last executing test programs: 14.584728005s ago: executing program 3 (id=512): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="02000000040000000100000027"], 0x50) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00') r2 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) fallocate(0xffffffffffffffff, 0x0, 0x8, 0x1101f0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002380)={0xffffffffffffffff, 0x0, 0x2d, 0x0, @val=@netfilter={0x2, 0x4, 0x600, 0x1}}, 0x20) ioctl$VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f0000000180)={0x1, @pix={0x4, 0x93d5, 0x58565559, 0x7, 0x10001, 0x9, 0x9, 0x1, 0x0, 0x4, 0x0, 0x2}}) read$FUSE(r1, &(0x7f0000002280)={0x2020}, 0x2020) mmap(&(0x7f0000fa2000/0x3000)=nil, 0x3000, 0x3, 0x13, r0, 0x0) 10.729710985s ago: executing program 3 (id=525): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, 0x0) syz_emit_vhci(0x0, 0x0) syz_emit_vhci(0x0, 0x0) openat2(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000017c0)={0x24, 0x0, 0x0, 0x0, &(0x7f0000001780)={0x0, 0x21, 0x9, {0x9, 0x21, 0x8, 0x8, 0x1, {0x22, 0xa3d}}}}, 0x0) syz_emit_vhci(&(0x7f0000001a80)=@HCI_SCODATA_PKT={0x3, {0x0, 0x33}, "c088dfd165356b567105731ee20c8c604befa672ed22ffac9b7afa08cae976d67f9e29215440a7e57638ffe9396ae18c05006f"}, 0x37) syz_emit_vhci(&(0x7f0000001b80)=@HCI_EVENT_PKT={0x4, @inquiry_info={{0x2, 0xf}, {0x1, [{@none, 0x5, 0x6b, 0x2, "1aa6d6", 0x31}]}}}, 0x12) syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) syz_emit_vhci(&(0x7f0000000100)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x88}, "f3a136fe069228e7c19ddf366acf5749ecebaa628c904f6dd00a40ea85ae107da3f8596571e58a697c20917dfa8719df6bb7a5e7801e8882b39828f1aa8f102d11532e91d91840fe922576accba016f71fbf1dbd08643b52181229620d9e55441070a6adcf2b89510d2a11180caada03eb6e6ac3c53fe94740e609f167fc7bfc00f09aa84e6b99cb"}, 0x8c) syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) syz_emit_vhci(&(0x7f0000002440)=ANY=[@ANYBLOB="042fff01ffffffffffff0b0de5ea7c000049e6f139b88e9dd7a94c0abf132a142b3b8e3ac39546ea63d505c81b249776769d43ecdc472fa6f72d21e93ad47dee7387fab8ee18072ae5b94999c1df9d8a732a13c3bcdb0135a8c30bd4d4241bcc2ffc619e0b0c95dfbf936be9d29f8f3481432b24e0215c5b13bb850ed80ebb978697632f261ced458f5806018ded4cdf995700ef92a23a583c1f62867b760ad91c41d4cff419f3c225310414bc83a0fc2ea19391a530991a8fb644753f90f3c6c13bc8ec8054643813a3fe49e51a66ff2f5f7f17e31f4a18b67ae1f9e9795141ec4955a6596f3564858d489066d9048a6f4f74f4ffd0cff343f4322cfb6455e331b0"], 0x102) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) bind$nfc_llcp(r1, &(0x7f0000000240)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "abd4dc59f835915e55e88509de7f1939e8ab180155acc8af039a5be422000000000000000001000000000000000000000000000000890080001400", 0x1000010000000a}, 0x60) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r1, 0x118, 0x1, 0x0, 0x0) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000700)={&(0x7f0000000540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x64, 0x64, 0xa, [@datasec={0x4, 0x6, 0x0, 0xf, 0x3, [{}, {0x0, 0xfffffffc, 0x1}, {}, {}, {}, {}], "491eaf"}, @datasec={0x0, 0x0, 0x0, 0xf, 0x1, [], "d5"}]}, {0x0, [0x0, 0x0, 0x0, 0x61, 0x30, 0x30, 0x2e, 0x0]}}, &(0x7f00000006c0)=""/50, 0x86, 0x32, 0x1}, 0x28) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40a01, 0x0) dup(0xffffffffffffffff) write$tun(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB="001c86dd0700100000003c00000060ec97000fc82c00fe8000000000000000000000000000aaff02000000000000000000000000000106"], 0xffe) 9.707780137s ago: executing program 3 (id=528): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x1000804, &(0x7f0000000100), 0x1, 0x4bf, &(0x7f0000000540)="$eJzs3c9vG1kdAPDvTJImm81usrASPwRsWRYKqtZO3N1otaflAkKrlRArThzakLhRFDuOYqc0oYf0f0CiEif4EzggcUDqiTs3uCGkckAqUIEaJA5GM56kaWqnEU08Vfz5SE8zb57t73tt573pt41fACPrckTsRcSliLgREbPF9aQo8VGvZK97/OjO8v6jO8tJdLuf/iPJ27NrceQ9mVeLz5yKiB98N+LHybNx2zu760uNRn2rqFc7zc1qe2f3L2vNpdX6an2jVltcWJz/4Nr7tTMb61vNXz/8ztrHP/zdb7/84A973/pp1q2Zou3oOM5Sb+gTh3Ey4xHx8XkEK8FYMZ5LZXeE/0saEZ+JiLez+79bdm8AgGHodmejO3u0DgBcdGmeA0vSSpELmIk0rVR6Obw3YzpttNqdqzdb2xsrvVzZXEykN9ca9fkiVzgXE0lWX8jPn9Rrx+rXIuKNiPjZ5Ct5vbLcaqyU+eADACPs1WPr/78ne+s/AHDBTZXdAQBg6Kz/ADB6rP8AMHqs/wAweqz/ADB6rP8AMHqs/wAwUr7/ySdZ6e4X33+9cmtne711692Venu90txeriy3tjYrq63Wav6dPc3nfV6j1dpceC+2b1c79Xan2t7Zvd5sbW90ruff6329PjGUUQEAJ3njrft/SiJi78NX8hJH9nKwVsPFlpbdAaA0Y2V3ACjNeNkdAErj7/hAny16nzLwvwjdG/gWUwu85K58Qf4fRpX8P4wu+X8YXfL/MLq63cSe/wAwYuT4gXP4938AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC48GbykqSVYi/wmUjTSiXitYiYi4nk5lqjPh8Rr0fEHycnJrP6QtmdBgBeUPq3pNj/68rsOzPHWy8l/5nMjxHxk198+vPbS53O1kJ2/Z+H1zv3iuu1EwPZahAASnKwTh+s4wceP7qzfFCG2Z+H3+5tLprF3S9Kr2U8xvPjVP7gMP2vpKj3ZM8rY2cQf+9uRHy+3/iTPDcyV+x8ejx+Fvu1ocZPn4qf5m29Y/Zr8dkz6AuMmvvZ/PNRv/svjcv5sf/9P5XPUC/uYP7bf2b+Sw/nv7EB89/l08Z47/ffG9h2N+KL4/3iJ4fxkwHx3zll/D9/6StvD2rr/jLiSvSPfzRWtdPcrLZ3dt9day6t1lfrG7Xa4sLi/AfX3q9V8xx19SBT/ay/f3j19ZPGPz0g/tRzxv/1U47/V/+98aOvnhD/m1/r//v/5gnxszXxG6eMvzT9m4Hbd2fxV/qPv3jP4PFfPWX8B3/dXTnlSwGAIWjv7K4vNRr1LSdDO8me3V6Cbjgp7ST7E3AWn/O5c+xq2TMTcN6e3PRl9wQAAAAAAAAAAAAAABhkGD/wVPYYAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuLj+FwAA//+vctdr") socket$nl_generic(0x10, 0x3, 0x10) userfaultfd(0x801) socket$nl_generic(0x10, 0x3, 0x10) socket$netlink(0x10, 0x3, 0x9) openat$uinput(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x42, 0x0) socket(0x200000100000011, 0x3, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = socket$igmp(0x2, 0x3, 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r4, @ANYBLOB="1f003300d000000008021100000108021100000050505050505000001502", @ANYRES8=r2], 0x3c}, 0x1, 0x0, 0x0, 0x8800}, 0x10) 8.946781321s ago: executing program 3 (id=532): listen(0xffffffffffffffff, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40ff"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b00010062726964676500001800028005001900840000000c001e"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd28, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0xffff}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40010}, 0x840) r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 7.753482328s ago: executing program 1 (id=536): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, 0x0) syz_emit_vhci(0x0, 0x0) syz_emit_vhci(0x0, 0x0) openat2(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000017c0)={0x24, 0x0, 0x0, 0x0, &(0x7f0000001780)={0x0, 0x21, 0x9, {0x9, 0x21, 0x8, 0x8, 0x1, {0x22, 0xa3d}}}}, 0x0) syz_emit_vhci(&(0x7f0000001a80)=@HCI_SCODATA_PKT={0x3, {0x0, 0x33}, "c088dfd165356b567105731ee20c8c604befa672ed22ffac9b7afa08cae976d67f9e29215440a7e57638ffe9396ae18c05006f"}, 0x37) syz_emit_vhci(&(0x7f0000001b80)=@HCI_EVENT_PKT={0x4, @inquiry_info={{0x2, 0xf}, {0x1, [{@none, 0x5, 0x6b, 0x2, "1aa6d6", 0x31}]}}}, 0x12) syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) syz_emit_vhci(&(0x7f0000000100)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x88}, "f3a136fe069228e7c19ddf366acf5749ecebaa628c904f6dd00a40ea85ae107da3f8596571e58a697c20917dfa8719df6bb7a5e7801e8882b39828f1aa8f102d11532e91d91840fe922576accba016f71fbf1dbd08643b52181229620d9e55441070a6adcf2b89510d2a11180caada03eb6e6ac3c53fe94740e609f167fc7bfc00f09aa84e6b99cb"}, 0x8c) syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) syz_emit_vhci(&(0x7f0000002440)=ANY=[@ANYBLOB="042fff01ffffffffffff0b0de5ea7c000049e6f139b88e9dd7a94c0abf132a142b3b8e3ac39546ea63d505c81b249776769d43ecdc472fa6f72d21e93ad47dee7387fab8ee18072ae5b94999c1df9d8a732a13c3bcdb0135a8c30bd4d4241bcc2ffc619e0b0c95dfbf936be9d29f8f3481432b24e0215c5b13bb850ed80ebb978697632f261ced458f5806018ded4cdf995700ef92a23a583c1f62867b760ad91c41d4cff419f3c225310414bc83a0fc2ea19391a530991a8fb644753f90f3c6c13bc8ec8054643813a3fe49e51a66ff2f5f7f17e31f4a18b67ae1f9e9795141ec4955a6596f3564858d489066d9048a6f4f74f4ffd0cff343f4322cfb6455e331b0"], 0x102) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) bind$nfc_llcp(r1, &(0x7f0000000240)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "abd4dc59f835915e55e88509de7f1939e8ab180155acc8af039a5be422000000000000000001000000000000000000000000000000890080001400", 0x1000010000000a}, 0x60) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r1, 0x118, 0x1, 0x0, 0x0) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000700)={&(0x7f0000000540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x64, 0x64, 0xa, [@datasec={0x4, 0x6, 0x0, 0xf, 0x3, [{}, {0x0, 0xfffffffc, 0x1}, {}, {}, {}, {}], "491eaf"}, @datasec={0x0, 0x0, 0x0, 0xf, 0x1, [], "d5"}]}, {0x0, [0x0, 0x0, 0x0, 0x61, 0x30, 0x30, 0x2e, 0x0]}}, &(0x7f00000006c0)=""/50, 0x86, 0x32, 0x1}, 0x28) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40a01, 0x0) dup(0xffffffffffffffff) write$tun(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB="001c86dd0700100000003c00000060ec97000fc82c00fe8000000000000000000000000000aaff02000000000000000000000000000106"], 0xffe) 6.972720422s ago: executing program 3 (id=539): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x244}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socket$packet(0x11, 0x3, 0x300) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) prlimit64(0x0, 0x9, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) unshare(0x62040200) r3 = socket$l2tp(0x2, 0x2, 0x73) getsockopt$bt_hci(r3, 0x0, 0x1, 0x0, &(0x7f0000000000)) 6.972524402s ago: executing program 1 (id=540): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x1000804, &(0x7f0000000100), 0x1, 0x4bf, &(0x7f0000000540)="$eJzs3c9vG1kdAPDvTJImm81usrASPwRsWRYKqtZO3N1otaflAkKrlRArThzakLhRFDuOYqc0oYf0f0CiEif4EzggcUDqiTs3uCGkckAqUIEaJA5GM56kaWqnEU08Vfz5SE8zb57t73tt573pt41fACPrckTsRcSliLgREbPF9aQo8VGvZK97/OjO8v6jO8tJdLuf/iPJ27NrceQ9mVeLz5yKiB98N+LHybNx2zu760uNRn2rqFc7zc1qe2f3L2vNpdX6an2jVltcWJz/4Nr7tTMb61vNXz/8ztrHP/zdb7/84A973/pp1q2Zou3oOM5Sb+gTh3Ey4xHx8XkEK8FYMZ5LZXeE/0saEZ+JiLez+79bdm8AgGHodmejO3u0DgBcdGmeA0vSSpELmIk0rVR6Obw3YzpttNqdqzdb2xsrvVzZXEykN9ca9fkiVzgXE0lWX8jPn9Rrx+rXIuKNiPjZ5Ct5vbLcaqyU+eADACPs1WPr/78ne+s/AHDBTZXdAQBg6Kz/ADB6rP8AMHqs/wAweqz/ADB6rP8AMHqs/wAwUr7/ySdZ6e4X33+9cmtne711692Venu90txeriy3tjYrq63Wav6dPc3nfV6j1dpceC+2b1c79Xan2t7Zvd5sbW90ruff6329PjGUUQEAJ3njrft/SiJi78NX8hJH9nKwVsPFlpbdAaA0Y2V3ACjNeNkdAErj7/hAny16nzLwvwjdG/gWUwu85K58Qf4fRpX8P4wu+X8YXfL/MLq63cSe/wAwYuT4gXP4938AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC48GbykqSVYi/wmUjTSiXitYiYi4nk5lqjPh8Rr0fEHycnJrP6QtmdBgBeUPq3pNj/68rsOzPHWy8l/5nMjxHxk198+vPbS53O1kJ2/Z+H1zv3iuu1EwPZahAASnKwTh+s4wceP7qzfFCG2Z+H3+5tLprF3S9Kr2U8xvPjVP7gMP2vpKj3ZM8rY2cQf+9uRHy+3/iTPDcyV+x8ejx+Fvu1ocZPn4qf5m29Y/Zr8dkz6AuMmvvZ/PNRv/svjcv5sf/9P5XPUC/uYP7bf2b+Sw/nv7EB89/l08Z47/ffG9h2N+KL4/3iJ4fxkwHx3zll/D9/6StvD2rr/jLiSvSPfzRWtdPcrLZ3dt9day6t1lfrG7Xa4sLi/AfX3q9V8xx19SBT/ay/f3j19ZPGPz0g/tRzxv/1U47/V/+98aOvnhD/m1/r//v/5gnxszXxG6eMvzT9m4Hbd2fxV/qPv3jP4PFfPWX8B3/dXTnlSwGAIWjv7K4vNRr1LSdDO8me3V6Cbjgp7ST7E3AWn/O5c+xq2TMTcN6e3PRl9wQAAAAAAAAAAAAAABhkGD/wVPYYAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuLj+FwAA//+vctdr") socket$nl_generic(0x10, 0x3, 0x10) userfaultfd(0x801) socket$nl_generic(0x10, 0x3, 0x10) socket$netlink(0x10, 0x3, 0x9) openat$uinput(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x42, 0x0) socket(0x200000100000011, 0x3, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = socket$igmp(0x2, 0x3, 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r4, @ANYBLOB="1f003300d000000008021100000108021100000050505050505000001502", @ANYRES8=r2], 0x3c}, 0x1, 0x0, 0x0, 0x8800}, 0x10) 6.643021762s ago: executing program 0 (id=541): socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4004000) r0 = openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000940)=0x200000000) write$vhost_msg_v2(r0, 0x0, 0x0) getsockopt$packet_int(0xffffffffffffffff, 0x107, 0xb, 0x0, 0x0) ioctl$HIDIOCSUSAGES(0xffffffffffffffff, 0x501c4814, 0x0) r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2) r2 = syz_open_dev$video(&(0x7f0000000440), 0x8, 0x0) ioctl$VIDIOC_S_SELECTION(r2, 0xc040565f, &(0x7f0000000940)={0xa, 0x0, 0x7, {0x3, 0x1000, 0xfc, 0x4}}) ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000100)={0x2, @win={{0x7f, 0x4, 0x100, 0x2}, 0x3, 0x81, 0x0, 0x7, 0x0, 0x10}}) 6.034483381s ago: executing program 0 (id=543): r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_JOIN_IBSS(r0, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000700)=@newqdisc={0x138, 0x24, 0xd0f, 0x200000, 0x0, {0x60, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x108, 0x2, [@TCA_GRED_STAB={0x104, 0x2, "abcc61b4e508c02286f1bafc7a22c407a52b0e13291c865d493f15736245f220cd4e40006df455836aa3bd3aaa2c9b95578719c46f89e01798d28b6d63cf7465ea95bd97b018b7afaccdcb28bb42d677b73c44e790f0875fb4b795ca95b7dd712d2c5d69945535f92f74a71236743acd06103cd77bd07f2df5989ee40e409b077cc85e96554beb53c986a216051bd5979a8cfcfe9f98be58ffcf44f6cfda8579dbaedceee578bfd1fb554b6e185e9315425ef0a3fc69d17ede93fc7c46357990f7acfdb8216ea52f604b9f12033688caa4b04adecfc926b3f6ca25bcb5432905e3f30ccbf10cf0f2d00858ba2bbd2702b8d4a7a7c744fbaa2fa35b1c586020d6"}]}}]}, 0x138}, 0x1, 0x0, 0x0, 0x845}, 0x24008004) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000540)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b000000080003", @ANYRES32=r2, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 6.009390222s ago: executing program 1 (id=544): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="02000000040000000100000027"], 0x50) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00') prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) fallocate(0xffffffffffffffff, 0x0, 0x8, 0x1101f0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002380)={0xffffffffffffffff, 0x0, 0x2d, 0x0, @val=@netfilter={0x2, 0x4, 0x600, 0x1}}, 0x20) ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000180)={0x1, @pix={0x4, 0x93d5, 0x58565559, 0x7, 0x10001, 0x9, 0x9, 0x1, 0x0, 0x4, 0x0, 0x2}}) read$FUSE(r1, &(0x7f0000002280)={0x2020}, 0x2020) mmap(&(0x7f0000fa2000/0x3000)=nil, 0x3000, 0x3, 0x13, r0, 0x0) 5.707797282s ago: executing program 2 (id=545): openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) listen(r1, 0xfffffffc) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r2, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 5.620737754s ago: executing program 0 (id=546): syz_mount_image$vfat(&(0x7f0000001800), &(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x8, &(0x7f0000000b00)=ANY=[@ANYBLOB="00631dda01aef2b0bad477a11d13ec0c19456795dd9b2620df1c0f624854ea3dd5a00bd6df44035f5c3ae796fec6d633a0ffad0569794acfef7da01767fd4175f2cd82df769aa2ee7bfe3640554507d24c60c9f9e222a72e1e3e71145c480657d2864e5e276f028d64701ae31cde0ceaf408fdb05c0f4142da00e9000001001d0149e6d308cbe315789f4baffe39bbced9b1d4db174c6121d2e290e9fc561a62225f002ee310e1fa7321000000000000d6231001a4b2d467825f3abb0c167e129cf1fa0e785410c8754418972a147b1b4bbc980b4e99027c53ae2c6cc05d3be246e5837cbf286225d43e8c1d2e3fda86b86906b79fdedae7f3bbe362e8ad7f26529f9838ba2d00302415e5b92b36fa42013de1788be93a3d553c2e1f5b559393d964df51bf393f52ecbe6f832b222231fbb9fee9e0343c2d3d567f7c5332493c21932d4e1088e6250c1017f6cad9ea2e56ef9a149ef1995877d86c8a0ea6781a0b995ac2adaf860de22e4386a1ffad0c3b6db50fca22eccc676bf00eec19d633e7ff988e5eb7e6f0137e0225f568e2516ad7ba9479a8eb16d8435a784f42c73fbe2a675a9fefd4eb89b3748df0132e00e8c4a3e888592fff28eaf3fd935f508bd92796681cdcde25a21409395128836a3ae27cdb20a17f86fcef20bdae46fc033a43d3706278db0c3ed4d15d9b847026d41cb0c9c4c660512934ef57cbfab70cf2a6a983ad75abbd337fa8c4db8737e84464537116cf74551a5aad2101d61891e860a37674cf2ddbe44d3b64783172f7c259d9769eb4ac84f14288bfcabdaa807b515cc727ac3ed549508a515c6c3b83f9d58c0176ec7eeecdc70998ebe12ce0df921d240164e1b6e41c97f63b61c7074a4d1a3d0139391c737e24b61a40f47344a364bce59bf8ea641ed7ece617aab58cede3cffcc14ae3a13b28638edf5b14d5c00395cfddf26635aaff2478dc88b0e3d34a6c955e9302c7864d0f29c7f021ebf0f2736f1df2"], 0x4, 0x283, &(0x7f0000000600)="$eJzs281OE1EYxvGHD/kUWkVRMMY3utHNBOoVNAQSYxMNUuNHYjLIVJsOLek0mKoRdm69DuLSnYnxBth4BS7csXGJiXEM0wItlEhMYND+f5t5yeHpnJP3THMWnY0H7xYLucDJuRV1dpi6pR5tSkl1qks1HfVrZ1T3qNGqboxkvl6+9/DR7XQmMz1rNpOeu5kys+Ern168fn/1c2Xw/ofhj71aTz7Z+J76tj66Prbxa+55PrB8YMVSxVybL5Uq7rzv2UI+KDhmd33PDTzLFwOv3DSe80tLS1VziwtDA0tlLwjMLVat4FWtUrJKuWruMzdfNMdxbGhA+JPs2uysm457Fjha5XLanZI0vm8kuxbLhAAAQKxanP9XOf+3C87/7WDr/P+4/vw24/wPAAAAAAAAAAAAAAAAAAAAAMC/YDMME2EYJravp6ToDZ+w/ne/pAFJg5JOSxqSNCwpISkp6Yyks5JGJJ2TdF7SqKQLki5KGmv4rLjXiv0O6n8X/W8LR/f8v/qxfQ/6f3Lx/d/eGl7c7ZMW3y5nl7O1a208nVNevjxNKKGfUS/ravXMrcz0hEWSurS4Us+vLGe7mvOTSmxtmFb5yVremvO90b7byaeU2NpgrfKplvk+Xb/WkHeU0JenKsnXQrQnd/NvJs2m7mT25Mej//vfObajZf8c56DxWv4Q+yOcaNmfbo13x7t2SEH1ZcH1fa98jEV/HDel+MtCJ2MaFMfdd7SB3abvGeiJaUIAAAAAAAAAAAAAAAAAgEM5jp8Txr1GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD2+h0AAP//wexgBQ==") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_mems\x00', 0x275a, 0x0) openat(0xffffffffffffff9c, 0x0, 0x42, 0x5) 5.001135394s ago: executing program 2 (id=547): r0 = epoll_create1(0x0) r1 = dup3(0xffffffffffffffff, r0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x1, 0x5, &(0x7f0000000380)=@framed={{0x18, 0x0, 0x0, 0x0, 0x40000000}, [@map_fd={0x18, 0xa, 0x1, 0x0, r1}]}, &(0x7f0000000000)='syzkaller\x00', 0x8}, 0x94) 4.997953034s ago: executing program 0 (id=548): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000000)={'team0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x7, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x10104}, [@IFLA_IFNAME={0x14, 0x3, 'wg1\x00'}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x3c}}, 0x0) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_disconn_logical_link_complete={{0x46, 0x4}, {0x9, 0xc9, 0x9}}}, 0x7) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(0xffffffffffffffff, 0x40089413, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) sysinfo(&(0x7f0000000180)=""/68) socket$nl_generic(0x10, 0x3, 0x10) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0) ioctl$TIOCSETD(r5, 0x5423, 0x0) 4.776629901s ago: executing program 3 (id=549): openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x101042, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net\x00') getdents64(r0, &(0x7f0000004800)=""/94, 0x5e) bpf$ENABLE_STATS(0x20, 0x0, 0x0) syz_emit_ethernet(0x66, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaa0086dd60f53a0400303a00fe8000000000"], 0x0) socket(0x2b, 0x2, 0x4008002) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x800, &(0x7f0000000840)={[{}, {@nogrpid}], [{@uid_eq}]}, 0xfe, 0x572, &(0x7f0000000240)="$eJzs3U1rVFcfAPD/nSS+JD4aQeRpFyXgohbrxCR9sdCFXZZWKrR7OyTXIJk4kpmISYXqom66KVIopdLSD9B9l9Iv0E8htIIUCe2imyl35o6OyUwS42hG5/eDq+fcc6/nnrn3fzxnzgwTwMCayP4oRLwSEd8kEYfayoYjL5xoHrf24NpstiVRr3/6VxJJvq91fJL/PZZn/h8Rv30VcaKwsd7qyupCqVxOl/L8ZG3x8mR1ZfXkxcXSfDqfXpqemTn99sz0e+++s/HkvTtr6xvn/vn+kzsfnv762Np3v9w7fCuJM3EgL2tvx1O43p6ZiIn8NRmJM+sOnOpBZf0k2e0LYEeG8jgfiawPOBRDedQDL78vI6IODKhE/MOAas4AMs25/abz4PrLN8u7/0FzAtRq+6P2J833RmJfY240upY8NjPKXonxHtSf1fHrn7dvZVv07n0IgC1dvxERp4aHH+v/DkZb/7dzp7ZxzPo69H/w/NzJxj9v7u0w/ik8HP9Eh/HPWIfY3Ymt479wr/OZO1wEWicb/70fncZ/Dxetxofy3P8aY76R5MLFcpr1bVk3eTxG9mb5zdZzTq/drXcrax//ZVtWf2ssmF/HveF1TZ0r1UpP0+Z2929EvLrF+DfpcP+z1+PcNus4mt5+rVvZ1u1/tuo/R7ze8f4/muskm69PTjaeh8nWU7HR3zeP/t6t/t1uf3b/Rzdv/3jSvl5bffI6ftr3b9qtbCLJF02f8Pnfk3zWSO/J910t1WpLUxF7ko837p9upn9sy7eOz9p//Fjn+N/s+d8fEZ9vs/03j9zsemg/3P+5J7r/XRL1pGvR3Y+++KFb/dvr/95qpI7ne7bT/3W+0tG89GmeZgAAAAAAAOhfhYg4EEmh+DBdKBSLzc93HInRQrlSrZ24UFm+NBeN78qOx0ihtdI91vZ5iKn887Ct/PS6/ExEHI6Ib4f2N/LF2Up5brcbDwAAAAAAAAAAAAAAAAAAAH1irMv3/zN/DO321QHPnJ/8hsG1Zfz34peegL7k/38YXOIfBpf4h8El/mFwiX8YXOIfBpf4h8El/gEAAAAAAAAAAAAAAAAAAAAAAAAAAKCnzp09m231tQfXZrP83JWV5YXKlZNzaXWhuLg8W5ytLF0uzlcq8+W0OFtZ3OrfK1cql6emY/nqZC1NapPVldXzi5XlS7XzFxdL8+n5dOS5tAoAAAAAAAAAAAAAAAAAAABeLNWV1YVSuZwuvVyJQt68bZ91MD+hHy7+xUoM98dlSPQ4sYudEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACs818AAAD//0efKxA=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000800)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = memfd_create(&(0x7f0000000300)=' \xc76\xbe\x91\x8d\x182)!\x9a%\xa2\xd28\xd6\x06\a\x0e\xfc\xfe\x12\x8f&\x13\xae%@T\xa3\xb0>\\\xec\xa9\xf9Q@6A\x10\x8cn|\x00\x00\x00\x00\x00\x00\x00\x00r\xbb\xdd\xe8\x87\x05=\xfb\x8b}\xfc\x1d\x03\xe1\xfcm\x9b\xf7fo\"i\xa1hk\x1f\xf5z\xc1\x7f\xa4\\]\xc4\xbe3\xf9\xa8\t?:\xd8\xda\x84\xeepI[\x1c\x00\x00\x00\x00\xf9v\x00\x00\x00\x00\x00T\xb6\xbe\x0f~\xc0\x92\xe9O{\xa8\x81(\x01\x14\xfc\x83\xf9\xfb\x05\x94T\x81@Lq]\xf9\x15zj\x87\xc4\x8e\xe8/\xb9-&R\x8e\xb2\xb3bBx\x1e1\x18\x8f\x19\xf7]#\xed,\xc7\x11\tp\xf4\xa3\xee\x00\x00\x00\x00\'}\x18\xe8O\xa8#K\xb6\xe4U\x92\xd2\x9d\xb8?2\xc8\xe7kovd\xa4\x1bl+\x14\x17\x14\x17C2! U\x04:\xd93F\xb9\xfc\x1b\xfd}\x05\xf9\x11\xf3)>q\x10\xd3\xf0\xaf>\xf8t(bX\xe3g\x05\xfe\b\xbcy\x95*\xca\a\xaf\xbb\xf9\xc3Y\xa2\x91\x90.\xc8\xbe\xb0\xa6\xbd\xbd\xfd\xfaf*\xb2&\x82\xa0\x17\xe7)\xf5\xa2\xccv\n\x1b\xd4\xf4\x11*\xc9\xc6*\xa4.\x94[$\xb8\xb3Q\xde\xd8A\xa4~c,`\x02\xb8\x01r\x89\x82\x13\xd0}C7\xfb\xf2\tM\x1e\xe9\xa5\v\xc5\xba(\x89\xb0l\x92H\x1cR\x1f>\xc4ie\xe0B\xf0[\xe2\xe1\x12\x1d\x8fR&\xd1\xa6#\xda.\x0f\xd7\xd7\xa4\x90\x14\x92I\xf82&\x16<\xf2RR\xc2\x02.Q\xef\x85\xef\xf9\xe5\x00\xe9\xca\xb1\x8c\x11\x11l\x9f\xc8\b\xf7A\xa6\x81\xad\xdc\x95\xc8\xef\x102\xa8\x87\x01\x00\\\xfee \n0F\xbc\x85\xc5C\xd0\x99\xe4\t\xab`\'t\xc2\xe9\x13\xcag\xea\xb3\xb5\x92\x00J\xc6y\x05\xcc\xde\xa0\xf6\xb9 \xe5\xdd\f\x18\xfc\xe0\xc3(\xd8\xeb\x1a6\xe6\xfa\x93\xc07R\x0f-\x9e\xf3\x87E\xa3\xd5o\x1bA\x88L/\xe7>45Q?\be\x7f\xa9\x9a\xcae\xd8Y\xdf]\x1bS\x825\xcb\x00\xa4}\x97\x84T\xad\x9b\x1e!\x8a\xbc\x02+#Q\xa9 \xe9\x05r\xe1\xec\x0f\xa7\xe6Of\x95\x02{', 0x4) ftruncate(r3, 0x400000) 4.228362908s ago: executing program 1 (id=550): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) ioprio_get$pid(0x3, r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x0, @remote}, 0x10, 0x0}, 0x3000c041) r3 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08061cdc030ec080000000060000000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08120800030006010000bdad446b9bbc7a46e3988285dcdf12f2130809d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff00", 0x81}], 0x1}, 0x0) 4.196813979s ago: executing program 2 (id=551): openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r0 = socket(0x400000000010, 0x3, 0x0) r1 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0x7}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=@newtfilter={0x6c, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r2, {0x8, 0x7}, {}, {0xa, 0xb}}, [@filter_kind_options=@f_flower={{0xb}, {0x3c, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS_MASK={0x20, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x1c, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX={0x8, 0x2, 0xfffffffe}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX={0x8, 0x2, 0x6}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x2, 0x1, 0x1}]}]}, @TCA_FLOWER_KEY_ENC_OPTS={0x18, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x14, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5, 0x1, 0x1}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX={0x8, 0x2, 0x100c}]}]}]}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x26044028}, 0x0) 2.668301857s ago: executing program 1 (id=552): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x1000804, &(0x7f0000000100), 0x1, 0x4bf, &(0x7f0000000540)="$eJzs3c9vG1kdAPDvTJImm81usrASPwRsWRYKqtZO3N1otaflAkKrlRArThzakLhRFDuOYqc0oYf0f0CiEif4EzggcUDqiTs3uCGkckAqUIEaJA5GM56kaWqnEU08Vfz5SE8zb57t73tt573pt41fACPrckTsRcSliLgREbPF9aQo8VGvZK97/OjO8v6jO8tJdLuf/iPJ27NrceQ9mVeLz5yKiB98N+LHybNx2zu760uNRn2rqFc7zc1qe2f3L2vNpdX6an2jVltcWJz/4Nr7tTMb61vNXz/8ztrHP/zdb7/84A973/pp1q2Zou3oOM5Sb+gTh3Ey4xHx8XkEK8FYMZ5LZXeE/0saEZ+JiLez+79bdm8AgGHodmejO3u0DgBcdGmeA0vSSpELmIk0rVR6Obw3YzpttNqdqzdb2xsrvVzZXEykN9ca9fkiVzgXE0lWX8jPn9Rrx+rXIuKNiPjZ5Ct5vbLcaqyU+eADACPs1WPr/78ne+s/AHDBTZXdAQBg6Kz/ADB6rP8AMHqs/wAweqz/ADB6rP8AMHqs/wAwUr7/ySdZ6e4X33+9cmtne711692Venu90txeriy3tjYrq63Wav6dPc3nfV6j1dpceC+2b1c79Xan2t7Zvd5sbW90ruff6329PjGUUQEAJ3njrft/SiJi78NX8hJH9nKwVsPFlpbdAaA0Y2V3ACjNeNkdAErj7/hAny16nzLwvwjdG/gWUwu85K58Qf4fRpX8P4wu+X8YXfL/MLq63cSe/wAwYuT4gXP4938AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC48GbykqSVYi/wmUjTSiXitYiYi4nk5lqjPh8Rr0fEHycnJrP6QtmdBgBeUPq3pNj/68rsOzPHWy8l/5nMjxHxk198+vPbS53O1kJ2/Z+H1zv3iuu1EwPZahAASnKwTh+s4wceP7qzfFCG2Z+H3+5tLprF3S9Kr2U8xvPjVP7gMP2vpKj3ZM8rY2cQf+9uRHy+3/iTPDcyV+x8ejx+Fvu1ocZPn4qf5m29Y/Zr8dkz6AuMmvvZ/PNRv/svjcv5sf/9P5XPUC/uYP7bf2b+Sw/nv7EB89/l08Z47/ffG9h2N+KL4/3iJ4fxkwHx3zll/D9/6StvD2rr/jLiSvSPfzRWtdPcrLZ3dt9day6t1lfrG7Xa4sLi/AfX3q9V8xx19SBT/ay/f3j19ZPGPz0g/tRzxv/1U47/V/+98aOvnhD/m1/r//v/5gnxszXxG6eMvzT9m4Hbd2fxV/qPv3jP4PFfPWX8B3/dXTnlSwGAIWjv7K4vNRr1LSdDO8me3V6Cbjgp7ST7E3AWn/O5c+xq2TMTcN6e3PRl9wQAAAAAAAAAAAAAABhkGD/wVPYYAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuLj+FwAA//+vctdr") socket$nl_generic(0x10, 0x3, 0x10) userfaultfd(0x801) socket$nl_generic(0x10, 0x3, 0x10) socket$netlink(0x10, 0x3, 0x9) openat$uinput(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x42, 0x0) socket(0x200000100000011, 0x3, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = socket$igmp(0x2, 0x3, 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r4, @ANYBLOB="1f003300d000000008021100000108021100000050505050505000001502", @ANYRES8=r2], 0x3c}, 0x1, 0x0, 0x0, 0x8800}, 0x10) 2.093816655s ago: executing program 2 (id=553): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x306) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup(r1) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) write$tun(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000009ffffffffffffbbbb"], 0x7b) 1.829886513s ago: executing program 1 (id=554): sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r2 = socket$unix(0x1, 0x5, 0x0) r3 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r3, &(0x7f00000000c0)={0x1d, r4}, 0x10) sendmsg$can_bcm(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="0100000003ece1e40ad8871461ab0800", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=r2, @ANYBLOB="3bf81b"], 0x20000600}, 0x1, 0x0, 0x0, 0x40000}, 0x1) 1.60472872s ago: executing program 0 (id=555): openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) listen(r1, 0xfffffffc) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r2, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 1.471008764s ago: executing program 2 (id=556): munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000) r0 = socket$inet6(0xa, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() r2 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r2, &(0x7f0000000000), 0x10) sendmsg$can_bcm(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="f6b679ad1f2c3695c31f7aab5b01ea0d66e03af70ffa29", @ANYRESHEX=r1, @ANYRESDEC=r1, @ANYBLOB="0000000001"], 0x48}}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0}, &(0x7f00000000c0)=0xc) newfstatat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x100) setreuid(r5, r6) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r4, 0x8983, &(0x7f0000000100)={0x0, 'veth1_to_batadv\x00', {0x4}, 0x26}) socket$nl_netfilter(0x10, 0x3, 0xc) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1c, 0x0, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14) ptrace$ARCH_MAP_VDSO_32(0x1e, 0x0, 0x6a, 0x2002) close(r0) r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x48) r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB="0000000000020000001500000000c70000000000", @ANYRESOCT=r4, @ANYRES64, @ANYBLOB='\x00'/28], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x8, 0x1c, &(0x7f0000000500)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf0900000000000055090100000000000000000000000000b7020000000000007b9a20fe00000000b6090800020000007b9af0ff00000000bf8600000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018280092dc34000000000000000d147479d1b36e05abc9c848df8da1386d49f9a3c047222514b7d9e1093f09da63cf03e1bb54604ef9fbaf6d02ff0d0c2aaac7117f2c83a0b1738219086fff224bebe11056ac889432d3e3593c8850558dcaba75613e116bd5127a7b4a0b40b473bffec5e10d4812092d1f9406c419a5473eac9bbcb8dd897bb1afac9563cd2ebdacf7b08d1ee3807221cf6fc7cfd125e63b43a4a6fbb7ed8914bbaa4ad6f02dd2df28dd580ff40e0060be4c272fe4ab220d653a63cbf7f9a37198f656642394be222ee6350618eeac5b47cd2fb8717f933a", @ANYRES32=r7, @ANYBLOB="0000000000000000b7050000080000001500000086ffffffbf9800000000000056080000000000008500000007000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0xf, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f00007fe000/0x800000)=nil) write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000000200)={0x60, 0x0, 0x0, {{0x4, 0x7, 0x2, 0xfff, 0x3, 0x1ff, 0x1, 0x80000000}}}, 0x60) 77.038458ms ago: executing program 2 (id=557): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x244}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socket$packet(0x11, 0x3, 0x300) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) prlimit64(0x0, 0x9, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) unshare(0x62040200) r3 = socket$l2tp(0x2, 0x2, 0x73) getsockopt$bt_hci(r3, 0x0, 0x1, 0x0, &(0x7f0000000000)) 0s ago: executing program 0 (id=558): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="02000000040000000100000027"], 0x50) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00') prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) fallocate(0xffffffffffffffff, 0x0, 0x8, 0x1101f0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002380)={0xffffffffffffffff, 0x0, 0x2d, 0x0, @val=@netfilter={0x2, 0x4, 0x600, 0x1}}, 0x20) ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000180)={0x1, @pix={0x4, 0x93d5, 0x58565559, 0x7, 0x10001, 0x9, 0x9, 0x1, 0x0, 0x4, 0x0, 0x2}}) read$FUSE(r1, &(0x7f0000002280)={0x2020}, 0x2020) mmap(&(0x7f0000fa2000/0x3000)=nil, 0x3000, 0x3, 0x13, r0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.216' (ED25519) to the list of known hosts. [ 70.845191][ T5764] cgroup: Unknown subsys name 'net' [ 70.984342][ T5764] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 71.680343][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.686990][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 72.663279][ T5764] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 74.225451][ T5785] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 74.234254][ T5785] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 74.243161][ T5785] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 74.251540][ T5785] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 74.259834][ T5785] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 74.264721][ T5788] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 74.267801][ T5785] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 74.277113][ T5788] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 74.283277][ T5785] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 74.289486][ T5788] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 74.296710][ T5785] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 74.303756][ T5788] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 74.317797][ T5788] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 74.325237][ T5788] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 74.326921][ T5790] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 74.334173][ T5788] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 74.341140][ T5790] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 74.354667][ T5788] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 74.355153][ T5790] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 74.362442][ T5788] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 74.370884][ T5790] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 74.378327][ T5788] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 74.392652][ T5788] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 74.400213][ T5788] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 74.918344][ T5779] chnl_net:caif_netlink_parms(): no params data found [ 74.942192][ T5776] chnl_net:caif_netlink_parms(): no params data found [ 74.988979][ T5777] chnl_net:caif_netlink_parms(): no params data found [ 75.046229][ T5778] chnl_net:caif_netlink_parms(): no params data found [ 75.148117][ T5779] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.155838][ T5779] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.163393][ T5779] bridge_slave_0: entered allmulticast mode [ 75.171104][ T5779] bridge_slave_0: entered promiscuous mode [ 75.212940][ T5779] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.220398][ T5779] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.227865][ T5779] bridge_slave_1: entered allmulticast mode [ 75.234702][ T5779] bridge_slave_1: entered promiscuous mode [ 75.242080][ T5776] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.251858][ T5776] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.259490][ T5776] bridge_slave_0: entered allmulticast mode [ 75.266657][ T5776] bridge_slave_0: entered promiscuous mode [ 75.274454][ T5776] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.282493][ T5776] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.290397][ T5776] bridge_slave_1: entered allmulticast mode [ 75.297976][ T5776] bridge_slave_1: entered promiscuous mode [ 75.369050][ T5776] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 75.391487][ T5776] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 75.411539][ T5778] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.419558][ T5778] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.427041][ T5778] bridge_slave_0: entered allmulticast mode [ 75.433896][ T5778] bridge_slave_0: entered promiscuous mode [ 75.443615][ T5778] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.450895][ T5778] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.458239][ T5778] bridge_slave_1: entered allmulticast mode [ 75.465411][ T5778] bridge_slave_1: entered promiscuous mode [ 75.472859][ T5777] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.480555][ T5777] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.488064][ T5777] bridge_slave_0: entered allmulticast mode [ 75.494814][ T5777] bridge_slave_0: entered promiscuous mode [ 75.515242][ T5779] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 75.532624][ T5777] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.542760][ T5777] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.550130][ T5777] bridge_slave_1: entered allmulticast mode [ 75.557210][ T5777] bridge_slave_1: entered promiscuous mode [ 75.585585][ T5779] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 75.609157][ T5778] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 75.621410][ T5776] team0: Port device team_slave_0 added [ 75.630753][ T5776] team0: Port device team_slave_1 added [ 75.652400][ T5777] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 75.672827][ T5778] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 75.706007][ T5777] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 75.739099][ T5779] team0: Port device team_slave_0 added [ 75.748350][ T5778] team0: Port device team_slave_0 added [ 75.775525][ T5779] team0: Port device team_slave_1 added [ 75.786009][ T5778] team0: Port device team_slave_1 added [ 75.792784][ T5776] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 75.802761][ T5776] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.831344][ T5776] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 75.865607][ T5777] team0: Port device team_slave_0 added [ 75.891875][ T5776] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 75.899006][ T5776] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.925592][ T5776] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 75.955052][ T5777] team0: Port device team_slave_1 added [ 75.983706][ T5778] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 75.991155][ T5778] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.018417][ T5778] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 76.031494][ T5779] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 76.038825][ T5779] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.065015][ T5779] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 76.090482][ T5778] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 76.097782][ T5778] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.123960][ T5778] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 76.142892][ T5777] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 76.150016][ T5777] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.176294][ T5777] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 76.189306][ T5777] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 76.196277][ T5777] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.222283][ T5777] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 76.236916][ T5779] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 76.243871][ T5779] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.270060][ T5779] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 76.355942][ T5776] hsr_slave_0: entered promiscuous mode [ 76.363203][ T5776] hsr_slave_1: entered promiscuous mode [ 76.387821][ T5779] hsr_slave_0: entered promiscuous mode [ 76.396331][ T5779] hsr_slave_1: entered promiscuous mode [ 76.397356][ T5788] Bluetooth: hci1: command tx timeout [ 76.409520][ T5779] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 76.417552][ T5779] Cannot create hsr debugfs directory [ 76.431280][ T5778] hsr_slave_0: entered promiscuous mode [ 76.437899][ T5778] hsr_slave_1: entered promiscuous mode [ 76.443954][ T5778] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 76.451913][ T5778] Cannot create hsr debugfs directory [ 76.476952][ T5788] Bluetooth: hci0: command tx timeout [ 76.491989][ T5788] Bluetooth: hci3: command tx timeout [ 76.492008][ T5783] Bluetooth: hci2: command tx timeout [ 76.561858][ T5777] hsr_slave_0: entered promiscuous mode [ 76.568945][ T5777] hsr_slave_1: entered promiscuous mode [ 76.575164][ T5777] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 76.583162][ T5777] Cannot create hsr debugfs directory [ 76.936884][ T5778] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 76.950576][ T5778] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 76.961820][ T5778] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 76.976300][ T5778] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 77.049777][ T5776] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 77.062617][ T5776] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 77.082186][ T5776] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 77.091980][ T5776] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 77.175620][ T5777] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 77.192315][ T5777] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 77.204285][ T5777] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 77.215437][ T5777] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 77.341810][ T5779] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 77.354598][ T5778] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.371746][ T5779] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 77.381921][ T5779] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 77.395405][ T5779] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 77.419977][ T5778] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.470098][ T2937] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.477461][ T2937] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.505211][ T156] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.512518][ T156] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.573132][ T5776] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.602638][ T5777] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.633879][ T5776] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.662735][ T5777] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.675628][ T2901] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.682760][ T2901] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.719343][ T2901] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.726577][ T2901] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.738846][ T2901] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.745956][ T2901] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.772960][ T2946] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.780164][ T2946] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.964749][ T5777] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 78.014216][ T5779] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.083560][ T5779] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.124681][ T156] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.131984][ T156] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.168565][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.175716][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.283079][ T5778] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.298813][ T5779] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 78.448076][ T5778] veth0_vlan: entered promiscuous mode [ 78.464433][ T5776] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.478336][ T5788] Bluetooth: hci1: command tx timeout [ 78.502497][ T5778] veth1_vlan: entered promiscuous mode [ 78.557573][ T5788] Bluetooth: hci3: command tx timeout [ 78.557960][ T5783] Bluetooth: hci0: command tx timeout [ 78.568861][ T5788] Bluetooth: hci2: command tx timeout [ 78.614663][ T5777] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.673895][ T5776] veth0_vlan: entered promiscuous mode [ 78.706189][ T5778] veth0_macvtap: entered promiscuous mode [ 78.719886][ T5776] veth1_vlan: entered promiscuous mode [ 78.732099][ T5778] veth1_macvtap: entered promiscuous mode [ 78.779425][ T5779] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.794625][ T5778] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 78.815423][ T5777] veth0_vlan: entered promiscuous mode [ 78.838792][ T5778] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 78.863900][ T5777] veth1_vlan: entered promiscuous mode [ 78.890602][ T5778] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.900408][ T5778] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.909911][ T5778] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.920736][ T5778] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.932202][ T5776] veth0_macvtap: entered promiscuous mode [ 78.959599][ T5776] veth1_macvtap: entered promiscuous mode [ 79.026318][ T5779] veth0_vlan: entered promiscuous mode [ 79.042230][ T5777] veth0_macvtap: entered promiscuous mode [ 79.073025][ T5779] veth1_vlan: entered promiscuous mode [ 79.083286][ T5776] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 79.094406][ T5776] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.107734][ T5776] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 79.127993][ T5777] veth1_macvtap: entered promiscuous mode [ 79.157280][ T1091] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.165358][ T1091] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.212292][ T5776] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 79.223129][ T5776] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.234845][ T5776] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 79.259853][ T5776] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.268748][ T5776] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.279297][ T5776] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.288543][ T5776] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.322636][ T5777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 79.336169][ T5777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.346278][ T5777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 79.357600][ T5777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.369716][ T5777] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 79.380664][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.391215][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.402878][ T5779] veth0_macvtap: entered promiscuous mode [ 79.421887][ T5777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 79.432993][ T5777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.443391][ T5777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 79.453920][ T5777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.465055][ T5777] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 79.474669][ T5779] veth1_macvtap: entered promiscuous mode [ 79.508719][ T5777] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.519511][ T5777] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.530916][ T5777] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.539876][ T5777] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.608646][ T5779] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 79.624711][ T5779] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.635271][ T5779] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 79.646076][ T5779] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.656566][ T5779] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 79.667599][ T5779] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.679706][ T5779] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 79.723278][ T156] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.734712][ T156] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.755610][ T5779] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 79.786837][ T5779] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.797518][ T5779] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 79.808437][ T5779] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.819560][ T5779] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 79.832591][ T5779] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.844970][ T5779] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 79.911398][ T5779] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.921873][ T5779] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.931414][ T5779] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.941782][ T5779] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.968810][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.012313][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.366556][ T5839] syz.0.1[5839]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 80.399484][ T5839] loop0: detected capacity change from 0 to 128 [ 80.556849][ T5783] Bluetooth: hci1: command tx timeout [ 81.069644][ T5839] loop0: detected capacity change from 0 to 1024 [ 81.336481][ T5783] Bluetooth: hci0: command tx timeout [ 81.342068][ T5783] Bluetooth: hci2: command tx timeout [ 81.348182][ T5783] Bluetooth: hci3: command tx timeout [ 81.826381][ C0] sched: RT throttling activated [ 82.636824][ T5788] Bluetooth: hci1: command tx timeout [ 82.854655][ T5839] fscrypt: Error allocating hmac(sha512): -2 [ 83.020823][ T1091] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.108673][ T1091] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.238409][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.255970][ T2946] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.274990][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.308259][ T2946] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.356589][ T5788] Bluetooth: hci3: command tx timeout [ 83.362157][ T5788] Bluetooth: hci2: command tx timeout [ 83.368058][ T5783] Bluetooth: hci0: command tx timeout [ 83.714999][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.747850][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.180742][ T5860] overlayfs: failed to clone upperpath [ 86.773753][ T5870] syz_tun: entered allmulticast mode [ 86.864694][ T5861] syz_tun: left allmulticast mode [ 87.620958][ T23] cfg80211: failed to load regulatory.db [ 89.069050][ T5881] loop0: detected capacity change from 0 to 256 [ 89.249017][ T5881] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 89.510575][ T5884] Zero length message leads to an empty skb [ 89.558515][ T156] Bluetooth: hci4: Frame reassembly failed (-84) [ 90.100132][ T5881] FAT-fs (loop0): Filesystem has been set read-only [ 90.147229][ T5881] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 90.171877][ T5886] netlink: 20 bytes leftover after parsing attributes in process `syz.1.10'. [ 90.183422][ T5881] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 90.214479][ T28] audit: type=1800 audit(1779003055.179:2): pid=5881 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.8" name="file1" dev="loop0" ino=1048592 res=0 errno=0 [ 90.217098][ T5881] syz.0.8 (5881) used greatest stack depth: 20464 bytes left [ 90.572061][ T5886] loop1: detected capacity change from 0 to 512 [ 90.909229][ T5886] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 92.078115][ T5788] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 92.239981][ T5886] EXT4-fs error (device loop1): ext4_orphan_get:1404: inode #15: comm syz.1.10: iget: bad i_size value: 38620345925642 [ 92.307363][ T5886] EXT4-fs error (device loop1): ext4_orphan_get:1409: comm syz.1.10: couldn't read orphan inode 15 (err -117) [ 92.367740][ T5886] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 92.663543][ T5905] loop0: detected capacity change from 0 to 1024 [ 92.672757][ T5905] ======================================================= [ 92.672757][ T5905] WARNING: The mand mount option has been deprecated and [ 92.672757][ T5905] and is ignored by this kernel. Remove the mand [ 92.672757][ T5905] option from the mount to silence this warning. [ 92.672757][ T5905] ======================================================= [ 92.707441][ T5906] EXT4-fs error (device loop1): ext4_validate_block_bitmap:430: comm syz.1.10: bg 0: block 5: invalid block bitmap [ 92.835087][ T5906] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 336 with error 28 [ 92.941200][ T5905] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 93.114099][ T5905] ext4 filesystem being mounted at /3/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 93.195640][ T5906] EXT4-fs (loop1): This should not happen!! Data will be lost [ 93.195640][ T5906] [ 93.395576][ T5906] EXT4-fs (loop1): Total free blocks count 0 [ 93.480065][ T5906] EXT4-fs (loop1): Free/Dirty block details [ 93.494480][ T5906] EXT4-fs (loop1): free_blocks=0 [ 93.505554][ T5906] EXT4-fs (loop1): dirty_blocks=340 [ 93.516494][ T5906] EXT4-fs (loop1): Block reservation details [ 93.524685][ T5906] EXT4-fs (loop1): i_reserved_data_blocks=340 [ 93.543287][ T5905] EXT4-fs error (device loop0): ext4_map_blocks:720: inode #15: comm syz.0.15: lblock 0 mapped to illegal pblock 0 (length 6) [ 93.570908][ T5905] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 6 with error 117 [ 93.613750][ T5905] EXT4-fs (loop0): This should not happen!! Data will be lost [ 93.613750][ T5905] [ 93.778163][ T156] EXT4-fs error (device loop0): ext4_map_blocks:720: inode #15: block 8: comm kworker/u4:6: lblock 8 mapped to illegal pblock 8 (length 8) [ 93.791325][ T5915] netlink: 32 bytes leftover after parsing attributes in process `syz.2.19'. [ 93.817425][ T5779] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 93.829530][ T156] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117 [ 93.845765][ T156] EXT4-fs (loop0): This should not happen!! Data will be lost [ 93.845765][ T156] [ 93.894170][ T5778] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 94.102730][ T5921] loop2: detected capacity change from 0 to 1024 [ 94.121236][ T5921] ext4: Unknown parameter 'uid' [ 94.349534][ T5769] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 94.866999][ T5932] autofs4:pid:5932:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(1.768), cmd(0xc0189375) [ 94.880432][ T5932] autofs4:pid:5932:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc0189375) [ 95.113787][ T5931] Invalid ELF header magic: != ELF [ 95.959700][ T5938] loop1: detected capacity change from 0 to 128 [ 96.507258][ T5955] binder_alloc: 5951: binder_alloc_buf, no vma [ 97.760924][ T5972] sctp: failed to load transform for md5: -2 [ 98.084360][ T5987] syzkaller0: entered promiscuous mode [ 98.096716][ T5987] syzkaller0: entered allmulticast mode [ 98.238063][ T5991] loop3: detected capacity change from 0 to 512 [ 98.271244][ T5991] EXT4-fs: inline encryption not supported [ 98.343525][ T5991] EXT4-fs error (device loop3): ext4_xattr_inode_iget:441: inode #11: comm syz.3.45: missing EA_INODE flag [ 98.592853][ T5991] EXT4-fs error (device loop3): ext4_xattr_inode_iget:446: comm syz.3.45: error while reading EA inode 11 err=-117 [ 98.690764][ T5991] EXT4-fs (loop3): 1 orphan inode deleted [ 98.734112][ T5991] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 98.975584][ T5777] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.328266][ T6011] syzkaller0: entered promiscuous mode [ 99.351525][ T6012] loop1: detected capacity change from 0 to 1024 [ 99.354248][ T6011] syzkaller0: entered allmulticast mode [ 99.429929][ T6012] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 99.448608][ T6012] ext4 filesystem being mounted at /10/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 99.536087][ T51] Bluetooth: hci2: failed to read key size for handle 0 [ 99.687938][ T5779] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 101.205069][ T6050] loop1: detected capacity change from 0 to 1024 [ 101.220419][ T6050] EXT4-fs (loop1): stripe (4) is not aligned with cluster size (4096), stripe is disabled [ 101.273636][ T6050] EXT4-fs error (device loop1): ext4_map_blocks:610: inode #3: block 2: comm syz.1.65: lblock 2 mapped to illegal pblock 2 (length 1) [ 101.293097][ T6050] Quota error (device loop1): qtree_write_dquot: dquota write failed [ 101.301434][ T6050] EXT4-fs error (device loop1): ext4_map_blocks:610: inode #3: block 48: comm syz.1.65: lblock 0 mapped to illegal pblock 48 (length 1) [ 101.319742][ T6050] Quota error (device loop1): v2_write_file_info: Can't write info structure [ 101.331410][ T6050] EXT4-fs error (device loop1): ext4_acquire_dquot:6953: comm syz.1.65: Failed to acquire dquot type 0 [ 101.389661][ T6050] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5939: Corrupt filesystem [ 101.401817][ T6050] EXT4-fs error (device loop1): ext4_evict_inode:254: inode #11: comm syz.1.65: mark_inode_dirty error [ 101.424299][ T6050] EXT4-fs warning (device loop1): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 101.436026][ T6050] EXT4-fs (loop1): 1 orphan inode deleted [ 101.443823][ T6050] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 101.575221][ T59] EXT4-fs error (device loop1): ext4_map_blocks:610: inode #3: block 1: comm kworker/u4:4: lblock 1 mapped to illegal pblock 1 (length 1) [ 101.613436][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 101.912386][ T59] Quota error (device loop1): remove_tree: Can't read quota data block 1 [ 102.150254][ T59] EXT4-fs error (device loop1): ext4_release_dquot:6989: comm kworker/u4:4: Failed to release dquot type 0 [ 103.239690][ T5779] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.264247][ T5779] EXT4-fs error (device loop1): __ext4_get_inode_loc:4496: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 103.303332][ T5779] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5939: Corrupt filesystem [ 103.413440][ T5779] EXT4-fs error (device loop1): ext4_quota_off:7237: inode #3: comm syz-executor: mark_inode_dirty error [ 103.551757][ T6083] loop2: detected capacity change from 0 to 256 [ 103.563198][ T6080] loop3: detected capacity change from 0 to 128 [ 103.669399][ T6083] FAT-fs (loop2): Directory bread(block 64) failed [ 103.811452][ T6083] FAT-fs (loop2): Directory bread(block 65) failed [ 103.917807][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 104.005936][ T6083] FAT-fs (loop2): Directory bread(block 66) failed [ 104.201305][ T6083] FAT-fs (loop2): Directory bread(block 67) failed [ 104.343449][ T6083] FAT-fs (loop2): Directory bread(block 68) failed [ 104.356514][ T6083] FAT-fs (loop2): Directory bread(block 69) failed [ 104.385544][ T6083] FAT-fs (loop2): Directory bread(block 70) failed [ 104.395563][ T6083] FAT-fs (loop2): Directory bread(block 71) failed [ 104.413182][ T6083] FAT-fs (loop2): Directory bread(block 72) failed [ 104.423140][ T6083] FAT-fs (loop2): Directory bread(block 73) failed [ 104.669512][ T6090] binder: BINDER_SET_CONTEXT_MGR already set [ 104.694263][ T6090] binder: 6089:6090 ioctl 4018620d 200000004a80 returned -16 [ 104.696711][ T6087] syzkaller0: entered promiscuous mode [ 104.766467][ T6087] syzkaller0: entered allmulticast mode [ 105.110429][ T6099] loop3: detected capacity change from 0 to 1024 [ 105.183358][ T6099] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 105.207739][ T6099] ext4 filesystem being mounted at /20/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 105.282689][ T6099] EXT4-fs error (device loop3): ext4_map_blocks:720: inode #15: comm syz.3.82: lblock 0 mapped to illegal pblock 0 (length 6) [ 105.319568][ T6099] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 6 with error 117 [ 105.335528][ T6099] EXT4-fs (loop3): This should not happen!! Data will be lost [ 105.335528][ T6099] [ 105.392239][ T2937] EXT4-fs error (device loop3): ext4_map_blocks:720: inode #15: block 8: comm kworker/u4:9: lblock 8 mapped to illegal pblock 8 (length 8) [ 105.410712][ T2937] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117 [ 105.423445][ T2937] EXT4-fs (loop3): This should not happen!! Data will be lost [ 105.423445][ T2937] [ 105.452667][ T5777] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 106.218945][ T6118] process 'syz.2.87' launched '/dev/fd/3' with NULL argv: empty string added [ 110.359116][ T6139] syzkaller0: entered promiscuous mode [ 110.364689][ T6139] syzkaller0: entered allmulticast mode [ 113.492148][ T6163] syzkaller0: entered promiscuous mode [ 113.526004][ T6163] syzkaller0: entered allmulticast mode [ 118.926145][ T6224] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 119.280853][ T5788] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 119.291586][ T5788] CPU: 1 PID: 5788 Comm: kworker/u5:5 Not tainted syzkaller #0 [ 119.299383][ T5788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 119.309570][ T5788] Workqueue: hci1 hci_rx_work [ 119.314317][ T5788] Call Trace: [ 119.317731][ T5788] [ 119.320712][ T5788] dump_stack_lvl+0x18c/0x250 [ 119.325552][ T5788] ? show_regs_print_info+0x20/0x20 [ 119.330890][ T5788] ? load_image+0x420/0x420 [ 119.335543][ T5788] sysfs_create_dir_ns+0x26e/0x2a0 [ 119.340749][ T5788] ? sysfs_warn_dup+0xa0/0xa0 [ 119.345560][ T5788] ? do_raw_spin_unlock+0x121/0x230 [ 119.350819][ T5788] kobject_add_internal+0x61c/0xcc0 [ 119.356088][ T5788] kobject_add+0x164/0x240 [ 119.360676][ T5788] ? __rwlock_init+0x150/0x150 [ 119.365505][ T5788] ? kobject_init+0x1e0/0x1e0 [ 119.370243][ T5788] ? _raw_spin_unlock+0x28/0x40 [ 119.375148][ T5788] ? get_device_parent+0x366/0x390 [ 119.380409][ T5788] device_add+0x408/0xc20 [ 119.384996][ T5788] hci_conn_add_sysfs+0xd5/0x1e0 [ 119.389992][ T5788] le_conn_complete_evt+0xf5d/0x1540 [ 119.395340][ T5788] ? hci_event_packet+0x4cb/0x1270 [ 119.400783][ T5788] ? hci_le_big_info_adv_report_evt+0x910/0x910 [ 119.407083][ T5788] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 119.412871][ T5788] ? skb_pull_data+0xfb/0x200 [ 119.417600][ T5788] hci_le_conn_complete_evt+0x187/0x440 [ 119.423200][ T5788] ? hci_remote_host_features_evt+0x150/0x150 [ 119.429328][ T5788] hci_event_packet+0x7ba/0x1270 [ 119.434409][ T5788] ? bis_list+0x290/0x290 [ 119.438793][ T5788] ? lockdep_hardirqs_on+0x98/0x150 [ 119.444300][ T5788] ? hci_send_to_monitor+0xd7/0x4f0 [ 119.446988][ T9] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 119.449520][ T5788] hci_rx_work+0x43a/0xd60 [ 119.449592][ T5788] ? process_scheduled_works+0x96f/0x15d0 [ 119.467406][ T5788] process_scheduled_works+0xa5d/0x15d0 [ 119.473037][ T5788] ? worker_attach_to_pool+0x380/0x380 [ 119.478553][ T5788] ? assign_work+0x3d2/0x5d0 [ 119.483194][ T5788] worker_thread+0xa55/0xfc0 [ 119.487984][ T5788] kthread+0x2fa/0x390 [ 119.492099][ T5788] ? pr_cont_work+0x560/0x560 [ 119.496832][ T5788] ? kthread_blkcg+0xd0/0xd0 [ 119.501553][ T5788] ret_from_fork+0x48/0x80 [ 119.506026][ T5788] ? kthread_blkcg+0xd0/0xd0 [ 119.510836][ T5788] ret_from_fork_asm+0x11/0x20 [ 119.515670][ T5788] [ 119.518906][ C1] vkms_vblank_simulate: vblank timer overrun [ 119.530702][ T5788] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 119.547030][ T5788] Bluetooth: hci1: failed to register connection device [ 119.666495][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 119.681762][ T9] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 119.710210][ T9] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 119.726540][ T9] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 119.734898][ T9] usb 4-1: Product: syz [ 119.739533][ T9] usb 4-1: Manufacturer: syz [ 119.744717][ T9] usb 4-1: SerialNumber: syz [ 119.758242][ T9] usb 4-1: config 0 descriptor?? [ 119.766266][ T6227] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 119.796556][ T9] hub 4-1:0.0: bad descriptor, ignoring hub [ 119.802720][ T9] hub: probe of 4-1:0.0 failed with error -5 [ 120.265214][ T6240] syzkaller0: entered promiscuous mode [ 120.275877][ T6240] syzkaller0: entered allmulticast mode [ 122.898581][ T5788] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 122.909664][ T5788] CPU: 0 PID: 5788 Comm: kworker/u5:5 Not tainted syzkaller #0 [ 122.917258][ T5788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 122.927526][ T5788] Workqueue: hci0 hci_rx_work [ 122.932268][ T5788] Call Trace: [ 122.935602][ T5788] [ 122.938910][ T5788] dump_stack_lvl+0x18c/0x250 [ 122.943649][ T5788] ? show_regs_print_info+0x20/0x20 [ 122.948890][ T5788] ? load_image+0x420/0x420 [ 122.953452][ T5788] sysfs_create_dir_ns+0x26e/0x2a0 [ 122.958686][ T5788] ? sysfs_warn_dup+0xa0/0xa0 [ 122.963537][ T5788] ? do_raw_spin_unlock+0x121/0x230 [ 122.968925][ T5788] kobject_add_internal+0x61c/0xcc0 [ 122.974173][ T5788] kobject_add+0x164/0x240 [ 122.978627][ T5788] ? __rwlock_init+0x150/0x150 [ 122.983553][ T5788] ? kobject_init+0x1e0/0x1e0 [ 122.988269][ T5788] ? _raw_spin_unlock+0x28/0x40 [ 122.993176][ T5788] ? get_device_parent+0x366/0x390 [ 122.998473][ T5788] device_add+0x408/0xc20 [ 123.002880][ T5788] hci_conn_add_sysfs+0xd5/0x1e0 [ 123.007859][ T5788] le_conn_complete_evt+0xf5d/0x1540 [ 123.013183][ T5788] ? hci_event_packet+0x4cb/0x1270 [ 123.018442][ T5788] ? hci_le_big_info_adv_report_evt+0x910/0x910 [ 123.024721][ T5788] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 123.030389][ T5788] ? skb_pull_data+0xfb/0x200 [ 123.035112][ T5788] hci_le_conn_complete_evt+0x187/0x440 [ 123.040703][ T5788] ? hci_remote_host_features_evt+0x150/0x150 [ 123.046810][ T5788] hci_event_packet+0x7ba/0x1270 [ 123.051983][ T5788] ? bis_list+0x290/0x290 [ 123.056357][ T5788] ? lockdep_hardirqs_on+0x98/0x150 [ 123.061598][ T5788] ? hci_send_to_monitor+0xd7/0x4f0 [ 123.066838][ T5788] hci_rx_work+0x43a/0xd60 [ 123.071315][ T5788] ? process_scheduled_works+0x96f/0x15d0 [ 123.077075][ T5788] process_scheduled_works+0xa5d/0x15d0 [ 123.082782][ T5788] ? worker_attach_to_pool+0x380/0x380 [ 123.088295][ T5788] ? assign_work+0x3d2/0x5d0 [ 123.092928][ T5788] worker_thread+0xa55/0xfc0 [ 123.097594][ T5788] kthread+0x2fa/0x390 [ 123.101698][ T5788] ? pr_cont_work+0x560/0x560 [ 123.106429][ T5788] ? kthread_blkcg+0xd0/0xd0 [ 123.111089][ T5788] ret_from_fork+0x48/0x80 [ 123.115554][ T5788] ? kthread_blkcg+0xd0/0xd0 [ 123.120196][ T5788] ret_from_fork_asm+0x11/0x20 [ 123.125155][ T5788] [ 123.138180][ T5788] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 123.153193][ T5788] Bluetooth: hci0: failed to register connection device [ 123.794827][ T6285] syzkaller0: entered promiscuous mode [ 123.800549][ T6285] syzkaller0: entered allmulticast mode [ 123.812254][ T6286] syzkaller0: entered promiscuous mode [ 123.818566][ T6286] syzkaller0: entered allmulticast mode [ 125.306704][ T788] usb 4-1: USB disconnect, device number 2 [ 128.141812][ T6331] syzkaller0: entered promiscuous mode [ 128.180538][ T6331] syzkaller0: entered allmulticast mode [ 128.329782][ T5788] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 129.256190][ T6344] loop1: detected capacity change from 0 to 1024 [ 129.321482][ T6344] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 129.394696][ T51] Bluetooth: hci2: unexpected event for opcode 0x1408 [ 129.468726][ T5779] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 130.995991][ T6381] loop1: detected capacity change from 0 to 1024 [ 131.051120][ T6381] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 131.084534][ T51] Bluetooth: hci2: unexpected event for opcode 0x1408 [ 131.190796][ T5779] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 131.764537][ T51] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 131.793714][ T6396] loop1: detected capacity change from 0 to 1024 [ 131.817217][ T6396] ext4: Unknown parameter 'uid' [ 133.127763][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.134940][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.564951][ T6411] loop0: detected capacity change from 0 to 1024 [ 133.651946][ T6411] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 133.727543][ T5778] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 134.204003][ T6422] loop2: detected capacity change from 0 to 1024 [ 134.233269][ T6422] ext4: Unknown parameter 'uid' [ 135.814161][ T51] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 135.831201][ T6440] syzkaller0: entered promiscuous mode [ 135.847648][ T6440] syzkaller0: entered allmulticast mode [ 135.918186][ T6452] loop1: detected capacity change from 0 to 1024 [ 135.958881][ T6452] ext4: Unknown parameter 'uid' [ 140.207392][ T6493] overlayfs: failed to verify origin (file0/file1, ino=353, err=-116) [ 140.216771][ T6493] overlayfs: failed to verify upper root origin [ 140.857796][ T5788] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 140.867938][ T5788] CPU: 0 PID: 5788 Comm: kworker/u5:5 Not tainted syzkaller #0 [ 140.875532][ T5788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 140.885614][ T5788] Workqueue: hci3 hci_rx_work [ 140.890517][ T5788] Call Trace: [ 140.893896][ T5788] [ 140.896846][ T5788] dump_stack_lvl+0x18c/0x250 [ 140.901554][ T5788] ? show_regs_print_info+0x20/0x20 [ 140.906779][ T5788] ? load_image+0x420/0x420 [ 140.911310][ T5788] sysfs_create_dir_ns+0x26e/0x2a0 [ 140.916447][ T5788] ? sysfs_warn_dup+0xa0/0xa0 [ 140.921320][ T5788] ? do_raw_spin_unlock+0x121/0x230 [ 140.926650][ T5788] kobject_add_internal+0x61c/0xcc0 [ 140.931883][ T5788] kobject_add+0x164/0x240 [ 140.936319][ T5788] ? __rwlock_init+0x150/0x150 [ 140.941109][ T5788] ? kobject_init+0x1e0/0x1e0 [ 140.945800][ T5788] ? _raw_spin_unlock+0x28/0x40 [ 140.950680][ T5788] ? get_device_parent+0x366/0x390 [ 140.955897][ T5788] device_add+0x408/0xc20 [ 140.960248][ T5788] hci_conn_add_sysfs+0xd5/0x1e0 [ 140.965206][ T5788] le_conn_complete_evt+0xf5d/0x1540 [ 140.970585][ T5788] ? hci_event_packet+0x4cb/0x1270 [ 140.975744][ T5788] ? hci_le_big_info_adv_report_evt+0x910/0x910 [ 140.982009][ T5788] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 140.987663][ T5788] ? skb_pull_data+0xfb/0x200 [ 140.992363][ T5788] hci_le_conn_complete_evt+0x187/0x440 [ 140.998203][ T5788] ? hci_remote_host_features_evt+0x150/0x150 [ 141.004376][ T5788] hci_event_packet+0x7ba/0x1270 [ 141.009545][ T5788] ? bis_list+0x290/0x290 [ 141.013976][ T5788] ? lockdep_hardirqs_on+0x98/0x150 [ 141.019192][ T5788] ? hci_send_to_monitor+0xd7/0x4f0 [ 141.024413][ T5788] hci_rx_work+0x43a/0xd60 [ 141.028863][ T5788] ? process_scheduled_works+0x96f/0x15d0 [ 141.034600][ T5788] process_scheduled_works+0xa5d/0x15d0 [ 141.040191][ T5788] ? worker_attach_to_pool+0x380/0x380 [ 141.045688][ T5788] ? assign_work+0x3d2/0x5d0 [ 141.050297][ T5788] worker_thread+0xa55/0xfc0 [ 141.054929][ T5788] kthread+0x2fa/0x390 [ 141.059014][ T5788] ? pr_cont_work+0x560/0x560 [ 141.063707][ T5788] ? kthread_blkcg+0xd0/0xd0 [ 141.068310][ T5788] ret_from_fork+0x48/0x80 [ 141.072826][ T5788] ? kthread_blkcg+0xd0/0xd0 [ 141.077434][ T5788] ret_from_fork_asm+0x11/0x20 [ 141.082237][ T5788] [ 141.088362][ T5788] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 141.102945][ T5788] Bluetooth: hci3: failed to register connection device [ 142.233511][ T6514] loop0: detected capacity change from 0 to 1024 [ 142.289512][ T6514] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 142.551020][ T5778] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 142.624940][ T6521] syzkaller0: entered promiscuous mode [ 142.658187][ T6521] syzkaller0: entered allmulticast mode [ 142.890284][ T6532] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.228'. [ 143.500251][ T51] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 147.740138][ T6551] loop2: detected capacity change from 0 to 1024 [ 147.869765][ T6551] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 148.176953][ T5776] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 148.994199][ T5788] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 149.062934][ T6575] syzkaller0: entered promiscuous mode [ 149.075531][ T6575] syzkaller0: entered allmulticast mode [ 149.082942][ T6584] loop1: detected capacity change from 0 to 1024 [ 149.175563][ T6584] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 149.408626][ T5779] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 153.317434][ T6616] binder_alloc: 6615: binder_alloc_buf, no vma [ 154.904100][ T6630] loop3: detected capacity change from 0 to 1024 [ 154.991074][ T6630] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 155.136591][ T6635] EXT4-fs error (device loop3): ext4_validate_block_bitmap:439: comm ext4lazyinit: bg 0: block 112: padding at end of block bitmap is not set [ 155.227911][ T5777] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 156.326830][ T5788] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 156.783236][ T6656] syzkaller0: entered promiscuous mode [ 156.790674][ T6656] syzkaller0: entered allmulticast mode [ 157.011278][ T6662] loop2: detected capacity change from 0 to 1024 [ 157.101899][ T6662] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 157.181285][ T6662] EXT4-fs error (device loop2): ext4_map_blocks:720: inode #15: comm syz.2.272: lblock 0 mapped to illegal pblock 0 (length 6) [ 157.259322][ T6662] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 6 with error 117 [ 157.286665][ T6662] EXT4-fs (loop2): This should not happen!! Data will be lost [ 157.286665][ T6662] [ 157.389950][ T2946] EXT4-fs error (device loop2): ext4_map_blocks:720: inode #15: block 8: comm kworker/u4:10: lblock 8 mapped to illegal pblock 8 (length 8) [ 157.427970][ T2946] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117 [ 157.466565][ T2946] EXT4-fs (loop2): This should not happen!! Data will be lost [ 157.466565][ T2946] [ 157.503122][ T5776] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 160.197575][ T6692] binder: 6691:6692 ioctl c0306201 0 returned -14 [ 161.845497][ T6713] syzkaller0: entered promiscuous mode [ 161.852389][ T6713] syzkaller0: entered allmulticast mode [ 161.933638][ T5788] Bluetooth: hci2: unexpected event for opcode 0x0000 [ 161.941442][ T5788] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 162.174484][ T6720] syzkaller0: entered promiscuous mode [ 162.193406][ T6720] syzkaller0: entered allmulticast mode [ 164.167301][ T5788] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 164.183183][ T5788] Bluetooth: hci0: Injecting HCI hardware error event [ 164.193498][ T51] Bluetooth: hci0: hardware error 0x00 [ 165.610764][ T6760] syzkaller0: entered promiscuous mode [ 165.628661][ T6760] syzkaller0: entered allmulticast mode [ 165.928138][ T6767] netlink: 40 bytes leftover after parsing attributes in process `syz.0.302'. [ 165.996512][ T5788] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 166.006771][ T5788] Bluetooth: hci2: Injecting HCI hardware error event [ 166.015064][ T5783] Bluetooth: hci2: hardware error 0x00 [ 166.155301][ T6771] syzkaller0: entered promiscuous mode [ 166.161278][ T6771] syzkaller0: entered allmulticast mode [ 166.236535][ T51] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 166.286810][ T6776] netlink: 12 bytes leftover after parsing attributes in process `syz.2.306'. [ 166.298955][ T6774] loop0: detected capacity change from 0 to 1024 [ 166.341248][ T6776] netlink: 32 bytes leftover after parsing attributes in process `syz.2.306'. [ 166.581723][ T6774] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 166.841859][ T5778] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 167.125212][ T6792] binder: BINDER_SET_CONTEXT_MGR already set [ 167.145199][ T6792] binder: 6791:6792 ioctl 4018620d 2000000003c0 returned -16 [ 168.086500][ T5783] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 169.030852][ T6806] netlink: 12 bytes leftover after parsing attributes in process `syz.0.315'. [ 169.048634][ T6806] netlink: 32 bytes leftover after parsing attributes in process `syz.0.315'. [ 169.153500][ T6808] loop0: detected capacity change from 0 to 1024 [ 169.193976][ T6808] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 169.282988][ T5778] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 169.666879][ T6804] netlink: 40 bytes leftover after parsing attributes in process `syz.1.314'. [ 169.836198][ T6820] loop2: detected capacity change from 0 to 1024 [ 169.882546][ T6820] ext4: Unknown parameter 'uid' [ 169.919712][ T5767] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 170.086534][ T6827] netlink: 32 bytes leftover after parsing attributes in process `syz.3.324'. [ 170.365780][ T6830] loop3: detected capacity change from 0 to 1024 [ 170.488302][ T6830] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 170.739103][ T5777] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 171.419539][ T6848] netlink: 32 bytes leftover after parsing attributes in process `syz.2.331'. [ 172.156870][ T6857] netlink: 32 bytes leftover after parsing attributes in process `syz.2.333'. [ 172.172420][ T6851] syzkaller0: entered promiscuous mode [ 172.186602][ T6851] syzkaller0: entered allmulticast mode [ 174.315862][ T6877] loop0: detected capacity change from 0 to 1024 [ 174.557557][ T6883] netlink: 32 bytes leftover after parsing attributes in process `syz.3.342'. [ 174.582542][ T6877] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 174.621489][ T6885] netlink: 32 bytes leftover after parsing attributes in process `syz.1.343'. [ 175.402120][ T5778] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 175.857111][ T6902] syzkaller0: entered promiscuous mode [ 175.874344][ T6902] syzkaller0: entered allmulticast mode [ 176.445069][ T6924] loop1: detected capacity change from 0 to 512 [ 176.518849][ T6924] EXT4-fs error (device loop1): ext4_orphan_get:1404: inode #15: comm syz.1.352: inode has both inline data and extents flags [ 176.529759][ T6926] loop3: detected capacity change from 0 to 1024 [ 176.532876][ T6924] EXT4-fs error (device loop1): ext4_orphan_get:1409: comm syz.1.352: couldn't read orphan inode 15 (err -117) [ 176.555321][ T6924] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 176.592238][ T6924] EXT4-fs error (device loop1): ext4_lookup:1858: inode #15: comm syz.1.352: inode has both inline data and extents flags [ 176.702442][ T6926] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 176.999550][ T5777] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 177.395497][ T5779] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 177.533114][ T6936] loop3: detected capacity change from 0 to 512 [ 177.565681][ T6938] netlink: 32 bytes leftover after parsing attributes in process `syz.1.355'. [ 177.661020][ T6936] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 178.733016][ T5777] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 178.830753][ T6959] loop3: detected capacity change from 0 to 512 [ 178.862427][ T6959] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 178.915683][ T6959] EXT4-fs error (device loop3): __ext4_find_entry:1696: inode #2: comm syz.3.357: checksumming directory block 0 [ 178.966224][ T5777] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 179.173004][ T6965] 9pnet_fd: Insufficient options for proto=fd [ 179.992084][ T6974] loop2: detected capacity change from 0 to 1024 [ 180.099458][ T6979] netlink: 32 bytes leftover after parsing attributes in process `syz.0.364'. [ 180.100437][ T6974] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 180.413536][ T5776] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 180.995577][ T6989] loop3: detected capacity change from 0 to 1024 [ 181.032426][ T6989] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 181.726940][ T6989] EXT4-fs error (device loop3): ext4_map_blocks:720: inode #15: comm syz.3.367: lblock 0 mapped to illegal pblock 0 (length 6) [ 181.803994][ T6989] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 6 with error 117 [ 181.870549][ T6989] EXT4-fs (loop3): This should not happen!! Data will be lost [ 181.870549][ T6989] [ 182.758128][ T59] EXT4-fs error (device loop3): ext4_map_blocks:720: inode #15: block 8: comm kworker/u4:4: lblock 8 mapped to illegal pblock 8 (length 8) [ 182.814740][ T59] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117 [ 182.828046][ T59] EXT4-fs (loop3): This should not happen!! Data will be lost [ 182.828046][ T59] [ 182.859199][ T5777] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 182.888723][ T7007] netlink: 32 bytes leftover after parsing attributes in process `syz.0.373'. [ 182.997456][ T7002] syzkaller0: entered promiscuous mode [ 183.003451][ T7002] syzkaller0: entered allmulticast mode [ 183.061683][ T7016] loop3: detected capacity change from 0 to 512 [ 183.125075][ T7016] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 183.678628][ T6886] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 185.893556][ T7033] binder: 7032:7033 ioctl 4018620d 0 returned -22 [ 185.959521][ T7035] netlink: 32 bytes leftover after parsing attributes in process `syz.1.379'. [ 186.037489][ T7012] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 186.157688][ T5777] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 186.293892][ T7043] netlink: 32 bytes leftover after parsing attributes in process `syz.2.382'. [ 186.361392][ T7045] loop3: detected capacity change from 0 to 1024 [ 186.447923][ T7045] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 186.580677][ T7056] binder: 7055:7056 ioctl 4018620d 0 returned -22 [ 186.823562][ T5777] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 186.841569][ T7064] loop1: detected capacity change from 0 to 512 [ 186.935649][ T7064] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 187.042715][ T7069] netlink: 32 bytes leftover after parsing attributes in process `syz.3.390'. [ 187.163911][ T5779] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 187.479035][ T7077] netlink: 32 bytes leftover after parsing attributes in process `syz.3.394'. [ 187.551779][ T7081] binder: 7079:7081 ioctl c0306201 0 returned -14 [ 187.726760][ T5783] Bluetooth: hci1: SCO packet for unknown connection handle 0 [ 189.015561][ T7094] loop2: detected capacity change from 0 to 512 [ 189.182253][ T7094] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 189.197171][ T7098] netlink: 8 bytes leftover after parsing attributes in process `syz.3.403'. [ 189.326874][ T7101] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 189.462048][ T7071] loop0: detected capacity change from 0 to 128 [ 189.499500][ T7071] UBIFS error (pid: 7071): cannot open "/dev/loop0", error -22 [ 189.539084][ T5776] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 189.614037][ T7106] binder: 7105:7106 ioctl c0306201 0 returned -14 [ 189.763655][ T7109] netlink: 32 bytes leftover after parsing attributes in process `syz.2.406'. [ 190.132973][ T7116] loop2: detected capacity change from 0 to 512 [ 190.211569][ T7116] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 190.286959][ T7119] loop1: detected capacity change from 0 to 512 [ 190.294615][ T7117] loop3: detected capacity change from 0 to 4096 [ 190.323327][ T7116] EXT4-fs warning (device loop2): ext4_update_dynamic_rev:1154: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 190.324950][ T7117] EXT4-fs: inline encryption not supported [ 190.368150][ T7116] EXT4-fs error (device loop2): ext4_validate_block_bitmap:439: comm syz.2.409: bg 0: block 248: padding at end of block bitmap is not set [ 190.483571][ T7116] Quota error (device loop2): write_blk: dquota write failed [ 190.498157][ T7117] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 190.527712][ T7116] Quota error (device loop2): qtree_write_dquot: Error -28 occurred while creating quota [ 190.543332][ T7117] EXT4-fs (loop3): Test dummy encryption mode enabled [ 190.606526][ T7116] EXT4-fs error (device loop2): ext4_acquire_dquot:6953: comm syz.2.409: Failed to acquire dquot type 1 [ 190.621256][ T7117] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=8842c1a8, mo2=0003] [ 190.634067][ T7117] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 190.926173][ T7116] EXT4-fs (loop2): 1 truncate cleaned up [ 191.187434][ T7116] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0008-000000000000 r/w without journal. Quota mode: writeback. [ 191.212778][ T7128] loop0: detected capacity change from 0 to 1024 [ 191.378073][ T7128] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 192.129602][ T7141] EXT4-fs error (device loop2): ext4_lookup:1862: inode #2: comm syz.2.409: deleted inode referenced: 12 [ 192.375290][ T7142] EXT4-fs error (device loop2): ext4_lookup:1862: inode #2: comm syz.2.409: deleted inode referenced: 12 [ 192.484569][ T7144] loop1: detected capacity change from 0 to 512 [ 192.602966][ T7144] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 192.830763][ T5777] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 192.847319][ T5778] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 193.058153][ T5779] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 193.154343][ T7148] netlink: 32 bytes leftover after parsing attributes in process `syz.0.416'. [ 193.271724][ T7150] binder: 7149:7150 ioctl c0306201 0 returned -14 [ 193.963892][ T7152] syzkaller0: entered promiscuous mode [ 193.975211][ T5776] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0008-000000000000. [ 193.987156][ T7152] syzkaller0: entered allmulticast mode [ 194.563928][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.575924][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.712249][ T7173] loop3: detected capacity change from 0 to 512 [ 194.745136][ T7173] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 194.833045][ T7178] loop2: detected capacity change from 0 to 1024 [ 194.925078][ T7178] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 195.026882][ T5776] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 195.205157][ T7182] netlink: 32 bytes leftover after parsing attributes in process `syz.2.426'. [ 196.660382][ T5786] Bluetooth: hci1: command 0x0406 tx timeout [ 196.760223][ T5788] Bluetooth: hci3: command 0x0406 tx timeout [ 197.722727][ T5777] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 198.116710][ T7202] loop3: detected capacity change from 0 to 1024 [ 198.151373][ T7202] ext4: Unknown parameter 'uid' [ 198.913656][ T7214] netlink: 32 bytes leftover after parsing attributes in process `syz.1.435'. [ 199.317733][ T7221] loop1: detected capacity change from 0 to 512 [ 199.330322][ T51] Bluetooth: hci1: SCO packet for unknown connection handle 0 [ 199.401753][ T7221] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 199.514742][ T7228] syzkaller0: entered promiscuous mode [ 199.522443][ T7228] syzkaller0: entered allmulticast mode [ 199.610289][ T5779] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 200.303851][ T7234] loop2: detected capacity change from 0 to 1024 [ 200.314328][ T7234] ext4: Unknown parameter 'uid' [ 202.064213][ T7259] loop2: detected capacity change from 0 to 512 [ 202.141226][ T7259] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 202.513395][ T5776] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 202.679585][ T51] Bluetooth: hci1: SCO packet for unknown connection handle 0 [ 202.950707][ T7269] loop0: detected capacity change from 0 to 1024 [ 202.991097][ T7269] ext4: Unknown parameter 'uid' [ 204.454428][ T7284] loop1: detected capacity change from 0 to 512 [ 204.462151][ T7284] EXT4-fs: Ignoring removed mblk_io_submit option [ 204.468729][ T7284] EXT4-fs: inline encryption not supported [ 204.474571][ T7284] EXT4-fs: Ignoring removed mblk_io_submit option [ 204.481156][ T7284] EXT4-fs: Ignoring removed mblk_io_submit option [ 204.727557][ T7284] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 204.740899][ T7284] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 204.809304][ T7284] EXT4-fs (loop1): 1 truncate cleaned up [ 204.824253][ T7284] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 205.567844][ T7290] loop0: detected capacity change from 0 to 512 [ 205.675564][ T7290] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 206.221869][ T7297] syzkaller0: entered promiscuous mode [ 206.231554][ T7297] syzkaller0: entered allmulticast mode [ 206.542637][ T5778] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 206.588068][ T5779] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 206.950484][ T7307] loop1: detected capacity change from 0 to 1024 [ 206.987484][ T7307] ext4: Unknown parameter 'uid' [ 207.036363][ T51] Bluetooth: hci3: SCO packet for unknown connection handle 0 [ 207.470485][ T7318] loop1: detected capacity change from 0 to 512 [ 207.490805][ T7318] EXT4-fs: Ignoring removed i_version option [ 207.509833][ T7318] EXT4-fs: Ignoring removed nobh option [ 207.529893][ T7318] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 207.558412][ T7318] EXT4-fs (loop1): 1 truncate cleaned up [ 207.582433][ T7318] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 208.644377][ T5779] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 208.761475][ T7325] loop1: detected capacity change from 0 to 512 [ 208.810018][ T7325] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 210.421455][ T5779] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 210.644148][ T7348] loop1: detected capacity change from 0 to 1024 [ 210.667511][ T7348] ext4: Unknown parameter 'uid' [ 210.734695][ T5771] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 211.840766][ T51] Bluetooth: hci1: SCO packet for unknown connection handle 0 [ 211.943299][ T7356] loop1: detected capacity change from 0 to 8192 [ 214.035928][ T7369] loop0: detected capacity change from 0 to 512 [ 214.165024][ T7369] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 214.449079][ T7371] syzkaller0: entered promiscuous mode [ 214.485574][ T7371] syzkaller0: entered allmulticast mode [ 214.718834][ T5778] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 216.285102][ T7393] loop1: detected capacity change from 0 to 1024 [ 216.293951][ T7393] ext4: Unknown parameter 'uid' [ 217.448702][ T7397] binder: 7396:7397 ioctl c0306201 0 returned -14 [ 219.096648][ T51] Bluetooth: hci1: SCO packet for unknown connection handle 0 [ 220.786241][ T7422] loop2: detected capacity change from 0 to 1024 [ 220.857123][ T7422] ext4: Unknown parameter 'uid' [ 222.872038][ T7438] syzkaller0: entered promiscuous mode [ 222.877642][ T7438] syzkaller0: entered allmulticast mode [ 223.940259][ T7450] loop1: detected capacity change from 0 to 1024 [ 224.000164][ T7450] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 224.048294][ T7450] EXT4-fs error (device loop1): ext4_map_blocks:720: inode #15: comm syz.1.506: lblock 0 mapped to illegal pblock 0 (length 6) [ 224.066862][ T7450] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 6 with error 117 [ 224.086824][ T7450] EXT4-fs (loop1): This should not happen!! Data will be lost [ 224.086824][ T7450] [ 224.138073][ T11] EXT4-fs error (device loop1): ext4_map_blocks:720: inode #15: block 8: comm kworker/u4:0: lblock 8 mapped to illegal pblock 8 (length 8) [ 224.156617][ T11] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117 [ 224.174312][ T11] EXT4-fs (loop1): This should not happen!! Data will be lost [ 224.174312][ T11] [ 224.201516][ T5779] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 226.822693][ T7461] loop0: detected capacity change from 0 to 128 [ 227.049216][ T7468] loop0: detected capacity change from 0 to 1024 [ 227.071917][ T7468] ext4: Unknown parameter 'uid' [ 227.198169][ T5767] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 227.343988][ C1] Unknown status report in ack skb [ 227.381055][ T7470] input: syz1 as /devices/virtual/input/input5 [ 228.586851][ T51] Bluetooth: hci1: SCO packet for unknown connection handle 0 [ 231.179743][ T51] Bluetooth: hci3: SCO packet for unknown connection handle 0 [ 231.931668][ T7524] loop0: detected capacity change from 0 to 128 [ 232.304063][ T7527] loop3: detected capacity change from 0 to 512 [ 232.394912][ T7527] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 232.594698][ T7529] loop0: detected capacity change from 0 to 1024 [ 232.633617][ T7529] ext4: Unknown parameter 'uid' [ 232.694748][ T5771] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 232.859858][ T5777] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 233.878360][ T7547] netlink: 'syz.3.532': attribute type 30 has an invalid length. [ 233.957904][ T7547] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 233.967342][ T7547] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 233.976139][ T7547] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 233.984935][ T7547] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 234.083056][ T7547] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 234.092103][ T7547] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 234.101681][ T7547] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 234.110715][ T7547] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 234.258289][ T7547] netlink: 'syz.3.532': attribute type 30 has an invalid length. [ 234.265610][ T7553] loop2: detected capacity change from 0 to 128 [ 234.289718][ T7547] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 234.298600][ T7547] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 234.307831][ T7547] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 234.317042][ T7547] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 234.363408][ T7547] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 234.372443][ T7547] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 234.381465][ T7547] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 234.390441][ T7547] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 235.152957][ T7563] loop1: detected capacity change from 0 to 512 [ 235.207651][ T7563] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 235.600358][ T7532] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 235.821357][ T5779] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 235.977070][ T7571] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.543'. [ 236.275480][ T7575] loop0: detected capacity change from 0 to 128 [ 237.652729][ T7584] loop3: detected capacity change from 0 to 1024 [ 237.739857][ T7588] wg1: entered promiscuous mode [ 238.033011][ T7584] ext4: Unknown parameter 'uid' [ 238.175254][ T7588] team0: Device wg1 is of different type [ 239.365206][ T7601] loop1: detected capacity change from 0 to 512 [ 239.518027][ T7601] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 239.988033][ T5779] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 242.905470][ C0] ------------[ cut here ]------------ [ 242.911096][ T2937] ------------[ cut here ]------------ [ 242.916636][ C0] WARNING: CPU: 0 PID: 7624 at net/mac80211/tx.c:5033 __ieee80211_beacon_get+0x1233/0x1600 [ 242.916687][ C0] Modules linked in: [ 242.916702][ C0] CPU: 0 PID: 7624 Comm: syz.2.557 Not tainted syzkaller #0 [ 242.916722][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 242.916733][ C0] RIP: 0010:__ieee80211_beacon_get+0x1233/0x1600 [ 242.916762][ C0] Code: 24 4c 89 e7 e8 0e 75 c0 f7 45 31 f6 4c 8b bc 24 a0 00 00 00 e9 7a fe ff ff e8 09 b3 82 f7 0f 0b e9 f6 f7 ff ff e8 fd b2 82 f7 <0f> 0b e9 48 fb ff ff e8 f1 b2 82 f7 48 c7 c7 20 89 64 8e 4c 89 e6 [ 242.916778][ C0] RSP: 0018:ffffc90000007a18 EFLAGS: 00010246 [ 242.916798][ C0] RAX: ffffffff8a047053 RBX: ffffffff8a045e56 RCX: ffff88802c7abc00 [ 242.916815][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 242.916828][ C0] RBP: 0000000000000000 R08: ffff88802c7abc00 R09: 0000000000000003 [ 242.926981][ T2937] WARNING: CPU: 1 PID: 2937 at net/mac80211/chan.c:92 ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 242.930868][ C0] R10: 0000000000000007 R11: 0000000000000100 R12: ffff88805d9e63c0 [ 242.938177][ T2937] Modules linked in: [ 242.938196][ T2937] CPU: 1 PID: 2937 Comm: kworker/u4:9 Not tainted syzkaller #0 [ 242.948265][ C0] R13: dffffc0000000000 R14: ffff88805d9e68b0 R15: ffff88805e398c24 [ 242.948282][ C0] FS: 00007f671a7186c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 242.948301][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 242.954617][ T2937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 242.974278][ C0] CR2: 0000200000888030 CR3: 0000000076628000 CR4: 00000000003506f0 [ 242.974308][ C0] Call Trace: [ 242.974316][ C0] [ 242.974329][ C0] ? __ieee80211_beacon_get+0x36/0x1600 [ 242.974368][ C0] ieee80211_beacon_get_tim+0xbf/0x580 [ 242.974398][ C0] ? ieee80211_beacon_get_template_ema_list+0x90/0x90 [ 242.974436][ C0] mac80211_hwsim_beacon_tx+0x3c7/0x780 [ 242.974469][ C0] __iterate_interfaces+0x243/0x500 [ 242.974498][ C0] ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0 [ 242.974520][ C0] ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180 [ 242.974550][ C0] ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0 [ 242.980890][ T2937] Workqueue: phy5 ieee80211_csa_finalize_work [ 242.988682][ C0] ieee80211_iterate_active_interfaces_atomic+0xdb/0x180 [ 242.996803][ T2937] [ 243.004698][ C0] mac80211_hwsim_beacon+0xbb/0x1b0 [ 243.016115][ T2937] RIP: 0010:ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 243.023656][ C0] __hrtimer_run_queues+0x520/0xc40 [ 243.023680][ C0] ? ktime_get_update_offsets_now+0x99/0x3f0 [ 243.023708][ C0] ? hw_scan_work+0xf60/0xf60 [ 243.023737][ C0] ? hrtimer_interrupt+0x9c0/0x9c0 [ 243.023759][ C0] ? ktime_get_update_offsets_now+0x3d2/0x3f0 [ 243.027683][ T2937] Code: 48 89 df e8 3a 3e d6 f7 e9 dc fc ff ff e8 20 07 7e f7 eb 24 e8 19 07 7e f7 c7 04 24 f4 ff ff ff e9 e4 f5 ff ff e8 08 07 7e f7 <0f> 0b 0f 0b e9 cf f5 ff ff e8 fa 06 7e f7 48 8b 7c 24 08 4c 8b 7c [ 243.035237][ C0] hrtimer_run_softirq+0x187/0x2b0 [ 243.043592][ T2937] RSP: 0018:ffffc9000be679c0 EFLAGS: 00010293 [ 243.052191][ C0] handle_softirqs+0x280/0x820 [ 243.052222][ C0] ? __irq_exit_rcu+0xd3/0x190 [ 243.058827][ T2937] [ 243.058837][ T2937] RAX: ffffffff8a09184e RBX: 0000000000000001 RCX: ffff88802be45a00 [ 243.068922][ C0] ? do_softirq+0x1a0/0x1a0 [ 243.068963][ C0] __irq_exit_rcu+0xd3/0x190 [ 243.076947][ T2937] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 243.076963][ T2937] RBP: dffffc0000000000 R08: ffff88805d9e55af R09: 1ffff1100bb3cab5 [ 243.080239][ C0] ? irq_exit_rcu+0x20/0x20 [ 243.083078][ T2937] R10: dffffc0000000000 R11: ffffed100bb3cab6 R12: 0000000000000001 [ 243.088652][ C0] irq_exit_rcu+0x9/0x20 [ 243.088674][ C0] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 243.094121][ T2937] R13: ffff88805d9e65d9 R14: ffff88807f762c70 R15: ffff88807f762ce8 [ 243.100903][ C0] [ 243.106491][ T2937] FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 243.111647][ C0] [ 243.111658][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 243.111682][ C0] RIP: 0010:lock_release+0x594/0x8c0 [ 243.111706][ C0] Code: 00 00 00 f7 84 24 80 00 00 00 00 02 00 00 43 c6 44 2f 04 f8 75 70 f7 44 24 50 00 02 00 00 74 01 fb 48 c7 44 24 60 0e 36 e0 45 <4b> c7 04 2f 00 00 00 00 43 c7 44 2f 08 00 00 00 00 65 48 8b 04 25 [ 243.111722][ C0] RSP: 0018:ffffc9000be0f940 EFLAGS: 00000206 [ 243.111744][ C0] RAX: 0000000000000001 RBX: ffffffffffffffff RCX: b62e9429030f1300 [ 243.111758][ C0] RDX: 0000000000000000 RSI: ffffffff8acadb60 RDI: ffffffff8b1c8fa0 [ 243.111773][ C0] RBP: ffffc9000be0fa48 R08: ffffffff8e8b19af R09: 1ffffffff1d16335 [ 243.111788][ C0] R10: dffffc0000000000 R11: fffffbfff1d16336 R12: ffff88802c7ac6e0 [ 243.111803][ C0] R13: dffffc0000000000 R14: ffff88802c7ac6d0 R15: 1ffff920017c1f34 [ 243.111843][ C0] ? __might_fault+0xaa/0x120 [ 243.111866][ C0] ? __lock_acquire+0x7d40/0x7d40 [ 243.111890][ C0] ? verify_lock_unused+0x140/0x140 [ 243.111915][ C0] ? __might_fault+0xaa/0x120 [ 243.111935][ C0] ? __might_fault+0xc6/0x120 [ 243.111961][ C0] ? __might_fault+0xaa/0x120 [ 243.111985][ C0] _copy_from_user+0x2a/0xe0 [ 243.112013][ C0] ___sys_recvmsg+0x176/0x590 [ 243.112043][ C0] ? __sys_recvmsg+0x2a0/0x2a0 [ 243.118360][ T2937] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 243.125517][ C0] ? __lock_acquire+0x7d40/0x7d40 [ 243.131927][ T2937] CR2: 00007f080d7473a4 CR3: 0000000075418000 CR4: 00000000003506e0 [ 243.138008][ C0] ? __might_fault+0xc6/0x120 [ 243.145058][ T2937] Call Trace: [ 243.147623][ C0] ? __might_fault+0xaa/0x120 [ 243.152834][ T2937] [ 243.160151][ C0] do_recvmmsg+0x39a/0x870 [ 243.165357][ T2937] ieee80211_link_use_reserved_context+0x383/0x5c0 [ 243.171362][ C0] ? __sys_recvmmsg+0x290/0x290 [ 243.171397][ C0] ? __ia32_sys_get_robust_list+0x110/0x110 [ 243.171436][ C0] __x64_sys_recvmmsg+0x199/0x250 [ 243.176093][ T2937] ieee80211_csa_finalize+0x5a6/0xf20 [ 243.181231][ C0] ? do_recvmmsg+0x870/0x870 [ 243.181259][ C0] ? lockdep_hardirqs_on+0x98/0x150 [ 243.187426][ T2937] ? mutex_lock_nested+0x20/0x20 [ 243.207081][ C0] do_syscall_64+0x55/0xa0 [ 243.207102][ C0] ? clear_bhb_loop+0x40/0x90 [ 243.207123][ C0] ? clear_bhb_loop+0x40/0x90 [ 243.207147][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 243.207169][ C0] RIP: 0033:0x7f671979ce59 [ 243.212652][ T2937] ? ieee80211_csa_finalize_work+0x140/0x140 [ 243.218373][ C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 243.218391][ C0] RSP: 002b:00007f671a718028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 243.218414][ C0] RAX: ffffffffffffffda RBX: 00007f6719a15fa0 RCX: 00007f671979ce59 [ 243.218428][ C0] RDX: 03fffffffffffeda RSI: 00002000000000c0 RDI: 0000000000000004 [ 243.218443][ C0] RBP: 00007f6719832d6f R08: 0000000000000000 R09: 0000000000000000 [ 243.218456][ C0] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 243.223214][ T2937] ? read_lock_is_recursive+0x20/0x20 [ 243.227996][ C0] R13: 00007f6719a16038 R14: 00007f6719a15fa0 R15: 00007fff258ada08 [ 243.230331][ T2937] ieee80211_csa_finalize_work+0xf6/0x140 [ 243.238337][ C0] [ 243.242837][ T2937] ? process_scheduled_works+0x96f/0x15d0 [ 243.247445][ C0] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 243.247455][ C0] CPU: 0 PID: 7624 Comm: syz.2.557 Not tainted syzkaller #0 [ 243.247474][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 243.247483][ C0] Call Trace: [ 243.247490][ C0] [ 243.247497][ C0] dump_stack_lvl+0x18c/0x250 [ 243.247525][ C0] ? show_regs_print_info+0x20/0x20 [ 243.247550][ C0] ? load_image+0x420/0x420 [ 243.247583][ C0] panic+0x2dc/0x730 [ 243.247608][ C0] ? bpf_jit_dump+0xd0/0xd0 [ 243.247642][ C0] __warn+0x2e0/0x470 [ 243.247660][ C0] ? __ieee80211_beacon_get+0x1233/0x1600 [ 243.247683][ C0] ? __ieee80211_beacon_get+0x1233/0x1600 [ 243.247703][ C0] report_bug+0x2be/0x4f0 [ 243.247737][ C0] ? __ieee80211_beacon_get+0x1233/0x1600 [ 243.247758][ C0] ? __ieee80211_beacon_get+0x1233/0x1600 [ 243.247778][ C0] ? __ieee80211_beacon_get+0x1235/0x1600 [ 243.247798][ C0] handle_bug+0xcf/0x120 [ 243.247815][ C0] exc_invalid_op+0x1a/0x50 [ 243.247832][ C0] asm_exc_invalid_op+0x1a/0x20 [ 243.247852][ C0] RIP: 0010:__ieee80211_beacon_get+0x1233/0x1600 [ 243.247873][ C0] Code: 24 4c 89 e7 e8 0e 75 c0 f7 45 31 f6 4c 8b bc 24 a0 00 00 00 e9 7a fe ff ff e8 09 b3 82 f7 0f 0b e9 f6 f7 ff ff e8 fd b2 82 f7 <0f> 0b e9 48 fb ff ff e8 f1 b2 82 f7 48 c7 c7 20 89 64 8e 4c 89 e6 [ 243.247886][ C0] RSP: 0018:ffffc90000007a18 EFLAGS: 00010246 [ 243.247909][ C0] RAX: ffffffff8a047053 RBX: ffffffff8a045e56 RCX: ffff88802c7abc00 [ 243.247921][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 243.247932][ C0] RBP: 0000000000000000 R08: ffff88802c7abc00 R09: 0000000000000003 [ 243.247942][ C0] R10: 0000000000000007 R11: 0000000000000100 R12: ffff88805d9e63c0 [ 243.247953][ C0] R13: dffffc0000000000 R14: ffff88805d9e68b0 R15: ffff88805e398c24 [ 243.247969][ C0] ? __ieee80211_beacon_get+0x36/0x1600 [ 243.247990][ C0] ? __ieee80211_beacon_get+0x1233/0x1600 [ 243.248016][ C0] ? __ieee80211_beacon_get+0x1233/0x1600 [ 243.248037][ C0] ? __ieee80211_beacon_get+0x36/0x1600 [ 243.248065][ C0] ieee80211_beacon_get_tim+0xbf/0x580 [ 243.248090][ C0] ? ieee80211_beacon_get_template_ema_list+0x90/0x90 [ 243.248121][ C0] mac80211_hwsim_beacon_tx+0x3c7/0x780 [ 243.248148][ C0] __iterate_interfaces+0x243/0x500 [ 243.248172][ C0] ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0 [ 243.248191][ C0] ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180 [ 243.248216][ C0] ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0 [ 243.248235][ C0] ieee80211_iterate_active_interfaces_atomic+0xdb/0x180 [ 243.248262][ C0] mac80211_hwsim_beacon+0xbb/0x1b0 [ 243.248283][ C0] __hrtimer_run_queues+0x520/0xc40 [ 243.248301][ C0] ? ktime_get_update_offsets_now+0x99/0x3f0 [ 243.248327][ C0] ? hw_scan_work+0xf60/0xf60 [ 243.248352][ C0] ? hrtimer_interrupt+0x9c0/0x9c0 [ 243.248370][ C0] ? ktime_get_update_offsets_now+0x3d2/0x3f0 [ 243.248398][ C0] hrtimer_run_softirq+0x187/0x2b0 [ 243.248421][ C0] handle_softirqs+0x280/0x820 [ 243.248443][ C0] ? __irq_exit_rcu+0xd3/0x190 [ 243.248464][ C0] ? do_softirq+0x1a0/0x1a0 [ 243.248490][ C0] __irq_exit_rcu+0xd3/0x190 [ 243.248507][ C0] ? irq_exit_rcu+0x20/0x20 [ 243.248532][ C0] irq_exit_rcu+0x9/0x20 [ 243.248547][ C0] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 243.248567][ C0] [ 243.248572][ C0] [ 243.248579][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 243.248599][ C0] RIP: 0010:lock_release+0x594/0x8c0 [ 243.248617][ C0] Code: 00 00 00 f7 84 24 80 00 00 00 00 02 00 00 43 c6 44 2f 04 f8 75 70 f7 44 24 50 00 02 00 00 74 01 fb 48 c7 44 24 60 0e 36 e0 45 <4b> c7 04 2f 00 00 00 00 43 c7 44 2f 08 00 00 00 00 65 48 8b 04 25 [ 243.248630][ C0] RSP: 0018:ffffc9000be0f940 EFLAGS: 00000206 [ 243.248643][ C0] RAX: 0000000000000001 RBX: ffffffffffffffff RCX: b62e9429030f1300 [ 243.248654][ C0] RDX: 0000000000000000 RSI: ffffffff8acadb60 RDI: ffffffff8b1c8fa0 [ 243.248665][ C0] RBP: ffffc9000be0fa48 R08: ffffffff8e8b19af R09: 1ffffffff1d16335 [ 243.248677][ C0] R10: dffffc0000000000 R11: fffffbfff1d16336 R12: ffff88802c7ac6e0 [ 243.248688][ C0] R13: dffffc0000000000 R14: ffff88802c7ac6d0 R15: 1ffff920017c1f34 [ 243.248722][ C0] ? __might_fault+0xaa/0x120 [ 243.248741][ C0] ? __lock_acquire+0x7d40/0x7d40 [ 243.248760][ C0] ? verify_lock_unused+0x140/0x140 [ 243.248780][ C0] ? __might_fault+0xaa/0x120 [ 243.248796][ C0] ? __might_fault+0xc6/0x120 [ 243.248811][ C0] ? __might_fault+0xaa/0x120 [ 243.248830][ C0] _copy_from_user+0x2a/0xe0 [ 243.248852][ C0] ___sys_recvmsg+0x176/0x590 [ 243.248876][ C0] ? __sys_recvmsg+0x2a0/0x2a0 [ 243.248920][ C0] ? __lock_acquire+0x7d40/0x7d40 [ 243.248945][ C0] ? __might_fault+0xc6/0x120 [ 243.248960][ C0] ? __might_fault+0xaa/0x120 [ 243.248978][ C0] do_recvmmsg+0x39a/0x870 [ 243.249004][ C0] ? __sys_recvmmsg+0x290/0x290 [ 243.249033][ C0] ? __ia32_sys_get_robust_list+0x110/0x110 [ 243.249067][ C0] __x64_sys_recvmmsg+0x199/0x250 [ 243.249087][ C0] ? do_recvmmsg+0x870/0x870 [ 243.249108][ C0] ? lockdep_hardirqs_on+0x98/0x150 [ 243.249130][ C0] do_syscall_64+0x55/0xa0 [ 243.249145][ C0] ? clear_bhb_loop+0x40/0x90 [ 243.249164][ C0] ? clear_bhb_loop+0x40/0x90 [ 243.249185][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 243.249204][ C0] RIP: 0033:0x7f671979ce59 [ 243.249218][ C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 243.249230][ C0] RSP: 002b:00007f671a718028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 243.249247][ C0] RAX: ffffffffffffffda RBX: 00007f6719a15fa0 RCX: 00007f671979ce59 [ 243.249258][ C0] RDX: 03fffffffffffeda RSI: 00002000000000c0 RDI: 0000000000000004 [ 243.249269][ C0] RBP: 00007f6719832d6f R08: 0000000000000000 R09: 0000000000000000 [ 243.249279][ C0] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 243.249289][ C0] R13: 00007f6719a16038 R14: 00007f6719a15fa0 R15: 00007fff258ada08 [ 243.249325][ C0] [ 243.255548][ C0] Kernel Offset: disabled