last executing test programs: 8.333237856s ago: executing program 1 (id=672): mkdir(&(0x7f0000000200)='./file0\x00', 0x56) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='devtmpfs\x00', 0x10, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4, 0x80) getdents64(r0, &(0x7f0000002440)=""/4100, 0x1004) close(r0) 8.082656168s ago: executing program 3 (id=674): r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x5, &(0x7f00000007c0)=@framed={{0x18, 0x2}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xa}]}, &(0x7f00000005c0)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000280)=ANY=[@ANYRES32=r1, @ANYRES32=r2, @ANYBLOB="05"], 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000440)={r1, &(0x7f0000000440), &(0x7f0000000040)=@udp=r0}, 0x20) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x21) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xc}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b142b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c04594282423424d00", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x2003}, 0x94) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000200)='syzkaller\x00', 0x9}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 7.844589733s ago: executing program 1 (id=676): r0 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r0, &(0x7f0000000380)={0x1d, 0x0, 0x0, {0x0, 0xff, 0x4}}, 0x18) setsockopt$sock_int(r0, 0x1, 0x23, &(0x7f0000000100)=0xe829, 0x4) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x800001000087}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000280)={&(0x7f00000003c0)={0x84, 0x2, 0x8, 0x101, 0x0, 0x0, {0x3, 0x0, 0x6}, [@CTA_TIMEOUT_DATA={0x3c, 0x4, 0x0, 0x1, @icmpv6=[@CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x8}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x9}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x4}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x7fff}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_TIMEOUT_ICMPV6_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0xfffffff9}]}, @CTA_TIMEOUT_DATA={0x14, 0x4, 0x0, 0x1, @tcp=[@CTA_TIMEOUT_TCP_RETRANS={0x8, 0xa, 0x1, 0x0, 0x3}, @CTA_TIMEOUT_TCP_SYN_SENT2={0x8}]}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0xf7}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x2f}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x6002}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x21}]}, 0x84}, 0x1, 0x0, 0x0, 0x4004000}, 0x10) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x10) bind$netlink(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SET_PTRACER(0x59616d61, r3) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="340300f1ff000000000000000000000900010009797a3064f651000000000600024088a800000500030001000000040004800000000000"], 0x34}, 0x1, 0x0, 0x0, 0x4c0c1}, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a0c020000080a03000000000000000000050000010900010073797a30000000000900020073797a3000000000f4000480100001800b00010064796e73657400000c00018008000100636d7000540001800b00010072656a65637400004400028008000140000000020800014000000002080001400000000105000200010000000500020006000000050002002500000005000200070000000500020007000000100001800a0001006c696d6974000000240001800b0001007470726f7879000014000280080003400000000a080003400000000128000180080001006e6174001c0002800800054000000004080005400000000e080005400000000b140001800e000100696d6d656469617465000000100001800a00010072616e6765000000ec0004801c0001800b00010074756e6e656c00000c00028008000240000000080000000000000000636f6e6e6c696d6974000000340002800800014000001337080001400000000708000140000002000800024000000001080002400000000008000240000000002000018007000100637400001400028005000300010000000500030001000000100001800c000100636f756e74657200300001800800010064757000240002800800024000000012080002400000001208000240000000080800024000000013240001800b00010072656a65637400001400028005000200cf00000008000140000000012c000000030a01010000000000000000050000000900010073797a30000000000900030073797a300000000048000000060a010400000000000000000500000008000b4000000000200004801c0001800b00010074756e6e656c00000c00028008000240000000040900010073797a3000000000140000001100010000000000000000000700000a"], 0x2a8}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000980)={0xd, 0x14, &(0x7f00000008c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8}, {}, {}, [@tail_call], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80}, 0x94) sendmsg$inet(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)="00010100004000", 0x7}, {&(0x7f0000000080)='%y', 0x2}], 0x2}, 0x4004) r6 = openat$binfmt_register(0xffffff9c, &(0x7f0000000000), 0x1, 0x0) write$binfmt_register(r6, &(0x7f0000000340)={0x3a, 'syz3', 0x3a, 'M', 0x3a, 0x8, 0x3a, '/proc/sys/fs/binfmt_misc/register\x00', 0x3a, '/proc/sys/fs/binfmt_misc/register\x00', 0x3a, './file0/../file0', 0x3a, [0x4f, 0x43]}, 0x76) openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0) 5.602815105s ago: executing program 3 (id=678): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x30}}, 0x10) r1 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000040)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0xfffffd10, &(0x7f0000000200)=0x2000000000006) ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000004c00)=""/102392, 0x18ff8) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) r3 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_MSFILTER(r3, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f700000000000000000000000000000000000000000000000000000000000000060000000000000000050000000a004e200e8a34c38f"], 0x310) setsockopt$inet6_group_source_req(r3, 0x29, 0x2b, &(0x7f00000005c0)={0x1, {{0xa, 0x4e20, 0x0, @mcast1}}, {{0xa, 0x0, 0x94, @empty}}}, 0x108) close(r0) 5.585986071s ago: executing program 1 (id=679): r0 = socket$can_bcm(0x1d, 0x2, 0x2) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) sched_setscheduler(0x0, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = getpgrp(0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) openat$sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) capset(0x0, 0x0) ioctl$KDFONTOP_GET(r1, 0x4b72, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r0, &(0x7f00000000c0)={0x1d, r6}, 0x10) sendmsg$can_bcm(r0, 0x0, 0x0) ioctl$F2FS_IOC_START_VOLATILE_WRITE(r0, 0xf503, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="01000000220900"/16, @ANYRES64=0x2710, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYBLOB="0000000001"], 0x80}}, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1, 0x4, &(0x7f0000000440)=@framed={{0x18, 0x5, 0x0, 0x0, 0x40000}, [@call={0x85, 0x0, 0x0, 0x7a}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x94) r8 = socket$packet(0x11, 0x3, 0x300) setsockopt$sock_attach_bpf(r8, 0x1, 0x32, &(0x7f0000000080)=r7, 0x4) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x14, 0x2, 0x6, 0x3, 0x0, 0x0, {0x0, 0x0, 0x7}}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x4000) 3.577697127s ago: executing program 0 (id=682): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000000c0)={{0xaa7, 0x2000, 0x1, 0xfffe}, 'syz1\x00', 0x4}) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x12) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$UHID_INPUT(r1, &(0x7f0000000080)={0xc, {"a2e3ada14fc752f91b3d1a0987f70e06d038e7ff7fc6e5539b3272078b089b080f384b090890e0878f0e1ac6e7049b334d959b669a240d5b67f3988f7ef3195201c0ffe8d178708c523c921b1b5d500f0d30090936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38dfcd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac4850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc90da8196c28d920bab05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778ef85ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d21487b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a158b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae7183cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba551eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a799567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7ccef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461600000000000000206ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cef3d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f86b8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e4b15f929b47f741f0efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2bb9935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf9f394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a75500000000d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa37ef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d00000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000faffffffffffffff00", 0x1000}}, 0x1006) 3.577440267s ago: executing program 2 (id=683): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000b40)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081) openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket(0x1d, 0x2, 0x6) pselect6(0x40, &(0x7f00000001c0)={0x0, 0xff00000000000000, 0x5, 0xfffffffffffffffd, 0x8001, 0x0, 0x1000001000, 0x45}, 0x0, &(0x7f0000000080)={0x3ff, 0x4, 0x100000, 0x9, 0x0, 0x10, 0x80000002}, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 3.576855367s ago: executing program 3 (id=684): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12014101f2c59620d016b8108ede0102030109022400010000100009040002020083ec0009050602000202000a09058202"], 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f00000005c0)={0x84, &(0x7f0000000340)=ANY=[@ANYBLOB='@\t\f'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000680)={0x2c, &(0x7f0000000480)={0x0, 0x14, 0x28, "55b477d8afa26e61301a13870409817a3835096b73fd918ab9c7058538fa57231e40f0b1d268fd00"}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000c40)={0x84, &(0x7f0000000800)={0x40, 0x17, 0xc, "b3ab3a2146c8a9c4b2df2250"}, 0x0, 0x0, 0x0, &(0x7f0000000940)={0x20, 0x0, 0x4, {0x120, 0x80}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 3.485761166s ago: executing program 1 (id=685): syz_emit_ethernet(0x8a, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r3 = syz_open_dev$dvb_demux(&(0x7f0000000080), 0x0, 0x41) ioctl$DVB_DEMUX_DMX_ADD_PID(r3, 0x40026f33, &(0x7f0000000100)=0x808c) 3.137981505s ago: executing program 2 (id=686): mkdir(&(0x7f0000000200)='./file0\x00', 0x56) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='devtmpfs\x00', 0x10, 0x0) 3.127224883s ago: executing program 0 (id=687): openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf01b}, {0x0}], 0x2) syz_io_uring_submit(0x0, 0x0, 0x0) mincore(&(0x7f000081d000/0x1000)=nil, 0x1000, &(0x7f0000afaf0a)=""/245) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x200000b, 0x8c4b815a5465c2b2, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha512\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000640)=[{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000140)="b57523cb1a2c90d8acad2e2d98dfc9ea7a5843c3b63b683ced2b3266175599b779617e66e6b3e15c042be90635a2d36160bbf9a2edcacc0bbe015b84150a1928de94397894ff36aa430fc2a0814ba634308d6d0837250dfd1eca5383f9d151449743b1a0c4ffc51242a229c5d6d06f147a61d797ea7ffeda95b76f5623", 0x7d}, {&(0x7f00000001c0)="66f7", 0x3}, {&(0x7f0000000300)='l3', 0x7fffef80}], 0x3}], 0x1, 0x0) 2.808844749s ago: executing program 0 (id=688): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup(r1) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) write$tun(r0, &(0x7f0000000200)={@val={0x70}, @void, @eth={@broadcast, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0x4, 0x54, 0x64, 0x0, 0x5, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2}, {{0x4e20, 0x4e21, 0x41424344, 0x41424344, 0x0, 0x0, 0x10, 0x5c2e6bf19cacf817, 0x81, 0x0, 0x6, {[@generic={0x0, 0x8, "956f87d32c95"}, @exp_fastopen={0xfe, 0x9, 0xf989, "7ecb7b763d"}, @md5sig={0x13, 0x12, "b82304a42416846e1ef454ff10d0a800"}, @sack={0x5, 0x6, [0x2]}]}}}}}}}}, 0x66) 2.808182439s ago: executing program 2 (id=689): r0 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe) add_key$user(&(0x7f0000000180), 0x0, 0x0, 0x0, r0) 2.578769326s ago: executing program 2 (id=690): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x30}}, 0x10) r1 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000040)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0xfffffd10, &(0x7f0000000200)=0x2000000000006) ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000004c00)=""/102392, 0x18ff8) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0) r3 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_MSFILTER(r3, 0x29, 0x30, &(0x7f00000007c0)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000ffff00000000000000bd0000000000000000000000e4ec01000000004000000000fc00000000000000000000000000013da51fd47aa2e2f700000000000000000000000000000000000000000000000000000000000000060000000000000000050000000a004e200e8a34c38f"], 0x310) setsockopt$inet6_group_source_req(r3, 0x29, 0x2b, &(0x7f00000005c0)={0x1, {{0xa, 0x4e20, 0x0, @mcast1}}, {{0xa, 0x0, 0x94, @empty}}}, 0x108) close(r0) 2.561498932s ago: executing program 3 (id=691): bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x1c, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ec}, 0x94) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(0x0, 0x0, 0x0) openat$6lowpan_control(0xffffff9c, &(0x7f0000002540), 0x2, 0x0) creat(0x0, 0x0) open$dir(0x0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={0xffffffffffffffff, 0x0, 0x30, 0x0, @val=@perf_event={0x8}}, 0x18) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) syz_open_dev$usbfs(0x0, 0x76, 0x0) fsopen(&(0x7f0000000040)='afs\x00', 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00') ppoll(&(0x7f0000000040)=[{r1, 0x2030}], 0x1, 0x0, 0x0, 0x0) 2.511842631s ago: executing program 2 (id=692): r0 = syz_usb_connect(0x0, 0x24, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000880)={0x44, &(0x7f00000004c0)={0x40, 0x8, 0x6, "a61623bea283"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, 0x0) 2.434795683s ago: executing program 0 (id=693): r0 = socket$can_bcm(0x1d, 0x2, 0x2) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) sched_setscheduler(0x0, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = getpgrp(0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) openat$sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) capset(0x0, 0x0) ioctl$KDFONTOP_GET(r1, 0x4b72, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r0, &(0x7f00000000c0)={0x1d, r6}, 0x10) sendmsg$can_bcm(r0, 0x0, 0x0) ioctl$F2FS_IOC_START_VOLATILE_WRITE(r0, 0xf503, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYBLOB="0000000001"], 0x80}}, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1, 0x4, &(0x7f0000000440)=@framed={{0x18, 0x5, 0x0, 0x0, 0x40000}, [@call={0x85, 0x0, 0x0, 0x7a}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x94) r8 = socket$packet(0x11, 0x3, 0x300) setsockopt$sock_attach_bpf(r8, 0x1, 0x32, &(0x7f0000000080)=r7, 0x4) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x14, 0x2, 0x6, 0x3, 0x0, 0x0, {0x0, 0x0, 0x7}}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x4000) 1.624895006s ago: executing program 0 (id=694): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000b40)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081) openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket(0x1d, 0x2, 0x6) pselect6(0x40, &(0x7f00000001c0)={0x0, 0xff00000000000000, 0x5, 0xfffffffffffffffd, 0x8001, 0x0, 0x1000001000, 0x45}, 0x0, &(0x7f0000000080)={0x3ff, 0x4, 0x100000, 0x9, 0x0, 0x10, 0x80000002}, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 1.142601605s ago: executing program 2 (id=695): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_TX_POWER(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x2c, r1, 0x1, 0x70bd25, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}, @NL802154_ATTR_TX_POWER={0x8, 0xb, 0x10000}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8014}, 0x40000) ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f0000000000)=0x200000000) r2 = socket$kcm(0xa, 0x2, 0x0) r3 = socket(0x2, 0x80805, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000340)=0x6) ioctl$XFS_IOC_FSGROWFSRT(r3, 0x40105870, &(0x7f00000000c0)={0x9, 0x2}) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000040)={0x84, @rand_addr=0x64010101, 0x4e23, 0x3, 'rr\x00', 0x1, 0x80005, 0x70}, 0x2c) setsockopt$IP_VS_SO_SET_ADDDEST(r3, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010102, 0x4e21, 0x3, 'lc\x00', 0x5, 0xb, 0x77}, {@rand_addr=0x64010100, 0x4e20, 0x2, 0xcd, 0x83, 0x2}}, 0x44) sendmsg$sock(r2, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0) 1.142427005s ago: executing program 3 (id=696): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) r0 = eventfd(0x0) r1 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r1, &(0x7f0000000140), 0x10) r2 = syz_io_uring_setup(0x835, &(0x7f00000000c0)={0x0, 0x679d, 0x80, 0x42000006, 0x20a}, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r1, 0x0, &(0x7f0000000240)="144024aeae8b2b5d63f7449a372e1406d4defe495b5744eed6801d1d51e1d3fcdcf25bdf4a5f2ef4b45d6898757795c858f0c3d4b26bd644", 0x38, 0x2400c0c7, 0x1}) io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0x0) ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, &(0x7f0000000240)=r0) 970.681195ms ago: executing program 0 (id=697): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x46, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, 0x0, 0x0) r3 = semget(0x0, 0x1, 0x39c) semop(r3, &(0x7f0000000000)=[{0x0, 0x5, 0x800}, {0x1, 0xffff, 0x1000}, {0x0, 0x7fc0, 0x800}], 0x3) semctl$GETZCNT(r3, 0x4, 0xf, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000080)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x5}, 0x50) r4 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x800) ioctl$SG_GET_VERSION_NUM(r4, 0x2284, &(0x7f0000000080)) shutdown(0xffffffffffffffff, 0x1) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet(0x2, 0x4000000000000001, 0x0) 718.400357ms ago: executing program 1 (id=698): r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket(0x10, 0x803, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) r3 = socket$kcm(0x25, 0x1, 0x0) recvmsg(r3, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x10160) bpf$PROG_BIND_MAP(0xa, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) setsockopt$XDP_UMEM_FILL_RING(r2, 0x11b, 0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) r4 = socket(0xa, 0x5, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000200), 0x0) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000d40)={0x44, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x44}}, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast1=0xe0004001}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x0) r6 = socket$inet_tcp(0x2, 0x1, 0x0) r7 = dup3(r6, r0, 0x0) setsockopt$inet_pktinfo(r7, 0x0, 0x8, 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r7, 0x3b81, &(0x7f0000000000)={0xc}) r8 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) r9 = syz_open_procfs(0x0, &(0x7f0000000380)='pagemap\x00') pread64(r9, &(0x7f000001a240)=""/102400, 0x19000, 0x80000000000000) ioctl$PPPIOCSPASS(r8, 0x40107447, &(0x7f00000007c0)={0x8, &(0x7f0000002000)=[{0x6, 0x60}, {0x2, 0x97, 0xe1, 0x20000002}, {0x81, 0x6, 0x42, 0x9}, {0xb4b, 0x69, 0x6, 0x1}, {0x88a5, 0xc6, 0xf4, 0xfffffffe}, {0x6, 0x32, 0x4, 0x5}, {0x1c, 0xf, 0x2, 0x4}, {0x7, 0xff, 0x4}]}) 594.965138ms ago: executing program 3 (id=699): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f066bbeeb, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) io_setup(0x3, &(0x7f0000000180)) ioctl$vim2m_VIDIOC_QUERYBUF(0xffffffffffffffff, 0xc044560f, &(0x7f0000000080)=@mmap={0x0, 0x2, 0x4, 0x0, 0x7, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "10110401"}}) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0e00000004000000040000000300000000000000", @ANYRES32, @ANYBLOB="00000000000010000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/14], 0x48) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, r3, 0x0, '\x00', 0x0, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xb, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000000000001000000000600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf0900000000000035090100000000009500000000070000b7020000000000007b9a00fe000000006609000003000000dbaaf0ff50000000bf8620000000000007080000f8ffffffbfa400000000000007040000f0ffffff670000000800000018290000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7050000080000004608f0ff7600001a5e9200000000000056080000010000408500000007000000b70000000000000095000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @fallback=0xd, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r5, 0x40000000af01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f0000000a80)={0x2, 0x0, [{0x4000, 0xba, &(0x7f0000000400)=""/186}, {0x41000, 0xfe, &(0x7f00000004c0)=""/254}]}) 0s ago: executing program 1 (id=700): r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$kcm(0x11, 0x3, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r4 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r5, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newtfilter={0x5c, 0x2c, 0xd3f, 0x30bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, r5, {0x8, 0x7}, {}, {0x7, 0x300}}, [@filter_kind_options=@f_basic={{0xa}, {0x2c, 0x2, [@TCA_BASIC_EMATCHES={0x28, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0x1c, 0x2, 0x0, 0x1, [@TCF_EM_CMP={0x18, 0x1, 0x0, 0x0, {{0x7, 0x1, 0x2}, {0x6, 0x1cdc, 0xfffb, 0x4, 0xc, 0x2, 0x1}}}]}]}]}}]}, 0x5c}}, 0x0) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @broadcast}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r1, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x7, r6, 0x3e}, 0x80, &(0x7f0000000280)=[{&(0x7f0000000200)="95", 0x1}], 0x1}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.9' (ED25519) to the list of known hosts. [ 64.483565][ T5751] cgroup: Unknown subsys name 'net' [ 64.647645][ T5751] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 66.049280][ T5751] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 67.463945][ T5767] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 67.474655][ T5767] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 67.482829][ T5767] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 67.490785][ T5767] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 67.499363][ T5776] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 67.520749][ T5775] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 67.530529][ T5775] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 67.537788][ T5776] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 67.540277][ T5767] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 67.546754][ T5775] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 67.553905][ T5767] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 67.562244][ T5775] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 67.566336][ T5777] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 67.582207][ T5777] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 67.589981][ T5777] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 67.598142][ T5777] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 67.606011][ T5767] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 67.613368][ T5767] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 67.619621][ T5778] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 67.620675][ T5777] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 67.628661][ T5778] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 67.641589][ T5769] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 67.649382][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 67.657656][ T5777] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 68.104419][ T5763] chnl_net:caif_netlink_parms(): no params data found [ 68.125334][ T5764] chnl_net:caif_netlink_parms(): no params data found [ 68.136242][ T5762] chnl_net:caif_netlink_parms(): no params data found [ 68.251158][ T5765] chnl_net:caif_netlink_parms(): no params data found [ 68.341122][ T5763] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.349528][ T5763] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.357303][ T5763] bridge_slave_0: entered allmulticast mode [ 68.364471][ T5763] bridge_slave_0: entered promiscuous mode [ 68.374814][ T5763] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.382031][ T5763] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.389325][ T5763] bridge_slave_1: entered allmulticast mode [ 68.396326][ T5763] bridge_slave_1: entered promiscuous mode [ 68.416973][ T5764] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.424395][ T5764] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.434231][ T5764] bridge_slave_0: entered allmulticast mode [ 68.441171][ T5764] bridge_slave_0: entered promiscuous mode [ 68.448649][ T5764] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.456102][ T5764] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.463318][ T5764] bridge_slave_1: entered allmulticast mode [ 68.470000][ T5764] bridge_slave_1: entered promiscuous mode [ 68.488981][ T5762] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.496254][ T5762] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.503741][ T5762] bridge_slave_0: entered allmulticast mode [ 68.510714][ T5762] bridge_slave_0: entered promiscuous mode [ 68.518216][ T5762] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.525990][ T5762] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.533526][ T5762] bridge_slave_1: entered allmulticast mode [ 68.541578][ T5762] bridge_slave_1: entered promiscuous mode [ 68.607819][ T5763] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.629820][ T5762] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.642607][ T5764] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.653997][ T5763] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.673585][ T5765] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.681275][ T5765] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.688651][ T5765] bridge_slave_0: entered allmulticast mode [ 68.695684][ T5765] bridge_slave_0: entered promiscuous mode [ 68.704433][ T5765] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.711808][ T5765] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.719088][ T5765] bridge_slave_1: entered allmulticast mode [ 68.726019][ T5765] bridge_slave_1: entered promiscuous mode [ 68.734880][ T5762] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.747932][ T5764] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.788158][ T5763] team0: Port device team_slave_0 added [ 68.824134][ T5763] team0: Port device team_slave_1 added [ 68.833188][ T5765] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.852139][ T5764] team0: Port device team_slave_0 added [ 68.868999][ T5765] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.889703][ T5762] team0: Port device team_slave_0 added [ 68.898105][ T5764] team0: Port device team_slave_1 added [ 68.928091][ T5762] team0: Port device team_slave_1 added [ 68.944063][ T5763] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 68.952158][ T5763] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 68.978510][ T5763] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 68.992236][ T5763] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 68.999661][ T5763] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.026190][ T5763] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.040512][ T5765] team0: Port device team_slave_0 added [ 69.049284][ T5765] team0: Port device team_slave_1 added [ 69.116420][ T5764] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.123474][ T5764] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.149937][ T5764] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.164316][ T5764] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.172431][ T5764] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.198826][ T5764] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.225678][ T5762] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.232735][ T5762] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.259212][ T5762] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.303122][ T5765] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.310146][ T5765] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.338781][ T5765] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.353247][ T5762] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.360881][ T5762] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.387569][ T5762] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.404985][ T5763] hsr_slave_0: entered promiscuous mode [ 69.411904][ T5763] hsr_slave_1: entered promiscuous mode [ 69.428125][ T5765] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.436419][ T5765] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.467362][ T5765] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.496884][ T5764] hsr_slave_0: entered promiscuous mode [ 69.504155][ T5764] hsr_slave_1: entered promiscuous mode [ 69.511018][ T5764] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 69.518882][ T5764] Cannot create hsr debugfs directory [ 69.622590][ T5762] hsr_slave_0: entered promiscuous mode [ 69.629261][ T5762] hsr_slave_1: entered promiscuous mode [ 69.635804][ T5762] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 69.644278][ T5762] Cannot create hsr debugfs directory [ 69.651578][ T5778] Bluetooth: hci3: command tx timeout [ 69.665223][ T5765] hsr_slave_0: entered promiscuous mode [ 69.671598][ T5765] hsr_slave_1: entered promiscuous mode [ 69.678720][ T5765] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 69.686570][ T5765] Cannot create hsr debugfs directory [ 69.730949][ T5778] Bluetooth: hci1: command tx timeout [ 69.736778][ T5778] Bluetooth: hci0: command tx timeout [ 69.742924][ T5777] Bluetooth: hci2: command tx timeout [ 70.025917][ T5764] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 70.038382][ T5764] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 70.048488][ T5764] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 70.063423][ T5764] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 70.137825][ T5763] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 70.166232][ T5763] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 70.189139][ T5763] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 70.210424][ T5763] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 70.249363][ T5765] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 70.270417][ T5765] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 70.282586][ T5765] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 70.301245][ T5765] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 70.397502][ T5762] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 70.408175][ T5762] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 70.436073][ T5762] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 70.462610][ T5762] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 70.475264][ T5764] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.523008][ T5764] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.548287][ T5765] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.560481][ T2993] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.568216][ T2993] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.598928][ T2993] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.606259][ T2993] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.637948][ T5765] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.675270][ T2993] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.682543][ T2993] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.706614][ T5763] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.720317][ T2993] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.727465][ T2993] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.758538][ T5763] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.794075][ T2984] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.801291][ T2984] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.844298][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.851486][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.900491][ T5762] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.979414][ T5762] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.004562][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.011742][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.040354][ T2993] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.047829][ T2993] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.132405][ T5762] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 71.320466][ T5764] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.426102][ T5765] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.513640][ T5763] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.525215][ T5764] veth0_vlan: entered promiscuous mode [ 71.595733][ T5764] veth1_vlan: entered promiscuous mode [ 71.617613][ T5762] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.630071][ T5765] veth0_vlan: entered promiscuous mode [ 71.658477][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.665255][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.683779][ T5765] veth1_vlan: entered promiscuous mode [ 71.699376][ T5764] veth0_macvtap: entered promiscuous mode [ 71.728949][ T5764] veth1_macvtap: entered promiscuous mode [ 71.741574][ T5084] Bluetooth: hci3: command tx timeout [ 71.748709][ T5763] veth0_vlan: entered promiscuous mode [ 71.787421][ T5765] veth0_macvtap: entered promiscuous mode [ 71.812232][ T5084] Bluetooth: hci0: command tx timeout [ 71.812480][ T5778] Bluetooth: hci2: command tx timeout [ 71.817657][ T5084] Bluetooth: hci1: command tx timeout [ 71.830375][ T5765] veth1_macvtap: entered promiscuous mode [ 71.838597][ T5763] veth1_vlan: entered promiscuous mode [ 71.855276][ T5764] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 71.879507][ T5764] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 71.897810][ T5762] veth0_vlan: entered promiscuous mode [ 71.912640][ T5765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 71.924612][ T5765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 71.939032][ T5765] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 71.958119][ T5764] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.967673][ T5764] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.977273][ T5764] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.986613][ T5764] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.004954][ T5765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.015825][ T5765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.029273][ T5765] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.067189][ T5762] veth1_vlan: entered promiscuous mode [ 72.077103][ T5763] veth0_macvtap: entered promiscuous mode [ 72.089530][ T5765] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.104055][ T5765] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.113276][ T5765] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.124534][ T5765] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.167619][ T5763] veth1_macvtap: entered promiscuous mode [ 72.256267][ T5762] veth0_macvtap: entered promiscuous mode [ 72.266802][ T5762] veth1_macvtap: entered promiscuous mode [ 72.282535][ T5763] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.294671][ T5763] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.304586][ T5763] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.315435][ T5763] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.326779][ T5763] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.342918][ T2993] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.358162][ T2993] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.388464][ T5763] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.399310][ T5763] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.410008][ T5763] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.421344][ T5763] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.432828][ T5763] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.456659][ T5763] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.466037][ T5763] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.477022][ T5763] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.486449][ T5763] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.519214][ T5762] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.530059][ T5762] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.542650][ T5762] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.553327][ T5762] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.563302][ T5762] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.573985][ T5762] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.586854][ T5762] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.603393][ T5762] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.615218][ T5762] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.625309][ T5762] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.636081][ T5762] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.646190][ T5762] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.656734][ T5762] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.668372][ T5762] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.705283][ T2984] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.708446][ T5762] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.722454][ T2984] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.733621][ T5762] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.742387][ T5762] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.751180][ T5762] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.791935][ T2993] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.804118][ T2993] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.875691][ T2984] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.898072][ T2984] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.958190][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.981586][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.042653][ T2993] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.080895][ T2993] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.131494][ T2984] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.159503][ T2984] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.345093][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 73.500862][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 74.180753][ T5084] Bluetooth: hci3: command tx timeout [ 74.180924][ T5778] Bluetooth: hci1: command tx timeout [ 74.186176][ T5084] Bluetooth: hci2: command tx timeout [ 74.191723][ T5778] Bluetooth: hci0: command tx timeout [ 75.018567][ T5831] syz.0.1 (5831): drop_caches: 2 [ 75.187607][ T1309] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.218845][ T1309] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.481823][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 75.528085][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 75.571163][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 75.835874][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 75.993536][ T0] NOHZ tick-stop error: local softirq work is pending, handler #280!!! [ 76.012775][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 76.097199][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 76.212588][ T5778] Bluetooth: hci2: command tx timeout [ 76.218221][ T5084] Bluetooth: hci1: command tx timeout [ 76.223987][ T5774] Bluetooth: hci3: command tx timeout [ 76.230050][ T5777] Bluetooth: hci0: command tx timeout [ 76.287068][ T5836] tipc: Started in network mode [ 76.293813][ T5836] tipc: Node identity 2, cluster identity 4711 [ 76.300013][ T5836] tipc: Node number set to 2 [ 76.300993][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 76.812466][ T5826] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 77.189461][ T5826] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 77.230978][ T5826] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 77.441187][ T5826] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 77.450506][ T5826] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 77.549381][ T5841] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 77.585804][ T5826] usb 4-1: Quirk or no altest; falling back to MIDI 1.0 [ 79.441491][ T5824] usb 4-1: USB disconnect, device number 2 [ 81.845700][ T2993] Bluetooth: hci4: Frame reassembly failed (-84) [ 81.944462][ T23] cfg80211: failed to load regulatory.db [ 84.237115][ T5774] Bluetooth: hci4: command 0x1003 tx timeout [ 84.244586][ T5778] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 84.345741][ T5942] syz.2.14 (5942): drop_caches: 2 [ 84.555103][ T5778] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 84.565198][ T5778] CPU: 0 PID: 5778 Comm: kworker/u5:8 Not tainted syzkaller #0 [ 84.572832][ T5778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 84.582941][ T5778] Workqueue: hci3 hci_rx_work [ 84.588286][ T5778] Call Trace: [ 84.591752][ T5778] [ 84.594671][ T5778] dump_stack_lvl+0x18c/0x250 [ 84.599380][ T5778] ? show_regs_print_info+0x20/0x20 [ 84.604701][ T5778] ? load_image+0x400/0x400 [ 84.609755][ T5778] sysfs_create_dir_ns+0x26e/0x2a0 [ 84.614899][ T5778] ? sysfs_warn_dup+0xa0/0xa0 [ 84.619577][ T5778] ? do_raw_spin_unlock+0x121/0x230 [ 84.624808][ T5778] kobject_add_internal+0x61c/0xcc0 [ 84.630161][ T5778] kobject_add+0x164/0x240 [ 84.634624][ T5778] ? __rwlock_init+0x150/0x150 [ 84.639425][ T5778] ? kobject_init+0x1e0/0x1e0 [ 84.644130][ T5778] ? _raw_spin_unlock+0x28/0x40 [ 84.648988][ T5778] ? get_device_parent+0x366/0x390 [ 84.654284][ T5778] device_add+0x408/0xc20 [ 84.658679][ T5778] hci_conn_add_sysfs+0xd5/0x1e0 [ 84.663644][ T5778] le_conn_complete_evt+0xf5d/0x1540 [ 84.668949][ T5778] ? hci_event_packet+0x4cb/0x1270 [ 84.674076][ T5778] ? hci_le_big_info_adv_report_evt+0x910/0x910 [ 84.680328][ T5778] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 84.685978][ T5778] ? skb_pull_data+0xfb/0x200 [ 84.690655][ T5778] hci_le_conn_complete_evt+0x187/0x440 [ 84.696273][ T5778] ? hci_remote_host_features_evt+0x150/0x150 [ 84.702444][ T5778] hci_event_packet+0x7ba/0x1270 [ 84.707487][ T5778] ? bis_list+0x290/0x290 [ 84.711840][ T5778] ? lockdep_hardirqs_on+0x98/0x150 [ 84.717214][ T5778] ? hci_send_to_monitor+0xd7/0x4f0 [ 84.722470][ T5778] hci_rx_work+0x43a/0xd60 [ 84.726976][ T5778] ? process_scheduled_works+0x96f/0x15d0 [ 84.732844][ T5778] process_scheduled_works+0xa5d/0x15d0 [ 84.738444][ T5778] ? assign_work+0x430/0x430 [ 84.743165][ T5778] ? assign_work+0x3d0/0x430 [ 84.747841][ T5778] worker_thread+0xa55/0xfc0 [ 84.752721][ T5778] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 84.758734][ T5778] ? _raw_spin_unlock+0x40/0x40 [ 84.763672][ T5778] ? _raw_spin_unlock_irqrestore+0x86/0x120 [ 84.769610][ T5778] kthread+0x2fa/0x390 [ 84.773768][ T5778] ? pr_cont_work+0x560/0x560 [ 84.778444][ T5778] ? kthread_blkcg+0xd0/0xd0 [ 84.783027][ T5778] ret_from_fork+0x48/0x80 [ 84.787448][ T5778] ? kthread_blkcg+0xd0/0xd0 [ 84.792039][ T5778] ret_from_fork_asm+0x11/0x20 [ 84.796861][ T5778] [ 84.821171][ T5778] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 84.835757][ T5778] Bluetooth: hci3: failed to register connection device [ 87.461118][ T5826] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 87.749320][ T5826] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 87.770889][ T5826] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 87.782340][ T5826] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 87.796956][ T5826] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 87.861805][ T2993] Bluetooth: hci4: received HCILL_GO_TO_SLEEP_ACK in state 1 [ 88.544587][ T5998] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 88.605984][ T5826] usb 2-1: Quirk or no altest; falling back to MIDI 1.0 [ 88.620887][ T2993] Bluetooth: hci4: Frame reassembly failed (-84) [ 88.623796][ T6020] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 89.890769][ T5778] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 89.897196][ T5774] Bluetooth: hci4: command 0x1003 tx timeout [ 89.941943][ T6018] syz.3.24 (6018) used greatest stack depth: 17864 bytes left [ 89.988737][ T5778] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 90.000279][ T5778] CPU: 1 PID: 5778 Comm: kworker/u5:8 Not tainted syzkaller #0 [ 90.007976][ T5778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 90.018264][ T5778] Workqueue: hci0 hci_rx_work [ 90.023290][ T5778] Call Trace: [ 90.026768][ T5778] [ 90.030542][ T5778] dump_stack_lvl+0x18c/0x250 [ 90.035261][ T5778] ? show_regs_print_info+0x20/0x20 [ 90.040741][ T5778] ? load_image+0x400/0x400 [ 90.045333][ T5778] sysfs_create_dir_ns+0x26e/0x2a0 [ 90.050477][ T5778] ? sysfs_warn_dup+0xa0/0xa0 [ 90.055432][ T5778] ? do_raw_spin_unlock+0x121/0x230 [ 90.060753][ T5778] kobject_add_internal+0x61c/0xcc0 [ 90.066257][ T5778] kobject_add+0x164/0x240 [ 90.070879][ T5778] ? __rwlock_init+0x150/0x150 [ 90.075680][ T5778] ? kobject_init+0x1e0/0x1e0 [ 90.080472][ T5778] ? _raw_spin_unlock+0x28/0x40 [ 90.085541][ T5778] ? get_device_parent+0x366/0x390 [ 90.091281][ T5778] device_add+0x408/0xc20 [ 90.095824][ T5778] hci_conn_add_sysfs+0xd5/0x1e0 [ 90.100789][ T5778] le_conn_complete_evt+0xf5d/0x1540 [ 90.106134][ T5778] ? hci_event_packet+0x4cb/0x1270 [ 90.111463][ T5778] ? hci_le_big_info_adv_report_evt+0x910/0x910 [ 90.118064][ T5778] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 90.123910][ T5778] ? skb_pull_data+0xfb/0x200 [ 90.128919][ T5778] hci_le_conn_complete_evt+0x187/0x440 [ 90.134680][ T5778] ? hci_remote_host_features_evt+0x150/0x150 [ 90.141277][ T5778] hci_event_packet+0x7ba/0x1270 [ 90.146335][ T5778] ? bis_list+0x290/0x290 [ 90.150781][ T5778] ? lockdep_hardirqs_on+0x98/0x150 [ 90.156092][ T5778] ? hci_send_to_monitor+0xd7/0x4f0 [ 90.161411][ T5778] hci_rx_work+0x43a/0xd60 [ 90.165962][ T5778] ? process_scheduled_works+0x96f/0x15d0 [ 90.172145][ T5778] process_scheduled_works+0xa5d/0x15d0 [ 90.177819][ T5778] ? assign_work+0x430/0x430 [ 90.182423][ T5778] ? assign_work+0x3d0/0x430 [ 90.187017][ T5778] worker_thread+0xa55/0xfc0 [ 90.191704][ T5778] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 90.197605][ T5778] ? _raw_spin_unlock+0x40/0x40 [ 90.202450][ T5778] ? _raw_spin_unlock_irqrestore+0x86/0x120 [ 90.208350][ T5778] kthread+0x2fa/0x390 [ 90.212424][ T5778] ? pr_cont_work+0x560/0x560 [ 90.217125][ T5778] ? kthread_blkcg+0xd0/0xd0 [ 90.221730][ T5778] ret_from_fork+0x48/0x80 [ 90.226210][ T5778] ? kthread_blkcg+0xd0/0xd0 [ 90.230809][ T5778] ret_from_fork_asm+0x11/0x20 [ 90.235786][ T5778] [ 90.244848][ T5778] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 90.259414][ T5778] Bluetooth: hci0: failed to register connection device [ 90.419283][ T5826] usb 2-1: USB disconnect, device number 2 [ 91.450596][ T6027] syz.0.25 (6027): drop_caches: 2 [ 92.060854][ T23] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 92.281200][ T23] usb 2-1: Using ep0 maxpacket: 8 [ 92.321021][ T23] usb 2-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4 [ 92.333424][ T23] usb 2-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3 [ 92.341746][ T23] usb 2-1: Product: syz [ 92.346339][ T23] usb 2-1: Manufacturer: syz [ 92.351305][ T23] usb 2-1: SerialNumber: syz [ 92.400425][ T23] usb 2-1: config 0 descriptor?? [ 92.460352][ T23] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd [ 92.676702][ T23] gspca_zc3xx: reg_w_i err -71 [ 92.682504][ T23] gspca_zc3xx: probe of 2-1:0.0 failed with error -71 [ 92.722732][ T23] usb 2-1: USB disconnect, device number 3 [ 93.818812][ T5774] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 94.793339][ T6068] syz.1.36 (6068): drop_caches: 2 [ 96.024467][ T5905] Bluetooth: hci4: received HCILL_GO_TO_SLEEP_ACK in state 1 [ 97.331237][ T5778] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 98.212426][ T6101] netlink: 4 bytes leftover after parsing attributes in process `syz.1.40'. [ 98.224148][ T6101] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 98.224266][ T6101] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 98.224294][ T6101] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 98.224322][ T6101] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 98.229712][ T6101] netlink: 4 bytes leftover after parsing attributes in process `syz.1.40'. [ 98.230065][ T6101] Zero length message leads to an empty skb [ 99.541044][ T6110] capability: warning: `syz.3.46' uses deprecated v2 capabilities in a way that may be insecure [ 99.622767][ T6102] tty tty3: ldisc open failed (-12), clearing slot 2 [ 99.669598][ T5778] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 99.680164][ T5778] CPU: 1 PID: 5778 Comm: kworker/u5:8 Not tainted syzkaller #0 [ 99.688301][ T5778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 99.698388][ T5778] Workqueue: hci2 hci_rx_work [ 99.703291][ T5778] Call Trace: [ 99.706610][ T5778] [ 99.709739][ T5778] dump_stack_lvl+0x18c/0x250 [ 99.714715][ T5778] ? show_regs_print_info+0x20/0x20 [ 99.720046][ T5778] ? load_image+0x400/0x400 [ 99.724738][ T5778] sysfs_create_dir_ns+0x26e/0x2a0 [ 99.729941][ T5778] ? sysfs_warn_dup+0xa0/0xa0 [ 99.734884][ T5778] ? do_raw_spin_unlock+0x121/0x230 [ 99.740469][ T5778] kobject_add_internal+0x61c/0xcc0 [ 99.745934][ T5778] kobject_add+0x164/0x240 [ 99.750419][ T5778] ? __rwlock_init+0x150/0x150 [ 99.755279][ T5778] ? kobject_init+0x1e0/0x1e0 [ 99.760004][ T5778] ? _raw_spin_unlock+0x28/0x40 [ 99.765061][ T5778] ? get_device_parent+0x366/0x390 [ 99.770539][ T5778] device_add+0x408/0xc20 [ 99.774932][ T5778] hci_conn_add_sysfs+0xd5/0x1e0 [ 99.780087][ T5778] le_conn_complete_evt+0xf5d/0x1540 [ 99.785424][ T5778] ? hci_event_packet+0x4cb/0x1270 [ 99.790589][ T5778] ? hci_le_big_info_adv_report_evt+0x910/0x910 [ 99.796864][ T5778] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 99.802965][ T5778] ? skb_pull_data+0xfb/0x200 [ 99.807679][ T5778] hci_le_conn_complete_evt+0x187/0x440 [ 99.813244][ T5778] ? hci_remote_host_features_evt+0x150/0x150 [ 99.819339][ T5778] hci_event_packet+0x7ba/0x1270 [ 99.824468][ T5778] ? bis_list+0x290/0x290 [ 99.828834][ T5778] ? lockdep_hardirqs_on+0x98/0x150 [ 99.834053][ T5778] ? hci_send_to_monitor+0xd7/0x4f0 [ 99.839310][ T5778] hci_rx_work+0x43a/0xd60 [ 99.843759][ T5778] ? process_scheduled_works+0x96f/0x15d0 [ 99.849486][ T5778] process_scheduled_works+0xa5d/0x15d0 [ 99.855052][ T5778] ? assign_work+0x430/0x430 [ 99.859649][ T5778] ? assign_work+0x3d0/0x430 [ 99.864244][ T5778] worker_thread+0xa55/0xfc0 [ 99.868835][ T5778] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 99.874724][ T5778] ? _raw_spin_unlock+0x40/0x40 [ 99.879575][ T5778] ? _raw_spin_unlock_irqrestore+0x86/0x120 [ 99.885505][ T5778] kthread+0x2fa/0x390 [ 99.889585][ T5778] ? pr_cont_work+0x560/0x560 [ 99.894278][ T5778] ? kthread_blkcg+0xd0/0xd0 [ 99.898903][ T5778] ret_from_fork+0x48/0x80 [ 99.903321][ T5778] ? kthread_blkcg+0xd0/0xd0 [ 99.908014][ T5778] ret_from_fork_asm+0x11/0x20 [ 99.912828][ T5778] [ 99.933370][ T5778] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 99.947503][ T5778] Bluetooth: hci2: failed to register connection device [ 101.033013][ T6117] syz.1.48 (6117): drop_caches: 2 [ 103.742339][ T5774] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 106.703121][ T6161] syz.3.58 (6161): drop_caches: 2 [ 109.942194][ T5774] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 110.630823][ T23] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 110.880894][ T23] usb 2-1: Using ep0 maxpacket: 8 [ 110.889380][ T23] usb 2-1: config 0 has no interfaces? [ 110.905549][ T23] usb 2-1: config 0 has no interfaces? [ 110.916060][ T23] usb 2-1: config 0 has no interfaces? [ 110.927378][ T23] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 110.941092][ T23] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 110.949261][ T23] usb 2-1: Product: syz [ 110.953926][ T23] usb 2-1: Manufacturer: syz [ 110.959417][ T23] usb 2-1: SerialNumber: syz [ 110.971398][ T23] usb 2-1: config 0 descriptor?? [ 111.189623][ T6189] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 111.198791][ T6189] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 111.225695][ T6189] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 111.251262][ T6189] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 111.305832][ T5826] usb 2-1: USB disconnect, device number 4 [ 111.450794][ T23] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 111.670928][ T23] usb 4-1: Using ep0 maxpacket: 8 [ 111.694853][ T23] usb 4-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4 [ 112.368766][ T23] usb 4-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3 [ 112.460813][ T23] usb 4-1: Product: syz [ 112.465015][ T23] usb 4-1: Manufacturer: syz [ 112.483275][ T23] usb 4-1: SerialNumber: syz [ 112.502125][ T5826] usb 2-1: new low-speed USB device number 5 using dummy_hcd [ 112.502664][ T23] usb 4-1: config 0 descriptor?? [ 112.522867][ T23] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd [ 112.733207][ T23] gspca_zc3xx: reg_w_i err -71 [ 112.733340][ T5826] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 112.754448][ T23] gspca_zc3xx: probe of 4-1:0.0 failed with error -71 [ 112.770745][ T5826] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 112.779782][ T5826] usb 2-1: New USB device found, idVendor=15c2, idProduct=003b, bcdDevice=29.ac [ 112.805410][ T5826] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 112.811194][ T23] usb 4-1: USB disconnect, device number 3 [ 112.836176][ T5826] usb 2-1: config 0 descriptor?? [ 112.884321][ T5826] imon:imon_find_endpoints: no valid input (IR) endpoint found [ 112.904164][ T5826] imon 2-1:0.0: unable to initialize intf0, err -19 [ 112.920962][ T5826] imon:imon_probe: failed to initialize context! [ 112.927358][ T5826] imon 2-1:0.0: unable to register, err -19 [ 113.105250][ T5826] usb 2-1: USB disconnect, device number 5 [ 113.106242][ T6183] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 114.096666][ T5774] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 119.339250][ T6227] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 119.889440][ T5774] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 119.899401][ T5774] CPU: 0 PID: 5774 Comm: kworker/u5:4 Not tainted syzkaller #0 [ 119.906980][ T5774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 119.917060][ T5774] Workqueue: hci1 hci_rx_work [ 119.921772][ T5774] Call Trace: [ 119.925058][ T5774] [ 119.928095][ T5774] dump_stack_lvl+0x18c/0x250 [ 119.932789][ T5774] ? show_regs_print_info+0x20/0x20 [ 119.937993][ T5774] ? load_image+0x400/0x400 [ 119.942504][ T5774] sysfs_create_dir_ns+0x26e/0x2a0 [ 119.947615][ T5774] ? sysfs_warn_dup+0xa0/0xa0 [ 119.952290][ T5774] ? do_raw_spin_unlock+0x121/0x230 [ 119.957494][ T5774] kobject_add_internal+0x61c/0xcc0 [ 119.962807][ T5774] kobject_add+0x164/0x240 [ 119.967239][ T5774] ? __rwlock_init+0x150/0x150 [ 119.972020][ T5774] ? kobject_init+0x1e0/0x1e0 [ 119.976703][ T5774] ? _raw_spin_unlock+0x28/0x40 [ 119.981557][ T5774] ? get_device_parent+0x366/0x390 [ 119.986685][ T5774] device_add+0x408/0xc20 [ 119.991020][ T5774] hci_conn_add_sysfs+0xd5/0x1e0 [ 119.995960][ T5774] le_conn_complete_evt+0xf5d/0x1540 [ 120.001255][ T5774] ? hci_event_packet+0x4cb/0x1270 [ 120.006371][ T5774] ? hci_le_big_info_adv_report_evt+0x910/0x910 [ 120.012625][ T5774] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 120.018266][ T5774] ? skb_pull_data+0xfb/0x200 [ 120.022946][ T5774] hci_le_conn_complete_evt+0x187/0x440 [ 120.028506][ T5774] ? hci_remote_host_features_evt+0x150/0x150 [ 120.034570][ T5774] hci_event_packet+0x7ba/0x1270 [ 120.039508][ T5774] ? bis_list+0x290/0x290 [ 120.043832][ T5774] ? lockdep_hardirqs_on+0x98/0x150 [ 120.049025][ T5774] ? hci_send_to_monitor+0xd7/0x4f0 [ 120.054226][ T5774] hci_rx_work+0x43a/0xd60 [ 120.058657][ T5774] ? process_scheduled_works+0x96f/0x15d0 [ 120.064411][ T5774] process_scheduled_works+0xa5d/0x15d0 [ 120.069982][ T5774] ? assign_work+0x430/0x430 [ 120.074579][ T5774] ? assign_work+0x3d0/0x430 [ 120.079176][ T5774] worker_thread+0xa55/0xfc0 [ 120.083798][ T5774] kthread+0x2fa/0x390 [ 120.087865][ T5774] ? pr_cont_work+0x560/0x560 [ 120.092545][ T5774] ? kthread_blkcg+0xd0/0xd0 [ 120.097138][ T5774] ret_from_fork+0x48/0x80 [ 120.101559][ T5774] ? kthread_blkcg+0xd0/0xd0 [ 120.106850][ T5774] ret_from_fork_asm+0x11/0x20 [ 120.111631][ T5774] [ 120.115797][ T5774] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 120.129900][ T5774] Bluetooth: hci1: failed to register connection device [ 124.621129][ T5778] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 128.041118][ T6277] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 129.918205][ T5774] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 130.594887][ T6338] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 133.095049][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.106781][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 135.145682][ T6361] dlm: no local IP address has been set [ 135.212485][ T6361] dlm: cannot start dlm midcomms -107 [ 136.052399][ T5778] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 141.445890][ T9] IPVS: starting estimator thread 0... [ 141.585868][ T6414] IPVS: using max 18 ests per chain, 43200 per kthread [ 141.931203][ T6417] dlm: no local IP address has been set [ 141.937573][ T6417] dlm: cannot start dlm midcomms -107 [ 143.728305][ T6427] syz.1.135 (6427): drop_caches: 2 [ 146.566027][ T5774] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 150.066104][ T6453] ieee802154 phy0 wpan0: encryption failed: -22 [ 150.830596][ T6466] syz.1.145 (6466): drop_caches: 2 [ 153.950216][ T5778] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 154.383880][ T6494] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 156.219945][ T6502] syz.2.155[6502]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 158.802199][ T6501] syz.1.156 (6501): drop_caches: 2 [ 158.856825][ T5774] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 161.313768][ T6535] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 162.376498][ T5778] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 162.713088][ T9] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 163.045950][ T6552] syz.3.173 (6552): drop_caches: 2 [ 163.730858][ T9] usb 2-1: device descriptor read/64, error -71 [ 164.415917][ T9] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 165.570716][ T9] usb 2-1: device descriptor read/64, error -71 [ 165.701414][ T9] usb usb2-port1: attempt power cycle [ 165.930767][ T5766] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 166.130823][ T5766] usb 3-1: Using ep0 maxpacket: 8 [ 166.130831][ T9] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 166.142508][ T5766] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 166.161062][ T5766] usb 3-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 166.173575][ T5766] usb 3-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 166.185532][ T5766] usb 3-1: config 168 interface 0 altsetting 188 has an invalid endpoint with address 0xFF, skipping [ 166.197243][ T5766] usb 3-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 166.222453][ T5766] usb 3-1: config 168 interface 0 has no altsetting 0 [ 166.242173][ T5766] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 166.281177][ T5766] usb 3-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 166.320741][ T5766] usb 3-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 166.350920][ T5766] usb 3-1: config 168 interface 0 altsetting 188 has an invalid endpoint with address 0xFF, skipping [ 166.353987][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 166.383136][ T5766] usb 3-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 166.383935][ T9] usb 2-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 166.406057][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 166.408183][ T5766] usb 3-1: config 168 interface 0 has no altsetting 0 [ 166.414148][ T9] usb 2-1: Product: syz [ 166.414166][ T9] usb 2-1: Manufacturer: syz [ 166.414179][ T9] usb 2-1: SerialNumber: syz [ 166.417658][ T9] usb 2-1: config 0 descriptor?? [ 166.431253][ T5766] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 166.590051][ T5766] usb 3-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 166.882450][ T9] ssu100 2-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 166.885551][ T5766] usb 3-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 166.903468][ T5766] usb 3-1: config 168 interface 0 altsetting 188 has an invalid endpoint with address 0xFF, skipping [ 167.215647][ T9] ssu100: probe of 2-1:0.0 failed with error -110 [ 167.319663][ T9] usb 2-1: USB disconnect, device number 8 [ 167.492962][ T5766] usb 3-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 167.507355][ T5766] usb 3-1: config 168 interface 0 has no altsetting 0 [ 167.533057][ T5766] usb 3-1: string descriptor 0 read error: -22 [ 167.539563][ T5766] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 167.542052][ T5774] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 167.572075][ T5766] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 167.599462][ T5766] adutux 3-1:168.0: interrupt endpoints not found [ 168.294684][ T9] usb 3-1: USB disconnect, device number 2 [ 169.404656][ T6591] syz.1.182 (6591): drop_caches: 2 [ 170.140909][ T5766] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 170.301399][ T5766] usb 1-1: device descriptor read/64, error -71 [ 170.591305][ T5766] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 170.771155][ T5766] usb 1-1: device descriptor read/64, error -71 [ 170.933577][ T5766] usb usb1-port1: attempt power cycle [ 171.670967][ T5766] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 171.896739][ T5766] usb 1-1: device descriptor read/8, error -71 [ 172.180999][ T5766] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 172.211921][ T5766] usb 1-1: device descriptor read/8, error -71 [ 172.260451][ T5774] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 172.336228][ T5766] usb usb1-port1: unable to enumerate USB device [ 173.403030][ T6627] syz.3.192 (6627): drop_caches: 2 [ 175.271658][ T6640] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 181.104995][ T6661] syz.2.202 (6661): drop_caches: 2 [ 181.590794][ T23] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 181.701058][ T5766] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 181.750924][ T23] usb 1-1: device descriptor read/64, error -71 [ 181.911033][ T5766] usb 4-1: Using ep0 maxpacket: 8 [ 181.925595][ T5766] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 181.951813][ T5766] usb 4-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 181.967500][ T5766] usb 4-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 181.991117][ T5766] usb 4-1: config 168 interface 0 altsetting 188 has an invalid endpoint with address 0xFF, skipping [ 182.010731][ T5766] usb 4-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 182.035965][ T5766] usb 4-1: config 168 interface 0 has no altsetting 0 [ 182.050749][ T23] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 182.061110][ T5766] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 182.068548][ T5766] usb 4-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 182.080902][ T5766] usb 4-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 182.092510][ T5766] usb 4-1: config 168 interface 0 altsetting 188 has an invalid endpoint with address 0xFF, skipping [ 182.104052][ T5766] usb 4-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 182.105679][ T5774] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 182.118041][ T5766] usb 4-1: config 168 interface 0 has no altsetting 0 [ 182.207164][ T5766] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 182.214924][ T23] usb 1-1: device descriptor read/64, error -71 [ 182.226659][ T5766] usb 4-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 182.253966][ T6675] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 182.259650][ T5766] usb 4-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 182.313138][ T5766] usb 4-1: config 168 interface 0 altsetting 188 has an invalid endpoint with address 0xFF, skipping [ 182.332354][ T5766] usb 4-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 182.346288][ T23] usb usb1-port1: attempt power cycle [ 182.356434][ T5766] usb 4-1: config 168 interface 0 has no altsetting 0 [ 182.379071][ T5766] usb 4-1: string descriptor 0 read error: -22 [ 182.389196][ T5766] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 182.409280][ T5766] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 182.588037][ T5766] adutux 4-1:168.0: interrupt endpoints not found [ 182.770976][ T23] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 182.813774][ T23] usb 1-1: device descriptor read/8, error -71 [ 183.100814][ T23] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 183.102492][ T789] usb 4-1: USB disconnect, device number 4 [ 183.371140][ T6686] process 'syz.1.207' launched './file0' with NULL argv: empty string added [ 183.636418][ T23] usb 1-1: device descriptor read/8, error -71 [ 184.838661][ T23] usb usb1-port1: unable to enumerate USB device [ 186.425084][ T6698] syz.3.212 (6698): drop_caches: 2 [ 187.232532][ T5774] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 189.870801][ T9] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 190.030990][ T9] usb 2-1: device descriptor read/64, error -71 [ 191.380850][ T9] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 191.811289][ T5774] Bluetooth: hci2: command 0x0406 tx timeout [ 191.842774][ T5778] Bluetooth: hci1: command 0x0406 tx timeout [ 191.849054][ T5774] Bluetooth: hci3: command 0x0406 tx timeout [ 191.873817][ T5084] Bluetooth: hci0: command 0x0406 tx timeout [ 192.274626][ T9] usb 2-1: device descriptor read/64, error -71 [ 192.386807][ T6731] syzkaller0: entered promiscuous mode [ 192.393484][ T6731] syzkaller0: entered allmulticast mode [ 192.401518][ T9] usb usb2-port1: attempt power cycle [ 192.537021][ T5777] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 193.150985][ T6738] syz.3.224 (6738): drop_caches: 2 [ 193.868305][ T9] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 193.922119][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 193.929920][ T9] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 193.949067][ T9] usb 2-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 193.975521][ T9] usb 2-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 194.004833][ T9] usb 2-1: config 168 interface 0 altsetting 188 has an invalid endpoint with address 0xFF, skipping [ 194.204083][ T9] usb 2-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 194.218989][ T9] usb 2-1: config 168 interface 0 has no altsetting 0 [ 194.228877][ T9] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 194.236681][ T9] usb 2-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 194.248475][ T9] usb 2-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 194.262290][ T9] usb 2-1: config 168 interface 0 altsetting 188 has an invalid endpoint with address 0xFF, skipping [ 194.277502][ T9] usb 2-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 194.304345][ T9] usb 2-1: config 168 interface 0 has no altsetting 0 [ 194.671902][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.678360][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.697992][ T9] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 194.996666][ T9] usb 2-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 195.029929][ T9] usb 2-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 195.063933][ T9] usb 2-1: config 168 interface 0 altsetting 188 has an invalid endpoint with address 0xFF, skipping [ 195.096202][ T9] usb 2-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 195.469501][ T9] usb 2-1: config 168 interface 0 has no altsetting 0 [ 195.840754][ T9] usb 2-1: string descriptor 0 read error: -71 [ 195.850791][ T9] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 195.859961][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 195.933204][ T9] usb 2-1: can't set config #168, error -71 [ 195.954045][ T9] usb 2-1: USB disconnect, device number 11 [ 198.660880][ T5766] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 198.842232][ T5766] usb 1-1: device descriptor read/64, error -71 [ 199.606923][ T6770] syz.2.234 (6770): drop_caches: 2 [ 200.380943][ T5766] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 200.511824][ T6775] 9pnet_fd: Insufficient options for proto=fd [ 200.784344][ T5777] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 206.719795][ T6809] syz.0.243 (6809): drop_caches: 2 [ 207.381923][ T6808] 9pnet_fd: Insufficient options for proto=fd [ 211.850887][ T5777] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 212.100738][ T5824] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 212.281041][ T5824] usb 4-1: device descriptor read/64, error -71 [ 213.060822][ T5824] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 213.230941][ T5824] usb 4-1: device descriptor read/64, error -71 [ 213.421857][ T5824] usb usb4-port1: attempt power cycle [ 214.879779][ T6847] syz.0.255 (6847): drop_caches: 2 [ 215.600100][ T5824] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 216.105241][ T5824] usb 4-1: device descriptor read/8, error -71 [ 218.788336][ T5769] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 220.515552][ C0] sched: RT throttling activated [ 223.258002][ T6878] syz.1.264 (6878): drop_caches: 2 [ 225.704371][ T6887] 9pnet_fd: Insufficient options for proto=fd [ 227.290602][ T42] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 227.547066][ T42] usb 3-1: Using ep0 maxpacket: 8 [ 227.594046][ T42] usb 3-1: no configurations [ 227.711086][ T42] usb 3-1: can't read configurations, error -22 [ 227.889310][ T42] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 228.095755][ T5777] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 228.104832][ T42] usb 3-1: Using ep0 maxpacket: 8 [ 228.110625][ T42] usb 3-1: no configurations [ 228.115963][ T42] usb 3-1: can't read configurations, error -22 [ 228.124351][ T42] usb usb3-port1: attempt power cycle [ 228.711132][ T42] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 228.745256][ T42] usb 3-1: Using ep0 maxpacket: 8 [ 228.754448][ T42] usb 3-1: no configurations [ 228.765045][ T42] usb 3-1: can't read configurations, error -22 [ 229.161690][ T42] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 229.661666][ T42] usb 3-1: device descriptor read/8, error -71 [ 230.421844][ T42] usb usb3-port1: unable to enumerate USB device [ 233.032583][ T6929] syz.3.275 (6929): drop_caches: 2 [ 235.183303][ T6938] 9pnet_fd: Insufficient options for proto=fd [ 235.775332][ T42] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 236.010428][ T42] usb 1-1: Using ep0 maxpacket: 8 [ 236.011172][ T42] usb 1-1: no configurations [ 236.020165][ T42] usb 1-1: can't read configurations, error -22 [ 236.225863][ T42] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 236.448808][ T42] usb 1-1: Using ep0 maxpacket: 8 [ 236.529815][ T5769] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 236.539803][ T42] usb 1-1: no configurations [ 236.544473][ T42] usb 1-1: can't read configurations, error -22 [ 236.567521][ T42] usb usb1-port1: attempt power cycle [ 237.454296][ T42] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 237.538759][ T42] usb 1-1: Using ep0 maxpacket: 8 [ 237.549908][ T42] usb 1-1: no configurations [ 237.554633][ T42] usb 1-1: can't read configurations, error -22 [ 237.741879][ T42] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 237.776967][ T42] usb 1-1: Using ep0 maxpacket: 8 [ 237.788067][ T42] usb 1-1: no configurations [ 237.792996][ T42] usb 1-1: can't read configurations, error -22 [ 237.801329][ T42] usb usb1-port1: unable to enumerate USB device [ 239.459099][ T6967] syz.0.286 (6967): drop_caches: 2 [ 241.847147][ T6976] 9pnet_fd: Insufficient options for proto=fd [ 242.726295][ T5777] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 247.798114][ T5769] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 247.807685][ T5769] CPU: 1 PID: 5769 Comm: kworker/u5:3 Not tainted syzkaller #0 [ 247.815259][ T5769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 247.825347][ T5769] Workqueue: hci2 hci_rx_work [ 247.830074][ T5769] Call Trace: [ 247.833374][ T5769] [ 247.836329][ T5769] dump_stack_lvl+0x18c/0x250 [ 247.841060][ T5769] ? show_regs_print_info+0x20/0x20 [ 247.846300][ T5769] ? load_image+0x400/0x400 [ 247.850836][ T5769] sysfs_create_dir_ns+0x26e/0x2a0 [ 247.855977][ T5769] ? sysfs_warn_dup+0xa0/0xa0 [ 247.860683][ T5769] ? do_raw_spin_unlock+0x121/0x230 [ 247.865919][ T5769] kobject_add_internal+0x61c/0xcc0 [ 247.871157][ T5769] kobject_add+0x164/0x240 [ 247.875599][ T5769] ? __rwlock_init+0x150/0x150 [ 247.880376][ T5769] ? kobject_init+0x1e0/0x1e0 [ 247.885054][ T5769] ? _raw_spin_unlock+0x28/0x40 [ 247.889906][ T5769] ? get_device_parent+0x366/0x390 [ 247.895041][ T5769] device_add+0x408/0xc20 [ 247.899387][ T5769] hci_conn_add_sysfs+0xd5/0x1e0 [ 247.904327][ T5769] le_conn_complete_evt+0xf5d/0x1540 [ 247.909620][ T5769] ? hci_event_packet+0x4cb/0x1270 [ 247.914744][ T5769] ? hci_le_big_info_adv_report_evt+0x910/0x910 [ 247.921019][ T5769] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 247.926678][ T5769] ? skb_pull_data+0xfb/0x200 [ 247.931364][ T5769] hci_le_conn_complete_evt+0x187/0x440 [ 247.936917][ T5769] ? hci_remote_host_features_evt+0x150/0x150 [ 247.942983][ T5769] hci_event_packet+0x7ba/0x1270 [ 247.948018][ T5769] ? bis_list+0x290/0x290 [ 247.952342][ T5769] ? lockdep_hardirqs_on+0x98/0x150 [ 247.957540][ T5769] ? hci_send_to_monitor+0xd7/0x4f0 [ 247.962755][ T5769] hci_rx_work+0x43a/0xd60 [ 247.967179][ T5769] ? process_scheduled_works+0x96f/0x15d0 [ 247.972894][ T5769] process_scheduled_works+0xa5d/0x15d0 [ 247.978454][ T5769] ? assign_work+0x430/0x430 [ 247.983046][ T5769] ? assign_work+0x3d0/0x430 [ 247.987644][ T5769] worker_thread+0xa55/0xfc0 [ 247.992263][ T5769] kthread+0x2fa/0x390 [ 247.996326][ T5769] ? pr_cont_work+0x560/0x560 [ 248.001008][ T5769] ? kthread_blkcg+0xd0/0xd0 [ 248.005587][ T5769] ret_from_fork+0x48/0x80 [ 248.009999][ T5769] ? kthread_blkcg+0xd0/0xd0 [ 248.014585][ T5769] ret_from_fork_asm+0x11/0x20 [ 248.019358][ T5769] [ 248.028923][ T5769] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 248.043084][ T5769] Bluetooth: hci2: failed to register connection device [ 250.250606][ T5769] Bluetooth: hci2: command 0x0406 tx timeout [ 252.015744][ T7052] syz.3.306 (7052): drop_caches: 2 [ 252.722778][ T5769] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 252.732329][ T5769] CPU: 1 PID: 5769 Comm: kworker/u5:3 Not tainted syzkaller #0 [ 252.739896][ T5769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 252.749948][ T5769] Workqueue: hci3 hci_rx_work [ 252.754627][ T5769] Call Trace: [ 252.757899][ T5769] [ 252.760818][ T5769] dump_stack_lvl+0x18c/0x250 [ 252.765492][ T5769] ? show_regs_print_info+0x20/0x20 [ 252.770695][ T5769] ? load_image+0x400/0x400 [ 252.775208][ T5769] sysfs_create_dir_ns+0x26e/0x2a0 [ 252.780319][ T5769] ? sysfs_warn_dup+0xa0/0xa0 [ 252.784997][ T5769] ? do_raw_spin_unlock+0x121/0x230 [ 252.790212][ T5769] kobject_add_internal+0x61c/0xcc0 [ 252.795454][ T5769] kobject_add+0x164/0x240 [ 252.799902][ T5769] ? __rwlock_init+0x150/0x150 [ 252.804705][ T5769] ? kobject_init+0x1e0/0x1e0 [ 252.809418][ T5769] ? _raw_spin_unlock+0x28/0x40 [ 252.814299][ T5769] ? get_device_parent+0x366/0x390 [ 252.819448][ T5769] device_add+0x408/0xc20 [ 252.823790][ T5769] hci_conn_add_sysfs+0xd5/0x1e0 [ 252.828727][ T5769] le_conn_complete_evt+0xf5d/0x1540 [ 252.834011][ T5769] ? hci_event_packet+0x4cb/0x1270 [ 252.839121][ T5769] ? hci_le_big_info_adv_report_evt+0x910/0x910 [ 252.845364][ T5769] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 252.850996][ T5769] ? skb_pull_data+0xfb/0x200 [ 252.855667][ T5769] hci_le_conn_complete_evt+0x187/0x440 [ 252.861213][ T5769] ? hci_remote_host_features_evt+0x150/0x150 [ 252.867268][ T5769] hci_event_packet+0x7ba/0x1270 [ 252.872202][ T5769] ? bis_list+0x290/0x290 [ 252.876521][ T5769] ? lockdep_hardirqs_on+0x98/0x150 [ 252.881711][ T5769] ? hci_send_to_monitor+0xd7/0x4f0 [ 252.886906][ T5769] hci_rx_work+0x43a/0xd60 [ 252.891319][ T5769] ? process_scheduled_works+0x96f/0x15d0 [ 252.897026][ T5769] process_scheduled_works+0xa5d/0x15d0 [ 252.902576][ T5769] ? assign_work+0x430/0x430 [ 252.907160][ T5769] ? assign_work+0x3d0/0x430 [ 252.911750][ T5769] worker_thread+0xa55/0xfc0 [ 252.916360][ T5769] kthread+0x2fa/0x390 [ 252.920416][ T5769] ? pr_cont_work+0x560/0x560 [ 252.925076][ T5769] ? kthread_blkcg+0xd0/0xd0 [ 252.929651][ T5769] ret_from_fork+0x48/0x80 [ 252.934054][ T5769] ? kthread_blkcg+0xd0/0xd0 [ 252.938639][ T5769] ret_from_fork_asm+0x11/0x20 [ 252.943397][ T5769] [ 252.949924][ T5769] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 252.964142][ T5769] Bluetooth: hci3: failed to register connection device [ 254.051845][ T5824] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 255.042612][ T5824] usb 2-1: Using ep0 maxpacket: 8 [ 255.079286][ T5824] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 255.089528][ T5824] usb 2-1: config 0 has no interfaces? [ 255.128347][ T5824] usb 2-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4 [ 255.163152][ T5769] Bluetooth: hci3: command 0x0406 tx timeout [ 255.170492][ T5824] usb 2-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3 [ 255.178578][ T5824] usb 2-1: Product: syz [ 255.193620][ T5824] usb 2-1: Manufacturer: syz [ 255.256111][ T5824] usb 2-1: SerialNumber: syz [ 255.393926][ T5824] usb 2-1: config 0 descriptor?? [ 255.565301][ T5769] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 255.574939][ T5769] CPU: 1 PID: 5769 Comm: kworker/u5:3 Not tainted syzkaller #0 [ 255.582487][ T5769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 255.592542][ T5769] Workqueue: hci3 hci_rx_work [ 255.597225][ T5769] Call Trace: [ 255.600504][ T5769] [ 255.603453][ T5769] dump_stack_lvl+0x18c/0x250 [ 255.608137][ T5769] ? show_regs_print_info+0x20/0x20 [ 255.613331][ T5769] ? load_image+0x400/0x400 [ 255.617827][ T5769] sysfs_create_dir_ns+0x26e/0x2a0 [ 255.622929][ T5769] ? sysfs_warn_dup+0xa0/0xa0 [ 255.627597][ T5769] ? do_raw_spin_unlock+0x121/0x230 [ 255.632787][ T5769] kobject_add_internal+0x61c/0xcc0 [ 255.637977][ T5769] kobject_add+0x164/0x240 [ 255.642396][ T5769] ? __rwlock_init+0x150/0x150 [ 255.647163][ T5769] ? kobject_init+0x1e0/0x1e0 [ 255.651829][ T5769] ? _raw_spin_unlock+0x28/0x40 [ 255.656672][ T5769] ? get_device_parent+0x366/0x390 [ 255.661771][ T5769] device_add+0x408/0xc20 [ 255.666093][ T5769] hci_conn_add_sysfs+0xd5/0x1e0 [ 255.671022][ T5769] le_conn_complete_evt+0xf5d/0x1540 [ 255.676314][ T5769] ? hci_event_packet+0x4cb/0x1270 [ 255.681456][ T5769] ? hci_le_big_info_adv_report_evt+0x910/0x910 [ 255.687724][ T5769] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 255.693366][ T5769] ? skb_pull_data+0xfb/0x200 [ 255.698040][ T5769] hci_le_conn_complete_evt+0x187/0x440 [ 255.703593][ T5769] ? hci_remote_host_features_evt+0x150/0x150 [ 255.709654][ T5769] hci_event_packet+0x7ba/0x1270 [ 255.714589][ T5769] ? bis_list+0x290/0x290 [ 255.718917][ T5769] ? lockdep_hardirqs_on+0x98/0x150 [ 255.724118][ T5769] ? hci_send_to_monitor+0xd7/0x4f0 [ 255.729326][ T5769] hci_rx_work+0x43a/0xd60 [ 255.733747][ T5769] ? process_scheduled_works+0x96f/0x15d0 [ 255.739458][ T5769] process_scheduled_works+0xa5d/0x15d0 [ 255.745019][ T5769] ? assign_work+0x430/0x430 [ 255.749613][ T5769] ? assign_work+0x3d0/0x430 [ 255.754214][ T5769] worker_thread+0xa55/0xfc0 [ 255.758826][ T5769] kthread+0x2fa/0x390 [ 255.762889][ T5769] ? pr_cont_work+0x560/0x560 [ 255.767561][ T5769] ? kthread_blkcg+0xd0/0xd0 [ 255.772152][ T5769] ret_from_fork+0x48/0x80 [ 255.776561][ T5769] ? kthread_blkcg+0xd0/0xd0 [ 255.781145][ T5769] ret_from_fork_asm+0x11/0x20 [ 255.785916][ T5769] [ 255.790620][ T5769] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 255.804728][ T5769] Bluetooth: hci3: failed to register connection device [ 255.807315][ T789] usb 2-1: USB disconnect, device number 12 [ 256.467951][ T789] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 256.709504][ T789] usb 1-1: Using ep0 maxpacket: 16 [ 256.723429][ T789] usb 1-1: unable to get BOS descriptor or descriptor too short [ 256.745356][ T789] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 255, changing to 7 [ 256.773610][ T789] usb 1-1: New USB device found, idVendor=1235, idProduct=000e, bcdDevice= 0.40 [ 256.789223][ T789] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 256.820458][ T789] usb 1-1: Product: syz [ 256.835305][ T789] usb 1-1: Manufacturer: syz [ 256.867253][ T789] usb 1-1: SerialNumber: syz [ 257.140530][ T789] usb 1-1: Quirk or no altest; falling back to MIDI 1.0 [ 257.164164][ T789] snd-usb-audio: probe of 1-1:1.0 failed with error -2 [ 257.199411][ T789] usb 1-1: USB disconnect, device number 16 [ 258.092487][ T5769] Bluetooth: hci3: command 0x0406 tx timeout [ 258.840707][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 258.847211][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 259.341255][ T5769] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 259.351730][ T5769] CPU: 1 PID: 5769 Comm: kworker/u5:3 Not tainted syzkaller #0 [ 259.359295][ T5769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 259.369362][ T5769] Workqueue: hci3 hci_rx_work [ 259.374042][ T5769] Call Trace: [ 259.377321][ T5769] [ 259.380279][ T5769] dump_stack_lvl+0x18c/0x250 [ 259.384955][ T5769] ? show_regs_print_info+0x20/0x20 [ 259.390141][ T5769] ? load_image+0x400/0x400 [ 259.394649][ T5769] sysfs_create_dir_ns+0x26e/0x2a0 [ 259.399755][ T5769] ? sysfs_warn_dup+0xa0/0xa0 [ 259.404426][ T5769] ? do_raw_spin_unlock+0x121/0x230 [ 259.409618][ T5769] kobject_add_internal+0x61c/0xcc0 [ 259.414835][ T5769] kobject_add+0x164/0x240 [ 259.419273][ T5769] ? __rwlock_init+0x150/0x150 [ 259.424064][ T5769] ? kobject_init+0x1e0/0x1e0 [ 259.428756][ T5769] ? _raw_spin_unlock+0x28/0x40 [ 259.433610][ T5769] ? get_device_parent+0x366/0x390 [ 259.438727][ T5769] device_add+0x408/0xc20 [ 259.443059][ T5769] hci_conn_add_sysfs+0xd5/0x1e0 [ 259.447990][ T5769] le_conn_complete_evt+0xf5d/0x1540 [ 259.453268][ T5769] ? hci_event_packet+0x4cb/0x1270 [ 259.458371][ T5769] ? hci_le_big_info_adv_report_evt+0x910/0x910 [ 259.464605][ T5769] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 259.470235][ T5769] ? skb_pull_data+0xfb/0x200 [ 259.474902][ T5769] hci_le_conn_complete_evt+0x187/0x440 [ 259.480446][ T5769] ? hci_remote_host_features_evt+0x150/0x150 [ 259.486508][ T5769] hci_event_packet+0x7ba/0x1270 [ 259.491454][ T5769] ? bis_list+0x290/0x290 [ 259.495776][ T5769] ? lockdep_hardirqs_on+0x98/0x150 [ 259.500964][ T5769] ? hci_send_to_monitor+0xd7/0x4f0 [ 259.506156][ T5769] hci_rx_work+0x43a/0xd60 [ 259.510569][ T5769] ? process_scheduled_works+0x96f/0x15d0 [ 259.516278][ T5769] process_scheduled_works+0xa5d/0x15d0 [ 259.521840][ T5769] ? assign_work+0x430/0x430 [ 259.526421][ T5769] ? assign_work+0x3d0/0x430 [ 259.531020][ T5769] worker_thread+0xa55/0xfc0 [ 259.535627][ T5769] kthread+0x2fa/0x390 [ 259.539689][ T5769] ? pr_cont_work+0x560/0x560 [ 259.544377][ T5769] ? kthread_blkcg+0xd0/0xd0 [ 259.548964][ T5769] ret_from_fork+0x48/0x80 [ 259.553375][ T5769] ? kthread_blkcg+0xd0/0xd0 [ 259.557958][ T5769] ret_from_fork_asm+0x11/0x20 [ 259.562740][ T5769] [ 259.566972][ T5769] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 259.581021][ T5769] Bluetooth: hci3: failed to register connection device [ 261.678256][ T5824] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 261.742460][ T5769] Bluetooth: hci3: command 0x0406 tx timeout [ 262.349100][ T5824] usb 2-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 262.358473][ T5824] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 262.366847][ T5824] usb 2-1: Product: syz [ 262.371247][ T5824] usb 2-1: Manufacturer: syz [ 262.376232][ T5824] usb 2-1: SerialNumber: syz [ 262.384648][ T5824] usb 2-1: config 0 descriptor?? [ 264.112933][ T5824] usb 2-1: Firmware version (0.0) predates our first public release. [ 264.240779][ T5824] usb 2-1: Please update to version 0.2 or newer [ 264.330880][ T5824] usb 2-1: USB disconnect, device number 13 [ 265.429642][ T7150] 9pnet_fd: Insufficient options for proto=fd [ 265.514928][ T5769] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 265.524509][ T5769] CPU: 1 PID: 5769 Comm: kworker/u5:3 Not tainted syzkaller #0 [ 265.532049][ T5769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 265.542104][ T5769] Workqueue: hci3 hci_rx_work [ 265.546780][ T5769] Call Trace: [ 265.550056][ T5769] [ 265.552971][ T5769] dump_stack_lvl+0x18c/0x250 [ 265.557649][ T5769] ? show_regs_print_info+0x20/0x20 [ 265.562855][ T5769] ? load_image+0x400/0x400 [ 265.567364][ T5769] sysfs_create_dir_ns+0x26e/0x2a0 [ 265.572508][ T5769] ? sysfs_warn_dup+0xa0/0xa0 [ 265.577178][ T5769] ? do_raw_spin_unlock+0x121/0x230 [ 265.582370][ T5769] kobject_add_internal+0x61c/0xcc0 [ 265.587562][ T5769] kobject_add+0x164/0x240 [ 265.591967][ T5769] ? __rwlock_init+0x150/0x150 [ 265.596722][ T5769] ? kobject_init+0x1e0/0x1e0 [ 265.601394][ T5769] ? _raw_spin_unlock+0x28/0x40 [ 265.606234][ T5769] ? get_device_parent+0x366/0x390 [ 265.611347][ T5769] device_add+0x408/0xc20 [ 265.615668][ T5769] hci_conn_add_sysfs+0xd5/0x1e0 [ 265.620593][ T5769] le_conn_complete_evt+0xf5d/0x1540 [ 265.625871][ T5769] ? hci_event_packet+0x4cb/0x1270 [ 265.630986][ T5769] ? hci_le_big_info_adv_report_evt+0x910/0x910 [ 265.637233][ T5769] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 265.642859][ T5769] ? skb_pull_data+0xfb/0x200 [ 265.647544][ T5769] hci_le_conn_complete_evt+0x187/0x440 [ 265.653083][ T5769] ? hci_remote_host_features_evt+0x150/0x150 [ 265.659145][ T5769] hci_event_packet+0x7ba/0x1270 [ 265.664086][ T5769] ? bis_list+0x290/0x290 [ 265.668423][ T5769] ? lockdep_hardirqs_on+0x98/0x150 [ 265.673604][ T5769] ? hci_send_to_monitor+0xd7/0x4f0 [ 265.678793][ T5769] hci_rx_work+0x43a/0xd60 [ 265.683203][ T5769] ? process_scheduled_works+0x96f/0x15d0 [ 265.689017][ T5769] process_scheduled_works+0xa5d/0x15d0 [ 265.694568][ T5769] ? assign_work+0x430/0x430 [ 265.699170][ T5769] ? assign_work+0x3d0/0x430 [ 265.703788][ T5769] worker_thread+0xa55/0xfc0 [ 265.708428][ T5769] kthread+0x2fa/0x390 [ 265.712510][ T5769] ? pr_cont_work+0x560/0x560 [ 265.717213][ T5769] ? kthread_blkcg+0xd0/0xd0 [ 265.721832][ T5769] ret_from_fork+0x48/0x80 [ 265.726283][ T5769] ? kthread_blkcg+0xd0/0xd0 [ 265.730891][ T5769] ret_from_fork_asm+0x11/0x20 [ 265.735672][ T5769] [ 265.746654][ T5769] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 265.760830][ T5769] Bluetooth: hci3: failed to register connection device [ 267.018977][ T5824] usb 2-1: new full-speed USB device number 14 using dummy_hcd [ 267.241011][ T5824] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 267.274723][ T5824] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 267.307534][ T5824] usb 2-1: config 0 descriptor?? [ 267.561763][ T5824] [drm] vendor descriptor length:6 data:06 5f 00 00 00 00 00 00 00 00 00 [ 267.591994][ T5824] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor [ 267.789049][ T5824] [drm:udl_init] *ERROR* Selecting channel failed [ 267.983893][ T5769] Bluetooth: hci3: command 0x0406 tx timeout [ 268.409707][ T5824] [drm] Initialized udl 0.0.1 20120220 for 2-1:0.0 on minor 2 [ 268.421833][ T5824] [drm] Initialized udl on minor 2 [ 268.433963][ T5824] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 268.456849][ T5824] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 268.468302][ T42] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 268.549679][ T5824] usb 2-1: USB disconnect, device number 14 [ 268.587352][ T42] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 269.795688][ T5769] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 269.806056][ T5769] CPU: 1 PID: 5769 Comm: kworker/u5:3 Not tainted syzkaller #0 [ 269.813653][ T5769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 269.823729][ T5769] Workqueue: hci0 hci_rx_work [ 269.828412][ T5769] Call Trace: [ 269.831690][ T5769] [ 269.834627][ T5769] dump_stack_lvl+0x18c/0x250 [ 269.839300][ T5769] ? show_regs_print_info+0x20/0x20 [ 269.844492][ T5769] ? load_image+0x400/0x400 [ 269.848999][ T5769] sysfs_create_dir_ns+0x26e/0x2a0 [ 269.854104][ T5769] ? sysfs_warn_dup+0xa0/0xa0 [ 269.858765][ T5769] ? do_raw_spin_unlock+0x121/0x230 [ 269.863961][ T5769] kobject_add_internal+0x61c/0xcc0 [ 269.869181][ T5769] kobject_add+0x164/0x240 [ 269.873617][ T5769] ? __rwlock_init+0x150/0x150 [ 269.878377][ T5769] ? kobject_init+0x1e0/0x1e0 [ 269.883041][ T5769] ? _raw_spin_unlock+0x28/0x40 [ 269.887881][ T5769] ? get_device_parent+0x366/0x390 [ 269.892980][ T5769] device_add+0x408/0xc20 [ 269.897304][ T5769] hci_conn_add_sysfs+0xd5/0x1e0 [ 269.902228][ T5769] le_conn_complete_evt+0xf5d/0x1540 [ 269.907508][ T5769] ? hci_event_packet+0x4cb/0x1270 [ 269.912616][ T5769] ? hci_le_big_info_adv_report_evt+0x910/0x910 [ 269.918874][ T5769] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 269.924538][ T5769] ? skb_pull_data+0xfb/0x200 [ 269.929245][ T5769] hci_le_conn_complete_evt+0x187/0x440 [ 269.934801][ T5769] ? hci_remote_host_features_evt+0x150/0x150 [ 269.940865][ T5769] hci_event_packet+0x7ba/0x1270 [ 269.945810][ T5769] ? bis_list+0x290/0x290 [ 269.950134][ T5769] ? lockdep_hardirqs_on+0x98/0x150 [ 269.955343][ T5769] ? hci_send_to_monitor+0xd7/0x4f0 [ 269.960541][ T5769] hci_rx_work+0x43a/0xd60 [ 269.964978][ T5769] ? process_scheduled_works+0x96f/0x15d0 [ 269.970695][ T5769] process_scheduled_works+0xa5d/0x15d0 [ 269.976260][ T5769] ? assign_work+0x430/0x430 [ 269.980855][ T5769] ? assign_work+0x3d0/0x430 [ 269.985448][ T5769] worker_thread+0xa55/0xfc0 [ 269.990061][ T5769] kthread+0x2fa/0x390 [ 269.994124][ T5769] ? pr_cont_work+0x560/0x560 [ 269.998795][ T5769] ? kthread_blkcg+0xd0/0xd0 [ 270.003381][ T5769] ret_from_fork+0x48/0x80 [ 270.007792][ T5769] ? kthread_blkcg+0xd0/0xd0 [ 270.012373][ T5769] ret_from_fork_asm+0x11/0x20 [ 270.017143][ T5769] [ 270.034710][ T5769] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 270.048943][ T5769] Bluetooth: hci0: failed to register connection device [ 271.180860][ T7183] syz.1.351 (7183): drop_caches: 2 [ 272.259674][ T5769] Bluetooth: hci0: command 0x0406 tx timeout [ 274.434532][ T5769] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 274.444275][ T5769] CPU: 1 PID: 5769 Comm: kworker/u5:3 Not tainted syzkaller #0 [ 274.451850][ T5769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 274.461937][ T5769] Workqueue: hci1 hci_rx_work [ 274.466660][ T5769] Call Trace: [ 274.469962][ T5769] [ 274.472915][ T5769] dump_stack_lvl+0x18c/0x250 [ 274.477637][ T5769] ? show_regs_print_info+0x20/0x20 [ 274.482874][ T5769] ? load_image+0x400/0x400 [ 274.487431][ T5769] sysfs_create_dir_ns+0x26e/0x2a0 [ 274.492578][ T5769] ? sysfs_warn_dup+0xa0/0xa0 [ 274.497281][ T5769] ? do_raw_spin_unlock+0x121/0x230 [ 274.502528][ T5769] kobject_add_internal+0x61c/0xcc0 [ 274.507762][ T5769] kobject_add+0x164/0x240 [ 274.512206][ T5769] ? __rwlock_init+0x150/0x150 [ 274.517009][ T5769] ? kobject_init+0x1e0/0x1e0 [ 274.521731][ T5769] ? _raw_spin_unlock+0x28/0x40 [ 274.526613][ T5769] ? get_device_parent+0x366/0x390 [ 274.531757][ T5769] device_add+0x408/0xc20 [ 274.536132][ T5769] hci_conn_add_sysfs+0xd5/0x1e0 [ 274.541076][ T5769] le_conn_complete_evt+0xf5d/0x1540 [ 274.546385][ T5769] ? hci_event_packet+0x4cb/0x1270 [ 274.551504][ T5769] ? hci_le_big_info_adv_report_evt+0x910/0x910 [ 274.557753][ T5769] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 274.563396][ T5769] ? skb_pull_data+0xfb/0x200 [ 274.568075][ T5769] hci_le_conn_complete_evt+0x187/0x440 [ 274.573626][ T5769] ? hci_remote_host_features_evt+0x150/0x150 [ 274.579693][ T5769] hci_event_packet+0x7ba/0x1270 [ 274.584666][ T5769] ? bis_list+0x290/0x290 [ 274.589012][ T5769] ? lockdep_hardirqs_on+0x98/0x150 [ 274.594222][ T5769] ? hci_send_to_monitor+0xd7/0x4f0 [ 274.599433][ T5769] hci_rx_work+0x43a/0xd60 [ 274.603864][ T5769] ? process_scheduled_works+0x96f/0x15d0 [ 274.609587][ T5769] process_scheduled_works+0xa5d/0x15d0 [ 274.615158][ T5769] ? assign_work+0x430/0x430 [ 274.619761][ T5769] ? assign_work+0x3d0/0x430 [ 274.624352][ T5769] worker_thread+0xa55/0xfc0 [ 274.628960][ T5769] kthread+0x2fa/0x390 [ 274.633025][ T5769] ? pr_cont_work+0x560/0x560 [ 274.637696][ T5769] ? kthread_blkcg+0xd0/0xd0 [ 274.642282][ T5769] ret_from_fork+0x48/0x80 [ 274.646703][ T5769] ? kthread_blkcg+0xd0/0xd0 [ 274.651467][ T5769] ret_from_fork_asm+0x11/0x20 [ 274.656422][ T5769] [ 274.662020][ T5769] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 274.676391][ T5769] Bluetooth: hci1: failed to register connection device [ 275.492207][ T7221] syz.0.364 (7221): drop_caches: 2 [ 276.874329][ T5769] Bluetooth: hci1: command 0x0406 tx timeout [ 277.889806][ T5769] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 277.900763][ T5769] CPU: 1 PID: 5769 Comm: kworker/u5:3 Not tainted syzkaller #0 [ 277.908349][ T5769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 277.918403][ T5769] Workqueue: hci0 hci_rx_work [ 277.923098][ T5769] Call Trace: [ 277.926372][ T5769] [ 277.929294][ T5769] dump_stack_lvl+0x18c/0x250 [ 277.933976][ T5769] ? show_regs_print_info+0x20/0x20 [ 277.939175][ T5769] ? load_image+0x400/0x400 [ 277.943683][ T5769] sysfs_create_dir_ns+0x26e/0x2a0 [ 277.948791][ T5769] ? sysfs_warn_dup+0xa0/0xa0 [ 277.953460][ T5769] ? do_raw_spin_unlock+0x121/0x230 [ 277.958658][ T5769] kobject_add_internal+0x61c/0xcc0 [ 277.963859][ T5769] kobject_add+0x164/0x240 [ 277.968267][ T5769] ? __rwlock_init+0x150/0x150 [ 277.973028][ T5769] ? kobject_init+0x1e0/0x1e0 [ 277.977703][ T5769] ? _raw_spin_unlock+0x28/0x40 [ 277.982549][ T5769] ? get_device_parent+0x366/0x390 [ 277.987660][ T5769] device_add+0x408/0xc20 [ 277.991988][ T5769] hci_conn_add_sysfs+0xd5/0x1e0 [ 277.996919][ T5769] le_conn_complete_evt+0xf5d/0x1540 [ 278.002215][ T5769] ? hci_event_packet+0x4cb/0x1270 [ 278.007323][ T5769] ? hci_le_big_info_adv_report_evt+0x910/0x910 [ 278.013564][ T5769] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 278.019194][ T5769] ? skb_pull_data+0xfb/0x200 [ 278.023870][ T5769] hci_le_conn_complete_evt+0x187/0x440 [ 278.029423][ T5769] ? hci_remote_host_features_evt+0x150/0x150 [ 278.035481][ T5769] hci_event_packet+0x7ba/0x1270 [ 278.040418][ T5769] ? bis_list+0x290/0x290 [ 278.044742][ T5769] ? lockdep_hardirqs_on+0x98/0x150 [ 278.049935][ T5769] ? hci_send_to_monitor+0xd7/0x4f0 [ 278.055133][ T5769] hci_rx_work+0x43a/0xd60 [ 278.059555][ T5769] ? process_scheduled_works+0x96f/0x15d0 [ 278.065271][ T5769] process_scheduled_works+0xa5d/0x15d0 [ 278.070873][ T5769] ? assign_work+0x430/0x430 [ 278.075462][ T5769] ? assign_work+0x3d0/0x430 [ 278.080060][ T5769] worker_thread+0xa55/0xfc0 [ 278.084672][ T5769] kthread+0x2fa/0x390 [ 278.088729][ T5769] ? pr_cont_work+0x560/0x560 [ 278.093403][ T5769] ? kthread_blkcg+0xd0/0xd0 [ 278.097983][ T5769] ret_from_fork+0x48/0x80 [ 278.102394][ T5769] ? kthread_blkcg+0xd0/0xd0 [ 278.106976][ T5769] ret_from_fork_asm+0x11/0x20 [ 278.111750][ T5769] [ 278.118787][ T5769] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 278.148641][ T5769] Bluetooth: hci0: failed to register connection device [ 278.261247][ T7248] syz.1.372 (7248): attempted to duplicate a private mapping with mremap. This is not supported. [ 278.416936][ T7250] ieee802154 phy0 wpan0: encryption failed: -22 [ 278.658490][ T789] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 279.448554][ T7259] 9pnet_fd: Insufficient options for proto=fd [ 279.470587][ T789] usb 1-1: Using ep0 maxpacket: 8 [ 279.492552][ T789] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 279.514645][ T789] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 279.535284][ T789] usb 1-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4 [ 279.544927][ T789] usb 1-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3 [ 279.566731][ T789] usb 1-1: Product: syz [ 279.570951][ T789] usb 1-1: Manufacturer: syz [ 279.575567][ T789] usb 1-1: SerialNumber: syz [ 279.602167][ T789] usb 1-1: config 0 descriptor?? [ 279.916364][ T789] usb 1-1: USB disconnect, device number 17 [ 280.388654][ T5769] Bluetooth: hci0: command 0x0406 tx timeout [ 284.014781][ T5769] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 284.024832][ T5769] CPU: 1 PID: 5769 Comm: kworker/u5:3 Not tainted syzkaller #0 [ 284.032404][ T5769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 284.042478][ T5769] Workqueue: hci1 hci_rx_work [ 284.047190][ T5769] Call Trace: [ 284.050479][ T5769] [ 284.053418][ T5769] dump_stack_lvl+0x18c/0x250 [ 284.058123][ T5769] ? show_regs_print_info+0x20/0x20 [ 284.063343][ T5769] ? load_image+0x400/0x400 [ 284.067883][ T5769] sysfs_create_dir_ns+0x26e/0x2a0 [ 284.073011][ T5769] ? sysfs_warn_dup+0xa0/0xa0 [ 284.077699][ T5769] ? do_raw_spin_unlock+0x121/0x230 [ 284.082922][ T5769] kobject_add_internal+0x61c/0xcc0 [ 284.088149][ T5769] kobject_add+0x164/0x240 [ 284.092601][ T5769] ? __rwlock_init+0x150/0x150 [ 284.097388][ T5769] ? kobject_init+0x1e0/0x1e0 [ 284.102086][ T5769] ? _raw_spin_unlock+0x28/0x40 [ 284.106958][ T5769] ? get_device_parent+0x366/0x390 [ 284.112093][ T5769] device_add+0x408/0xc20 [ 284.116446][ T5769] hci_conn_add_sysfs+0xd5/0x1e0 [ 284.121402][ T5769] le_conn_complete_evt+0xf5d/0x1540 [ 284.126708][ T5769] ? hci_event_packet+0x4cb/0x1270 [ 284.131848][ T5769] ? hci_le_big_info_adv_report_evt+0x910/0x910 [ 284.138119][ T5769] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 284.143777][ T5769] ? skb_pull_data+0xfb/0x200 [ 284.148480][ T5769] hci_le_conn_complete_evt+0x187/0x440 [ 284.154056][ T5769] ? hci_remote_host_features_evt+0x150/0x150 [ 284.160140][ T5769] hci_event_packet+0x7ba/0x1270 [ 284.165113][ T5769] ? bis_list+0x290/0x290 [ 284.169460][ T5769] ? lockdep_hardirqs_on+0x98/0x150 [ 284.174678][ T5769] ? hci_send_to_monitor+0xd7/0x4f0 [ 284.179903][ T5769] hci_rx_work+0x43a/0xd60 [ 284.184351][ T5769] ? process_scheduled_works+0x96f/0x15d0 [ 284.190088][ T5769] process_scheduled_works+0xa5d/0x15d0 [ 284.195684][ T5769] ? assign_work+0x430/0x430 [ 284.200297][ T5769] ? assign_work+0x3d0/0x430 [ 284.204911][ T5769] worker_thread+0xa55/0xfc0 [ 284.209551][ T5769] kthread+0x2fa/0x390 [ 284.213641][ T5769] ? pr_cont_work+0x560/0x560 [ 284.218335][ T5769] ? kthread_blkcg+0xd0/0xd0 [ 284.222941][ T5769] ret_from_fork+0x48/0x80 [ 284.227375][ T5769] ? kthread_blkcg+0xd0/0xd0 [ 284.231977][ T5769] ret_from_fork_asm+0x11/0x20 [ 284.236778][ T5769] [ 284.248594][ T5769] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 284.263473][ T5769] Bluetooth: hci1: failed to register connection device [ 284.374799][ T7299] netlink: 16 bytes leftover after parsing attributes in process `syz.2.387'. [ 286.480725][ T5769] Bluetooth: hci1: command 0x0406 tx timeout [ 287.344612][ T5769] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 293.124663][ T7366] 9pnet_fd: Insufficient options for proto=fd [ 295.457626][ T7378] syz.0.414 (7378): drop_caches: 2 [ 298.403557][ T7397] 9pnet_fd: Insufficient options for proto=fd [ 302.082462][ T7423] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 302.520488][ T42] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 302.744992][ T42] usb 1-1: Using ep0 maxpacket: 8 [ 303.056271][ T42] usb 1-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 303.076809][ T42] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 303.092115][ T42] usb 1-1: Product: syz [ 303.096326][ T42] usb 1-1: Manufacturer: syz [ 303.101534][ T42] usb 1-1: SerialNumber: syz [ 303.108936][ T42] usb 1-1: config 0 descriptor?? [ 304.391467][ T7441] 9pnet_fd: Insufficient options for proto=fd [ 304.412337][ T42] usb 1-1: dvb_usb_v2: found a 'Terratec H7' in warm state [ 304.905088][ T42] usb write operation failed. (-71) [ 304.934801][ T42] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 304.953832][ T42] dvbdev: DVB: registering new adapter (Terratec H7) [ 304.967670][ T42] usb 1-1: media controller created [ 304.975595][ T42] usb read operation failed. (-71) [ 304.986497][ T42] usb write operation failed. (-71) [ 305.008233][ T42] dvb_usb_az6007: probe of 1-1:0.0 failed with error -5 [ 305.033880][ T42] usb 1-1: USB disconnect, device number 18 [ 309.172288][ T7496] 9pnet_fd: Insufficient options for proto=fd [ 312.973453][ T7527] 9pnet_fd: Insufficient options for proto=fd [ 319.179874][ T9] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 319.397144][ T9] usb 2-1: config 1 has an invalid interface number: 7 but max is 0 [ 319.452194][ T9] usb 2-1: config 1 has no interface number 0 [ 319.549231][ T9] usb 2-1: config 1 interface 7 altsetting 0 has an invalid endpoint with address 0xDB, skipping [ 319.657032][ T9] usb 2-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 319.737298][ T9] usb 2-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 319.750812][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 319.768934][ T9] usb 2-1: Product: syz [ 320.544084][ T9] usb 2-1: Manufacturer: syz [ 320.622489][ T9] usb 2-1: SerialNumber: syz [ 320.635464][ T7577] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 320.667550][ T9] usb 2-1: Expected 3 endpoints, found: 2 [ 320.937450][ T23] usb 2-1: USB disconnect, device number 15 [ 324.498825][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 324.505312][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 324.758875][ T7645] 9pnet_fd: Insufficient options for proto=fd [ 326.145021][ T7659] netlink: 552 bytes leftover after parsing attributes in process `syz.1.506'. [ 328.231133][ T5826] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 329.299518][ T5826] usb 2-1: Using ep0 maxpacket: 32 [ 329.321177][ T5826] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 329.348922][ T5826] usb 2-1: config 0 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0 [ 329.529414][ T5826] usb 2-1: config 0 interface 0 has no altsetting 0 [ 329.546845][ T5826] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 329.577192][ T5826] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 329.602100][ T5826] usb 2-1: Product: syz [ 329.612265][ T5826] usb 2-1: Manufacturer: syz [ 329.635693][ T5826] usb 2-1: SerialNumber: syz [ 329.668493][ T5826] usb 2-1: config 0 descriptor?? [ 330.219912][ T5826] gs_usb 2-1:0.0: Configuring for 1 interfaces [ 330.892040][ T9] usb 2-1: USB disconnect, device number 16 [ 338.275945][ T5824] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 338.500337][ T5824] usb 1-1: Using ep0 maxpacket: 8 [ 338.517444][ T5824] usb 1-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 338.545416][ T5824] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 338.577308][ T5824] usb 1-1: Product: syz [ 338.581521][ T5824] usb 1-1: Manufacturer: syz [ 338.598932][ T5824] usb 1-1: SerialNumber: syz [ 338.621608][ T5824] usb 1-1: config 0 descriptor?? [ 339.540953][ T5824] usb 1-1: dvb_usb_v2: found a 'Terratec H7' in warm state [ 339.761384][ T5824] usb write operation failed. (-71) [ 339.785608][ T5824] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 340.020591][ T5824] dvbdev: DVB: registering new adapter (Terratec H7) [ 340.027809][ T5824] usb 1-1: media controller created [ 340.040372][ T5824] usb read operation failed. (-71) [ 340.135713][ T5824] usb write operation failed. (-71) [ 340.277363][ T5824] dvb_usb_az6007: probe of 1-1:0.0 failed with error -5 [ 340.312154][ T7800] netlink: 104 bytes leftover after parsing attributes in process `syz.3.542'. [ 340.327960][ T5824] usb 1-1: USB disconnect, device number 19 [ 342.839316][ T7819] ieee802154 phy0 wpan0: encryption failed: -22 [ 347.732303][ T5777] Bluetooth: hci2: unexpected event for opcode 0x1009 [ 352.020270][ T5777] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 352.029312][ T5777] Bluetooth: hci2: Injecting HCI hardware error event [ 352.039538][ T5777] Bluetooth: hci2: hardware error 0x00 [ 354.326337][ T5777] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 366.006411][ T8045] netlink: 8 bytes leftover after parsing attributes in process `syz.0.624'. [ 366.015451][ T8045] netlink: 'syz.0.624': attribute type 30 has an invalid length. [ 366.064494][ T8045] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 366.073694][ T8045] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 366.082445][ T8045] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 366.091145][ T8045] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 368.068544][ T42] usb 2-1: new full-speed USB device number 17 using dummy_hcd [ 369.174927][ T42] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 369.185494][ T42] usb 2-1: config 0 has no interface number 0 [ 369.201360][ T42] usb 2-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 369.229024][ T42] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 369.259243][ T42] usb 2-1: config 0 descriptor?? [ 369.285908][ T42] usb 2-1: selecting invalid altsetting 1 [ 369.305496][ T42] dvb_ttusb_budget: ttusb_init_controller: error [ 369.322785][ T42] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 369.532304][ T42] DVB: Unable to find symbol cx22700_attach() [ 369.688310][ T42] DVB: Unable to find symbol tda10046_attach() [ 369.700138][ T42] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 369.762861][ T42] usb 2-1: USB disconnect, device number 17 [ 369.862250][ T8090] tmpfs: Bad value for 'mpol' [ 370.291278][ T8096] ======================================================= [ 370.291278][ T8096] WARNING: The mand mount option has been deprecated and [ 370.291278][ T8096] and is ignored by this kernel. Remove the mand [ 370.291278][ T8096] option from the mount to silence this warning. [ 370.291278][ T8096] ======================================================= [ 374.877532][ T8128] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 374.903833][ T8128] CIFS mount error: No usable UNC path provided in device string! [ 374.903833][ T8128] [ 374.914165][ T8128] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 375.611061][ T23] IPVS: starting estimator thread 0... [ 375.795107][ T8133] IPVS: using max 37 ests per chain, 88800 per kthread [ 379.279580][ T8158] overlayfs: failed to clone lowerpath [ 381.376527][ T8174] mmap: syz.0.661 (8174) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 382.014306][ T5771] IPVS: starting estimator thread 0... [ 382.131706][ T8189] IPVS: using max 37 ests per chain, 88800 per kthread [ 383.524155][ T8204] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 390.150694][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 390.157339][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 390.584304][ T8273] syzkaller0: entered promiscuous mode [ 390.639431][ T8273] syzkaller0: entered allmulticast mode [ 390.665654][ T8273] ------------[ cut here ]------------ [ 390.671644][ T8273] WARNING: CPU: 1 PID: 8273 at include/linux/skbuff.h:2871 em_cmp_match+0x56e/0x7c0 [ 390.681117][ T8273] Modules linked in: [ 390.685037][ T8273] CPU: 1 PID: 8273 Comm: syz.1.700 Not tainted syzkaller #0 [ 390.692386][ T8273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 390.702503][ T8273] RIP: 0010:em_cmp_match+0x56e/0x7c0 [ 390.707826][ T8273] Code: e8 77 6b d5 f8 39 dd 0f 94 c0 e9 40 fe ff ff e8 e8 69 d5 f8 e9 34 fe ff ff e8 de 69 d5 f8 0f 0b e9 97 fc ff ff e8 d2 69 d5 f8 <0f> 0b e9 79 fb ff ff 89 d9 80 e1 07 fe c1 38 c1 0f 8c e5 fa ff ff [ 390.727508][ T8273] RSP: 0018:ffffc90003787118 EFLAGS: 00010283 [ 390.733684][ T8273] RAX: ffffffff88b1ab3e RBX: ffff88802525a64a RCX: 0000000000080000 [ 390.741681][ T8273] RDX: ffffc9000cd9a000 RSI: 0000000000000651 RDI: 0000000000000652 [ 390.749805][ T8273] RBP: 000000000000ffff R08: ffff888029913c00 R09: 0000000000000003 [ 390.757836][ T8273] R10: 0000000000000002 R11: 0000000000000002 R12: 1ffff11004a4b4c9 [ 390.765864][ T8273] R13: 1ffff11004261d06 R14: ffff88802130e780 R15: ffff88802130e836 [ 390.773867][ T8273] FS: 00007fc615d4c6c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 390.782953][ T8273] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 390.789604][ T8273] CR2: 00007f0d29d456b8 CR3: 000000007e5c2000 CR4: 00000000003506e0 [ 390.797668][ T8273] Call Trace: [ 390.800971][ T8273] [ 390.803924][ T8273] __tcf_em_tree_match+0x1cf/0x7a0 [ 390.809118][ T8273] ? tcf_em_tree_dump+0x900/0x900 [ 390.814206][ T8273] basic_classify+0x115/0x2d0 [ 390.818927][ T8273] tcf_classify+0x4c4/0xeb0 [ 390.823509][ T8273] multiq_enqueue+0x103/0x4c0 [ 390.828210][ T8273] ? sch_tree_unlock+0x1b0/0x1b0 [ 390.833195][ T8273] ? do_raw_spin_lock+0x11f/0x2c0 [ 390.838239][ T8273] ? __rwlock_init+0x150/0x150 [ 390.843064][ T8273] dev_qdisc_enqueue+0x48/0x220 [ 390.847941][ T8273] ? __dev_queue_xmit+0xd3b/0x36b0 [ 390.853130][ T8273] __dev_queue_xmit+0xea8/0x36b0 [ 390.858103][ T8273] ? __dev_queue_xmit+0x26b/0x36b0 [ 390.863298][ T8273] ? sock_alloc_send_pskb+0x8a1/0x9a0 [ 390.868728][ T8273] ? netdev_core_pick_tx+0x340/0x340 [ 390.874090][ T8273] ? packet_parse_headers+0x85e/0xac0 [ 390.879493][ T8273] ? __virt_addr_valid+0x18c/0x540 [ 390.884672][ T8273] ? __check_object_size+0x506/0xa20 [ 390.889993][ T8273] ? skb_setup_tx_timestamp+0x1f0/0x1f0 [ 390.895604][ T8273] ? skb_copy_datagram_from_iter+0x5f6/0x6e0 [ 390.901618][ T8273] ? packet_xmit+0x66/0x330 [ 390.906193][ T8273] ? packet_sendmsg+0x3a37/0x4d70 [ 390.911247][ T8273] packet_sendmsg+0x3b7a/0x4d70 [ 390.916175][ T8273] ? verify_lock_unused+0x140/0x140 [ 390.921394][ T8273] ? finish_task_switch+0x265/0x8f0 [ 390.926639][ T8273] ? verify_lock_unused+0x140/0x140 [ 390.931874][ T8273] ? aa_sk_perm+0x83c/0x970 [ 390.936420][ T8273] ? packet_getsockopt+0xad0/0xad0 [ 390.941596][ T8273] ? aa_sock_msg_perm+0x94/0x150 [ 390.946556][ T8273] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 390.951895][ T8273] ? security_socket_sendmsg+0x80/0xa0 [ 390.957367][ T8273] ? packet_getsockopt+0xad0/0xad0 [ 390.962537][ T8273] ____sys_sendmsg+0x5ba/0x960 [ 390.967321][ T8273] ? __lock_acquire+0x7d40/0x7d40 [ 390.972396][ T8273] ? __asan_memset+0x22/0x40 [ 390.977004][ T8273] ? __sys_sendmsg_sock+0x30/0x30 [ 390.982070][ T8273] ? __import_iovec+0x5f2/0x850 [ 390.986956][ T8273] ? import_iovec+0x73/0xa0 [ 390.991520][ T8273] ___sys_sendmsg+0x2a6/0x360 [ 390.996218][ T8273] ? __sys_sendmsg+0x2a0/0x2a0 [ 391.001075][ T8273] __se_sys_sendmsg+0x1c2/0x2b0 [ 391.005941][ T8273] ? __x64_sys_sendmsg+0x80/0x80 [ 391.010919][ T8273] ? lockdep_hardirqs_on+0x98/0x150 [ 391.016171][ T8273] do_syscall_64+0x55/0xa0 [ 391.020606][ T8273] ? clear_bhb_loop+0x40/0x90 [ 391.025325][ T8273] ? clear_bhb_loop+0x40/0x90 [ 391.030028][ T8273] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 391.035983][ T8273] RIP: 0033:0x7fc614d9c799 [ 391.040424][ T8273] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 391.060101][ T8273] RSP: 002b:00007fc615d4c028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 391.068588][ T8273] RAX: ffffffffffffffda RBX: 00007fc615015fa0 RCX: 00007fc614d9c799 [ 391.076618][ T8273] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000004 [ 391.084619][ T8273] RBP: 00007fc614e32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 391.092666][ T8273] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 391.100702][ T8273] R13: 00007fc615016038 R14: 00007fc615015fa0 R15: 00007ffe6c396b58 [ 391.108746][ T8273] [ 391.111782][ T8273] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 391.119069][ T8273] CPU: 1 PID: 8273 Comm: syz.1.700 Not tainted syzkaller #0 [ 391.126366][ T8273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 391.136436][ T8273] Call Trace: [ 391.139735][ T8273] [ 391.142678][ T8273] dump_stack_lvl+0x18c/0x250 [ 391.147395][ T8273] ? show_regs_print_info+0x20/0x20 [ 391.152617][ T8273] ? load_image+0x400/0x400 [ 391.157152][ T8273] panic+0x2dc/0x730 [ 391.161074][ T8273] ? bpf_jit_dump+0xd0/0xd0 [ 391.165640][ T8273] __warn+0x2e0/0x470 [ 391.169651][ T8273] ? em_cmp_match+0x56e/0x7c0 [ 391.174357][ T8273] ? em_cmp_match+0x56e/0x7c0 [ 391.179055][ T8273] report_bug+0x2be/0x4f0 [ 391.183415][ T8273] ? em_cmp_match+0x56e/0x7c0 [ 391.188112][ T8273] ? em_cmp_match+0x56e/0x7c0 [ 391.192804][ T8273] ? em_cmp_match+0x570/0x7c0 [ 391.197498][ T8273] handle_bug+0xcf/0x120 [ 391.201763][ T8273] exc_invalid_op+0x1a/0x50 [ 391.206295][ T8273] asm_exc_invalid_op+0x1a/0x20 [ 391.211158][ T8273] RIP: 0010:em_cmp_match+0x56e/0x7c0 [ 391.216463][ T8273] Code: e8 77 6b d5 f8 39 dd 0f 94 c0 e9 40 fe ff ff e8 e8 69 d5 f8 e9 34 fe ff ff e8 de 69 d5 f8 0f 0b e9 97 fc ff ff e8 d2 69 d5 f8 <0f> 0b e9 79 fb ff ff 89 d9 80 e1 07 fe c1 38 c1 0f 8c e5 fa ff ff [ 391.236091][ T8273] RSP: 0018:ffffc90003787118 EFLAGS: 00010283 [ 391.242178][ T8273] RAX: ffffffff88b1ab3e RBX: ffff88802525a64a RCX: 0000000000080000 [ 391.250169][ T8273] RDX: ffffc9000cd9a000 RSI: 0000000000000651 RDI: 0000000000000652 [ 391.258162][ T8273] RBP: 000000000000ffff R08: ffff888029913c00 R09: 0000000000000003 [ 391.266155][ T8273] R10: 0000000000000002 R11: 0000000000000002 R12: 1ffff11004a4b4c9 [ 391.274143][ T8273] R13: 1ffff11004261d06 R14: ffff88802130e780 R15: ffff88802130e836 [ 391.282140][ T8273] ? em_cmp_match+0x56e/0x7c0 [ 391.286849][ T8273] ? em_cmp_match+0x56e/0x7c0 [ 391.291551][ T8273] __tcf_em_tree_match+0x1cf/0x7a0 [ 391.296697][ T8273] ? tcf_em_tree_dump+0x900/0x900 [ 391.301761][ T8273] basic_classify+0x115/0x2d0 [ 391.306465][ T8273] tcf_classify+0x4c4/0xeb0 [ 391.310999][ T8273] multiq_enqueue+0x103/0x4c0 [ 391.315693][ T8273] ? sch_tree_unlock+0x1b0/0x1b0 [ 391.320644][ T8273] ? do_raw_spin_lock+0x11f/0x2c0 [ 391.325690][ T8273] ? __rwlock_init+0x150/0x150 [ 391.330501][ T8273] dev_qdisc_enqueue+0x48/0x220 [ 391.335367][ T8273] ? __dev_queue_xmit+0xd3b/0x36b0 [ 391.340500][ T8273] __dev_queue_xmit+0xea8/0x36b0 [ 391.345465][ T8273] ? __dev_queue_xmit+0x26b/0x36b0 [ 391.350616][ T8273] ? sock_alloc_send_pskb+0x8a1/0x9a0 [ 391.356014][ T8273] ? netdev_core_pick_tx+0x340/0x340 [ 391.361318][ T8273] ? packet_parse_headers+0x85e/0xac0 [ 391.366714][ T8273] ? __virt_addr_valid+0x18c/0x540 [ 391.371889][ T8273] ? __check_object_size+0x506/0xa20 [ 391.377206][ T8273] ? skb_setup_tx_timestamp+0x1f0/0x1f0 [ 391.382778][ T8273] ? skb_copy_datagram_from_iter+0x5f6/0x6e0 [ 391.388784][ T8273] ? packet_xmit+0x66/0x330 [ 391.393309][ T8273] ? packet_sendmsg+0x3a37/0x4d70 [ 391.398359][ T8273] packet_sendmsg+0x3b7a/0x4d70 [ 391.403257][ T8273] ? verify_lock_unused+0x140/0x140 [ 391.408478][ T8273] ? finish_task_switch+0x265/0x8f0 [ 391.413692][ T8273] ? verify_lock_unused+0x140/0x140 [ 391.418916][ T8273] ? aa_sk_perm+0x83c/0x970 [ 391.423452][ T8273] ? packet_getsockopt+0xad0/0xad0 [ 391.428599][ T8273] ? aa_sock_msg_perm+0x94/0x150 [ 391.433559][ T8273] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 391.438870][ T8273] ? security_socket_sendmsg+0x80/0xa0 [ 391.444348][ T8273] ? packet_getsockopt+0xad0/0xad0 [ 391.449486][ T8273] ____sys_sendmsg+0x5ba/0x960 [ 391.454261][ T8273] ? __lock_acquire+0x7d40/0x7d40 [ 391.459306][ T8273] ? __asan_memset+0x22/0x40 [ 391.463915][ T8273] ? __sys_sendmsg_sock+0x30/0x30 [ 391.468952][ T8273] ? __import_iovec+0x5f2/0x850 [ 391.473842][ T8273] ? import_iovec+0x73/0xa0 [ 391.478373][ T8273] ___sys_sendmsg+0x2a6/0x360 [ 391.483074][ T8273] ? __sys_sendmsg+0x2a0/0x2a0 [ 391.487903][ T8273] __se_sys_sendmsg+0x1c2/0x2b0 [ 391.492774][ T8273] ? __x64_sys_sendmsg+0x80/0x80 [ 391.497761][ T8273] ? lockdep_hardirqs_on+0x98/0x150 [ 391.502979][ T8273] do_syscall_64+0x55/0xa0 [ 391.507419][ T8273] ? clear_bhb_loop+0x40/0x90 [ 391.512111][ T8273] ? clear_bhb_loop+0x40/0x90 [ 391.516809][ T8273] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 391.522720][ T8273] RIP: 0033:0x7fc614d9c799 [ 391.527150][ T8273] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 391.546787][ T8273] RSP: 002b:00007fc615d4c028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 391.555223][ T8273] RAX: ffffffffffffffda RBX: 00007fc615015fa0 RCX: 00007fc614d9c799 [ 391.563217][ T8273] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000004 [ 391.571221][ T8273] RBP: 00007fc614e32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 391.579217][ T8273] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 391.587205][ T8273] R13: 00007fc615016038 R14: 00007fc615015fa0 R15: 00007ffe6c396b58 [ 391.595210][ T8273] [ 391.598605][ T8273] Kernel Offset: disabled [ 391.602998][ T8273] Rebooting in 86400 seconds..