last executing test programs: 2m46.02910141s ago: executing program 4 (id=861): r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x48, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xc}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x8}}}]}, 0x48}}, 0x4000000) 2m45.965573633s ago: executing program 4 (id=863): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setscheduler(0x0, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)) syz_open_dev$tty1(0xc, 0x4, 0x1) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$netrom(0xffffffffffffffff, 0x0, 0x0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), r3) sendmsg$IEEE802154_LIST_PHY(r3, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000300)={0x14, r4, 0x30b, 0x0, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x404c857}, 0x20060000) 2m44.997467236s ago: executing program 4 (id=870): syz_usb_connect$uac3(0x3, 0x80, &(0x7f0000000100)=ANY=[@ANYBLOB="1201100100000010da0b144040000102030109026e000301ffc00c080b0002010130070904000000010130000a2401100a00ff030100"], 0x0) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7}, 0x8) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000100)=ANY=[@ANYRES32=0x0, @ANYBLOB="da8304"], 0x10) 2m41.836834804s ago: executing program 4 (id=891): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x46) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x3, 0x8, 0x8001, 0x0, 0xe, 0x4, 0xffffbe0000000001, 0x8, 0xffffffff}, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0) 2m34.055606058s ago: executing program 4 (id=935): sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f0000024d00)={0x0, 0x0, &(0x7f0000024cc0)={&(0x7f0000002440)=@delchain={0x10e4, 0x65, 0x200, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x5, 0xc}, {0xfff3, 0x4}, {0x0, 0x2}}, [@f_rsvp6={{0xa}, {0x10b4, 0x2, [@TCA_RSVP_CLASSID={0x8, 0x1, {0xc, 0xd}}, @TCA_RSVP_POLICE={0x838, 0x5, [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x0, 0xf, 0x8, 0x4, 0x9, 0x5, 0x8000, 0xfff, 0x9, 0x9, 0x80, 0xe, 0x1000, 0xc4, 0xcdd4, 0x1, 0x5, 0x81, 0xff, 0x9, 0x8, 0x129, 0x3, 0xf, 0x400, 0x4, 0x5, 0xb2, 0x0, 0x5, 0x1, 0x5, 0x0, 0x7, 0x6aa3, 0x9, 0x1, 0x9, 0x8, 0x32, 0x0, 0x6, 0x7f, 0x10001, 0x3, 0x3d, 0x89b, 0x0, 0x5df16282, 0x9, 0x4, 0x3, 0x9, 0x25, 0x6, 0x9, 0x101, 0xc33e, 0x8, 0x3, 0x2, 0x5, 0x2, 0x9, 0x8000, 0xdb, 0x2, 0x3, 0xb5f7, 0x9, 0xab, 0xd0bc, 0x6, 0xfffffff7, 0x4, 0x348, 0x6, 0x5, 0xee30, 0xfffffff6, 0x529b, 0x3ff, 0x4, 0x8, 0x6, 0x7, 0x2aa, 0x4, 0x6, 0x6, 0xf6c, 0x43, 0x5, 0x3, 0x2, 0x0, 0x6, 0x6, 0x9, 0x913, 0x4, 0x36, 0x9a, 0x40, 0x423, 0x5, 0xfffffffb, 0x4, 0x8, 0x7, 0x0, 0x53b, 0x8, 0x7f, 0x1, 0xff, 0x3ff, 0x5a5545b3, 0x907b, 0xd082, 0xfffffff7, 0x10, 0x1, 0x0, 0xd1, 0xd, 0x6, 0x2, 0xca5, 0x71, 0x5, 0x6, 0x101, 0xa6, 0x6, 0xfffffffd, 0x1000, 0xfffffffc, 0x7f, 0x7fffffff, 0x1, 0x3378000, 0xc, 0x1, 0x5, 0x1c0000, 0x4, 0x112, 0x76822645, 0xf, 0x7, 0x3, 0x97, 0x400, 0x7, 0x5, 0x2, 0x9, 0x8000, 0xfffffffd, 0xff, 0xb, 0xd, 0x6, 0x9, 0x5, 0x80000001, 0x8, 0x4d47, 0x1ff, 0x2, 0x6, 0x6, 0xad, 0x401, 0x8, 0x5, 0xd, 0x6, 0x1, 0x7fff, 0x7e5, 0x4, 0x8, 0x2, 0x6, 0x1ff, 0x1, 0x0, 0x8, 0x3, 0x200, 0x0, 0x800, 0x8, 0xdb0f, 0x6, 0x2, 0x2, 0x4, 0x100, 0x7, 0x2, 0x2, 0x89, 0x4dde000, 0x10000, 0x0, 0xfffff7ac, 0x5, 0x200, 0x4, 0x4, 0x7, 0x22, 0x400, 0x8, 0x7d, 0x9, 0x6, 0x3, 0x2947, 0x3, 0x1, 0x8, 0x81, 0x0, 0x9, 0x4, 0x1, 0xd4, 0x3, 0x0, 0x1, 0x4fb3b3f8, 0x6, 0x7b, 0x4, 0xa765, 0x6, 0x6, 0x1, 0x8a, 0x0, 0x1, 0x9, 0x2, 0x78634b23, 0x9, 0x7, 0x696, 0xad, 0x3, 0x0, 0x0, 0x4]}, @TCA_POLICE_RATE64={0xc, 0x8, 0x40000000000000}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x7}, @TCA_POLICE_RATE64={0xc, 0x8, 0x9}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0xe, 0x8d, 0xb, 0x101, 0xe, 0x5, 0x96c0, 0x2, 0x2, 0x8, 0x10001, 0x64, 0x1, 0x3, 0x6, 0x1, 0x9, 0x1000, 0x7, 0x0, 0xffffff19, 0x1, 0x1, 0x0, 0x5, 0x7ff, 0x3, 0x9, 0x0, 0xf, 0x7, 0x9, 0x2, 0x2, 0x2, 0x80000001, 0x380, 0x3, 0x0, 0x5, 0x1ff, 0x5, 0x20000000, 0x4, 0x3, 0x9, 0x4, 0xff, 0x1, 0xff, 0x12, 0x2, 0x1, 0x81, 0x9, 0x3, 0x0, 0x5, 0x3, 0x1000, 0x6, 0x10, 0x5, 0x2, 0x7559, 0x400, 0x7fff, 0xc11c, 0x6, 0x6, 0x97e8, 0x10, 0x8, 0x30, 0x1, 0x9, 0x1c, 0x1, 0x2f2086a8, 0xffffffff, 0x9b2, 0x8000, 0x0, 0x621f, 0x4, 0xfff, 0xfffffff7, 0x2, 0x6, 0x3, 0x8, 0x8, 0x9, 0x4, 0x8, 0x1, 0xfffffbff, 0x7fff, 0x0, 0x3, 0xa, 0x5, 0x10000, 0x0, 0x5, 0x7, 0x0, 0x80, 0x5, 0x8, 0x4, 0x9, 0x200, 0x3fb, 0x5f3f, 0xa3, 0x81, 0x1, 0xf1, 0x90, 0x7, 0x8, 0x6, 0x200, 0xffffffff, 0x8, 0xc50, 0x3ff, 0xa, 0x8001, 0xa9a, 0x1, 0x1, 0x8, 0xfff, 0xffffffff, 0xfffffffc, 0x3, 0x8, 0xbf, 0x7, 0x7, 0x8, 0xf, 0x69615f, 0x1, 0xc1, 0x2, 0xffff, 0xf, 0x44, 0x9, 0x1, 0xb, 0x6, 0x2, 0x88, 0x200, 0x10000, 0xc, 0x1, 0x5, 0xac, 0x10000, 0xfffffffd, 0x2, 0x8, 0x7, 0x9, 0x7f, 0xefc6, 0xf, 0x7, 0xc0, 0x100, 0xdff6, 0x5c9, 0x6, 0x7, 0x6, 0x8, 0x3, 0x2, 0x7, 0x2, 0x1, 0x200, 0xfffffffa, 0x4, 0x400, 0x10001, 0x4, 0x40, 0x5, 0x6, 0x3, 0x101, 0x2, 0xa5, 0x10001, 0x6, 0x9, 0x6, 0xe0e, 0x4, 0x50ba, 0xe9e, 0x48, 0x8, 0x4, 0x5461, 0x80000001, 0xff, 0x1ff000, 0xac, 0x2d, 0x7fff, 0xfffffffa, 0xffffffff, 0xfffff9c4, 0x2a, 0x800, 0x4, 0x4, 0x5, 0x5, 0x3, 0xffffffff, 0x3, 0x4, 0x4, 0x8, 0x1ff, 0x7, 0x8000, 0x1b, 0x7, 0x9, 0xffffffff, 0x9, 0x5, 0x7ff, 0xe63d, 0x0, 0x1e4, 0xe2b, 0x8, 0x3, 0x101, 0x5, 0x6, 0x1, 0x6, 0x0, 0xcc9, 0x200]}, @TCA_POLICE_RESULT={0x8, 0x5, 0x6}]}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x6, 0x4}}, @TCA_RSVP_POLICE={0x2c, 0x5, [@TCA_POLICE_RESULT={0x8, 0x5, 0x1}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x7fffffff}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x3}, @TCA_POLICE_AVRATE={0x8, 0x4, 0xe95}]}, @TCA_RSVP_CLASSID={0x8, 0x1, {0x10, 0xa}}, @TCA_RSVP_DST={0x14, 0x2, @mcast1}, @TCA_RSVP_ACT={0x820, 0x6, [@m_xt={0x208, 0x14, 0x0, 0x0, {{0x7}, {0x158, 0x2, 0x0, 0x1, [@TCA_IPT_HOOK={0x8, 0x2, 0x4}, @TCA_IPT_INDEX={0x8, 0x3, 0x9}, @TCA_IPT_TABLE={0x24, 0x1, 'raw\x00'}, @TCA_IPT_TARG={0x65, 0x6, {0x5a, 'filter\x00', 0xdd, 0x9, "421afb04bd4f34bb4e0101cf7be13218c075e2e816b8b5028e2ac0845cd5b6765fda9157c9b9c6708b28a22441978a5aa33ad2221adadfc645ee5c"}}, @TCA_IPT_TARG={0xb5, 0x6, {0x2, 'raw\x00', 0x0, 0x8, "eaf957fb465b9ddc7af57fc871ff419016145573fbd0667c6429d45636b8cd4137558d9b12838a79f7cf35ec8c56357b977a62335295519bef7e545f248334724a6a391a37a25c703813a33c6446e6d796bf39c0af370f8adb95d176543b097cd5fd3564a43023efe4b1b354d3aa910c7809bea658689aa4ca8f054202854963219ecf3901ff69d5927390"}}]}, {0x89, 0x6, "c90b6c0ce2fdcb9d28485947c7f2aadc7072fd043eb5d6653bb45a7fe8c1c6a75f29adf71acb1113b9fff1f86d83f779d0fa0f2a6401843013f1b59715aaa819f80c8f44d8ad1672dc2bc0d46c2fd21a0b660885f429898a48e6cab5332aaa0d19568757d28ff1693a282b1cd99330800e3d7a44e3f8b5bcb07ba2e3abb170b6e0bf4ce3fd"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3}}}}, @m_nat={0x2c, 0x5, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x715a96b04967857, 0x3}}}}, @m_skbmod={0x130, 0x1b, 0x0, 0x0, {{0xb}, {0x6c, 0x2, 0x0, 0x1, [@TCA_SKBMOD_SMAC={0xa, 0x4, @broadcast}, @TCA_SKBMOD_DMAC={0xa, 0x3, @link_local}, @TCA_SKBMOD_DMAC={0xa}, @TCA_SKBMOD_DMAC={0xa, 0x3, @remote}, @TCA_SKBMOD_DMAC={0xa}, @TCA_SKBMOD_PARMS={0x24, 0x2, {{0x3, 0xc, 0x20000000, 0x6, 0x9}, 0x2}}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x96}]}, {0x99, 0x6, "ce1479f34cfbffac730d1b89412695f9f62a883554492d7af0bfc57a2334d3d2dd9b05f1f17d111c18331493785dc6e063919e93f336c85ca27904c130d09f48e10be49e68605f2a6de8f0258e80070b3ff6b5869a8a8179f2c15d55342218589e298ed3d24eda1515fde57a2813524da3a4106d599153aa1c5e701d835fd4b306442c85a335e55534b05944e4473e1e495a41e79f"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_sample={0x78, 0x16, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_SAMPLE_RATE={0x8, 0x3, 0x5}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x8, 0x4, 0x3, 0x9, 0x9}}]}, {0x29, 0x6, "12ddf4f57a93285076c0538c19e52479fc7994836657d6c86625083f75fe267ac9208d5b29"}, {0xc}, {0xc, 0x8, {0x1, 0x7}}}}, @m_police={0x440, 0x13, 0x0, 0x0, {{0xb}, {0x414, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0xe, 0x4d, 0x3, 0x3, 0x3, 0x8001, 0x7fffffff, 0xc, 0xfd, 0x3, 0x7, 0x4, 0x8, 0xc5, 0x3, 0x6, 0x7, 0x7ff, 0x200, 0x2, 0x76, 0xffffffff, 0x8, 0x3, 0x8000, 0x7f, 0x0, 0xb, 0x8, 0x101, 0xfffff0ba, 0x8, 0xf8, 0x7fffffff, 0x124, 0xfffffffd, 0x5e, 0x7, 0x101, 0x10000, 0x7, 0xfffffffd, 0x10001, 0x6, 0x4, 0x400, 0x4, 0x3, 0x10000, 0x9, 0x4, 0x401, 0x200, 0xfff, 0x5, 0x0, 0x8, 0x2bf, 0xffffffff, 0x0, 0x6, 0x40, 0xa087, 0x80000001, 0xb, 0x2, 0x2, 0x0, 0x9, 0x6, 0x5, 0x8, 0x1000, 0xffff0000, 0x2, 0xb, 0x6, 0x3, 0x8, 0x10000, 0x8, 0x5, 0x1, 0x2, 0x1, 0x5, 0x80, 0x101, 0x7f, 0xffff, 0x7, 0x5, 0xe64, 0x0, 0x7, 0x5, 0x1, 0x200, 0x9, 0x400, 0x5525, 0x6, 0x3ff, 0x1, 0xae, 0x3, 0x7, 0xffff, 0x80000001, 0x6, 0x71af, 0x10, 0x400, 0x2, 0x1a93, 0x3, 0x8001, 0x7, 0xd, 0x0, 0xffffffff, 0x2, 0x1, 0x5d1, 0xc, 0x2, 0x5, 0x0, 0x8, 0x0, 0x23e, 0x5, 0x8, 0x2, 0x7, 0x4, 0xf1a, 0x8a4, 0xa58e, 0x5, 0x20e, 0x8, 0x2, 0xbb4edaf6, 0xfffff660, 0x6, 0x5, 0x4, 0x0, 0x9, 0x5, 0x9, 0xffff, 0x1, 0xaf40, 0x1, 0x4, 0x6, 0x5, 0x4, 0x8, 0x5, 0xfffff801, 0x6, 0x9, 0x10000, 0x4, 0x80000001, 0x607, 0xfffffffd, 0x8, 0x9, 0x4, 0x400, 0x1000, 0x1, 0x10001, 0x1, 0x1, 0x9, 0x1df22292, 0xaa, 0x6, 0x0, 0xffffff2b, 0xbe, 0x189, 0xf2, 0x7, 0x3, 0x35f6, 0x5, 0x7, 0x2, 0x101, 0x9, 0x5, 0x6, 0xff, 0xb, 0x3d5, 0x81, 0x5, 0xff, 0x8, 0x7d2, 0x1, 0x6, 0x0, 0x5, 0x8, 0x0, 0x1, 0x8, 0x7f, 0x6a, 0x0, 0x101, 0x129, 0x0, 0x3, 0x1, 0xd, 0x1810, 0x7, 0xfffffffe, 0x4, 0x1, 0x5, 0x80, 0xfd01, 0x0, 0x3ff, 0x5, 0xd, 0x1, 0xf, 0xd0a7, 0x9, 0x7, 0x1335d295, 0x7, 0x3, 0x3ff, 0xb8e, 0xffffffff, 0x7, 0x7, 0x3, 0x9, 0x2, 0x9, 0x2, 0x6, 0x8000, 0x6]}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x539}]]}, {0x4}, {0xc, 0x7, {0x1, 0xeea12236c61d8cae}}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}]}, 0x10e4}, 0x1, 0x0, 0x0, 0x810}, 0x41) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff1000/0x2000)=nil, &(0x7f0000ff5000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0x524, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[], 0x30}, 0x1, 0x0, 0x0, 0x4040000}, 0x0) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 2m29.359183272s ago: executing program 4 (id=964): socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x215eb000) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r0 = socket(0x14, 0x2, 0x4) getsockname$packet(r0, 0x0, 0x0) 2m14.364204586s ago: executing program 32 (id=964): socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x215eb000) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r0 = socket(0x14, 0x2, 0x4) getsockname$packet(r0, 0x0, 0x0) 2m2.206114974s ago: executing program 3 (id=1144): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'generic-gcm-aesni\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[@assoc={0x18, 0x117, 0x4, 0xe}], 0x18, 0x589c9bd8c1bcd27f}, 0xc004014) sendmsg$nl_route_sched_retired(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000019600)=@newtaction={0x44, 0x30, 0x800, 0x70bd2b, 0xbc, {}, [{0x30, 0x1, [@m_ipt={0x2c, 0x2, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}]}]}, 0x44}}, 0x40) recvmmsg(r1, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000500)=""/229, 0xe5}], 0x1}}], 0x1, 0x60, 0x0) 2m1.376134591s ago: executing program 3 (id=1147): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@RTM_DELMDB={0x38, 0x55, 0x28fc77aad56fdfdf, 0x70bd2b, 0x25dfdbff, {}, [@MDBA_SET_ENTRY={0x20, 0x1, {0x0, 0x0, 0x3, 0x1, {@ip4=@dev={0xac, 0x14, 0x14, 0x26}, 0x8edd}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x40010) 2m1.24718138s ago: executing program 3 (id=1150): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0xfffffffe, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x4004800) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000a00)={0x28, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x28}}, 0x0) 2m1.089027038s ago: executing program 3 (id=1151): ioctl$FE_SET_VOLTAGE(0xffffffffffffffff, 0x6f43, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r0 = getpgrp(0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = getpid() r5 = syz_pidfd_open(r4, 0x0) setns(r5, 0x8020000) syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20040844) 1m59.566248779s ago: executing program 3 (id=1156): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x51) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000080)={0x8}) linkat(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0xffffffffffffff9c, &(0x7f0000000100)='./file7\x00', 0x1000) 1m59.175968897s ago: executing program 3 (id=1157): r0 = accept4$nfc_llcp(0xffffffffffffffff, 0x0, 0x0, 0x80800) syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa03, &(0x7f0000000040)={&(0x7f00003bc000/0x3000)=nil, &(0x7f000076a000/0x3000)=nil, 0x3000, 0x2}) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x760c0000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = open(&(0x7f00000000c0)='.\x00', 0x10000, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) syz_open_dev$usbfs(0x0, 0x205, 0x8401) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x2, 0x2172, 0xffffffffffffffff, 0x0) shmat(0xffffffffffffffff, &(0x7f0000af6000/0x2000)=nil, 0x0) getdents(r4, &(0x7f0000001fc0)=""/184, 0xb8) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r0) mount(0x0, &(0x7f0000000040)='./cgroup\x00', 0x0, 0x208000, 0x0) 1m44.093702105s ago: executing program 33 (id=1157): r0 = accept4$nfc_llcp(0xffffffffffffffff, 0x0, 0x0, 0x80800) syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa03, &(0x7f0000000040)={&(0x7f00003bc000/0x3000)=nil, &(0x7f000076a000/0x3000)=nil, 0x3000, 0x2}) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x760c0000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = open(&(0x7f00000000c0)='.\x00', 0x10000, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) syz_open_dev$usbfs(0x0, 0x205, 0x8401) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x2, 0x2172, 0xffffffffffffffff, 0x0) shmat(0xffffffffffffffff, &(0x7f0000af6000/0x2000)=nil, 0x0) getdents(r4, &(0x7f0000001fc0)=""/184, 0xb8) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r0) mount(0x0, &(0x7f0000000040)='./cgroup\x00', 0x0, 0x208000, 0x0) 8.497409861s ago: executing program 5 (id=1793): r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@func_proto]}}, 0x0, 0x26}, 0x28) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000640)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x7, '\x00', 0x0, r0, 0x1, 0x3}, 0x50) 7.636027287s ago: executing program 5 (id=1797): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_XEN_HVM_CONFIG(r4, 0x4038ae7a, &(0x7f0000000000)={0x80, 0x40000105, 0x0, 0x0}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 7.359696365s ago: executing program 5 (id=1803): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x9}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100"/13], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() ioctl$DRM_IOCTL_DMA(0xffffffffffffffff, 0xc0406429, &(0x7f0000000a00)={0x0, 0x1, &(0x7f0000000380)=[0x3], &(0x7f00000003c0)=[0x4, 0x800], 0x29, 0x1, 0xa, &(0x7f0000000980)=[0x1], &(0x7f00000009c0)=[0xfffffffc, 0x0, 0x3, 0x200000, 0x1, 0x7, 0x0]}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) madvise(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x15) sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x4040000) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETVESABLANK(r2, 0x4b4b, &(0x7f0000000000)) 4.719143589s ago: executing program 2 (id=1812): openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x103042, 0x0) mount$nfs(0x0, &(0x7f0000000180)='./file1\x00', &(0x7f00000001c0), 0x1004000, &(0x7f0000000f40)=ANY=[@ANYBLOB="6e6f61632c2c736d61636b6673666c6f6f720400"]) 4.673081512s ago: executing program 5 (id=1813): r0 = socket$inet6_icmp(0xa, 0x2, 0x3a) sendmsg$inet6(r0, &(0x7f0000000240)={&(0x7f0000000180)={0xa, 0x4e23, 0x1, @local, 0x38a}, 0x1c, &(0x7f0000000b00)=[{&(0x7f0000000400)="80004b77efe5", 0x6}], 0x1, &(0x7f00000002c0)=ANY=[@ANYBLOB="100000000000000029"], 0x30}, 0x4) 4.575323105s ago: executing program 2 (id=1814): r0 = socket$caif_stream(0x25, 0x1, 0x4) connect$caif(r0, &(0x7f0000000500)=@dgm={0x25, 0x6, 0x7}, 0x18) openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x1d7) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000080)='./file1/file0\x00', 0x0, 0x1085408, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000003c0), 0x40, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000001c0)='./bus\x00') renameat2(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000140)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) 4.573922025s ago: executing program 5 (id=1815): openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) eventfd2(0x43, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000380)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) waitid(0x2, 0x0, 0x0, 0x1000000, 0x0) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000900)=[{{0x0, 0x0, &(0x7f0000003640)}}], 0x1, 0x4000001) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001980)={0x18, 0x3, &(0x7f00000013c0)=@framed, &(0x7f0000001400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) bpf$OBJ_PIN_PROG(0x11, &(0x7f0000000240)=@generic={&(0x7f0000000000)='./file0\x00', r2}, 0x18) 4.34594336s ago: executing program 2 (id=1817): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000680), 0x163800, 0x0) r1 = socket$kcm(0xa, 0x1, 0x106) fcntl$setstatus(r1, 0x4, 0x6000) r2 = fanotify_init(0x200, 0x0) fanotify_mark(r2, 0x22, 0x1000000, 0xffffffffffffffff, 0x0) execveat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f0000000140), &(0x7f00000003c0)={[&(0x7f0000000180)='\\-\xdb9$[]/@\x00', &(0x7f00000001c0)='/dev/ttyS3\x00', &(0x7f0000000200)='[/\x1e]\x00', &(0x7f0000000280)='$c\x00', &(0x7f00000002c0)=';\x00', &(0x7f0000000300)='(\x00', &(0x7f0000000340)='\\-\x00', &(0x7f0000000380)='#!!\xcc]#$$%@&\x00']}, 0x1000) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000140)={0x2, &(0x7f0000000000)=[{0x30, 0x0, 0xfd, 0x5ae9}, {0x6, 0x0, 0x7, 0x2}]}, 0x10) sendmmsg$inet(r3, &(0x7f0000002c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000000)={0x5, 0x100, 0x10005ac, 0x203, 0x40, "0bd3f994d05ca36c5900000000a200004000", 0x1, 0x6}) 4.072022813s ago: executing program 2 (id=1818): r0 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0) landlock_restrict_self(r0, 0x0) syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101981) syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000000000000000000400000000aa"], 0x0) connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty, 0xa, 0x4}, 0x20) openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[], 0x14}, 0xc044) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) 3.856242459s ago: executing program 2 (id=1819): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001f40)={0xffffffffffffffff, 0xffffffffffffffff}) bind$unix(r0, &(0x7f00000000c0)=@file={0x1, './file0\x00'}, 0x6e) r1 = syz_io_uring_setup(0x10f, &(0x7f0000000380)={0x0, 0x46ee, 0x400, 0xffffdffe, 0x32e}, &(0x7f0000000140)=0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0x40, 0x0, 0xffffffffffffffff, 0x22, &(0x7f00000000c0)=@un=@file={0x1, './file0\x00'}, 0x0, 0x0, 0x1}) io_uring_enter(r1, 0x3516, 0x67f, 0x64, 0x0, 0x0) 3.475261464s ago: executing program 2 (id=1823): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x9}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100"/13], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() ioctl$DRM_IOCTL_DMA(0xffffffffffffffff, 0xc0406429, &(0x7f0000000a00)={0x0, 0x1, &(0x7f0000000380)=[0x3], &(0x7f00000003c0)=[0x4, 0x800], 0x29, 0x1, 0xa, &(0x7f0000000980)=[0x1], &(0x7f00000009c0)=[0xfffffffc, 0x0, 0x3, 0x200000, 0x1, 0x7, 0x0]}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) madvise(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x15) sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x4040000) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETVESABLANK(r2, 0x4b4b, &(0x7f0000000000)) 2.424214222s ago: executing program 6 (id=1826): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000000)={0x1}) ioctl$VHOST_RESET_OWNER(r0, 0xaf02, 0x0) 2.233859994s ago: executing program 6 (id=1827): r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x281c2, 0x0) r1 = landlock_create_ruleset(&(0x7f0000000000)={0x110, 0x0, 0x3}, 0x18, 0x0) landlock_restrict_self(r1, 0x0) r2 = landlock_create_ruleset(&(0x7f0000000080)={0x220, 0x1, 0x1}, 0x18, 0x0) landlock_restrict_self(r2, 0x0) landlock_restrict_self(r2, 0x0) fcntl$setlease(r0, 0x400, 0x1) 2.072200184s ago: executing program 6 (id=1829): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001800)=ANY=[@ANYBLOB="180000002500010324bd7002ffdbdf25010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x4008}, 0x0) recvmsg(r0, 0x0, 0x2000) recvmmsg(r0, &(0x7f0000000d80)=[{{0x0, 0x0, 0x0}, 0xac}, {{0x0, 0x0, 0x0}, 0x8}, {{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000001880)=""/4112, 0x1010}, {0x0}, {&(0x7f0000001740)=""/72, 0x48}, {&(0x7f00000005c0)=""/61, 0x3d}], 0x4}, 0x7}], 0x3, 0x2030, 0x0) 2.071160542s ago: executing program 0 (id=1830): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8) close(0x3) r1 = openat(0xffffffffffffff9c, 0x0, 0x401c2, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000040)="39000000120003474cbb65e1c3e4ffff0700", 0x12}], 0x1) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r2, &(0x7f00000047c0)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="180000007a"], 0x18}], 0x1}, 0x0) r3 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) write$cgroup_int(r3, &(0x7f0000000080)=0x2, 0x12) sendfile(0xffffffffffffffff, r1, 0x0, 0x578410eb) syz_open_dev$tty20(0xc, 0x4, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) 1.503485343s ago: executing program 6 (id=1832): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$igmp6(0xa, 0x3, 0x2) ioctl$KVM_CAP_HALT_POLL(r1, 0x4068aea3, &(0x7f0000000200)={0xb6, 0x0, 0xc000000}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(r3, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) ioctl$KVM_CAP_HYPERV_SYNIC2(r4, 0x4068aea3, 0x0) ioctl$KVM_SET_GSI_ROUTING(r3, 0x4008ae6a, &(0x7f0000000000)={0x1, 0x0, [{0x0, 0x4, 0x0, 0x0, @msi={0x0, 0xc0000000, 0xfffffff9, 0x7}}]}) ioctl$KVM_IRQ_LINE_STATUS(r3, 0xc008ae67, &(0x7f0000000140)={0x0, 0x401}) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000005580)=""/102392, 0x18ff8) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x20000000) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r7 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r7, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x43, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000340)="2e0f5c3566b90a08000066b8ea59000066ba000000000f30baa10066b87500000066efba430066edf30fc73266b97c0a000066b80600000066ba000000000f3066b92000000066b85600000066ba000000000f308176004a47bad00466b80088000066ef660f381c0f", 0x69}], 0x1, 0x3, 0x0, 0x0) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nbd(&(0x7f00000002c0), 0xffffffffffffffff) open(&(0x7f0000000180)='./file0\x00', 0x4a2200, 0x14d) sendmsg$NBD_CMD_CONNECT(r8, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f00000003c0)=ANY=[@ANYBLOB="01700f4035b42a83c40aa09abf2a9fabe7b9e017eeac816daeba384a0b07584066fdf33280468a585484eac44f2cbed57beca9bbca70f8ea10087ad8ab5b3e88318f15424d7e2159af9b5aea1647ffd533ee34734b54445dcbf516f4f5cd0f4dc908b62e132bb4a28530a29ea52f2532b6bf8e693969ca4e176e75367c3852289ae0ec1cf85cfffd3e5f4c978a00ccec0583110cfd01c40fc8c526c30cc66fbb8390d1ab01d851ea61ba1f6edb607698df04c1f6a50098ffe9718c45892bda28591bd88a90293b6af9527e4b3aaebce130b7fc4aae146ec0ba8bf38ca5a2bb8f9a10d099c1f4aef5100051290726136067c56c0520b17a5ca77932a007ba1eb78564aae95cb2579b06f8f96d37c184ad73320c6c09a33c1407c05b2f3dbd76054aa27f782e3ffc18acad42365d31fb3d5ae2b9a250cc481357e20ec3f556fb7d9c8908af9ec39534981f2e5dcef400079b3f4e574b369d50a112dce5d0391a661570733140eda857a67bfe07672358281203cfe44c93a63e972189225cb4db22d30110aa449c5250b18f347cceb3706c61177f49a13029eec1202e2ada0e8f51f329869ea4d7f1d0479284b61fdbdcfc66cb7577f79fa090525bd392c5f5", @ANYRES16=r9, @ANYBLOB="0100ffffffff0000000001000000040007800c00020000000000000000000c000300040000"], 0x30}, 0x1, 0x0, 0x0, 0x11}, 0x20000000) 1.503183269s ago: executing program 5 (id=1833): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) readv(r1, &(0x7f0000000940)=[{&(0x7f0000000740)=""/223, 0xdf}, {0x0}], 0x2) 1.398579595s ago: executing program 1 (id=1834): pipe(&(0x7f0000000040)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) socket$nl_generic(0x10, 0x3, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x275a, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$inet_sctp(0x2, 0x5, 0x84) socket(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) socket$inet6_udp(0xa, 0x2, 0x0) socket(0x1, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet6(0xa, 0x3, 0x6) socket$netlink(0x10, 0x3, 0xb) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) memfd_create(&(0x7f0000000180)='\b\x9dF\xd8\b\xb3~u\xa5\"\xdc\xfdq\xf6c\r;\xfcO\x8c=\x81\xb1\x8aWpA\xd4\x98\x85K\x89>N\x8ar\x17O\x0fKR\xe2{mn\xcc\xbf2\xc0\xa7\x14\xd0\xd4\xfe/m\xdf\xb6]\xc2\xaa\x86\xec(\xf7\xcd\xa6\xd9n^.\x13*\xd4\xb8\xe8\xc4\xefb\x14Vx\xc6\xfe\x9e\xee\xe7\xd7E\xe9\t\x83\xdeNX\xec\xe66\x1b\x97$\xee\x84\x14n,B\xd5?\xe5E:+Pm\x1d\xb4\xb8\xeb\xe8Op2\x82\xc7\x0e\x97\x03\xef\x1a\xa5\x00.\x89\b!m\f\xd9\x8b$}\x9f\fX\x81\xa8\xf6\x94\xbc\xed\x80|l]\xe9\xca\xd3\xc9\xa3\x9e\x9cJI\xf1\xa2\xa0\xc4:\x00\x00\x00\x00\x00\x00\b\x00\x00', 0x0) socket$inet_smc(0x2b, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000004c0)={'bond0\x00'}) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0x40448e0}, 0x4000) 1.109622717s ago: executing program 0 (id=1835): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001f40)={0xffffffffffffffff, 0xffffffffffffffff}) bind$unix(r0, &(0x7f00000000c0)=@file={0x1, './file0\x00'}, 0x6e) r1 = syz_io_uring_setup(0x10f, &(0x7f0000000380)={0x0, 0x46ee, 0x400, 0xffffdffe, 0x32e}, &(0x7f0000000140)=0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0x40, 0x0, 0xffffffffffffffff, 0x22, &(0x7f00000000c0)=@un=@file={0x1, './file0\x00'}, 0x0, 0x0, 0x1}) io_uring_enter(r1, 0x3516, 0x67f, 0x64, 0x0, 0x0) 1.10848474s ago: executing program 1 (id=1836): r0 = socket(0xa, 0x5, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) close(0x3) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x1, 0x0}}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x7a, &(0x7f0000000340)={r2, @in6={{0xa, 0x3, 0x4, @mcast1}}}, 0x0) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000180)={0x0, 0x4}, &(0x7f0000000200)=0x8) 744.458795ms ago: executing program 1 (id=1837): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) mkdir(&(0x7f0000000300)='./file0\x00', 0xfffffffffffffffe) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file2\x00', 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000000c0)={[], [], 0x2c}) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000840)=ANY=[@ANYBLOB="20000000160007012cbd7000fedbdf251c7c00000c0001800800"], 0x20}, 0x1, 0x0, 0x0, 0x4048011}, 0x8010) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpu.stat\x00', 0x275a, 0x0) ioctl$FS_IOC_RESVSP(r0, 0xc0189436, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x5f, 0x3}) 743.239123ms ago: executing program 0 (id=1838): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000000)={0x1}) ioctl$VHOST_RESET_OWNER(r0, 0xaf02, 0x0) 511.571492ms ago: executing program 1 (id=1839): connect$inet6(0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000001c0)=[{{0x0, 0x4d, &(0x7f0000000280)=[{&(0x7f0000000040)="af0ac95ab107f93f8e795a9b29420fa62d", 0x11}], 0x1}}], 0x1, 0x24088000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0xf, &(0x7f0000000200)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x401, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94) r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x2001) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000040)={0x200000000000001}, 0x8) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x14, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d960001000000000000000000007efff100004000", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c527d3d458dd4992861ac00", "f4bd000000801900", [0x8, 0xffffffff9673e35d]}}) 496.534487ms ago: executing program 0 (id=1840): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)=@newqdisc={0x45c, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x430, 0x2, [@TCA_TBF_PTAB={0x404, 0x3, [0x1000, 0x5, 0x4, 0x4, 0xc, 0x40, 0x0, 0x1, 0x0, 0x7fffffff, 0x1f9, 0xed, 0x400, 0x1, 0x7, 0x800, 0xdccc, 0x6, 0x8, 0x9, 0x4, 0x515, 0xffffffff, 0xfffffff8, 0x0, 0x9, 0x6, 0x3, 0x5, 0x8, 0x7, 0x0, 0x6, 0x3, 0x1, 0xfff, 0xe7, 0x9, 0xb, 0x9, 0x80000001, 0x5, 0xbd37, 0x9, 0x8, 0x5395, 0x6, 0x6, 0x4370, 0x0, 0x0, 0x0, 0x4e00, 0x5, 0x7fffffff, 0x6, 0x6, 0x0, 0x0, 0xfff, 0x3, 0xc, 0x8000, 0xe, 0x5, 0xc2, 0xe4df, 0x2, 0x8, 0x5, 0x9, 0x7, 0x45, 0xc, 0x100, 0x8, 0xbcd, 0x7, 0xfffffffa, 0x0, 0x800, 0x7fffffff, 0x10000, 0xe1, 0x5, 0x3, 0x8, 0x6, 0x19d4, 0xf7, 0x3, 0x8, 0x8, 0x4, 0x7, 0x3, 0x6, 0x108, 0x6, 0x0, 0x1, 0xc, 0x10, 0x5, 0x5, 0x0, 0x10001, 0x0, 0x9, 0x5, 0xf, 0x0, 0x9, 0x6, 0x100, 0x1, 0x9, 0x3, 0x1, 0x2, 0x10000, 0xa, 0x1c, 0xffffffff, 0x9000000, 0x6, 0x8, 0xc, 0x8, 0x1, 0xc, 0x4, 0x7, 0xf, 0x1, 0x5, 0xffffffff, 0x9, 0x40, 0x4, 0x1, 0xffff80d6, 0x2, 0x2, 0x3, 0x78, 0x5, 0x540, 0x3, 0xff, 0xff, 0x3, 0x4, 0x2, 0x4, 0xc, 0xa, 0x0, 0x80000000, 0x94, 0x3ff, 0x3, 0x9, 0x7, 0xffff253d, 0xfffffff7, 0x7fffffff, 0x1, 0x4, 0x8, 0xb3a5, 0x0, 0x9, 0xffffffff, 0x0, 0x3d, 0x6, 0x2, 0x0, 0x2, 0x6, 0x3, 0x0, 0x0, 0xc0, 0x6b3, 0x4, 0xc0d, 0xfffffff9, 0xff, 0xe93, 0x4, 0x9, 0x49f5, 0xfffffff7, 0x80, 0x871, 0x2, 0x7, 0x8, 0x4, 0x7, 0x0, 0xffffffff, 0x3, 0x9, 0x0, 0x1ff, 0x800, 0x8, 0x200, 0x3, 0x5, 0x7ff, 0x200, 0x1, 0x71, 0x7, 0x81, 0x400, 0x2, 0xb9, 0x6, 0x9, 0x5, 0x6, 0x0, 0x1, 0x825, 0xec, 0xa, 0x5, 0x7, 0x2, 0x8000, 0x5, 0xd4e, 0x5, 0x7, 0x10001, 0x7, 0xfffffffd, 0x1, 0x3, 0x10, 0x2, 0x0, 0x7, 0x8, 0x5, 0x1, 0x3, 0xe, 0x101, 0x9, 0x2]}, @TCA_TBF_PARMS={0x28, 0x1, {{0x0, 0x0, 0x7, 0x800, 0x800, 0x9}, {0x5, 0x0, 0x1, 0xffff, 0x9, 0x9}, 0x6, 0x3, 0x1c19}}]}}]}, 0x45c}}, 0x0) 349.988401ms ago: executing program 6 (id=1841): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'generic-gcm-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[@assoc={0x18, 0x117, 0x4, 0xe}], 0x18, 0x589c9bd8c1bcd27f}, 0xc004014) sendmsg$nl_route_sched_retired(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000019600)=@newtaction={0x14, 0x30, 0x800, 0x70bd2b, 0xbc}, 0x14}}, 0x40) recvmmsg(r1, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000500)=""/229, 0xe5}], 0x1}}], 0x1, 0x60, 0x0) 284.079323ms ago: executing program 0 (id=1842): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001800)=ANY=[@ANYBLOB="180000002500010324bd7002ffdbdf25010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x4008}, 0x0) recvmsg(r0, &(0x7f00000031c0)={0x0, 0x0, 0x0}, 0x2000) recvmmsg(r0, 0x0, 0x0, 0x2030, 0x0) 257.463495ms ago: executing program 1 (id=1843): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000080)={0xd, 0x3, &(0x7f0000001300)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8}, 0x94) mlock(&(0x7f0000ffb000/0x3000)=nil, 0x3000) move_pages(0x0, 0x2, &(0x7f00000003c0)=[&(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil], &(0x7f0000000540)=[0x1, 0x1], &(0x7f0000001680), 0x0) 165.365332ms ago: executing program 6 (id=1844): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0xbf5ce000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x3, &(0x7f0000000200)=0x860, 0x45) 25.479297ms ago: executing program 0 (id=1845): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x2}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0xd, 0xfff1}, {}, {0xfff1, 0x9}}, [@filter_kind_options=@f_flow={{0x9}, {0x4}}]}, 0x34}}, 0x20004000) 0s ago: executing program 1 (id=1846): mkdir(&(0x7f0000000380)='./file1\x00', 0xa) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}]}) kernel console output (not intermixed with test programs): 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 161.253234][ T55] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 161.261714][ T5895] usb 4-1: Product: syz [ 161.268674][ T5895] usb 4-1: Manufacturer: syz [ 161.285642][ T5920] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 161.293294][ T55] dvb-usb: bulk message failed: -22 (6/0) [ 161.303361][ T5895] usb 4-1: SerialNumber: syz [ 161.341911][ T5920] usb 5-1: device descriptor read/8, error -71 [ 161.361207][ T55] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 161.417511][ T55] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input6 [ 161.452809][ T5920] usb usb5-port1: unable to enumerate USB device [ 161.476226][ T55] dvb-usb: schedule remote query interval to 150 msecs. [ 161.516312][ T55] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 161.581457][ T5895] usb 4-1: selecting invalid altsetting 0 [ 161.670436][ T55] dvb-usb: bulk message failed: -22 (1/0) [ 161.697578][ T55] dvb-usb: error while querying for an remote control event. [ 161.831933][ T5895] usb 4-1: USB disconnect, device number 9 [ 161.940756][ T5846] udevd[5846]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 161.964421][ T55] dvb-usb: bulk message failed: -22 (1/0) [ 161.987255][ T55] dvb-usb: error while querying for an remote control event. [ 162.168825][ T5895] dvb-usb: bulk message failed: -22 (1/0) [ 162.174893][ T5895] dvb-usb: error while querying for an remote control event. [ 162.263471][ T7377] 9p: Bad value for 'rfdno' [ 162.349464][ T5895] dvb-usb: bulk message failed: -22 (1/0) [ 162.373722][ T5895] dvb-usb: error while querying for an remote control event. [ 162.548626][ T5895] dvb-usb: bulk message failed: -22 (1/0) [ 162.554658][ T5895] dvb-usb: error while querying for an remote control event. [ 162.718646][ T5895] dvb-usb: bulk message failed: -22 (1/0) [ 162.728079][ T5895] dvb-usb: error while querying for an remote control event. [ 162.728316][ T7390] kAFS: No cell specified [ 162.952965][ T55] dvb-usb: bulk message failed: -22 (1/0) [ 162.961265][ T55] dvb-usb: error while querying for an remote control event. [ 163.018583][ T5895] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 163.130331][ T55] dvb-usb: bulk message failed: -22 (1/0) [ 163.152780][ T55] dvb-usb: error while querying for an remote control event. [ 163.169378][ T5895] usb 4-1: device descriptor read/64, error -71 [ 163.328624][ T55] dvb-usb: bulk message failed: -22 (1/0) [ 163.334584][ T55] dvb-usb: error while querying for an remote control event. [ 163.418584][ T5895] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 163.451969][ T55] usb 1-1: USB disconnect, device number 10 [ 163.575711][ T55] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 163.592856][ T5895] usb 4-1: device descriptor read/64, error -71 [ 163.719087][ T5895] usb usb4-port1: attempt power cycle [ 164.013409][ T7410] 9p: Bad value for 'rfdno' [ 164.192287][ T5895] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 164.219285][ T5895] usb 4-1: device descriptor read/8, error -71 [ 164.468923][ T5895] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 164.472940][ T7425] kAFS: No cell specified [ 164.513457][ T5895] usb 4-1: device descriptor read/8, error -71 [ 164.676080][ T5895] usb usb4-port1: unable to enumerate USB device [ 164.780479][ T7432] netlink: 'syz.1.519': attribute type 29 has an invalid length. [ 164.789795][ T7432] netlink: 8 bytes leftover after parsing attributes in process `syz.1.519'. [ 164.800070][ T7432] bond0: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 165.445090][ T7444] 9p: Bad value for 'rfdno' [ 165.930296][ T7453] kAFS: No cell specified [ 166.084280][ T7459] netlink: 'syz.0.531': attribute type 29 has an invalid length. [ 166.128399][ T7459] netlink: 8 bytes leftover after parsing attributes in process `syz.0.531'. [ 166.161012][ T7459] bond0: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 166.320616][ T7472] 9p: Bad value for 'rfdno' [ 166.556441][ T10] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 166.602898][ T7484] kAFS: No cell specified [ 166.698608][ T10] usb 1-1: device descriptor read/64, error -71 [ 166.949128][ T10] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 167.098688][ T10] usb 1-1: device descriptor read/64, error -71 [ 167.126022][ T7497] CUSE: unknown device info "" [ 167.139022][ T7497] CUSE: unknown device info "" [ 167.161832][ T7497] CUSE: unknown device info "" [ 167.173504][ T7497] CUSE: zero length info key specified [ 167.221008][ T10] usb usb1-port1: attempt power cycle [ 167.276526][ T7502] 9p: Bad value for 'rfdno' [ 167.614234][ T7510] kAFS: No cell specified [ 167.628852][ T10] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 167.694164][ T10] usb 1-1: device descriptor read/8, error -71 [ 167.759458][ T7514] netlink: 36 bytes leftover after parsing attributes in process `syz.3.553'. [ 167.823726][ T7518] netlink: 36 bytes leftover after parsing attributes in process `syz.3.553'. [ 168.045736][ T7521] NILFS (nullb0): couldn't find nilfs on the device [ 168.071631][ T10] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 168.113421][ T10] usb 1-1: device descriptor read/8, error -71 [ 168.308329][ T10] usb usb1-port1: unable to enumerate USB device [ 168.814059][ T7535] 9p: Bad value for 'rfdno' [ 169.129116][ T55] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 169.208634][ T10] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 169.288578][ T55] usb 4-1: Using ep0 maxpacket: 16 [ 169.307648][ T55] usb 4-1: config 0 interface 0 altsetting 13 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 169.343822][ T55] usb 4-1: config 0 interface 0 altsetting 13 endpoint 0x81 has invalid wMaxPacketSize 0 [ 169.364567][ T10] usb 2-1: device descriptor read/64, error -71 [ 169.380018][ T55] usb 4-1: config 0 interface 0 has no altsetting 0 [ 169.393468][ T55] usb 4-1: New USB device found, idVendor=1b1c, idProduct=1b25, bcdDevice= 0.00 [ 169.405983][ T55] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 169.434837][ T55] usb 4-1: config 0 descriptor?? [ 169.638585][ T10] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 169.880864][ T10] usb 2-1: device descriptor read/64, error -71 [ 170.267275][ T10] usb usb2-port1: attempt power cycle [ 170.279005][ T55] hid-corsair-void 0003:1B1C:1B25.0001: unknown main item tag 0x0 [ 170.293099][ T55] hid-corsair-void 0003:1B1C:1B25.0001: unknown main item tag 0x0 [ 170.301169][ T55] hid-corsair-void 0003:1B1C:1B25.0001: unknown main item tag 0x0 [ 170.309193][ T55] hid-corsair-void 0003:1B1C:1B25.0001: unknown main item tag 0x0 [ 170.399460][ T55] hid-corsair-void 0003:1B1C:1B25.0001: unknown main item tag 0x0 [ 170.462631][ T55] hid-corsair-void 0003:1B1C:1B25.0001: hidraw0: USB HID v0.05 Device [HID 1b1c:1b25] on usb-dummy_hcd.3-1/input0 [ 170.600129][ T55] usb 4-1: USB disconnect, device number 14 [ 170.709083][ T7567] NILFS (nullb0): couldn't find nilfs on the device [ 171.125887][ T10] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 171.149709][ T10] usb 2-1: device descriptor read/8, error -71 [ 171.207183][ T7563] fido_id[7563]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 171.398593][ T10] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 171.449240][ T10] usb 2-1: device descriptor read/8, error -71 [ 171.557987][ T7571] 9pnet_fd: Insufficient options for proto=fd [ 171.600323][ T10] usb usb2-port1: unable to enumerate USB device [ 172.069115][ T5915] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 172.138568][ T10] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 172.167989][ T7593] netlink: 'syz.1.580': attribute type 29 has an invalid length. [ 172.176115][ T7593] netlink: 8 bytes leftover after parsing attributes in process `syz.1.580'. [ 172.185323][ T7593] bond0: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 172.242469][ T5915] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 172.277361][ T5915] usb 5-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce [ 172.292685][ T5915] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 172.302861][ T5915] usb 5-1: Product: syz [ 172.308151][ T5915] usb 5-1: Manufacturer: syz [ 172.313427][ T10] usb 1-1: Using ep0 maxpacket: 8 [ 172.318859][ T5915] usb 5-1: SerialNumber: syz [ 172.326031][ T10] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 172.336923][ T10] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 172.352184][ T10] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 172.364891][ T5915] usb 5-1: config 0 descriptor?? [ 172.393004][ T5915] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in cold state, will try to load a firmware [ 172.405400][ T10] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 172.436123][ T10] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 172.449568][ T5915] usb 5-1: Direct firmware load for dvb-usb-digivox-02.fw failed with error -2 [ 172.473648][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 172.485391][ T5915] usb 5-1: Falling back to sysfs fallback for: dvb-usb-digivox-02.fw [ 173.029071][ T10] usb 1-1: GET_CAPABILITIES returned 0 [ 174.653302][ T10] usbtmc 1-1:16.0: can't read capabilities [ 174.982413][ T10] usb 1-1: USB disconnect, device number 15 [ 175.039688][ T7610] 9pnet_fd: Insufficient options for proto=fd [ 176.369083][ T5841] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201' [ 176.378695][ T5841] CPU: 0 UID: 0 PID: 5841 Comm: kworker/u9:3 Not tainted syzkaller #0 PREEMPT(full) [ 176.378724][ T5841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 176.378735][ T5841] Workqueue: hci4 hci_rx_work [ 176.378760][ T5841] Call Trace: [ 176.378767][ T5841] [ 176.378775][ T5841] dump_stack_lvl+0xe8/0x150 [ 176.378803][ T5841] sysfs_create_dir_ns+0x271/0x2a0 [ 176.378830][ T5841] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 176.378853][ T5841] ? do_raw_spin_unlock+0xf5/0x210 [ 176.378878][ T5841] kobject_add_internal+0x62b/0xd00 [ 176.378928][ T5841] kobject_add+0x163/0x240 [ 176.378958][ T5841] ? __pfx_kobject_add+0x10/0x10 [ 176.378982][ T5841] ? _raw_spin_unlock+0x28/0x50 [ 176.379004][ T5841] ? get_device_parent+0x366/0x3a0 [ 176.379030][ T5841] device_add+0x408/0xb70 [ 176.379056][ T5841] hci_conn_add_sysfs+0xd5/0x210 [ 176.379079][ T5841] le_conn_complete_evt+0xf1d/0x1430 [ 176.379111][ T5841] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 176.379132][ T5841] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 176.379155][ T5841] ? __pfx___mutex_lock+0x10/0x10 [ 176.379176][ T5841] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 176.379194][ T5841] ? skb_pull_data+0xfb/0x200 [ 176.379223][ T5841] hci_le_conn_complete_evt+0x187/0x470 [ 176.379253][ T5841] hci_event_packet+0x7af/0x12c0 [ 176.379278][ T5841] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 176.379300][ T5841] ? __pfx_hci_event_packet+0x10/0x10 [ 176.379324][ T5841] ? kcov_remote_start+0x49a/0x7a0 [ 176.379347][ T5841] ? hci_send_to_monitor+0xe2/0x590 [ 176.379374][ T5841] hci_rx_work+0x3ee/0x1040 [ 176.379411][ T5841] ? process_one_work+0x8bb/0x1780 [ 176.379434][ T5841] process_one_work+0x9ab/0x1780 [ 176.379479][ T5841] ? __pfx_process_one_work+0x10/0x10 [ 176.379501][ T5841] ? do_raw_spin_lock+0x12b/0x2f0 [ 176.379537][ T5841] worker_thread+0xba8/0x11e0 [ 176.379583][ T5841] kthread+0x388/0x470 [ 176.379604][ T5841] ? __pfx_worker_thread+0x10/0x10 [ 176.379618][ T5841] ? __pfx_kthread+0x10/0x10 [ 176.379638][ T5841] ret_from_fork+0x51e/0xb90 [ 176.379666][ T5841] ? __pfx_ret_from_fork+0x10/0x10 [ 176.379688][ T5841] ? __switch_to+0xc7d/0x1450 [ 176.379718][ T5841] ? __pfx_kthread+0x10/0x10 [ 176.379738][ T5841] ret_from_fork_asm+0x1a/0x30 [ 176.379771][ T5841] [ 176.379799][ T5841] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 176.444605][ T7638] netlink: 'syz.3.594': attribute type 29 has an invalid length. [ 176.445856][ T5841] Bluetooth: hci4: failed to register connection device [ 176.506588][ T7639] netlink: 20 bytes leftover after parsing attributes in process `syz.2.593'. [ 176.658703][ T7638] netlink: 8 bytes leftover after parsing attributes in process `syz.3.594'. [ 176.691551][ T7638] bond0: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 177.911057][ T7650] NILFS (nullb0): couldn't find nilfs on the device [ 178.509140][ T7652] 9pnet_fd: Insufficient options for proto=fd [ 178.659100][ T5852] udevd[5852]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 178.668802][ T5161] Bluetooth: hci4: command 0x0405 tx timeout [ 179.013088][ T7674] netlink: 'syz.1.606': attribute type 29 has an invalid length. [ 179.022757][ T7674] netlink: 8 bytes leftover after parsing attributes in process `syz.1.606'. [ 179.032518][ T7674] bond0: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 179.108639][ T993] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 179.269831][ T993] usb 4-1: device descriptor read/64, error -71 [ 179.638770][ T993] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 179.798605][ T993] usb 4-1: device descriptor read/64, error -71 [ 179.920637][ T993] usb usb4-port1: attempt power cycle [ 180.293269][ T993] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 180.303675][ T5920] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 180.339410][ T993] usb 4-1: device descriptor read/8, error -71 [ 180.448616][ T5920] usb 1-1: device descriptor read/64, error -71 [ 180.590310][ T993] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 180.629027][ T993] usb 4-1: device descriptor read/8, error -71 [ 180.708612][ T5920] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 180.749675][ T5161] Bluetooth: hci4: command 0x0405 tx timeout [ 180.755922][ T993] usb usb4-port1: unable to enumerate USB device [ 180.813368][ T7697] 9pnet_fd: Insufficient options for proto=fd [ 180.858704][ T5920] usb 1-1: device descriptor read/64, error -71 [ 180.897511][ T7699] fuse: fd is not a fuse device [ 180.982857][ T5920] usb usb1-port1: attempt power cycle [ 180.990292][ T7703] netlink: 8 bytes leftover after parsing attributes in process `syz.4.617'. [ 181.349373][ T5920] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 181.379932][ T5920] usb 1-1: device descriptor read/8, error -71 [ 181.628628][ T5920] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 181.659132][ T5920] usb 1-1: device descriptor read/8, error -71 [ 181.769663][ T5920] usb usb1-port1: unable to enumerate USB device [ 182.026646][ T7731] 9p: Bad value for 'rfdno' [ 182.172851][ T7735] fuse: Unknown parameter 'group_id00000000000000000000' [ 183.954640][ T7754] fuse: Unknown parameter 'group_id00000000000000000000' [ 184.939733][ T7771] fuse: fd is not a fuse device [ 185.082245][ T7774] 9pnet_fd: Insufficient options for proto=fd [ 185.100573][ T993] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 185.290161][ T993] usb 2-1: Using ep0 maxpacket: 8 [ 185.297682][ T993] usb 2-1: no configurations [ 185.307106][ T993] usb 2-1: can't read configurations, error -22 [ 185.551149][ T993] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 185.718573][ T993] usb 2-1: Using ep0 maxpacket: 8 [ 185.739271][ T993] usb 2-1: no configurations [ 185.761258][ T993] usb 2-1: can't read configurations, error -22 [ 185.791376][ T993] usb usb2-port1: attempt power cycle [ 185.907035][ T5161] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 185.917058][ T5161] CPU: 0 UID: 0 PID: 5161 Comm: kworker/u9:1 Not tainted syzkaller #0 PREEMPT(full) [ 185.917079][ T5161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 185.917090][ T5161] Workqueue: hci3 hci_rx_work [ 185.917110][ T5161] Call Trace: [ 185.917116][ T5161] [ 185.917122][ T5161] dump_stack_lvl+0xe8/0x150 [ 185.917150][ T5161] sysfs_create_dir_ns+0x271/0x2a0 [ 185.917171][ T5161] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 185.917185][ T5161] ? do_raw_spin_unlock+0xf5/0x210 [ 185.917202][ T5161] kobject_add_internal+0x62b/0xd00 [ 185.917221][ T5161] kobject_add+0x163/0x240 [ 185.917235][ T5161] ? __pfx_kobject_add+0x10/0x10 [ 185.917248][ T5161] ? _raw_spin_unlock+0x28/0x50 [ 185.917261][ T5161] ? get_device_parent+0x366/0x3a0 [ 185.917275][ T5161] device_add+0x408/0xb70 [ 185.917290][ T5161] hci_conn_add_sysfs+0xd5/0x210 [ 185.917303][ T5161] le_conn_complete_evt+0xf1d/0x1430 [ 185.917322][ T5161] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 185.917335][ T5161] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 185.917348][ T5161] ? __pfx___mutex_lock+0x10/0x10 [ 185.917359][ T5161] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 185.917369][ T5161] ? skb_pull_data+0xfb/0x200 [ 185.917385][ T5161] hci_le_conn_complete_evt+0x187/0x470 [ 185.917401][ T5161] hci_event_packet+0x7af/0x12c0 [ 185.917415][ T5161] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 185.917427][ T5161] ? __pfx_hci_event_packet+0x10/0x10 [ 185.917440][ T5161] ? kcov_remote_start+0x49a/0x7a0 [ 185.917452][ T5161] ? hci_send_to_monitor+0xe2/0x590 [ 185.917467][ T5161] hci_rx_work+0x3ee/0x1040 [ 185.917483][ T5161] ? process_one_work+0x8bb/0x1780 [ 185.917496][ T5161] process_one_work+0x9ab/0x1780 [ 185.917520][ T5161] ? __pfx_process_one_work+0x10/0x10 [ 185.917532][ T5161] ? do_raw_spin_lock+0x12b/0x2f0 [ 185.917551][ T5161] worker_thread+0xba8/0x11e0 [ 185.917564][ T5161] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 185.917575][ T5161] ? __kthread_parkme+0x7a/0x1f0 [ 185.917585][ T5161] ? __kthread_parkme+0x19c/0x1f0 [ 185.917597][ T5161] kthread+0x388/0x470 [ 185.917608][ T5161] ? __pfx_worker_thread+0x10/0x10 [ 185.917615][ T5161] ? __pfx_kthread+0x10/0x10 [ 185.917627][ T5161] ret_from_fork+0x51e/0xb90 [ 185.917642][ T5161] ? __pfx_ret_from_fork+0x10/0x10 [ 185.917653][ T5161] ? __switch_to+0xc7d/0x1450 [ 185.917667][ T5161] ? __pfx_kthread+0x10/0x10 [ 185.917678][ T5161] ret_from_fork_asm+0x1a/0x30 [ 185.917704][ T5161] [ 185.917739][ T5161] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 186.168854][ T5161] Bluetooth: hci3: failed to register connection device [ 186.238792][ T993] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 186.269811][ T993] usb 2-1: Using ep0 maxpacket: 8 [ 186.279346][ T993] usb 2-1: no configurations [ 186.289515][ T993] usb 2-1: can't read configurations, error -22 [ 186.419876][ T993] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 186.433259][ T7792] netlink: 20 bytes leftover after parsing attributes in process `syz.3.640'. [ 186.454746][ T993] usb 2-1: Using ep0 maxpacket: 8 [ 186.473593][ T993] usb 2-1: no configurations [ 186.482166][ T993] usb 2-1: can't read configurations, error -22 [ 186.496854][ T993] usb usb2-port1: unable to enumerate USB device [ 187.038031][ T7803] fuse: Unknown parameter 'group_id00000000000000000000' [ 187.968350][ T7817] capability: warning: `syz.1.650' uses 32-bit capabilities (legacy support in use) [ 188.027437][ T7819] netlink: 'syz.0.651': attribute type 29 has an invalid length. [ 188.076535][ T7819] netlink: 8 bytes leftover after parsing attributes in process `syz.0.651'. [ 189.664988][ T5841] Bluetooth: hci3: command 0x2016 tx timeout [ 189.735278][ T7819] bond0: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 191.242310][ T7843] netlink: 16 bytes leftover after parsing attributes in process `syz.4.659'. [ 191.417690][ T7849] fuse: Bad value for 'user_id' [ 191.433536][ T7849] fuse: Bad value for 'user_id' [ 191.772867][ T5847] Bluetooth: hci3: command 0x2016 tx timeout [ 191.773258][ T5842] Bluetooth: hci1: command 0x2016 tx timeout [ 191.778977][ T5847] Bluetooth: hci4: command 0x0405 tx timeout [ 191.785381][ T5842] Bluetooth: hci0: command 0x2016 tx timeout [ 191.791426][ T5847] Bluetooth: hci2: command 0x2016 tx timeout [ 191.892156][ T7864] NILFS (nullb0): couldn't find nilfs on the device [ 193.895882][ T7884] netlink: 4 bytes leftover after parsing attributes in process `syz.1.671'. [ 194.108573][ T5854] Bluetooth: hci3: command 0x2016 tx timeout [ 194.163073][ T7897] fuse: Bad value for 'user_id' [ 194.170486][ T5854] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201' [ 194.182870][ T5854] CPU: 0 UID: 0 PID: 5854 Comm: kworker/u9:6 Not tainted syzkaller #0 PREEMPT(full) [ 194.182894][ T5854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 194.182904][ T5854] Workqueue: hci4 hci_rx_work [ 194.182929][ T5854] Call Trace: [ 194.182935][ T5854] [ 194.182942][ T5854] dump_stack_lvl+0xe8/0x150 [ 194.182968][ T5854] sysfs_create_dir_ns+0x271/0x2a0 [ 194.182993][ T5854] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 194.183013][ T5854] ? do_raw_spin_unlock+0xf5/0x210 [ 194.183037][ T5854] kobject_add_internal+0x62b/0xd00 [ 194.183068][ T5854] kobject_add+0x163/0x240 [ 194.183093][ T5854] ? __pfx_kobject_add+0x10/0x10 [ 194.183111][ T5854] ? _raw_spin_unlock+0x28/0x50 [ 194.183128][ T5854] ? get_device_parent+0x366/0x3a0 [ 194.183150][ T5854] device_add+0x408/0xb70 [ 194.183182][ T5854] hci_conn_add_sysfs+0xd5/0x210 [ 194.183201][ T5854] le_conn_complete_evt+0xf1d/0x1430 [ 194.183230][ T5854] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 194.183249][ T5854] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 194.183273][ T5854] ? __pfx___mutex_lock+0x10/0x10 [ 194.183291][ T5854] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 194.183308][ T5854] ? skb_pull_data+0xfb/0x200 [ 194.183334][ T5854] hci_le_conn_complete_evt+0x187/0x470 [ 194.183363][ T5854] hci_event_packet+0x7af/0x12c0 [ 194.183388][ T5854] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 194.183409][ T5854] ? __pfx_hci_event_packet+0x10/0x10 [ 194.183432][ T5854] ? kcov_remote_start+0x49a/0x7a0 [ 194.183452][ T5854] ? hci_send_to_monitor+0xe2/0x590 [ 194.183475][ T5854] hci_rx_work+0x3ee/0x1040 [ 194.183502][ T5854] ? process_one_work+0x8bb/0x1780 [ 194.183523][ T5854] process_one_work+0x9ab/0x1780 [ 194.183563][ T5854] ? __pfx_process_one_work+0x10/0x10 [ 194.183582][ T5854] ? do_raw_spin_lock+0x12b/0x2f0 [ 194.183616][ T5854] worker_thread+0xba8/0x11e0 [ 194.183640][ T5854] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 194.183659][ T5854] ? __kthread_parkme+0x7a/0x1f0 [ 194.183674][ T5854] ? __kthread_parkme+0x19c/0x1f0 [ 194.183697][ T5854] kthread+0x388/0x470 [ 194.183716][ T5854] ? __pfx_worker_thread+0x10/0x10 [ 194.183729][ T5854] ? __pfx_kthread+0x10/0x10 [ 194.183747][ T5854] ret_from_fork+0x51e/0xb90 [ 194.183770][ T5854] ? __pfx_ret_from_fork+0x10/0x10 [ 194.183789][ T5854] ? __switch_to+0xc7d/0x1450 [ 194.183810][ T5854] ? __pfx_kthread+0x10/0x10 [ 194.183827][ T5854] ret_from_fork_asm+0x1a/0x30 [ 194.183857][ T5854] [ 194.183973][ T5854] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 194.187485][ T7897] fuse: Bad value for 'user_id' [ 194.210771][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.455062][ T5854] Bluetooth: hci4: failed to register connection device [ 194.485965][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.503043][ T7902] netlink: 20 bytes leftover after parsing attributes in process `syz.2.677'. [ 194.702325][ T5852] udevd[5852]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 194.718571][ T5995] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 194.880488][ T5995] usb 4-1: Using ep0 maxpacket: 8 [ 194.888161][ T5995] usb 4-1: no configurations [ 194.897118][ T5995] usb 4-1: can't read configurations, error -22 [ 195.526797][ T5995] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 195.678559][ T5995] usb 4-1: Using ep0 maxpacket: 8 [ 195.684347][ T5995] usb 4-1: no configurations [ 195.696132][ T5995] usb 4-1: can't read configurations, error -22 [ 195.703407][ T5995] usb usb4-port1: attempt power cycle [ 197.456205][ T51] Bluetooth: hci4: command 0x0405 tx timeout [ 197.518638][ T5995] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 197.748572][ T5995] usb 4-1: device not accepting address 21, error -71 [ 198.570763][ T7954] fuse: Bad value for 'user_id' [ 198.584178][ T7954] fuse: Bad value for 'user_id' [ 199.468867][ T5854] Bluetooth: hci4: command 0x0405 tx timeout [ 201.574928][ T7992] fuse: Bad value for 'fd' [ 201.848206][ T8003] NILFS (nullb0): couldn't find nilfs on the device [ 207.310500][ T8051] NILFS (nullb0): couldn't find nilfs on the device [ 208.698590][ T47] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 209.300168][ T47] usb 4-1: Using ep0 maxpacket: 8 [ 209.307148][ T47] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 209.317450][ T47] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 209.327776][ T47] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 209.340512][ T47] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 209.354075][ T47] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 209.366532][ T47] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 210.054592][ T47] usb 4-1: GET_CAPABILITIES returned 0 [ 210.077360][ T47] usbtmc 4-1:16.0: can't read capabilities [ 210.277127][ T8054] usbtmc 4-1:16.0: send_request_dev_dep_msg_in returned -90 [ 210.314899][ T10] usb 4-1: USB disconnect, device number 23 [ 210.391847][ T5854] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 210.401514][ T5854] CPU: 0 UID: 0 PID: 5854 Comm: kworker/u9:6 Not tainted syzkaller #0 PREEMPT(full) [ 210.401542][ T5854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 210.401548][ T5854] Workqueue: hci2 hci_rx_work [ 210.401567][ T5854] Call Trace: [ 210.401573][ T5854] [ 210.401577][ T5854] dump_stack_lvl+0xe8/0x150 [ 210.401595][ T5854] sysfs_create_dir_ns+0x271/0x2a0 [ 210.401611][ T5854] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 210.401624][ T5854] ? do_raw_spin_unlock+0xf5/0x210 [ 210.401639][ T5854] kobject_add_internal+0x62b/0xd00 [ 210.401657][ T5854] kobject_add+0x163/0x240 [ 210.401671][ T5854] ? __pfx_kobject_add+0x10/0x10 [ 210.401685][ T5854] ? _raw_spin_unlock+0x28/0x50 [ 210.401697][ T5854] ? get_device_parent+0x366/0x3a0 [ 210.401712][ T5854] device_add+0x408/0xb70 [ 210.401726][ T5854] hci_conn_add_sysfs+0xd5/0x210 [ 210.401740][ T5854] le_conn_complete_evt+0xf1d/0x1430 [ 210.401759][ T5854] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 210.401771][ T5854] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 210.401784][ T5854] ? __pfx___mutex_lock+0x10/0x10 [ 210.401795][ T5854] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 210.401806][ T5854] ? skb_pull_data+0xfb/0x200 [ 210.401822][ T5854] hci_le_conn_complete_evt+0x187/0x470 [ 210.401839][ T5854] hci_event_packet+0x7af/0x12c0 [ 210.401853][ T5854] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 210.401865][ T5854] ? __pfx_hci_event_packet+0x10/0x10 [ 210.401878][ T5854] ? kcov_remote_start+0x49a/0x7a0 [ 210.401891][ T5854] ? hci_send_to_monitor+0xe2/0x590 [ 210.401906][ T5854] hci_rx_work+0x3ee/0x1040 [ 210.401922][ T5854] ? process_one_work+0x8bb/0x1780 [ 210.401935][ T5854] process_one_work+0x9ab/0x1780 [ 210.401959][ T5854] ? __pfx_process_one_work+0x10/0x10 [ 210.401971][ T5854] ? do_raw_spin_lock+0x12b/0x2f0 [ 210.401990][ T5854] worker_thread+0xba8/0x11e0 [ 210.402004][ T5854] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 210.402015][ T5854] ? __kthread_parkme+0x7a/0x1f0 [ 210.402025][ T5854] ? __kthread_parkme+0x19c/0x1f0 [ 210.402040][ T5854] kthread+0x388/0x470 [ 210.402051][ T5854] ? __pfx_worker_thread+0x10/0x10 [ 210.402059][ T5854] ? __pfx_kthread+0x10/0x10 [ 210.402070][ T5854] ret_from_fork+0x51e/0xb90 [ 210.402085][ T5854] ? __pfx_ret_from_fork+0x10/0x10 [ 210.402097][ T5854] ? __switch_to+0xc7d/0x1450 [ 210.402111][ T5854] ? __pfx_kthread+0x10/0x10 [ 210.402122][ T5854] ret_from_fork_asm+0x1a/0x30 [ 210.402140][ T5854] [ 210.402158][ T5854] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 210.655563][ T5854] Bluetooth: hci2: failed to register connection device [ 210.767490][ T8089] netlink: 20 bytes leftover after parsing attributes in process `syz.0.738'. [ 210.972164][ T47] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 211.003661][ T5852] udevd[5852]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 212.418577][ T47] usb 2-1: Using ep0 maxpacket: 8 [ 212.433773][ T47] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 212.458852][ T47] usb 2-1: config 0 has no interfaces? [ 212.489731][ T47] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 212.669112][ T51] Bluetooth: hci2: command 0x2016 tx timeout [ 213.025082][ T47] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 213.046700][ T47] usb 2-1: Product: syz [ 213.064076][ T47] usb 2-1: Manufacturer: syz [ 213.076558][ T47] usb 2-1: SerialNumber: syz [ 213.100116][ T47] usb 2-1: config 0 descriptor?? [ 213.454900][ T8122] 9p: Could not find request transport: fd0xffffffffffffffff [ 214.351496][ T10] usb 2-1: USB disconnect, device number 18 [ 214.543965][ T5854] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201' [ 214.554637][ T5854] CPU: 1 UID: 0 PID: 5854 Comm: kworker/u9:6 Not tainted syzkaller #0 PREEMPT(full) [ 214.554661][ T5854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 214.554673][ T5854] Workqueue: hci4 hci_rx_work [ 214.554708][ T5854] Call Trace: [ 214.554716][ T5854] [ 214.554723][ T5854] dump_stack_lvl+0xe8/0x150 [ 214.554766][ T5854] sysfs_create_dir_ns+0x271/0x2a0 [ 214.554793][ T5854] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 214.554817][ T5854] ? do_raw_spin_unlock+0xf5/0x210 [ 214.554842][ T5854] kobject_add_internal+0x62b/0xd00 [ 214.554872][ T5854] kobject_add+0x163/0x240 [ 214.554899][ T5854] ? __pfx_kobject_add+0x10/0x10 [ 214.554920][ T5854] ? _raw_spin_unlock+0x28/0x50 [ 214.554941][ T5854] ? get_device_parent+0x366/0x3a0 [ 214.554967][ T5854] device_add+0x408/0xb70 [ 214.554990][ T5854] hci_conn_add_sysfs+0xd5/0x210 [ 214.555011][ T5854] le_conn_complete_evt+0xf1d/0x1430 [ 214.555048][ T5854] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 214.555068][ T5854] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 214.555091][ T5854] ? __pfx___mutex_lock+0x10/0x10 [ 214.555112][ T5854] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 214.555130][ T5854] ? skb_pull_data+0xfb/0x200 [ 214.555158][ T5854] hci_le_conn_complete_evt+0x187/0x470 [ 214.555187][ T5854] hci_event_packet+0x7af/0x12c0 [ 214.555211][ T5854] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 214.555233][ T5854] ? __pfx_hci_event_packet+0x10/0x10 [ 214.555256][ T5854] ? kcov_remote_start+0x49a/0x7a0 [ 214.555278][ T5854] ? hci_send_to_monitor+0xe2/0x590 [ 214.555305][ T5854] hci_rx_work+0x3ee/0x1040 [ 214.555332][ T5854] ? process_one_work+0x8bb/0x1780 [ 214.555355][ T5854] process_one_work+0x9ab/0x1780 [ 214.555398][ T5854] ? __pfx_process_one_work+0x10/0x10 [ 214.555416][ T5854] ? do_raw_spin_lock+0x12b/0x2f0 [ 214.555446][ T5854] worker_thread+0xba8/0x11e0 [ 214.555468][ T5854] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 214.555486][ T5854] ? __kthread_parkme+0x7a/0x1f0 [ 214.555502][ T5854] ? __kthread_parkme+0x19c/0x1f0 [ 214.555522][ T5854] kthread+0x388/0x470 [ 214.555541][ T5854] ? __pfx_worker_thread+0x10/0x10 [ 214.555554][ T5854] ? __pfx_kthread+0x10/0x10 [ 214.555574][ T5854] ret_from_fork+0x51e/0xb90 [ 214.555599][ T5854] ? __pfx_ret_from_fork+0x10/0x10 [ 214.555618][ T5854] ? __switch_to+0xc7d/0x1450 [ 214.555638][ T5854] ? __pfx_kthread+0x10/0x10 [ 214.555657][ T5854] ret_from_fork_asm+0x1a/0x30 [ 214.555685][ T5854] [ 214.555745][ T5854] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 214.614543][ T8144] netlink: 20 bytes leftover after parsing attributes in process `syz.2.754'. [ 214.618052][ T5854] Bluetooth: hci4: failed to register connection device [ 214.798637][ T5841] Bluetooth: hci2: command 0x2016 tx timeout [ 214.899449][ T993] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 215.088650][ T993] usb 1-1: Using ep0 maxpacket: 8 [ 215.104895][ T993] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 215.118208][ T8156] 9p: Could not find request transport: fd0x0000000000000005 [ 215.130241][ T993] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 215.150117][ T993] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 215.172307][ T993] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 215.201354][ T993] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 215.230323][ T5852] udevd[5852]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 215.245944][ T993] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 215.490824][ T993] usb 1-1: GET_CAPABILITIES returned 0 [ 215.496428][ T993] usbtmc 1-1:16.0: can't read capabilities [ 215.529393][ T10] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 215.690068][ T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 215.694553][ T47] usb 1-1: USB disconnect, device number 20 [ 215.701256][ T10] usb 2-1: config 0 has no interfaces? [ 216.255495][ T10] usb 2-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69 [ 216.266446][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 216.274663][ T10] usb 2-1: Product: syz [ 216.278876][ T10] usb 2-1: Manufacturer: syz [ 216.283485][ T10] usb 2-1: SerialNumber: syz [ 216.292820][ T10] usb 2-1: config 0 descriptor?? [ 216.895526][ T5838] Bluetooth: hci4: command 0x0405 tx timeout [ 217.401360][ T8191] fuse: Bad value for 'fd' [ 218.013823][ T8194] 9p: Could not find request transport: fd0xffffffffffffffff [ 218.345355][ T10] usb 2-1: USB disconnect, device number 19 [ 218.449097][ T5895] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 218.613260][ T8221] fuse: Invalid rootmode [ 218.618738][ T5895] usb 4-1: Using ep0 maxpacket: 8 [ 218.630143][ T5895] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 218.654751][ T5895] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 218.681774][ T5895] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 218.710288][ T5895] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 218.737088][ T5895] usb 4-1: Product: syz [ 218.742105][ T5895] usb 4-1: Manufacturer: syz [ 218.758436][ T5895] usb 4-1: SerialNumber: syz [ 218.781123][ T5895] usb 4-1: config 0 descriptor?? [ 218.860308][ T8229] 9p: Bad value for 'wfdno' [ 218.998625][ T5838] Bluetooth: hci4: command 0x0405 tx timeout [ 219.598976][ T5895] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 219.780403][ T5895] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 219.795976][ T5895] usb 2-1: config 0 has no interfaces? [ 219.818400][ T5895] usb 2-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69 [ 219.829083][ T5895] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 219.837612][ T5895] usb 2-1: Product: syz [ 219.842093][ T5895] usb 2-1: Manufacturer: syz [ 219.846712][ T5895] usb 2-1: SerialNumber: syz [ 219.856077][ T5895] usb 2-1: config 0 descriptor?? [ 219.896817][ T8258] 9p: Bad value for 'wfdno' [ 220.667866][ T8272] fuse: Invalid rootmode [ 221.231388][ T5879] usb 4-1: USB disconnect, device number 24 [ 221.323030][ T8294] 9pnet_fd: Insufficient options for proto=fd [ 221.411890][ T8298] fuse: Bad value for 'fd' [ 221.491916][ T8302] netlink: 'syz.3.810': attribute type 29 has an invalid length. [ 221.504161][ T8302] netlink: 8 bytes leftover after parsing attributes in process `syz.3.810'. [ 221.514551][ T8302] bond0: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 221.880008][ T8319] 9p: Bad value for 'wfdno' [ 222.158925][ T5879] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 222.451455][ T5894] usb 2-1: USB disconnect, device number 20 [ 222.483801][ T8322] netlink: 20 bytes leftover after parsing attributes in process `syz.2.819'. [ 222.528558][ T5879] usb 1-1: Using ep0 maxpacket: 8 [ 222.544383][ T5879] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 222.551933][ T8326] fuse: Invalid rootmode [ 222.574166][ T5879] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 222.591096][ T8328] fuse: Bad value for 'fd' [ 222.602303][ T5879] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 222.625165][ T5879] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 222.675095][ T5879] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 222.705644][ T5879] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 222.751588][ T8334] netlink: 'syz.1.824': attribute type 29 has an invalid length. [ 222.765630][ T8334] netlink: 8 bytes leftover after parsing attributes in process `syz.1.824'. [ 222.775570][ T8334] bond0: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 222.935248][ T5879] usb 1-1: GET_CAPABILITIES returned 0 [ 222.946021][ T5879] usbtmc 1-1:16.0: can't read capabilities [ 223.140633][ T5879] usb 1-1: USB disconnect, device number 21 [ 223.282785][ T8359] bond1: entered promiscuous mode [ 223.293702][ T8359] netlink: 20 bytes leftover after parsing attributes in process `syz.2.835'. [ 223.774701][ T8372] netlink: 'syz.2.840': attribute type 29 has an invalid length. [ 223.783227][ T8372] netlink: 8 bytes leftover after parsing attributes in process `syz.2.840'. [ 223.804160][ T8372] bond0: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 223.934050][ T8378] netlink: 84 bytes leftover after parsing attributes in process `syz.2.842'. [ 225.334102][ T8399] netlink: 28 bytes leftover after parsing attributes in process `syz.1.850'. [ 225.372908][ T8399] netlink: 28 bytes leftover after parsing attributes in process `syz.1.850'. [ 225.463825][ T8406] netlink: 'syz.3.853': attribute type 29 has an invalid length. [ 225.475628][ T8406] netlink: 8 bytes leftover after parsing attributes in process `syz.3.853'. [ 225.486827][ T8406] bond0: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 225.850594][ T10] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 226.008603][ T10] usb 2-1: Using ep0 maxpacket: 8 [ 226.015426][ T10] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 226.028685][ T5894] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 226.384979][ T5894] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 226.477607][ T10] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 226.487734][ T10] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 226.489919][ T5894] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 226.498006][ T10] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 226.507830][ T5894] usb 4-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.00 [ 226.527916][ T10] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 226.554028][ T5894] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 226.562433][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 226.594117][ T5894] usb 4-1: config 0 descriptor?? [ 226.603130][ T8437] netlink: 'syz.0.867': attribute type 29 has an invalid length. [ 226.611146][ T8437] netlink: 8 bytes leftover after parsing attributes in process `syz.0.867'. [ 226.629609][ T8437] bond0: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 226.785041][ T10] usb 2-1: usb_control_msg returned -71 [ 226.798449][ T10] usbtmc 2-1:16.0: can't read capabilities [ 226.858303][ T10] usb 2-1: USB disconnect, device number 21 [ 227.025277][ T5894] holtek_kbd 0003:04D9:A055.0002: unknown main item tag 0x0 [ 227.034046][ T5894] holtek_kbd 0003:04D9:A055.0002: unknown main item tag 0x0 [ 227.041545][ T5894] holtek_kbd 0003:04D9:A055.0002: unknown main item tag 0x0 [ 227.050622][ T5894] holtek_kbd 0003:04D9:A055.0002: unknown main item tag 0x0 [ 227.057969][ T5894] holtek_kbd 0003:04D9:A055.0002: unknown main item tag 0x0 [ 227.065664][ T5894] holtek_kbd 0003:04D9:A055.0002: unknown main item tag 0x0 [ 227.073191][ T5894] holtek_kbd 0003:04D9:A055.0002: unknown main item tag 0x0 [ 227.084112][ T5894] holtek_kbd 0003:04D9:A055.0002: hidraw0: USB HID v10.00 Device [HID 04d9:a055] on usb-dummy_hcd.3-1/input0 [ 227.178862][ T5995] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 227.241954][ T10] usb 4-1: USB disconnect, device number 25 [ 227.338780][ T5995] usb 1-1: Using ep0 maxpacket: 8 [ 227.351154][ T5995] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 227.369591][ T5995] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 227.379089][ T5995] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 227.388035][ T5995] usb 1-1: Product: syz [ 227.397142][ T5995] usb 1-1: Manufacturer: syz [ 227.401920][ T5995] usb 1-1: SerialNumber: syz [ 227.417265][ T5995] usb 1-1: config 0 descriptor?? [ 228.413109][ T8476] netlink: 'syz.2.881': attribute type 29 has an invalid length. [ 228.421081][ T8476] netlink: 8 bytes leftover after parsing attributes in process `syz.2.881'. [ 228.431025][ T8476] bond0: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 230.036713][ T993] usb 1-1: USB disconnect, device number 22 [ 233.693869][ T8562] 9p: Bad value for 'rfdno' [ 233.854096][ T8560] netlink: set zone limit has 4 unknown bytes [ 234.491340][ T5211] udevd[5211]: worker [5846] /devices/platform/dummy_hcd.4/usb5/5-1 is taking a long time [ 235.182093][ T5915] dvb-usb: did not find the firmware file 'dvb-usb-digivox-02.fw' (status -110). You can use /scripts/get_dvb_firmware to get the firmware [ 235.277979][ T5915] usb 5-1: USB disconnect, device number 11 [ 235.358954][ T10] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 235.531203][ T10] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 235.547054][ T10] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 235.571350][ T8601] netlink: 'syz.2.923': attribute type 10 has an invalid length. [ 235.597136][ T10] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 235.637473][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 235.682547][ T10] usb 1-1: SerialNumber: syz [ 235.874052][ T8601] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 236.453187][ T10] usb 1-1: 0:2 : does not exist [ 236.472661][ T10] usb 1-1: usbmixer: too many channels (61) in unit 5 [ 237.146553][ T10] usb 1-1: USB disconnect, device number 23 [ 237.283874][ T5846] udevd[5846]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 239.007097][ T8653] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 239.464171][ T8665] netlink: 'syz.3.945': attribute type 29 has an invalid length. [ 239.487775][ T8665] netlink: 8 bytes leftover after parsing attributes in process `syz.3.945'. [ 239.500895][ T8665] bond0: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 240.489898][ T8680] ceph: No source [ 240.624670][ T8682] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 241.085552][ T5838] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 241.095305][ T5838] CPU: 1 UID: 0 PID: 5838 Comm: kworker/u9:2 Not tainted syzkaller #0 PREEMPT(full) [ 241.095328][ T5838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 241.095339][ T5838] Workqueue: hci1 hci_rx_work [ 241.095376][ T5838] Call Trace: [ 241.095385][ T5838] [ 241.095394][ T5838] dump_stack_lvl+0xe8/0x150 [ 241.095423][ T5838] sysfs_create_dir_ns+0x271/0x2a0 [ 241.095448][ T5838] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 241.095471][ T5838] ? do_raw_spin_unlock+0xf5/0x210 [ 241.095497][ T5838] kobject_add_internal+0x62b/0xd00 [ 241.095526][ T5838] kobject_add+0x163/0x240 [ 241.095552][ T5838] ? __pfx_kobject_add+0x10/0x10 [ 241.095575][ T5838] ? _raw_spin_unlock+0x28/0x50 [ 241.095596][ T5838] ? get_device_parent+0x366/0x3a0 [ 241.095621][ T5838] device_add+0x408/0xb70 [ 241.095647][ T5838] hci_conn_add_sysfs+0xd5/0x210 [ 241.095669][ T5838] le_conn_complete_evt+0xf1d/0x1430 [ 241.095702][ T5838] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 241.095722][ T5838] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 241.095746][ T5838] ? __pfx___mutex_lock+0x10/0x10 [ 241.095766][ T5838] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 241.095785][ T5838] ? skb_pull_data+0xfb/0x200 [ 241.095813][ T5838] hci_le_conn_complete_evt+0x187/0x470 [ 241.095843][ T5838] hci_event_packet+0x7af/0x12c0 [ 241.095869][ T5838] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 241.095890][ T5838] ? __pfx_hci_event_packet+0x10/0x10 [ 241.095914][ T5838] ? kcov_remote_start+0x49a/0x7a0 [ 241.095936][ T5838] ? hci_send_to_monitor+0xe2/0x590 [ 241.095962][ T5838] hci_rx_work+0x3ee/0x1040 [ 241.095992][ T5838] ? process_one_work+0x8bb/0x1780 [ 241.096014][ T5838] process_one_work+0x9ab/0x1780 [ 241.096057][ T5838] ? __pfx_process_one_work+0x10/0x10 [ 241.096078][ T5838] ? do_raw_spin_lock+0x12b/0x2f0 [ 241.096113][ T5838] worker_thread+0xba8/0x11e0 [ 241.096154][ T5838] kthread+0x388/0x470 [ 241.096174][ T5838] ? __pfx_worker_thread+0x10/0x10 [ 241.096189][ T5838] ? __pfx_kthread+0x10/0x10 [ 241.096209][ T5838] ret_from_fork+0x51e/0xb90 [ 241.096243][ T5838] ? __pfx_ret_from_fork+0x10/0x10 [ 241.096265][ T5838] ? __switch_to+0xc7d/0x1450 [ 241.096290][ T5838] ? __pfx_kthread+0x10/0x10 [ 241.096311][ T5838] ret_from_fork_asm+0x1a/0x30 [ 241.096345][ T5838] [ 241.096376][ T5838] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 241.358170][ T5838] Bluetooth: hci1: failed to register connection device [ 241.552507][ T8699] netlink: 20 bytes leftover after parsing attributes in process `syz.1.955'. [ 242.381058][ T5846] udevd[5846]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 242.482940][ T5838] Bluetooth: hci1: unexpected event for opcode 0x2024 [ 243.586064][ T8732] netlink: 8 bytes leftover after parsing attributes in process `syz.3.967'. [ 244.659260][ T55] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 244.860981][ T55] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 244.885877][ T55] usb 4-1: config 0 has no interfaces? [ 244.900902][ T55] usb 4-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69 [ 245.078136][ T55] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 245.285028][ T55] usb 4-1: Product: syz [ 245.307785][ T55] usb 4-1: Manufacturer: syz [ 245.320147][ T55] usb 4-1: SerialNumber: syz [ 245.341207][ T55] usb 4-1: config 0 descriptor?? [ 245.549528][ T5841] Bluetooth: hci1: command 0x2016 tx timeout [ 245.713024][ T5915] usb 4-1: USB disconnect, device number 26 [ 245.855444][ T8789] netlink: 64 bytes leftover after parsing attributes in process `syz.2.992'. [ 245.908222][ T8791] netlink: 'syz.1.991': attribute type 29 has an invalid length. [ 245.935820][ T8791] netlink: 8 bytes leftover after parsing attributes in process `syz.1.991'. [ 245.967558][ T8791] bond0: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 246.076556][ T8799] team_slave_0: entered promiscuous mode [ 246.083545][ T8799] team_slave_1: entered promiscuous mode [ 246.116967][ T8799] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 246.705093][ T8819] fuse: Unknown parameter 'user_i00000000000000000000' [ 246.725465][ T8821] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1005'. [ 247.134365][ T8833] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1007'. [ 247.678898][ T5915] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 247.851616][ T5915] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 247.878396][ T5915] usb 1-1: config 0 has no interfaces? [ 247.895901][ T5915] usb 1-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69 [ 247.920464][ T5915] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 247.941863][ T5915] usb 1-1: Product: syz [ 247.952087][ T5915] usb 1-1: Manufacturer: syz [ 247.960158][ T5915] usb 1-1: SerialNumber: syz [ 247.973296][ T5915] usb 1-1: config 0 descriptor?? [ 248.733423][ T5995] usb 1-1: USB disconnect, device number 24 [ 249.833758][ T8887] netlink: 272 bytes leftover after parsing attributes in process `syz.2.1031'. [ 252.636679][ T8924] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1044'. [ 252.646684][ T8924] bond0: Unable to set peer notification delay as MII monitoring is disabled [ 253.500750][ T5841] Bluetooth: hci4: unknown advertising packet type: 0x75 [ 253.500960][ T5841] Bluetooth: hci4: Malformed LE Event: 0x02 [ 255.527008][ T8971] fuse: Bad value for 'fd' [ 255.634779][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.643054][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.766687][ T8997] netlink: 'syz.3.1070': attribute type 29 has an invalid length. [ 256.775548][ T8997] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1070'. [ 256.784997][ T8997] bond0: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 257.182291][ T29] kauditd_printk_skb: 505 callbacks suppressed [ 257.182309][ T29] audit: type=1326 audit(1773892115.570:2670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9013 comm="syz.3.1078" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f052859c799 code=0x7ffc0000 [ 257.213815][ T29] audit: type=1326 audit(1773892115.570:2671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9013 comm="syz.3.1078" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f052859c799 code=0x7ffc0000 [ 257.248983][ T29] audit: type=1326 audit(1773892115.580:2672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9013 comm="syz.3.1078" exe="/root/syz-executor" sig=0 arch=c000003e syscall=270 compat=0 ip=0x7f052859c799 code=0x7ffc0000 [ 257.594095][ T5838] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 257.603837][ T5838] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 257.615240][ T5838] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 257.626029][ T5838] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 257.634607][ T5838] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 257.725775][ T5838] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201' [ 257.735438][ T5895] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 257.743135][ T5838] CPU: 1 UID: 0 PID: 5838 Comm: kworker/u9:2 Not tainted syzkaller #0 PREEMPT(full) [ 257.743159][ T5838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 257.743170][ T5838] Workqueue: hci4 hci_rx_work [ 257.743195][ T5838] Call Trace: [ 257.743201][ T5838] [ 257.743209][ T5838] dump_stack_lvl+0xe8/0x150 [ 257.743237][ T5838] sysfs_create_dir_ns+0x271/0x2a0 [ 257.743263][ T5838] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 257.743288][ T5838] ? do_raw_spin_unlock+0xf5/0x210 [ 257.743314][ T5838] kobject_add_internal+0x62b/0xd00 [ 257.743344][ T5838] kobject_add+0x163/0x240 [ 257.743371][ T5838] ? __pfx_kobject_add+0x10/0x10 [ 257.743394][ T5838] ? _raw_spin_unlock+0x28/0x50 [ 257.743415][ T5838] ? get_device_parent+0x366/0x3a0 [ 257.743441][ T5838] device_add+0x408/0xb70 [ 257.743467][ T5838] hci_conn_add_sysfs+0xd5/0x210 [ 257.743498][ T5838] le_conn_complete_evt+0xf1d/0x1430 [ 257.743531][ T5838] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 257.743553][ T5838] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 257.743576][ T5838] ? __pfx___mutex_lock+0x10/0x10 [ 257.743597][ T5838] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 257.743614][ T5838] ? skb_pull_data+0xfb/0x200 [ 257.743639][ T5838] hci_le_conn_complete_evt+0x187/0x470 [ 257.743668][ T5838] hci_event_packet+0x7af/0x12c0 [ 257.743693][ T5838] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 257.743715][ T5838] ? __pfx_hci_event_packet+0x10/0x10 [ 257.743740][ T5838] ? kcov_remote_start+0x49a/0x7a0 [ 257.743762][ T5838] ? hci_send_to_monitor+0xe2/0x590 [ 257.743788][ T5838] hci_rx_work+0x3ee/0x1040 [ 257.743815][ T5838] ? process_one_work+0x8bb/0x1780 [ 257.743836][ T5838] process_one_work+0x9ab/0x1780 [ 257.743877][ T5838] ? __pfx_process_one_work+0x10/0x10 [ 257.743898][ T5838] ? do_raw_spin_lock+0x12b/0x2f0 [ 257.743934][ T5838] worker_thread+0xba8/0x11e0 [ 257.743976][ T5838] kthread+0x388/0x470 [ 257.743996][ T5838] ? __pfx_worker_thread+0x10/0x10 [ 257.744011][ T5838] ? __pfx_kthread+0x10/0x10 [ 257.744032][ T5838] ret_from_fork+0x51e/0xb90 [ 257.744059][ T5838] ? __pfx_ret_from_fork+0x10/0x10 [ 257.744080][ T5838] ? __switch_to+0xc7d/0x1450 [ 257.744104][ T5838] ? __pfx_kthread+0x10/0x10 [ 257.744124][ T5838] ret_from_fork_asm+0x1a/0x30 [ 257.744157][ T5838] [ 257.744183][ T5838] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 257.981587][ T5838] Bluetooth: hci4: failed to register connection device [ 258.013568][ T9044] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1090'. [ 258.151192][ T5895] usb 1-1: Using ep0 maxpacket: 8 [ 258.171540][ T5895] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 258.203273][ T5895] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 258.246020][ T5895] usb 1-1: Product: syz [ 258.266575][ T5895] usb 1-1: Manufacturer: syz [ 258.298081][ T5895] usb 1-1: SerialNumber: syz [ 258.352630][ T5895] usb 1-1: config 0 descriptor?? [ 258.452868][ T9036] chnl_net:caif_netlink_parms(): no params data found [ 258.537003][ T5846] udevd[5846]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 258.594724][ T5846] udevd[5846]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 258.599135][ T5895] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 258.737351][ T9036] bridge0: port 1(bridge_slave_0) entered blocking state [ 258.745034][ T9036] bridge0: port 1(bridge_slave_0) entered disabled state [ 258.752866][ T9036] bridge_slave_0: entered allmulticast mode [ 258.761432][ T9036] bridge_slave_0: entered promiscuous mode [ 258.771054][ T9036] bridge0: port 2(bridge_slave_1) entered blocking state [ 258.780588][ T9036] bridge0: port 2(bridge_slave_1) entered disabled state [ 258.789164][ T9036] bridge_slave_1: entered allmulticast mode [ 258.801041][ T9036] bridge_slave_1: entered promiscuous mode [ 258.802801][ T5895] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 258.848645][ T55] usb 2-1: new full-speed USB device number 22 using dummy_hcd [ 258.891693][ T9036] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 258.910909][ T9036] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 258.954437][ T9036] team0: Port device team_slave_0 added [ 258.965408][ T9036] team0: Port device team_slave_1 added [ 259.002250][ T9036] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 259.010040][ T9036] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 259.044999][ T9036] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 259.049531][ T55] usb 2-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 259.064998][ T55] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 259.068211][ T9036] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 259.080862][ T9036] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 259.112195][ T55] usb 2-1: Product: syz [ 259.112745][ T9036] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 259.128424][ T55] usb 2-1: Manufacturer: syz [ 259.134270][ T55] usb 2-1: SerialNumber: syz [ 259.151321][ T55] usb 2-1: config 0 descriptor?? [ 259.163693][ T55] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 259.207384][ T9036] hsr_slave_0: entered promiscuous mode [ 259.214998][ T9036] hsr_slave_1: entered promiscuous mode [ 259.222752][ T9036] debugfs: 'hsr0' already exists in 'hsr' [ 259.230899][ T9036] Cannot create hsr debugfs directory [ 259.523010][ T9036] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 259.535289][ T9036] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 259.547318][ T9036] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 259.560152][ T9036] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 259.668905][ T9036] 8021q: adding VLAN 0 to HW filter on device bond0 [ 259.709082][ T5838] Bluetooth: hci5: command tx timeout [ 259.726035][ T9036] 8021q: adding VLAN 0 to HW filter on device team0 [ 259.745784][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 259.752998][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 259.771401][ T55] gspca_stk1135: reg_w 0x3 err -71 [ 259.784220][ T55] gspca_stk1135: serial bus timeout: status=0x00 [ 259.796719][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 259.803955][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 259.815470][ T55] gspca_stk1135: Sensor write failed [ 259.825670][ T55] gspca_stk1135: serial bus timeout: status=0x00 [ 259.832475][ T55] gspca_stk1135: Sensor write failed [ 259.837904][ T55] gspca_stk1135: serial bus timeout: status=0x00 [ 259.853231][ T55] gspca_stk1135: Sensor read failed [ 259.864499][ T55] gspca_stk1135: serial bus timeout: status=0x00 [ 259.871944][ T55] gspca_stk1135: Sensor read failed [ 259.889552][ T55] gspca_stk1135: Detected sensor type unknown (0x0) [ 259.899523][ T55] gspca_stk1135: serial bus timeout: status=0x00 [ 259.911741][ T55] gspca_stk1135: Sensor read failed [ 259.924411][ T55] gspca_stk1135: serial bus timeout: status=0x00 [ 259.937653][ T55] gspca_stk1135: Sensor read failed [ 259.951823][ T55] gspca_stk1135: serial bus timeout: status=0x00 [ 259.965758][ T55] gspca_stk1135: Sensor write failed [ 259.980185][ T55] gspca_stk1135: serial bus timeout: status=0x00 [ 259.990915][ T55] gspca_stk1135: Sensor write failed [ 259.996996][ T55] stk1135 2-1:0.0: probe with driver stk1135 failed with error -71 [ 260.015134][ T55] usb 2-1: USB disconnect, device number 22 [ 260.028533][ T5838] Bluetooth: hci4: command 0x0405 tx timeout [ 260.753908][ T10] usb 1-1: USB disconnect, device number 25 [ 261.000833][ T9036] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 261.917681][ T5841] Bluetooth: hci5: command tx timeout [ 262.081230][ T5841] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 262.091292][ T5841] CPU: 0 UID: 0 PID: 5841 Comm: kworker/u9:3 Not tainted syzkaller #0 PREEMPT(full) [ 262.091315][ T5841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 262.091326][ T5841] Workqueue: hci1 hci_rx_work [ 262.091350][ T5841] Call Trace: [ 262.091357][ T5841] [ 262.091365][ T5841] dump_stack_lvl+0xe8/0x150 [ 262.091390][ T5841] sysfs_create_dir_ns+0x271/0x2a0 [ 262.091415][ T5841] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 262.091435][ T5841] ? do_raw_spin_unlock+0xf5/0x210 [ 262.091461][ T5841] kobject_add_internal+0x62b/0xd00 [ 262.091492][ T5841] kobject_add+0x163/0x240 [ 262.091519][ T5841] ? __pfx_kobject_add+0x10/0x10 [ 262.091541][ T5841] ? _raw_spin_unlock+0x28/0x50 [ 262.091561][ T5841] ? get_device_parent+0x366/0x3a0 [ 262.091587][ T5841] device_add+0x408/0xb70 [ 262.091612][ T5841] hci_conn_add_sysfs+0xd5/0x210 [ 262.091644][ T5841] le_conn_complete_evt+0xf1d/0x1430 [ 262.091678][ T5841] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 262.091699][ T5841] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 262.091721][ T5841] ? __pfx___mutex_lock+0x10/0x10 [ 262.091741][ T5841] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 262.091760][ T5841] ? skb_pull_data+0xfb/0x200 [ 262.091788][ T5841] hci_le_conn_complete_evt+0x187/0x470 [ 262.091817][ T5841] hci_event_packet+0x7af/0x12c0 [ 262.091840][ T5841] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 262.091860][ T5841] ? __pfx_hci_event_packet+0x10/0x10 [ 262.091883][ T5841] ? kcov_remote_start+0x49a/0x7a0 [ 262.091903][ T5841] ? hci_send_to_monitor+0xe2/0x590 [ 262.091927][ T5841] hci_rx_work+0x3ee/0x1040 [ 262.091956][ T5841] ? process_one_work+0x8bb/0x1780 [ 262.091974][ T5841] process_one_work+0x9ab/0x1780 [ 262.091999][ T5841] ? __pfx_process_one_work+0x10/0x10 [ 262.092011][ T5841] ? do_raw_spin_lock+0x12b/0x2f0 [ 262.092032][ T5841] worker_thread+0xba8/0x11e0 [ 262.092055][ T5841] kthread+0x388/0x470 [ 262.092067][ T5841] ? __pfx_worker_thread+0x10/0x10 [ 262.092074][ T5841] ? __pfx_kthread+0x10/0x10 [ 262.092086][ T5841] ret_from_fork+0x51e/0xb90 [ 262.092101][ T5841] ? __pfx_ret_from_fork+0x10/0x10 [ 262.092113][ T5841] ? __switch_to+0xc7d/0x1450 [ 262.092130][ T5841] ? __pfx_kthread+0x10/0x10 [ 262.092141][ T5841] ret_from_fork_asm+0x1a/0x30 [ 262.092169][ T5841] [ 262.092202][ T5841] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 262.118581][ T5838] Bluetooth: hci4: command 0x0405 tx timeout [ 262.120052][ T5841] Bluetooth: hci1: failed to register connection device [ 262.524125][ T9117] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1107'. [ 263.724600][ T9036] veth0_vlan: entered promiscuous mode [ 263.749688][ T9036] veth1_vlan: entered promiscuous mode [ 263.827300][ T9036] veth0_macvtap: entered promiscuous mode [ 263.896328][ T9036] veth1_macvtap: entered promiscuous mode [ 263.948675][ T51] Bluetooth: hci5: command tx timeout [ 264.091187][ T9036] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 264.147319][ T9154] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1117'. [ 264.190729][ T9036] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 264.201278][ T5846] udevd[5846]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 264.230571][ T9154] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1117'. [ 264.276285][ T9154] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1117'. [ 264.337640][ T13] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 264.354585][ T5838] Bluetooth: hci1: command 0x2016 tx timeout [ 264.379270][ T9135] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 264.399935][ T9135] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 264.421242][ T9135] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 264.887146][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 264.928687][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 265.092024][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 265.115953][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 265.288632][ T47] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 265.526048][ T47] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 265.566882][ T47] usb 4-1: config 0 has no interfaces? [ 265.599881][ T47] usb 4-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69 [ 265.616629][ T47] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 265.642774][ T47] usb 4-1: Product: syz [ 265.650051][ T47] usb 4-1: Manufacturer: syz [ 265.661560][ T47] usb 4-1: SerialNumber: syz [ 265.683504][ T47] usb 4-1: config 0 descriptor?? [ 266.239652][ T5838] Bluetooth: hci5: command tx timeout [ 266.428947][ T5838] Bluetooth: hci1: command 0x2016 tx timeout [ 267.858583][ T47] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 268.020404][ T9] usb 4-1: USB disconnect, device number 27 [ 268.031632][ T47] usb 6-1: Using ep0 maxpacket: 8 [ 268.062117][ T47] usb 6-1: config index 0 descriptor too short (expected 30, got 18) [ 268.090967][ T47] usb 6-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 268.111425][ T47] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 268.301855][ T47] usb 6-1: Product: syz [ 268.321834][ T47] usb 6-1: Manufacturer: syz [ 268.746885][ T47] usb 6-1: SerialNumber: syz [ 268.912591][ T47] usb 6-1: config 0 descriptor?? [ 269.119034][ T47] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 269.141941][ T47] usb 6-1: setting power ON [ 269.152577][ T47] dvb-usb: bulk message failed: -22 (2/0) [ 269.169023][ T47] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 269.322846][ T9230] dvb-usb: bulk message failed: -22 (3/0) [ 269.327005][ T47] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 269.353595][ T47] usb 6-1: media controller created [ 269.363262][ T9230] cxusb: i2c wr: len=80 is too big! [ 269.363262][ T9230] [ 269.375783][ T47] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 269.531354][ T47] usb 6-1: selecting invalid altsetting 6 [ 269.538760][ T47] usb 6-1: digital interface selection failed (-22) [ 269.547925][ T47] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 269.560169][ T47] usb 6-1: setting power OFF [ 269.565896][ T47] dvb-usb: bulk message failed: -22 (2/0) [ 269.572880][ T47] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 269.582491][ T47] (NULL device *): no alternate interface [ 270.135905][ T47] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 270.159347][ T47] usb 6-1: USB disconnect, device number 2 [ 272.608654][ T5895] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 272.801025][ T5895] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 272.851793][ T5895] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 272.927404][ T5895] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 272.998771][ T5895] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 273.045200][ T5895] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 273.174133][ T5895] usb 1-1: config 0 descriptor?? [ 273.973990][ T5895] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 273.998108][ T5895] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 274.012063][ T5895] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 274.024555][ T5895] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 274.050160][ T5895] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 274.067193][ T5895] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 274.111501][ T5895] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 274.223859][ T5895] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 274.250103][ T5895] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 274.271341][ T5895] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 274.333048][ T9310] ======================================================= [ 274.333048][ T9310] WARNING: The mand mount option has been deprecated and [ 274.333048][ T9310] and is ignored by this kernel. Remove the mand [ 274.333048][ T9310] option from the mount to silence this warning. [ 274.333048][ T9310] ======================================================= [ 274.403804][ T5895] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 274.463180][ T9310] overlayfs: failed to resolve './bus': -2 [ 274.474378][ T5895] usb 1-1: USB disconnect, device number 26 [ 274.504936][ T9314] fuse: Unknown parameter '0x0000000000000004' [ 274.607658][ T9311] fido_id[9311]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 274.740156][ T5894] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 274.919001][ T5894] usb 6-1: Using ep0 maxpacket: 8 [ 274.934091][ T5894] usb 6-1: config 6 has an invalid interface number: 2 but max is 0 [ 274.964177][ T5894] usb 6-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config [ 274.999216][ T5894] usb 6-1: config 6 has no interface number 0 [ 275.020591][ T5894] usb 6-1: config 6 interface 2 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 275.042818][ T5894] usb 6-1: config 6 interface 2 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 275.075303][ T5894] usb 6-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91 [ 275.097900][ T5894] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 275.117410][ T5894] usb 6-1: Product: syz [ 275.130614][ T5894] usb 6-1: Manufacturer: syz [ 275.156176][ T5894] usb 6-1: SerialNumber: syz [ 275.180728][ T5894] hso 6-1:6.2: Failed to find INT IN ep [ 275.428224][ T5894] usb 6-1: USB disconnect, device number 3 [ 275.447670][ T12] tipc: Subscription rejected, illegal request [ 275.573134][ T9330] Bluetooth: MGMT ver 1.23 [ 275.691400][ T9332] virt_wifi0 speed is unknown, defaulting to 1000 [ 275.719216][ T9332] virt_wifi0 speed is unknown, defaulting to 1000 [ 275.793608][ T9332] virt_wifi0 speed is unknown, defaulting to 1000 [ 275.832037][ T9332] smbdirect: ib_dev[syz1]: added: RNIC max_fast_reg_page_list_len=256 device_cap_flags=0x200000 kernel_cap_flags=0x10 page_size_cap=0x1000 [ 275.868082][ T9332] smbdirect: ib_dev[syz1]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=1 max_cqe=3276800 max_qp_wr=32768 max_send_sge=6 max_recv_sge=6 [ 275.899889][ T9332] smbdirect: ib_dev[syz1]PORT[1]: iwarp=1 ib=0 roce=0 v1=0 v2=0 core_cap_flags=0x400008 [ 275.951562][ T9332] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 276.042128][ T9332] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 276.243368][ T9332] virt_wifi0 speed is unknown, defaulting to 1000 [ 276.272602][ T9332] virt_wifi0 speed is unknown, defaulting to 1000 [ 276.310313][ T9332] virt_wifi0 speed is unknown, defaulting to 1000 [ 276.335895][ T9332] virt_wifi0 speed is unknown, defaulting to 1000 [ 276.366883][ T9332] virt_wifi0 speed is unknown, defaulting to 1000 [ 276.384383][ T9332] virt_wifi0 speed is unknown, defaulting to 1000 [ 276.398263][ T9352] fuse: Unknown parameter '0x0000000000000004' [ 278.959840][ T5895] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 279.189315][ T5895] usb 6-1: Using ep0 maxpacket: 16 [ 279.235536][ T5895] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 279.334949][ T5895] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 279.357521][ T5895] usb 6-1: config 0 interface 0 has no altsetting 0 [ 279.375560][ T5895] usb 6-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00 [ 279.394460][ T5895] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 279.416730][ T5895] usb 6-1: config 0 descriptor?? [ 279.855178][ T5895] hid (null): nested delimiters [ 279.880807][ T5895] hid (null): nested delimiters [ 279.900220][ T5895] hid (null): nested delimiters [ 279.914372][ T5895] hid (null): report_id 24797 is invalid [ 279.937422][ T5895] hid (null): bogus close delimiter [ 280.000818][ T5895] hid_parser_main: 5 callbacks suppressed [ 280.000839][ T5895] cougar 0003:060B:500A.0004: unknown main item tag 0x0 [ 280.049030][ T5895] cougar 0003:060B:500A.0004: unknown main item tag 0x0 [ 280.064683][ T5895] cougar 0003:060B:500A.0004: unknown main item tag 0x0 [ 280.073936][ T5895] cougar 0003:060B:500A.0004: unknown main item tag 0x0 [ 280.081352][ T5895] cougar 0003:060B:500A.0004: unknown main item tag 0x0 [ 280.103221][ T5895] cougar 0003:060B:500A.0004: unknown main item tag 0x0 [ 280.118047][ T5895] cougar 0003:060B:500A.0004: unknown main item tag 0x0 [ 280.135641][ T5895] cougar 0003:060B:500A.0004: unknown main item tag 0x0 [ 280.157153][ T5895] cougar 0003:060B:500A.0004: unknown main item tag 0x0 [ 280.174662][ T5895] cougar 0003:060B:500A.0004: unknown main item tag 0x0 [ 280.197056][ T5895] cougar 0003:060B:500A.0004: nested delimiters [ 280.230690][ T5895] cougar 0003:060B:500A.0004: item 0 2 2 10 parsing failed [ 280.250742][ T5895] cougar 0003:060B:500A.0004: parse failed [ 280.274198][ T5895] cougar 0003:060B:500A.0004: probe with driver cougar failed with error -22 [ 280.324942][ T5895] usb 6-1: USB disconnect, device number 4 [ 281.084486][ T9454] mmap: syz.5.1205 (9454) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 281.378570][ T10] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 281.560704][ T10] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 281.572825][ T10] usb 1-1: config 0 has no interfaces? [ 281.582903][ T10] usb 1-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69 [ 281.593879][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 281.602967][ T10] usb 1-1: Product: syz [ 281.614656][ T10] usb 1-1: Manufacturer: syz [ 281.622930][ T10] usb 1-1: SerialNumber: syz [ 281.648125][ T10] usb 1-1: config 0 descriptor?? [ 283.568520][ T9488] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 283.579542][ T9488] block device autoloading is deprecated and will be removed. [ 284.073587][ T9497] 9p: Bad value for 'rfdno' [ 285.066738][ T10] usb 1-1: USB disconnect, device number 27 [ 285.894845][ T9531] 9p: Bad value for 'rfdno' [ 286.748864][ T9] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 286.957954][ T9] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 286.975930][ T9] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 287.012615][ T9] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 287.029396][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 287.045099][ T9] usb 2-1: SerialNumber: syz [ 287.296740][ T9] usb 2-1: 0:2 : does not exist [ 287.485475][ T9] usb 2-1: USB disconnect, device number 23 [ 287.593705][ T5846] udevd[5846]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 287.977463][ T5838] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 287.991258][ T5838] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 288.002998][ T5838] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 288.014281][ T5838] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 288.032909][ T5838] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 288.347957][ T9569] virt_wifi0 speed is unknown, defaulting to 1000 [ 289.756246][ T9569] chnl_net:caif_netlink_parms(): no params data found [ 289.775372][ T9603] netlink: 'syz.2.1260': attribute type 2 has an invalid length. [ 289.784433][ T9603] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1260'. [ 290.109769][ T5838] Bluetooth: hci6: command tx timeout [ 290.151217][ T9569] bridge0: port 1(bridge_slave_0) entered blocking state [ 290.158787][ T9569] bridge0: port 1(bridge_slave_0) entered disabled state [ 290.166142][ T9569] bridge_slave_0: entered allmulticast mode [ 290.175268][ T9569] bridge_slave_0: entered promiscuous mode [ 290.245701][ T9569] bridge0: port 2(bridge_slave_1) entered blocking state [ 290.276334][ T9569] bridge0: port 2(bridge_slave_1) entered disabled state [ 290.414430][ T9569] bridge_slave_1: entered allmulticast mode [ 290.931475][ T9569] bridge_slave_1: entered promiscuous mode [ 291.212395][ T9569] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 291.226159][ T9569] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 291.456600][ T9569] team0: Port device team_slave_0 added [ 291.489647][ T9569] team0: Port device team_slave_1 added [ 291.633480][ T9569] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 291.642347][ T9569] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 291.704274][ T9569] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 291.731503][ T9652] netlink: 84 bytes leftover after parsing attributes in process `syz.0.1277'. [ 291.736928][ T9569] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 291.764912][ T9569] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 291.829495][ T9569] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 292.188511][ T5838] Bluetooth: hci6: command tx timeout [ 292.950538][ T9569] hsr_slave_0: entered promiscuous mode [ 293.005280][ T9569] hsr_slave_1: entered promiscuous mode [ 293.085123][ T9569] debugfs: 'hsr0' already exists in 'hsr' [ 293.126782][ T9569] Cannot create hsr debugfs directory [ 294.047640][ T35] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 294.348648][ T5838] Bluetooth: hci6: command tx timeout [ 294.744029][ T35] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 295.787963][ T35] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 296.083920][ T35] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 296.429032][ T5838] Bluetooth: hci6: command tx timeout [ 297.381279][ T9569] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 297.482656][ T9779] capability: warning: `syz.2.1314' uses deprecated v2 capabilities in a way that may be insecure [ 297.554418][ T9783] overlayfs: failed to resolve './file1': -2 [ 297.630904][ T9569] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 297.703309][ T9569] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 297.834919][ T9569] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 298.794214][ T35] bridge_slave_0: left allmulticast mode [ 298.812331][ T35] bridge_slave_0: left promiscuous mode [ 298.841440][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 298.881849][ T10] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 299.062927][ T10] usb 2-1: config 1 has an invalid interface number: 7 but max is 0 [ 299.074270][ T9819] NILFS (nullb0): couldn't find nilfs on the device [ 299.094687][ T10] usb 2-1: config 1 has no interface number 0 [ 299.107851][ T10] usb 2-1: config 1 interface 7 altsetting 0 bulk endpoint 0xB has invalid maxpacket 64 [ 299.129410][ T10] usb 2-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 299.161819][ T10] usb 2-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 299.186055][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 299.197236][ T10] usb 2-1: Product: syz [ 299.205390][ T10] usb 2-1: Manufacturer: syz [ 299.216149][ T10] usb 2-1: SerialNumber: syz [ 299.240819][ T9806] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 299.265114][ T10] usb 2-1: Error in usbnet_get_endpoints (-22) [ 299.492311][ T10] usb 2-1: USB disconnect, device number 24 [ 299.539345][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 299.555615][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 300.058085][ T35] bond0 (unregistering): (slave bridge_slave_1): Releasing backup interface [ 300.085548][ T35] bond0 (unregistering): Released all slaves [ 301.170313][ T9569] 8021q: adding VLAN 0 to HW filter on device bond0 [ 301.527207][ T9569] 8021q: adding VLAN 0 to HW filter on device team0 [ 301.604164][ T9198] bridge0: port 1(bridge_slave_0) entered blocking state [ 301.611526][ T9198] bridge0: port 1(bridge_slave_0) entered forwarding state [ 301.665654][ T5838] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 301.675868][ T5838] CPU: 1 UID: 0 PID: 5838 Comm: kworker/u9:2 Not tainted syzkaller #0 PREEMPT(full) [ 301.675890][ T5838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 301.675901][ T5838] Workqueue: hci2 hci_rx_work [ 301.675925][ T5838] Call Trace: [ 301.675932][ T5838] [ 301.675938][ T5838] dump_stack_lvl+0xe8/0x150 [ 301.675964][ T5838] sysfs_create_dir_ns+0x271/0x2a0 [ 301.675988][ T5838] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 301.676010][ T5838] ? do_raw_spin_unlock+0xf5/0x210 [ 301.676034][ T5838] kobject_add_internal+0x62b/0xd00 [ 301.676065][ T5838] kobject_add+0x163/0x240 [ 301.676091][ T5838] ? __pfx_kobject_add+0x10/0x10 [ 301.676111][ T5838] ? _raw_spin_unlock+0x28/0x50 [ 301.676131][ T5838] ? get_device_parent+0x366/0x3a0 [ 301.676155][ T5838] device_add+0x408/0xb70 [ 301.676179][ T5838] hci_conn_add_sysfs+0xd5/0x210 [ 301.676199][ T5838] le_conn_complete_evt+0xf1d/0x1430 [ 301.676229][ T5838] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 301.676247][ T5838] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 301.676267][ T5838] ? __pfx___mutex_lock+0x10/0x10 [ 301.676281][ T5838] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 301.676292][ T5838] ? skb_pull_data+0xfb/0x200 [ 301.676311][ T5838] hci_le_conn_complete_evt+0x187/0x470 [ 301.676328][ T5838] hci_event_packet+0x7af/0x12c0 [ 301.676342][ T5838] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 301.676355][ T5838] ? __pfx_hci_event_packet+0x10/0x10 [ 301.676368][ T5838] ? kcov_remote_start+0x49a/0x7a0 [ 301.676381][ T5838] ? hci_send_to_monitor+0xe2/0x590 [ 301.676396][ T5838] hci_rx_work+0x3ee/0x1040 [ 301.676412][ T5838] ? process_one_work+0x8bb/0x1780 [ 301.676425][ T5838] process_one_work+0x9ab/0x1780 [ 301.676449][ T5838] ? __pfx_process_one_work+0x10/0x10 [ 301.676460][ T5838] ? do_raw_spin_lock+0x12b/0x2f0 [ 301.676480][ T5838] worker_thread+0xba8/0x11e0 [ 301.676501][ T5838] kthread+0x388/0x470 [ 301.676513][ T5838] ? __pfx_worker_thread+0x10/0x10 [ 301.676520][ T5838] ? __pfx_kthread+0x10/0x10 [ 301.676532][ T5838] ret_from_fork+0x51e/0xb90 [ 301.676546][ T5838] ? __pfx_ret_from_fork+0x10/0x10 [ 301.676558][ T5838] ? __switch_to+0xc7d/0x1450 [ 301.676571][ T5838] ? __pfx_kthread+0x10/0x10 [ 301.676583][ T5838] ret_from_fork_asm+0x1a/0x30 [ 301.676600][ T5838] [ 301.676617][ T5838] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 301.921939][ T5838] Bluetooth: hci2: failed to register connection device [ 301.947431][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 301.954710][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 302.179305][ T9868] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1339'. [ 302.596683][ T35] hsr_slave_0: left promiscuous mode [ 302.634417][ T35] hsr_slave_1: left promiscuous mode [ 302.666232][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 302.714328][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 302.746347][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 302.773525][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 302.847361][ T35] veth1_macvtap: left promiscuous mode [ 302.875299][ T5846] udevd[5846]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 302.890969][ T35] veth0_macvtap: left promiscuous mode [ 302.901305][ T35] veth1_vlan: left promiscuous mode [ 302.916671][ T35] veth0_vlan: left promiscuous mode [ 302.993497][ T5895] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 303.339468][ T5895] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 303.351772][ T5895] usb 1-1: config 0 has no interfaces? [ 303.833733][ T5895] usb 1-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69 [ 303.854216][ T5895] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 303.870040][ T5895] usb 1-1: Product: syz [ 303.880592][ T5895] usb 1-1: Manufacturer: syz [ 303.890632][ T5895] usb 1-1: SerialNumber: syz [ 303.907178][ T5895] usb 1-1: config 0 descriptor?? [ 303.949312][ T5841] Bluetooth: hci2: command 0x2016 tx timeout [ 304.059067][ T35] team0 (unregistering): Port device team_slave_1 removed [ 304.173090][ T9898] overlayfs: missing 'lowerdir' [ 304.188762][ T35] team0 (unregistering): Port device team_slave_0 removed [ 304.283855][ T9900] fuse: fd is not a fuse device [ 305.310201][ T9923] netlink: 172 bytes leftover after parsing attributes in process `syz.5.1351'. [ 306.090596][ T5838] Bluetooth: hci2: command 0x2016 tx timeout [ 306.175117][ T5915] usb 1-1: USB disconnect, device number 28 [ 306.402153][ T9944] overlayfs: missing 'lowerdir' [ 306.496435][ T9569] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 307.193084][ T9569] veth0_vlan: entered promiscuous mode [ 307.261275][ T9569] veth1_vlan: entered promiscuous mode [ 308.391051][ T9569] veth0_macvtap: entered promiscuous mode [ 308.802788][ T9569] veth1_macvtap: entered promiscuous mode [ 309.248608][ T9569] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 309.373088][ T9998] netlink: 'syz.1.1368': attribute type 4 has an invalid length. [ 309.474861][ T9569] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 309.542644][ T9198] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 309.564395][ T9198] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 309.595998][ T9198] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 309.617684][ T9198] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 309.689740][T10005] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1369'. [ 309.910270][T10005] bond0: Unable to set peer notification delay as MII monitoring is disabled [ 310.034363][T10016] netlink: 'syz.1.1370': attribute type 1 has an invalid length. [ 310.651977][T10023] fuse: fd is not a fuse device [ 310.659833][ T1348] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 310.708571][ T1348] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 310.877484][ T9202] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 310.915340][ T9202] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 312.151880][T10069] fuse: fd is not a fuse device [ 316.077713][T10132] No control pipe specified [ 316.120830][T10132] overlayfs: missing 'lowerdir' [ 317.089320][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.121113][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.957159][T10178] fuse: fd is not a fuse device [ 318.817799][ T10] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 318.990591][ T10] usb 1-1: Using ep0 maxpacket: 16 [ 319.016326][ T10] usb 1-1: unable to get BOS descriptor or descriptor too short [ 319.058827][ T10] usb 1-1: config 4 has an invalid interface number: 43 but max is 0 [ 319.111011][ T10] usb 1-1: config 4 has no interface number 0 [ 319.142467][ T10] usb 1-1: config 4 interface 43 has no altsetting 0 [ 319.173432][ T10] usb 1-1: New USB device found, idVendor=04cb, idProduct=0113, bcdDevice=9c.3a [ 319.198478][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 319.235848][ T10] usb 1-1: Product: syz [ 319.255242][ T10] usb 1-1: Manufacturer: syz [ 319.280640][ T10] usb 1-1: SerialNumber: syz [ 319.343248][T10202] ALSA: mixer_oss: invalid OSS volume '' [ 319.372170][T10202] ALSA: mixer_oss: invalid OSS volume '@%F0o~%@9yI'S' [ 319.398083][T10202] ALSA: mixer_oss: invalid OSS volume ')' [ 319.419296][T10202] ALSA: mixer_oss: invalid OSS volume ']tԢT=J@|U' [ 319.448729][T10202] ALSA: mixer_oss: invalid OSS volume 'NXm<ݱk!+s(xo' [ 319.483694][T10202] ALSA: mixer_oss: invalid OSS volume ''դUmDՇt(5ӫ8P h' [ 319.537769][T10202] ALSA: mixer_oss: invalid OSS volume 'C-/:NjfK(ѻQIr"ЮL' [ 319.548923][ T10] gspca_main: finepix-2.14.0 probing 04cb:0113 [ 319.568577][T10202] ALSA: mixer_oss: invalid OSS volume 'c|AM 0'řh]9h-' [ 319.578383][T10202] ALSA: mixer_oss: invalid OSS volume 'sR˥_5b2״txV'%)r' [ 319.613469][T10202] ALSA: mixer_oss: invalid OSS volume 'sjqXaM' [ 319.648529][T10202] ALSA: mixer_oss: invalid OSS volume '9@PqEfAms5\ٱg' [ 319.662639][ T10] usb 1-1: USB disconnect, device number 29 [ 319.671923][T10202] ALSA: mixer_oss: invalid OSS volume 'ϫ;\(a@Znn5!c' [ 319.708534][T10202] ALSA: mixer_oss: invalid OSS volume 'Qi-' [ 321.237537][T10234] loop2: detected capacity change from 0 to 7 [ 321.385867][T10234] Dev loop2: unable to read RDB block 7 [ 321.403268][T10234] loop2: AHDI p1 p2 p3 [ 321.408000][T10234] loop2: partition table partially beyond EOD, truncated [ 321.530436][T10234] loop2: p1 start 1601398130 is beyond EOD, truncated [ 321.744034][T10234] loop2: p2 start 1702059890 is beyond EOD, truncated [ 322.020401][ T5995] IPVS: starting estimator thread 0... [ 322.140499][T10243] IPVS: using max 38 ests per chain, 91200 per kthread [ 323.660061][T10275] 9p: Bad value for 'source' [ 324.605555][ T5841] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 324.615194][ T5841] CPU: 1 UID: 0 PID: 5841 Comm: kworker/u9:3 Not tainted syzkaller #0 PREEMPT(full) [ 324.615217][ T5841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 324.615227][ T5841] Workqueue: hci1 hci_rx_work [ 324.615250][ T5841] Call Trace: [ 324.615258][ T5841] [ 324.615265][ T5841] dump_stack_lvl+0xe8/0x150 [ 324.615293][ T5841] sysfs_create_dir_ns+0x271/0x2a0 [ 324.615341][ T5841] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 324.615366][ T5841] ? do_raw_spin_unlock+0xf5/0x210 [ 324.615392][ T5841] kobject_add_internal+0x62b/0xd00 [ 324.615423][ T5841] kobject_add+0x163/0x240 [ 324.615450][ T5841] ? __pfx_kobject_add+0x10/0x10 [ 324.615472][ T5841] ? _raw_spin_unlock+0x28/0x50 [ 324.615493][ T5841] ? get_device_parent+0x366/0x3a0 [ 324.615519][ T5841] device_add+0x408/0xb70 [ 324.615544][ T5841] hci_conn_add_sysfs+0xd5/0x210 [ 324.615567][ T5841] le_conn_complete_evt+0xf1d/0x1430 [ 324.615599][ T5841] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 324.615619][ T5841] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 324.615642][ T5841] ? __pfx___mutex_lock+0x10/0x10 [ 324.615661][ T5841] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 324.615680][ T5841] ? skb_pull_data+0xfb/0x200 [ 324.615709][ T5841] hci_le_conn_complete_evt+0x187/0x470 [ 324.615738][ T5841] hci_event_packet+0x7af/0x12c0 [ 324.615763][ T5841] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 324.615786][ T5841] ? __pfx_hci_event_packet+0x10/0x10 [ 324.615810][ T5841] ? kcov_remote_start+0x49a/0x7a0 [ 324.615832][ T5841] ? hci_send_to_monitor+0xe2/0x590 [ 324.615866][ T5841] hci_rx_work+0x3ee/0x1040 [ 324.615896][ T5841] ? process_one_work+0x8bb/0x1780 [ 324.615919][ T5841] process_one_work+0x9ab/0x1780 [ 324.615964][ T5841] ? __pfx_process_one_work+0x10/0x10 [ 324.615985][ T5841] ? do_raw_spin_lock+0x12b/0x2f0 [ 324.616020][ T5841] worker_thread+0xba8/0x11e0 [ 324.616061][ T5841] kthread+0x388/0x470 [ 324.616081][ T5841] ? __pfx_worker_thread+0x10/0x10 [ 324.616095][ T5841] ? __pfx_kthread+0x10/0x10 [ 324.616115][ T5841] ret_from_fork+0x51e/0xb90 [ 324.616148][ T5841] ? __pfx_ret_from_fork+0x10/0x10 [ 324.616170][ T5841] ? __switch_to+0xc7d/0x1450 [ 324.616196][ T5841] ? __pfx_kthread+0x10/0x10 [ 324.616217][ T5841] ret_from_fork_asm+0x1a/0x30 [ 324.616250][ T5841] [ 324.616276][ T5841] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 324.861511][ T5841] Bluetooth: hci1: failed to register connection device [ 325.009898][T10298] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1460'. [ 325.624952][ T5846] udevd[5846]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 326.113688][T10330] netlink: 'syz.2.1465': attribute type 1 has an invalid length. [ 326.909470][ T5838] Bluetooth: hci1: command 0x2016 tx timeout [ 327.055804][T10350] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1473'. [ 327.218319][ T29] audit: type=1326 audit(1773892185.610:2673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10354 comm="syz.1.1474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd654b9c799 code=0x7ffc0000 [ 327.474898][ T29] audit: type=1326 audit(1773892185.670:2674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10354 comm="syz.1.1474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fd654b9c799 code=0x7ffc0000 [ 327.660077][ T29] audit: type=1326 audit(1773892185.690:2675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10354 comm="syz.1.1474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd654b9c799 code=0x7ffc0000 [ 327.766624][ T29] audit: type=1326 audit(1773892185.720:2676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10354 comm="syz.1.1474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd654b9c799 code=0x7ffc0000 [ 327.895591][ T29] audit: type=1326 audit(1773892185.720:2677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10354 comm="syz.1.1474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fd654b9c799 code=0x7ffc0000 [ 328.007338][ T29] audit: type=1326 audit(1773892185.780:2678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10354 comm="syz.1.1474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd654b9c799 code=0x7ffc0000 [ 328.084509][ T29] audit: type=1326 audit(1773892185.820:2679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10354 comm="syz.1.1474" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd654b9c799 code=0x7ffc0000 [ 328.636801][T10375] fuse: fd is not a fuse device [ 329.277757][ T5841] Bluetooth: hci1: command 0x2016 tx timeout [ 329.738943][T10389] fuse: fd is not a fuse device [ 329.870143][ T5915] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 330.048694][ T5895] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 330.074380][T10403] overlayfs: failed to resolve './file2': -2 [ 330.080582][ T5915] usb 6-1: config 128 has an invalid interface number: 148 but max is 0 [ 330.103092][ T5915] usb 6-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 330.149709][ T5915] usb 6-1: config 128 has no interface number 0 [ 330.176536][ T5915] usb 6-1: New USB device found, idVendor=0cf3, idProduct=e019, bcdDevice=fb.4f [ 330.207514][ T5915] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 330.242368][ T5895] usb 1-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 330.246688][ T5915] usb 6-1: Product: syz [ 330.282212][ T5915] usb 6-1: Manufacturer: syz [ 330.294283][ T5895] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 330.313482][ T5915] usb 6-1: SerialNumber: syz [ 330.338193][ T5895] usb 1-1: Product: syz [ 330.357052][ T5895] usb 1-1: Manufacturer: syz [ 330.375456][ T5895] usb 1-1: SerialNumber: syz [ 330.398395][ T5895] usb 1-1: config 0 descriptor?? [ 330.464499][T10414] fuse: fd is not a fuse device [ 331.000210][ T5895] i2c-tiny-usb 1-1:0.0: version 6d.cc found at bus 001 address 030 [ 331.076445][ T5915] usb 6-1: USB disconnect, device number 5 [ 331.099218][ T5894] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 331.223010][ T5895] (null): failure reading functionality [ 331.284820][ T5895] i2c i2c-1: connected i2c-tiny-usb device [ 331.338921][ T5894] usb 7-1: Using ep0 maxpacket: 16 [ 331.364314][ T5894] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 331.401949][ T5894] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 331.426702][ T5894] usb 7-1: config 0 interface 0 has no altsetting 0 [ 331.442673][ T5894] usb 7-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00 [ 331.464239][ T5894] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 331.488206][T10426] fuse: fd is not a fuse device [ 331.502177][ T5894] usb 7-1: config 0 descriptor?? [ 331.530013][ T5915] usb 1-1: USB disconnect, device number 30 [ 332.343641][ C1] raw-gadget.2 gadget.6: ignoring, device is not running [ 332.351242][ C1] raw-gadget.2 gadget.6: ignoring, device is not running [ 332.358756][ C1] raw-gadget.2 gadget.6: ignoring, device is not running [ 332.366209][ C1] raw-gadget.2 gadget.6: ignoring, device is not running [ 332.373562][ T5894] usbhid 7-1:0.0: can't add hid device: -32 [ 332.380032][ T5894] usbhid 7-1:0.0: probe with driver usbhid failed with error -32 [ 332.405609][ T5894] usb 7-1: USB disconnect, device number 2 [ 333.314372][T10446] overlayfs: failed to resolve './file2': -2 [ 333.486539][T10451] overlayfs: failed to resolve './file0': -2 [ 333.694701][T10463] fuse: fd is not a fuse device [ 334.208455][T10465] overlayfs: failed to resolve './file1/file0': -2 [ 334.546082][T10481] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1509'. [ 335.185854][T10489] ceph: No mds server is up or the cluster is laggy [ 335.332996][ T5894] libceph: connect (1)[c::]:6789 error -101 [ 335.362528][ T5894] libceph: mon0 (1)[c::]:6789 connect error [ 335.702538][ T5838] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 335.712335][ T5838] CPU: 1 UID: 0 PID: 5838 Comm: kworker/u9:2 Not tainted syzkaller #0 PREEMPT(full) [ 335.712360][ T5838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 335.712372][ T5838] Workqueue: hci2 hci_rx_work [ 335.712398][ T5838] Call Trace: [ 335.712405][ T5838] [ 335.712412][ T5838] dump_stack_lvl+0xe8/0x150 [ 335.712438][ T5838] sysfs_create_dir_ns+0x271/0x2a0 [ 335.712465][ T5838] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 335.712490][ T5838] ? do_raw_spin_unlock+0xf5/0x210 [ 335.712515][ T5838] kobject_add_internal+0x62b/0xd00 [ 335.712545][ T5838] kobject_add+0x163/0x240 [ 335.712570][ T5838] ? __pfx_kobject_add+0x10/0x10 [ 335.712591][ T5838] ? _raw_spin_unlock+0x28/0x50 [ 335.712612][ T5838] ? get_device_parent+0x366/0x3a0 [ 335.712638][ T5838] device_add+0x408/0xb70 [ 335.712663][ T5838] hci_conn_add_sysfs+0xd5/0x210 [ 335.712687][ T5838] le_conn_complete_evt+0xf1d/0x1430 [ 335.712718][ T5838] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 335.712739][ T5838] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 335.712762][ T5838] ? __pfx___mutex_lock+0x10/0x10 [ 335.712782][ T5838] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 335.712800][ T5838] ? skb_pull_data+0xfb/0x200 [ 335.712838][ T5838] hci_le_conn_complete_evt+0x187/0x470 [ 335.712868][ T5838] hci_event_packet+0x7af/0x12c0 [ 335.712893][ T5838] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 335.712914][ T5838] ? __pfx_hci_event_packet+0x10/0x10 [ 335.712938][ T5838] ? kcov_remote_start+0x49a/0x7a0 [ 335.712960][ T5838] ? hci_send_to_monitor+0xe2/0x590 [ 335.712986][ T5838] hci_rx_work+0x3ee/0x1040 [ 335.713021][ T5838] ? process_one_work+0x8bb/0x1780 [ 335.713044][ T5838] process_one_work+0x9ab/0x1780 [ 335.713090][ T5838] ? __pfx_process_one_work+0x10/0x10 [ 335.713110][ T5838] ? do_raw_spin_lock+0x12b/0x2f0 [ 335.713153][ T5838] worker_thread+0xba8/0x11e0 [ 335.713195][ T5838] kthread+0x388/0x470 [ 335.713216][ T5838] ? __pfx_worker_thread+0x10/0x10 [ 335.713230][ T5838] ? __pfx_kthread+0x10/0x10 [ 335.713251][ T5838] ret_from_fork+0x51e/0xb90 [ 335.713276][ T5838] ? __pfx_ret_from_fork+0x10/0x10 [ 335.713297][ T5838] ? __switch_to+0xc7d/0x1450 [ 335.713321][ T5838] ? __pfx_kthread+0x10/0x10 [ 335.713341][ T5838] ret_from_fork_asm+0x1a/0x30 [ 335.713373][ T5838] [ 335.713400][ T5838] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 335.859568][T10507] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1512'. [ 335.864884][ T5838] Bluetooth: hci2: failed to register connection device [ 335.938584][ T993] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 336.238573][ T993] usb 2-1: Using ep0 maxpacket: 16 [ 336.254000][ T993] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 336.270291][ T993] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 336.281868][ T993] usb 2-1: config 0 interface 0 has no altsetting 0 [ 336.288897][ T993] usb 2-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00 [ 336.298054][ T993] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 336.315956][T10518] 9p: Bad value for 'rfdno' [ 336.345975][ T993] usb 2-1: config 0 descriptor?? [ 336.640233][T10524] overlayfs: failed to resolve './file1/file0': -2 [ 336.651040][ T5846] udevd[5846]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 336.892366][ T993] usbhid 2-1:0.0: can't add hid device: -71 [ 336.965001][ T993] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 337.478585][ T993] usb 2-1: USB disconnect, device number 25 [ 338.028737][ T5841] Bluetooth: hci2: command 0x2016 tx timeout [ 338.059222][T10551] 9pnet: p9_errstr2errno: server reported unknown error 0x00000 [ 339.111385][T10575] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1538'. [ 339.134392][T10575] bond0: Unable to set peer notification delay as MII monitoring is disabled [ 339.967313][T10602] netlink: 'syz.2.1545': attribute type 1 has an invalid length. [ 340.110590][ T5841] Bluetooth: hci2: command 0x2016 tx timeout [ 340.485668][ T29] audit: type=1326 audit(1773892198.880:2680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10606 comm="syz.0.1552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6945d9c799 code=0x7ffc0000 [ 340.577922][ T29] audit: type=1326 audit(1773892198.880:2681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10606 comm="syz.0.1552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6945d9c799 code=0x7ffc0000 [ 340.623243][ T29] audit: type=1326 audit(1773892198.890:2682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10606 comm="syz.0.1552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=48 compat=0 ip=0x7f6945d9c799 code=0x7ffc0000 [ 340.655259][T10613] netlink: 'syz.5.1554': attribute type 29 has an invalid length. [ 340.671595][T10613] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1554'. [ 340.672605][ T29] audit: type=1326 audit(1773892198.890:2683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10606 comm="syz.0.1552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6945d9c799 code=0x7ffc0000 [ 340.690809][T10613] bond0: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 341.509279][T10651] netlink: 'syz.0.1571': attribute type 29 has an invalid length. [ 341.517390][T10651] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1571'. [ 341.533710][T10651] bond0: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 342.474448][T10665] fuse: Unknown parameter 'grou00000000000000000000' [ 342.530706][T10670] loop3: detected capacity change from 0 to 7 [ 342.543002][ C1] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 342.552494][ C1] Buffer I/O error on dev loop3, logical block 0, async page read [ 342.584331][ C0] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 342.593588][ C0] Buffer I/O error on dev loop3, logical block 0, async page read [ 342.608709][ C0] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 342.617941][ C0] Buffer I/O error on dev loop3, logical block 0, async page read [ 342.626996][ C0] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 342.636233][ C0] Buffer I/O error on dev loop3, logical block 0, async page read [ 342.647229][ C1] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 342.656450][ C1] Buffer I/O error on dev loop3, logical block 0, async page read [ 342.681858][ C1] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 342.691074][ C1] Buffer I/O error on dev loop3, logical block 0, async page read [ 342.705140][ C1] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 342.714350][ C1] Buffer I/O error on dev loop3, logical block 0, async page read [ 342.722615][T10670] ldm_validate_partition_table(): Disk read failed. [ 342.792002][T10670] Buffer I/O error on dev loop3, logical block 0, async page read [ 342.829639][T10670] Buffer I/O error on dev loop3, logical block 0, async page read [ 342.874769][T10670] Buffer I/O error on dev loop3, logical block 0, async page read [ 342.893286][T10670] Dev loop3: unable to read RDB block 0 [ 342.900172][T10670] loop3: unable to read partition table [ 342.906021][T10670] loop3: partition table beyond EOD, truncated [ 342.912954][T10670] loop_reread_partitions: partition scan of loop3 (Cj̖P=ý?}X %֐ȵ4FLQk݊5) failed (rc=-5) [ 342.915926][T10684] netlink: 'syz.6.1583': attribute type 29 has an invalid length. [ 342.940659][T10684] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1583'. [ 342.950081][T10684] bond0: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 343.680392][T10697] fuse: fd is not a fuse device [ 345.351617][T10722] netlink: 'syz.2.1595': attribute type 1 has an invalid length. [ 345.797973][T10719] netlink: 'syz.0.1596': attribute type 29 has an invalid length. [ 345.826907][T10728] No control pipe specified [ 345.849062][T10728] overlayfs: missing 'lowerdir' [ 345.860218][T10719] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1596'. [ 345.968171][T10719] bond0: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 346.521366][T10735] tipc: Enabling of bearer rejected, failed to enable media [ 346.703956][T10741] 9p: Bad value for 'wfdno' [ 348.668504][T10769] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR [ 348.719027][T10771] ceph: No mds server is up or the cluster is laggy [ 348.872171][ T55] libceph: connect (1)[c::]:6789 error -101 [ 348.888660][ T55] libceph: mon0 (1)[c::]:6789 connect error [ 348.963905][T10778] autofs: Bad value for 'fd' [ 348.984664][T10778] overlayfs: missing 'lowerdir' [ 349.123275][T10780] netlink: 'syz.0.1614': attribute type 29 has an invalid length. [ 349.163559][T10780] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1614'. [ 349.173084][T10780] bond0: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 349.428590][ T9] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 349.587104][ T9] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 349.596455][ T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 349.606032][ T9] usb 6-1: Product: syz [ 349.610799][ T9] usb 6-1: Manufacturer: syz [ 349.616040][ T9] usb 6-1: SerialNumber: syz [ 349.634788][ T9] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 349.713283][ T5915] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 350.135451][T10784] random: crng reseeded on system resumption [ 350.275040][ T9] usb 6-1: USB disconnect, device number 6 [ 350.731272][T10813] ceph: No mds server is up or the cluster is laggy [ 350.971121][ T5915] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive [ 350.980338][ T5915] ath9k_htc: Failed to initialize the device [ 350.991248][ T9] usb 6-1: ath9k_htc: USB layer deinitialized [ 351.012327][ T5894] libceph: connect (1)[c::]:6789 error -101 [ 351.022697][ T5894] libceph: mon0 (1)[c::]:6789 connect error [ 351.252896][T10821] netlink: 'syz.2.1629': attribute type 29 has an invalid length. [ 351.269951][T10821] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1629'. [ 351.290827][T10821] bond0: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 351.506798][T10828] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1633'. [ 352.259533][T10840] netlink: 'syz.2.1638': attribute type 7 has an invalid length. [ 353.035382][T10844] orangefs_mount: mount request failed with -4 [ 353.071994][T10862] netlink: 'syz.2.1645': attribute type 30 has an invalid length. [ 353.093115][T10862] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1645'. [ 353.290465][T10866] 9p: Bad value for 'rfdno' [ 353.428553][ T9] usb 6-1: new full-speed USB device number 7 using dummy_hcd [ 354.202621][ T9] usb 6-1: New USB device found, idVendor=13d3, idProduct=3224, bcdDevice=cb.0d [ 354.219348][ T9] usb 6-1: New USB device strings: Mfr=1, Product=12, SerialNumber=3 [ 354.237378][ T9] usb 6-1: Product: syz [ 354.243779][ T9] usb 6-1: Manufacturer: syz [ 354.249431][ T9] usb 6-1: SerialNumber: syz [ 354.266638][ T9] dvb-usb: found a 'DigitalNow TinyUSB 2 DVB-t Receiver' in warm state. [ 354.457092][T10879] fuse: Unknown parameter 'group_i00000000000000000000' [ 355.293598][ T9] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 355.306609][ T9] dvb-usb: DigitalNow TinyUSB 2 DVB-t Receiver error while loading driver (-19) [ 356.022702][ T5915] usb 6-1: USB disconnect, device number 7 [ 356.060445][ T55] libceph: connect (1)[c::]:6789 error -101 [ 356.083401][T10890] ceph: No mds server is up or the cluster is laggy [ 356.093567][ T55] libceph: mon0 (1)[c::]:6789 connect error [ 356.418730][T10898] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1655'. [ 357.731304][T10919] fuse: Unknown parameter 'group_i00000000000000000000' [ 358.427376][ T55] libceph: connect (1)[c::]:6789 error -101 [ 358.446629][ T55] libceph: mon0 (1)[c::]:6789 connect error [ 358.480883][ T55] libceph: connect (1)[c::]:6789 error -101 [ 358.508046][ T55] libceph: mon0 (1)[c::]:6789 connect error [ 359.287969][ T55] libceph: connect (1)[c::]:6789 error -101 [ 359.314162][T10929] ceph: No mds server is up or the cluster is laggy [ 359.333597][ T55] libceph: mon0 (1)[c::]:6789 connect error [ 360.196908][ T55] libceph: connect (1)[c::]:6789 error -101 [ 360.225651][T10952] warning: `syz.5.1671' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 360.237642][ T55] libceph: mon0 (1)[c::]:6789 connect error [ 360.485505][T10954] overlayfs: failed to resolve './file2': -2 [ 361.277055][T10967] ceph: No mds server is up or the cluster is laggy [ 361.284343][ T47] libceph: connect (1)[c::]:6789 error -101 [ 361.308210][ T47] libceph: mon0 (1)[c::]:6789 connect error [ 361.520700][T10975] loop2: detected capacity change from 0 to 7 [ 361.535981][T10975] Dev loop2: unable to read RDB block 7 [ 361.559239][T10975] loop2: AHDI p1 p2 p3 [ 361.573931][T10975] loop2: partition table partially beyond EOD, truncated [ 361.598144][T10975] loop2: p1 start 1601398130 is beyond EOD, truncated [ 361.624382][T10975] loop2: p2 start 1702059890 is beyond EOD, truncated [ 361.720547][ T5915] usb 6-1: new full-speed USB device number 8 using dummy_hcd [ 361.740677][T10972] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 361.900078][ T5915] usb 6-1: config 0 has no interfaces? [ 361.920460][ T5915] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 361.959884][ T5915] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 362.472109][ T5915] usb 6-1: Product: syz [ 362.476392][ T5915] usb 6-1: Manufacturer: syz [ 362.481750][ T5915] usb 6-1: SerialNumber: syz [ 362.498621][T10982] ceph: No mds server is up or the cluster is laggy [ 362.499974][ T5915] usb 6-1: config 0 descriptor?? [ 362.507088][ T47] libceph: connect (1)[c::]:6789 error -101 [ 362.555886][ T47] libceph: mon0 (1)[c::]:6789 connect error [ 362.821961][T10972] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 363.240552][T10972] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 363.294920][ T9] libceph: connect (1)[c::]:6789 error -101 [ 363.308207][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 363.888190][ T9] libceph: connect (1)[c::]:6789 error -101 [ 363.894534][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 364.044395][T10972] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 364.089078][T10996] ceph: No mds server is up or the cluster is laggy [ 364.674887][ T9200] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 365.206797][T11022] ceph: No mds server is up or the cluster is laggy [ 365.216730][ T5894] libceph: connect (1)[c::]:6789 error -101 [ 365.231746][ T5894] libceph: mon0 (1)[c::]:6789 connect error [ 365.295082][ T59] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 365.351104][ T9200] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 365.484960][ T9200] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 365.544873][ T5894] usb 6-1: USB disconnect, device number 8 [ 365.592325][ T9] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 365.848640][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 366.353888][ T9] usb 1-1: config index 0 descriptor too short (expected 35577, got 27) [ 366.363785][ T9] usb 1-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 366.372515][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 366.381565][ T9] usb 1-1: config 1 has no interface number 0 [ 366.387713][ T9] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 366.408673][ T9] usb 1-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 366.453699][ T9] usb 1-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 366.475811][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 366.610977][T11043] fuse: fd is not a fuse device [ 367.143736][ T9] snd_usb_pod 1-1:1.1: Line 6 Pocket POD found [ 367.385751][ T9] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now attached [ 367.990604][ T55] usb 1-1: USB disconnect, device number 31 [ 368.032452][ T55] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now disconnected [ 368.117359][ T5895] libceph: connect (1)[c::]:6789 error -101 [ 368.151344][ T5895] libceph: mon0 (1)[c::]:6789 connect error [ 368.446318][T11070] loop2: detected capacity change from 0 to 7 [ 368.459271][ T55] libceph: connect (1)[c::]:6789 error -101 [ 368.469831][ T55] libceph: mon0 (1)[c::]:6789 connect error [ 368.476314][T11070] Dev loop2: unable to read RDB block 7 [ 368.483786][T11070] loop2: unable to read partition table [ 368.490326][T11070] loop2: partition table beyond EOD, truncated [ 368.496848][T11070] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 368.895690][T11079] netlink: 'syz.0.1711': attribute type 1 has an invalid length. [ 368.944713][T11062] ceph: No mds server is up or the cluster is laggy [ 369.293369][ T55] libceph: connect (1)[c::]:6789 error -101 [ 369.305733][ T55] libceph: mon0 (1)[c::]:6789 connect error [ 370.328234][T11109] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 371.754803][T11127] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1731'. [ 371.996813][ T5846] udevd[5846]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 372.178507][ T47] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 372.328555][ T47] usb 7-1: device descriptor read/64, error -71 [ 372.432051][ T5838] Bluetooth: hci2: unexpected event 0x06 length: 5 > 3 [ 372.618578][ T47] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 373.178645][ T47] usb 7-1: device descriptor read/64, error -71 [ 373.291168][ T47] usb usb7-port1: attempt power cycle [ 373.954599][T11167] sch_tbf: peakrate 9 is lower than or equals to rate 9 ! [ 374.076671][ T5894] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 374.229403][ T5894] usb 6-1: Using ep0 maxpacket: 8 [ 374.323020][ T5894] usb 6-1: no configurations [ 374.351873][ T47] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 374.395474][ T5894] usb 6-1: can't read configurations, error -22 [ 374.498848][ T47] usb 7-1: device descriptor read/8, error -71 [ 374.668644][ T5894] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 374.888703][ T47] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 374.908609][ T5894] usb 6-1: Using ep0 maxpacket: 8 [ 374.929813][ T5894] usb 6-1: no configurations [ 374.941307][ T5894] usb 6-1: can't read configurations, error -22 [ 374.959448][ T5894] usb usb6-port1: attempt power cycle [ 374.966183][ T47] usb 7-1: device descriptor read/8, error -71 [ 375.079958][ T47] usb usb7-port1: unable to enumerate USB device [ 375.899760][ T5894] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 375.940630][ T5894] usb 6-1: Using ep0 maxpacket: 8 [ 375.957629][ T5894] usb 6-1: no configurations [ 375.966988][ T5894] usb 6-1: can't read configurations, error -22 [ 376.168180][T11202] siw: device registration error -23 [ 376.303832][ T5894] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 378.057346][T11218] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 378.612994][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.634909][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.795824][ T5894] usb 6-1: device not accepting address 12, error -71 [ 378.838710][ T5894] usb usb6-port1: unable to enumerate USB device [ 379.948950][T11247] netlink: 'syz.1.1773': attribute type 1 has an invalid length. [ 380.256483][ T5995] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 380.670452][ T5841] Bluetooth: hci5: command 0x0406 tx timeout [ 380.753135][T11259] ceph: No mds server is up or the cluster is laggy [ 381.124610][ T5995] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 381.146048][ T9] libceph: connect (1)[c::]:6789 error -101 [ 381.163915][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 381.188293][ T5995] usb 1-1: config 0 has no interfaces? [ 381.376223][ T5995] usb 1-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69 [ 381.389158][ T5995] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 381.397300][ T5995] usb 1-1: Product: syz [ 381.411796][ T5995] usb 1-1: Manufacturer: syz [ 381.418718][ T5995] usb 1-1: SerialNumber: syz [ 381.438299][ T5995] usb 1-1: config 0 descriptor?? [ 383.015400][ T993] usb 1-1: USB disconnect, device number 32 [ 383.053020][T11294] loop2: detected capacity change from 0 to 7 [ 383.064355][T11294] Dev loop2: unable to read RDB block 7 [ 383.071060][T11294] loop2: unable to read partition table [ 383.077136][T11294] loop2: partition table beyond EOD, truncated [ 383.086399][T11294] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 384.524240][ T5995] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 384.688642][ T993] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 385.178546][ T5995] usb 2-1: Using ep0 maxpacket: 32 [ 385.194700][ T5995] usb 2-1: config index 0 descriptor too short (expected 35577, got 27) [ 385.204390][ T5995] usb 2-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 385.215308][ T5995] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 385.226117][ T5995] usb 2-1: config 1 has no interface number 0 [ 385.233072][ T5995] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 385.260431][ T993] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 385.274602][ T993] usb 1-1: config 0 has no interfaces? [ 385.278504][ T5995] usb 2-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 385.306310][ T993] usb 1-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69 [ 385.319635][ T5995] usb 2-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 385.339671][ T993] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 385.349721][ T5995] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 385.367933][ T993] usb 1-1: Product: syz [ 385.751668][ T993] usb 1-1: Manufacturer: syz [ 385.765227][ T993] usb 1-1: SerialNumber: syz [ 385.792644][ T5995] snd_usb_pod 2-1:1.1: Line 6 Pocket POD found [ 385.799797][ T993] usb 1-1: config 0 descriptor?? [ 386.028307][ T5995] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now attached [ 386.746009][ T5995] usb 2-1: USB disconnect, device number 26 [ 386.771766][ T5995] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now disconnected [ 387.111685][T11356] nfs: Unknown parameter 'smackfsfloor' [ 387.226858][T11361] overlayfs: failed to clone upperpath [ 388.493567][T11384] ceph: No mds server is up or the cluster is laggy [ 388.802613][ T55] libceph: connect (1)[c::]:6789 error -101 [ 388.825649][ T55] libceph: mon0 (1)[c::]:6789 connect error [ 389.268370][T11396] loop2: detected capacity change from 0 to 7 [ 389.295387][ T10] usb 1-1: USB disconnect, device number 33 [ 389.306268][T11396] Dev loop2: unable to read RDB block 7 [ 389.342671][T11396] loop2: unable to read partition table [ 389.385562][T11396] loop2: partition table beyond EOD, truncated [ 389.414161][T11396] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 390.303763][T11416] autofs: Unknown parameter 'fd0x0000000000000000' [ 390.304728][T11416] overlayfs: missing 'lowerdir' [ 390.896048][ T47] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 391.068633][ T47] usb 6-1: Using ep0 maxpacket: 8 [ 391.089445][T11430] overlayfs: missing 'lowerdir' [ 391.098064][ T47] usb 6-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 391.111521][ T47] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 391.123493][ T47] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 391.135986][ T47] usb 6-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 391.161465][ T47] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 391.192410][ T47] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 391.232458][ T47] usbtmc 6-1:16.0: bulk endpoints not found [ 391.349737][T11436] loop2: detected capacity change from 0 to 7 [ 391.378251][T11436] Dev loop2: unable to read RDB block 7 [ 391.408090][T11436] loop2: unable to read partition table [ 391.420236][T11436] loop2: partition table beyond EOD, truncated [ 391.426739][T11436] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 391.949599][ T30] INFO: task syz.4.964:8721 blocked for more than 143 seconds. [ 392.288528][ T30] Not tainted syzkaller #0 [ 392.304374][ T30] Blocked by coredump. [ 392.317276][T11452] autofs: Unknown parameter 'fd0x0000000000000000' [ 392.325575][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 392.343233][ T30] task:syz.4.964 state:D stack:28128 pid:8721 tgid:8720 ppid:5837 task_flags:0x40014c flags:0x00080000 [ 392.365645][T11452] overlayfs: missing 'lowerdir' [ 392.374738][ T30] Call Trace: [ 392.382375][ T30] [ 392.387295][ T30] __schedule+0x1665/0x5590 [ 392.392408][ T30] ? __pfx___schedule+0x10/0x10 [ 392.397313][ T30] ? schedule+0x90/0x360 [ 392.401601][ T30] schedule+0x164/0x360 [ 392.405775][ T30] schedule_preempt_disabled+0x13/0x30 [ 392.411286][ T30] rwsem_down_read_slowpath+0x6d9/0x940 [ 392.416854][ T30] ? rwsem_down_read_slowpath+0x596/0x940 [ 392.424154][ T30] ? __pfx_rwsem_down_read_slowpath+0x10/0x10 [ 392.433205][ T30] ? do_futex+0x395/0x420 [ 392.437568][ T30] down_read+0x99/0x2e0 [ 392.441797][ T30] ? exit_mm+0x64/0x250 [ 392.445967][ T30] exit_mm+0x73/0x250 [ 392.450026][ T30] ? unwind_deferred_task_exit+0x67/0xa0 [ 392.512666][ T30] do_exit+0x8b9/0x2490 [ 392.516922][ T30] ? try_to_wake_up+0x7fc/0x1390 [ 392.521962][ T30] ? __pfx_do_exit+0x10/0x10 [ 392.527745][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 392.533042][ T30] do_group_exit+0x21b/0x2d0 [ 392.537667][ T30] __x64_sys_exit_group+0x3f/0x40 [ 392.542788][ T30] x64_sys_call+0x221a/0x2240 [ 392.547485][ T30] do_syscall_64+0x14d/0xf80 [ 392.552298][ T30] ? trace_irq_disable+0x3b/0x150 [ 392.557592][ T30] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 392.563980][ T30] ? clear_bhb_loop+0x40/0x90 [ 392.568928][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 392.574867][ T30] RIP: 0033:0x7f17b1d9c799 [ 392.579594][ T30] RSP: 002b:00007f17b2c10eb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 392.588057][ T30] RAX: ffffffffffffffda RBX: 00007f17b1e32411 RCX: 00007f17b1d9c799 [ 392.597360][ T30] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 392.605452][ T30] RBP: 0000000000000009 R08: 0000000000000000 R09: 000000000000005d [ 392.613621][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f17b2c116a8 [ 392.622961][ T30] R13: 000000000000005d R14: 00007f17b2015fa0 R15: 00007ffe10f36828 [ 392.633347][ T30] [ 392.636501][ T30] [ 392.636501][ T30] Showing all locks held in the system: [ 392.645106][ T30] 1 lock held by khungtaskd/30: [ 392.650033][ T30] #0: ffffffff8e75d6a0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 392.660158][ T30] 2 locks held by getty/5597: [ 392.664878][ T30] #0: ffff8880378880a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 392.682735][ T30] #1: ffffc9000322b2e8 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x45c/0x13c0 [ 392.693128][ T30] 1 lock held by udevd/5846: [ 392.697775][ T30] 1 lock held by syz.4.964/8721: [ 392.702855][ T30] #0: ffff888037a8ce38 (&mm->mmap_lock){++++}-{4:4}, at: exit_mm+0x73/0x250 [ 392.711836][ T30] 2 locks held by kworker/u8:11/9135: [ 392.717233][ T30] #0: ffff8880b863ae60 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xb6/0x150 [ 392.727238][ T30] #1: ffff8880b8724588 (psi_seq){-.-.}-{0:0}, at: psi_task_switch+0x53/0x880 [ 392.737834][ T30] 3 locks held by kworker/u8:16/9686: [ 392.743378][ T30] #0: ffff88801b0ac140 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x894/0x1780 [ 392.754600][ T30] #1: ffffc900054afc40 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x8bb/0x1780 [ 392.765669][ T30] #2: ffffffff8fbd4c00 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 392.774763][ T30] 2 locks held by syz.0.1845/11447: [ 392.780033][ T30] #0: ffffffff8fbd4c00 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3e/0x1c0 [ 392.789156][ T30] #1: ffffffff8e7638e8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x38d/0x770 [ 392.800149][ T30] [ 392.802526][ T30] ============================================= [ 392.802526][ T30] [ 392.816294][ T30] NMI backtrace for cpu 0 [ 392.816315][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) [ 392.816329][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 392.816337][ T30] Call Trace: [ 392.816341][ T30] [ 392.816348][ T30] dump_stack_lvl+0xe8/0x150 [ 392.816371][ T30] nmi_cpu_backtrace+0x274/0x2d0 [ 392.816390][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 392.816409][ T30] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 392.816429][ T30] sys_info+0x135/0x170 [ 392.816446][ T30] watchdog+0x1002/0x1060 [ 392.816468][ T30] ? watchdog+0x1da/0x1060 [ 392.816485][ T30] kthread+0x388/0x470 [ 392.816499][ T30] ? __pfx_watchdog+0x10/0x10 [ 392.816512][ T30] ? __pfx_kthread+0x10/0x10 [ 392.816526][ T30] ret_from_fork+0x51e/0xb90 [ 392.816545][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 392.816560][ T30] ? __switch_to+0xc7d/0x1450 [ 392.816578][ T30] ? __pfx_kthread+0x10/0x10 [ 392.816593][ T30] ret_from_fork_asm+0x1a/0x30 [ 392.816617][ T30] [ 392.816622][ T30] Sending NMI from CPU 0 to CPUs 1: [ 392.928316][ C1] NMI backtrace for cpu 1 [ 392.928333][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full) [ 392.928351][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 392.928361][ C1] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 392.928393][ C1] Code: dd 6a 02 e9 d3 f1 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d b3 a1 14 00 fb f4 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 [ 392.928405][ C1] RSP: 0018:ffffc90000197e20 EFLAGS: 00000242 [ 392.928419][ C1] RAX: 0000000000d2c279 RBX: ffffffff819b946a RCX: 0000000080000001 [ 392.928430][ C1] RDX: 0000000000000001 RSI: ffffffff8df3e4e9 RDI: ffffffff8c287200 [ 392.928440][ C1] RBP: ffffc90000197f10 R08: ffff8880b87339db R09: 1ffff110170e673b [ 392.928450][ C1] R10: dffffc0000000000 R11: ffffed10170e673c R12: 0000000000000001 [ 392.928461][ C1] R13: 1ffff11003c54000 R14: 0000000000000001 R15: 1ffff11003c54000 [ 392.928471][ C1] FS: 0000000000000000(0000) GS:ffff888125536000(0000) knlGS:0000000000000000 [ 392.928484][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 392.928494][ C1] CR2: 0000001b31821ff8 CR3: 000000002bb26000 CR4: 00000000003526f0 [ 392.928508][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 392.928517][ C1] DR3: 000000000000000e DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 392.928527][ C1] Call Trace: [ 392.928535][ C1] [ 392.928541][ C1] default_idle+0x9/0x20 [ 392.928562][ C1] default_idle_call+0x72/0xb0 [ 392.928584][ C1] do_idle+0x36a/0x5f0 [ 392.928603][ C1] ? __pfx_do_idle+0x10/0x10 [ 392.928619][ C1] ? do_idle+0xa/0x5f0 [ 392.928634][ C1] cpu_startup_entry+0x43/0x60 [ 392.928649][ C1] start_secondary+0x101/0x110 [ 392.928676][ C1] common_startup_64+0x13e/0x147 [ 392.928701][ C1] [ 392.929416][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 392.929430][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) [ 392.929448][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 392.929457][ T30] Call Trace: [ 392.929464][ T30] [ 392.929471][ T30] vpanic+0x56c/0xa60 [ 392.929494][ T30] ? __pfx___schedule+0x10/0x10 [ 392.929512][ T30] ? __pfx_vpanic+0x10/0x10 [ 392.929541][ T30] panic+0xc5/0xd0 [ 392.929561][ T30] ? __pfx_panic+0x10/0x10 [ 392.929583][ T30] ? preempt_schedule_thunk+0x16/0x30 [ 392.929606][ T30] ? nmi_trigger_cpumask_backtrace+0x2bb/0x300 [ 392.929632][ T30] watchdog+0x105b/0x1060 [ 392.929657][ T30] ? watchdog+0x1da/0x1060 [ 392.929679][ T30] kthread+0x388/0x470 [ 392.929697][ T30] ? __pfx_watchdog+0x10/0x10 [ 392.929713][ T30] ? __pfx_kthread+0x10/0x10 [ 392.929732][ T30] ret_from_fork+0x51e/0xb90 [ 392.929756][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 392.929776][ T30] ? __switch_to+0xc7d/0x1450 [ 392.929798][ T30] ? __pfx_kthread+0x10/0x10 [ 392.929817][ T30] ret_from_fork_asm+0x1a/0x30 [ 392.929846][ T30] [ 393.222123][ T30] Kernel Offset: disabled [ 393.226535][ T30] Rebooting in 86400 seconds..