last executing test programs: 1m10.222548904s ago: executing program 0 (id=18): r0 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1, 0x0, 0x2}) ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, 0x0) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000000)={0x6, 0x1, 0x1, 0x0, 0x3}) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000040)=0x1) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000080)=0x2) 1m6.74243764s ago: executing program 0 (id=22): socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) connect$unix(0xffffffffffffffff, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) sendfile(r1, r1, 0x0, 0x400000000000000) 1m5.550733993s ago: executing program 0 (id=23): inotify_init1(0x80800) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) socket$inet6(0xa, 0x1, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) socket(0x2, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) socket$inet_udp(0x2, 0x2, 0x0) socket$packet(0x11, 0x3, 0x300) socket$inet6(0xa, 0x3, 0x7) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)) sendmmsg(r0, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0) 1m4.074022294s ago: executing program 0 (id=26): open_tree(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x80000) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xffdffe0000000001, 0x401, 0xffffffff}, 0x0) writev(0xffffffffffffffff, &(0x7f0000000640)=[{&(0x7f0000000200)="9c30fb4d", 0x4}], 0x1) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01040000000000000000010080030900010073797a30000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073797a3201000000a4000000060a010400000000000000000100000008000b40000000007c000480340001800b000100657874686472000024000280080001400000000c080003400000000008000440000000220500020007000000440001800c0001006269747769736500340002800800034000000004080001400000001408000240000000120c0005800800010088634d580c000480080001006eee7e000900010073797a300000000014000000110001"], 0x118}}, 0x0) ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000100)={0xa00, 0xa00}) r4 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x404040, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r4, 0xc0184800, &(0x7f0000000100)={0x20004, 0xffffffffffffffff, 0x80000}) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001180)='schedstat\x00') preadv(r6, &(0x7f0000000040), 0x0, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(0xffffffffffffffff, 0x40505330, &(0x7f0000000bc0)={{0xfd, 0x1}, {0xe}, 0x2005, 0xbfbf}) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_GET(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="2800000001070101000000000000001b010000091400078008000140000000"], 0x28}, 0x1, 0x0, 0x0, 0x804c}, 0xc080) r8 = syz_open_dev$vim2m(&(0x7f0000000040), 0x3, 0x2) ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(r8, 0xc02c564a, &(0x7f0000000000)={0x0, 0x31384142, 0x0, @stepwise={0x0, 0x400}}) r9 = syz_open_dev$dri(&(0x7f0000000040), 0x1ff, 0x80000) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r9, 0xc00c642e, &(0x7f00000000c0)={0x0, 0x0, r5}) sendmsg$IPSET_CMD_RENAME(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000000406030000000000000000000300000105000100e9ffffffe810030073797a31000000000900020073797a3000000000"], 0x34}, 0x1, 0x0, 0x0, 0x1800}, 0x40004) openat$nci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) 54.895365192s ago: executing program 0 (id=35): r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x441c2, 0x0) ftruncate(r0, 0x8800000) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r2, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{0x0}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2}}], 0x1, 0x700, 0x0) sendfile(r1, r0, 0x0, 0x578410eb) 53.765512877s ago: executing program 0 (id=39): getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000200)={0x3, [0x0, 0x0, 0x0]}, &(0x7f0000000240)=0x10) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETFLOWTABLE(r1, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1002000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[], 0x4c}, 0x1, 0x0, 0x0, 0x4004}, 0x40000) close(r0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000440)={r3, &(0x7f0000000440), &(0x7f0000000040)=@udp=r2}, 0x20) setsockopt$sock_int(r2, 0x1, 0x20, &(0x7f0000000100)=0xfffffffe, 0x4) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48815}, 0xc000) socket$l2tp6(0xa, 0x2, 0x73) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', 0x0, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000280)) shutdown(r0, 0x0) recvmmsg(r0, &(0x7f00000055c0), 0x400023c, 0x300, 0x0) read(r0, &(0x7f0000000000)=""/31, 0x1f) 38.216957651s ago: executing program 32 (id=39): getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000200)={0x3, [0x0, 0x0, 0x0]}, &(0x7f0000000240)=0x10) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETFLOWTABLE(r1, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1002000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[], 0x4c}, 0x1, 0x0, 0x0, 0x4004}, 0x40000) close(r0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000440)={r3, &(0x7f0000000440), &(0x7f0000000040)=@udp=r2}, 0x20) setsockopt$sock_int(r2, 0x1, 0x20, &(0x7f0000000100)=0xfffffffe, 0x4) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48815}, 0xc000) socket$l2tp6(0xa, 0x2, 0x73) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', 0x0, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000280)) shutdown(r0, 0x0) recvmmsg(r0, &(0x7f00000055c0), 0x400023c, 0x300, 0x0) read(r0, &(0x7f0000000000)=""/31, 0x1f) 4.145954364s ago: executing program 4 (id=351): openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100), 0xfad01, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f00000000c0)={@remote}, 0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x14) close(0x4) 3.708719363s ago: executing program 4 (id=354): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) socket$nl_netfilter(0x10, 0x3, 0xc) close(r0) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0f000000040000"], 0x50) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000440)={r2, &(0x7f0000000440), &(0x7f0000000040)=@udp=r1}, 0x20) recvmmsg(r0, &(0x7f00000055c0), 0x400023c, 0x300, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2000009, 0x200000006c832, 0xffffffffffffffff, 0x0) read(r0, &(0x7f0000000000)=""/31, 0x1f) 3.118762176s ago: executing program 3 (id=362): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000100), r0) sendmsg$IEEE802154_LIST_IFACE(r1, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x14, r2, 0x1, 0x70bd29, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4000084}, 0x8042) 2.908922967s ago: executing program 3 (id=366): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r1, 0x0, 0x0}, 0x10) 2.842039157s ago: executing program 5 (id=367): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x94, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x2}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x6c, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x34, 0x1, 0x0, 0x1, @cmp={{0x8}, @val={0x28, 0x2, 0x0, 0x1, [@NFTA_CMP_DATA={0x14, 0x3, 0x0, 0x1, [@NFTA_DATA_VALUE={0xe, 0x1, "9c979b32261fbabdae20"}]}, @NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_CMP_OP={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x108}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@newlink={0x4c, 0x10, 0x403, 0x70bd2d, 0x3d, {0x0, 0x0, 0x0, 0x0, 0x88adfda5}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_GENEVE_DF={0x5, 0xd, 0x1}, @IFLA_GENEVE_ID={0x8, 0x1, 0x3}, @IFLA_GENEVE_TTL_INHERIT={0x5}]}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4004004}, 0x4804) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r4, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000001600)={0x54, r5, 0x1, 0x70bd2c, 0x1000, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x2}, @NBD_ATTR_SOCKETS={0x1c, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r3}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r3}}]}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x3}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x128}]}, 0x54}, 0x1, 0x0, 0x0, 0x8004}, 0x4) r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$IEEE802154_ASSOCIATE_REQ(r4, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x30, r6, 0x8, 0x70bd28, 0x25dfdbfd, {}, [@IEEE802154_ATTR_CAPABILITY={0x5, 0x11, 0x2}, @IEEE802154_ATTR_CHANNEL={0x5, 0x7, 0x14}, @IEEE802154_ATTR_COORD_HW_ADDR={0xc, 0x9, {0x300}}]}, 0x30}, 0x1, 0x0, 0x0, 0x20008082}, 0x4004) unshare(0x4000400) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@bloom_filter={0x1e, 0x73e7, 0x8f, 0x5, 0x10000, 0x1, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x3, 0x0, 0xd}, 0x50) syz_emit_ethernet(0x42, &(0x7f0000002a80)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x34, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x8, 0xc2, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x5, 0x2}]}}}}}}}, 0x0) syz_emit_ethernet(0x42, &(0x7f0000000080)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x3d, 0x34, 0x0, 0x4000, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x8, 0x10, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x0, 0xfffffffe}]}}}}}}}, 0x0) 2.727672542s ago: executing program 4 (id=369): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWCHAIN={0x24, 0x3, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_USERDATA={0x4, 0x3}]}], {0x14}}, 0x4c}}, 0x0) 2.682490165s ago: executing program 1 (id=370): bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x2, 0xe, &(0x7f0000000200)=ANY=[], 0x0}, 0x94) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x207, 0x4) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x1, [], 0x0, [0x1, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x5c4, 0x8000, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}}, 0x20000000) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'ip6tnl0\x00', 0x0}) sendto$packet(r0, &(0x7f00000002c0)="05031612d3fc140000004788031c09103c28", 0xfce0, 0x4, &(0x7f0000000140)={0x11, 0x86dd, r1, 0x1, 0x0, 0x6, @multicast}, 0x14) 2.557947066s ago: executing program 3 (id=371): r0 = socket(0x400000000010, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=@newtfilter={0x38, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0xfff3, 0xfff3}, {0x0, 0xfff3}, {0xd, 0xf}}, [@filter_kind_options=@f_fw={{0x7}, {0xc, 0x2, [@TCA_FW_CLASSID={0x8, 0x1, {0x0, 0x3}}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20041004}, 0x0) getsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r0, 0x84, 0x7, &(0x7f0000000180), &(0x7f0000000240)=0x4) 2.440511549s ago: executing program 4 (id=372): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x94, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x2}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x6c, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x34, 0x1, 0x0, 0x1, @cmp={{0x8}, @val={0x28, 0x2, 0x0, 0x1, [@NFTA_CMP_DATA={0x14, 0x3, 0x0, 0x1, [@NFTA_DATA_VALUE={0xe, 0x1, "9c979b32261fbabdae20"}]}, @NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_CMP_OP={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x108}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@newlink={0x4c, 0x10, 0x403, 0x70bd2d, 0x3d, {0x0, 0x0, 0x0, 0x0, 0x88adfda5}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_GENEVE_DF={0x5, 0xd, 0x1}, @IFLA_GENEVE_ID={0x8, 0x1, 0x3}, @IFLA_GENEVE_TTL_INHERIT={0x5}]}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4004004}, 0x4804) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r4, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000001600)={0x54, r5, 0x1, 0x70bd2c, 0x1000, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x2}, @NBD_ATTR_SOCKETS={0x1c, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r3}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r3}}]}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x3}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x128}]}, 0x54}, 0x1, 0x0, 0x0, 0x8004}, 0x4) r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$IEEE802154_ASSOCIATE_REQ(r4, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x30, r6, 0x8, 0x70bd28, 0x25dfdbfd, {}, [@IEEE802154_ATTR_CAPABILITY={0x5, 0x11, 0x2}, @IEEE802154_ATTR_CHANNEL={0x5, 0x7, 0x14}, @IEEE802154_ATTR_COORD_HW_ADDR={0xc, 0x9, {0x300}}]}, 0x30}, 0x1, 0x0, 0x0, 0x20008082}, 0x4004) unshare(0x4000400) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@bloom_filter={0x1e, 0x73e7, 0x8f, 0x5, 0x10000, 0x1, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x3, 0x0, 0xd}, 0x50) syz_emit_ethernet(0x42, &(0x7f0000002a80)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x34, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x8, 0xc2, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x5, 0x2}]}}}}}}}, 0x0) syz_emit_ethernet(0x42, &(0x7f0000000080)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x3d, 0x34, 0x0, 0x4000, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x8, 0x10, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x0, 0xfffffffe}]}}}}}}}, 0x0) 2.433319057s ago: executing program 1 (id=373): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d1"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000850}, 0x40) 2.346402195s ago: executing program 3 (id=374): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bond_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4c0000001000ffff27bd7000fedbdf2500000000", @ANYRES32=0x0, @ANYBLOB="15010000000000001c00128009000100766c616e000000000c000280060001000400000008000500", @ANYRES32=r1, @ANYBLOB], 0x4c}, 0x1, 0x0, 0x0, 0x280c1}, 0x8000002) 2.205248366s ago: executing program 1 (id=375): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x0) 2.16362876s ago: executing program 2 (id=376): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LIST_IFACE(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x14, 0x0, 0x1, 0x70bd29, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4000084}, 0x8042) 2.117436632s ago: executing program 3 (id=377): socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) close(0xffffffffffffffff) r2 = socket$kcm(0x29, 0x5, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) write$cgroup_int(r3, &(0x7f0000000000), 0xffffff6a) r4 = socket$kcm(0x29, 0x5, 0x0) sendmsg$kcm(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000ac0)=[{&(0x7f0000000b00)="b6bd7e4983a45b31f79d80060400000000000000a33734d88229acf96457ad59d0b87f8659b614043e3d21a7cacecab8bbd26251b93b28b4d83e618673f9c74d0a28a5146c5511549fa617e908352c87d8ddff2ce0", 0x55}, {&(0x7f0000000880)="3aa854", 0x3}, {&(0x7f0000000a40)="746b9120a32aaf78043a9b07000000000000003c44", 0x15}], 0x3}, 0xc854) setsockopt$sock_int(r4, 0x1, 0x12, &(0x7f0000000180)=0x4c, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r1) sendfile(r2, r3, 0x0, 0xffffffff000) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000340)={0x14, r5, 0x1, 0x70bd2d, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x20008004) r6 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r6, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) connect$inet(r6, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) sendto$inet(r6, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r6, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x4000000) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001980)={&(0x7f0000009b80)=@newchain={0x24, 0x64, 0x300, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x7, 0xfff2}, {0xf}, {0xa, 0x1ffe4}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x600, &(0x7f0000000080)={&(0x7f00000006c0)=ANY=[@ANYBLOB="440000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000008001b000000000004001a80180002"], 0x44}}, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r7, &(0x7f00000002c0), 0x40000000000009f, 0x0) 2.030582374s ago: executing program 1 (id=378): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f00000002c0)=0xb, 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r1, 0x29, 0x1a, &(0x7f0000000080)=0x2, 0x4) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4) bind$inet6(r1, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) 1.936872499s ago: executing program 1 (id=379): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x94, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x2}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x6c, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x34, 0x1, 0x0, 0x1, @cmp={{0x8}, @val={0x28, 0x2, 0x0, 0x1, [@NFTA_CMP_DATA={0x14, 0x3, 0x0, 0x1, [@NFTA_DATA_VALUE={0xe, 0x1, "9c979b32261fbabdae20"}]}, @NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_CMP_OP={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x108}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@newlink={0x4c, 0x10, 0x403, 0x70bd2d, 0x3d, {0x0, 0x0, 0x0, 0x0, 0x88adfda5}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_GENEVE_DF={0x5, 0xd, 0x1}, @IFLA_GENEVE_ID={0x8, 0x1, 0x3}, @IFLA_GENEVE_TTL_INHERIT={0x5}]}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4004004}, 0x4804) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r4, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000001600)={0x54, r5, 0x1, 0x70bd2c, 0x1000, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x2}, @NBD_ATTR_SOCKETS={0x1c, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r3}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r3}}]}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x3}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x128}]}, 0x54}, 0x1, 0x0, 0x0, 0x8004}, 0x4) r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$IEEE802154_ASSOCIATE_REQ(r4, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x30, r6, 0x8, 0x70bd28, 0x25dfdbfd, {}, [@IEEE802154_ATTR_CAPABILITY={0x5, 0x11, 0x2}, @IEEE802154_ATTR_CHANNEL={0x5, 0x7, 0x14}, @IEEE802154_ATTR_COORD_HW_ADDR={0xc, 0x9, {0x300}}]}, 0x30}, 0x1, 0x0, 0x0, 0x20008082}, 0x4004) unshare(0x4000400) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@bloom_filter={0x1e, 0x73e7, 0x8f, 0x5, 0x10000, 0x1, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x3, 0x0, 0xd}, 0x50) listen(r2, 0x3) syz_emit_ethernet(0x42, &(0x7f0000002a80)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x34, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x8, 0xc2, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x5, 0x2}]}}}}}}}, 0x0) 1.935946274s ago: executing program 2 (id=380): openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1900000004000000040000000200000000000000", @ANYRES32=0x1, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000005b116e"], 0x48) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0xc, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018020000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000d000000b70000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r1, 0x3e8, 0xe80, 0x0, &(0x7f0000000000)="c1df07000000d30a298ee68886dd87", 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50) 1.835027727s ago: executing program 4 (id=381): socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) close(0xffffffffffffffff) r2 = socket$kcm(0x29, 0x5, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) write$cgroup_int(r3, &(0x7f0000000000), 0xffffff6a) r4 = socket$kcm(0x29, 0x5, 0x0) sendmsg$kcm(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000ac0)=[{&(0x7f0000000b00)="b6bd7e4983a45b31f79d80060400000000000000a33734d88229acf96457ad59d0b87f8659b614043e3d21a7cacecab8bbd26251b93b28b4d83e618673f9c74d0a28a5146c5511549fa617e908352c87d8ddff2ce0", 0x55}, {&(0x7f0000000880)="3aa854", 0x3}, {&(0x7f0000000a40)="746b9120a32aaf78043a9b07000000000000003c44", 0x15}], 0x3}, 0xc854) setsockopt$sock_int(r4, 0x1, 0x12, &(0x7f0000000180)=0x4c, 0x4) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r1) sendfile(r2, r3, 0x0, 0xffffffff000) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_PROTOCOL_FEATURES(r3, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r5, 0x0, 0x70bd2c, 0x25dfdbfd, {}, ["", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x44010}, 0x40000) sendmsg$NL80211_CMD_RELOAD_REGDB(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000340)={0x14, r6, 0x1, 0x70bd2d, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x20008004) r7 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r7, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) connect$inet(r7, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) sendto$inet(r7, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r7, 0x6, 0xd, &(0x7f00000000c0)='bbr', 0x3) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x4000000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x600, &(0x7f0000000080)={&(0x7f00000006c0)=ANY=[@ANYBLOB="440000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000008001b000000000004001a80180002"], 0x44}}, 0x0) r8 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r8, &(0x7f00000002c0), 0x40000000000009f, 0x0) 1.750261023s ago: executing program 5 (id=382): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWCHAIN={0x24, 0x3, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_USERDATA={0x4, 0x3}]}], {0x14}}, 0x4c}}, 0x0) 1.121883034s ago: executing program 2 (id=383): bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x2, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB], 0x0}, 0x94) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x207, 0x4) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x1, [], 0x0, [0x1, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x5c4, 0x8000, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}}, 0x20000000) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'ip6tnl0\x00', 0x0}) sendto$packet(r0, &(0x7f00000002c0)="05031612d3fc140000004788031c09103c28", 0xfce0, 0x4, &(0x7f0000000140)={0x11, 0x86dd, r1, 0x1, 0x0, 0x6, @multicast}, 0x14) 1.089837541s ago: executing program 5 (id=384): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=@newtfilter={0x38, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r0, {0xfff3, 0xfff3}, {0x0, 0xfff3}, {0xd, 0xf}}, [@filter_kind_options=@f_fw={{0x7}, {0xc, 0x2, [@TCA_FW_CLASSID={0x8, 0x1, {0x0, 0x3}}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20041004}, 0x0) getsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f0000000180), &(0x7f0000000240)=0x4) 865.214866ms ago: executing program 5 (id=385): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d1"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000850}, 0x40) 863.394786ms ago: executing program 2 (id=386): r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendmmsg(r0, &(0x7f0000000240), 0x0, 0x4044805) 637.794199ms ago: executing program 5 (id=387): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@newlink={0x44, 0x10, 0x403, 0x70bd2d, 0x3d, {0x0, 0x0, 0x0, 0x0, 0x88adfda5}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GENEVE_DF={0x5, 0xd, 0x1}, @IFLA_GENEVE_ID={0x8, 0x1, 0x3}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4004004}, 0x4804) 590.669061ms ago: executing program 2 (id=388): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x24048814) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a01"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) sendmsg$NFT_BATCH(r0, 0x0, 0x40) 446.316154ms ago: executing program 2 (id=389): sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x3ec0) socket(0x2d, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) r0 = openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000100)=0x80000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000140)={@my=0x1}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$PROG_LOAD(0x25, 0x0, 0x0) sendmmsg$unix(r2, 0x0, 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_clone3(&(0x7f00000002c0)={0x102004000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x1e}, &(0x7f0000000100)=""/125, 0x7d, &(0x7f00000001c0)=""/127, &(0x7f0000000280)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], 0x4}, 0x58) sendmsg(0xffffffffffffffff, 0x0, 0x0) ioctl$SG_GET_COMMAND_Q(0xffffffffffffffff, 0x2270, 0x0) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) 256.700639ms ago: executing program 1 (id=390): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f00000002c0)=0xb, 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r1, 0x29, 0x1a, &(0x7f0000000080)=0x2, 0x4) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4) bind$inet6(r1, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) 193.906235ms ago: executing program 4 (id=391): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LIST_IFACE(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000980)={0x14, 0x0, 0x1, 0x70bd29, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4000084}, 0x8042) 60.404991ms ago: executing program 5 (id=392): sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="4c000000020603000000000000000000000000001400078008001240000000000500150002000000050001000600000005000500020000000500040000000000090002"], 0x4c}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB], 0x0, 0x6, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x200e19}, 0x94) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x7, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffff7fff}, 0x94) syz_emit_ethernet(0x3c, &(0x7f0000000000)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa08"], 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000080900010073797a30000000005c000000030a03000000000000000000050000000900010073797a30000000000900030073797a300000000008000c40000000032800048008000240000000120800014000000000140004"], 0xa4}}, 0x0) 0s ago: executing program 3 (id=393): openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0xc, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018020000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000d000000b70000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r1, 0x3e8, 0xe80, 0x0, &(0x7f0000000000)="c1df07000000d30a298ee68886dd87", 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.105' (ED25519) to the list of known hosts. [ 71.582922][ T5574] cgroup: Unknown subsys name 'net' [ 71.804468][ T5574] cgroup: Unknown subsys name 'cpuset' [ 71.849410][ T5574] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 73.447665][ T5574] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 75.769595][ T5588] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 75.792676][ T5592] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 75.799654][ T5588] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 75.804193][ T5592] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 75.808061][ T5592] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 75.811210][ T5592] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 75.811696][ T5592] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 75.812387][ T5592] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 75.814619][ T5592] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 75.815623][ T5592] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 75.917212][ T4907] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 75.927345][ T4907] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 75.928491][ T4907] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 75.957266][ T4907] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 75.957996][ T4907] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 76.002735][ T59] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 76.023348][ T59] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 76.024970][ T59] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 76.029769][ T59] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 76.034316][ T59] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 76.085276][ T5588] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 76.107198][ T5588] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 76.107956][ T5588] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 76.125008][ T5588] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 76.127850][ T5588] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 77.859887][ T4907] Bluetooth: hci0: command tx timeout [ 77.939018][ T4907] Bluetooth: hci1: command tx timeout [ 78.100048][ T4907] Bluetooth: hci2: command tx timeout [ 78.101127][ T4907] Bluetooth: hci3: command tx timeout [ 78.164017][ T5598] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.164100][ T5598] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.164200][ T5598] bridge_slave_0: entered allmulticast mode [ 78.166247][ T5598] bridge_slave_0: entered promiscuous mode [ 78.179001][ T5588] Bluetooth: hci4: command tx timeout [ 78.184459][ T5586] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.184821][ T5586] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.184980][ T5586] bridge_slave_0: entered allmulticast mode [ 78.187248][ T5586] bridge_slave_0: entered promiscuous mode [ 78.226580][ T5598] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.226688][ T5598] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.226829][ T5598] bridge_slave_1: entered allmulticast mode [ 78.231631][ T5598] bridge_slave_1: entered promiscuous mode [ 78.254567][ T5586] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.254888][ T5586] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.255027][ T5586] bridge_slave_1: entered allmulticast mode [ 78.257687][ T5586] bridge_slave_1: entered promiscuous mode [ 78.319036][ T5597] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.319157][ T5597] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.319289][ T5597] bridge_slave_0: entered allmulticast mode [ 78.321453][ T5597] bridge_slave_0: entered promiscuous mode [ 78.324878][ T5587] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.324962][ T5587] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.325051][ T5587] bridge_slave_0: entered allmulticast mode [ 78.326408][ T5587] bridge_slave_0: entered promiscuous mode [ 78.382915][ T5597] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.383024][ T5597] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.383518][ T5597] bridge_slave_1: entered allmulticast mode [ 78.386785][ T5597] bridge_slave_1: entered promiscuous mode [ 78.388806][ T5587] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.389297][ T5587] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.389436][ T5587] bridge_slave_1: entered allmulticast mode [ 78.393288][ T5587] bridge_slave_1: entered promiscuous mode [ 78.400442][ T5598] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.425132][ T5586] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.467113][ T5598] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.467331][ T5599] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.467421][ T5599] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.467688][ T5599] bridge_slave_0: entered allmulticast mode [ 78.470274][ T5599] bridge_slave_0: entered promiscuous mode [ 78.476582][ T5586] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.528852][ T5599] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.529484][ T5599] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.529985][ T5599] bridge_slave_1: entered allmulticast mode [ 78.532354][ T5599] bridge_slave_1: entered promiscuous mode [ 78.557414][ T5597] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.562103][ T5587] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.604671][ T5597] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.607129][ T5587] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.781437][ T5598] team0: Port device team_slave_0 added [ 78.796301][ T5586] team0: Port device team_slave_0 added [ 78.827318][ T5598] team0: Port device team_slave_1 added [ 78.831304][ T5599] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.834586][ T5586] team0: Port device team_slave_1 added [ 78.875855][ T5599] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.892625][ T5597] team0: Port device team_slave_0 added [ 78.894481][ T5587] team0: Port device team_slave_0 added [ 78.933949][ T5597] team0: Port device team_slave_1 added [ 78.935682][ T5587] team0: Port device team_slave_1 added [ 78.936489][ T5598] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.936497][ T5598] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.936511][ T5598] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.967070][ T5586] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.967085][ T5586] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.967108][ T5586] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.010881][ T5598] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.010895][ T5598] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.010917][ T5598] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.014348][ T5599] team0: Port device team_slave_0 added [ 79.015983][ T5586] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.015995][ T5586] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.016018][ T5586] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.076783][ T5599] team0: Port device team_slave_1 added [ 79.095889][ T5597] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.095904][ T5597] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.095927][ T5597] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.100159][ T5587] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.100173][ T5587] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.100196][ T5587] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.129314][ T5597] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.129328][ T5597] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.129359][ T5597] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.131410][ T5587] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.131421][ T5587] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.131444][ T5587] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.196128][ T5599] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.196143][ T5599] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.196166][ T5599] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.243889][ T5599] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.243904][ T5599] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.243927][ T5599] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.277131][ T5598] hsr_slave_0: entered promiscuous mode [ 79.278528][ T5598] hsr_slave_1: entered promiscuous mode [ 79.322582][ T5586] hsr_slave_0: entered promiscuous mode [ 79.323773][ T5586] hsr_slave_1: entered promiscuous mode [ 79.324798][ T5586] debugfs: 'hsr0' already exists in 'hsr' [ 79.324924][ T5586] Cannot create hsr debugfs directory [ 79.421334][ T5587] hsr_slave_0: entered promiscuous mode [ 79.422648][ T5587] hsr_slave_1: entered promiscuous mode [ 79.423487][ T5587] debugfs: 'hsr0' already exists in 'hsr' [ 79.423508][ T5587] Cannot create hsr debugfs directory [ 79.453484][ T5597] hsr_slave_0: entered promiscuous mode [ 79.455671][ T5597] hsr_slave_1: entered promiscuous mode [ 79.456544][ T5597] debugfs: 'hsr0' already exists in 'hsr' [ 79.456565][ T5597] Cannot create hsr debugfs directory [ 79.535555][ T5599] hsr_slave_0: entered promiscuous mode [ 79.536687][ T5599] hsr_slave_1: entered promiscuous mode [ 79.537190][ T5599] debugfs: 'hsr0' already exists in 'hsr' [ 79.537210][ T5599] Cannot create hsr debugfs directory [ 79.939027][ T5588] Bluetooth: hci0: command tx timeout [ 80.019036][ T5588] Bluetooth: hci1: command tx timeout [ 80.179083][ T5588] Bluetooth: hci3: command tx timeout [ 80.179110][ T5588] Bluetooth: hci2: command tx timeout [ 80.268999][ T4907] Bluetooth: hci4: command tx timeout [ 80.565010][ T5598] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 80.602322][ T5598] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 80.620196][ T5598] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 80.662444][ T5598] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 80.664466][ T5598] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 80.704656][ T5598] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 80.725986][ T5598] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 80.765733][ T5598] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 80.859733][ T5586] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 80.894000][ T5586] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 80.898621][ T5586] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 80.945634][ T5586] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 80.947689][ T5586] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 80.966377][ T5586] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 80.988752][ T5586] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 81.023114][ T5586] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 81.153503][ T5587] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 81.183035][ T5587] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 81.204638][ T5587] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 81.242946][ T5587] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 81.245538][ T5587] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 81.283287][ T5587] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 81.307621][ T5587] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 81.342562][ T5587] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 81.475733][ T5597] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 81.503154][ T5597] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 81.507536][ T5597] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 81.561573][ T5597] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 81.597910][ T5597] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 81.603589][ T31] cfg80211: failed to load regulatory.db [ 81.634625][ T5597] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 81.689580][ T5597] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 81.717781][ T5597] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 81.880679][ T5598] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.967727][ T5599] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 82.001926][ T5599] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 82.006414][ T5599] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 82.019135][ T4907] Bluetooth: hci0: command tx timeout [ 82.053988][ T5599] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 82.067597][ T5599] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 82.092132][ T5599] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 82.097814][ T5599] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 82.109319][ T4907] Bluetooth: hci1: command tx timeout [ 82.142712][ T5599] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 82.190670][ T5598] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.211025][ T5586] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.235615][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.235989][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.259401][ T4907] Bluetooth: hci2: command tx timeout [ 82.259428][ T4907] Bluetooth: hci3: command tx timeout [ 82.316660][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.316762][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.349161][ T5588] Bluetooth: hci4: command tx timeout [ 82.365977][ T5586] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.402676][ T100] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.403158][ T100] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.430746][ T5587] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.451687][ T100] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.451765][ T100] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.542386][ T5587] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.585207][ T56] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.585395][ T56] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.613810][ T5597] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.650014][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.666583][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.765596][ T5597] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.792287][ T5599] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.864696][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.864796][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.003654][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.003792][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.091513][ T5599] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.155226][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.156974][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.213244][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.213338][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.039725][ T5598] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.099447][ T5588] Bluetooth: hci0: command tx timeout [ 84.179067][ T5588] Bluetooth: hci1: command tx timeout [ 84.339265][ T4907] Bluetooth: hci2: command tx timeout [ 84.339308][ T5588] Bluetooth: hci3: command tx timeout [ 84.405766][ T5586] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.419069][ T5588] Bluetooth: hci4: command tx timeout [ 84.464530][ T5598] veth0_vlan: entered promiscuous mode [ 84.502362][ T5587] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.535280][ T5598] veth1_vlan: entered promiscuous mode [ 84.660542][ T5597] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.725302][ T5599] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.731873][ T5586] veth0_vlan: entered promiscuous mode [ 84.755113][ T5598] veth0_macvtap: entered promiscuous mode [ 84.808017][ T5598] veth1_macvtap: entered promiscuous mode [ 84.853269][ T5586] veth1_vlan: entered promiscuous mode [ 84.858382][ T5587] veth0_vlan: entered promiscuous mode [ 84.958812][ T5598] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.973658][ T5587] veth1_vlan: entered promiscuous mode [ 84.997135][ T5597] veth0_vlan: entered promiscuous mode [ 85.011828][ T5598] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.057305][ T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.081292][ T5597] veth1_vlan: entered promiscuous mode [ 85.085392][ T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.102659][ T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.103601][ T5586] veth0_macvtap: entered promiscuous mode [ 85.113720][ T151] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.191247][ T5586] veth1_macvtap: entered promiscuous mode [ 85.267106][ T5587] veth0_macvtap: entered promiscuous mode [ 85.386821][ T5587] veth1_macvtap: entered promiscuous mode [ 85.410533][ T5586] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.486058][ T5586] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.510025][ T5597] veth0_macvtap: entered promiscuous mode [ 85.547084][ T151] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.571754][ T151] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.574469][ T5597] veth1_macvtap: entered promiscuous mode [ 85.577146][ T5587] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.601909][ T151] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.626238][ T151] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.645279][ T151] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.645304][ T151] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.651276][ T5587] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.715125][ T5599] veth0_vlan: entered promiscuous mode [ 85.754127][ T68] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.796579][ T68] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.864248][ T68] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.892053][ T5597] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.892161][ T68] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.956623][ T5599] veth1_vlan: entered promiscuous mode [ 86.026574][ T1188] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.026593][ T1188] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.077586][ T5597] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.292656][ T151] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.309086][ T1188] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.309102][ T1188] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.344792][ T151] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.390487][ T151] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.473494][ T151] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.686755][ T5761] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.686773][ T5761] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.987581][ T5599] veth0_macvtap: entered promiscuous mode [ 87.016258][ T1188] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.016276][ T1188] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.018080][ T5599] veth1_macvtap: entered promiscuous mode [ 87.192822][ T5761] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.192841][ T5761] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.323855][ T5599] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 87.420135][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.420154][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.423919][ T5599] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.694439][ T5761] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.697298][ T5761] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.697637][ T5761] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.697831][ T5761] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.827127][ T1188] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.827145][ T1188] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.110979][ T5722] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 88.403690][ T5722] usb 1-1: Using ep0 maxpacket: 16 [ 88.459364][ T5790] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 88.718248][ T5792] capability: warning: `syz.0.1' uses 32-bit capabilities (legacy support in use) [ 89.130617][ T5761] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.130637][ T5761] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.898534][ T5722] usb 1-1: unable to get BOS descriptor or descriptor too short [ 89.976697][ T5722] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 89.976738][ T5722] usb 1-1: can't read configurations, error -71 [ 90.243953][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.243973][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.359113][ T10] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 90.523118][ T10] usb 4-1: unable to get BOS descriptor or descriptor too short [ 90.528512][ T10] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 90.528535][ T10] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 90.528577][ T10] usb 4-1: too many endpoints for config 1 interface 1 altsetting 76: 188, using maximum allowed: 30 [ 90.528598][ T10] usb 4-1: config 1 interface 1 altsetting 76 has 0 endpoint descriptors, different from the interface descriptor's value: 188 [ 90.528620][ T10] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 90.528633][ T10] usb 4-1: config 1 interface 1 has no altsetting 0 [ 90.623852][ T10] usb 4-1: string descriptor 0 read error: -22 [ 90.623998][ T10] usb 4-1: New USB device found, idVendor=21b4, idProduct=0081, bcdDevice= 0.40 [ 90.624022][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 91.631422][ T31] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 91.798969][ T31] usb 2-1: Using ep0 maxpacket: 16 [ 91.803306][ T31] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 91.870856][ T31] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 91.870885][ T31] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 91.870905][ T31] usb 2-1: Product: syz [ 91.870919][ T31] usb 2-1: Manufacturer: syz [ 91.870933][ T31] usb 2-1: SerialNumber: syz [ 91.899981][ T5591] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 91.961054][ T5814] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 92.063020][ T5591] usb 5-1: config 0 has an invalid interface number: 147 but max is 0 [ 92.063047][ T5591] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 92.063066][ T5591] usb 5-1: config 0 has no interface number 0 [ 92.063102][ T5591] usb 5-1: config 0 interface 147 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 92.070742][ T5591] usb 5-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=51.03 [ 92.070778][ T5591] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 92.070797][ T5591] usb 5-1: Product: syz [ 92.070811][ T5591] usb 5-1: Manufacturer: syz [ 92.070824][ T5591] usb 5-1: SerialNumber: syz [ 92.075106][ T31] usb 2-1: config 0 descriptor?? [ 92.118076][ T5591] usb 5-1: config 0 descriptor?? [ 92.152898][ T5814] usb 1-1: Using ep0 maxpacket: 32 [ 92.163697][ T10] usb 4-1: 2:0: failed to get current value for ch 1 (-71) [ 92.186110][ T10] usb 4-1: Warning! Unlikely big volume step count (=8192), linear volume or wrong cval->res? [ 92.186131][ T10] usb 4-1: [2] FU [Speaker Playback Volume] ch = 1, val = 0/8192/1 [ 92.192052][ T5814] usb 1-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 92.192077][ T5814] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 92.192095][ T5814] usb 1-1: Product: syz [ 92.192108][ T5814] usb 1-1: Manufacturer: syz [ 92.192121][ T5814] usb 1-1: SerialNumber: syz [ 92.455091][ T31] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 92.455126][ T31] em28xx 2-1:0.0: DVB interface 0 found: bulk [ 92.505764][ T5814] usb 1-1: config 0 descriptor?? [ 92.887621][ T5814] RobotFuzz Open Source InterFace, OSIF 1-1:0.0: failure sending bit rate [ 92.887667][ T5814] RobotFuzz Open Source InterFace, OSIF 1-1:0.0: probe with driver RobotFuzz Open Source InterFace, OSIF failed with error -71 [ 92.902837][ T31] em28xx 2-1:0.0: chip ID is em2874 [ 93.010534][ T10] usb 4-1: USB disconnect, device number 2 [ 93.145546][ T5591] usb 5-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 93.335469][ T5814] usb 1-1: USB disconnect, device number 4 [ 93.352567][ T5825] usb 5-1: Failed to submit usb control message: -71 [ 93.352601][ T5825] usb 5-1: unable to send the bmi data to the device: -71 [ 93.352617][ T5825] usb 5-1: unable to get target info from device [ 93.352645][ T5825] usb 5-1: could not get target info (-71) [ 93.352669][ T5825] usb 5-1: could not probe fw (-71) [ 93.648383][ T5591] usb 5-1: USB disconnect, device number 2 [ 94.324736][ T31] em28xx 2-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 94.324769][ T31] em28xx 2-1:0.0: board has no eeprom [ 94.509015][ T31] em28xx 2-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 94.509054][ T31] em28xx 2-1:0.0: dvb set to bulk mode. [ 94.520385][ T5814] em28xx 2-1:0.0: Binding DVB extension [ 94.669257][ T5591] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 94.687286][ T31] usb 2-1: USB disconnect, device number 2 [ 94.867772][ T31] em28xx 2-1:0.0: Disconnecting em28xx [ 97.768230][ T5814] em28xx 2-1:0.0: Registering input extension [ 97.820565][ T5591] usb 5-1: unable to get BOS descriptor or descriptor too short [ 97.834954][ T5591] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 97.834988][ T5591] usb 5-1: can't read configurations, error -71 [ 98.418412][ T5864] Zero length message leads to an empty skb [ 100.143720][ T5814] rc_core: IR keymap rc-pinnacle-pctv-hd not found [ 100.143738][ T5814] Registered IR keymap rc-empty [ 100.218015][ T5814] rc rc0: PCTV tripleStick (292e) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 100.381379][ T5814] input: PCTV tripleStick (292e) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input5 [ 100.464651][ T5814] em28xx 2-1:0.0: Input extension successfully initialized [ 100.464864][ T31] em28xx 2-1:0.0: Closing input extension [ 101.025829][ T5881] netlink: 8 bytes leftover after parsing attributes in process `syz.4.19'. [ 101.146905][ T5881] netlink: 24 bytes leftover after parsing attributes in process `syz.4.19'. [ 101.397733][ T5891] fuse: Bad value for 'fd' [ 103.078908][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 103.208596][ T31] em28xx 2-1:0.0: Freeing device [ 104.169025][ T5722] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 104.447711][ T5904] fuse: Bad value for 'fd' [ 105.224281][ T5911] netlink: 8 bytes leftover after parsing attributes in process `syz.0.26'. [ 105.597815][ T5911] netlink: 24 bytes leftover after parsing attributes in process `syz.0.26'. [ 105.620296][ T5707] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 105.783029][ T5919] fuse: Bad value for 'fd' [ 106.170408][ T5707] usb 2-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69 [ 106.170439][ T5707] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 106.170460][ T5707] usb 2-1: Product: syz [ 106.170474][ T5707] usb 2-1: Manufacturer: syz [ 106.170487][ T5707] usb 2-1: SerialNumber: syz [ 106.855449][ T5707] usb 2-1: config 0 descriptor?? [ 106.907155][ T5707] hub 2-1:0.0: bad descriptor, ignoring hub [ 106.907196][ T5707] hub 2-1:0.0: probe with driver hub failed with error -5 [ 107.324070][ T31] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 107.325761][ C1] raw-gadget.2 gadget.2: ignoring, device is not running [ 107.588908][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 107.619202][ T31] usb 3-1: device descriptor read/64, error -32 [ 107.958987][ T31] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 108.413629][ T31] usb 3-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69 [ 108.413648][ T31] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 108.413665][ T31] usb 3-1: Product: syz [ 108.413679][ T31] usb 3-1: Manufacturer: syz [ 108.413747][ T31] usb 3-1: SerialNumber: syz [ 108.827150][ T31] usb 3-1: config 0 descriptor?? [ 109.439098][ T10] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 109.635126][ T10] usb 5-1: Using ep0 maxpacket: 32 [ 109.675446][ T10] usb 5-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 109.675474][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 109.675493][ T10] usb 5-1: Product: syz [ 109.675508][ T10] usb 5-1: Manufacturer: syz [ 109.675521][ T10] usb 5-1: SerialNumber: syz [ 109.790812][ T10] usb 5-1: config 0 descriptor?? [ 110.449409][ T10] RobotFuzz Open Source InterFace, OSIF 5-1:0.0: version d4.15 found at bus 005 address 005 [ 110.491508][ T10] usb 5-1: USB disconnect, device number 5 [ 112.054136][ T5707] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in cold state, will try to load a firmware [ 112.473080][ T5940] fuse: Bad value for 'fd' [ 112.613870][ T5707] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw' [ 112.614329][ T5707] dib0700: firmware download failed at 7 with -22 [ 112.788616][ T5707] usb 2-1: USB disconnect, device number 3 [ 113.357231][ T31] usb 3-1: can't set config #0, error -71 [ 113.370343][ T31] usb 3-1: USB disconnect, device number 3 [ 113.590058][ T5722] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 113.639100][ T5956] fuse: Bad value for 'fd' [ 113.795208][ T5722] usb 5-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69 [ 113.795226][ T5722] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 113.795237][ T5722] usb 5-1: Product: syz [ 113.795244][ T5722] usb 5-1: Manufacturer: syz [ 113.795251][ T5722] usb 5-1: SerialNumber: syz [ 113.812384][ T5722] usb 5-1: config 0 descriptor?? [ 113.883533][ T5722] hub 5-1:0.0: bad descriptor, ignoring hub [ 113.883562][ T5722] hub 5-1:0.0: probe with driver hub failed with error -5 [ 114.209966][ T5721] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 114.247810][ T5722] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in warm state. [ 114.286752][ T5722] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 114.288017][ T5722] dvbdev: DVB: registering new adapter (Pinnacle PCTV Hybrid Stick Solo) [ 114.288099][ T5722] usb 5-1: media controller created [ 114.419136][ T5721] usb 2-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69 [ 114.419166][ T5721] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 114.419185][ T5721] usb 2-1: Product: syz [ 114.419199][ T5721] usb 2-1: Manufacturer: syz [ 114.419213][ T5721] usb 2-1: SerialNumber: syz [ 114.491730][ T5722] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 114.508022][ T5721] usb 2-1: config 0 descriptor?? [ 114.584445][ T5721] hub 2-1:0.0: bad descriptor, ignoring hub [ 114.584467][ T5721] hub 2-1:0.0: probe with driver hub failed with error -5 [ 114.895747][ T5721] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in warm state. [ 115.021099][ T5721] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 115.022367][ T5721] dvbdev: DVB: registering new adapter (Pinnacle PCTV Hybrid Stick Solo) [ 115.022411][ T5721] usb 2-1: media controller created [ 115.129028][ T5721] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 115.279208][ T5722] DVB: Unable to find symbol dib7000p_attach() [ 115.279236][ T5722] dvb-usb: no frontend was attached by 'Pinnacle PCTV Hybrid Stick Solo' [ 115.524543][ T5721] DVB: Unable to find symbol dib7000p_attach() [ 115.524564][ T5721] dvb-usb: no frontend was attached by 'Pinnacle PCTV Hybrid Stick Solo' [ 115.530194][ T5722] rc_core: IR keymap rc-dib0700-rc5 not found [ 115.530210][ T5722] Registered IR keymap rc-empty [ 115.530758][ T5722] dvb-usb: could not initialize remote control. [ 115.530768][ T5722] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully initialized and connected. [ 115.799444][ T5721] rc_core: IR keymap rc-dib0700-rc5 not found [ 115.799456][ T5721] Registered IR keymap rc-empty [ 115.799626][ T5721] dvb-usb: could not initialize remote control. [ 115.799631][ T5721] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully initialized and connected. [ 116.960082][ T5990] block nbd0: server does not support multiple connections per device. [ 117.091953][ T5990] block nbd0: shutting down sockets [ 118.130770][ T5722] usb 5-1: USB disconnect, device number 6 [ 118.310977][ T6004] netlink: 8 bytes leftover after parsing attributes in process `syz.3.52'. [ 118.310997][ T6004] netlink: 4 bytes leftover after parsing attributes in process `syz.3.52'. [ 118.490636][ T5865] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 118.490744][ T6004] netlink: 8 bytes leftover after parsing attributes in process `syz.3.52'. [ 118.490760][ T6004] netlink: 4 bytes leftover after parsing attributes in process `syz.3.52'. [ 118.496745][ T5865] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 118.555393][ T5865] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 118.555436][ T5865] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 118.872922][ T5722] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully deinitialized and disconnected. [ 118.882320][ T5721] usb 2-1: USB disconnect, device number 4 [ 119.171248][ T5721] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully deinitialized and disconnected. [ 120.744135][ T6038] netlink: 68 bytes leftover after parsing attributes in process `syz.3.66'. [ 122.159015][ T5721] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 122.447809][ T5721] usb 2-1: unable to get BOS descriptor or descriptor too short [ 122.448818][ T5721] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 122.448861][ T5721] usb 2-1: can't read configurations, error -71 [ 124.701985][ T6131] netlink: 68 bytes leftover after parsing attributes in process `syz.2.89'. [ 124.802857][ T6130] tipc: Started in network mode [ 124.802888][ T6130] tipc: Node identity fe2a95e9f9c4, cluster identity 4711 [ 124.834655][ T6130] tipc: Enabled bearer , priority 0 [ 124.837921][ T6130] syzkaller0: entered promiscuous mode [ 124.837946][ T6130] syzkaller0: entered allmulticast mode [ 125.383636][ T6129] tipc: Resetting bearer [ 125.609015][ T5707] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 125.787099][ T5707] usb 4-1: unable to get BOS descriptor or descriptor too short [ 125.788592][ T5707] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 125.788627][ T5707] usb 4-1: can't read configurations, error -71 [ 125.870869][ T6129] tipc: Disabling bearer [ 126.094183][ T10] tipc: Node number set to 133076457 [ 126.993696][ T6201] vlan2: entered promiscuous mode [ 126.993718][ T6201] bond_slave_1: entered promiscuous mode [ 127.482074][ T6179] syz.2.96 (6179) used greatest stack depth: 18072 bytes left [ 127.497238][ T6209] loop8: detected capacity change from 0 to 8 [ 127.562155][ T6209] Dev loop8: unable to read RDB block 8 [ 127.562192][ T6209] loop8: unable to read partition table [ 127.562370][ T6209] loop8: partition table beyond EOD, truncated [ 127.562408][ T6209] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 128.009387][ T10] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 128.208999][ T10] usb 4-1: unable to get BOS descriptor or descriptor too short [ 128.214426][ T10] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 128.214458][ T10] usb 4-1: can't read configurations, error -71 [ 128.335546][ T6220] netlink: 68 bytes leftover after parsing attributes in process `syz.2.112'. [ 129.098785][ T6239] Driver unsupported XDP return value 0 on prog (id 7) dev N/A, expect packet loss! [ 129.324292][ T6262] netlink: 8 bytes leftover after parsing attributes in process `syz.4.118'. [ 129.324314][ T6262] netlink: 4 bytes leftover after parsing attributes in process `syz.4.118'. [ 130.511270][ T6262] netlink: 8 bytes leftover after parsing attributes in process `syz.4.118'. [ 130.511291][ T6262] netlink: 4 bytes leftover after parsing attributes in process `syz.4.118'. [ 130.512310][ T68] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 130.513559][ T68] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 130.513596][ T68] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 130.513624][ T68] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 130.728154][ T4907] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 130.770620][ T4907] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 130.796609][ T4907] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 130.806544][ T4907] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 130.808738][ T4907] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 131.200331][ T6277] loop8: detected capacity change from 0 to 8 [ 131.228583][ T6277] Dev loop8: unable to read RDB block 8 [ 131.228633][ T6277] loop8: unable to read partition table [ 131.228843][ T6277] loop8: partition table beyond EOD, truncated [ 131.228861][ T6277] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 131.804651][ T5721] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 131.954583][ T6298] netlink: 8 bytes leftover after parsing attributes in process `syz.4.131'. [ 131.954606][ T6298] netlink: 4 bytes leftover after parsing attributes in process `syz.4.131'. [ 131.960449][ T6298] netlink: 8 bytes leftover after parsing attributes in process `syz.4.131'. [ 131.960466][ T6298] netlink: 4 bytes leftover after parsing attributes in process `syz.4.131'. [ 131.991648][ T5721] usb 3-1: unable to get BOS descriptor or descriptor too short [ 131.993377][ T5721] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 131.993397][ T5721] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 131.993441][ T5721] usb 3-1: too many endpoints for config 1 interface 1 altsetting 76: 188, using maximum allowed: 30 [ 131.993476][ T5721] usb 3-1: config 1 interface 1 altsetting 76 has 0 endpoint descriptors, different from the interface descriptor's value: 188 [ 131.993501][ T5721] usb 3-1: config 1 interface 1 has no altsetting 1 [ 132.004082][ T5721] usb 3-1: New USB device found, idVendor=21b4, idProduct=0081, bcdDevice= 0.40 [ 132.004107][ T5721] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 132.004125][ T5721] usb 3-1: Product: syz [ 132.004138][ T5721] usb 3-1: Manufacturer: syz [ 132.004150][ T5721] usb 3-1: SerialNumber: syz [ 132.756949][ T1334] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.757050][ T1334] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.854996][ T6307] tipc: Started in network mode [ 132.855035][ T6307] tipc: Node identity aaa1c64443ea, cluster identity 4711 [ 132.855203][ T6307] tipc: Enabled bearer , priority 0 [ 132.855809][ T6305] syzkaller0: entered promiscuous mode [ 132.855830][ T6305] syzkaller0: entered allmulticast mode [ 132.979317][ T5588] Bluetooth: hci5: command tx timeout [ 133.065894][ T6305] tipc: Resetting bearer [ 133.091752][ T5721] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 133.165278][ T5721] usb 3-1: USB disconnect, device number 4 [ 133.180888][ T6304] tipc: Resetting bearer [ 133.244710][ T5799] udevd[5799]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 133.364239][ T6304] tipc: Disabling bearer [ 134.509231][ T5721] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 134.671029][ T5721] usb 3-1: unable to get BOS descriptor or descriptor too short [ 134.672199][ T5721] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 134.672220][ T5721] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 134.672261][ T5721] usb 3-1: too many endpoints for config 1 interface 1 altsetting 76: 188, using maximum allowed: 30 [ 134.672305][ T5721] usb 3-1: config 1 interface 1 altsetting 76 has 0 endpoint descriptors, different from the interface descriptor's value: 188 [ 134.672333][ T5721] usb 3-1: config 1 interface 1 has no altsetting 1 [ 134.677046][ T5721] usb 3-1: New USB device found, idVendor=21b4, idProduct=0081, bcdDevice= 0.40 [ 134.677072][ T5721] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 134.677091][ T5721] usb 3-1: Product: syz [ 134.677104][ T5721] usb 3-1: Manufacturer: syz [ 134.677116][ T5721] usb 3-1: SerialNumber: syz [ 135.068934][ T5588] Bluetooth: hci5: command tx timeout [ 135.291682][ T6329] tipc: Started in network mode [ 135.291826][ T6329] tipc: Node identity 9a956043ee19, cluster identity 4711 [ 135.291975][ T6329] tipc: Enabled bearer , priority 0 [ 135.292962][ T6339] syzkaller0: entered promiscuous mode [ 135.292983][ T6339] syzkaller0: entered allmulticast mode [ 135.366334][ T6343] tipc: Resetting bearer [ 135.389141][ T6323] tipc: Resetting bearer [ 135.421161][ T6352] netlink: 12 bytes leftover after parsing attributes in process `syz.1.148'. [ 135.478231][ T5721] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 135.566444][ T5721] usb 3-1: USB disconnect, device number 5 [ 135.589795][ T6323] tipc: Disabling bearer [ 135.790321][ T5799] udevd[5799]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 136.571741][ T6384] netlink: 12 bytes leftover after parsing attributes in process `syz.1.159'. [ 136.689117][ T31] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 136.865925][ T31] usb 5-1: unable to get BOS descriptor or descriptor too short [ 136.877006][ T31] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 136.877029][ T31] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 136.877075][ T31] usb 5-1: too many endpoints for config 1 interface 1 altsetting 76: 188, using maximum allowed: 30 [ 136.877122][ T31] usb 5-1: config 1 interface 1 altsetting 76 has 0 endpoint descriptors, different from the interface descriptor's value: 188 [ 136.877149][ T31] usb 5-1: config 1 interface 1 has no altsetting 1 [ 136.918400][ T31] usb 5-1: New USB device found, idVendor=21b4, idProduct=0081, bcdDevice= 0.40 [ 136.918426][ T31] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 136.918445][ T31] usb 5-1: Product: syz [ 136.918459][ T31] usb 5-1: Manufacturer: syz [ 136.918473][ T31] usb 5-1: SerialNumber: syz [ 137.139101][ T5588] Bluetooth: hci5: command tx timeout [ 137.283466][ T31] snd-usb-audio 5-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 137.317234][ T31] usb 5-1: USB disconnect, device number 7 [ 137.409315][ T5799] udevd[5799]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 137.832362][ T6404] netlink: 8 bytes leftover after parsing attributes in process `syz.4.168'. [ 137.832383][ T6404] netlink: 4 bytes leftover after parsing attributes in process `syz.4.168'. [ 138.070893][ T6412] loop8: detected capacity change from 0 to 8 [ 138.092280][ T6412] Dev loop8: unable to read RDB block 8 [ 138.092317][ T6412] loop8: unable to read partition table [ 138.097159][ T6412] loop8: partition table beyond EOD, truncated [ 138.127019][ T6412] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 138.194246][ T5865] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 138.479869][ T6404] netlink: 8 bytes leftover after parsing attributes in process `syz.4.168'. [ 138.479882][ T6404] netlink: 4 bytes leftover after parsing attributes in process `syz.4.168'. [ 138.659187][ T6268] bridge0: port 1(bridge_slave_0) entered blocking state [ 138.659314][ T6268] bridge0: port 1(bridge_slave_0) entered disabled state [ 138.659466][ T6268] bridge_slave_0: entered allmulticast mode [ 138.693639][ T6268] bridge_slave_0: entered promiscuous mode [ 138.774635][ T6431] syz.3.180 uses obsolete (PF_INET,SOCK_PACKET) [ 138.807113][ T6268] bridge0: port 2(bridge_slave_1) entered blocking state [ 138.810017][ T6268] bridge0: port 2(bridge_slave_1) entered disabled state [ 138.810220][ T6268] bridge_slave_1: entered allmulticast mode [ 138.815484][ T6268] bridge_slave_1: entered promiscuous mode [ 139.092260][ T5865] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.219589][ T5588] Bluetooth: hci5: command tx timeout [ 139.290434][ T6268] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 139.376939][ T6268] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 139.377475][ T6444] loop8: detected capacity change from 0 to 8 [ 139.395191][ T6444] Dev loop8: unable to read RDB block 8 [ 139.395237][ T6444] loop8: unable to read partition table [ 139.395445][ T6444] loop8: partition table beyond EOD, truncated [ 139.395475][ T6444] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 139.875661][ T5865] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 140.485308][ T6446] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4 [ 140.485345][ T6446] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4 [ 140.485364][ T6446] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 140.750404][ T6475] loop8: detected capacity change from 0 to 8 [ 140.757806][ T6475] Dev loop8: unable to read RDB block 8 [ 140.757848][ T6475] loop8: unable to read partition table [ 140.758059][ T6475] loop8: partition table beyond EOD, truncated [ 140.758077][ T6475] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 140.872549][ T6268] team0: Port device team_slave_0 added [ 141.109743][ T5865] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.165597][ T6268] team0: Port device team_slave_1 added [ 141.342106][ T6268] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 141.342120][ T6268] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 141.342142][ T6268] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 141.344009][ T6268] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 141.344019][ T6268] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 141.344037][ T6268] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 141.625876][ T6268] hsr_slave_0: entered promiscuous mode [ 141.628681][ T6268] hsr_slave_1: entered promiscuous mode [ 141.641701][ T6268] debugfs: 'hsr0' already exists in 'hsr' [ 141.641726][ T6268] Cannot create hsr debugfs directory [ 141.769096][ T5721] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 141.899076][ T5721] usb 2-1: device descriptor read/64, error -71 [ 142.139410][ T5721] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 142.269018][ T5721] usb 2-1: device descriptor read/64, error -71 [ 142.379383][ T5721] usb usb2-port1: attempt power cycle [ 142.531945][ T6505] loop8: detected capacity change from 0 to 8 [ 142.550635][ T6505] Dev loop8: unable to read RDB block 8 [ 142.550676][ T6505] loop8: unable to read partition table [ 142.550904][ T6505] loop8: partition table beyond EOD, truncated [ 142.550932][ T6505] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 142.769497][ T5721] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 142.790518][ T5721] usb 2-1: device descriptor read/8, error -71 [ 143.029004][ T5721] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 143.051655][ T5721] usb 2-1: device descriptor read/8, error -71 [ 143.161621][ T5721] usb usb2-port1: unable to enumerate USB device [ 143.624237][ T6520] netlink: 68 bytes leftover after parsing attributes in process `syz.4.216'. [ 145.121076][ T6567] loop8: detected capacity change from 0 to 8 [ 145.124781][ T6567] Dev loop8: unable to read RDB block 8 [ 145.124828][ T6567] loop8: unable to read partition table [ 145.126199][ T6567] loop8: partition table beyond EOD, truncated [ 145.128212][ T6567] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 145.340746][ T6574] netlink: 'syz.2.221': attribute type 10 has an invalid length. [ 145.409880][ T5865] bridge_slave_1: left allmulticast mode [ 145.414149][ T5865] bridge_slave_1: left promiscuous mode [ 145.435528][ T5865] bridge0: port 2(bridge_slave_1) entered disabled state [ 145.554930][ T5865] bridge_slave_0: left allmulticast mode [ 145.554961][ T5865] bridge_slave_0: left promiscuous mode [ 145.605518][ T5865] bridge0: port 1(bridge_slave_0) entered disabled state [ 146.284597][ T6592] netlink: 68 bytes leftover after parsing attributes in process `syz.3.229'. [ 146.929652][ T5865] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 147.009777][ T5865] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 147.031004][ T5865] bond0 (unregistering): Released all slaves [ 147.115256][ T6572] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4 [ 147.115303][ T6572] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4 [ 147.115322][ T6572] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 147.327315][ T6574] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 147.338851][ T6574] bond0: (slave netdevsim1): Enslaving as an active interface with an up link [ 147.341686][ T6597] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4 [ 147.341722][ T6597] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4 [ 147.341741][ T6597] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 148.060186][ T5714] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 148.209039][ T5714] usb 5-1: Using ep0 maxpacket: 16 [ 148.211533][ T5714] usb 5-1: config index 0 descriptor too short (expected 12592, got 27) [ 148.211558][ T5714] usb 5-1: config 55 has too many interfaces: 55, using maximum allowed: 32 [ 148.211577][ T5714] usb 5-1: config 55 has an invalid descriptor of length 55, skipping remainder of the config [ 148.211595][ T5714] usb 5-1: config 55 has 0 interfaces, different from the descriptor's value: 55 [ 148.215740][ T5714] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 148.215765][ T5714] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 148.215784][ T5714] usb 5-1: Product: syz [ 148.215797][ T5714] usb 5-1: Manufacturer: syz [ 148.215810][ T5714] usb 5-1: SerialNumber: syz [ 148.747835][ T5814] usb 5-1: USB disconnect, device number 8 [ 150.041005][ T5252] 8021q: adding VLAN 0 to HW filter on device eth1 [ 150.400101][ T5865] hsr_slave_0: left promiscuous mode [ 150.440568][ T5865] hsr_slave_1: left promiscuous mode [ 150.461641][ T5865] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 150.461747][ T5865] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 150.536027][ T5865] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 150.536126][ T5865] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 150.568156][ T6697] netlink: 8 bytes leftover after parsing attributes in process `syz.3.265'. [ 150.603309][ T6697] netlink: 8 bytes leftover after parsing attributes in process `syz.3.265'. [ 150.692773][ T5865] veth1_macvtap: left promiscuous mode [ 150.693077][ T5865] veth0_macvtap: left promiscuous mode [ 150.697425][ T5865] veth1_vlan: left promiscuous mode [ 150.697827][ T5865] veth0_vlan: left promiscuous mode [ 151.388578][ T6714] netlink: 68 bytes leftover after parsing attributes in process `syz.4.271'. [ 151.495222][ T6716] netlink: 68 bytes leftover after parsing attributes in process `syz.4.272'. [ 151.884108][ T6727] netlink: 8 bytes leftover after parsing attributes in process `syz.2.276'. [ 151.920272][ T6727] netlink: 8 bytes leftover after parsing attributes in process `syz.2.276'. [ 152.211532][ T5865] team0 (unregistering): Port device team_slave_1 removed [ 152.293828][ T5865] team0 (unregistering): Port device team_slave_0 removed [ 152.474125][ T6744] netlink: 12 bytes leftover after parsing attributes in process `syz.2.280'. [ 152.511560][ T6744] netlink: 12 bytes leftover after parsing attributes in process `syz.2.280'. [ 153.010846][ T6768] netlink: 'syz.2.281': attribute type 4 has an invalid length. [ 153.038142][ T6692] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4 [ 153.038183][ T6692] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4 [ 153.038202][ T6692] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 153.425621][ T6268] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 153.526574][ T6268] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 153.576865][ T6268] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 153.639873][ T6779] netlink: 8 bytes leftover after parsing attributes in process `syz.2.286'. [ 153.704659][ T6779] netlink: 8 bytes leftover after parsing attributes in process `syz.2.286'. [ 153.725518][ T6268] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 154.034579][ T6268] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 154.073276][ T6268] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 154.073965][ T6789] tipc: Enabled bearer , priority 0 [ 154.105020][ T6797] geneve2: entered promiscuous mode [ 154.233910][ T6787] tipc: Disabling bearer [ 154.434955][ T6268] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 154.508731][ T6268] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 154.529488][ T5252] 8021q: adding VLAN 0 to HW filter on device eth2 [ 154.727654][ T5779] block nbd0: NBD_DISCONNECT [ 154.727772][ T5779] block nbd0: Send disconnect failed -32 [ 154.727791][ T5779] block nbd0: Send disconnect failed -32 [ 154.763788][ T5779] block nbd0: Disconnected due to user request. [ 154.763806][ T5779] block nbd0: shutting down sockets [ 155.374080][ T6268] 8021q: adding VLAN 0 to HW filter on device bond0 [ 155.406545][ T6268] 8021q: adding VLAN 0 to HW filter on device team0 [ 155.509444][ T1188] bridge0: port 1(bridge_slave_0) entered blocking state [ 155.509574][ T1188] bridge0: port 1(bridge_slave_0) entered forwarding state [ 155.603997][ T1188] bridge0: port 2(bridge_slave_1) entered blocking state [ 155.604124][ T1188] bridge0: port 2(bridge_slave_1) entered forwarding state [ 156.493466][ T6854] geneve2: entered promiscuous mode [ 157.065552][ T5252] 8021q: adding VLAN 0 to HW filter on device eth3 [ 157.926478][ T5588] block nbd1: Receive control failed (result -32) [ 157.939569][ T4907] block nbd1: Receive control failed (result -32) [ 158.127632][ T5799] block nbd1: NBD_DISCONNECT [ 158.127654][ T5799] block nbd1: Send disconnect failed -32 [ 158.127668][ T5799] block nbd1: Send disconnect failed -32 [ 158.127682][ T5799] block nbd1: shutting down sockets [ 158.148694][ T6268] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 158.728391][ T5799] udevd[5799]: inotify_add_watch(7, /dev/nbd1, 10) failed: No such file or directory [ 158.809014][ T31] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 158.994869][ T31] usb 5-1: unable to get BOS descriptor or descriptor too short [ 158.996296][ T31] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 158.996317][ T31] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 158.996357][ T31] usb 5-1: config 1 interface 1 has no altsetting 0 [ 159.045172][ T31] usb 5-1: string descriptor 0 read error: -22 [ 159.045283][ T31] usb 5-1: New USB device found, idVendor=21b4, idProduct=0081, bcdDevice= 0.40 [ 159.045305][ T31] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 159.332071][ T6268] veth0_vlan: entered promiscuous mode [ 159.374432][ T6268] veth1_vlan: entered promiscuous mode [ 159.404531][ T31] snd-usb-audio 5-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 159.658758][ T6268] veth0_macvtap: entered promiscuous mode [ 159.684219][ T6268] veth1_macvtap: entered promiscuous mode [ 159.786001][ T6268] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 159.835652][ T6268] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 159.918503][ T5846] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.932186][ T5846] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.934575][ T5846] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.975810][ T5846] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 160.219068][ T5252] 8021q: adding VLAN 0 to HW filter on device eth4 [ 160.793141][ T179] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 160.793160][ T179] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 160.945214][ T6957] netlink: 144 bytes leftover after parsing attributes in process `syz.2.327'. [ 161.049601][ T6957] netlink: 'syz.2.327': attribute type 3 has an invalid length. [ 161.059365][ T179] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 161.059382][ T179] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 161.364333][ T6968] tipc: Enabled bearer , priority 0 [ 161.441865][ T6965] netlink: 8 bytes leftover after parsing attributes in process `syz.1.329'. [ 161.444141][ T6968] tipc: Disabling bearer [ 161.546798][ T6972] netlink: 144 bytes leftover after parsing attributes in process `syz.1.332'. [ 161.600960][ T5721] usb 5-1: USB disconnect, device number 9 [ 161.643123][ T6972] netlink: 'syz.1.332': attribute type 3 has an invalid length. [ 161.741582][ T6979] netlink: 'syz.4.334': attribute type 10 has an invalid length. [ 161.883657][ T6979] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 162.313156][ T5799] block nbd2: NBD_DISCONNECT [ 162.313183][ T5799] block nbd2: Send disconnect failed -32 [ 162.313201][ T5799] block nbd2: Send disconnect failed -32 [ 162.346358][ T5799] block nbd2: Disconnected due to user request. [ 162.362972][ T5799] block nbd2: shutting down sockets [ 162.393864][ T6994] netlink: 'syz.4.337': attribute type 10 has an invalid length. [ 162.399922][ T6994] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 162.414661][ T6994] bond0: (slave netdevsim1): Enslaving as an active interface with an up link [ 162.925861][ T5799] udevd[5799]: inotify_add_watch(7, /dev/nbd2, 10) failed: No such file or directory [ 163.230050][ T7001] geneve2: left promiscuous mode [ 163.471565][ T7019] netlink: 8 bytes leftover after parsing attributes in process `syz.4.341'. [ 163.591428][ T7025] netlink: 24 bytes leftover after parsing attributes in process `syz.2.345'. [ 164.107659][ T7026] geneve2: entered promiscuous mode [ 164.433925][ T5588] block nbd3: Receive control failed (result -32) [ 164.436258][ T4907] block nbd3: Receive control failed (result -32) [ 164.517600][ T5799] block nbd3: NBD_DISCONNECT [ 164.517626][ T5799] block nbd3: Send disconnect failed -32 [ 164.517643][ T5799] block nbd3: Send disconnect failed -32 [ 164.517661][ T5799] block nbd3: shutting down sockets [ 164.801878][ T7059] netlink: 'syz.5.352': attribute type 12 has an invalid length. [ 164.801899][ T7059] netlink: 'syz.5.352': attribute type 29 has an invalid length. [ 164.801911][ T7059] netlink: 148 bytes leftover after parsing attributes in process `syz.5.352'. [ 164.803352][ T5799] udevd[5799]: inotify_add_watch(7, /dev/nbd3, 10) failed: No such file or directory [ 165.010691][ T7063] netlink: 8 bytes leftover after parsing attributes in process `syz.3.357'. [ 165.037838][ T7067] netlink: 8 bytes leftover after parsing attributes in process `syz.1.360'. [ 165.747632][ T7084] geneve2: entered promiscuous mode [ 165.943078][ T7101] netlink: 8 bytes leftover after parsing attributes in process `syz.3.374'. [ 165.977962][ T7097] geneve2: entered promiscuous mode [ 166.042270][ T7101] vlan2: entered promiscuous mode [ 166.042291][ T7101] bond_slave_1: entered promiscuous mode [ 166.417208][ T5799] block nbd4: NBD_DISCONNECT [ 166.417232][ T5799] block nbd4: Send disconnect failed -32 [ 166.417249][ T5799] block nbd4: Send disconnect failed -32 [ 166.450422][ T5799] block nbd4: Disconnected due to user request. [ 166.450463][ T5799] block nbd4: shutting down sockets [ 167.714917][ T7144] netlink: 44 bytes leftover after parsing attributes in process `syz.2.388'. [ 167.773272][ T4907] block nbd5: Receive control failed (result -32) [ 167.773869][ T4907] block nbd5: Receive control failed (result -32) [ 167.962728][ T5799] block nbd5: NBD_DISCONNECT [ 167.962757][ T5799] block nbd5: Send disconnect failed -32 [ 167.962774][ T5799] block nbd5: Send disconnect failed -32 [ 167.962793][ T5799] block nbd5: shutting down sockets [ 168.204887][ T179] ================================================================== [ 168.204901][ T179] BUG: KASAN: slab-out-of-bounds in blk_mq_free_rqs+0xea/0x680 [ 168.204942][ T179] Read of size 8 at addr ffff888026f0cc68 by task kworker/u8:7/179 [ 168.204957][ T179] [ 168.204977][ T179] CPU: 1 UID: 0 PID: 179 Comm: kworker/u8:7 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 168.204999][ T179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 168.205010][ T179] Workqueue: nbd-del nbd_dev_remove_work [ 168.205036][ T179] Call Trace: [ 168.205044][ T179] [ 168.205051][ T179] dump_stack_lvl+0xe8/0x150 [ 168.205079][ T179] print_address_description+0x55/0x1e0 [ 168.205099][ T179] ? blk_mq_free_rqs+0xea/0x680 [ 168.205120][ T179] print_report+0x58/0x70 [ 168.205136][ T179] kasan_report+0x117/0x150 [ 168.205156][ T179] ? blk_mq_free_rqs+0xea/0x680 [ 168.205181][ T179] blk_mq_free_rqs+0xea/0x680 [ 168.205203][ T179] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 168.205230][ T179] blk_mq_free_map_and_rqs+0x40/0xf0 [ 168.205254][ T179] blk_mq_free_sched_res+0xeb/0x280 [ 168.205280][ T179] elevator_change_done+0x1d2/0x5f0 [ 168.205304][ T179] ? __pfx_elevator_change_done+0x10/0x10 [ 168.205326][ T179] ? __blk_mq_unfreeze_queue+0x182/0x220 [ 168.205347][ T179] elevator_change+0x321/0x450 [ 168.205372][ T179] elevator_set_none+0xb5/0x140 [ 168.205393][ T179] ? __pfx_elevator_set_none+0x10/0x10 [ 168.205393][ T179] ? __pfx_elevator_set_none+0x10/0x10 [ 168.205412][ T179] ? kernfs_put+0x4c2/0x520 [ 168.205432][ T179] ? kobject_put+0x516/0x560 [ 168.205453][ T179] blk_unregister_queue+0x17d/0x210 [ 168.205478][ T179] __del_gendisk+0x3fd/0x980 [ 168.205496][ T179] ? down_read+0x156/0x200 [ 168.205512][ T179] ? __pfx___del_gendisk+0x10/0x10 [ 168.205528][ T179] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 168.205550][ T179] ? lockdep_hardirqs_on+0x7a/0x110 [ 168.205572][ T179] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 168.205596][ T179] del_gendisk+0xe7/0x160 [ 168.205614][ T179] nbd_dev_remove_work+0x47/0xe0 [ 168.205630][ T179] ? process_scheduled_works+0xa70/0x1860 [ 168.205649][ T179] process_scheduled_works+0xb5d/0x1860 [ 168.205680][ T179] ? __pfx_process_scheduled_works+0x10/0x10 [ 168.205702][ T179] ? assign_work+0x3d5/0x5e0 [ 168.205721][ T179] worker_thread+0xa53/0xfc0 [ 168.205750][ T179] kthread+0x388/0x470 [ 168.205771][ T179] ? __pfx_worker_thread+0x10/0x10 [ 168.205788][ T179] ? __pfx_kthread+0x10/0x10 [ 168.205810][ T179] ret_from_fork+0x514/0xb70 [ 168.205833][ T179] ? __pfx_ret_from_fork+0x10/0x10 [ 168.205852][ T179] ? __switch_to+0xc79/0x1410 [ 168.205877][ T179] ? __pfx_kthread+0x10/0x10 [ 168.205897][ T179] ret_from_fork_asm+0x1a/0x30 [ 168.205924][ T179] [ 168.205931][ T179] [ 168.205941][ T179] Allocated by task 1: [ 168.205949][ T179] kasan_save_track+0x3e/0x80 [ 168.205964][ T179] __kasan_kmalloc+0x93/0xb0 [ 168.205979][ T179] __kmalloc_node_noprof+0x377/0x7f0 [ 168.205995][ T179] blk_mq_alloc_tag_set+0x4e3/0xfc0 [ 168.206016][ T179] nbd_dev_add+0x30e/0xb50 [ 168.206029][ T179] nbd_init+0x168/0x1f0 [ 168.206051][ T179] do_one_initcall+0x250/0x870 [ 168.206068][ T179] do_initcall_level+0x104/0x190 [ 168.206089][ T179] do_initcalls+0x59/0xa0 [ 168.206102][ T179] kernel_init_freeable+0x2a6/0x3e0 [ 168.206123][ T179] kernel_init+0x1d/0x1d0 [ 168.206139][ T179] ret_from_fork+0x514/0xb70 [ 168.206155][ T179] ret_from_fork_asm+0x1a/0x30 [ 168.206172][ T179] [ 168.206176][ T179] The buggy address belongs to the object at ffff888026f0cc60 [ 168.206176][ T179] which belongs to the cache kmalloc-8 of size 8 [ 168.206191][ T179] The buggy address is located 0 bytes to the right of [ 168.206191][ T179] allocated 8-byte region [ffff888026f0cc60, ffff888026f0cc68) [ 168.206209][ T179] [ 168.206214][ T179] The buggy address belongs to the physical page: [ 168.206227][ T179] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888026f0c0c0 pfn:0x26f0c [ 168.206244][ T179] flags: 0x80000000000200(workingset|node=0|zone=1) [ 168.206265][ T179] page_type: f5(slab) [ 168.206279][ T179] raw: 0080000000000200 ffff88801a00b500 ffffea0000ab5a10 ffffea00009422d0 [ 168.206294][ T179] raw: ffff888026f0c0c0 0000000800800072 00000000f5000000 0000000000000000 [ 168.206303][ T179] page dumped because: kasan: bad access detected [ 168.206316][ T179] page_owner tracks the page as allocated [ 168.206322][ T179] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd2c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 33, tgid 33 (kdevtmpfs), ts 6970547136, free_ts 6944814984 [ 168.206351][ T179] post_alloc_hook+0x231/0x280 [ 168.206367][ T179] get_page_from_freelist+0x27c8/0x2840 [ 168.206386][ T179] __alloc_frozen_pages_noprof+0x18d/0x380 [ 168.206404][ T179] allocate_slab+0x77/0x660 [ 168.206424][ T179] refill_objects+0x33c/0x3d0 [ 168.206443][ T179] __pcs_replace_empty_main+0x373/0x720 [ 168.206464][ T179] __kmalloc_node_track_caller_noprof+0x60b/0x7e0 [ 168.206482][ T179] kmemdup_noprof+0x2b/0x70 [ 168.206504][ T179] smack_inode_init_security+0x459/0x600 [ 168.206521][ T179] security_inode_init_security+0x202/0x3d0 [ 168.206537][ T179] shmem_mknod+0x1fe/0x360 [ 168.206557][ T179] vfs_mknod+0x44e/0x620 [ 168.206574][ T179] devtmpfs_work_loop+0x861/0xdf0 [ 168.206592][ T179] devtmpfsd+0x4d/0x50 [ 168.206610][ T179] kthread+0x388/0x470 [ 168.206628][ T179] ret_from_fork+0x514/0xb70 [ 168.206644][ T179] page last free pid 179 tgid 179 stack trace: [ 168.206655][ T179] __free_frozen_pages+0xfa6/0x10f0 [ 168.206671][ T179] __kasan_populate_vmalloc+0x1b2/0x1d0 [ 168.206693][ T179] alloc_vmap_area+0xd47/0x1480 [ 168.206708][ T179] __get_vm_area_node+0x226/0x350 [ 168.206723][ T179] __vmalloc_node_range_noprof+0x36a/0x1750 [ 168.206740][ T179] __vmalloc_node_noprof+0xc2/0x100 [ 168.206755][ T179] dup_task_struct+0x298/0x840 [ 168.206771][ T179] copy_process+0x89b/0x4460 [ 168.206786][ T179] kernel_clone+0x283/0x870 [ 168.206803][ T179] user_mode_thread+0x110/0x180 [ 168.206820][ T179] call_usermodehelper_exec_work+0x5c/0x230 [ 168.206836][ T179] process_scheduled_works+0xb5d/0x1860 [ 168.206852][ T179] worker_thread+0xa53/0xfc0 [ 168.206866][ T179] kthread+0x388/0x470 [ 168.206884][ T179] ret_from_fork+0x514/0xb70 [ 168.206899][ T179] ret_from_fork_asm+0x1a/0x30 [ 168.206917][ T179] [ 168.206921][ T179] Memory state around the buggy address: [ 168.206930][ T179] ffff888026f0cb00: fa fc fc fc fa fc fc fc 05 fc fc fc fa fc fc fc [ 168.206942][ T179] ffff888026f0cb80: 07 fc fc fc 05 fc fc fc 05 fc fc fc 05 fc fc fc [ 168.206953][ T179] >ffff888026f0cc00: 00 fc fc fc fa fc fc fc 00 fc fc fc 00 fc fc fc [ 168.206961][ T179] ^ [ 168.206971][ T179] ffff888026f0cc80: 07 fc fc fc 07 fc fc fc fa fc fc fc fa fc fc fc [ 168.206982][ T179] ffff888026f0cd00: 00 fc fc fc 00 fc fc fc 07 fc fc fc 07 fc fc fc [ 168.206989][ T179] ================================================================== [ 168.353497][ T179] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 168.353518][ T179] CPU: 0 UID: 0 PID: 179 Comm: kworker/u8:7 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 168.353539][ T179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 168.353550][ T179] Workqueue: nbd-del nbd_dev_remove_work [ 168.353576][ T179] Call Trace: [ 168.353583][ T179] [ 168.353590][ T179] vpanic+0x56c/0xa60 [ 168.353614][ T179] ? __pfx_vpanic+0x10/0x10 [ 168.353637][ T179] panic+0xc5/0xd0 [ 168.353656][ T179] ? __pfx_panic+0x10/0x10 [ 168.353675][ T179] ? preempt_schedule_thunk+0x16/0x30 [ 168.353700][ T179] ? preempt_schedule_thunk+0x16/0x30 [ 168.353724][ T179] ? blk_mq_free_rqs+0xea/0x680 [ 168.353745][ T179] check_panic_on_warn+0x89/0xb0 [ 168.353767][ T179] ? blk_mq_free_rqs+0xea/0x680 [ 168.353787][ T179] end_report+0x73/0x170 [ 168.353813][ T179] ? blk_mq_free_rqs+0xea/0x680 [ 168.353833][ T179] kasan_report+0x128/0x150 [ 168.353852][ T179] ? blk_mq_free_rqs+0xea/0x680 [ 168.353876][ T179] blk_mq_free_rqs+0xea/0x680 [ 168.353898][ T179] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 168.353925][ T179] blk_mq_free_map_and_rqs+0x40/0xf0 [ 168.353949][ T179] blk_mq_free_sched_res+0xeb/0x280 [ 168.353973][ T179] elevator_change_done+0x1d2/0x5f0 [ 168.353997][ T179] ? __pfx_elevator_change_done+0x10/0x10 [ 168.354018][ T179] ? __blk_mq_unfreeze_queue+0x182/0x220 [ 168.354038][ T179] elevator_change+0x321/0x450 [ 168.354061][ T179] elevator_set_none+0xb5/0x140 [ 168.354081][ T179] ? __pfx_elevator_set_none+0x10/0x10 [ 168.354100][ T179] ? kernfs_put+0x4c2/0x520 [ 168.354120][ T179] ? kobject_put+0x516/0x560 [ 168.354140][ T179] blk_unregister_queue+0x17d/0x210 [ 168.354165][ T179] __del_gendisk+0x3fd/0x980 [ 168.354184][ T179] ? down_read+0x156/0x200 [ 168.354199][ T179] ? __pfx___del_gendisk+0x10/0x10 [ 168.354215][ T179] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 168.354239][ T179] ? lockdep_hardirqs_on+0x7a/0x110 [ 168.354262][ T179] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 168.354287][ T179] del_gendisk+0xe7/0x160 [ 168.354303][ T179] nbd_dev_remove_work+0x47/0xe0 [ 168.354319][ T179] ? process_scheduled_works+0xa70/0x1860 [ 168.354337][ T179] process_scheduled_works+0xb5d/0x1860 [ 168.354368][ T179] ? __pfx_process_scheduled_works+0x10/0x10 [ 168.354388][ T179] ? assign_work+0x3d5/0x5e0 [ 168.354407][ T179] worker_thread+0xa53/0xfc0 [ 168.354435][ T179] kthread+0x388/0x470 [ 168.354456][ T179] ? __pfx_worker_thread+0x10/0x10 [ 168.354472][ T179] ? __pfx_kthread+0x10/0x10 [ 168.354493][ T179] ret_from_fork+0x514/0xb70 [ 168.354513][ T179] ? __pfx_ret_from_fork+0x10/0x10 [ 168.354530][ T179] ? __switch_to+0xc79/0x1410 [ 168.354554][ T179] ? __pfx_kthread+0x10/0x10 [ 168.354575][ T179] ret_from_fork_asm+0x1a/0x30 [ 168.354601][ T179] [ 168.354940][ T179] Kernel Offset: disabled