last executing test programs: 1m1.95434092s ago: executing program 2 (id=3): fsmount(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) ioctl$FS_IOC_GETFLAGS(r3, 0x80086601, 0x0) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) close_range(r4, 0xffffffffffffffff, 0x0) semctl$SEM_STAT(0x0, 0x4, 0x12, 0x0) semctl$GETZCNT(0x0, 0x0, 0xf, 0x0) bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0) 1m0.459442423s ago: executing program 2 (id=12): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x220c) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r1, 0x3) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x80000000}, 0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r5, 0x7) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r6, 0x0) r7 = socket$inet_tcp(0x2, 0x1, 0x0) listen(r7, 0x0) r8 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$DCCPDIAG_GETSOCK(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c00000012000301000000000000000000009db7000000000000010004000000000000000000000000000000000000000000000000000000691d0f76e77044d1eb94e56239e4"], 0x4c}, 0x1, 0x0, 0x0, 0x20000000}, 0x800) recvmsg(r8, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x2) 1m0.225672646s ago: executing program 4 (id=5): socket$tipc(0x1e, 0x2, 0x0) syz_io_uring_setup(0x10e, &(0x7f0000000980)={0x0, 0x3375, 0x80, 0x0, 0xb2}, 0x0, &(0x7f0000000280)) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x2001, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) socket(0x10, 0x3, 0x0) syz_io_uring_setup(0x6d5f, &(0x7f0000000940)={0x0, 0x7779, 0x0, 0x100100, 0x256}, 0x0, 0x0) socket$l2tp(0x2, 0x2, 0x73) socket$inet(0xa, 0x1, 0x0) socket$inet6_icmp(0xa, 0x2, 0x3a) socket$inet6_icmp(0xa, 0x2, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$packet(0x11, 0x2, 0x300) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000640)='/sys/power/pm_test', 0x88002, 0x0) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYRES32, @ANYRES16=0x0, @ANYRES8=r0], 0x1c}, 0x1, 0x0, 0x0, 0x20000844}, 0x48885) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r1, &(0x7f0000000000), 0xd) 1m0.098613924s ago: executing program 2 (id=13): ioctl$XFS_IOC_SCRUBV_METADATA(0xffffffffffffffff, 0xc0285840, &(0x7f00000001c0)={0x2, 0x4, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0}) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x1, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_int(r2, 0x6, 0x10, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1b5cb000) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) r5 = syz_open_procfs(0x0, &(0x7f0000000180)='oom_adj\x00') writev(r5, &(0x7f00000001c0)=[{&(0x7f0000000140)}], 0x1) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18010000000000000000000000000000850000002e00000095"], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 57.613422681s ago: executing program 4 (id=16): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r2, &(0x7f0000000040)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x88fd537e5e114b6f, 0x12, r2, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2c, 0xc0, 0x7, 0x6, 0xfb, 0x2, 0xf, 0x4, 0x3, 0x0, 0x0, 0x58, 0x9e, 0x6, 0x6, 0x7f}}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x18addbae, 0x1000000000000fff, 0x0, 0x180, 0x4, 0x14, 0xf1, 0x0, 0x7fffffffffffe, 0x7, 0x8, 0x3, 0xfffffffffffffffe, 0x45, 0x4, 0xbdb], 0xffff1000, 0x1c4213}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x4048010) ioctl$TIOCSRS485(0xffffffffffffffff, 0x5437, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0x4, &(0x7f00000001c0)={0xffffffffffffffff, 0x0, 0x0}, 0x10) 57.092683077s ago: executing program 2 (id=17): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x48) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0x0, 0xffffffff}, 0x0) syz_emit_ethernet(0x7a, &(0x7f00000004c0)=ANY=[@ANYBLOB="ffffffffffffb7feff1eff0086dd674a9e6c00442f8200000000000000000000000000000000ff02000000000000000000000000000104206558000000030c0008000c0086dd88ca88be1200000415030735010000000000c289080022eb000000012e00590402000000000000"], 0x0) setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', 0x0, 0x24, 0x0) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) setxattr$system_posix_acl(0x0, 0x0, 0x0, 0x0, 0x0) rmdir(0x0) syz_open_dev$vim2m(0x0, 0x3, 0x2) openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f0000000280)={0x533a81, 0x1d0, 0x8}, 0x18) socket$nl_generic(0x10, 0x3, 0x10) ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, &(0x7f0000000180)={0x2, {0x2, 0x0, 0x100, 0x3ff, 0xa1, 0x1}}) r2 = syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401) syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0) r3 = fcntl$dupfd(r2, 0x406, r2) ioctl$USBDEVFS_SUBMITURB(r3, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x3, 0x0, 0x0, 0x7995}, 0xfcb5, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0}) 53.015140324s ago: executing program 4 (id=22): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0x4, 0x2}, 0x10) write(r4, &(0x7f0000000000)="240000001a005f0214f9f407000904001f000000ff020002000000000800040001000000", 0x24) mkdirat(0xffffffffffffff9c, 0x0, 0x4) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x240407fd, &(0x7f0000000000)={0x2, 0x24e23, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x50) 49.622501417s ago: executing program 4 (id=25): openat(0xffffffffffffff9c, 0x0, 0x800, 0x0) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r4 = accept4(r3, 0x0, 0x0, 0x800) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) sendmsg$NL80211_CMD_SET_MPATH(r4, &(0x7f00000003c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000340)={&(0x7f0000000880)={0x20, 0x0, 0x4, 0x70bd2d, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x2ee, 0x2d}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x40) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000002c0)=""/86, 0x56}, {0x0}], 0x2}, 0x0) 41.302075805s ago: executing program 32 (id=17): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x48) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0x0, 0xffffffff}, 0x0) syz_emit_ethernet(0x7a, &(0x7f00000004c0)=ANY=[@ANYBLOB="ffffffffffffb7feff1eff0086dd674a9e6c00442f8200000000000000000000000000000000ff02000000000000000000000000000104206558000000030c0008000c0086dd88ca88be1200000415030735010000000000c289080022eb000000012e00590402000000000000"], 0x0) setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', 0x0, 0x24, 0x0) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) setxattr$system_posix_acl(0x0, 0x0, 0x0, 0x0, 0x0) rmdir(0x0) syz_open_dev$vim2m(0x0, 0x3, 0x2) openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f0000000280)={0x533a81, 0x1d0, 0x8}, 0x18) socket$nl_generic(0x10, 0x3, 0x10) ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, &(0x7f0000000180)={0x2, {0x2, 0x0, 0x100, 0x3ff, 0xa1, 0x1}}) r2 = syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401) syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0) r3 = fcntl$dupfd(r2, 0x406, r2) ioctl$USBDEVFS_SUBMITURB(r3, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x3, 0x0, 0x0, 0x7995}, 0xfcb5, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0}) 34.285161816s ago: executing program 33 (id=25): openat(0xffffffffffffff9c, 0x0, 0x800, 0x0) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r4 = accept4(r3, 0x0, 0x0, 0x800) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) sendmsg$NL80211_CMD_SET_MPATH(r4, &(0x7f00000003c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000340)={&(0x7f0000000880)={0x20, 0x0, 0x4, 0x70bd2d, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x2ee, 0x2d}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x40) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000002c0)=""/86, 0x56}, {0x0}], 0x2}, 0x0) 17.908135846s ago: executing program 1 (id=54): prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) syz_open_procfs(0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) r3 = openat$udambuf(0xffffffffffffff9c, 0x0, 0x2) r4 = memfd_create(0x0, 0x2) ftruncate(r4, 0xffff) ioctl$UDMABUF_CREATE(r3, 0x40187542, &(0x7f0000000140)={r4, 0x0, 0x0, 0x4000}) mount(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x1214040, 0x0) syz_open_dev$ttys(0xc, 0x2, 0x0) r5 = socket$netlink(0x10, 0x3, 0x9) sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={{0x14, 0x3e8}, [], {0x14, 0x3f5, 0x1, 0x0, 0x0, {0x3}}}, 0x28}, 0x1, 0x0, 0x0, 0x44840}, 0x0) syslog(0x4, &(0x7f0000002240)=""/142, 0x8e) 14.266164147s ago: executing program 1 (id=55): syz_io_uring_setup(0x599e, &(0x7f0000000200)={0x0, 0x6775, 0x0, 0x1, 0x102}, 0x0, &(0x7f0000000280)=0x0) syz_io_uring_submit(0x0, r0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'macsec0\x00', 0x112}) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x80000, 0x0) ioctl$TUNGETVNETBE(r2, 0x800454df, 0x0) write$tun(r2, &(0x7f00000008c0)=ANY=[@ANYBLOB], 0x1fc) sendmsg$nl_route(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000240)=ANY=[@ANYRES32, @ANYBLOB="001000008000000008000f002000000014003500726f7365300000000000000000000000a40034801400350180696d367265673000000020000000001400400076657468305f6d614176746170000000140035006d61637674617030020000000000000014"], 0xe8}}, 0x20040014) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x1) unshare(0x8040480) syz_open_dev$evdev(&(0x7f00000001c0), 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) pipe(0x0) add_key(&(0x7f0000000380)='asymmetric\x00', 0x0, &(0x7f0000000880)="1080", 0x2, 0xffffffffffffffff) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) r5 = syz_open_dev$dri(&(0x7f0000000280), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r5, 0xc01064c8, &(0x7f0000000200)={0x0, 0x2000000, 0x0}) close_range(r4, 0xffffffffffffffff, 0x0) 13.832459956s ago: executing program 0 (id=56): socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000740)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x10000, {{@in=@multicast2, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa, 0x20}, {0x8, 0x10, 0x100000002, 0x0, 0xfff, 0xffffffffffffb473, 0xffffffffffffffff}, {0x1000000000, 0x2000000000000000, 0x2, 0xffffffffffffffff}, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x3}}, 0xb8}}, 0x4004) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x4000015}, 0x2c000010) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x7, 0x0, 0x0) r1 = socket$inet(0xa, 0x801, 0x84) connect$inet(r1, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r1, 0xfffffffd) r2 = accept4(r1, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3}}, &(0x7f0000000080)='syzkaller\x00', 0x8, 0x0, 0x0, 0x41000}, 0x94) recvmmsg(r2, &(0x7f0000001000), 0x581, 0x40000000, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f00000002c0)={0x1, 0x1, 0x2, 0xff, 0xa4, 0x0, 0x1, 0x0, 0x5, 0x28, 0x0, 0x0, 0x2, 0x20}, 0xe) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r2, 0x84, 0x6, 0x0, &(0x7f0000000180)) write$cgroup_pressure(0xffffffffffffffff, &(0x7f0000000140)={'full'}, 0xfffffdef) socket$nl_route(0x10, 0x3, 0x0) socket$l2tp6(0xa, 0x2, 0x73) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)={0x34, 0x0, 0x917, 0x70bd26, 0x1000000, {}, [@L2TP_ATTR_UDP_SPORT={0x6, 0x1a, 0x4e23}, @L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x4}]}, 0x34}}, 0x0) r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r4, 0x0, 0x0) 13.081982441s ago: executing program 0 (id=57): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x46, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26}) clock_adjtime(0x0, &(0x7f0000000000)={0x66b7, 0x0, 0x0, 0x7, 0x0, 0x80000000e, 0x77, 0x100000001, 0x10000004000, 0x3, 0x3, 0x248a, 0x0, 0x8000000000, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x2, 0x7ff, 0x6, 0xa, 0x0, 0xf439}) r3 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r3, &(0x7f0000000200)={0x2a, 0x4}, 0xffffffffffffff71) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xfe, 0x7fff0006}]}) openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0xa2003, 0x0) r4 = syz_open_dev$dri(&(0x7f0000000280), 0x1ff, 0x140) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r4, 0xc00c642e, &(0x7f00000000c0)) 10.309104234s ago: executing program 0 (id=59): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x3d6d9000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfff}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000180)={0x1, &(0x7f0000000000)=[{0x6, 0x7, 0x0, 0x7fff8000}]}) close_range(r3, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) io_pgetevents(0x0, 0xa5, 0x0, 0x0, 0x0, 0x0) move_pages(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$inet(r5, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r4, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xc, 0x0, &(0x7f0000000340)) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, 0x0, 0x0) setsockopt$inet_sctp_SCTP_SET_PEER_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x5, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) 10.282384842s ago: executing program 1 (id=61): r0 = open(0x0, 0x14927e, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/input/devices\x00', 0x0, 0x0) fallocate(r0, 0x0, 0x0, 0x1001f0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000100)={0x80000000, 0x0, 0xfffffffc}, 0x10) write(r1, &(0x7f0000000000)="240000001a005f0214f9f407000904001f000000fe0000000000000008000f00fd000000", 0x24) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) r2 = getpgrp(0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000040)=0x5) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000032680)=""/102392, 0x18ff8) r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="0200000044000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB="0000000400"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) r7 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$SO_BINDTODEVICE(r7, 0x1, 0x19, &(0x7f00000005c0)='syz_tun\x00', 0x10) sendto$inet(r7, 0x0, 0x0, 0x24000840, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) syz_emit_ethernet(0x36, &(0x7f00000002c0)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x10}}}}}}, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000340)={0x1b, 0x0, 0x0, 0x40000, 0x0, r6, 0xfff}, 0x50) r8 = syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) syz_kvm_add_vcpu$x86(r8, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@wr_drn={0x68, 0x20, {0x0, 0x1}}], 0x20}) 7.56806243s ago: executing program 1 (id=62): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000207d1e512d00000000000109022400010000000009040000010300020009210000000122050009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) socket$inet6(0xa, 0x3, 0x1) syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) socket$nl_route(0x10, 0x3, 0x0) bind$bt_hci(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000780)={0x24, 0x0, 0x0, &(0x7f00000007c0)={0x0, 0x22, 0x7, {[@main=@item_012={0x1, 0x0, 0xc, "03"}, @main=@item_4={0x3, 0x0, 0xb, "ee52e7a8"}]}}, 0x0}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) 6.765467807s ago: executing program 0 (id=65): arch_prctl$ARCH_SHSTK_DISABLE(0x5002, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mount$cgroup2(0x0, &(0x7f0000000000)='./cgroup.cpu/cgroup.procs\x00', &(0x7f0000000080), 0x0, &(0x7f00000001c0)={[{@memory_hugetlb_accounting}, {@favordynmods}]}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(0x0, 0x0) mount(0x0, 0x0, 0x0, 0x2014800, 0x0) r3 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC(r3, 0x0, 0xcc, 0x0, 0x0) r4 = socket(0x10, 0x803, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'team_slave_1\x00'}) sendmsg$nl_route_sched(r4, 0x0, 0x24040084) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x2, 0x0, 0x0, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$sock_buf(r6, 0x1, 0x6, &(0x7f0000000400)=""/204, &(0x7f0000003080)=0xcc) 5.17878616s ago: executing program 0 (id=67): r0 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) symlinkat(&(0x7f0000000000)='.\x00', r1, &(0x7f0000000140)='./file0\x00') r2 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0) writev(r2, &(0x7f0000000100), 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r4, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000740)=[0x2], 0x0, 0x0, 0x1}}, 0x40) unshare(0x22020600) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) shmdt(0x0) readlink(&(0x7f0000000180)='./file0/../file0/file0\x00', &(0x7f0000000240)=""/93, 0x5d) r5 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r5, 0x40046207, 0x0) r6 = mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r5, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000140)={0x58, 0x0, &(0x7f00000000c0)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}, @free_buffer={0x40086303, r6}], 0x0, 0x0, 0x0}) unlinkat(r1, &(0x7f00000001c0)='./file0/../file0/file0\x00', 0x0) 3.21530422s ago: executing program 3 (id=70): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TLS_TX(r0, 0x6, 0x1, &(0x7f00000000c0)=@gcm_256={{0x303}, '\x00', "5193bb672965593497c186a80e00", '\x00\x00=*', "1202000000040030"}, 0x38) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x4e22, 0x1, @rand_addr=' \x01\x00', 0x2}}, 0x0, 0x0, 0x25, 0x0, "c43b9320585854378463e5d9ac44984ed4936350a7f170f645640905822998ca06b3a771e3ab05c927d207f7d21d93b1d5e068c6a0652a79973d9cbb62bd8c26deb2eae0b68847b15bbe30539483f6e7"}, 0xd8) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000400)={@in6={{0xa, 0x4e24, 0x8, @loopback}}, 0x0, 0x0, 0x41, 0x0, "b208405cce4456e4fc8f2dabd194ff3763f799f91cf7e5e8260998f956ec57c24451db07550335ebf4a3d0168ccaa268e928f39cd7494c2b19ebef230a3373685fbacfcf3b6e9633bd997a9bfcf08f67"}, 0xd8) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000020, &(0x7f0000000040)=0xa, 0x1959cc36) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]}) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10040003}, 0x0) keyctl$instantiate_iov(0x14, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x143142, 0x40) r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000100)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_UNMAP(r4, 0x3b86, &(0x7f0000000680)={0x18, r5, 0x3}) socket$nl_route(0x10, 0x3, 0x0) r6 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r6, 0x107, 0x12, &(0x7f0000000000), 0x8) socket$packet(0x11, 0x2, 0x300) r7 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r7, 0x107, 0x12, &(0x7f0000000140)={0x1, 0x6}, 0x4) close_range(r1, 0xffffffffffffffff, 0x0) 2.857018747s ago: executing program 3 (id=71): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) getpid() r0 = syz_open_procfs(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) preadv2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) mknodat$loop(r0, 0x0, 0x6004, 0x1) setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000000180)={0x1, {{0x2, 0x0, @multicast2}}}, 0x88) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000003240)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10, 0x0}}], 0x1, 0x4000800) r4 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r4, &(0x7f0000000000), 0x10) r5 = socket$inet(0x2, 0x2, 0x0) getsockopt$inet_opts(r5, 0x0, 0x4, 0xfffffffffffffffe, &(0x7f0000000200)) mount(&(0x7f0000000240), &(0x7f0000000040)='.\x00', &(0x7f0000000140)='f2fs\x00', 0x0, 0x0) 1.51310023s ago: executing program 0 (id=72): syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000014da2108ab1204000000000000010902240001b30000040904410c17ff5d810009050f1f05e13f000009058303"], 0x0) 1.328940179s ago: executing program 3 (id=73): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000026c0), 0x80000, 0x0) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000002700)=0x1) 1.205695913s ago: executing program 1 (id=74): r0 = fsopen(&(0x7f0000000000)='exfat\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000001100)='iocharset', &(0x7f0000001140)='\xe0^@&&}\'\x00', 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet(0x2, 0x1, 0x100) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) r3 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0) r4 = gettid() fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) tkill(r4, 0xb) ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, &(0x7f00000006c0)={0x4, 0x0, 0x0, 0x0, 0x132, 0x3}) ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(0xffffffffffffffff, 0xf504, 0x0) close(0x3) socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0xa}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x201, 0x0, 0x0, {0xa}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_HOOKNUM={0x8}, @NFTA_HOOK_PRIORITY={0x8}]}]}, @NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x5, 0x0, 0x0, {0x0, 0x0, 0x4}}], {0x14}}, 0x9c}}, 0x0) 1.093589679s ago: executing program 3 (id=75): prctl$PR_SET_TIMERSLACK(0x1d, 0x7ffffff9) 644.886148ms ago: executing program 3 (id=76): syz_emit_ethernet(0x52, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @void, {@ipv4={0x800, @tcp={{0xc, 0x4, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x5, 0x0, @dev={0xac, 0x14, 0x14, 0x41}, @rand_addr=0x64010100, {[@timestamp_addr={0x44, 0x14, 0x5, 0x3, 0x0, [{@multicast2}, {@private=0xa0100ff, 0x1}]}, @ssrr={0x89, 0x3, 0xce}, @lsrr={0x83, 0x3, 0x1}]}}, {{0x4e20, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0x3}}}}}}, 0x0) 268.918036ms ago: executing program 3 (id=77): syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xf635, 0x2000, 0x0, 0xfffffffc}, &(0x7f0000000240), 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) shutdown(r3, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4, @local}]}, &(0x7f0000000240)=0x10) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f00000001c0)={0xc7e, 0x5, {r0}, {}, 0x7a, 0x3}) setresuid(0x0, 0x0, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="02000000040000000800", @ANYRES32=0x1, @ANYBLOB="030000000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="020000000000000002000000000000010000000000000000"], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000000c0)={&(0x7f0000000a00)="2ec62918839c76120082058a8d001cadfc9ad5c80a4444681c0eaef58dc50ea8463fe93a87ff4f3bcca0f480469383243d731aaffad64bcc7497440fbe0114b08487b941904b0eb8ee67a8cd9117d1593b7ab0e79f7b73e0e504aa84abebe09663bc17cd8d4949d73d7c7bbbb60fef61a1251dab8c762de7d0a6f8f412f0cc3cd1de7d5df9b2f93746db69c33103f5ba20e5c334fbe2d9aa165c086e41b6439295ca5fd0e069baa57cc138ee4fb2ed1d417c494ccd1f7f83db92532abf400cb4a4eb3d6f925ff7ee3dd9beb779ca1bdaf1125f7b669c4abd8f45a7bf503d7bcef9d753a8bbd1f95d2b670039b290881f22f8b65ed2fc436b425b865d9cf91c66838dfd0e9ffdc2ed266d32fd23371dc9c706c4bac963866dff9794f8af5c7e4425ee4cabd5ebc8f2aa6b62e61c7ea526a8a3cad6a0df25ba227ca74d7f6fdf1ae2f559491837c777aafc87aff7b2b37b5cbcefe3d017c1c4bf1c4566f6cc011911397b348005e100a205ae6eab8453987569047da76cd7bac8b4c5d6495c35df74094ce7deeb442d47adf64c405b4f43282eea7a49d882fd46aa925102806b50a0746f29866d2448f6b8a461d5c50529883c16afde62bc0a09357be2438f55671a7d4a1a7ebddca90ed53370d11cf1ce50b082279833eccd108606beea351e0eb011165fd85fff3f7973fb0a66edaea844df796d3213dbee43f57dc96da8cc254d400709073a7c44904c94513df4e1e74fb333d3d3f707a566ec8905297f27dbf960862d09bddef41d8054bce7b8ee4db874992689af0eeb81afe67bb238c4501f980d114594c18b72629acbd302a2f8f91aa9d60d70b5af891082cedf7da7e24185d572804729c147c5a7d3661279fdb3e7018579c46dfd0f51fa3c33b92c99d85fa38c7cf6a8a45abd340c69cc8173538fb846bd29b7b8c48bbdb54d540bd4cbe2707ac558917064ee772369d4d9a7ca515b0ea5f94d094ca03d4f4cb55b69e59f09a3f8273af98785f032f132f0f68d3828d690aba5ad4f06c946619d59c3acce0e7cda916b32a87a4937c1dff03ff474451241b10a159b82e13cc1aa7f4373a3af5ad7edb958af7be3cc7b5ac50da1968dd52886be57d6e376549249a885d38c23c532cbe6447f24a302cf455919ed59dcecc9547b6e3ac43fa4fa6386e8240c1c55f7830d395281e9980c3a58e748d6f6e00e88ff04e7f8c036c4ef692685f62848d4cf5edb1cbb0ea505fc476fe806409fd506b42858dcbd5630e5569feb0092d77141b71869713817bad9e0d53ca235446ba2b1ca21010ab47c48e66468acd8d07e85a162b54b3ab46701cf6891bac64091861c508daa556ef06aedebe04685db1387faf00ffa0fe8d4a04ed1d2e91cb110d0e202ad4d5b398e261265ffd91f07c2d5d9ec5a465309a1b1e182f1964858545d8fb1dc3bcb4cb72d3090b3639dcc7f66f900ce3fe3b602c6d307808a528dbc93f7c38d2b5d275bd0c2e08aecb10c930530cc2d0a5447708417f93656b4bcf91f99f6cb85e38e38ee540a2a04b8b44bc993f5e135cfa692a80ccac79e7a4f69d272502fd04a5641d860a52850dffd1a8acc90507b4afd2ba6d6b9dab8c9fc40db75c5c7a6c138252dd740cf6f33495db4fbd1a8ad98a50e1e320f1385261c877f2c38c74fedea4f7f29006d49b37ad82d2d242dbccdddb61e41df7e1183e64133342a73371a1a320fe411ee662d4687bb486415357ebc806968a1d2e1cbfea080850942093643a201392630767699a7b9753cbfe259c5060f9a65f4b81fdc317a8d9d7818fca15dac85ac6461110eb0e5cdf4a0545f352091d4fbe20e7143c5cd7045a10b8f306c5e30b8a78a2e4bb5f68c7e487d5d4f594cc74f18b3c342b838b27fd3f650b5e4ca47c4c745d28e4e6551427115bca56e282d487e7016fa6556de2e78c272905011ec7f6d76f8513c222a21cc129cc5b106e6023cb6250884d9e2a373c6cfdd46d42ba946fe7efcc72620f4e96ba8917d7f46c49aab5cfd9dd9223596e85193099506561c30da1ea094b97fb9b0e8f925a76772d6642ac203d832141deef392cc1f44c6d6a75a57b69f0e51e681dd1f167a7ecc172e05034d3ce4a140d38caea1d70854a165b93c405799ee7b7a20f11c83d676c865bae23b5984963eca96d60eed740212cd889e61d2dd42e9b2cd63a32d1516662aa2a394cd365b9ef6c24fa00e7cb54168ea85cac0be7f40b0f464d0ba2f02a2c43b3f1b97f93acca3b7ec766cb1c72937ba851791240dc62700f266c64c385b0f9d26ecde162e7d3c6174d39eb9e0ab1c3c96605e56ac6e5c78745723196d0ac004b4e434e6b84d2a3af89673e670eeeec2b80db4a60faec70e40615ecd62fffaba781b611dec79cdf9e07fd18a71c85260a7c631ce036b658ee33b155fcef5977f43f112e5e84f03072ad2854d8fc2b662454cd068839067eb1e38a3d91f7fa0a39a322b64d6f7a7ba034deebb4e3c4a7863b7480d8d4ed8799acdd4e71cd9c88240bb6c8f603e68647070468343c07ce09310697db2520ca74df44fcdf21495b3c9d196fc507903cd0073873e037d9471295edd314c911cb243b809b04e970d668a064fc9008877f396650ae15f79185de3f890d4b81d2568befc10d2a57f4914eb00a42f9c25c2c85e9fec72b19a6c1e4e0cb9d2b783dd728205a7999bef1d5f0263d0a4f7b8fe8ce5d287dcc0f7380bbaab71b32e35aa7a94445dc3fe24b1307af0c0347906ff7df20aa82294a7d28909dd6da38e0136726709ad1a08e1df4cc5fea46047c6ddf5dff52895cd44ede8bb661c33b2fbebc9b830b8878945e7bfe61e2f73dc49604432f2644d1f1dfe9c6bc053204e419f38378293b355fa9848163cda7ea475a06c822fd32b034cb3e622d575eb491127628917d8b859a7ea3ee36b427d9aa0459e746d3916a49a6eec6a69e0e7e3d25723e47af15456318397be65437e721f1dcb531bc15d51b45049a6e29f3e447aa8680f193b80aac533fa983c7c271383b3fb76ab7013e47308e776bddde7194ff3266b8bb402d9dc3c10b31c421571ad462c1290815dda03d9a229c2224fe5a8ac635da0018a7f8433772751a4ac7fd2ed97f000f525ec36de37480b15cdfaa007f1e4b957e17ea445f975e7f49b21cb62ab4506c28dc5251e76ac245451cfa33f514c030e959f8d49a1cdef4cd480dc35e35f2b1729757708a0cc9bc43e22a358a0a590bfc64d19d777b8ccdd3f991b3b80b8090c047ca75a400e470bdee9090484a7988fa2209accf7d734bb5d3a4d1951340f65677b100a2f8bb3d4c50e018b64d718465896443e081f96cdb6de8b8c5a70d2353f90a1a9e64f0673d0cd4b99b8982702de361a3690051372ff7caddf18d9569c7f4026a5c70a01b92f791f2a00f0c67963277926d1b80cba2d611c1cf399f2cab7806d4d656f904e8fa68e5f89e51b40d0f4e76a64a8788b22d85c9b42c86882610397e11770b8255dc9a53aab9301d29ba5354aca37ed3bb2f3bd696591d02b087beac293052fbaab1ffe3de5b1ed9f5e7ce38420d97cc94c09", &(0x7f0000000040)=""/17, &(0x7f0000001a00), &(0x7f0000000340)="fde7652b71e30d6b71a557d49c9bf726630b4fca1e29fa8b1562b2a12cc6cdd2706a37a184faba4cf52cba74ad98404d888f9148cfad492be378615449b89839af32e501bd796eadad3dc0c73d92e37287104ce4b14ea94b0570a9e102071cdb45307c69f84255cdb11855cc3a525cd9685374a1fffd84391eab5f339a97eb6533aa0c3387999d531b94d8977dd24f1fe613e863a5cad547cc2de65db3035650e1b77359d7eaddd0ea5f8b5819c24675c9e3043809251b2c97d05c9f9dde7346cd0b6f4fec447262a80107", 0xd865824c, r6}, 0x38) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000300)={'wg0\x00'}) sendmsg$nl_route_sched(r5, 0x0, 0x10) r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r7, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) listen(r7, 0x90004) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e130100c90001"], 0x16) accept(r7, 0x0, 0x0) 0s ago: executing program 1 (id=78): r0 = io_uring_setup(0x667, &(0x7f0000000000)={0x0, 0x8dd3, 0x1, 0x42, 0x235}) io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) r1 = socket$igmp(0x2, 0x3, 0x2) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000240)={'batadv0\x00', &(0x7f0000000300)=@ethtool_drvinfo={0x3, "16bfdabca747e90e11bdf6835fa0edfa669ebc5e0643fe3b7afffc3029ada84c", "8daa98d0a4cd17f8f8f29aa737d8fe41fcb6eb7561ff135fae74e79620959a1b", "1a6651a0ebc9db7ba3bce057d4b713ac3055652ff2c20a46607d409e26b61c9f", "7a2790c0075174f30e6e14724470fad3daa296765065ae57c8b4a351d5cc3e71", "68ca0492d3ae808787b030f9777750abbcad3ee446e7ff4c8acae360b20bbf5f", "0cc8e9d0cfdc124e7f1c97b1", 0x32, 0x7, 0xf6f, 0x6, 0x6}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x800400, &(0x7f0000000300)=ANY=[@ANYBLOB='usrquota,usrquota_block_hardlimit=8']) chown(&(0x7f00000003c0)='./file0\x00', 0x0, 0xee01) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) r6 = memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xcda\x9b\x11X\x0e\xa1\xcf\x1a\x98S7\xc9\x00'/47, 0x2) ftruncate(r6, 0xffff) fcntl$addseals(r6, 0x409, 0x7) r7 = ioctl$UDMABUF_CREATE(r5, 0x40187542, &(0x7f0000000000)={r6, 0x0, 0x0, 0x8000}) ioctl$DMA_BUF_IOCTL_SYNC(r7, 0x40086200, &(0x7f00000001c0)=0x1) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.13' (ED25519) to the list of known hosts. [ 85.092267][ T5783] cgroup: Unknown subsys name 'net' [ 85.333449][ T5783] cgroup: Unknown subsys name 'cpuset' [ 85.389107][ T5783] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 87.461405][ T5783] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 89.804124][ T5799] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 89.807396][ T5799] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 89.828511][ T5804] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 89.829298][ T5804] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 89.839058][ T5804] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 89.839866][ T5804] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 89.843102][ T5799] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 89.844220][ T5799] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 89.872354][ T5114] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 89.878763][ T5114] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 89.948748][ T60] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 89.957452][ T5114] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 89.958388][ T5114] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 89.960804][ T5114] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 89.962479][ T5114] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 90.043913][ T5114] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 90.046992][ T5114] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 90.048468][ T5114] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 90.071652][ T5114] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 90.073686][ T5114] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 90.118903][ T60] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 90.135670][ T60] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 90.151746][ T60] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 90.181798][ T60] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 90.203449][ T60] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 90.932502][ T5796] chnl_net:caif_netlink_parms(): no params data found [ 91.044177][ T5797] chnl_net:caif_netlink_parms(): no params data found [ 91.059742][ T5808] chnl_net:caif_netlink_parms(): no params data found [ 91.118830][ T5806] chnl_net:caif_netlink_parms(): no params data found [ 91.326630][ T5811] chnl_net:caif_netlink_parms(): no params data found [ 91.392801][ T5796] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.394187][ T5796] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.394575][ T5796] bridge_slave_0: entered allmulticast mode [ 91.396618][ T5796] bridge_slave_0: entered promiscuous mode [ 91.471975][ T5796] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.472105][ T5796] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.472295][ T5796] bridge_slave_1: entered allmulticast mode [ 91.474140][ T5796] bridge_slave_1: entered promiscuous mode [ 91.572426][ T5797] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.572545][ T5797] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.572681][ T5797] bridge_slave_0: entered allmulticast mode [ 91.574545][ T5797] bridge_slave_0: entered promiscuous mode [ 91.577300][ T5808] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.577419][ T5808] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.577584][ T5808] bridge_slave_0: entered allmulticast mode [ 91.586411][ T5808] bridge_slave_0: entered promiscuous mode [ 91.663135][ T5808] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.663332][ T5808] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.663514][ T5808] bridge_slave_1: entered allmulticast mode [ 91.665600][ T5808] bridge_slave_1: entered promiscuous mode [ 91.667893][ T5797] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.668020][ T5797] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.673899][ T5797] bridge_slave_1: entered allmulticast mode [ 91.682004][ T5797] bridge_slave_1: entered promiscuous mode [ 91.720452][ T5806] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.720566][ T5806] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.720969][ T5806] bridge_slave_0: entered allmulticast mode [ 91.722870][ T5806] bridge_slave_0: entered promiscuous mode [ 91.740860][ T5796] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.797929][ T5806] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.805437][ T5806] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.805609][ T5806] bridge_slave_1: entered allmulticast mode [ 91.807417][ T5806] bridge_slave_1: entered promiscuous mode [ 91.831665][ T5796] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.869787][ T10] cfg80211: failed to load regulatory.db [ 91.983692][ T5808] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.991789][ T5797] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.020475][ T5114] Bluetooth: hci1: command tx timeout [ 92.020947][ T5114] Bluetooth: hci0: command tx timeout [ 92.065448][ T5808] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.080950][ T5797] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.081269][ T5811] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.081373][ T5811] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.081511][ T5811] bridge_slave_0: entered allmulticast mode [ 92.083340][ T5811] bridge_slave_0: entered promiscuous mode [ 92.097789][ T5806] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.098231][ T60] Bluetooth: hci2: command tx timeout [ 92.113774][ T5796] team0: Port device team_slave_0 added [ 92.165715][ T5811] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.165835][ T5811] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.165964][ T5811] bridge_slave_1: entered allmulticast mode [ 92.167848][ T5811] bridge_slave_1: entered promiscuous mode [ 92.182729][ T60] Bluetooth: hci3: command tx timeout [ 92.202594][ T5806] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.216718][ T5796] team0: Port device team_slave_1 added [ 92.258251][ T60] Bluetooth: hci4: command tx timeout [ 92.309314][ T5808] team0: Port device team_slave_0 added [ 92.311589][ T5797] team0: Port device team_slave_0 added [ 92.367417][ T5808] team0: Port device team_slave_1 added [ 92.375615][ T5797] team0: Port device team_slave_1 added [ 92.380176][ T5811] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.392435][ T5806] team0: Port device team_slave_0 added [ 92.399814][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.399827][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.399847][ T5796] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.482157][ T5811] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.484569][ T5806] team0: Port device team_slave_1 added [ 92.485676][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.485692][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.485722][ T5796] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.618479][ T5808] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.618493][ T5808] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.618515][ T5808] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.619673][ T5797] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.619688][ T5797] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.619716][ T5797] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.720465][ T5808] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.720478][ T5808] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.720499][ T5808] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.721612][ T5797] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.721624][ T5797] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.721643][ T5797] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.724268][ T5811] team0: Port device team_slave_0 added [ 92.725098][ T5806] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.725111][ T5806] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.725139][ T5806] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.816975][ T5811] team0: Port device team_slave_1 added [ 92.823031][ T5806] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.823077][ T5806] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.823155][ T5806] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.274233][ T5796] hsr_slave_0: entered promiscuous mode [ 93.275440][ T5796] hsr_slave_1: entered promiscuous mode [ 93.328755][ T5811] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.328768][ T5811] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 93.328788][ T5811] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.405954][ T5811] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.405976][ T5811] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 93.405996][ T5811] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.435301][ T5797] hsr_slave_0: entered promiscuous mode [ 93.442670][ T5797] hsr_slave_1: entered promiscuous mode [ 93.445550][ T5797] debugfs: 'hsr0' already exists in 'hsr' [ 93.445835][ T5797] Cannot create hsr debugfs directory [ 93.476198][ T5808] hsr_slave_0: entered promiscuous mode [ 93.477283][ T5808] hsr_slave_1: entered promiscuous mode [ 93.478007][ T5808] debugfs: 'hsr0' already exists in 'hsr' [ 93.478031][ T5808] Cannot create hsr debugfs directory [ 93.544808][ T5806] hsr_slave_0: entered promiscuous mode [ 93.545788][ T5806] hsr_slave_1: entered promiscuous mode [ 93.546484][ T5806] debugfs: 'hsr0' already exists in 'hsr' [ 93.546502][ T5806] Cannot create hsr debugfs directory [ 93.757331][ T5811] hsr_slave_0: entered promiscuous mode [ 93.759200][ T5811] hsr_slave_1: entered promiscuous mode [ 93.761630][ T5811] debugfs: 'hsr0' already exists in 'hsr' [ 93.761694][ T5811] Cannot create hsr debugfs directory [ 94.098416][ T5114] Bluetooth: hci1: command tx timeout [ 94.098524][ T60] Bluetooth: hci0: command tx timeout [ 94.178343][ T60] Bluetooth: hci2: command tx timeout [ 94.258436][ T60] Bluetooth: hci3: command tx timeout [ 94.338432][ T60] Bluetooth: hci4: command tx timeout [ 94.627230][ T5796] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 94.677108][ T5796] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 94.693160][ T5796] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 94.741295][ T5796] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 94.854808][ T5797] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 94.921918][ T5797] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 94.955727][ T5797] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 95.011226][ T5797] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 95.141186][ T5808] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 95.171739][ T5808] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 95.208453][ T5808] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 95.266284][ T5808] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 95.397197][ T5806] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 95.450668][ T5806] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 95.498883][ T5806] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 95.552255][ T5806] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 95.726623][ T5811] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 95.772145][ T5796] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.773444][ T5811] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 95.818501][ T5811] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 95.865068][ T5811] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 95.956300][ T5796] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.985420][ T5797] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.015000][ T57] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.015761][ T57] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.066123][ T1164] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.066261][ T1164] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.115330][ T5797] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.154862][ T5808] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.156794][ T1164] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.156972][ T1164] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.179730][ T5114] Bluetooth: hci1: command tx timeout [ 96.179830][ T60] Bluetooth: hci0: command tx timeout [ 96.229042][ T1164] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.229200][ T1164] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.259855][ T60] Bluetooth: hci2: command tx timeout [ 96.312629][ T5808] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.338374][ T60] Bluetooth: hci3: command tx timeout [ 96.343968][ T5806] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.363007][ T1017] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.363149][ T1017] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.409440][ T1017] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.409565][ T1017] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.418413][ T60] Bluetooth: hci4: command tx timeout [ 96.493163][ T5806] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.565448][ T5811] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.583138][ T4222] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.583285][ T4222] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.644970][ T93] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.645105][ T93] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.731762][ T5811] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.787151][ T4222] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.792455][ T4222] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.842310][ T4222] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.842480][ T4222] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.011673][ T5796] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.221354][ T5797] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.316161][ T5796] veth0_vlan: entered promiscuous mode [ 97.380920][ T5796] veth1_vlan: entered promiscuous mode [ 97.402796][ T5808] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.467839][ T5806] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.535565][ T5797] veth0_vlan: entered promiscuous mode [ 97.576599][ T5796] veth0_macvtap: entered promiscuous mode [ 97.604928][ T5797] veth1_vlan: entered promiscuous mode [ 97.629790][ T5811] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.635347][ T5796] veth1_macvtap: entered promiscuous mode [ 97.721880][ T5808] veth0_vlan: entered promiscuous mode [ 97.793303][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.793716][ T5806] veth0_vlan: entered promiscuous mode [ 97.825521][ T5808] veth1_vlan: entered promiscuous mode [ 97.847384][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.884910][ T5806] veth1_vlan: entered promiscuous mode [ 97.886941][ T5797] veth0_macvtap: entered promiscuous mode [ 97.914087][ T4222] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.927060][ T4222] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.950061][ T5797] veth1_macvtap: entered promiscuous mode [ 97.951169][ T4222] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.972805][ T4222] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.162604][ T5797] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.200890][ T5808] veth0_macvtap: entered promiscuous mode [ 98.233276][ T5797] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.252227][ T5808] veth1_macvtap: entered promiscuous mode [ 98.257451][ T5806] veth0_macvtap: entered promiscuous mode [ 98.259390][ T5114] Bluetooth: hci1: command tx timeout [ 98.259436][ T60] Bluetooth: hci0: command tx timeout [ 98.316152][ T93] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.330498][ T93] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.333753][ T5806] veth1_macvtap: entered promiscuous mode [ 98.336839][ T93] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.347778][ T60] Bluetooth: hci2: command tx timeout [ 98.365983][ T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.366044][ T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.396710][ T93] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.419199][ T60] Bluetooth: hci3: command tx timeout [ 98.492623][ T5808] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.498826][ T60] Bluetooth: hci4: command tx timeout [ 98.583623][ T93] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.583645][ T93] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.603917][ T5808] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.623005][ T5806] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.672864][ T5811] veth0_vlan: entered promiscuous mode [ 98.733781][ T4222] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.737014][ T5806] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.755252][ T4222] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.772255][ T4222] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.824707][ T4222] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.852408][ T5811] veth1_vlan: entered promiscuous mode [ 98.856893][ T4222] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.877667][ T4222] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.877749][ T4222] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.877765][ T4222] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.939470][ T4222] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.966615][ T4222] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.278126][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 99.308136][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 99.478095][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 99.578151][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 99.818126][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 99.985535][ T1414] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.985556][ T1414] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.251926][ T169] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.251947][ T169] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.309005][ T5811] veth0_macvtap: entered promiscuous mode [ 100.329708][ T5811] veth1_macvtap: entered promiscuous mode [ 100.368424][ T5811] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.402529][ T5811] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.462859][ T169] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.466578][ T169] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.155708][ T5919] workqueue: Failed to create a rescuer kthread for wq "xfs-buf/nullb0": -EINTR [ 101.275139][ T169] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.278836][ T40] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.350350][ T1164] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.350372][ T1164] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.798134][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 101.798179][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 101.798215][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 101.798251][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 101.798287][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 102.270323][ T5928] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 103.928337][ T5935] netlink: 'syz.3.8': attribute type 21 has an invalid length. [ 103.928478][ T5935] IPv6: NLM_F_CREATE should be specified when creating new route [ 104.754027][ T1028] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.754049][ T1028] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.979280][ T1185] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.979302][ T1185] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.143396][ T169] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.143419][ T169] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.812550][ T5943] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22 [ 105.812741][ T5943] netdevsim netdevsim0: Direct firmware load for . failed with error -22 [ 105.812817][ T5943] netdevsim netdevsim0: Falling back to sysfs fallback for: . [ 106.297423][ T1412] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.297447][ T1412] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.353376][ T5949] Zero length message leads to an empty skb [ 109.024230][ T5968] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 110.339596][ T5962] Bluetooth: MGMT ver 1.23 [ 110.347539][ T5962] Bluetooth: hci0: invalid length 0, exp 2 for type 16 [ 110.777819][ T5974] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 111.391616][ T5916] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 111.588254][ T5916] usb 4-1: Using ep0 maxpacket: 8 [ 111.612142][ T5916] usb 4-1: unable to get BOS descriptor or descriptor too short [ 111.617532][ T5916] usb 4-1: config 4 interface 0 has no altsetting 0 [ 111.626169][ T5916] usb 4-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 111.626229][ T5916] usb 4-1: New USB device strings: Mfr=2, Product=0, SerialNumber=3 [ 111.626252][ T5916] usb 4-1: Manufacturer: syz [ 111.626290][ T5916] usb 4-1: SerialNumber: syz [ 111.991708][ T5976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 113.715266][ T5916] usb 4-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 114.877534][ T5916] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 114.880150][ T60] Bluetooth: hci0: unexpected event 0x2f length: 509 > 260 [ 114.896917][ T5916] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 114.897156][ T5916] usb 4-1: media controller created [ 114.970454][ T5916] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 115.044103][ T5916] zl10353_read_register: readreg error (reg=127, ret==0) [ 118.369567][ T5916] usb 4-1: USB disconnect, device number 2 [ 120.471219][ T6013] netlink: 'syz.3.24': attribute type 11 has an invalid length. [ 120.574669][ T31] libceph: connect (1)[b::]:6789 error -101 [ 120.576116][ T31] libceph: mon0 (1)[b::]:6789 connect error [ 120.628762][ T6013] ceph: No mds server is up or the cluster is laggy [ 120.860769][ T31] libceph: connect (1)[b::]:6789 error -101 [ 120.860981][ T31] libceph: mon0 (1)[b::]:6789 connect error [ 125.044474][ T37] audit: type=1804 audit(1772547377.536:2): pid=6036 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.0.27" name="/newroot/7/file1" dev="fuse" ino=1 res=1 errno=0 [ 132.945425][ T6071] 9pnet_virtio: no channels available for device 127.0.0.1 [ 132.972782][ T1319] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.972847][ T1319] ieee802154 phy1 wpan1: encryption failed: -22 [ 135.445983][ T5114] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 135.458551][ T5114] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 135.461822][ T5114] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 135.469197][ T5114] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 135.492141][ T5114] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 136.464258][ T60] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 136.488477][ T60] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 136.490440][ T60] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 136.491747][ T60] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 136.492626][ T60] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 137.268235][ T5868] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 137.423065][ T5868] usb 1-1: Using ep0 maxpacket: 32 [ 137.435761][ T5868] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 137.435819][ T5868] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 137.435864][ T5868] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 137.435890][ T5868] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 137.540066][ T60] Bluetooth: hci5: command tx timeout [ 137.551860][ T6077] chnl_net:caif_netlink_parms(): no params data found [ 137.598505][ T5868] usb 1-1: config 0 descriptor?? [ 137.631054][ T5868] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 139.645474][ T5114] Bluetooth: hci5: command tx timeout [ 139.645646][ T60] Bluetooth: hci6: command tx timeout [ 139.652482][ T5790] usb 1-1: USB disconnect, device number 2 [ 141.811837][ T60] Bluetooth: hci6: command tx timeout [ 141.811873][ T60] Bluetooth: hci5: command tx timeout [ 144.088110][ T5114] Bluetooth: hci5: command tx timeout [ 144.088145][ T5114] Bluetooth: hci6: command tx timeout [ 146.121263][ T60] Bluetooth: hci6: command tx timeout [ 146.718222][ T31] IPVS: starting estimator thread 0... [ 146.818477][ T6130] IPVS: using max 7 ests per chain, 16800 per kthread [ 146.847479][ T6128] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4 [ 146.847532][ T6128] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4 [ 146.847554][ T6128] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 146.900588][ T37] audit: type=1800 audit(1772547399.356:3): pid=6128 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.47" name="regulatory.db" dev="sda1" ino=448 res=0 errno=0 [ 151.671031][ T6077] bridge0: port 1(bridge_slave_0) entered blocking state [ 151.671471][ T6077] bridge0: port 1(bridge_slave_0) entered disabled state [ 151.671681][ T6077] bridge_slave_0: entered allmulticast mode [ 151.674518][ T6077] bridge_slave_0: entered promiscuous mode [ 155.026773][ T4222] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 155.066627][ T6086] chnl_net:caif_netlink_parms(): no params data found [ 155.125626][ T6077] bridge0: port 2(bridge_slave_1) entered blocking state [ 155.125759][ T6077] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.125997][ T6077] bridge_slave_1: entered allmulticast mode [ 155.131049][ T6077] bridge_slave_1: entered promiscuous mode [ 156.791490][ T4222] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.920989][ T6077] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 158.173745][ T6077] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 161.115807][ T4222] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 161.166851][ T6197] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 161.908244][ T4222] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.022651][ T6077] team0: Port device team_slave_0 added [ 163.103668][ T6077] team0: Port device team_slave_1 added [ 163.104721][ T6086] bridge0: port 1(bridge_slave_0) entered blocking state [ 163.104891][ T6086] bridge0: port 1(bridge_slave_0) entered disabled state [ 163.105081][ T6086] bridge_slave_0: entered allmulticast mode [ 163.139599][ T6086] bridge_slave_0: entered promiscuous mode [ 163.191622][ T6086] bridge0: port 2(bridge_slave_1) entered blocking state [ 163.205494][ T6086] bridge0: port 2(bridge_slave_1) entered disabled state [ 163.205753][ T6086] bridge_slave_1: entered allmulticast mode [ 163.208680][ T6086] bridge_slave_1: entered promiscuous mode [ 163.266705][ T10] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 163.282835][ T6077] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 163.282876][ T6077] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 163.282964][ T6077] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 163.376048][ T6077] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 163.376066][ T6077] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 163.376094][ T6077] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 163.448499][ T10] usb 2-1: Using ep0 maxpacket: 32 [ 163.478613][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 163.478650][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 163.478693][ T10] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d51, bcdDevice= 0.00 [ 163.478718][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 163.714121][ T6086] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 163.763922][ T6086] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 163.791309][ T10] usb 2-1: config 0 descriptor?? [ 165.212113][ T10] koneplus 0003:1E7D:2D51.0001: collection stack underflow [ 165.212149][ T10] koneplus 0003:1E7D:2D51.0001: item 0 1 0 12 parsing failed [ 165.229058][ T10] koneplus 0003:1E7D:2D51.0001: parse failed [ 165.229138][ T10] koneplus 0003:1E7D:2D51.0001: probe with driver koneplus failed with error -22 [ 165.258699][ T6086] team0: Port device team_slave_0 added [ 165.298193][ T6077] hsr_slave_0: entered promiscuous mode [ 165.299631][ T6077] hsr_slave_1: entered promiscuous mode [ 165.300594][ T6077] debugfs: 'hsr0' already exists in 'hsr' [ 165.300628][ T6077] Cannot create hsr debugfs directory [ 165.398312][ T6086] team0: Port device team_slave_1 added [ 165.475325][ T6086] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 165.475344][ T6086] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 165.475374][ T6086] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 165.477809][ T6086] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 165.477824][ T6086] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 165.477854][ T6086] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 165.726206][ T5868] usb 2-1: USB disconnect, device number 2 [ 165.912592][ T6228] : Can't lookup blockdev [ 166.583348][ T6086] hsr_slave_0: entered promiscuous mode [ 166.584590][ T6086] hsr_slave_1: entered promiscuous mode [ 166.585498][ T6086] debugfs: 'hsr0' already exists in 'hsr' [ 166.585523][ T6086] Cannot create hsr debugfs directory [ 166.976363][ T5790] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 167.006342][ T4222] bridge_slave_1: left allmulticast mode [ 167.006472][ T4222] bridge_slave_1: left promiscuous mode [ 167.022052][ T4222] bridge0: port 2(bridge_slave_1) entered disabled state [ 167.136902][ T5790] usb 1-1: Using ep0 maxpacket: 8 [ 167.139344][ T5790] usb 1-1: config 179 has an invalid interface number: 65 but max is 0 [ 167.139373][ T5790] usb 1-1: config 179 has no interface number 0 [ 167.139441][ T5790] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 167.139472][ T5790] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 167.139502][ T5790] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 167.139530][ T5790] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0 [ 167.139555][ T5790] usb 1-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 167.139591][ T5790] usb 1-1: config 179 interface 65 has no altsetting 0 [ 167.139626][ T5790] usb 1-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 167.139650][ T5790] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 167.377337][ T5790] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:179.65/input/input5 [ 167.466610][ T4222] bridge_slave_0: left allmulticast mode [ 167.466641][ T4222] bridge_slave_0: left promiscuous mode [ 167.466870][ T4222] bridge0: port 1(bridge_slave_0) entered disabled state [ 167.635481][ T5800] libceph: connect (1)[c::]:6789 error -101 [ 167.635710][ T5800] libceph: mon0 (1)[c::]:6789 connect error [ 167.651504][ T5800] libceph: connect (1)[c::]:6789 error -101 [ 167.651806][ T5800] libceph: mon0 (1)[c::]:6789 connect error [ 167.652946][ T6238] ceph: No mds server is up or the cluster is laggy [ 167.737536][ T5790] usb 1-1: USB disconnect, device number 3 [ 167.737620][ C0] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 168.284874][ T6257] tmpfs: Bad value for 'usrquota_block_hardlimit' [ 169.057105][ T60] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 169.057241][ T60] CPU: 0 UID: 0 PID: 60 Comm: kworker/u9:0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 169.057271][ T60] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 169.057286][ T60] Workqueue: hci1 hci_rx_work [ 169.057349][ T60] Call Trace: [ 169.057363][ T60] [ 169.057375][ T60] dump_stack_lvl+0xe8/0x150 [ 169.057414][ T60] sysfs_create_dir_ns+0x271/0x2a0 [ 169.057441][ T60] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 169.057468][ T60] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 169.057498][ T60] ? rt_spin_unlock+0x160/0x200 [ 169.057527][ T60] kobject_add_internal+0x631/0xd10 [ 169.057573][ T60] kobject_add+0x163/0x240 [ 169.057626][ T60] ? __pfx_kobject_add+0x10/0x10 [ 169.057670][ T60] ? get_device_parent+0x370/0x3a0 [ 169.057710][ T60] device_add+0x408/0xb80 [ 169.057750][ T60] hci_conn_add_sysfs+0xd5/0x210 [ 169.057783][ T60] le_conn_complete_evt+0xf1d/0x1430 [ 169.057830][ T60] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 169.057866][ T60] ? irqentry_exit+0x59e/0x620 [ 169.057895][ T60] ? rcu_is_watching+0x15/0xb0 [ 169.057926][ T60] ? skb_pull_data+0xfb/0x200 [ 169.057966][ T60] hci_le_conn_complete_evt+0x187/0x470 [ 169.058009][ T60] hci_event_packet+0x7af/0x12c0 [ 169.058050][ T60] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 169.058084][ T60] ? __pfx_hci_event_packet+0x10/0x10 [ 169.058113][ T60] ? preempt_schedule_common+0x82/0xd0 [ 169.058144][ T60] ? preempt_schedule_thunk+0x16/0x30 [ 169.058177][ T60] ? hci_send_to_monitor+0xe2/0x590 [ 169.058204][ T60] hci_rx_work+0x3ee/0x1030 [ 169.058242][ T60] ? preempt_schedule_thunk+0x16/0x30 [ 169.058272][ T60] ? process_scheduled_works+0xa25/0x1830 [ 169.058306][ T60] process_scheduled_works+0xb02/0x1830 [ 169.058368][ T60] ? __pfx_process_scheduled_works+0x10/0x10 [ 169.058408][ T60] ? assign_work+0x3d5/0x5e0 [ 169.058445][ T60] worker_thread+0xa50/0xfc0 [ 169.058507][ T60] kthread+0x388/0x470 [ 169.058531][ T60] ? __pfx_worker_thread+0x10/0x10 [ 169.058560][ T60] ? __pfx_kthread+0x10/0x10 [ 169.058586][ T60] ret_from_fork+0x51e/0xb90 [ 169.058621][ T60] ? __pfx_ret_from_fork+0x10/0x10 [ 169.058650][ T60] ? __switch_to+0xc7d/0x1450 [ 169.058682][ T60] ? __pfx_kthread+0x10/0x10 [ 169.058707][ T60] ret_from_fork_asm+0x1a/0x30 [ 169.058750][ T60] [ 169.059076][ T60] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 169.060145][ T60] Bluetooth: hci1: failed to register connection device [ 169.169162][ T60] ================================================================== [ 169.169182][ T60] BUG: KASAN: slab-use-after-free in l2cap_sock_new_connection_cb+0x1f9/0x2e0 [ 169.169230][ T60] Read of size 8 at addr ffff888040c7b7b0 by task kworker/u9:0/60 [ 169.169251][ T60] [ 169.169264][ T60] CPU: 0 UID: 0 PID: 60 Comm: kworker/u9:0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 169.169289][ T60] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 169.169305][ T60] Workqueue: hci1 hci_rx_work [ 169.169336][ T60] Call Trace: [ 169.169345][ T60] [ 169.169355][ T60] dump_stack_lvl+0xe8/0x150 [ 169.169391][ T60] print_report+0xba/0x230 [ 169.169420][ T60] ? l2cap_sock_new_connection_cb+0x1f9/0x2e0 [ 169.169447][ T60] kasan_report+0x117/0x150 [ 169.169483][ T60] ? l2cap_sock_new_connection_cb+0x1f9/0x2e0 [ 169.169516][ T60] l2cap_sock_new_connection_cb+0x1f9/0x2e0 [ 169.169545][ T60] l2cap_connect_cfm+0x368/0x1390 [ 169.169574][ T60] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 169.169596][ T60] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 169.169627][ T60] ? lockdep_hardirqs_on+0x7a/0x110 [ 169.169657][ T60] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 169.169687][ T60] ? mutex_lock_nested+0x152/0x1d0 [ 169.169709][ T60] ? hci_connect_cfm+0x2c/0x140 [ 169.169736][ T60] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 169.169760][ T60] hci_connect_cfm+0x95/0x140 [ 169.169793][ T60] le_conn_complete_evt+0xf65/0x1430 [ 169.169835][ T60] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 169.169868][ T60] ? irqentry_exit+0x59e/0x620 [ 169.169896][ T60] ? rcu_is_watching+0x15/0xb0 [ 169.169924][ T60] ? skb_pull_data+0xfb/0x200 [ 169.169960][ T60] hci_le_conn_complete_evt+0x187/0x470 [ 169.169998][ T60] hci_event_packet+0x7af/0x12c0 [ 169.170030][ T60] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 169.170073][ T60] ? __pfx_hci_event_packet+0x10/0x10 [ 169.170102][ T60] ? preempt_schedule_common+0x82/0xd0 [ 169.170131][ T60] ? preempt_schedule_thunk+0x16/0x30 [ 169.170161][ T60] ? hci_send_to_monitor+0xe2/0x590 [ 169.170186][ T60] hci_rx_work+0x3ee/0x1030 [ 169.170222][ T60] ? preempt_schedule_thunk+0x16/0x30 [ 169.170250][ T60] ? process_scheduled_works+0xa25/0x1830 [ 169.170283][ T60] process_scheduled_works+0xb02/0x1830 [ 169.170332][ T60] ? __pfx_process_scheduled_works+0x10/0x10 [ 169.170367][ T60] ? assign_work+0x3d5/0x5e0 [ 169.170400][ T60] worker_thread+0xa50/0xfc0 [ 169.170454][ T60] kthread+0x388/0x470 [ 169.170477][ T60] ? __pfx_worker_thread+0x10/0x10 [ 169.170507][ T60] ? __pfx_kthread+0x10/0x10 [ 169.170530][ T60] ret_from_fork+0x51e/0xb90 [ 169.170564][ T60] ? __pfx_ret_from_fork+0x10/0x10 [ 169.170592][ T60] ? __switch_to+0xc7d/0x1450 [ 169.170621][ T60] ? __pfx_kthread+0x10/0x10 [ 169.170644][ T60] ret_from_fork_asm+0x1a/0x30 [ 169.170677][ T60] [ 169.170686][ T60] [ 169.170691][ T60] Allocated by task 60: [ 169.170701][ T60] kasan_save_track+0x3e/0x80 [ 169.170729][ T60] __kasan_kmalloc+0x93/0xb0 [ 169.170758][ T60] __kmalloc_noprof+0x3e7/0x7b0 [ 169.170789][ T60] sk_prot_alloc+0xe7/0x210 [ 169.170815][ T60] sk_alloc+0x3a/0x390 [ 169.170839][ T60] bt_sock_alloc+0x3b/0x310 [ 169.170867][ T60] l2cap_sock_new_connection_cb+0xe2/0x2e0 [ 169.170891][ T60] l2cap_connect_cfm+0x368/0x1390 [ 169.170910][ T60] hci_connect_cfm+0x95/0x140 [ 169.170939][ T60] le_conn_complete_evt+0xf65/0x1430 [ 169.170970][ T60] hci_le_conn_complete_evt+0x187/0x470 [ 169.171000][ T60] hci_event_packet+0x7af/0x12c0 [ 169.171024][ T60] hci_rx_work+0x3ee/0x1030 [ 169.171049][ T60] process_scheduled_works+0xb02/0x1830 [ 169.171076][ T60] worker_thread+0xa50/0xfc0 [ 169.171103][ T60] kthread+0x388/0x470 [ 169.171122][ T60] ret_from_fork+0x51e/0xb90 [ 169.171149][ T60] ret_from_fork_asm+0x1a/0x30 [ 169.171168][ T60] [ 169.171173][ T60] Freed by task 6255: [ 169.171188][ T60] kasan_save_track+0x3e/0x80 [ 169.171221][ T60] kasan_save_free_info+0x46/0x50 [ 169.171244][ T60] __kasan_slab_free+0x5c/0x80 [ 169.171272][ T60] kfree+0x1c1/0x6c0 [ 169.171297][ T60] __sk_destruct+0x626/0x880 [ 169.171322][ T60] l2cap_sock_cleanup_listen+0xe0/0x440 [ 169.171345][ T60] l2cap_sock_release+0x6e/0x270 [ 169.171365][ T60] sock_close+0xc3/0x240 [ 169.171387][ T60] __fput+0x461/0xa90 [ 169.171409][ T60] task_work_run+0x1d9/0x270 [ 169.171431][ T60] get_signal+0x11c3/0x1310 [ 169.171457][ T60] arch_do_signal_or_restart+0xbc/0x830 [ 169.171482][ T60] exit_to_user_mode_loop+0x86/0x480 [ 169.171512][ T60] do_syscall_64+0x32d/0xf80 [ 169.171539][ T60] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.171560][ T60] [ 169.171566][ T60] The buggy address belongs to the object at ffff888040c7b000 [ 169.171566][ T60] which belongs to the cache kmalloc-2k of size 2048 [ 169.171585][ T60] The buggy address is located 1968 bytes inside of [ 169.171585][ T60] freed 2048-byte region [ffff888040c7b000, ffff888040c7b800) [ 169.171608][ T60] [ 169.171614][ T60] The buggy address belongs to the physical page: [ 169.171635][ T60] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x40c78 [ 169.171656][ T60] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 169.171675][ T60] flags: 0x80000000000040(head|node=0|zone=1) [ 169.171699][ T60] page_type: f5(slab) [ 169.171720][ T60] raw: 0080000000000040 ffff88813fe1d000 dead000000000100 dead000000000122 [ 169.171739][ T60] raw: 0000000000000000 0000000800080008 00000000f5000000 0000000000000000 [ 169.171760][ T60] head: 0080000000000040 ffff88813fe1d000 dead000000000100 dead000000000122 [ 169.171778][ T60] head: 0000000000000000 0000000800080008 00000000f5000000 0000000000000000 [ 169.171798][ T60] head: 0080000000000003 ffffea0001031e01 00000000ffffffff 00000000ffffffff [ 169.171817][ T60] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008 [ 169.171829][ T60] page dumped because: kasan: bad access detected [ 169.171845][ T60] page_owner tracks the page as allocated [ 169.171853][ T60] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5153, tgid 5153 (klogd), ts 95460961661, free_ts 95413168381 [ 169.171891][ T60] post_alloc_hook+0x231/0x280 [ 169.171921][ T60] get_page_from_freelist+0x28bb/0x2950 [ 169.171942][ T60] __alloc_frozen_pages_noprof+0x18d/0x380 [ 169.171963][ T60] allocate_slab+0x77/0x660 [ 169.171986][ T60] refill_objects+0x334/0x3c0 [ 169.172007][ T60] __pcs_replace_empty_main+0x328/0x5f0 [ 169.172032][ T60] __kmalloc_cache_noprof+0x44e/0x690 [ 169.172067][ T60] syslog_print+0x103/0x610 [ 169.172090][ T60] do_syslog+0x583/0x7d0 [ 169.172110][ T60] __x64_sys_syslog+0x7c/0x90 [ 169.172132][ T60] do_syscall_64+0x14d/0xf80 [ 169.172158][ T60] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.172179][ T60] page last free pid 5811 tgid 5811 stack trace: [ 169.172192][ T60] __free_frozen_pages+0xfe3/0x1170 [ 169.172229][ T60] __slab_free+0x24f/0x2a0 [ 169.172258][ T60] qlist_free_all+0x97/0x100 [ 169.172284][ T60] kasan_quarantine_reduce+0x148/0x160 [ 169.172311][ T60] __kasan_slab_alloc+0x22/0x80 [ 169.172340][ T60] kmem_cache_alloc_lru_noprof+0x33c/0x680 [ 169.172369][ T60] alloc_inode+0x6a/0x1b0 [ 169.172390][ T60] new_inode+0x22/0x170 [ 169.172413][ T60] __debugfs_create_file+0xb8/0x400 [ 169.172435][ T60] debugfs_create_file_unsafe+0x3a/0x50 [ 169.172458][ T60] nsim_dev_debugfs_init+0x281/0x590 [ 169.172488][ T60] nsim_drv_probe+0x78d/0xc30 [ 169.172516][ T60] really_probe+0x267/0xaf0 [ 169.172535][ T60] __driver_probe_device+0x18c/0x320 [ 169.172553][ T60] driver_probe_device+0x4f/0x240 [ 169.172573][ T60] __device_attach_driver+0x2d4/0x4c0 [ 169.172593][ T60] [ 169.172603][ T60] Memory state around the buggy address: [ 169.172615][ T60] ffff888040c7b680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 169.172630][ T60] ffff888040c7b700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 169.172644][ T60] >ffff888040c7b780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 169.172656][ T60] ^ [ 169.172668][ T60] ffff888040c7b800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 169.172682][ T60] ffff888040c7b880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 169.172694][ T60] ================================================================== [ 169.172721][ T60] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 169.172739][ T60] CPU: 0 UID: 0 PID: 60 Comm: kworker/u9:0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 169.172764][ T60] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 169.172779][ T60] Workqueue: hci1 hci_rx_work [ 169.172808][ T60] Call Trace: [ 169.172816][ T60] [ 169.172826][ T60] vpanic+0x56c/0xa60 [ 169.172861][ T60] ? __pfx_vpanic+0x10/0x10 [ 169.172892][ T60] ? __pfx___schedule+0x10/0x10 [ 169.172923][ T60] panic+0xc5/0xd0 [ 169.172954][ T60] ? __pfx_panic+0x10/0x10 [ 169.172987][ T60] ? preempt_schedule_common+0x82/0xd0 [ 169.173018][ T60] ? l2cap_sock_new_connection_cb+0x1f9/0x2e0 [ 169.173045][ T60] check_panic_on_warn+0x89/0xb0 [ 169.173069][ T60] ? l2cap_sock_new_connection_cb+0x1f9/0x2e0 [ 169.173095][ T60] end_report+0x73/0x180 [ 169.173126][ T60] ? l2cap_sock_new_connection_cb+0x1f9/0x2e0 [ 169.173152][ T60] kasan_report+0x128/0x150 [ 169.173186][ T60] ? l2cap_sock_new_connection_cb+0x1f9/0x2e0 [ 169.173277][ T60] l2cap_sock_new_connection_cb+0x1f9/0x2e0 [ 169.173306][ T60] l2cap_connect_cfm+0x368/0x1390 [ 169.173334][ T60] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 169.173356][ T60] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 169.173387][ T60] ? lockdep_hardirqs_on+0x7a/0x110 [ 169.173416][ T60] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 169.173446][ T60] ? mutex_lock_nested+0x152/0x1d0 [ 169.173468][ T60] ? hci_connect_cfm+0x2c/0x140 [ 169.173499][ T60] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 169.173522][ T60] hci_connect_cfm+0x95/0x140 [ 169.173554][ T60] le_conn_complete_evt+0xf65/0x1430 [ 169.173593][ T60] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 169.173625][ T60] ? irqentry_exit+0x59e/0x620 [ 169.173652][ T60] ? rcu_is_watching+0x15/0xb0 [ 169.173678][ T60] ? skb_pull_data+0xfb/0x200 [ 169.173714][ T60] hci_le_conn_complete_evt+0x187/0x470 [ 169.173751][ T60] hci_event_packet+0x7af/0x12c0 [ 169.173781][ T60] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 169.173812][ T60] ? __pfx_hci_event_packet+0x10/0x10 [ 169.173839][ T60] ? preempt_schedule_common+0x82/0xd0 [ 169.173867][ T60] ? preempt_schedule_thunk+0x16/0x30 [ 169.173896][ T60] ? hci_send_to_monitor+0xe2/0x590 [ 169.173919][ T60] hci_rx_work+0x3ee/0x1030 [ 169.173948][ T60] ? preempt_schedule_thunk+0x16/0x30 [ 169.173974][ T60] ? process_scheduled_works+0xa25/0x1830 [ 169.174006][ T60] process_scheduled_works+0xb02/0x1830 [ 169.174051][ T60] ? __pfx_process_scheduled_works+0x10/0x10 [ 169.174084][ T60] ? assign_work+0x3d5/0x5e0 [ 169.174116][ T60] worker_thread+0xa50/0xfc0 [ 169.174161][ T60] kthread+0x388/0x470 [ 169.174183][ T60] ? __pfx_worker_thread+0x10/0x10 [ 169.174219][ T60] ? __pfx_kthread+0x10/0x10 [ 169.174242][ T60] ret_from_fork+0x51e/0xb90 [ 169.174275][ T60] ? __pfx_ret_from_fork+0x10/0x10 [ 169.174303][ T60] ? __switch_to+0xc7d/0x1450 [ 169.174331][ T60] ? __pfx_kthread+0x10/0x10 [ 169.174354][ T60] ret_from_fork_asm+0x1a/0x30 [ 169.174384][ T60] [ 169.174978][ T60] Kernel Offset: disabled