last executing test programs: 3m8.978603341s ago: executing program 3 (id=608): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000100)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x6e03ac64962092fe}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x4, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000008850000007600000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r4 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$UHID_CREATE(r4, &(0x7f0000000240)={0x0, {'syz0\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000040)=""/2, 0x2, 0x0, 0x3, 0x0, 0x0, 0xc08}}, 0x120) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000000c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [], {0x14}}, 0x28}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)=@newtaction={0x64, 0x30, 0xffffffffffffffff, 0x0, 0x40002, {}, [{0x50, 0x1, [@m_bpf={0x4c, 0x1, 0x0, 0x0, {{0x8}, {0x24, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x1}}, @TCA_ACT_BPF_FD={0x8, 0x5, r3}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000600)=@newtclass={0x24, 0x28, 0x200, 0x70bd25, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0xa}, {0xffff, 0x4}, {0x0, 0x9}}}, 0x24}}, 0x4000004) r5 = socket(0x10, 0x3, 0x0) sendmmsg(r5, &(0x7f0000000000), 0x4000000000001f2, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) 3m8.211989106s ago: executing program 3 (id=612): mkdir(&(0x7f0000002200)='./file0\x00', 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000080)='debugfs\x00', 0x0, 0x0) mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x21e021, 0x0) 2m18.845202062s ago: executing program 3 (id=612): mkdir(&(0x7f0000002200)='./file0\x00', 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000080)='debugfs\x00', 0x0, 0x0) mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x21e021, 0x0) 1m30.787635019s ago: executing program 3 (id=612): mkdir(&(0x7f0000002200)='./file0\x00', 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000080)='debugfs\x00', 0x0, 0x0) mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x21e021, 0x0) 41.920220797s ago: executing program 3 (id=612): mkdir(&(0x7f0000002200)='./file0\x00', 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000080)='debugfs\x00', 0x0, 0x0) mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x21e021, 0x0) 16.053632254s ago: executing program 0 (id=1060): r0 = syz_open_dev$tty1(0xc, 0x4, 0x3) fcntl$dupfd(r0, 0x0, r0) ioctl$PIO_UNIMAPCLR(r0, 0x4b68, &(0x7f0000000280)={0x0, 0xfffb, 0x5}) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f00000000c0)={'fscrypt:', @desc2}, &(0x7f0000000100)={0x0, "4296a284da9ff934f3c4ccd3077c9686940ba5f18365d0a9372687363715cc9a175637c170ad5b813962f15de416fc71316f55b3bc1d12b9a148eb1f51bbedbb"}, 0x48, 0xfffffffffffffffe) keyctl$KEYCTL_PKEY_QUERY(0x18, r2, 0x0, &(0x7f0000000180)='\x00', 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1d, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000540)='fib6_table_lookup\x00', r3}, 0x10) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_inet6_SIOCADDRT(r4, 0x890b, &(0x7f0000000300)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private1, @loopback, 0x9, 0x4, 0x0, 0x480, 0x3, 0x2}) 14.845779909s ago: executing program 0 (id=1064): creat(0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010000000000106d049cc2000000000001090224"], 0x0) r2 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_int(r2, 0x1, 0x27, &(0x7f0000000040)=0x2, 0x4) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) getsockopt$IP6T_SO_GET_REVISION_TARGET(r2, 0x29, 0x45, &(0x7f0000000200)={'ipvs\x00'}, &(0x7f0000000240)=0x1e) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) io_cancel(0x0, &(0x7f0000001800)={0x0, 0x0, 0x0, 0x6, 0x2, 0xffffffffffffffff, 0x0, 0x0, 0x81, 0x0, 0x3}, 0x0) 12.515103387s ago: executing program 2 (id=1068): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) flock(r1, 0x2) r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) flock(r2, 0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/arp\x00') 11.178575593s ago: executing program 2 (id=1071): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0x4, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r5 = socket$inet(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r5, 0x4000000000000, 0x40, &(0x7f0000002700)=@raw={'raw\x00', 0x8, 0x3, 0x218, 0x0, 0x8, 0xfa04, 0x0, 0x6c02, 0x180, 0x194, 0x194, 0x180, 0x194, 0x3, 0x0, {[{{@ip={@empty=0x1e00, @broadcast, 0x0, 0x0, 'veth0_to_hsr\x00', 'veth0_virt_wifi\x00', {}, {}, 0x6}, 0x0, 0xa0, 0xc8, 0x0, {0x0, 0x74020000}, [@common=@inet=@tcp={{0x30}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0xffff}}}, {{@ip={@multicast2, @dev, 0x0, 0x0, '\x00', 'tunl0\x00'}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x278) 10.176065012s ago: executing program 1 (id=1072): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'veth0_macvtap\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=ANY=[@ANYBLOB="2c00000010000100"/20, @ANYRES32=r3, @ANYBLOB='\x00A'], 0x2c}}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) r4 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, 0x0, 0x0) r5 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f00000002c0)={'macvtap0\x00', &(0x7f0000000000)=@ethtool_cmd={0xa, 0x6, 0x4, 0x4, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0xfffffffa, 0x0, 0x0, 0x0, 0x0, 0x2, [0x3, 0xe0]}}) 8.911073442s ago: executing program 2 (id=1074): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) socket$inet_tcp(0x2, 0x1, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) memfd_create(0x0, 0x0) ioctl$vim2m_VIDIOC_STREAMOFF(0xffffffffffffffff, 0x40045612, &(0x7f0000000000)=0x1) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$inet6(0xa, 0x3, 0x26) connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r3, &(0x7f0000000480), 0x2e9, 0x0) 8.776101906s ago: executing program 1 (id=1075): r0 = socket$pppl2tp(0x18, 0x1, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffd59}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d) connect$pppl2tp(r0, &(0x7f0000000300)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x4, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}}}}, 0x32) 6.649588256s ago: executing program 0 (id=1077): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r2}, 0x0, &(0x7f00000002c0)}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="05000000000000007111b700000000008510000002000000850000005500000095000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) 5.635053087s ago: executing program 2 (id=1081): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x10) openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='cpuacct.usage_sys\x00', 0x275a, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000280), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r0, 0x0) r1 = socket(0x1, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r2, 0x0) sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x40408c1) ioctl$FS_IOC_SETFLAGS(r0, 0xc0189436, &(0x7f0000000140)) 5.39394486s ago: executing program 3 (id=612): mkdir(&(0x7f0000002200)='./file0\x00', 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount(0x0, &(0x7f0000000980)='./file0\x00', &(0x7f0000000080)='debugfs\x00', 0x0, 0x0) mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x21e021, 0x0) 4.349194227s ago: executing program 0 (id=1083): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40040}, 0x80800) syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb08004c000078ac1414000a0101", @ANYRES32=0x41424344], 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000100)='0.::/', 0x0) r0 = add_key$user(&(0x7f00000001c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000080)="bc5d", 0x2, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = dup(r3) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 4.346949642s ago: executing program 1 (id=1084): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000240)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000400)) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f00000002c0)) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0xc0182101, &(0x7f00000003c0)={r1}) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) syz_io_uring_setup(0x186, 0x0, 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r2) ptrace$poke(0x5, r2, 0x0, 0x1000000000000000) socket$inet6_mptcp(0xa, 0x1, 0x106) socket$inet6_icmp(0xa, 0x2, 0x3a) 4.346118418s ago: executing program 2 (id=1085): syz_io_uring_setup(0xd2, 0x0, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) ioctl$IOMMU_VFIO_IOMMU_MAP_DMA(0xffffffffffffffff, 0x3b71, 0x0) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000040)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) syz_open_dev$sndctrl(0x0, 0x0, 0x48082) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x15, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {0x7, 0x0, 0xb, 0x6}, {0x85, 0x0, 0x0, 0x5}, {0x4}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x6, 0xa, 0x9, 0xfff0, 0xf1}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x6, 0x1, 0xb, 0xa, 0x8}, {0x7, 0x0, 0x0, 0x8}, {0x7, 0x1, 0xb, 0x4, 0x9}, {}, {}, {0x18, 0x6, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @sk_reuseport, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) ioctl$SNDRV_CTL_IOCTL_CARD_INFO(0xffffffffffffffff, 0x81785501, 0x0) 3.249621936s ago: executing program 4 (id=1087): socket$igmp(0x2, 0x3, 0x2) creat(&(0x7f0000000040)='./file0\x00', 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) socket(0x10, 0x3, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/vmallocinfo\x00', 0x0, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[0x0], 0x1}) pipe(&(0x7f0000000000)) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$packet(0x11, 0x2, 0x300) r2 = socket$phonet_pipe(0x23, 0x5, 0x2) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{}, 0x0, &(0x7f0000000200)=r2}, 0x20) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r1], &(0x7f0000000180), &(0x7f0000000200), &(0x7f00000001c0)=[0x7fffffff]}) 3.104721047s ago: executing program 0 (id=1088): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_type(r0, &(0x7f0000000100), 0x2, 0x0) write$cgroup_type(r1, &(0x7f0000000280), 0x9) r2 = openat$cgroup_procs(r0, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0) write$cgroup_pid(r2, &(0x7f0000000c40), 0x12) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = bpf$ITER_CREATE(0xb, 0x0, 0x0) close(r4) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000850000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='signal_deliver\x00', r5}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) r6 = openat$cgroup_ro(r3, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_int(r6, &(0x7f0000000200)=0x1, 0x12) 2.968512562s ago: executing program 4 (id=1089): socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$netlink(0x10, 0x3, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c00f329191bac0000f3066b808008ed0660f38806f008ee0", 0x3b}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {}, {0x0, 0x4}]}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x20000000, 0x440, 0x821, 0x0, 0x0, 0x2004cb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000], 0x0, 0x200306}) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.784164829s ago: executing program 2 (id=1090): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r1 = dup(r0) r2 = openat$audio1(0xffffffffffffff9c, 0x0, 0x129082, 0x0) ioctl$SNDCTL_DSP_SETFMT(r2, 0xc0045005, &(0x7f0000000100)) mmap$dsp(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x2, 0x20010, r2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x2000) iopl(0x3) getpeername$packet(r1, 0x0, &(0x7f00000000c0)) ioctl$SNDCTL_DSP_POST(r2, 0x5008, 0x0) io_uring_setup(0x380b, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) ioctl$SNDCTL_DSP_GETODELAY(r1, 0x80045017, &(0x7f0000000000)) write$binfmt_aout(r1, 0x0, 0xffffffdb) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) 2.774819216s ago: executing program 4 (id=1091): socket$unix(0x1, 0x2, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket(0x2a, 0x2, 0x0) ioctl$sock_inet_SIOCGIFBRDADDR(r1, 0x8919, 0x0) timer_create(0xfffffffffffffffc, 0x0, &(0x7f0000000080)=0x0) timer_settime(r2, 0x0, &(0x7f0000000a40)={{}, {0x0, 0x989680}}, &(0x7f0000000a80)) 2.770750568s ago: executing program 1 (id=1092): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r1 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000100)={0x20000014}) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f0000000000)={0xa0000001}) ppoll(&(0x7f0000000200)=[{r3, 0x1}], 0x1, 0x0, 0x0, 0x0) r4 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x1, 0xbfdffffc}, &(0x7f0000000000)=0x0, &(0x7f00000000c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r4, 0x47f6, 0x0, 0x0, 0x0, 0x0) r7 = socket$unix(0x1, 0x5, 0x0) r8 = dup2(r7, r0) close_range(r8, 0xffffffffffffffff, 0x0) 2.593498606s ago: executing program 4 (id=1093): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = userfaultfd(0x801) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000100)) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ffffffff850000002d000000850000007d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='mmap_lock_acquire_returned\x00', r4}, 0x10) ioctl$UFFDIO_CONTINUE(r3, 0x8010aa01, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) 2.056327837s ago: executing program 1 (id=1094): socket$inet_sctp(0x2, 0x1, 0x84) bpf$MAP_CREATE(0x0, &(0x7f0000000dc0)=ANY=[], 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000c00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03080000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021440000000c0a09030000000000000000070000000900020073797a31000000000900010073797a300000000018000380140000800800034000000002050006405200000014000000110001"], 0xc8}}, 0x0) 1.302455116s ago: executing program 4 (id=1095): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) sendmsg$tipc(r0, &(0x7f00000005c0)={&(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x2}, 0x2}}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000180)="ae", 0x1}], 0x1}, 0x0) 1.278041725s ago: executing program 0 (id=1096): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clock_gettime(0x0, &(0x7f0000003f40)={0x0, 0x0}) recvmmsg(r0, &(0x7f0000003dc0)=[{{0x0, 0x0, &(0x7f0000000240)=[{0x0}], 0x1}, 0xa0}, {{&(0x7f0000000540), 0x80, 0x0, 0x0, &(0x7f0000002b80)=""/158, 0x9e}, 0x1}], 0x2, 0x12002, &(0x7f0000003f80)={r1, r2+60000000}) ioctl$sock_bt_hci(r0, 0x400448cb, 0x0) syz_emit_vhci(0x0, 0x7) syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="043e"], 0x22) r3 = socket$igmp(0x2, 0x3, 0x2) r4 = getpid() sched_setscheduler(r4, 0x2, 0x0) setsockopt$MRT_FLUSH(r3, 0x0, 0xd1, 0x0, 0x0) syz_emit_vhci(&(0x7f0000003fc0)=@HCI_EVENT_PKT={0x4, @hci_ev_pscan_rep_mode={{0x20, 0x7}, {@any, 0x6}}}, 0xa) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) chmod(0x0, 0x0) setsockopt$MRT_ADD_VIF(r3, 0x0, 0xca, &(0x7f0000000080)={0x1, 0x4, 0x3f, 0x3202, @vifc_lcl_addr=@local, @broadcast}, 0x10) 122.74643ms ago: executing program 1 (id=1097): r0 = eventfd(0xc) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, &(0x7f0000000040)={0x1, r0}) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, 0x0, &(0x7f0000000480)=""/74}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x0, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0xfffffffffffffffe]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 0s ago: executing program 4 (id=1098): r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2) ioctl$VIDIOC_G_SLICED_VBI_CAP(r0, 0xc0745645, &(0x7f0000000140)={0x8, [0x2, 0x9, 0x1fe, 0x7, 0x7, 0x1, 0x4, 0x7, 0x4fb0, 0x4, 0x6, 0x408, 0x3, 0x7, 0x4, 0x2, 0x2000, 0x1ff, 0x4, 0xb, 0x9, 0x5c, 0x8000, 0x6, 0x789e, 0x8, 0x8, 0x4, 0x2, 0x6, 0x2, 0xfffc, 0x8001, 0x7, 0x0, 0xcc53, 0x7, 0xea03, 0x6, 0x3, 0x5, 0x2, 0x0, 0x9, 0x3ff, 0x0, 0x6, 0x4], 0x2}) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="540000001400b59500000000000000000a000000", @ANYRES32, @ANYBLOB], 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x80) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000000050005000200000c12000300686173683a6e65742c706f7274"], 0x4c}}, 0x2) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="50000000090601020000000000000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1004c892}, 0x84) kernel console output (not intermixed with test programs): 91.322568][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.330135][ T5838] bridge_slave_1: entered allmulticast mode [ 91.338298][ T5838] bridge_slave_1: entered promiscuous mode [ 91.345014][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.352365][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.359726][ T5842] bridge_slave_0: entered allmulticast mode [ 91.367088][ T5842] bridge_slave_0: entered promiscuous mode [ 91.390009][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.397343][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.404597][ T5840] bridge_slave_1: entered allmulticast mode [ 91.412280][ T5840] bridge_slave_1: entered promiscuous mode [ 91.422386][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.471256][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.479183][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.486362][ T5842] bridge_slave_1: entered allmulticast mode [ 91.494356][ T5842] bridge_slave_1: entered promiscuous mode [ 91.559952][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.572441][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.599451][ T5835] team0: Port device team_slave_0 added [ 91.618345][ T5848] Bluetooth: hci0: command tx timeout [ 91.630226][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.644312][ T5830] team0: Port device team_slave_0 added [ 91.682862][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.695050][ T5835] team0: Port device team_slave_1 added [ 91.700816][ T5848] Bluetooth: hci1: command tx timeout [ 91.723945][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.735185][ T5830] team0: Port device team_slave_1 added [ 91.757862][ T5838] team0: Port device team_slave_0 added [ 91.766384][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.832135][ T5838] team0: Port device team_slave_1 added [ 91.852796][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.862872][ T52] cfg80211: failed to load regulatory.db [ 91.868654][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.895719][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.909164][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.916273][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.942684][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.943292][ T5848] Bluetooth: hci4: command tx timeout [ 91.956746][ T5144] Bluetooth: hci3: command tx timeout [ 91.959616][ T5848] Bluetooth: hci2: command tx timeout [ 91.974061][ T5840] team0: Port device team_slave_0 added [ 91.983225][ T5840] team0: Port device team_slave_1 added [ 91.990744][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.997746][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.024262][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.065611][ T5842] team0: Port device team_slave_0 added [ 92.110088][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.117512][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.144222][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.194480][ T5842] team0: Port device team_slave_1 added [ 92.201018][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.208067][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.235436][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.250555][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.257655][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.284053][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.297521][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.304488][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.330616][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.367460][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.374459][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.400837][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.438619][ T5835] hsr_slave_0: entered promiscuous mode [ 92.445249][ T5835] hsr_slave_1: entered promiscuous mode [ 92.472934][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.480113][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.506257][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.547665][ T5830] hsr_slave_0: entered promiscuous mode [ 92.554161][ T5830] hsr_slave_1: entered promiscuous mode [ 92.560971][ T5830] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 92.568899][ T5830] Cannot create hsr debugfs directory [ 92.580617][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.588036][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.614281][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.659491][ T5838] hsr_slave_0: entered promiscuous mode [ 92.666321][ T5838] hsr_slave_1: entered promiscuous mode [ 92.672951][ T5838] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 92.681108][ T5838] Cannot create hsr debugfs directory [ 92.805196][ T5840] hsr_slave_0: entered promiscuous mode [ 92.811658][ T5840] hsr_slave_1: entered promiscuous mode [ 92.818417][ T5840] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 92.825997][ T5840] Cannot create hsr debugfs directory [ 92.900997][ T5842] hsr_slave_0: entered promiscuous mode [ 92.907709][ T5842] hsr_slave_1: entered promiscuous mode [ 92.913818][ T5842] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 92.921678][ T5842] Cannot create hsr debugfs directory [ 93.432313][ T5830] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 93.444712][ T5830] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 93.457776][ T5830] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 93.480545][ T5830] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 93.546519][ T5835] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 93.562981][ T5835] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 93.585096][ T5835] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 93.618164][ T5835] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 93.669374][ T5842] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 93.692480][ T5842] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 93.703388][ T5842] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 93.711284][ T5848] Bluetooth: hci0: command tx timeout [ 93.744669][ T5842] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 93.777822][ T5848] Bluetooth: hci1: command tx timeout [ 93.822242][ T5840] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 93.843001][ T5840] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 93.872569][ T5840] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 93.896871][ T5840] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 93.918332][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.001529][ T5838] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 94.018076][ T5848] Bluetooth: hci2: command tx timeout [ 94.018504][ T5834] Bluetooth: hci3: command tx timeout [ 94.023522][ T5848] Bluetooth: hci4: command tx timeout [ 94.046062][ T5830] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.055095][ T5838] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 94.067235][ T5838] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 94.078652][ T5838] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 94.112284][ T1140] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.119620][ T1140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.182742][ T1140] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.190240][ T1140] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.215927][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.332875][ T5835] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.364911][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.372462][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.412967][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.423217][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.431273][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.455681][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.529934][ T5842] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.586583][ T5840] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.619193][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.626401][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.654415][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.661660][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.700011][ T2946] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.707239][ T2946] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.729580][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.748967][ T2946] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.756343][ T2946] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.825056][ T5838] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.892139][ T2946] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.899402][ T2946] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.936194][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.943643][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.964442][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.131505][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.215746][ T5830] veth0_vlan: entered promiscuous mode [ 95.262265][ T5830] veth1_vlan: entered promiscuous mode [ 95.429790][ T5830] veth0_macvtap: entered promiscuous mode [ 95.475086][ T5830] veth1_macvtap: entered promiscuous mode [ 95.554526][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.579647][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.611392][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.652587][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.675916][ T5830] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.692247][ T5830] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.703490][ T5830] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.712936][ T5830] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.793162][ T5848] Bluetooth: hci0: command tx timeout [ 95.806343][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.839818][ T5838] veth0_vlan: entered promiscuous mode [ 95.859933][ T5848] Bluetooth: hci1: command tx timeout [ 95.950308][ T5838] veth1_vlan: entered promiscuous mode [ 95.985363][ T5840] veth0_vlan: entered promiscuous mode [ 96.001310][ T5835] veth0_vlan: entered promiscuous mode [ 96.007963][ T1140] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.015966][ T1140] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.054230][ T5842] veth0_vlan: entered promiscuous mode [ 96.076311][ T5840] veth1_vlan: entered promiscuous mode [ 96.097780][ T5834] Bluetooth: hci2: command tx timeout [ 96.103332][ T5834] Bluetooth: hci4: command tx timeout [ 96.108755][ T5835] veth1_vlan: entered promiscuous mode [ 96.112882][ T5838] veth0_macvtap: entered promiscuous mode [ 96.115044][ T5848] Bluetooth: hci3: command tx timeout [ 96.136682][ T5842] veth1_vlan: entered promiscuous mode [ 96.145616][ T1140] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.155056][ T5838] veth1_macvtap: entered promiscuous mode [ 96.161884][ T1140] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.272161][ T5840] veth0_macvtap: entered promiscuous mode [ 96.305911][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.312209][ T5830] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 96.316944][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.343505][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.352626][ T5840] veth1_macvtap: entered promiscuous mode [ 96.378682][ T5835] veth0_macvtap: entered promiscuous mode [ 96.388710][ T5842] veth0_macvtap: entered promiscuous mode [ 96.400354][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 96.412036][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.425252][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.450808][ T5842] veth1_macvtap: entered promiscuous mode [ 96.473933][ T5838] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.500918][ T5838] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.510160][ T5838] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.523183][ T5838] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.546034][ T5835] veth1_macvtap: entered promiscuous mode [ 96.575188][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.586330][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.597086][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.609017][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.620769][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.644504][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.661226][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.674268][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.689011][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.700718][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.716414][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.730410][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.781868][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 96.853266][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.869366][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 96.879990][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.950236][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.975762][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 97.059779][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 97.160870][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.187475][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 97.198984][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.209329][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 97.221704][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.232247][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 97.243241][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.302003][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.315097][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.337010][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.356729][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.372937][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.388283][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.416723][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.448340][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.506560][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.546769][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.556751][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.569913][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.589337][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.600007][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.612514][ T5835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.623896][ T5835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.657896][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.668595][ T5840] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.678857][ T5840] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.687754][ T5840] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.696614][ T5840] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.722405][ T5842] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.736930][ T5842] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.747097][ T5842] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.755952][ T5842] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.793796][ T5835] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.817190][ T5835] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.896729][ T5848] Bluetooth: hci0: command tx timeout [ 97.937125][ T5848] Bluetooth: hci1: command tx timeout [ 97.968565][ T5835] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.978033][ T5835] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.178529][ T5848] Bluetooth: hci3: command tx timeout [ 98.184170][ T5848] Bluetooth: hci4: command tx timeout [ 98.195686][ T5848] Bluetooth: hci2: command tx timeout [ 98.835546][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.881244][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.932392][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.949266][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.992442][ T1140] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.001266][ T1140] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.042531][ T30] audit: type=1804 audit(1745124754.359:2): pid=5919 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.0.7" name="/newroot/2/bus/bus" dev="overlay" ino=36 res=1 errno=0 [ 99.081371][ T5919] evm: overlay not supported [ 99.101636][ T5919] Invalid ELF header len 8 [ 99.147895][ T1140] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.155770][ T1140] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.193840][ T2946] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.221471][ T2946] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.302120][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.337490][ T5923] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 99.347543][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.390072][ T5925] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 99.428242][ T5926] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8'. [ 99.499649][ T1140] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.501293][ T2961] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.522106][ T1140] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.526379][ T2961] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.671319][ T5941] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9'. [ 101.238104][ T5941] hsr_slave_1 (unregistering): left promiscuous mode [ 101.427124][ T5881] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 101.679016][ T5958] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.688475][ T5958] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.711248][ T5960] overlayfs: failed to resolve './file0': -2 [ 101.720994][ T5881] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 101.746288][ T5881] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 101.777984][ T5881] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 101.791144][ T5881] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 101.868180][ T5951] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 101.896895][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 101.912658][ T5881] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 102.141267][ T5881] usb 1-1: USB disconnect, device number 2 [ 102.267683][ T5968] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 102.310053][ T5966] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 103.101391][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 103.522664][ T5971] udevd[5971]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 103.818573][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 103.857376][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 103.922031][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 103.947889][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 104.028007][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 104.567275][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 104.576085][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 105.747131][ T24] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 105.917629][ T24] usb 1-1: Using ep0 maxpacket: 8 [ 105.957066][ T5879] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 106.068790][ T24] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 106.102585][ T24] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 106.114213][ T24] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 106.289851][ T24] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 106.330797][ T5879] usb 4-1: Using ep0 maxpacket: 16 [ 106.358945][ T24] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 106.377070][ T5879] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 106.401241][ T24] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 106.416796][ T5879] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 106.434429][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 106.454769][ T5879] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 106.509195][ T5879] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 106.543403][ T5879] usb 4-1: Product: syz [ 106.560174][ T5879] usb 4-1: Manufacturer: syz [ 106.565209][ T5879] usb 4-1: SerialNumber: syz [ 106.609273][ T5879] usb 4-1: config 0 descriptor?? [ 106.625350][ T5879] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 106.684594][ T5879] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class) [ 106.709963][ T24] usb 1-1: usb_control_msg returned -32 [ 106.724465][ T24] usbtmc 1-1:16.0: can't read capabilities [ 107.231850][ T5879] em28xx 4-1:0.0: unknown em28xx chip ID (0) [ 107.243417][ T5879] em28xx 4-1:0.0: Config register raw data: 0xfffffffb [ 107.468052][ T5997] usbtmc 1-1:16.0: usb_clear_halt returned -32 [ 107.672869][ T5908] usb 1-1: USB disconnect, device number 3 [ 107.865552][ T5879] em28xx 4-1:0.0: Unknown AC97 audio processor detected! [ 107.885369][ T5879] em28xx 4-1:0.0: couldn't setup AC97 register 2 [ 107.906402][ T5879] em28xx 4-1:0.0: couldn't setup AC97 register 4 [ 107.993791][ T6000] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 108.145767][ T5879] em28xx 4-1:0.0: couldn't setup AC97 register 6 [ 108.166878][ T5879] em28xx 4-1:0.0: couldn't setup AC97 register 54 [ 108.186235][ T5879] em28xx 4-1:0.0: couldn't setup AC97 register 56 [ 108.263572][ T5879] usb 4-1: USB disconnect, device number 2 [ 113.913898][ T24] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 114.344763][ T24] usb 2-1: Using ep0 maxpacket: 8 [ 114.361796][ T6040] __vm_enough_memory: pid: 6040, comm: syz.1.36, bytes: 21199851425792 not enough memory for the allocation [ 115.319210][ T6048] kvm: kvm [6046]: vcpu0, guest rIP: 0x1a3 Unhandled WRMSR(0xc2) = 0x8000 [ 115.373669][ T30] audit: type=1804 audit(1745124770.659:3): pid=6055 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.2.40" name="/newroot/8/bus/cgroup.controllers" dev="overlay" ino=69 res=1 errno=0 [ 118.582255][ T24] usb 2-1: unable to get BOS descriptor or descriptor too short [ 118.595792][ T24] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 118.609371][ T24] usb 2-1: can't read configurations, error -71 [ 118.687243][ T6088] xt_CT: You must specify a L4 protocol and not use inversions on it [ 120.421560][ T6100] overlayfs: failed to clone upperpath [ 126.237521][ T24] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 126.397252][ T24] usb 4-1: Using ep0 maxpacket: 32 [ 126.404507][ T24] usb 4-1: config 0 has an invalid interface number: 5 but max is 0 [ 126.413308][ T24] usb 4-1: config 0 has no interface number 0 [ 126.428627][ T24] usb 4-1: config 0 interface 5 altsetting 9 endpoint 0x1 has invalid maxpacket 512, setting to 64 [ 126.471587][ T24] usb 4-1: config 0 interface 5 altsetting 9 endpoint 0x7 has an invalid bInterval 151, changing to 11 [ 126.508959][ T24] usb 4-1: config 0 interface 5 has no altsetting 0 [ 126.520322][ T24] usb 4-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=71.44 [ 126.529556][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 126.538329][ T24] usb 4-1: Product: syz [ 126.542660][ T24] usb 4-1: Manufacturer: syz [ 126.560479][ T24] usb 4-1: SerialNumber: syz [ 126.595857][ T24] usb 4-1: config 0 descriptor?? [ 126.930101][ T24] radio-si470x 4-1:0.5: could not find interrupt in endpoint [ 126.950792][ T24] radio-si470x 4-1:0.5: probe with driver radio-si470x failed with error -5 [ 126.999370][ T24] radio-raremono 4-1:0.5: this is not Thanko's Raremono. [ 127.020227][ T24] usbhid 4-1:0.5: couldn't find an input interrupt endpoint [ 127.530062][ T976] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 127.655845][ T24] usb 4-1: USB disconnect, device number 3 [ 127.745167][ T976] usb 2-1: Using ep0 maxpacket: 8 [ 127.786744][ T976] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 127.826886][ T976] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 127.853693][ T976] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 127.892782][ T976] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 127.946996][ T976] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 127.971084][ T6192] hsr0: entered promiscuous mode [ 127.981296][ T6192] vlan2: entered promiscuous mode [ 127.986890][ T976] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 127.986935][ T976] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 128.194237][ T6197] block nbd2: shutting down sockets [ 128.295194][ T6197] block nbd2: NBD_DISCONNECT [ 128.301752][ T6197] block nbd2: Send disconnect failed -22 [ 128.338953][ T976] usb 2-1: usb_control_msg returned -32 [ 128.419744][ T976] usbtmc 2-1:16.0: can't read capabilities [ 130.119670][ T24] usb 2-1: USB disconnect, device number 4 [ 130.201371][ T6210] netlink: 36 bytes leftover after parsing attributes in process `syz.2.86'. [ 130.210629][ T6210] netlink: 16 bytes leftover after parsing attributes in process `syz.2.86'. [ 130.417363][ T6210] netlink: 36 bytes leftover after parsing attributes in process `syz.2.86'. [ 130.458118][ T6210] netlink: 36 bytes leftover after parsing attributes in process `syz.2.86'. [ 131.058807][ T6220] syz_tun: entered allmulticast mode [ 131.144861][ T6221] netlink: 8 bytes leftover after parsing attributes in process `syz.1.88'. [ 131.342075][ T6226] netlink: 12 bytes leftover after parsing attributes in process `syz.2.90'. [ 131.409811][ T6226] ip6gretap1: entered allmulticast mode [ 131.438443][ T6230] netlink: 28 bytes leftover after parsing attributes in process `syz.2.90'. [ 131.701222][ T24] kernel write not supported for file /vcs (pid: 24 comm: kworker/1:0) [ 131.953104][ T5920] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 132.497788][ T5920] usb 1-1: Using ep0 maxpacket: 8 [ 132.513849][ T5920] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 132.526696][ T5920] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 132.548161][ T5920] usb 1-1: New USB device found, idVendor=2040, idProduct=2950, bcdDevice=85.f1 [ 132.566708][ T5920] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 132.585053][ T5920] usb 1-1: Product: syz [ 132.622575][ T5920] usb 1-1: Manufacturer: syz [ 132.629306][ T5920] usb 1-1: SerialNumber: syz [ 132.652192][ T5920] usb 1-1: config 0 descriptor?? [ 132.679107][ T5920] pvrusb2: Hardware description: WinTV PVR USB2 Model 29xxx [ 132.827689][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.843553][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.901509][ T5920] usb 1-1: USB disconnect, device number 4 [ 132.937840][ T2345] usb 1-1: Direct firmware load for v4l-pvrusb2-29xxx-01.fw failed with error -2 [ 132.968468][ T6250] netlink: 'syz.1.98': attribute type 4 has an invalid length. [ 132.983006][ T2345] usb 1-1: Falling back to sysfs fallback for: v4l-pvrusb2-29xxx-01.fw [ 135.465553][ T6269] ieee802154 phy0 wpan0: encryption failed: -22 [ 135.646426][ T6255] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 136.409527][ T6255] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.488183][ T6255] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 138.657868][ T6255] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 140.849209][ T6312] netlink: 56 bytes leftover after parsing attributes in process `syz.1.116'. [ 140.868138][ T6312] netlink: 8 bytes leftover after parsing attributes in process `syz.1.116'. [ 140.979481][ T6310] warning: `syz.0.117' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 142.204795][ T6255] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 142.264702][ T6255] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 142.305111][ T6322] syz.1.121 uses obsolete (PF_INET,SOCK_PACKET) [ 142.751667][ T6255] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 142.875199][ T6255] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 148.120517][ T6368] process 'syz.2.135' launched './file1' with NULL argv: empty string added [ 159.381531][ T6433] netlink: 'syz.2.154': attribute type 39 has an invalid length. [ 159.751512][ T976] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 160.702698][ T6443] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 160.710924][ T976] usb 4-1: Using ep0 maxpacket: 16 [ 160.746555][ T976] usb 4-1: descriptor type invalid, skip [ 160.773590][ T976] usb 4-1: config 0 has no interfaces? [ 160.791003][ T976] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 160.801182][ T976] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 160.831805][ T976] usb 4-1: Product: syz [ 160.836107][ T976] usb 4-1: Manufacturer: syz [ 160.842270][ T976] usb 4-1: SerialNumber: syz [ 160.930999][ T976] usb 4-1: config 0 descriptor?? [ 161.194160][ T52] usb 4-1: USB disconnect, device number 4 [ 162.242797][ T6464] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 162.998212][ T6478] Driver unsupported XDP return value 0 on prog (id 34) dev N/A, expect packet loss! [ 164.454433][ T6486] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 165.746902][ T30] audit: type=1326 audit(1745124821.059:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6508 comm="syz.4.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f527018e169 code=0x7ffc0000 [ 165.790808][ T30] audit: type=1326 audit(1745124821.099:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6508 comm="syz.4.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f527018e169 code=0x7ffc0000 [ 165.873561][ T30] audit: type=1326 audit(1745124821.099:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6508 comm="syz.4.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f527018e169 code=0x7ffc0000 [ 165.946726][ T30] audit: type=1326 audit(1745124821.099:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6508 comm="syz.4.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=133 compat=0 ip=0x7f527018e169 code=0x7ffc0000 [ 166.025418][ T30] audit: type=1326 audit(1745124821.099:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6508 comm="syz.4.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f527018e169 code=0x7ffc0000 [ 166.065530][ T30] audit: type=1326 audit(1745124821.109:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6508 comm="syz.4.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=163 compat=0 ip=0x7f527018e169 code=0x7ffc0000 [ 166.253157][ T30] audit: type=1326 audit(1745124821.109:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6508 comm="syz.4.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f527018e169 code=0x7ffc0000 [ 167.950519][ T6548] bridge0: port 3(vxlan0) entered blocking state [ 167.967104][ T6548] bridge0: port 3(vxlan0) entered disabled state [ 167.977200][ T6548] vxlan0: entered allmulticast mode [ 167.989493][ T6548] vxlan0: entered promiscuous mode [ 170.504719][ T6578] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 170.511684][ T6578] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 170.868793][ T6592] trusted_key: syz.2.205 sent an empty control message without MSG_MORE. [ 171.080209][ T30] audit: type=1326 audit(1745124826.399:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6594 comm="syz.3.208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0ddb8e169 code=0x7ffc0000 [ 171.784122][ T30] audit: type=1326 audit(1745124826.399:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6594 comm="syz.3.208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7ff0ddb8e169 code=0x7ffc0000 [ 171.836719][ T30] audit: type=1326 audit(1745124826.399:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6594 comm="syz.3.208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0ddb8e169 code=0x7ffc0000 [ 171.919304][ T30] audit: type=1326 audit(1745124826.399:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6594 comm="syz.3.208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=93 compat=0 ip=0x7ff0ddb8e169 code=0x7ffc0000 [ 172.207763][ T30] audit: type=1326 audit(1745124826.399:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6594 comm="syz.3.208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0ddb8e169 code=0x7ffc0000 [ 172.231607][ T30] audit: type=1326 audit(1745124827.099:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6594 comm="syz.3.208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0ddb8e169 code=0x7ffc0000 [ 172.257060][ T30] audit: type=1326 audit(1745124827.099:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6594 comm="syz.3.208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=19 compat=0 ip=0x7ff0ddb8e169 code=0x7ffc0000 [ 172.278841][ T30] audit: type=1326 audit(1745124827.239:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6594 comm="syz.3.208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0ddb8e169 code=0x7ffc0000 [ 173.010593][ T30] audit: type=1326 audit(1745124827.239:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6594 comm="syz.3.208" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0ddb8e169 code=0x7ffc0000 [ 176.853775][ T6667] tipc: Failed to remove unknown binding: 66,1,1/0:942897980/942897982 [ 176.862656][ T6667] tipc: Failed to remove unknown binding: 66,1,1/0:942897980/942897982 [ 177.312571][ T6679] syz.2.231 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 177.328342][ T6671] syzkaller0: entered promiscuous mode [ 177.337299][ T6671] syzkaller0: entered allmulticast mode [ 182.238283][ T6720] Bluetooth: MGMT ver 1.23 [ 182.818517][ T6724] netlink: 24 bytes leftover after parsing attributes in process `syz.1.246'. [ 188.980877][ T6704] bridge: RTM_NEWNEIGH with invalid ether address [ 189.071649][ T6760] bridge0: entered promiscuous mode [ 189.081314][ T6760] vlan2: entered promiscuous mode [ 189.888991][ T52] IPVS: starting estimator thread 0... [ 189.987448][ T6779] IPVS: using max 37 ests per chain, 88800 per kthread [ 190.720531][ T6798] program syz.0.267 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 190.746583][ T6793] bond0: entered promiscuous mode [ 190.768223][ T6793] bond_slave_0: entered promiscuous mode [ 190.795713][ T6793] bond_slave_1: entered promiscuous mode [ 190.821161][ T6793] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 190.848980][ T6793] bond1: (slave macvlan2): Enslaving as an active interface with an up link [ 193.139252][ T6824] kvm: kvm [6822]: vcpu0, guest rIP: 0x1a3 Unhandled WRMSR(0xc2) = 0x8000 [ 193.307544][ T6835] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 194.259146][ T2345] pvrusb2: request_firmware fatal error with code=-110 [ 194.418142][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.420103][ T2345] pvrusb2: Failure uploading firmware1 [ 194.424531][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.430334][ T2345] pvrusb2: Device initialization was not successful. [ 194.443728][ T2345] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 194.454042][ T2345] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 195.050443][ T5920] pvrusb2: Device being rendered inoperable [ 200.019196][ T6888] kvm: kvm [6886]: vcpu0, guest rIP: 0x1a3 Unhandled WRMSR(0xc2) = 0x8000 [ 200.566853][ T5881] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 201.387605][ T5881] usb 2-1: Using ep0 maxpacket: 16 [ 201.394973][ T5881] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 201.415670][ T5881] usb 2-1: New USB device found, idVendor=046d, idProduct=c50c, bcdDevice= 0.00 [ 201.483582][ T6911] netlink: 116 bytes leftover after parsing attributes in process `syz.0.302'. [ 201.511796][ T6911] netlink: 92 bytes leftover after parsing attributes in process `syz.0.302'. [ 201.837778][ T5881] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 201.980442][ T5881] usb 2-1: config 0 descriptor?? [ 203.247518][ T5881] usbhid 2-1:0.0: can't add hid device: -71 [ 203.287906][ T5881] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 203.339408][ T5881] usb 2-1: USB disconnect, device number 5 [ 206.057041][ T6973] netlink: 56 bytes leftover after parsing attributes in process `syz.0.323'. [ 206.074364][ T6973] netlink: 8 bytes leftover after parsing attributes in process `syz.0.323'. [ 208.487197][ T6987] Zero length message leads to an empty skb [ 210.003542][ T7003] netlink: 4 bytes leftover after parsing attributes in process `syz.4.333'. [ 210.026768][ T5881] IPVS: starting estimator thread 0... [ 210.116897][ T7006] IPVS: using max 24 ests per chain, 57600 per kthread [ 211.708363][ T5848] Bluetooth: hci0: command 0x0406 tx timeout [ 212.128839][ T7037] netlink: 12 bytes leftover after parsing attributes in process `syz.1.342'. [ 212.512164][ T7042] netlink: 28 bytes leftover after parsing attributes in process `syz.1.342'. [ 213.213371][ T7031] bridge0: port 2(bridge_slave_1) entered disabled state [ 213.221952][ T7031] bridge0: port 1(bridge_slave_0) entered disabled state [ 213.511445][ T7047] netlink: 4 bytes leftover after parsing attributes in process `syz.0.345'. [ 213.982738][ T7052] netlink: 4 bytes leftover after parsing attributes in process `syz.0.345'. [ 214.375704][ T7031] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 214.420869][ T7058] netlink: 12 bytes leftover after parsing attributes in process `syz.3.357'. [ 215.056333][ T7031] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 215.228598][ T7062] fuse: Bad value for 'fd' [ 215.313098][ T7031] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 215.329804][ T7031] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 215.343010][ T7031] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 215.355058][ T7031] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 215.494166][ T7031] bond0: left promiscuous mode [ 215.500041][ T7031] bond_slave_0: left promiscuous mode [ 215.505811][ T7031] bond_slave_1: left promiscuous mode [ 215.522104][ T7037] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 215.533494][ T7041] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 215.575835][ T7041] ip6gretap1: entered allmulticast mode [ 216.811898][ T7090] wlan0 speed is unknown, defaulting to 1000 [ 216.846783][ T7090] wlan0 speed is unknown, defaulting to 1000 [ 216.860081][ T5844] Bluetooth: hci4: Unable to find connection for big 0x14 [ 216.864259][ T7090] wlan0 speed is unknown, defaulting to 1000 [ 217.026255][ T7090] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 217.196727][ T5844] Bluetooth: hci1: command 0x0406 tx timeout [ 217.203781][ T5844] Bluetooth: hci2: command 0x0406 tx timeout [ 217.210695][ T5844] Bluetooth: hci4: command 0x0406 tx timeout [ 217.215360][ T5845] Bluetooth: hci3: command 0x0406 tx timeout [ 217.238520][ T7090] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 217.290997][ T7090] wlan0 speed is unknown, defaulting to 1000 [ 217.299665][ T7090] wlan0 speed is unknown, defaulting to 1000 [ 217.307744][ T7090] wlan0 speed is unknown, defaulting to 1000 [ 217.331287][ T7090] wlan0 speed is unknown, defaulting to 1000 [ 217.352616][ T7090] wlan0 speed is unknown, defaulting to 1000 [ 219.918523][ T7131] 9pnet: p9_errstr2errno: server reported unknown error 1844674407370 [ 221.144049][ T7148] netlink: 'syz.4.376': attribute type 4 has an invalid length. [ 221.224716][ T7153] netlink: 36 bytes leftover after parsing attributes in process `syz.4.378'. [ 221.234323][ T7153] netlink: 12 bytes leftover after parsing attributes in process `syz.4.378'. [ 221.243246][ T7153] netlink: 16 bytes leftover after parsing attributes in process `syz.4.378'. [ 221.317549][ T7154] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 221.571777][ T7162] sch_tbf: burst 8791 is lower than device lo mtu (65550) ! [ 221.630332][ T7160] netlink: 4 bytes leftover after parsing attributes in process `syz.2.381'. [ 221.636259][ T7162] sch_tbf: burst 8787 is lower than device lo mtu (65550) ! [ 227.563540][ T55] Bluetooth: Frame is too long (len 151, expected len 4) [ 227.606753][ T7217] capability: warning: `syz.2.398' uses deprecated v2 capabilities in a way that may be insecure [ 230.240709][ T7249] netlink: 24 bytes leftover after parsing attributes in process `syz.1.409'. [ 230.299242][ T7248] netlink: 8 bytes leftover after parsing attributes in process `syz.4.408'. [ 230.336877][ T7248] netlink: 8 bytes leftover after parsing attributes in process `syz.4.408'. [ 233.211603][ T976] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 233.423718][ T976] usb 2-1: config index 0 descriptor too short (expected 32820, got 52) [ 233.466533][ T976] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 233.505313][ T976] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0035, bcdDevice= a.97 [ 233.555166][ T976] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 233.563732][ T5833] Process accounting resumed [ 233.610690][ T976] usb 2-1: Product: syz [ 233.629362][ T976] usb 2-1: Manufacturer: syz [ 233.649582][ T976] usb 2-1: SerialNumber: syz [ 233.673778][ T976] usb 2-1: config 0 descriptor?? [ 233.700348][ T976] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 233.799889][ T976] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 233.905679][ T7275] udevd[7275]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 233.965971][ T5833] usb 2-1: USB disconnect, device number 6 [ 234.365454][ T7289] ip6gretap0: entered promiscuous mode [ 234.375802][ T7289] vlan2: entered promiscuous mode [ 234.412568][ T7284] netlink: 76 bytes leftover after parsing attributes in process `syz.0.420'. [ 234.837538][ T7300] netlink: 12 bytes leftover after parsing attributes in process `syz.0.426'. [ 234.918331][ T7303] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 234.982275][ T7305] netlink: 'syz.4.428': attribute type 1 has an invalid length. [ 235.056015][ T7305] bond1: entered promiscuous mode [ 235.065283][ T7305] bond1: entered allmulticast mode [ 235.085110][ T7308] ip6gretap1: entered allmulticast mode [ 235.155808][ T7308] bond1: (slave ip6gretap1): making interface the new active one [ 235.235540][ T7308] ip6gretap1: entered promiscuous mode [ 235.276545][ T7308] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 236.160413][ T30] audit: type=1326 audit(1745124891.479:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7320 comm="syz.4.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f527018e169 code=0x7ffc0000 [ 236.238482][ T30] audit: type=1326 audit(1745124891.499:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7320 comm="syz.4.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f527018e169 code=0x7ffc0000 [ 236.522957][ T30] audit: type=1326 audit(1745124891.519:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7320 comm="syz.4.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f527018e169 code=0x7ffc0000 [ 236.546726][ T30] audit: type=1326 audit(1745124891.519:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7320 comm="syz.4.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f527018e169 code=0x7ffc0000 [ 237.557055][ T30] audit: type=1326 audit(1745124891.519:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7320 comm="syz.4.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f527018e169 code=0x7ffc0000 [ 238.308637][ T30] audit: type=1326 audit(1745124891.519:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7320 comm="syz.4.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=440 compat=0 ip=0x7f527018e169 code=0x7ffc0000 [ 238.596266][ T30] audit: type=1326 audit(1745124891.519:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7320 comm="syz.4.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f527018e169 code=0x7ffc0000 [ 238.640691][ T30] audit: type=1326 audit(1745124891.519:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7320 comm="syz.4.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f527018e169 code=0x7ffc0000 [ 239.626764][ T30] audit: type=1326 audit(1745124891.519:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7320 comm="syz.4.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=300 compat=0 ip=0x7f527018e169 code=0x7ffc0000 [ 240.362428][ T30] audit: type=1326 audit(1745124891.519:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7320 comm="syz.4.435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f527018e169 code=0x7ffc0000 [ 240.846719][ T5933] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 241.016830][ T5933] usb 1-1: Using ep0 maxpacket: 16 [ 241.049851][ T5933] usb 1-1: New USB device found, idVendor=061d, idProduct=c160, bcdDevice=a8.f7 [ 241.081208][ T5933] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 241.122879][ T5933] usb 1-1: Product: syz [ 241.141621][ T5933] usb 1-1: Manufacturer: syz [ 241.160687][ T5933] usb 1-1: SerialNumber: syz [ 241.182644][ T5933] usb 1-1: config 0 descriptor?? [ 241.421148][ T5933] quatech2 1-1:0.0: Quatech 2nd gen USB to Serial Driver converter detected [ 241.804012][ T7352] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 242.127823][ T7352] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 242.414903][ T7363] bridge0: port 2(bridge_slave_1) entered disabled state [ 242.423721][ T7363] bridge0: port 1(bridge_slave_0) entered disabled state [ 242.453691][ T5933] usb 1-1: qt2_attach - failed to power on unit: -71 [ 242.462972][ T5933] quatech2 1-1:0.0: probe with driver quatech2 failed with error -71 [ 242.483176][ T5933] usb 1-1: USB disconnect, device number 5 [ 242.567682][ T7363] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 242.587829][ T7363] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 242.661303][ T7363] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 242.673549][ T7363] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 242.682621][ T7363] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 242.691769][ T7363] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 243.873246][ T7384] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 245.817944][ T7411] Invalid ELF header magic: != ELF [ 246.232943][ T7413] netlink: 'syz.2.457': attribute type 1 has an invalid length. [ 246.233638][ T7407] netlink: 16 bytes leftover after parsing attributes in process `syz.0.455'. [ 246.330251][ T7413] bond2: entered promiscuous mode [ 246.335450][ T7413] bond2: entered allmulticast mode [ 246.512020][ T7418] netlink: 28 bytes leftover after parsing attributes in process `syz.2.457'. [ 246.543088][ T7415] ip6gretap1: entered allmulticast mode [ 246.717810][ T7415] bond2: (slave ip6gretap1): making interface the new active one [ 246.750630][ T7415] ip6gretap1: entered promiscuous mode [ 247.215999][ T7415] bond2: (slave ip6gretap1): Enslaving as an active interface with an up link [ 247.823567][ T7418] bond2: left promiscuous mode [ 247.829052][ T7418] ip6gretap1: left promiscuous mode [ 247.834589][ T7418] bond2: left allmulticast mode [ 247.847272][ T7418] 8021q: adding VLAN 0 to HW filter on device bond2 [ 248.658569][ T7423] bridge0: port 2(bridge_slave_1) entered disabled state [ 248.666365][ T7423] bridge0: port 1(bridge_slave_0) entered disabled state [ 248.921281][ T7439] netlink: 'syz.2.465': attribute type 4 has an invalid length. [ 249.102761][ T7423] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 249.118906][ T7423] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 249.255175][ T7423] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 249.264685][ T7423] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 249.278379][ T7423] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 249.290732][ T7423] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 249.406917][ T5920] usb 2-1: new full-speed USB device number 7 using dummy_hcd [ 250.168729][ T5920] usb 2-1: config 1 has an invalid interface number: 31 but max is 0 [ 250.180920][ T5920] usb 2-1: config 1 has no interface number 0 [ 250.188086][ T5920] usb 2-1: config 1 interface 31 altsetting 14 endpoint 0x3 has invalid maxpacket 1023, setting to 64 [ 250.199526][ T5920] usb 2-1: config 1 interface 31 altsetting 14 endpoint 0xC has invalid wMaxPacketSize 0 [ 250.209825][ T5920] usb 2-1: config 1 interface 31 has no altsetting 0 [ 250.246294][ T5920] usb 2-1: New USB device found, idVendor=05ac, idProduct=8218, bcdDevice=11.5c [ 250.300529][ T5920] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 250.333159][ T5920] usb 2-1: Product: syz [ 250.382929][ T5920] usb 2-1: Manufacturer: syz [ 250.388440][ T5920] usb 2-1: SerialNumber: syz [ 250.429956][ T7441] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 250.607267][ T5933] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 250.848385][ T5933] usb 1-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 251.263726][ T5920] usb 2-1: USB disconnect, device number 7 [ 251.360839][ T5933] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 251.383743][ T5933] usb 1-1: config 0 descriptor?? [ 251.414084][ T7460] netlink: 4 bytes leftover after parsing attributes in process `syz.4.471'. [ 251.476304][ T7465] netlink: 4 bytes leftover after parsing attributes in process `syz.4.471'. [ 251.675157][ T5933] [drm] vendor descriptor length:6 data:06 5f 01 00 00 00 00 00 00 00 00 [ 251.687816][ T5933] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor [ 252.514368][ T5933] [drm:udl_init] *ERROR* Selecting channel failed [ 252.579232][ T5933] [drm] Initialized udl 0.0.1 for 1-1:0.0 on minor 2 [ 252.608374][ T5933] [drm] Initialized udl on minor 2 [ 252.623434][ T5933] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 252.651001][ T5933] udl 1-1:0.0: [drm] Cannot find any crtc or sizes [ 252.718990][ T5833] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 252.727785][ T5933] usb 1-1: USB disconnect, device number 6 [ 252.735198][ T5833] udl 1-1:0.0: [drm] Cannot find any crtc or sizes [ 253.677260][ T7480] netlink: 'syz.3.475': attribute type 4 has an invalid length. [ 253.800887][ T7480] netlink: 'syz.3.475': attribute type 4 has an invalid length. [ 254.623166][ T55] Bluetooth: hci1: unexpected event for opcode 0x0c26 [ 255.710877][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.717452][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.786181][ T7524] xt_CT: You must specify a L4 protocol and not use inversions on it [ 257.619908][ T7530] ptrace attach of "./syz-executor exec"[5842] was attempted by "./syz-executor exec"[7530] [ 257.652729][ T7530] netlink: 24 bytes leftover after parsing attributes in process `syz.2.491'. [ 257.745932][ T7534] overlayfs: failed to decode file handle (len=6, type=248, flags=0, err=-22) [ 260.326092][ T7550] Invalid source name [ 260.330191][ T7550] UBIFS error (pid: 7550): cannot open "./file0", error -22 [ 263.025605][ T6135] Bluetooth: hci5: Frame reassembly failed (-84) [ 265.062660][ T55] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 265.069376][ T5834] Bluetooth: hci5: command 0x1003 tx timeout [ 265.666219][ T7608] netlink: 12 bytes leftover after parsing attributes in process `syz.0.515'. [ 265.770699][ T7612] wlan0 speed is unknown, defaulting to 1000 [ 265.838805][ T7616] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 266.375398][ T7627] netlink: 12 bytes leftover after parsing attributes in process `syz.4.521'. [ 267.141768][ T7630] overlayfs: failed to clone upperpath [ 269.427111][ T7634] netem: incorrect ge model size [ 269.457014][ T7634] netem: change failed [ 269.760475][ T7653] netlink: 12 bytes leftover after parsing attributes in process `syz.1.530'. [ 270.712920][ T30] kauditd_printk_skb: 12 callbacks suppressed [ 270.712940][ T30] audit: type=1326 audit(1745124926.029:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7669 comm="syz.2.533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34d858e169 code=0x7ffc0000 [ 271.285166][ T30] audit: type=1326 audit(1745124926.029:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7669 comm="syz.2.533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=229 compat=0 ip=0x7f34d858e169 code=0x7ffc0000 [ 271.310960][ T30] audit: type=1326 audit(1745124926.029:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7669 comm="syz.2.533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34d858e169 code=0x7ffc0000 [ 271.333114][ T30] audit: type=1326 audit(1745124926.029:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7669 comm="syz.2.533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f34d858e169 code=0x7ffc0000 [ 271.504992][ T30] audit: type=1326 audit(1745124926.029:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7669 comm="syz.2.533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34d858e169 code=0x7ffc0000 [ 271.527040][ T30] audit: type=1326 audit(1745124926.029:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7669 comm="syz.2.533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=311 compat=0 ip=0x7f34d858e169 code=0x7ffc0000 [ 271.548496][ T30] audit: type=1326 audit(1745124926.039:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7669 comm="syz.2.533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34d858e169 code=0x7ffc0000 [ 271.585641][ T30] audit: type=1326 audit(1745124926.039:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7669 comm="syz.2.533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=25 compat=0 ip=0x7f34d858e169 code=0x7ffc0000 [ 272.425939][ T30] audit: type=1326 audit(1745124926.209:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7669 comm="syz.2.533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34d858e169 code=0x7ffc0000 [ 272.533714][ T30] audit: type=1326 audit(1745124926.209:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7669 comm="syz.2.533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34d858e169 code=0x7ffc0000 [ 275.567748][ T7721] vlan2: entered promiscuous mode [ 275.573260][ T7721] vlan2: entered allmulticast mode [ 275.578902][ T7721] hsr_slave_1: entered allmulticast mode [ 275.622804][ T7721] netlink: 4 bytes leftover after parsing attributes in process `syz.0.548'. [ 279.909097][ T7750] netlink: 24 bytes leftover after parsing attributes in process `syz.4.556'. [ 280.037362][ T7750] sch_tbf: burst 88 is lower than device veth3 mtu (1514) ! [ 280.091256][ T30] audit: type=1326 audit(1745124935.310:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7753 comm="syz.2.559" exe="/root/syz-executor" sig=31 arch=c000003e syscall=39 compat=0 ip=0x7f34d8585127 code=0x0 [ 280.113577][ C1] vkms_vblank_simulate: vblank timer overrun [ 283.168698][ T7789] netlink: 4 bytes leftover after parsing attributes in process `syz.4.569'. [ 283.264026][ T7786] trusted_key: encrypted_key: insufficient parameters specified [ 283.481633][ T7789] team0 (unregistering): Port device team_slave_0 removed [ 283.523879][ T7789] team0 (unregistering): Port device team_slave_1 removed [ 286.691075][ T7831] netlink: 'syz.3.578': attribute type 1 has an invalid length. [ 286.802003][ T7831] bond1: entered promiscuous mode [ 286.807101][ T7831] bond1: entered allmulticast mode [ 286.849274][ T7840] ip6gretap1: entered allmulticast mode [ 286.865007][ T7840] bond1: (slave ip6gretap1): making interface the new active one [ 286.872974][ T7840] ip6gretap1: entered promiscuous mode [ 286.892503][ T7845] siw: device registration error -23 [ 286.895971][ T7840] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 287.038178][ T7831] netlink: 28 bytes leftover after parsing attributes in process `syz.3.578'. [ 287.107447][ T7831] bond1: left promiscuous mode [ 287.134521][ T7831] ip6gretap1: left promiscuous mode [ 287.148277][ T7858] fuse: Bad value for 'fd' [ 287.155839][ T7831] bond1: left allmulticast mode [ 287.188713][ T7831] 8021q: adding VLAN 0 to HW filter on device bond1 [ 289.770023][ T7893] wlan0 speed is unknown, defaulting to 1000 [ 294.249665][ T7918] netlink: 72 bytes leftover after parsing attributes in process `syz.1.602'. [ 296.763036][ T7951] netlink: 48 bytes leftover after parsing attributes in process `syz.0.610'. [ 301.436916][ T7995] sctp: [Deprecated]: syz.0.622 (pid 7995) Use of struct sctp_assoc_value in delayed_ack socket option. [ 301.436916][ T7995] Use struct sctp_sack_info instead [ 301.490295][ T7992] netlink: 8 bytes leftover after parsing attributes in process `syz.4.624'. [ 301.513655][ T1140] bridge_slave_1: left allmulticast mode [ 301.668874][ T1140] bridge_slave_1: left promiscuous mode [ 301.687037][ T1140] bridge0: port 2(bridge_slave_1) entered disabled state [ 302.375808][ T1140] bridge_slave_0: left allmulticast mode [ 302.382539][ T1140] bridge_slave_0: left promiscuous mode [ 302.390474][ T1140] bridge0: port 1(bridge_slave_0) entered disabled state [ 302.597431][ T5834] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 302.622589][ T5834] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 302.630972][ T5834] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 302.640941][ T5834] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 302.649082][ T5834] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 302.747613][ T1140] bond1 (unregistering): (slave ip6gretap1): Releasing active interface [ 304.140492][ T1140] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 304.152232][ T1140] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 304.163472][ T1140] bond0 (unregistering): Released all slaves [ 304.297900][ T1140] bond1 (unregistering): Released all slaves [ 304.600015][ T8016] wg2: entered promiscuous mode [ 304.604937][ T8016] wg2: entered allmulticast mode [ 304.835220][ T5834] Bluetooth: hci2: command tx timeout [ 305.366515][ T8003] wlan0 speed is unknown, defaulting to 1000 [ 306.356380][ T30] audit: type=1326 audit(1745124959.846:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8037 comm="syz.0.635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7a898e169 code=0x7ffc0000 [ 306.445069][ T30] audit: type=1326 audit(1745124959.846:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8037 comm="syz.0.635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7a898e169 code=0x7ffc0000 [ 306.501755][ T30] audit: type=1326 audit(1745124959.846:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8037 comm="syz.0.635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7fb7a898e169 code=0x7ffc0000 [ 306.568653][ T30] audit: type=1326 audit(1745124959.846:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8037 comm="syz.0.635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7a898e169 code=0x7ffc0000 [ 306.636429][ T30] audit: type=1326 audit(1745124959.855:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8037 comm="syz.0.635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fb7a898e169 code=0x7ffc0000 [ 306.693100][ T30] audit: type=1326 audit(1745124959.855:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8037 comm="syz.0.635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7a898e169 code=0x7ffc0000 [ 306.721772][ T30] audit: type=1326 audit(1745124959.865:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8037 comm="syz.0.635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb7a898e169 code=0x7ffc0000 [ 306.747749][ T30] audit: type=1326 audit(1745124959.865:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8037 comm="syz.0.635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7a898e169 code=0x7ffc0000 [ 306.775333][ T30] audit: type=1326 audit(1745124959.865:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8037 comm="syz.0.635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7fb7a898e169 code=0x7ffc0000 [ 306.821730][ T30] audit: type=1326 audit(1745124959.865:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8037 comm="syz.0.635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7a898e169 code=0x7ffc0000 [ 307.295223][ T5834] Bluetooth: hci2: command tx timeout [ 307.897527][ T8058] netlink: 4 bytes leftover after parsing attributes in process `syz.0.637'. [ 308.324531][ T1140] hsr_slave_0: left promiscuous mode [ 308.515407][ T1140] hsr_slave_1: left promiscuous mode [ 308.525395][ T1140] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 308.540746][ T1140] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 309.475299][ T5834] Bluetooth: hci2: command tx timeout [ 311.675847][ T5834] Bluetooth: hci2: command tx timeout [ 311.961481][ T1140] team0 (unregistering): Port device team_slave_1 removed [ 312.044121][ T1140] team0 (unregistering): Port device team_slave_0 removed [ 313.412598][ T8112] netlink: 12 bytes leftover after parsing attributes in process `syz.0.654'. [ 313.607665][ T8003] chnl_net:caif_netlink_parms(): no params data found [ 315.253100][ T8148] netlink: 20 bytes leftover after parsing attributes in process `syz.0.660'. [ 315.476137][ T8153] cgroup: Unknown subsys name 'noxattr' [ 315.512427][ T8157] lo: entered allmulticast mode [ 315.525448][ T8157] tunl0: entered allmulticast mode [ 315.555619][ T8158] netlink: 2036 bytes leftover after parsing attributes in process `syz.4.662'. [ 315.565380][ T8157] gre0: entered allmulticast mode [ 315.589441][ T8157] gretap0: entered allmulticast mode [ 315.601827][ T8158] netlink: 24 bytes leftover after parsing attributes in process `syz.4.662'. [ 315.612699][ T8157] erspan0: entered allmulticast mode [ 315.618223][ T8157] ip_vti0: entered allmulticast mode [ 315.649158][ T8157] ip6_vti0: entered allmulticast mode [ 315.658332][ T8157] sit0: entered allmulticast mode [ 315.665169][ T8157] ip6tnl0: entered allmulticast mode [ 315.670963][ T8157] ip6gre0: entered allmulticast mode [ 315.681348][ T8157] ip6gretap0: entered allmulticast mode [ 315.690137][ T8157] bridge0: entered allmulticast mode [ 315.705956][ T8157] vcan0: entered allmulticast mode [ 315.712357][ T8157] bond0: entered allmulticast mode [ 315.728270][ T8157] bond_slave_0: entered allmulticast mode [ 315.753714][ T8157] bond_slave_1: entered allmulticast mode [ 315.769390][ T8157] team0: entered allmulticast mode [ 315.789734][ T8157] team_slave_0: entered allmulticast mode [ 315.807648][ T8157] team_slave_1: entered allmulticast mode [ 315.820051][ T8157] dummy0: entered allmulticast mode [ 315.850754][ T8157] nlmon0: entered allmulticast mode [ 315.860098][ T8157] caif0: entered allmulticast mode [ 315.865559][ T8157] batadv0: entered allmulticast mode [ 315.881554][ T8157] vxcan0: entered allmulticast mode [ 315.894090][ T8157] vxcan1: entered allmulticast mode [ 315.910390][ T8157] veth0: entered allmulticast mode [ 315.924096][ T8157] veth1: entered allmulticast mode [ 315.944017][ T8157] wg0: entered allmulticast mode [ 315.958286][ T8157] wg1: entered allmulticast mode [ 315.978344][ T8157] wg2: entered allmulticast mode [ 315.989813][ T8157] veth0_to_bridge: entered allmulticast mode [ 316.007668][ T8157] veth1_to_bridge: entered allmulticast mode [ 316.021354][ T8157] veth0_to_bond: entered allmulticast mode [ 316.144991][ T8157] veth1_to_bond: entered allmulticast mode [ 316.152580][ T8157] veth0_to_team: entered allmulticast mode [ 316.169407][ T8157] veth1_to_team: entered allmulticast mode [ 316.175899][ T8157] veth0_to_batadv: entered allmulticast mode [ 317.268278][ T8157] batadv_slave_0: entered allmulticast mode [ 317.328688][ T8157] veth1_to_batadv: entered allmulticast mode [ 317.548372][ T8157] batadv_slave_1: entered allmulticast mode [ 317.554508][ T8157] xfrm0: entered allmulticast mode [ 317.560206][ T8157] veth0_to_hsr: entered allmulticast mode [ 317.566325][ T8157] hsr_slave_0: entered allmulticast mode [ 317.572426][ T8157] veth1_to_hsr: entered allmulticast mode [ 317.603290][ T8157] hsr_slave_1: entered allmulticast mode [ 317.611499][ T8157] hsr0: entered allmulticast mode [ 317.616743][ T8157] veth1_virt_wifi: entered allmulticast mode [ 317.624600][ T8179] netlink: 4 bytes leftover after parsing attributes in process `syz.4.668'. [ 317.635377][ T8157] veth0_virt_wifi: entered allmulticast mode [ 317.644655][ T8157] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 317.664049][ T8157] veth1_vlan: entered allmulticast mode [ 317.671142][ T8157] veth0_vlan: entered allmulticast mode [ 317.679702][ T8157] vlan0: entered allmulticast mode [ 317.697489][ T8157] vlan1: entered allmulticast mode [ 317.744689][ T8157] macvlan0: entered allmulticast mode [ 317.788069][ T8157] macvlan1: entered allmulticast mode [ 317.850013][ T8157] ipvlan0: entered allmulticast mode [ 317.904869][ T8157] veth1_macvtap: entered allmulticast mode [ 317.959592][ T8157] veth0_macvtap: entered allmulticast mode [ 317.997642][ T8157] macvtap0: entered allmulticast mode [ 318.044282][ T8157] macsec0: entered allmulticast mode [ 318.090649][ T8157] geneve0: entered allmulticast mode [ 318.130497][ T8157] geneve1: entered allmulticast mode [ 318.169570][ T8157] netdevsim netdevsim2 netdevsim0: entered allmulticast mode [ 318.191203][ T8157] netdevsim netdevsim2 netdevsim1: entered allmulticast mode [ 318.230414][ T8157] netdevsim netdevsim2 netdevsim2: entered allmulticast mode [ 318.242689][ T8157] netdevsim netdevsim2 netdevsim3: entered allmulticast mode [ 318.254175][ T8157] mac80211_hwsim hwsim9 wlan0: entered allmulticast mode [ 318.264625][ T8157] mac80211_hwsim hwsim11 wlan1: entered allmulticast mode [ 318.273935][ T8157] bond1: entered allmulticast mode [ 318.279380][ T8157] macvlan2: entered allmulticast mode [ 318.291393][ T8157] bond2: entered allmulticast mode [ 318.307092][ T8157] mac80211_hwsim hwsim11 syzkaller0: entered allmulticast mode [ 318.369472][ T8003] bridge0: port 1(bridge_slave_0) entered blocking state [ 318.385065][ T8003] bridge0: port 1(bridge_slave_0) entered disabled state [ 318.404946][ T8003] bridge_slave_0: entered allmulticast mode [ 318.422652][ T8003] bridge_slave_0: entered promiscuous mode [ 318.611935][ T8179] bond0: (slave bond_slave_0): Releasing backup interface [ 318.637895][ T8003] bridge0: port 2(bridge_slave_1) entered blocking state [ 318.645809][ T8003] bridge0: port 2(bridge_slave_1) entered disabled state [ 318.653760][ T8003] bridge_slave_1: entered allmulticast mode [ 318.666795][ T8003] bridge_slave_1: entered promiscuous mode [ 318.822825][ T8003] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 318.859282][ T8003] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 319.805725][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 319.812517][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 320.857370][ T8003] team0: Port device team_slave_0 added [ 320.873149][ T8003] team0: Port device team_slave_1 added [ 321.035546][ T8003] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 321.195551][ T8003] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 322.120535][ T8003] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 322.133785][ T8003] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 322.140888][ T8003] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 322.253561][ T8003] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 322.749689][ T8003] hsr_slave_0: entered promiscuous mode [ 322.789141][ T8003] hsr_slave_1: entered promiscuous mode [ 322.822448][ T8003] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 322.874212][ T8003] Cannot create hsr debugfs directory [ 322.907417][ T8234] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 326.467817][ T8269] vcan0: tx drop: invalid da for name 0x0000000000000003 [ 330.379059][ T8307] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.698'. [ 330.504805][ T8306] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.698'. [ 331.761920][ T8003] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 331.804280][ T8003] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 331.855182][ T8003] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 331.921723][ T8003] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 332.064515][ T8334] gfs2: path_lookup on /dev/net/tun returned error -2 [ 332.211589][ T8003] 8021q: adding VLAN 0 to HW filter on device bond0 [ 332.264425][ T8003] 8021q: adding VLAN 0 to HW filter on device team0 [ 332.405433][ T8350] netlink: 12 bytes leftover after parsing attributes in process `syz.4.710'. [ 332.542328][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 332.549573][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 333.205510][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 333.212770][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 334.668600][ T8003] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 334.721491][ T8375] bridge_slave_0: left promiscuous mode [ 334.757857][ T8375] bridge0: port 1(bridge_slave_0) entered disabled state [ 334.794781][ T8375] bridge_slave_1: left promiscuous mode [ 334.805863][ T8375] bridge0: port 2(bridge_slave_1) entered disabled state [ 334.900730][ T8375] bond0: (slave bond_slave_0): Releasing backup interface [ 334.927541][ T8375] bond0: (slave bond_slave_1): Releasing backup interface [ 334.968056][ T8375] team0: Port device team_slave_0 removed [ 334.997232][ T8375] team0: Port device team_slave_1 removed [ 335.009637][ T8375] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 335.063253][ T8375] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 335.178785][ T8375] bond1: (slave macvlan2): Releasing backup interface [ 335.221373][ T8375] bond2: (slave ip6gretap1): Releasing active interface [ 335.412199][ T8003] veth0_vlan: entered promiscuous mode [ 335.491499][ T8003] veth1_vlan: entered promiscuous mode [ 337.147121][ T8003] veth0_macvtap: entered promiscuous mode [ 337.244640][ T8003] veth1_macvtap: entered promiscuous mode [ 337.351743][ T8003] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 337.395494][ T8003] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 337.445551][ T8003] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 337.529845][ T8003] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 337.548606][ T8003] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 337.559404][ T8003] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 337.642988][ T8419] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 338.163494][ T8003] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 338.174559][ T8003] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 338.299806][ T8003] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 338.311510][ T8003] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 338.422841][ T8003] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 338.458491][ T8003] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 338.562721][ T8003] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 338.593366][ T8003] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 339.024102][ T8435] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 339.993102][ T8441] netlink: 36 bytes leftover after parsing attributes in process `syz.1.727'. [ 340.028551][ T70] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 340.030909][ T8441] netlink: 16 bytes leftover after parsing attributes in process `syz.1.727'. [ 340.069221][ T70] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 340.121023][ T8441] netlink: 36 bytes leftover after parsing attributes in process `syz.1.727'. [ 340.152079][ T8444] vlan2: entered allmulticast mode [ 340.194767][ T8441] netlink: 36 bytes leftover after parsing attributes in process `syz.1.727'. [ 340.521114][ T2985] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 340.554579][ T2985] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 342.175748][ T8463] netlink: 4 bytes leftover after parsing attributes in process `syz.4.732'. [ 344.128912][ T8463] vxlan0: left allmulticast mode [ 344.142903][ T8463] vxlan0: left promiscuous mode [ 344.177110][ T8463] bridge0: port 3(vxlan0) entered disabled state [ 344.210720][ T8463] bridge_slave_1: left allmulticast mode [ 344.241170][ T8463] bridge_slave_1: left promiscuous mode [ 344.247282][ T8463] bridge0: port 2(bridge_slave_1) entered disabled state [ 344.308224][ T8463] bridge_slave_0: left promiscuous mode [ 344.343734][ T8463] bridge0: port 1(bridge_slave_0) entered disabled state [ 345.523053][ T8501] netlink: 12 bytes leftover after parsing attributes in process `syz.2.739'. [ 347.122096][ T148] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 349.578999][ T148] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 349.846046][ T148] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 350.111379][ T148] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 350.169170][ T55] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 350.187099][ T55] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 350.198762][ T55] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 350.207744][ T55] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 350.218448][ T55] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 350.531794][ T8586] wlan0 speed is unknown, defaulting to 1000 [ 351.547632][ T148] bridge_slave_1: left allmulticast mode [ 351.600892][ T148] bridge_slave_1: left promiscuous mode [ 351.620932][ T148] bridge0: port 2(bridge_slave_1) entered disabled state [ 351.666128][ T148] bridge_slave_0: left allmulticast mode [ 351.681989][ T148] bridge_slave_0: left promiscuous mode [ 351.699997][ T148] bridge0: port 1(bridge_slave_0) entered disabled state [ 352.472633][ T55] Bluetooth: hci2: command tx timeout [ 353.283871][ T8617] F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 353.291918][ T8617] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 353.301599][ T8617] F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 353.309466][ T8617] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock [ 354.694943][ T55] Bluetooth: hci2: command tx timeout [ 355.421800][ T8632] PKCS7: Unknown OID: [4] 0.38.35.0.121826293(bad) [ 355.428671][ T8632] PKCS7: Only support pkcs7_signedData type [ 356.796310][ T148] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 356.809630][ T148] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 356.918481][ T55] Bluetooth: hci2: command tx timeout [ 357.488068][ T148] bond0 (unregistering): Released all slaves [ 359.862624][ T55] Bluetooth: hci2: command tx timeout [ 360.322405][ T8586] chnl_net:caif_netlink_parms(): no params data found [ 360.682737][ T8686] netlink: 1276 bytes leftover after parsing attributes in process `syz.4.772'. [ 361.318875][ T8701] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 363.026512][ T148] hsr_slave_0: left promiscuous mode [ 363.070520][ T148] hsr_slave_1: left promiscuous mode [ 363.091119][ T148] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 363.115266][ T148] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 363.248874][ T148] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 363.308926][ T148] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 363.484264][ T148] veth1_macvtap: left promiscuous mode [ 363.490259][ T148] veth0_macvtap: left promiscuous mode [ 363.696699][ T148] veth1_vlan: left promiscuous mode [ 363.724414][ T148] veth0_vlan: left promiscuous mode [ 363.798788][ T8729] mmap: syz.2.784 (8729) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 366.910915][ T148] team0 (unregistering): Port device team_slave_1 removed [ 366.951412][ T148] team0 (unregistering): Port device team_slave_0 removed [ 367.509319][ T8586] bridge0: port 1(bridge_slave_0) entered blocking state [ 367.521867][ T8586] bridge0: port 1(bridge_slave_0) entered disabled state [ 367.531441][ T8586] bridge_slave_0: entered allmulticast mode [ 367.539635][ T8586] bridge_slave_0: entered promiscuous mode [ 367.569864][ T8586] bridge0: port 2(bridge_slave_1) entered blocking state [ 367.579273][ T8586] bridge0: port 2(bridge_slave_1) entered disabled state [ 367.586544][ T8586] bridge_slave_1: entered allmulticast mode [ 367.594775][ T8586] bridge_slave_1: entered promiscuous mode [ 367.928035][ T8586] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 368.040286][ T8586] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 368.051282][ T8755] overlayfs: failed to clone upperpath [ 369.076013][ T8586] team0: Port device team_slave_0 added [ 369.195171][ T8586] team0: Port device team_slave_1 added [ 370.392806][ T8586] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 370.428248][ T8586] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 370.500307][ T8586] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 370.626686][ T8586] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 370.672202][ T8586] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 370.782720][ T8586] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 370.839323][ T8775] lo speed is unknown, defaulting to 1000 [ 370.845265][ T8775] lo speed is unknown, defaulting to 1000 [ 371.733798][ T8775] lo speed is unknown, defaulting to 1000 [ 371.752193][ T8775] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 371.836848][ T8586] hsr_slave_0: entered promiscuous mode [ 371.848823][ T8586] hsr_slave_1: entered promiscuous mode [ 371.855916][ T8586] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 371.865462][ T8586] Cannot create hsr debugfs directory [ 372.202068][ T8775] lo speed is unknown, defaulting to 1000 [ 372.379399][ T8792] netlink: 'syz.0.801': attribute type 10 has an invalid length. [ 372.391401][ T8792] netlink: 40 bytes leftover after parsing attributes in process `syz.0.801'. [ 372.716341][ T8792] batman_adv: batadv0: Adding interface: virt_wifi0 [ 372.955454][ T8792] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 373.009592][ T8792] batman_adv: batadv0: Interface activated: virt_wifi0 [ 373.138349][ T8775] lo speed is unknown, defaulting to 1000 [ 373.146075][ T8775] lo speed is unknown, defaulting to 1000 [ 373.155012][ T8775] lo speed is unknown, defaulting to 1000 [ 373.162692][ T8775] lo speed is unknown, defaulting to 1000 [ 374.422128][ T8807] ptrace attach of "./syz-executor exec"[5842] was attempted by "./syz-executor exec"[8807] [ 376.222562][ T8832] sctp: [Deprecated]: syz.1.809 (pid 8832) Use of struct sctp_assoc_value in delayed_ack socket option. [ 376.222562][ T8832] Use struct sctp_sack_info instead [ 377.022538][ T8835] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 377.038427][ T8835] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 377.047707][ T8835] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 377.071014][ T8835] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 377.094418][ T8835] geneve2: entered promiscuous mode [ 377.121264][ T8838] netlink: 156 bytes leftover after parsing attributes in process `syz.1.812'. [ 377.289515][ T8844] netlink: 8 bytes leftover after parsing attributes in process `syz.4.816'. [ 377.409808][ T8844] vlan2: entered promiscuous mode [ 377.433794][ T8844] bond0: entered promiscuous mode [ 377.462547][ T8844] bond_slave_1: entered promiscuous mode [ 380.690037][ T8586] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 380.749172][ T8586] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 380.816126][ T8586] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 380.892187][ T8586] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 381.539296][ T8896] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 382.142303][ T8586] 8021q: adding VLAN 0 to HW filter on device bond0 [ 382.257556][ T8586] 8021q: adding VLAN 0 to HW filter on device team0 [ 382.298631][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 382.305853][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 382.385504][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 382.392733][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 385.039199][ T8586] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 385.537412][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 385.543780][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 385.561212][ T8586] veth0_vlan: entered promiscuous mode [ 385.576513][ T8586] veth1_vlan: entered promiscuous mode [ 385.622282][ T30] kauditd_printk_skb: 10 callbacks suppressed [ 385.622303][ T30] audit: type=1800 audit(1745125034.014:73): pid=8931 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.837" name="bus" dev="ramfs" ino=21915 res=0 errno=0 [ 385.743886][ T8586] veth0_macvtap: entered promiscuous mode [ 385.840485][ T8586] veth1_macvtap: entered promiscuous mode [ 385.907073][ T8586] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 385.938465][ T8586] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 385.950421][ T8586] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 385.967415][ T8586] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 385.990261][ T8586] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 386.012527][ T8586] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 386.040258][ T8586] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 386.074653][ T8586] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 386.086453][ T8586] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 386.129386][ T8586] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 386.229735][ T8586] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 386.271236][ T8586] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 386.296294][ T8586] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 386.321506][ T8586] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 386.779692][ T8975] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 387.678643][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 387.694017][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 388.527615][ T148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 388.553745][ T148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 389.242436][ T9001] overlayfs: failed to clone upperpath [ 391.533285][ T9009] netlink: 4 bytes leftover after parsing attributes in process `syz.4.855'. [ 394.959013][ T9044] netlink: 8 bytes leftover after parsing attributes in process `syz.0.860'. [ 395.451716][ T2985] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 395.613994][ T2985] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 395.737987][ T2985] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 396.080760][ T2985] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 399.384564][ T2985] bridge_slave_1: left allmulticast mode [ 399.390279][ T2985] bridge_slave_1: left promiscuous mode [ 399.436909][ T55] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 399.447795][ T2985] bridge0: port 2(bridge_slave_1) entered disabled state [ 399.448132][ T55] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 399.467567][ T55] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 399.476654][ T55] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 399.505012][ T55] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 399.506159][ T2985] bridge_slave_0: left allmulticast mode [ 399.595388][ T2985] bridge_slave_0: left promiscuous mode [ 399.601240][ T2985] bridge0: port 1(bridge_slave_0) entered disabled state [ 401.844261][ T55] Bluetooth: hci2: command tx timeout [ 403.012749][ T9139] netlink: 104 bytes leftover after parsing attributes in process `syz.2.884'. [ 403.308078][ T2985] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 403.321001][ T2985] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 403.332322][ T2985] bond0 (unregistering): Released all slaves [ 403.490378][ T9102] wlan0 speed is unknown, defaulting to 1000 [ 403.518402][ T9102] lo speed is unknown, defaulting to 1000 [ 404.131021][ T55] Bluetooth: hci2: command tx timeout [ 405.745465][ T30] audit: type=1326 audit(1745125052.843:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9159 comm="syz.1.890" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9b758e169 code=0x7ffc0000 [ 405.804875][ T30] audit: type=1326 audit(1745125052.881:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9159 comm="syz.1.890" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9b758e169 code=0x7ffc0000 [ 405.837940][ T30] audit: type=1326 audit(1745125052.881:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9159 comm="syz.1.890" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7ff9b758e169 code=0x7ffc0000 [ 405.899106][ T30] audit: type=1326 audit(1745125052.881:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9159 comm="syz.1.890" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9b758e169 code=0x7ffc0000 [ 405.899222][ T9166] netlink: 156 bytes leftover after parsing attributes in process `syz.4.891'. [ 405.967812][ T30] audit: type=1326 audit(1745125052.881:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9159 comm="syz.1.890" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9b758e169 code=0x7ffc0000 [ 406.010535][ T9174] netlink: 4 bytes leftover after parsing attributes in process `syz.0.892'. [ 406.067344][ T30] audit: type=1326 audit(1745125052.881:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9159 comm="syz.1.890" exe="/root/syz-executor" sig=0 arch=c000003e syscall=93 compat=0 ip=0x7ff9b758e169 code=0x7ffc0000 [ 406.104717][ T30] audit: type=1326 audit(1745125052.881:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9159 comm="syz.1.890" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9b758e169 code=0x7ffc0000 [ 406.183534][ T9185] netlink: 4 bytes leftover after parsing attributes in process `syz.0.892'. [ 406.656965][ T30] audit: type=1326 audit(1745125052.881:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9159 comm="syz.1.890" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9b758e169 code=0x7ffc0000 [ 406.683727][ T55] Bluetooth: hci2: command tx timeout [ 406.739452][ T30] audit: type=1326 audit(1745125052.909:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9159 comm="syz.1.890" exe="/root/syz-executor" sig=0 arch=c000003e syscall=19 compat=0 ip=0x7ff9b758e169 code=0x7ffc0000 [ 406.779677][ T30] audit: type=1326 audit(1745125052.909:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9159 comm="syz.1.890" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9b758e169 code=0x7ffc0000 [ 406.849777][ T2985] hsr_slave_0: left promiscuous mode [ 406.856903][ T2985] hsr_slave_1: left promiscuous mode [ 406.863220][ T2985] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 406.872945][ T2985] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 406.882949][ T2985] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 406.890960][ T2985] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 407.105498][ T2985] veth1_macvtap: left promiscuous mode [ 407.799922][ T2985] veth0_macvtap: left promiscuous mode [ 407.805920][ T2985] veth1_vlan: left promiscuous mode [ 407.811312][ T2985] veth0_vlan: left promiscuous mode [ 408.852282][ T55] Bluetooth: hci2: command tx timeout [ 409.410002][ T2985] team0 (unregistering): Port device team_slave_1 removed [ 409.488206][ T2985] team0 (unregistering): Port device team_slave_0 removed [ 411.469391][ T9102] chnl_net:caif_netlink_parms(): no params data found [ 411.683148][ T9218] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22 [ 411.698683][ T9218] netdevsim netdevsim0: Direct firmware load for . failed with error -22 [ 411.707193][ T9218] netdevsim netdevsim0: Falling back to sysfs fallback for: . [ 413.014648][ T9241] ksmbd: Unknown IPC event: 0, ignore. [ 414.985930][ T9245] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 415.493277][ T9102] bridge0: port 1(bridge_slave_0) entered blocking state [ 415.500440][ T9102] bridge0: port 1(bridge_slave_0) entered disabled state [ 415.661100][ T9102] bridge_slave_0: entered allmulticast mode [ 415.689008][ T9102] bridge_slave_0: entered promiscuous mode [ 415.729950][ T9102] bridge0: port 2(bridge_slave_1) entered blocking state [ 415.780825][ T9102] bridge0: port 2(bridge_slave_1) entered disabled state [ 415.792739][ T9102] bridge_slave_1: entered allmulticast mode [ 415.800630][ T9102] bridge_slave_1: entered promiscuous mode [ 418.153127][ T9102] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 418.220872][ T9102] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 419.881736][ T9102] team0: Port device team_slave_0 added [ 420.355940][ T9102] team0: Port device team_slave_1 added [ 421.221941][ T9340] Device name cannot be null; rc = [-22] [ 422.137208][ T9102] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 422.166208][ T9102] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 422.933016][ T9102] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 422.998397][ T9102] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 423.282023][ T9102] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 423.711741][ T9102] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 424.158274][ T9102] hsr_slave_0: entered promiscuous mode [ 424.244125][ T9102] hsr_slave_1: entered promiscuous mode [ 424.867612][ T9102] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 424.875675][ T9102] Cannot create hsr debugfs directory [ 427.552967][ T9401] netlink: 4 bytes leftover after parsing attributes in process `syz.4.942'. [ 427.647923][ T5881] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 427.853009][ T5881] usb 1-1: Using ep0 maxpacket: 8 [ 427.935627][ T5881] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 428.019478][ T5881] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 428.124403][ T5881] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 428.242363][ T5881] usb 1-1: New USB device found, idVendor=056a, idProduct=00b5, bcdDevice= 0.00 [ 428.250931][ T9405] overlayfs: failed to clone upperpath [ 428.254118][ T5881] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 428.407995][ T5881] usb 1-1: config 0 descriptor?? [ 428.657061][ T5881] usbhid 1-1:0.0: can't add hid device: -71 [ 428.673973][ T5881] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 428.698549][ T5881] usb 1-1: USB disconnect, device number 7 [ 428.875533][ T9102] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 428.916314][ T9102] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 428.951058][ T9102] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 429.779584][ T9102] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 430.934918][ T9102] 8021q: adding VLAN 0 to HW filter on device bond0 [ 431.241277][ T9102] 8021q: adding VLAN 0 to HW filter on device team0 [ 431.280464][ T1140] bridge0: port 1(bridge_slave_0) entered blocking state [ 431.287835][ T1140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 431.926782][ T1140] bridge0: port 2(bridge_slave_1) entered blocking state [ 431.933996][ T1140] bridge0: port 2(bridge_slave_1) entered forwarding state [ 434.034728][ T9102] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 434.230405][ T9102] veth0_vlan: entered promiscuous mode [ 434.375926][ T9102] veth1_vlan: entered promiscuous mode [ 434.491285][ T9506] sctp: [Deprecated]: syz.4.961 (pid 9506) Use of struct sctp_assoc_value in delayed_ack socket option. [ 434.491285][ T9506] Use struct sctp_sack_info instead [ 434.506274][ T9102] veth0_macvtap: entered promiscuous mode [ 434.545888][ T9102] veth1_macvtap: entered promiscuous mode [ 434.601858][ T9102] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 434.641533][ T9102] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 434.669781][ T9102] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 434.690494][ T9102] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 434.951014][ T9102] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 434.988850][ T9102] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 436.005356][ T9102] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 436.026320][ T9102] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 436.049702][ T9102] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 436.838628][ T9102] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 436.851233][ T9102] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 436.860735][ T9102] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 436.869734][ T9102] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 436.878518][ T9102] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 437.883148][ T6135] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 438.148712][ T6135] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 439.267080][ T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 439.993506][ T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 440.245333][ T9558] overlayfs: failed to clone upperpath [ 440.990207][ T9562] netlink: 'syz.4.972': attribute type 10 has an invalid length. [ 440.997982][ T9562] netlink: 40 bytes leftover after parsing attributes in process `syz.4.972'. [ 441.010257][ T9562] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 443.201173][ T6135] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 443.468486][ T6135] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 443.593971][ T6135] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 443.685868][ T6135] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 443.880327][ T6135] bridge_slave_1: left allmulticast mode [ 443.886057][ T6135] bridge_slave_1: left promiscuous mode [ 443.897011][ T6135] bridge0: port 2(bridge_slave_1) entered disabled state [ 443.912844][ T6135] bridge_slave_0: left allmulticast mode [ 443.919614][ T6135] bridge_slave_0: left promiscuous mode [ 443.926228][ T6135] bridge0: port 1(bridge_slave_0) entered disabled state [ 444.100560][ T9634] 9pnet: p9_errstr2errno: server reported unknown error 18446744073709 [ 447.495307][ T5834] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 447.516035][ T5834] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 447.529281][ T5834] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 447.551300][ T5834] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 447.687106][ T9668] ======================================================= [ 447.687106][ T9668] WARNING: The mand mount option has been deprecated and [ 447.687106][ T9668] and is ignored by this kernel. Remove the mand [ 447.687106][ T9668] option from the mount to silence this warning. [ 447.687106][ T9668] ======================================================= [ 447.747645][ T5834] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 448.670539][ T6135] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 448.685678][ T6135] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 448.702597][ T6135] bond0 (unregistering): Released all slaves [ 448.728686][ T9653] batman_adv: batadv0: Interface deactivated: virt_wifi0 [ 448.736045][ T9653] batman_adv: batadv0: Removing interface: virt_wifi0 [ 448.748466][ T9653] team0: Device virt_wifi0 is up. Set it down before adding it as a team port [ 448.759706][ T9659] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wireguard%d": -EINTR [ 448.827380][ T9664] wlan0 speed is unknown, defaulting to 1000 [ 448.856652][ T9664] lo speed is unknown, defaulting to 1000 [ 449.969736][ T55] Bluetooth: hci2: command tx timeout [ 450.561876][ T30] kauditd_printk_skb: 8 callbacks suppressed [ 450.561896][ T30] audit: type=1326 audit(1745125094.768:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9709 comm="syz.4.1005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f527018e169 code=0x7ffc0000 [ 450.613329][ T30] audit: type=1326 audit(1745125094.768:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9709 comm="syz.4.1005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f527018e169 code=0x7ffc0000 [ 450.635357][ T30] audit: type=1326 audit(1745125094.777:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9709 comm="syz.4.1005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=239 compat=0 ip=0x7f527018e169 code=0x7ffc0000 [ 450.657321][ T30] audit: type=1326 audit(1745125094.777:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9709 comm="syz.4.1005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f527018e169 code=0x7ffc0000 [ 450.683996][ T30] audit: type=1326 audit(1745125094.777:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9709 comm="syz.4.1005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f527018e169 code=0x7ffc0000 [ 450.706005][ T9717] syz_tun: entered allmulticast mode [ 450.715758][ T30] audit: type=1326 audit(1745125094.777:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9709 comm="syz.4.1005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f527018e169 code=0x7ffc0000 [ 450.748313][ T30] audit: type=1326 audit(1745125094.777:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9709 comm="syz.4.1005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f527018e169 code=0x7ffc0000 [ 450.773806][ T30] audit: type=1326 audit(1745125094.777:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9709 comm="syz.4.1005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f527018e169 code=0x7ffc0000 [ 450.811873][ T6135] hsr_slave_0: left promiscuous mode [ 450.820364][ T6135] hsr_slave_1: left promiscuous mode [ 450.830873][ T6135] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 450.861919][ T30] audit: type=1326 audit(1745125094.777:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9709 comm="syz.4.1005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f527018e169 code=0x7ffc0000 [ 450.862903][ T6135] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 450.902077][ T30] audit: type=1326 audit(1745125094.777:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9709 comm="syz.4.1005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f527018e169 code=0x7ffc0000 [ 450.939278][ T6135] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 450.949888][ T6135] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 450.987180][ T6135] veth1_macvtap: left promiscuous mode [ 450.993019][ T6135] veth0_macvtap: left promiscuous mode [ 451.000103][ T6135] veth1_vlan: left promiscuous mode [ 451.005911][ T6135] veth0_vlan: left promiscuous mode [ 451.196124][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 451.204395][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 452.233223][ T55] Bluetooth: hci2: command tx timeout [ 452.408437][ T9734] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1009'. [ 452.486381][ T9737] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1009'. [ 452.922850][ T9743] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1011'. [ 454.417058][ T55] Bluetooth: hci2: command tx timeout [ 455.000890][ T6135] team0 (unregistering): Port device team_slave_1 removed [ 455.068665][ T6135] team0 (unregistering): Port device team_slave_0 removed [ 456.337136][ T9710] syz_tun: left allmulticast mode [ 456.428663][ T9747] IPVS: Unknown mcast interface: vcan0 [ 456.640424][ T55] Bluetooth: hci2: command tx timeout [ 457.074061][ T9664] chnl_net:caif_netlink_parms(): no params data found [ 457.918314][ T9765] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1017'. [ 458.047049][ T9785] netlink: 'syz.2.1020': attribute type 1 has an invalid length. [ 458.059727][ T9765] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 458.323107][ T9765] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 458.681972][ T9800] xt_hashlimit: size too large, truncated to 1048576 [ 459.058313][ T9800] Cannot find del_set index 2 as target [ 460.355619][ T9810] xt_hashlimit: size too large, truncated to 1048576 [ 460.888024][ T9815] netlink: 'syz.4.1026': attribute type 27 has an invalid length. [ 460.991795][ T9820] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 461.116066][ T9823] netlink: 'syz.1.1029': attribute type 4 has an invalid length. [ 461.303602][ T9827] xt_CT: You must specify a L4 protocol and not use inversions on it [ 462.807482][ T9815] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 462.833173][ T9815] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 463.449123][ T9815] netdevsim netdevsim4 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 463.458127][ T9815] netdevsim netdevsim4 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 463.467461][ T9815] netdevsim netdevsim4 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 463.477045][ T9815] netdevsim netdevsim4 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 463.503515][ T9815] bond1: left promiscuous mode [ 463.512359][ T9815] ip6gretap1: left promiscuous mode [ 463.520033][ T9815] bond1: left allmulticast mode [ 463.529793][ T9815] ip6gretap1: left allmulticast mode [ 463.556458][ T9815] vlan2: left promiscuous mode [ 463.561616][ T9815] bond0: left promiscuous mode [ 463.566409][ T9815] bond_slave_1: left promiscuous mode [ 463.589564][ T9664] bridge0: port 1(bridge_slave_0) entered blocking state [ 463.596764][ T9664] bridge0: port 1(bridge_slave_0) entered disabled state [ 463.608960][ T9664] bridge_slave_0: entered allmulticast mode [ 463.631029][ T9664] bridge_slave_0: entered promiscuous mode [ 463.676299][ T9664] bridge0: port 2(bridge_slave_1) entered blocking state [ 463.717721][ T9664] bridge0: port 2(bridge_slave_1) entered disabled state [ 463.742329][ T9664] bridge_slave_1: entered allmulticast mode [ 463.750782][ T9664] bridge_slave_1: entered promiscuous mode [ 463.809794][ T9844] overlayfs: failed to clone upperpath [ 463.844196][ T9664] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 463.898719][ T9664] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 464.097374][ T9664] team0: Port device team_slave_0 added [ 464.121422][ T9664] team0: Port device team_slave_1 added [ 464.156204][ T5879] usb 1-1: new full-speed USB device number 8 using dummy_hcd [ 464.206220][ T30] kauditd_printk_skb: 4 callbacks suppressed [ 464.206238][ T30] audit: type=1326 audit(1745125107.527:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9857 comm="syz.2.1038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34d858e169 code=0x7ffc0000 [ 464.317028][ T9664] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 464.336057][ T30] audit: type=1326 audit(1745125107.555:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9857 comm="syz.2.1038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f34d858e169 code=0x7ffc0000 [ 464.340422][ T5879] usb 1-1: config 0 has an invalid interface number: 20 but max is 0 [ 464.379350][ T9664] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 464.450333][ T30] audit: type=1326 audit(1745125107.555:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9857 comm="syz.2.1038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34d858e169 code=0x7ffc0000 [ 464.483223][ T9664] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 464.515959][ T9664] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 464.525821][ T30] audit: type=1326 audit(1745125107.555:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9857 comm="syz.2.1038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34d858e169 code=0x7ffc0000 [ 464.551459][ T5879] usb 1-1: config 0 has no interface number 0 [ 464.585992][ T9664] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 464.596854][ T5879] usb 1-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00 [ 464.637281][ T5879] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 464.645347][ T5879] usb 1-1: Product: syz [ 464.650440][ T5879] usb 1-1: Manufacturer: syz [ 464.655071][ T5879] usb 1-1: SerialNumber: syz [ 464.661732][ T30] audit: type=1326 audit(1745125107.555:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9857 comm="syz.2.1038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f34d858e169 code=0x7ffc0000 [ 464.684683][ T5879] usb 1-1: config 0 descriptor?? [ 464.699677][ T5879] usb-storage 1-1:0.20: USB Mass Storage device detected [ 464.715355][ T30] audit: type=1326 audit(1745125107.555:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9857 comm="syz.2.1038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34d858e169 code=0x7ffc0000 [ 464.725706][ T9664] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 464.788231][ T30] audit: type=1326 audit(1745125107.555:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9857 comm="syz.2.1038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34d858e169 code=0x7ffc0000 [ 464.813821][ T5879] usb-storage 1-1:0.20: Quirks match for vid 04e6 pid 000b: 4 [ 464.825534][ T30] audit: type=1326 audit(1745125107.564:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9857 comm="syz.2.1038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f34d858e169 code=0x7ffc0000 [ 464.893685][ T30] audit: type=1326 audit(1745125107.564:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9857 comm="syz.2.1038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34d858e169 code=0x7ffc0000 [ 464.920793][ T9850] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 464.929584][ T9850] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 464.938458][ T30] audit: type=1326 audit(1745125107.564:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9857 comm="syz.2.1038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f34d858e169 code=0x7ffc0000 [ 464.947909][ T9850] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1036'. [ 465.023808][ T9850] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1036'. [ 465.135181][ T9850] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 465.163873][ T9850] bond0: entered promiscuous mode [ 465.172372][ T9850] bond_slave_0: entered promiscuous mode [ 465.188366][ T9850] bond_slave_1: entered promiscuous mode [ 465.255768][ T9873] bridge0: port 3(syz_tun) entered blocking state [ 465.302779][ T9873] bridge0: port 3(syz_tun) entered disabled state [ 465.312210][ T9873] syz_tun: entered allmulticast mode [ 465.339192][ T9873] syz_tun: entered promiscuous mode [ 465.380334][ T5879] usb 1-1: USB disconnect, device number 8 [ 465.569207][ T9664] hsr_slave_0: entered promiscuous mode [ 465.579499][ T9664] hsr_slave_1: entered promiscuous mode [ 465.585946][ T9664] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 465.593993][ T9664] Cannot create hsr debugfs directory [ 465.604803][ T9888] netlink: 'syz.1.1045': attribute type 12 has an invalid length. [ 468.019939][ T9928] overlayfs: failed to clone upperpath [ 468.077682][ T9931] bond_slave_0: entered allmulticast mode [ 468.323014][ T9938] batman_adv: batadv0: Adding interface: dummy0 [ 468.372373][ T9938] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 468.446728][ T9938] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active [ 470.983103][ T5879] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 471.006410][ T9664] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 471.023984][ T9664] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 471.851785][ T9664] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 471.863830][ T5879] usb 1-1: Using ep0 maxpacket: 16 [ 471.886440][ T5879] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 471.906285][ T5879] usb 1-1: config 0 has no interfaces? [ 471.915267][ T5879] usb 1-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00 [ 471.942574][ T9664] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 471.970761][ T5879] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 471.999693][ T5879] usb 1-1: config 0 descriptor?? [ 472.487775][ T9664] 8021q: adding VLAN 0 to HW filter on device bond0 [ 472.545224][ T9664] 8021q: adding VLAN 0 to HW filter on device team0 [ 472.595909][ T2946] bridge0: port 1(bridge_slave_0) entered blocking state [ 472.603109][ T2946] bridge0: port 1(bridge_slave_0) entered forwarding state [ 472.639119][ T2946] bridge0: port 2(bridge_slave_1) entered blocking state [ 472.646470][ T2946] bridge0: port 2(bridge_slave_1) entered forwarding state [ 474.771485][T10023] xt_TCPMSS: Only works on TCP SYN packets [ 475.678448][T10024] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1072'. [ 477.097467][ T9664] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 477.313288][ T9664] veth0_vlan: entered promiscuous mode [ 477.336384][ T9664] veth1_vlan: entered promiscuous mode [ 477.449336][ T9664] veth0_macvtap: entered promiscuous mode [ 477.484758][ T9664] veth1_macvtap: entered promiscuous mode [ 477.552438][ T9664] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 477.608568][ T9664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 477.651929][ T9664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 477.715162][ T9664] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 477.761788][ T9664] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 477.805453][ T9664] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 477.835439][ T9664] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 477.870540][ T9664] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 477.871263][ T5881] usb 1-1: USB disconnect, device number 9 [ 478.258611][ T6135] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 478.298577][ T6135] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 478.345344][ T6135] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 478.380809][ T6135] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 479.024593][T10076] overlayfs: failed to clone upperpath [ 479.410832][ T13] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 479.620128][ T13] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 479.821806][ T13] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 479.953495][ T13] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 480.074766][ T13] bridge_slave_1: left allmulticast mode [ 480.080455][ T13] bridge_slave_1: left promiscuous mode [ 480.087394][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 480.099461][ T13] bridge_slave_0: left allmulticast mode [ 480.105134][ T13] bridge_slave_0: left promiscuous mode [ 480.111524][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 481.678980][ T5834] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 481.689395][ T5834] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 481.697678][ T5834] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 481.706392][ T5834] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 481.714128][ T5834] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 482.319122][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 483.264830][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 483.319485][ T13] bond0 (unregistering): Released all slaves [ 483.940198][ T55] Bluetooth: hci2: command tx timeout [ 484.651232][T10149] ------------[ cut here ]------------ [ 484.655289][T10116] wlan0 speed is unknown, defaulting to 1000 [ 484.656743][T10149] workqueue: cannot queue hci_rx_work on wq hci0 [ 484.656862][T10149] WARNING: CPU: 1 PID: 10149 at kernel/workqueue.c:2258 __queue_work+0xdff/0x10a0 [ 484.678449][T10149] Modules linked in: [ 484.682420][T10149] CPU: 1 UID: 0 PID: 10149 Comm: syz.0.1096 Not tainted 6.15.0-rc2-syzkaller-00471-g119009db2674 #0 PREEMPT(full) [ 484.694526][T10149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 484.698144][T10116] lo speed is unknown, defaulting to 1000 [ 484.704585][T10149] RIP: 0010:__queue_work+0xdff/0x10a0 [ 484.704625][T10149] Code: e8 03 80 3c 28 00 74 08 4c 89 ff e8 ab d2 a0 00 49 8b 37 49 81 c5 78 01 00 00 48 c7 c7 40 cc 49 8c 4c 89 ea e8 b2 7c f8 ff 90 <0f> 0b 90 90 e9 5d f4 ff ff e8 13 24 39 00 90 0f 0b 90 e9 a7 fc ff [ 484.704644][T10149] RSP: 0018:ffffc900043dfa68 EFLAGS: 00010046 [ 484.704666][T10149] RAX: 46d51a400c3a8200 RBX: ffff88805d370000 RCX: 0000000000080000 [ 484.704683][T10149] RDX: ffffc9000d66f000 RSI: 0000000000001ccf RDI: 0000000000001cd0 [ 484.704697][T10149] RBP: dffffc0000000000 R08: ffffffff81821792 R09: 1ffff110170e47d2 [ 484.704713][T10149] R10: dffffc0000000000 R11: ffffed10170e47d3 R12: 1ffff1100517be38 [ 484.704729][T10149] R13: ffff888028bdf178 R14: 0000000000000008 R15: ffff8880341aca98 [ 484.704746][T10149] FS: 00007fb7a97936c0(0000) GS:ffff8881250cf000(0000) knlGS:0000000000000000 [ 484.704765][T10149] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 484.704780][T10149] CR2: 000000110c3aecf2 CR3: 000000007fb54000 CR4: 00000000003526f0 [ 484.704799][T10149] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 484.704812][T10149] DR3: 000000000000000e DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 484.704826][T10149] Call Trace: [ 484.704835][T10149] [ 484.704865][T10149] queue_work_on+0x1c4/0x380 [ 484.831978][T10149] ? __pfx_queue_work_on+0x10/0x10 [ 484.837118][T10149] ? _raw_spin_unlock_irqrestore+0xde/0x140 [ 484.843035][T10149] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 484.849378][T10149] ? __alloc_skb+0x298/0x480 [ 484.853984][T10149] ? skb_queue_tail+0x36/0x120 [ 484.858757][T10149] hci_recv_frame+0x598/0x6f0 [ 484.863456][T10149] vhci_write+0x353/0x4a0 [ 484.867810][T10149] vfs_write+0x70f/0xd10 [ 484.872065][T10149] ? __pfx_vhci_write+0x10/0x10 [ 484.877012][T10149] ? __pfx_vfs_write+0x10/0x10 [ 484.882590][T10149] ? __fget_files+0x2a/0x420 [ 484.887229][T10149] ? __fget_files+0x2a/0x420 [ 484.891867][T10149] ksys_write+0x19d/0x2d0 [ 484.896220][T10149] ? __pfx_ksys_write+0x10/0x10 [ 484.901085][T10149] ? do_syscall_64+0xb6/0x210 [ 484.905774][T10149] do_syscall_64+0xf3/0x210 [ 484.910288][T10149] ? clear_bhb_loop+0x45/0xa0 [ 484.914989][T10149] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 484.920889][T10149] RIP: 0033:0x7fb7a898cc1f [ 484.925320][T10149] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 484.945023][T10149] RSP: 002b:00007fb7a9793000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 484.953453][T10149] RAX: ffffffffffffffda RBX: 00007fb7a8bb6160 RCX: 00007fb7a898cc1f [ 484.961437][T10149] RDX: 0000000000000022 RSI: 0000200000000280 RDI: 00000000000000ca [ 484.969419][T10149] RBP: 00007fb7a8a10a68 R08: 0000000000000000 R09: 0000000000000000 [ 484.977422][T10149] R10: 0000200000000280 R11: 0000000000000293 R12: 0000000000000000 [ 484.985501][T10149] R13: 0000000000000000 R14: 00007fb7a8bb6160 R15: 00007ffc44f03908 [ 484.993501][T10149] [ 484.996540][T10149] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 485.003920][T10149] CPU: 1 UID: 0 PID: 10149 Comm: syz.0.1096 Not tainted 6.15.0-rc2-syzkaller-00471-g119009db2674 #0 PREEMPT(full) [ 485.015989][T10149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 485.026049][T10149] Call Trace: [ 485.029360][T10149] [ 485.032337][T10149] dump_stack_lvl+0x241/0x360 [ 485.037052][T10149] ? __pfx_dump_stack_lvl+0x10/0x10 [ 485.042301][T10149] ? __pfx__printk+0x10/0x10 [ 485.046933][T10149] ? vscnprintf+0x5d/0x90 [ 485.051288][T10149] panic+0x349/0x880 [ 485.055216][T10149] ? __warn+0x174/0x4d0 [ 485.059388][T10149] ? __pfx_panic+0x10/0x10 [ 485.063828][T10149] __warn+0x344/0x4d0 [ 485.067817][T10149] ? __queue_work+0xdff/0x10a0 [ 485.072604][T10149] report_bug+0x2b3/0x500 [ 485.076947][T10149] ? __queue_work+0xdff/0x10a0 [ 485.081724][T10149] ? __queue_work+0xdff/0x10a0 [ 485.086510][T10149] ? __queue_work+0xe01/0x10a0 [ 485.091294][T10149] handle_bug+0x89/0x170 [ 485.095583][T10149] exc_invalid_op+0x1a/0x50 [ 485.100109][T10149] asm_exc_invalid_op+0x1a/0x20 [ 485.104966][T10149] RIP: 0010:__queue_work+0xdff/0x10a0 [ 485.110353][T10149] Code: e8 03 80 3c 28 00 74 08 4c 89 ff e8 ab d2 a0 00 49 8b 37 49 81 c5 78 01 00 00 48 c7 c7 40 cc 49 8c 4c 89 ea e8 b2 7c f8 ff 90 <0f> 0b 90 90 e9 5d f4 ff ff e8 13 24 39 00 90 0f 0b 90 e9 a7 fc ff [ 485.129971][T10149] RSP: 0018:ffffc900043dfa68 EFLAGS: 00010046 [ 485.136078][T10149] RAX: 46d51a400c3a8200 RBX: ffff88805d370000 RCX: 0000000000080000 [ 485.144055][T10149] RDX: ffffc9000d66f000 RSI: 0000000000001ccf RDI: 0000000000001cd0 [ 485.152030][T10149] RBP: dffffc0000000000 R08: ffffffff81821792 R09: 1ffff110170e47d2 [ 485.160007][T10149] R10: dffffc0000000000 R11: ffffed10170e47d3 R12: 1ffff1100517be38 [ 485.167984][T10149] R13: ffff888028bdf178 R14: 0000000000000008 R15: ffff8880341aca98 [ 485.175968][T10149] ? __warn_printk+0x2a2/0x360 [ 485.180751][T10149] ? __queue_work+0xdfe/0x10a0 [ 485.185537][T10149] queue_work_on+0x1c4/0x380 [ 485.190145][T10149] ? __pfx_queue_work_on+0x10/0x10 [ 485.195276][T10149] ? _raw_spin_unlock_irqrestore+0xde/0x140 [ 485.201194][T10149] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 485.207624][T10149] ? __alloc_skb+0x298/0x480 [ 485.212229][T10149] ? skb_queue_tail+0x36/0x120 [ 485.217006][T10149] hci_recv_frame+0x598/0x6f0 [ 485.221722][T10149] vhci_write+0x353/0x4a0 [ 485.226077][T10149] vfs_write+0x70f/0xd10 [ 485.230347][T10149] ? __pfx_vhci_write+0x10/0x10 [ 485.235219][T10149] ? __pfx_vfs_write+0x10/0x10 [ 485.240000][T10149] ? __fget_files+0x2a/0x420 [ 485.244613][T10149] ? __fget_files+0x2a/0x420 [ 485.249224][T10149] ksys_write+0x19d/0x2d0 [ 485.253572][T10149] ? __pfx_ksys_write+0x10/0x10 [ 485.258465][T10149] ? do_syscall_64+0xb6/0x210 [ 485.263274][T10149] do_syscall_64+0xf3/0x210 [ 485.267801][T10149] ? clear_bhb_loop+0x45/0xa0 [ 485.272523][T10149] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 485.278446][T10149] RIP: 0033:0x7fb7a898cc1f [ 485.282882][T10149] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 485.302509][T10149] RSP: 002b:00007fb7a9793000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 485.310938][T10149] RAX: ffffffffffffffda RBX: 00007fb7a8bb6160 RCX: 00007fb7a898cc1f [ 485.318916][T10149] RDX: 0000000000000022 RSI: 0000200000000280 RDI: 00000000000000ca [ 485.326895][T10149] RBP: 00007fb7a8a10a68 R08: 0000000000000000 R09: 0000000000000000 [ 485.334876][T10149] R10: 0000200000000280 R11: 0000000000000293 R12: 0000000000000000 [ 485.342853][T10149] R13: 0000000000000000 R14: 00007fb7a8bb6160 R15: 00007ffc44f03908 [ 485.350850][T10149] [ 485.354190][T10149] Kernel Offset: disabled [ 485.358522][T10149] Rebooting in 86400 seconds..