last executing test programs: 7.47553395s ago: executing program 0 (id=166): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="44000000100001002abd7000fcdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="8111000000000000140003006272696467655f736c6176655f30000008000400d4"], 0x44}, 0x1, 0x0, 0x0, 0x80}, 0x0) 6.887604363s ago: executing program 1 (id=167): r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xfd, 0x4e20, 0x0, @mcast2}, 0x1c) 6.716316064s ago: executing program 1 (id=168): r0 = shmget$private(0x0, 0x4000, 0x54000000, &(0x7f0000ffc000/0x4000)=nil) timer_create(0x0, 0x0, &(0x7f0000bbdffc)) sendmsg$can_bcm(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) preadv(r2, &(0x7f0000000180)=[{&(0x7f0000000100)=""/78, 0x4e}], 0x1, 0x80000000, 0x9) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r3 = syz_open_dev$evdev(0x0, 0x0, 0x822b01) io_setup(0x1, &(0x7f0000000380)) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x1, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x5a}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) write$char_usb(r3, &(0x7f0000000040)="e2", 0x2778) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x400) r4 = syz_open_dev$sndpcmp(0x0, 0x0, 0x28002) ioctl$SNDRV_PCM_IOCTL_HW_FREE(r4, 0x4112, 0x0) r5 = socket$inet(0x2, 0x3, 0x33) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)) getsockopt$inet_mreqsrc(r5, 0x0, 0x53, &(0x7f0000000000)={@dev, @local, @broadcast}, &(0x7f0000000040)=0x28) r6 = shmat(r0, &(0x7f0000ff9000/0x1000)=nil, 0x5000) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000fff000/0x1000)=nil) shmdt(r6) r7 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000200)={'geneve0\x00', 0x0}) sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="5800000010000300"/20, @ANYRES32=r8, @ANYBLOB="00000000000000001c0012800b00010067656e65766500000c00028005000c00010000001c001a8018000a8014000700fc"], 0x58}, 0x1, 0x2}, 0x800) 5.092231147s ago: executing program 1 (id=170): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'macvlan0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000024c0)={&(0x7f0000000780)=ANY=[@ANYBLOB="44000000100001042abd70000002000000000000", @ANYRES32=r1, @ANYBLOB="8249e900800005001c0037"], 0x44}, 0x1, 0x0, 0x0, 0x20000c10}, 0x8000) 4.358982827s ago: executing program 0 (id=175): r0 = fsopen(&(0x7f00000001c0)='bpf\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x1, 0x0) fchdir(r1) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ec}, 0x94) r3 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000080)={r2, 0x0, 0x2d, 0x0, @val=@netfilter={0xa, 0x1, 0x353a, 0x1}}, 0x20) r4 = dup(r3) bpf$OBJ_PIN_MAP(0x6, &(0x7f00000000c0)=@generic={&(0x7f0000000040)='./file0\x00', r4}, 0x18) openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x8042, 0x85) 4.300723192s ago: executing program 3 (id=178): r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f00000002c0)={0x2, 0xc22, @remote}, 0x10) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x3) 4.254892818s ago: executing program 1 (id=179): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e22, @multicast1}, 0x10) r1 = syz_io_uring_setup(0x496, &(0x7f0000000400)={0x0, 0x4060, 0x0, 0x8000, 0x8000e3}, &(0x7f0000000340)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_setup(0x10a, &(0x7f0000000680)={0x0, 0x80334d, 0x10, 0x2, 0x385}, &(0x7f0000000200)=0x0, &(0x7f0000000300)) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x1, 0x7}) write$UHID_CREATE2(r5, &(0x7f00000001c0)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r5, 0x0) syz_io_uring_submit(r4, r3, &(0x7f0000000000)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x60, 0x185100, 0x23456}) io_uring_enter(r1, 0x627, 0xc1040000, 0x43, 0x0, 0x0) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) 4.039092819s ago: executing program 3 (id=182): syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000a8f4dd086d0492082a6d000000010902"], 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0xfbc6, 0x10100, 0x8000003}, &(0x7f0000000080)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {0x230}}) io_uring_enter(r1, 0x2ded, 0x4000, 0x6, 0x0, 0x0) r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) readv(r4, &(0x7f0000000200)=[{&(0x7f0000003140)=""/4096, 0x8}], 0xe) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000003ac0)={0x1, 0xf, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='syzkaller\x00', 0x1, 0x0, 0x0, 0x41000, 0xa, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r5, 0xfca804a0, 0x0, 0x8, &(0x7f00000002c0), &(0x7f0000000300)=""/8, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 3.995819837s ago: executing program 0 (id=183): r0 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$sock_buf(r0, 0x1, 0x48, 0x0, &(0x7f0000000200)) 3.791669985s ago: executing program 0 (id=185): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@delneigh={0x44, 0x1a, 0x1, 0x0, 0xfffffffd, {0xa}, [@NDA_CACHEINFO={0x14, 0x3, {0x9}}, @NDA_DST_IPV6={0x14, 0x1, @private0={0xfc, 0x0, '\x00', 0x1}}]}, 0x44}, 0x1, 0x0, 0x0, 0xc0}, 0x4004840) 3.679511251s ago: executing program 0 (id=187): r0 = socket$nl_route(0x10, 0x3, 0x0) flistxattr(r0, &(0x7f00000013c0)=""/112, 0x70) 3.431206059s ago: executing program 0 (id=189): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x40040, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$kcm(0x11, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r5 = socket(0x400000000010, 0x3, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000005c0)=@newtfilter={0x8c, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, r4, {0xb, 0xfff3}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0x58, 0x2, [@TCA_MATCHALL_ACT={0x54, 0x2, [@m_skbedit={0x50, 0x1, 0x0, 0x0, {{0xc}, {0x24, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PARMS={0x18, 0x2, {0x3, 0xd73, 0xffffffffffffffff, 0x80, 0x401}}, @TCA_SKBEDIT_PRIORITY={0x8, 0x3, {0x3, 0xfff1}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x810}, 0x0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r7) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r2, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x7, r8, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000002300)="81", 0x1}], 0x1}, 0x4) 2.923316166s ago: executing program 2 (id=192): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000500), 0x80600, 0x0) ioctl$IOMMU_VFIO_CHECK_EXTENSION(r0, 0x3b65, 0x3) 2.807508672s ago: executing program 2 (id=193): getsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000100)=@assoc_value={0x0, 0x7}, &(0x7f0000000140)=0x8) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0xa, 0x4, 0x2}, 0x50) socketpair(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={r0, &(0x7f0000000140), &(0x7f0000000000)=@tcp6=r1}, 0x20) r2 = socket$inet6_udp(0xa, 0x2, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000380)={r0, &(0x7f0000000600), &(0x7f0000000340)=@udp6=r2, 0x1}, 0x20) 2.621709173s ago: executing program 2 (id=194): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000025c0)=@newtaction={0x48, 0x5a, 0x5, 0x70bd29, 0x25dfdbfb, {0x2}, [{0x34, 0x3, [@m_csum={0x30, 0x15, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x1}}}}]}]}, 0x48}}, 0x8080) 2.35154508s ago: executing program 2 (id=195): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x5, 0x7, 0x7ffc0001}]}) syslog(0x4, &(0x7f0000000280)=""/36, 0x24) 1.986988449s ago: executing program 2 (id=196): timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, 0x0, 0x0) fsopen(&(0x7f00000003c0)='befs\x00', 0x0) r0 = openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) write(r0, 0x0, 0x0) r1 = syz_open_procfs(0x0, 0x0) r2 = epoll_create1(0x0) io_uring_register$IORING_REGISTER_BUFFERS2(0xffffffffffffffff, 0xf, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) 1.415455867s ago: executing program 4 (id=198): r0 = socket$inet6_udp(0xa, 0x2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6(0xa, 0x3, 0x5) setsockopt$inet6_int(r2, 0x29, 0x1000000000021, &(0x7f0000000000)=0xffffffc3, 0x4) bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4) sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20044804}, 0x40040) r3 = dup(r1) getpeername$packet(r3, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) socket$netlink(0x10, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000240)={@remote, @ipv4={'\x00', '\xff\xff', @empty}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20c200a2, r4}) 1.370599935s ago: executing program 4 (id=199): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x181002, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000001c0)={0x0, 0x6c4, 0x5, 0x1, 0x10, "1b090000401400000a94c9355ab28b8725fd00"}) syz_open_pts(r0, 0x20800) syz_open_pts(r0, 0x4802) 1.124985874s ago: executing program 4 (id=200): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_GET_NESTED_STATE(r2, 0xc080aebe, &(0x7f000000a100)) 926.942168ms ago: executing program 1 (id=201): prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ff9000/0x6000)=nil, 0x6000, &(0x7f0000000140)='\x00') prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffd000/0x3000)=nil, 0x3000, &(0x7f0000000540)='fou\x00') mremap(&(0x7f0000ffa000/0x1000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000ffb000/0x4000)=nil) 851.441717ms ago: executing program 3 (id=202): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1d, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x8, 0x40, 0x7fff0000}]}) sigaltstack(0x0, 0x0) 738.72191ms ago: executing program 4 (id=203): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_freeze_timeout', 0x82802, 0xf) writev(r0, &(0x7f0000000580)=[{&(0x7f0000000380)="a1", 0x1}], 0x1) 664.633646ms ago: executing program 3 (id=204): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) inotify_add_watch(0xffffffffffffffff, 0x0, 0x610003d5) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x180) mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f00000001c0), 0x8, &(0x7f00000002c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x123903, 0x416422fbbb22d811) 490.513489ms ago: executing program 4 (id=205): socket$packet(0x11, 0x2, 0x300) syz_emit_ethernet(0x82, &(0x7f0000000800)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000088a800008100000086dd6043ea5600442f00"], 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) io_uring_setup(0x524, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4040000}, 0x0) 416.128816ms ago: executing program 3 (id=206): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x6, 0x6, 0x3, 0x7fff0002}]}) fallocate(0xffffffffffffffff, 0x34, 0x0, 0x8) 293.836494ms ago: executing program 4 (id=207): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 243.717951ms ago: executing program 1 (id=208): pipe(&(0x7f0000000180)) socket$nl_netfilter(0x10, 0x3, 0xc) syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r0 = syz_usb_connect(0x1, 0x2d, &(0x7f0000000340)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b00010000000109040100"], 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) r2 = epoll_create(0x80) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000040)={0x40000000}) syz_open_dev$video4linux(&(0x7f0000000140), 0x400, 0x40) syz_usb_disconnect(r0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0) pselect6(0x40, &(0x7f0000000100)={0x7ff, 0xfffffffffffffffc, 0x100005, 0x0, 0x800, 0x0, 0x8000000000000001, 0x10000000}, 0x0, 0x0, 0x0, 0x0) 184.351436ms ago: executing program 3 (id=209): io_uring_enter(0xffffffffffffffff, 0x808, 0x498c, 0x10, &(0x7f0000000080)={[0xdbc1]}, 0x8) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) write$dsp(r0, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) r1 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) syz_open_dev$evdev(&(0x7f0000000000), 0x3, 0x822b01) r2 = syz_io_uring_setup(0x313f, &(0x7f0000000080)={0x0, 0x2, 0x10100, 0x3, 0x171}, &(0x7f0000000380)=0x0, &(0x7f0000000340)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_WRITEV={0x2, 0x40, 0x0, @fd_index=0x3, 0x0, 0x0}) io_uring_enter(r2, 0x4d10, 0x2, 0x2, 0x0, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x5, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) chmod(&(0x7f0000000180)='./file0\x00', 0x27d) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f, 0x1}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(0xffffffffffffffff, &(0x7f00000000c0)={0x13, 0x10, 0xfa00, {&(0x7f0000000f00), r5}}, 0x18) r6 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r6, &(0x7f0000000200)={0x2a, 0x1, 0x2}, 0xc) r7 = syz_io_uring_setup(0x497, &(0x7f0000000540)={0x0, 0x4660, 0x400, 0x3, 0x285}, &(0x7f00000004c0)=0x0, &(0x7f0000000480)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r6, 0x0, 0x0}) io_uring_enter(r7, 0x3498, 0x969, 0xffff000000000000, 0x0, 0x0) ioctl$sock_ifreq(r6, 0x8993, &(0x7f0000000240)={'bond_slave_1\x00', @ifru_settings={0x5, 0xffff, @te1=&(0x7f0000000140)={0x8000, 0x7435, 0x3, 0xcada}}}) ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0) ioctl$SNDCTL_DSP_SETFMT(r0, 0x40045010, &(0x7f0000000040)=0x5f) close_range(0xffffffffffffffff, r1, 0x0) r10 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) readahead(r10, 0x0, 0x2000000) ioctl$SNDCTL_DSP_RESET(r0, 0x5000, 0x0) 0s ago: executing program 2 (id=210): r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@newlink={0x38, 0x10, 0x437, 0x0, 0x5, {0x0, 0x0, 0x0, 0x0, 0x504c3}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gre={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_LOCAL={0x8, 0x6, @broadcast}]}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x48000) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.254' (ED25519) to the list of known hosts. [ 80.964750][ T5818] cgroup: Unknown subsys name 'net' [ 81.095225][ T5818] cgroup: Unknown subsys name 'cpuset' [ 81.104636][ T5818] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 82.746009][ T5818] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 84.937762][ T5833] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 84.948522][ T5833] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 84.959119][ T5833] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 84.967730][ T5833] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 84.978886][ T5833] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 85.042989][ T5833] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 85.053636][ T5833] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 85.061628][ T5833] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 85.069940][ T5833] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 85.078801][ T5833] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 85.146420][ T5153] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 85.158214][ T5153] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 85.166232][ T5153] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 85.176383][ T5153] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 85.189996][ T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 85.197503][ T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 85.214220][ T5845] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 85.225160][ T5845] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 85.237093][ T5845] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 85.245529][ T5845] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 85.270561][ T5153] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 85.280594][ T5153] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 85.289275][ T5153] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 85.300651][ T5153] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 85.308911][ T5153] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 85.728469][ T5831] chnl_net:caif_netlink_parms(): no params data found [ 85.992965][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.001432][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.008795][ T5831] bridge_slave_0: entered allmulticast mode [ 86.016759][ T5831] bridge_slave_0: entered promiscuous mode [ 86.036267][ T5837] chnl_net:caif_netlink_parms(): no params data found [ 86.055670][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.063118][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.070393][ T5831] bridge_slave_1: entered allmulticast mode [ 86.078575][ T5831] bridge_slave_1: entered promiscuous mode [ 86.106820][ T5839] chnl_net:caif_netlink_parms(): no params data found [ 86.250000][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.292960][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.302524][ T5841] chnl_net:caif_netlink_parms(): no params data found [ 86.454753][ T5831] team0: Port device team_slave_0 added [ 86.494281][ T5831] team0: Port device team_slave_1 added [ 86.547260][ T5844] chnl_net:caif_netlink_parms(): no params data found [ 86.559073][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.566467][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.574064][ T5837] bridge_slave_0: entered allmulticast mode [ 86.581797][ T5837] bridge_slave_0: entered promiscuous mode [ 86.589646][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.597176][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.604643][ T5839] bridge_slave_0: entered allmulticast mode [ 86.612788][ T5839] bridge_slave_0: entered promiscuous mode [ 86.662139][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.669553][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.676915][ T5837] bridge_slave_1: entered allmulticast mode [ 86.684520][ T5837] bridge_slave_1: entered promiscuous mode [ 86.692112][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.699424][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.706921][ T5839] bridge_slave_1: entered allmulticast mode [ 86.714529][ T5839] bridge_slave_1: entered promiscuous mode [ 86.734466][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.741548][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.768060][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.843189][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.850283][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 86.877030][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.938023][ T5841] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.946704][ T5841] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.954294][ T5841] bridge_slave_0: entered allmulticast mode [ 86.964055][ T5841] bridge_slave_0: entered promiscuous mode [ 86.990648][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.998728][ T5841] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.006439][ T5841] bridge_slave_1: entered allmulticast mode [ 87.016187][ T5841] bridge_slave_1: entered promiscuous mode [ 87.040219][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.056620][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.063512][ T5845] Bluetooth: hci0: command tx timeout [ 87.072595][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.138184][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.147879][ T5845] Bluetooth: hci1: command tx timeout [ 87.221014][ T5845] Bluetooth: hci2: command tx timeout [ 87.268006][ T5839] team0: Port device team_slave_0 added [ 87.291136][ T5841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.310887][ T5845] Bluetooth: hci3: command tx timeout [ 87.317083][ T5837] team0: Port device team_slave_0 added [ 87.326543][ T5839] team0: Port device team_slave_1 added [ 87.337798][ T5831] hsr_slave_0: entered promiscuous mode [ 87.344975][ T5831] hsr_slave_1: entered promiscuous mode [ 87.355502][ T5841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.365261][ T5844] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.373018][ T5844] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.380314][ T5844] bridge_slave_0: entered allmulticast mode [ 87.381643][ T5845] Bluetooth: hci4: command tx timeout [ 87.389380][ T5844] bridge_slave_0: entered promiscuous mode [ 87.403554][ T5837] team0: Port device team_slave_1 added [ 87.446476][ T5844] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.453812][ T5844] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.461132][ T5844] bridge_slave_1: entered allmulticast mode [ 87.471009][ T5844] bridge_slave_1: entered promiscuous mode [ 87.502508][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.509552][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 87.536090][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.586433][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.593491][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 87.620043][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.634221][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.641455][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 87.667647][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.691056][ T5841] team0: Port device team_slave_0 added [ 87.718174][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.725306][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 87.751531][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.775050][ T5841] team0: Port device team_slave_1 added [ 87.785198][ T5844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.851719][ T5844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.957386][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.964533][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 87.991715][ T5841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.023327][ T5837] hsr_slave_0: entered promiscuous mode [ 88.030982][ T5837] hsr_slave_1: entered promiscuous mode [ 88.037777][ T5837] debugfs: 'hsr0' already exists in 'hsr' [ 88.043912][ T5837] Cannot create hsr debugfs directory [ 88.063808][ T5839] hsr_slave_0: entered promiscuous mode [ 88.071134][ T5839] hsr_slave_1: entered promiscuous mode [ 88.077712][ T5839] debugfs: 'hsr0' already exists in 'hsr' [ 88.083871][ T5839] Cannot create hsr debugfs directory [ 88.091634][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.098590][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.124694][ T5841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.138780][ T5844] team0: Port device team_slave_0 added [ 88.149148][ T5844] team0: Port device team_slave_1 added [ 88.256237][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.263282][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.289512][ T5844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.303317][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.310279][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.336571][ T5844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.497822][ T5841] hsr_slave_0: entered promiscuous mode [ 88.504765][ T5841] hsr_slave_1: entered promiscuous mode [ 88.511942][ T5841] debugfs: 'hsr0' already exists in 'hsr' [ 88.517869][ T5841] Cannot create hsr debugfs directory [ 88.641755][ T5844] hsr_slave_0: entered promiscuous mode [ 88.648725][ T5844] hsr_slave_1: entered promiscuous mode [ 88.655819][ T5844] debugfs: 'hsr0' already exists in 'hsr' [ 88.661903][ T5844] Cannot create hsr debugfs directory [ 88.906307][ T5831] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 88.939277][ T5831] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 88.983731][ T5831] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 89.024014][ T5831] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 89.140864][ T5845] Bluetooth: hci0: command tx timeout [ 89.195288][ T5837] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 89.208215][ T5837] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 89.220393][ T5837] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 89.227883][ T5845] Bluetooth: hci1: command tx timeout [ 89.239326][ T5837] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 89.301088][ T5845] Bluetooth: hci2: command tx timeout [ 89.375382][ T5839] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 89.381329][ T5845] Bluetooth: hci3: command tx timeout [ 89.401122][ T5839] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 89.414815][ T5839] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 89.426792][ T5839] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 89.461403][ T5845] Bluetooth: hci4: command tx timeout [ 89.483668][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.587051][ T5841] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 89.597907][ T5841] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 89.610288][ T5841] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 89.632504][ T5831] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.640337][ T5841] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 89.735665][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.743558][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.792437][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.799670][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.819016][ T5844] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 89.845443][ T5844] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 89.873912][ T5844] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 89.896606][ T5844] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 89.935868][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.058937][ T5837] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.098434][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.105640][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.132442][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.152035][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.159332][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.288781][ T5839] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.360161][ T149] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.367407][ T149] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.396081][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.430030][ T149] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.437325][ T149] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.528735][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.544812][ T5841] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.563768][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.625062][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.632336][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.679314][ T5844] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.715086][ T1164] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.722690][ T1164] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.748748][ T1164] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.755924][ T1164] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.810278][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.817558][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.934532][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.984766][ T5831] veth0_vlan: entered promiscuous mode [ 91.078377][ T5831] veth1_vlan: entered promiscuous mode [ 91.223206][ T5845] Bluetooth: hci0: command tx timeout [ 91.225227][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.300935][ T5845] Bluetooth: hci1: command tx timeout [ 91.367382][ T5831] veth0_macvtap: entered promiscuous mode [ 91.378340][ T5837] veth0_vlan: entered promiscuous mode [ 91.383809][ T5845] Bluetooth: hci2: command tx timeout [ 91.417454][ T5831] veth1_macvtap: entered promiscuous mode [ 91.447543][ T5837] veth1_vlan: entered promiscuous mode [ 91.461775][ T5845] Bluetooth: hci3: command tx timeout [ 91.541092][ T5845] Bluetooth: hci4: command tx timeout [ 91.583604][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.605490][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.613663][ T5839] veth0_vlan: entered promiscuous mode [ 91.656613][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.674543][ T5837] veth0_macvtap: entered promiscuous mode [ 91.708750][ T5837] veth1_macvtap: entered promiscuous mode [ 91.739712][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.762191][ T149] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.795229][ T149] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.806630][ T149] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.833709][ T5839] veth1_vlan: entered promiscuous mode [ 91.846677][ T149] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.932717][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.950379][ T805] cfg80211: failed to load regulatory.db [ 91.984978][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.020167][ T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.044166][ T13] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.053566][ T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.083737][ T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.178593][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.194435][ T5839] veth0_macvtap: entered promiscuous mode [ 92.197486][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.232698][ T5844] veth0_vlan: entered promiscuous mode [ 92.277396][ T5839] veth1_macvtap: entered promiscuous mode [ 92.305586][ T5844] veth1_vlan: entered promiscuous mode [ 92.350148][ T145] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.362324][ T145] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.392296][ T5841] veth0_vlan: entered promiscuous mode [ 92.409089][ T145] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.414589][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.429255][ T145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.479051][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.506540][ T5841] veth1_vlan: entered promiscuous mode [ 92.508861][ T5831] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 92.586053][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.609467][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.630643][ T145] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.673342][ T145] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.696096][ T145] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.709784][ T145] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.744392][ T5844] veth0_macvtap: entered promiscuous mode [ 92.845338][ T5844] veth1_macvtap: entered promiscuous mode [ 92.863140][ T5841] veth0_macvtap: entered promiscuous mode [ 92.967581][ T5841] veth1_macvtap: entered promiscuous mode [ 93.012550][ T5951] ======================================================= [ 93.012550][ T5951] WARNING: The mand mount option has been deprecated and [ 93.012550][ T5951] and is ignored by this kernel. Remove the mand [ 93.012550][ T5951] option from the mount to silence this warning. [ 93.012550][ T5951] ======================================================= [ 93.022047][ T145] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.073505][ T145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.085657][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.118896][ T5951] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 93.178460][ T101] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.192788][ T101] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.198140][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.272202][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.302042][ T5845] Bluetooth: hci0: command tx timeout [ 93.349538][ T49] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.358480][ T49] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.382920][ T5845] Bluetooth: hci1: command tx timeout [ 93.385571][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.417605][ T49] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.447190][ T49] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.462411][ T5845] Bluetooth: hci2: command tx timeout [ 93.541049][ T5845] Bluetooth: hci3: command tx timeout [ 93.558008][ T5961] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 93.620880][ T5845] Bluetooth: hci4: command tx timeout [ 93.639069][ T101] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.692510][ T101] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.726209][ T101] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.788521][ T101] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.987764][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.017146][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.222203][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.239220][ T5969] xt_CT: No such helper "syz0" [ 94.257248][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.337232][ T101] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.361957][ T101] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.433416][ T5974] netlink: 4 bytes leftover after parsing attributes in process `syz.0.13'. [ 94.573278][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.597359][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.111844][ T10] usb 2-1: new low-speed USB device number 2 using dummy_hcd [ 95.318640][ T10] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 95.372574][ T10] usb 2-1: config 0 has no interface number 0 [ 95.400596][ T10] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 95.436113][ T10] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 95.482279][ T10] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 95.500123][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 95.569041][ T10] usb 2-1: config 0 descriptor?? [ 95.703908][ T10] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 95.860642][ T5984] iowarrior 2-1:0.1: Error -90 while submitting URB [ 95.926547][ T5902] usb 2-1: USB disconnect, device number 2 [ 96.238808][ C1] sd 0:0:1:0: [sda] tag#7996 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 96.249384][ C1] sd 0:0:1:0: [sda] tag#7996 CDB: Read(6) 08 00 00 00 00 00 [ 96.877637][ T6044] capability: warning: `syz.3.43' uses deprecated v2 capabilities in a way that may be insecure [ 97.863528][ T5910] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 97.885164][ T29] audit: type=1326 audit(1773541501.723:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6047 comm="syz.2.44" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0a6f9c799 code=0x7fc00000 [ 97.902795][ T5882] usb 5-1: new low-speed USB device number 2 using dummy_hcd [ 97.957964][ T29] audit: type=1326 audit(1773541501.723:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6047 comm="syz.2.44" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fd0a6f9c799 code=0x7fc00000 [ 98.034333][ T29] audit: type=1326 audit(1773541501.743:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6047 comm="syz.2.44" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0a6f9c799 code=0x7fc00000 [ 98.041745][ T5910] usb 2-1: Using ep0 maxpacket: 8 [ 98.110609][ T5882] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 98.119987][ T5910] usb 2-1: config 0 has no interfaces? [ 98.126787][ T5882] usb 5-1: config 0 has no interface number 0 [ 98.136533][ T5910] usb 2-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 98.159583][ T5882] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 98.183883][ T5910] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 98.194256][ T5882] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 98.226478][ T5882] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 98.241044][ T5910] usb 2-1: config 0 descriptor?? [ 98.257259][ T5882] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 98.292086][ T5882] usb 5-1: config 0 descriptor?? [ 98.325278][ T6072] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 98.378752][ T5882] iowarrior 5-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 98.575515][ T42] usb 5-1: USB disconnect, device number 2 [ 98.575595][ C1] iowarrior 5-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19 [ 99.039340][ T6102] syzkaller0: entered promiscuous mode [ 99.046309][ T6102] syzkaller0: entered allmulticast mode [ 99.082001][ T5882] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 99.241957][ T5882] usb 4-1: Using ep0 maxpacket: 32 [ 99.283514][ T5882] usb 4-1: unable to get BOS descriptor or descriptor too short [ 99.309035][ T5882] usb 4-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 99.340537][ T5882] usb 4-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb [ 99.368441][ T5882] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 99.404541][ T5882] usb 4-1: Product: syz [ 99.419160][ T5882] usb 4-1: Manufacturer: syz [ 99.433540][ T5882] usb 4-1: SerialNumber: syz [ 99.684910][ T5882] usb 4-1: Cannot retrieve CPort count: 0 [ 99.704017][ T5882] usb 4-1: Cannot retrieve CPort count: -5 [ 99.716747][ T5882] es2_ap_driver 4-1:7.0: probe with driver es2_ap_driver failed with error -5 [ 99.924738][ T5882] usb 4-1: USB disconnect, device number 2 [ 100.037049][ T6115] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 100.678926][ T5909] usb 2-1: USB disconnect, device number 3 [ 101.260191][ T6154] loop4: detected capacity change from 0 to 128 [ 102.060800][ T5895] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 102.240820][ T5895] usb 4-1: Using ep0 maxpacket: 8 [ 102.252708][ T5895] usb 4-1: config 0 has no interfaces? [ 102.272688][ T5895] usb 4-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 102.283484][ T5895] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.297314][ T5895] usb 4-1: config 0 descriptor?? [ 104.670933][ T5910] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 104.831122][ T5910] usb 1-1: Using ep0 maxpacket: 32 [ 104.843078][ T5910] usb 1-1: unable to get BOS descriptor or descriptor too short [ 104.859364][ T5910] usb 1-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 104.865056][ T42] usb 4-1: USB disconnect, device number 3 [ 104.901978][ T5910] usb 1-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb [ 104.914880][ T5910] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 104.934119][ T5910] usb 1-1: Product: syz [ 104.954104][ T5910] usb 1-1: Manufacturer: syz [ 104.967848][ T5910] usb 1-1: SerialNumber: syz [ 104.991870][ T6228] syzkaller0: entered promiscuous mode [ 104.997911][ T6228] syzkaller0: entered allmulticast mode [ 105.221320][ T5910] usb 1-1: Cannot retrieve CPort count: 0 [ 105.227336][ T5910] usb 1-1: Cannot retrieve CPort count: -5 [ 105.249632][ T5910] es2_ap_driver 1-1:7.0: probe with driver es2_ap_driver failed with error -5 [ 105.454153][ T5882] usb 1-1: USB disconnect, device number 2 [ 105.910966][ T5910] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 106.080839][ T5910] usb 2-1: Using ep0 maxpacket: 8 [ 106.107414][ T5910] usb 2-1: config 0 has no interfaces? [ 106.115179][ T5910] usb 2-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 106.124963][ T5910] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 106.145033][ T5910] usb 2-1: config 0 descriptor?? [ 106.912188][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 107.045182][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 107.421239][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 108.687608][ T5832] usb 2-1: USB disconnect, device number 4 [ 109.430544][ T6318] netlink: 12 bytes leftover after parsing attributes in process `syz.0.156'. [ 109.465540][ T6318] : renamed from gre0 (while UP) [ 109.727014][ T6330] bridge1: entered promiscuous mode [ 109.735538][ T6330] bridge1: entered allmulticast mode [ 109.781738][ T6332] Zero length message leads to an empty skb [ 109.798626][ T5910] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 109.962357][ T5910] usb 3-1: Using ep0 maxpacket: 8 [ 109.995410][ T5910] usb 3-1: config 0 has no interfaces? [ 110.015188][ T5910] usb 3-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 110.050423][ T5910] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 110.070128][ T6332] syzkaller0: entered promiscuous mode [ 110.080114][ T5910] usb 3-1: config 0 descriptor?? [ 110.089630][ T6332] syzkaller0: entered allmulticast mode [ 110.297475][ T6343] netlink: 8 bytes leftover after parsing attributes in process `syz.0.166'. [ 111.370967][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 111.483068][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 111.492224][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 111.501198][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 111.521096][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 111.529480][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 111.538218][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 112.583966][ T5832] usb 3-1: USB disconnect, device number 2 [ 112.674209][ T6358] netlink: 8 bytes leftover after parsing attributes in process `syz.1.170'. [ 113.305394][ T6358] netlink: 24 bytes leftover after parsing attributes in process `syz.1.170'. [ 113.976517][ T6394] netlink: 'syz.0.185': attribute type 3 has an invalid length. [ 114.020790][ T42] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 114.182659][ T42] usb 4-1: Using ep0 maxpacket: 8 [ 114.248184][ T42] usb 4-1: config 0 has no interfaces? [ 114.273473][ T42] usb 4-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 114.304855][ T42] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 114.335185][ T42] usb 4-1: config 0 descriptor?? [ 114.758465][ T6407] syzkaller0: entered promiscuous mode [ 114.772645][ T6407] syzkaller0: entered allmulticast mode [ 115.245662][ T6420] netlink: 'syz.2.194': attribute type 3 has an invalid length. [ 115.439234][ T29] audit: type=1326 audit(1773541519.273:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6421 comm="syz.2.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0a6f9c799 code=0x7ffc0000 [ 115.519263][ T29] audit: type=1326 audit(1773541519.273:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6421 comm="syz.2.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0a6f9c799 code=0x7ffc0000 [ 115.595041][ T29] audit: type=1326 audit(1773541519.273:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6421 comm="syz.2.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0a6f9c799 code=0x7ffc0000 [ 115.667195][ T29] audit: type=1326 audit(1773541519.273:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6421 comm="syz.2.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0a6f9c799 code=0x7ffc0000 [ 115.755137][ T29] audit: type=1326 audit(1773541519.303:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6421 comm="syz.2.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=103 compat=0 ip=0x7fd0a6f9c799 code=0x7ffc0000 [ 115.857148][ T29] audit: type=1326 audit(1773541519.323:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6421 comm="syz.2.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fd0a6f5cfce code=0x7ffc0000 [ 115.949631][ T29] audit: type=1326 audit(1773541519.333:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6421 comm="syz.2.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fd0a6f5cfce code=0x7ffc0000 [ 116.041075][ T29] audit: type=1326 audit(1773541519.333:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6421 comm="syz.2.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fd0a6f5cfce code=0x7ffc0000 [ 116.119609][ T29] audit: type=1326 audit(1773541519.343:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6421 comm="syz.2.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fd0a6f5cfce code=0x7ffc0000 [ 116.190771][ T29] audit: type=1326 audit(1773541519.343:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6421 comm="syz.2.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fd0a6f5cfce code=0x7ffc0000 [ 116.807709][ T5895] usb 4-1: USB disconnect, device number 4 [ 117.205667][ T6441] overlayfs: failed lookup in lower (newroot/45, name='file0', err=-40): overlapping layers [ 117.801608][ T5902] usb 2-1: new low-speed USB device number 5 using dummy_hcd [ 117.976305][ T5902] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 117.990783][ T5902] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 118.011033][ T5902] usb 2-1: config 0 has no interface number 0 [ 118.022652][ T5902] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 118.034456][ T5902] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 118.070784][ T5902] usb 2-1: config 0 descriptor?? [ 118.070804][ T6459] node ffff888059657c80 offset 0 parent ffff888059628b00 shift 0 count 64 values 0 array ffff888033dba200 list ffff888059657c98 ffff888059657c98 marks 0 0 0 [ 118.095628][ T5902] iowarrior 2-1:0.1: no interrupt-in endpoint found [ 118.135124][ T6459] ------------[ cut here ]------------ [ 118.140840][ T6459] kernel BUG at ./include/linux/xarray.h:1441! [ 118.156197][ T6459] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI [ 118.162674][ T6459] CPU: 1 UID: 0 PID: 6459 Comm: syz.4.207 Not tainted syzkaller #0 PREEMPT(full) [ 118.171975][ T6459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 118.182049][ T6459] RIP: 0010:hpage_collapse_scan_file+0x4f98/0x5230 [ 118.188659][ T6459] Code: ff 4c 89 e7 48 c7 c6 80 b1 dc 8b e8 82 df f1 fe 90 0f 0b 48 85 db 0f 84 03 01 00 00 e8 01 62 90 ff 48 89 df e8 69 5d 7b 09 90 <0f> 0b e8 f1 61 90 ff 48 89 df 48 c7 c6 80 b1 dc 8b e8 52 df f1 fe [ 118.208473][ T6459] RSP: 0018:ffffc9000cfe7120 EFLAGS: 00010246 [ 118.214552][ T6459] RAX: 0000000000000000 RBX: ffff888059657c80 RCX: fce5f54684933000 [ 118.222535][ T6459] RDX: ffffc900105d1000 RSI: 0000000000024d8d RDI: 0000000000024d8e [ 118.230602][ T6459] RBP: ffffc9000cfe7428 R08: ffffc9000cfe6ea7 R09: 1ffff920019fcdd4 [ 118.238666][ T6459] R10: dffffc0000000000 R11: fffff520019fcdd5 R12: ffffea0001439b70 [ 118.246829][ T6459] R13: dffffc0000000000 R14: 0000000000000000 R15: ffffc9000cfe7310 [ 118.254824][ T6459] FS: 00007f0f3c21d6c0(0000) GS:ffff888125536000(0000) knlGS:0000000000000000 [ 118.264020][ T6459] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 118.270698][ T6459] CR2: 00007f06dafe9e80 CR3: 000000007cfbc000 CR4: 00000000003526f0 [ 118.278685][ T6459] Call Trace: [ 118.282024][ T6459] [ 118.285010][ T6459] ? debug_object_free+0x2d7/0x490 [ 118.290224][ T6459] ? hpage_collapse_scan_file+0x1c1/0x5230 [ 118.296119][ T6459] ? __pfx_hpage_collapse_scan_file+0x10/0x10 [ 118.302274][ T6459] ? __flush_work+0xa26/0xc50 [ 118.306955][ T6459] ? __flush_work+0x100/0xc50 [ 118.311658][ T6459] ? __up_read+0x291/0x6b0 [ 118.316101][ T6459] ? __pfx___up_read+0x10/0x10 [ 118.320903][ T6459] ? madvise_collapse+0x41e/0xb80 [ 118.325940][ T6459] madvise_collapse+0x451/0xb80 [ 118.330824][ T6459] madvise_vma_behavior+0x1094/0x4460 [ 118.336218][ T6459] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 118.341942][ T6459] ? __lock_acquire+0x6b5/0x2cf0 [ 118.346913][ T6459] ? unwind_next_frame+0xa5/0x23c0 [ 118.352057][ T6459] ? is_bpf_text_address+0x26/0x2b0 [ 118.357280][ T6459] ? is_bpf_text_address+0x292/0x2b0 [ 118.363033][ T6459] ? is_bpf_text_address+0x26/0x2b0 [ 118.368364][ T6459] ? kernel_text_address+0xa5/0xe0 [ 118.373678][ T6459] ? __kernel_text_address+0xd/0x30 [ 118.378999][ T6459] ? unwind_get_return_address+0x4d/0x90 [ 118.384636][ T6459] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 118.391131][ T6459] ? arch_stack_walk+0xfb/0x150 [ 118.395992][ T6459] ? mas_prev_slot+0xb7b/0xbf0 [ 118.400881][ T6459] ? find_vma_prev+0x123/0x1b0 [ 118.405813][ T6459] ? __pfx_find_vma_prev+0x10/0x10 [ 118.411025][ T6459] ? file_ioctl+0x273/0x860 [ 118.415528][ T6459] madvise_walk_vmas+0x573/0xae0 [ 118.420648][ T6459] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 118.426292][ T6459] ? blk_start_plug+0x6e/0x1b0 [ 118.431062][ T6459] madvise_do_behavior+0x386/0x540 [ 118.436532][ T6459] ? __pfx_madvise_do_behavior+0x10/0x10 [ 118.442278][ T6459] ? down_read+0x270/0x2e0 [ 118.446821][ T6459] ? madvise_lock+0x146/0x2e0 [ 118.451627][ T6459] do_madvise+0x1fa/0x2e0 [ 118.455979][ T6459] ? __pfx_do_madvise+0x10/0x10 [ 118.460843][ T6459] ? rcu_is_watching+0x15/0xb0 [ 118.465621][ T6459] ? __pfx_kcov_ioctl+0x10/0x10 [ 118.470576][ T6459] __x64_sys_madvise+0xa6/0xc0 [ 118.475345][ T6459] do_syscall_64+0x14d/0xf80 [ 118.479943][ T6459] ? trace_irq_disable+0x3b/0x150 [ 118.485157][ T6459] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.491326][ T6459] ? clear_bhb_loop+0x40/0x90 [ 118.496107][ T6459] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.502470][ T6459] RIP: 0033:0x7f0f3b39c799 [ 118.507013][ T6459] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 118.526820][ T6459] RSP: 002b:00007f0f3c21d028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 118.535273][ T6459] RAX: ffffffffffffffda RBX: 00007f0f3b616090 RCX: 00007f0f3b39c799 [ 118.543442][ T6459] RDX: 0000000000000019 RSI: 0000000000600003 RDI: 0000200000000000 [ 118.551426][ T6459] RBP: 00007f0f3b432c99 R08: 0000000000000000 R09: 0000000000000000 [ 118.559579][ T6459] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 118.567562][ T6459] R13: 00007f0f3b616128 R14: 00007f0f3b616090 R15: 00007fffe0782848 [ 118.575561][ T6459] [ 118.578581][ T6459] Modules linked in: [ 118.584503][ T6459] ---[ end trace 0000000000000000 ]--- [ 118.623371][ T10] usb 2-1: USB disconnect, device number 5 [ 118.640540][ T6459] RIP: 0010:hpage_collapse_scan_file+0x4f98/0x5230 [ 118.660503][ T6459] Code: ff 4c 89 e7 48 c7 c6 80 b1 dc 8b e8 82 df f1 fe 90 0f 0b 48 85 db 0f 84 03 01 00 00 e8 01 62 90 ff 48 89 df e8 69 5d 7b 09 90 <0f> 0b e8 f1 61 90 ff 48 89 df 48 c7 c6 80 b1 dc 8b e8 52 df f1 fe [ 118.681953][ T6459] RSP: 0018:ffffc9000cfe7120 EFLAGS: 00010246 [ 118.715138][ T6459] RAX: 0000000000000000 RBX: ffff888059657c80 RCX: fce5f54684933000 [ 118.738443][ T6459] RDX: ffffc900105d1000 RSI: 0000000000024d8d RDI: 0000000000024d8e [ 118.754250][ T6459] RBP: ffffc9000cfe7428 R08: ffffc9000cfe6ea7 R09: 1ffff920019fcdd4 [ 118.763168][ T6459] R10: dffffc0000000000 R11: fffff520019fcdd5 R12: ffffea0001439b70 [ 118.791151][ T6459] R13: dffffc0000000000 R14: 0000000000000000 R15: ffffc9000cfe7310 [ 118.800408][ T6459] FS: 00007f0f3c21d6c0(0000) GS:ffff888125536000(0000) knlGS:0000000000000000 [ 118.816004][ T6459] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 118.838429][ T6459] CR2: 000000110c253b5c CR3: 000000007cfbc000 CR4: 00000000003526f0 [ 118.865807][ T6459] Kernel panic - not syncing: Fatal exception [ 118.872072][ T6459] Kernel Offset: disabled [ 118.876396][ T6459] Rebooting in 86400 seconds..