365.669003][ T8007] loop9: detected capacity change from 0 to 7 [ 365.690938][ T8007] Dev loop9: unable to read RDB block 7 [ 365.752677][ T8007] loop9: AHDI p2 p3 [ 365.761093][ T8028] netlink: 8 bytes leftover after parsing attributes in process `syz.2.432'. [ 366.091638][ T8007] loop9: partition table partially beyond EOD, truncated [ 366.412357][ T8028] netlink: 8 bytes leftover after parsing attributes in process `syz.2.432'. [ 366.457652][ T8007] loop9: p3 start 142804738 is beyond EOD, truncated [ 366.464884][ T8029] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 366.465996][ T8028] netlink: 2 bytes leftover after parsing attributes in process `syz.2.432'. [ 366.719125][ T8035] netlink: 64 bytes leftover after parsing attributes in process `syz.3.438'. [ 366.739791][ T8035] netlink: 8 bytes leftover after parsing attributes in process `syz.3.438'. [ 367.239740][ T5928] usb 3-1: clie_3_5_startup: get interface number bad return length: 0 [ 367.258624][ T5928] visor 3-1:0.0: probe with driver visor failed with error -5 [ 368.121537][ T5849] Bluetooth: hci1: connection err: -111 [ 369.349687][ T5928] usb 3-1: USB disconnect, device number 6 [ 369.458331][ T5888] IPVS: starting estimator thread 0... [ 369.612888][ T8056] IPVS: using max 26 ests per chain, 62400 per kthread [ 370.410203][ T60] usb 5-1: new full-speed USB device number 11 using dummy_hcd [ 372.056084][ T60] usb 5-1: device descriptor read/all, error -71 [ 372.079714][ T5888] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 373.063088][ T5888] usb 1-1: device descriptor read/all, error -71 [ 374.083737][ T8090] tipc: Cannot configure node identity twice [ 374.349737][ T5928] usb 3-1: new full-speed USB device number 7 using dummy_hcd [ 374.538794][ T5928] usb 3-1: not running at top speed; connect to a high speed hub [ 374.692087][ T5928] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 374.719313][ T5928] usb 3-1: New USB device found, idVendor=0b05, idProduct=1822, bcdDevice= 0.40 [ 374.762419][ T5928] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 374.843901][ T30] audit: type=1326 audit(1744720660.770:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8091 comm="syz.1.452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e32f8e169 code=0x7ffc0000 [ 375.257194][ T30] audit: type=1326 audit(1744720660.770:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8091 comm="syz.1.452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e32f8e169 code=0x7ffc0000 [ 375.278529][ C0] vkms_vblank_simulate: vblank timer overrun [ 375.286449][ T5928] usb 3-1: Product: syz [ 375.303837][ T5928] usb 3-1: SerialNumber: syz [ 375.487990][ T30] audit: type=1326 audit(1744720660.770:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8091 comm="syz.1.452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=296 compat=0 ip=0x7f7e32f8e169 code=0x7ffc0000 [ 375.509420][ C0] vkms_vblank_simulate: vblank timer overrun [ 375.822475][ T30] audit: type=1326 audit(1744720660.770:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8091 comm="syz.1.452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e32f8e169 code=0x7ffc0000 [ 375.834102][ T5928] usbhid 3-1:1.0: couldn't find an input interrupt endpoint [ 375.843887][ C0] vkms_vblank_simulate: vblank timer overrun [ 375.898677][ T30] audit: type=1326 audit(1744720660.770:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8091 comm="syz.1.452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e32f8e169 code=0x7ffc0000 [ 375.989061][ T30] audit: type=1326 audit(1744720660.770:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8091 comm="syz.1.452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=322 compat=0 ip=0x7f7e32f8e169 code=0x7ffc0000 [ 376.010420][ C0] vkms_vblank_simulate: vblank timer overrun [ 376.079078][ T30] audit: type=1326 audit(1744720660.770:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8091 comm="syz.1.452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e32f8e169 code=0x7ffc0000 [ 376.236582][ T30] audit: type=1326 audit(1744720660.770:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8091 comm="syz.1.452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e32f8e169 code=0x7ffc0000 [ 376.370118][ T5849] Bluetooth: hci3: unexpected event for opcode 0x0c7b [ 376.593420][ T8115] netlink: 20 bytes leftover after parsing attributes in process `syz.1.454'. [ 376.679653][ T8116] NILFS (nullb0): couldn't find nilfs on the device [ 377.084481][ T8115] workqueue: Failed to create a rescuer kthread for wq "nbd64-recv": -EINTR [ 377.086166][ T8115] block (null): Could not allocate knbd recv work queue. [ 377.087822][ T8115] nbd: failed to add new device [ 377.346494][ T60] usb 3-1: USB disconnect, device number 7 [ 377.372472][ T30] audit: type=1326 audit(1744720660.770:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8091 comm="syz.1.452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7e32f8e169 code=0x7ffc0000 [ 377.372518][ T30] audit: type=1326 audit(1744720660.780:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8091 comm="syz.1.452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e32f8e169 code=0x7ffc0000 [ 378.977570][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.978607][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.230302][ T8133] tty tty2: ldisc open failed (-12), clearing slot 1 [ 379.237345][ T8131] tty tty1: ldisc open failed (-12), clearing slot 0 [ 382.428987][ T8144] vxcan1: entered allmulticast mode [ 382.439088][ T8144] vxcan1: left allmulticast mode [ 382.979820][ T5928] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 383.262409][ T5928] usb 1-1: unable to get BOS descriptor or descriptor too short [ 383.301228][ T5928] usb 1-1: config 2 has an invalid interface number: 202 but max is 1 [ 383.329686][ T5928] usb 1-1: config 2 has an invalid interface association descriptor of length 5, skipping [ 383.361279][ T5928] usb 1-1: config 2 has no interface number 1 [ 383.387753][ T5928] usb 1-1: config 2 interface 202 has no altsetting 0 [ 383.423567][ T5928] usb 1-1: config 2 interface 0 has no altsetting 0 [ 383.679920][ T5928] usb 1-1: string descriptor 0 read error: -71 [ 383.686374][ T5928] usb 1-1: New USB device found, idVendor=0856, idProduct=ac25, bcdDevice=5b.5d [ 383.736455][ T5928] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 383.934372][ T30] kauditd_printk_skb: 13 callbacks suppressed [ 383.934411][ T30] audit: type=1326 audit(1744720669.860:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8174 comm="syz.4.469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abbb8e169 code=0x7ffc0000 [ 384.000741][ T8183] tipc: Cannot configure node identity twice [ 384.529720][ T30] audit: type=1326 audit(1744720669.860:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8174 comm="syz.4.469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abbb8e169 code=0x7ffc0000 [ 384.548081][ T5928] usb 1-1: can't set config #2, error -71 [ 384.552489][ T30] audit: type=1326 audit(1744720670.470:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8174 comm="syz.4.469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f0abbb8e169 code=0x7ffc0000 [ 384.652411][ T30] audit: type=1326 audit(1744720670.470:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8174 comm="syz.4.469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abbb8e169 code=0x7ffc0000 [ 384.684640][ T30] audit: type=1326 audit(1744720670.480:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8174 comm="syz.4.469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abbb8e169 code=0x7ffc0000 [ 384.714494][ T5928] usb 1-1: USB disconnect, device number 9 [ 384.889719][ T8185] bridge0: entered promiscuous mode [ 384.898312][ T8185] macvlan2: entered promiscuous mode [ 384.924570][ T30] audit: type=1326 audit(1744720670.530:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8174 comm="syz.4.469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f0abbb8e169 code=0x7ffc0000 [ 384.962225][ T8185] bridge0: port 3(macvlan2) entered blocking state [ 384.969594][ T8185] bridge0: port 3(macvlan2) entered disabled state [ 384.977631][ T8185] macvlan2: entered allmulticast mode [ 384.983496][ T8185] bridge0: entered allmulticast mode [ 385.075309][ T8185] macvlan2: left allmulticast mode [ 385.080928][ T8185] bridge0: left allmulticast mode [ 385.114404][ T8185] bridge0: left promiscuous mode [ 385.250836][ T5928] usb 1-1: new full-speed USB device number 10 using dummy_hcd [ 385.257422][ T30] audit: type=1326 audit(1744720670.530:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8174 comm="syz.4.469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abbb8e169 code=0x7ffc0000 [ 385.419784][ T30] audit: type=1326 audit(1744720670.530:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8174 comm="syz.4.469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f0abbb8e169 code=0x7ffc0000 [ 386.017490][ T5928] usb 1-1: not running at top speed; connect to a high speed hub [ 386.023187][ T30] audit: type=1326 audit(1744720670.530:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8174 comm="syz.4.469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0abbb8e169 code=0x7ffc0000 [ 386.055575][ T5928] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 386.058755][ T30] audit: type=1326 audit(1744720670.550:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8174 comm="syz.4.469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f0abbb8e169 code=0x7ffc0000 [ 386.287359][ T5928] usb 1-1: New USB device found, idVendor=0b05, idProduct=1822, bcdDevice= 0.40 [ 386.347293][ T5928] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 386.370146][ T5928] usb 1-1: Product: syz [ 386.374385][ T5928] usb 1-1: SerialNumber: syz [ 387.039404][ T8201] MTD: Couldn't look up '': -2 [ 387.607943][ T5928] usbhid 1-1:1.0: couldn't find an input interrupt endpoint [ 387.943241][ T8196] workqueue: Failed to create a rescuer kthread for wq "xfs-conv/nullb0": -EINTR [ 388.347207][ T8213] MTD: Couldn't look up '': -2 [ 389.042100][ T8213] workqueue: Failed to create a rescuer kthread for wq "xfs-buf/nullb0": -EINTR [ 389.763812][ T5928] usb 1-1: USB disconnect, device number 10 [ 390.478665][ T8235] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 390.646466][ T8234] netlink: 'syz.2.480': attribute type 1 has an invalid length. [ 391.318055][ T8225] DRBG: could not allocate CTR cipher TFM handle: ctr(aes) [ 391.336907][ T8227] netlink: 'syz.2.480': attribute type 1 has an invalid length. [ 391.494076][ T8252] syz.3.482: attempt to access beyond end of device [ 391.494076][ T8252] md2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 392.934970][ T8259] netlink: 'syz.2.485': attribute type 1 has an invalid length. [ 392.954793][ T8259] netlink: 244 bytes leftover after parsing attributes in process `syz.2.485'. [ 393.996705][ T60] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 394.382223][ T30] kauditd_printk_skb: 12 callbacks suppressed [ 394.382259][ T30] audit: type=1326 audit(1744720680.320:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8263 comm="syz.0.487" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f00b8e169 code=0x7ffc0000 [ 394.795467][ T8270] ceph: No mds server is up or the cluster is laggy [ 394.809896][ T5928] libceph: connect (1)[c::]:6789 error -101 [ 394.816406][ T5928] libceph: mon0 (1)[c::]:6789 connect error [ 394.825570][ T30] audit: type=1326 audit(1744720680.330:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8263 comm="syz.0.487" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f00b8e169 code=0x7ffc0000 [ 395.362449][ T60] usb 2-1: Using ep0 maxpacket: 16 [ 396.297685][ T53] libceph: connect (1)[c::]:6789 error -101 [ 396.320836][ T53] libceph: mon0 (1)[c::]:6789 connect error [ 396.370982][ T60] usb 2-1: device descriptor read/all, error -71 [ 396.622370][ T8279] MTD: Couldn't look up '': -2 [ 397.578270][ T8291] MTD: Couldn't look up '': -2 [ 398.113849][ T8291] workqueue: Failed to create a rescuer kthread for wq "xfs-blockgc/nullb0": -EINTR [ 398.823959][ T8305] netlink: 8 bytes leftover after parsing attributes in process `syz.0.491'. [ 398.851005][ T8305] xt_TPROXY: Can be used only with -p tcp or -p udp [ 399.411285][ T8311] IPv6: Can't replace route, no match found [ 399.793189][ T8318] netlink: 4 bytes leftover after parsing attributes in process `syz.4.494'. [ 399.885960][ T8307] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 399.892540][ T8307] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 399.900407][ T8307] vhci_hcd vhci_hcd.0: Device attached [ 401.220066][ T5842] usb 39-1: new low-speed USB device number 2 using vhci_hcd [ 401.249670][ T53] usb 4-1: new low-speed USB device number 6 using dummy_hcd [ 401.535056][ T8325] program syz.1.495 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 401.587961][ T53] usb 4-1: device descriptor read/64, error -71 [ 402.385558][ T8336] netlink: 12 bytes leftover after parsing attributes in process `syz.2.498'. [ 402.853968][ T8338] xt_l2tp: v2 sid > 0xffff: 262144 [ 404.050433][ T53] usb 4-1: new low-speed USB device number 7 using dummy_hcd [ 404.715440][ T8316] vhci_hcd: connection reset by peer [ 404.741411][ T1157] vhci_hcd: stop threads [ 404.768828][ T1157] vhci_hcd: release socket [ 404.775110][ T1157] vhci_hcd: disconnect device [ 405.260640][ T8347] MTD: Couldn't look up '': -2 [ 405.788225][ T8347] workqueue: Failed to create a rescuer kthread for wq "xfs-buf/nullb0": -EINTR [ 406.516461][ T5842] vhci_hcd: vhci_device speed not set [ 412.543940][ T8391] netlink: 12 bytes leftover after parsing attributes in process `syz.4.510'. [ 413.552780][ T8412] netlink: 16 bytes leftover after parsing attributes in process `syz.0.515'. [ 414.194488][ T8411] overlayfs: missing 'lowerdir' [ 415.259889][ T8417] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 417.510684][ T8436] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 418.932174][ T53] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 419.766534][ T53] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 419.917483][ T53] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 419.931326][ T53] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 419.940497][ T53] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 419.970526][ T53] usb 1-1: config 0 descriptor?? [ 420.295727][ T8458] netlink: 12 bytes leftover after parsing attributes in process `syz.2.524'. [ 420.932891][ T53] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 423.069561][ T5833] usb 1-1: USB disconnect, device number 11 [ 423.384393][ T8486] netlink: 4 bytes leftover after parsing attributes in process `syz.2.529'. [ 423.548334][ T8486] netlink: 48 bytes leftover after parsing attributes in process `syz.2.529'. [ 423.581695][ T8488] netlink: 'syz.4.530': attribute type 21 has an invalid length. [ 423.589685][ T8488] netlink: 'syz.4.530': attribute type 6 has an invalid length. [ 423.597341][ T8488] netlink: 132 bytes leftover after parsing attributes in process `syz.4.530'. [ 423.609963][ T8488] netlink: 4 bytes leftover after parsing attributes in process `syz.4.530'. [ 423.828875][ T8491] netlink: 16 bytes leftover after parsing attributes in process `syz.0.531'. [ 427.069381][ T8503] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'syz0' [ 427.754277][ T8511] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 428.412467][ T8519] ALSA: mixer_oss: invalid OSS volume 'P}VIN' [ 428.419293][ T8519] ALSA: mixer_oss: invalid OSS volume 'X#*N߈l' [ 428.731109][ T8503] could not allocate digest TFM handle blake2s-160-generic [ 429.118384][ T8529] PKCS7: Unknown OID: [4] 5.25.264.112.81.102.117 [ 429.118416][ T8529] PKCS7: Only support pkcs7_signedData type [ 431.488549][ T8544] netlink: 4580 bytes leftover after parsing attributes in process `syz.2.542'. [ 431.497934][ T8544] netlink: 4580 bytes leftover after parsing attributes in process `syz.2.542'. [ 431.507312][ T8544] netlink: 333 bytes leftover after parsing attributes in process `syz.2.542'. [ 432.381815][ T8555] syz_tun: entered allmulticast mode [ 432.548314][ T5849] Bluetooth: hci2: unexpected event for opcode 0x040d [ 436.641840][ T8578] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 439.749933][ T8607] 9pnet_fd: p9_fd_create_tcp (8607): problem connecting socket to 127.0.0.1 [ 440.160418][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.166829][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 442.469959][ T8624] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 442.602358][ T8627] loop6: detected capacity change from 0 to 64 [ 442.698449][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 442.707964][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 442.749576][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 442.758830][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 442.940082][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 442.949319][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 442.991548][ T8626] ptrace attach of "./syz-executor exec"[5834] was attempted by "./syz-executor exec"[8626] [ 443.229598][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 443.238849][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 443.260366][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 443.269635][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 443.392577][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 443.401849][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 443.410860][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 443.420037][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 443.429579][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 443.438775][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 443.460315][ T8627] ldm_validate_partition_table(): Disk read failed. [ 443.480641][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 443.489970][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 443.539508][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x80000 phys_seg 8 prio class 0 [ 443.549061][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 444.380902][ T8627] Dev loop6: unable to read RDB block 0 [ 444.606323][ T8627] loop6: unable to read partition table [ 444.621141][ T8627] loop_reread_partitions: partition scan of loop6 (3 ) failed (rc=-5) [ 445.368902][ T8644] MTD: Couldn't look up '': -2 [ 445.609673][ T8649] netlink: 'syz.1.565': attribute type 21 has an invalid length. [ 445.617516][ T8649] netlink: 'syz.1.565': attribute type 6 has an invalid length. [ 445.625219][ T8649] netlink: 132 bytes leftover after parsing attributes in process `syz.1.565'. [ 445.637864][ T8649] netlink: 4 bytes leftover after parsing attributes in process `syz.1.565'. [ 446.246386][ T5201] ldm_validate_partition_table(): Disk read failed. [ 446.293765][ T5201] Dev loop6: unable to read RDB block 0 [ 446.329952][ T5201] loop6: unable to read partition table [ 446.635849][ T8663] MTD: Couldn't look up '': -2 [ 446.653425][ T8663] /dev/nullb0: Can't open blockdev [ 448.415468][ T8660] xt_l2tp: invalid flags combination: 4 [ 448.896122][ T8670] No control pipe specified [ 449.825936][ T8689] netlink: 4 bytes leftover after parsing attributes in process `syz.1.577'. [ 451.617015][ T8697] MTD: Couldn't look up '': -2 [ 451.996309][ T8697] /dev/nullb0: Can't open blockdev [ 452.397239][ T8695] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR [ 452.783616][ T8706] MTD: Couldn't look up '': -2 [ 452.811020][ T8706] /dev/nullb0: Can't open blockdev [ 453.332863][ T8712] dccp_invalid_packet: P.Data Offset(4) too small [ 454.978525][ T5849] Bluetooth: hci1: unexpected event for opcode 0x0411 [ 455.255977][ T8733] 8021q: VLANs not supported on wg2 [ 456.974175][ T8746] veth0_to_team: entered promiscuous mode [ 456.984658][ T8746] veth0_to_team: entered allmulticast mode [ 457.651690][ T8758] MTD: Couldn't look up '': -2 [ 457.660238][ T8758] /dev/nullb0: Can't open blockdev [ 458.769959][ T8768] MTD: Couldn't look up '': -2 [ 458.962310][ T8768] /dev/nullb0: Can't open blockdev [ 459.129837][ T5849] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 459.139596][ T5849] Bluetooth: hci1: Injecting HCI hardware error event [ 459.148548][ T5849] Bluetooth: hci1: hardware error 0x00 [ 459.588918][ T5838] Bluetooth: hci1: unexpected event for opcode 0x0c25 [ 460.033739][ T8796] Cannot find del_set index 4 as target [ 461.255531][ T5849] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 461.796314][ T8810] MTD: Couldn't look up '': -2 [ 461.804478][ T8810] /dev/nullb0: Can't open blockdev [ 461.842274][ T8811] xt_CT: You must specify a L4 protocol and not use inversions on it [ 461.895966][ T5838] Bluetooth: hci2: unexpected subevent 0x01 length: 16 < 18 [ 462.832264][ T8830] MTD: Couldn't look up '': -2 [ 462.840824][ T8830] /dev/nullb0: Can't open blockdev [ 463.284936][ T8837] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 464.044055][ T8854] MTD: Couldn't look up '': -2 [ 464.063975][ T8854] /dev/nullb0: Can't open blockdev [ 466.354964][ T8871] MTD: Couldn't look up '': -2 [ 466.376278][ T8871] /dev/nullb0: Can't open blockdev [ 467.301953][ T5838] Bluetooth: hci2: Malformed HCI Event: 0x22 [ 468.162238][ T8896] MTD: Couldn't look up '': -2 [ 468.169343][ T8896] /dev/nullb0: Can't open blockdev [ 469.299684][ T8911] tipc: Can't bind to reserved service type 1 [ 469.432340][ T8914] MTD: Couldn't look up '': -2 [ 469.453798][ T8914] /dev/nullb0: Can't open blockdev [ 469.939309][ T8919] netlink: 8 bytes leftover after parsing attributes in process `syz.1.648'. [ 470.044521][ T8919] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 470.127984][ T8922] [ 470.130396][ T8922] ====================================================== [ 470.137423][ T8922] WARNING: possible circular locking dependency detected [ 470.144447][ T8922] 6.15.0-rc2-syzkaller-00037-g834a4a689699 #0 Not tainted [ 470.151563][ T8922] ------------------------------------------------------ [ 470.158583][ T8922] syz.4.651/8922 is trying to acquire lock: [ 470.164470][ T8922] ffffffff900eb308 (rtnl_mutex){+.+.}-{4:4}, at: ip_mroute_setsockopt+0x161/0x11f0 [ 470.173828][ T8922] [ 470.173828][ T8922] but task is already holding lock: [ 470.181189][ T8922] ffff88803361cfa8 (&smc->clcsock_release_lock){+.+.}-{4:4}, at: smc_setsockopt+0x1b2/0xd50 [ 470.191305][ T8922] [ 470.191305][ T8922] which lock already depends on the new lock. [ 470.191305][ T8922] [ 470.201701][ T8922] [ 470.201701][ T8922] the existing dependency chain (in reverse order) is: [ 470.210704][ T8922] [ 470.210704][ T8922] -> #2 (&smc->clcsock_release_lock){+.+.}-{4:4}: [ 470.219298][ T8922] lock_acquire+0x116/0x2f0 [ 470.224311][ T8922] __mutex_lock+0x1a5/0x10c0 [ 470.229411][ T8922] smc_switch_to_fallback+0x35/0xda0 [ 470.235204][ T8922] smc_sendmsg+0x11f/0x530 [ 470.240131][ T8922] __sock_sendmsg+0x221/0x270 [ 470.245315][ T8922] __sys_sendto+0x365/0x4c0 [ 470.250850][ T8922] __x64_sys_sendto+0xde/0x100 [ 470.256120][ T8922] do_syscall_64+0xf3/0x230 [ 470.261137][ T8922] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 470.267537][ T8922] [ 470.267537][ T8922] -> #1 (sk_lock-AF_INET){+.+.}-{0:0}: [ 470.275171][ T8922] lock_acquire+0x116/0x2f0 [ 470.280183][ T8922] lock_sock_nested+0x48/0x100 [ 470.285455][ T8922] do_ip_setsockopt+0x17e9/0x39c0 [ 470.290991][ T8922] ip_setsockopt+0x63/0x100 [ 470.296041][ T8922] do_sock_setsockopt+0x3b1/0x710 [ 470.301589][ T8922] __x64_sys_setsockopt+0x1ee/0x280 [ 470.307303][ T8922] do_syscall_64+0xf3/0x230 [ 470.312323][ T8922] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 470.318731][ T8922] [ 470.318731][ T8922] -> #0 (rtnl_mutex){+.+.}-{4:4}: [ 470.325931][ T8922] validate_chain+0xa69/0x24e0 [ 470.331224][ T8922] __lock_acquire+0xad5/0xd80 [ 470.336406][ T8922] lock_acquire+0x116/0x2f0 [ 470.341414][ T8922] __mutex_lock+0x1a5/0x10c0 [ 470.346527][ T8922] ip_mroute_setsockopt+0x161/0x11f0 [ 470.352322][ T8922] do_ip_setsockopt+0x1114/0x39c0 [ 470.357854][ T8922] ip_setsockopt+0x63/0x100 [ 470.362867][ T8922] smc_setsockopt+0x25c/0xd50 [ 470.368094][ T8922] do_sock_setsockopt+0x3b1/0x710 [ 470.373645][ T8922] __x64_sys_setsockopt+0x1ee/0x280 [ 470.379369][ T8922] do_syscall_64+0xf3/0x230 [ 470.384387][ T8922] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 470.390790][ T8922] [ 470.390790][ T8922] other info that might help us debug this: [ 470.390790][ T8922] [ 470.401005][ T8922] Chain exists of: [ 470.401005][ T8922] rtnl_mutex --> sk_lock-AF_INET --> &smc->clcsock_release_lock [ 470.401005][ T8922] [ 470.414554][ T8922] Possible unsafe locking scenario: [ 470.414554][ T8922] [ 470.422089][ T8922] CPU0 CPU1 [ 470.427448][ T8922] ---- ---- [ 470.432803][ T8922] lock(&smc->clcsock_release_lock); [ 470.438172][ T8922] lock(sk_lock-AF_INET); [ 470.445101][ T8922] lock(&smc->clcsock_release_lock); [ 470.452981][ T8922] lock(rtnl_mutex); [ 470.456954][ T8922] [ 470.456954][ T8922] *** DEADLOCK *** [ 470.456954][ T8922] [ 470.465088][ T8922] 1 lock held by syz.4.651/8922: [ 470.470009][ T8922] #0: ffff88803361cfa8 (&smc->clcsock_release_lock){+.+.}-{4:4}, at: smc_setsockopt+0x1b2/0xd50 [ 470.480532][ T8922] [ 470.480532][ T8922] stack backtrace: [ 470.486436][ T8922] CPU: 1 UID: 0 PID: 8922 Comm: syz.4.651 Not tainted 6.15.0-rc2-syzkaller-00037-g834a4a689699 #0 PREEMPT(full) [ 470.486453][ T8922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 470.486461][ T8922] Call Trace: [ 470.486467][ T8922] [ 470.486473][ T8922] dump_stack_lvl+0x241/0x360 [ 470.486498][ T8922] ? __pfx_dump_stack_lvl+0x10/0x10 [ 470.486515][ T8922] ? __pfx__printk+0x10/0x10 [ 470.486532][ T8922] ? print_lock+0x171/0x1a0 [ 470.486547][ T8922] print_circular_bug+0x2e1/0x300 [ 470.486564][ T8922] check_noncircular+0x142/0x160 [ 470.486582][ T8922] validate_chain+0xa69/0x24e0 [ 470.486599][ T8922] ? sched_clock_cpu+0x77/0x4d0 [ 470.486617][ T8922] __lock_acquire+0xad5/0xd80 [ 470.486632][ T8922] lock_acquire+0x116/0x2f0 [ 470.486643][ T8922] ? ip_mroute_setsockopt+0x161/0x11f0 [ 470.486662][ T8922] ? finish_task_switch+0x1e5/0x870 [ 470.486682][ T8922] __mutex_lock+0x1a5/0x10c0 [ 470.486698][ T8922] ? ip_mroute_setsockopt+0x161/0x11f0 [ 470.486715][ T8922] ? trace_sched_exit_tp+0x3c/0x120 [ 470.486733][ T8922] ? __schedule+0x1b51/0x51f0 [ 470.486747][ T8922] ? preempt_schedule_common+0x84/0xd0 [ 470.486762][ T8922] ? ip_mroute_setsockopt+0x161/0x11f0 [ 470.486778][ T8922] ? __pfx___mutex_lock+0x10/0x10 [ 470.486796][ T8922] ? schedule+0x163/0x360 [ 470.486811][ T8922] ip_mroute_setsockopt+0x161/0x11f0 [ 470.486831][ T8922] ? register_lock_class+0x54/0x330 [ 470.486843][ T8922] ? __pfx_ip_mroute_setsockopt+0x10/0x10 [ 470.486864][ T8922] ? __pfx___mutex_trylock_common+0x10/0x10 [ 470.486881][ T8922] do_ip_setsockopt+0x1114/0x39c0 [ 470.486899][ T8922] ? __pfx_do_ip_setsockopt+0x10/0x10 [ 470.486916][ T8922] ? smc_setsockopt+0x1b2/0xd50 [ 470.486930][ T8922] ? __pfx___mutex_lock+0x10/0x10 [ 470.486950][ T8922] ip_setsockopt+0x63/0x100 [ 470.486964][ T8922] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 470.486983][ T8922] smc_setsockopt+0x25c/0xd50 [ 470.487000][ T8922] ? __pfx_smc_setsockopt+0x10/0x10 [ 470.487013][ T8922] ? __lock_acquire+0xad5/0xd80 [ 470.487027][ T8922] ? __pfx_smc_setsockopt+0x10/0x10 [ 470.487040][ T8922] do_sock_setsockopt+0x3b1/0x710 [ 470.487055][ T8922] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 470.487066][ T8922] ? __fget_files+0x2a/0x420 [ 470.487082][ T8922] ? __fget_files+0x39d/0x420 [ 470.487095][ T8922] ? __fget_files+0x2a/0x420 [ 470.487111][ T8922] __x64_sys_setsockopt+0x1ee/0x280 [ 470.487126][ T8922] do_syscall_64+0xf3/0x230 [ 470.487141][ T8922] ? clear_bhb_loop+0x45/0xa0 [ 470.487155][ T8922] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 470.487172][ T8922] RIP: 0033:0x7f0abbb8e169 [ 470.487188][ T8922] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 470.487204][ T8922] RSP: 002b:00007f0abca77038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 470.487218][ T8922] RAX: ffffffffffffffda RBX: 00007f0abbdb5fa0 RCX: 00007f0abbb8e169 [ 470.487228][ T8922] RDX: 00000000000000cb RSI: 0000000000000000 RDI: 0000000000000003 [ 470.487236][ T8922] RBP: 00007f0abbc10a68 R08: 0000000000000000 R09: 0000000000000000 [ 470.487244][ T8922] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 470.487251][ T8922] R13: 0000000000000000 R14: 00007f0abbdb5fa0 R15: 00007ffec4478568 [ 470.487265][ T8922]