last executing test programs: 1m58.371833574s ago: executing program 0 (id=8): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000780)=@newsa={0x138, 0x10, 0x1, 0xfffffffe, 0x104, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x1, 0x714, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x2c}, {@in6=@mcast2, 0x4d6, 0x6c}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', {0x800, 0x192, 0x6, 0xfffe, 0x8251c, 0x6, 0xfffffffffffffff8}, {0xffffffffffffffff, 0x0, 0x1f, 0x7}, {0x2, 0xfffffffc}, 0x70bd2a, 0x3504, 0xa, 0x1, 0x3, 0x11}, [@algo_comp={0x48, 0x3, {{'lzjh\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0) 1m56.803094191s ago: executing program 0 (id=11): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)=@newtaction={0x60, 0x30, 0xffff, 0xfffffffe, 0x25dfdbfd, {}, [{0x4c, 0x1, [@m_sample={0x48, 0x1, 0x0, 0x0, {{0xb}, {0x2, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PARMS={0x18, 0x2, {0x2, 0x5f, 0xe4, 0x101, 0x8cb8}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}]}]}, 0x60}}, 0x0) 1m55.793220953s ago: executing program 0 (id=12): sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) r3 = openat$vcsa(0xffffffffffffff9c, 0x0, 0x40, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_genetlink_get_family_id$tipc(&(0x7f00000002c0), r3) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x14) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x41100, 0x24, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94) ioctl$KVM_RUN(r4, 0xae80, 0x0) 1m53.908212878s ago: executing program 0 (id=16): getpid() openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) ioctl$USBDEVFS_RESET(0xffffffffffffffff, 0x5514) sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) r1 = creat(&(0x7f0000000000)='./file0\x00', 0x6a) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000080)={0xd, 0xb, &(0x7f0000000200)=ANY=[], 0x0, 0xc, 0x0, 0x0, 0x40f00}, 0x94) write$binfmt_elf32(r1, 0x0, 0x69) creat(&(0x7f00000000c0)='./file1\x00', 0x142) r2 = inotify_init1(0x80000) inotify_add_watch(r2, &(0x7f0000000100)='./file1\x00', 0x2000775) close(r1) execve(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) 1m50.032045103s ago: executing program 0 (id=20): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x3, {0x0, 0x0, 0x0, 0x0, 0xe59bca127d81b0fa, 0xc574450d1af7edbc}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x5}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20044010}, 0x4040) 1m47.808727934s ago: executing program 0 (id=22): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x4, &(0x7f00000002c0)={[{@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x7f}}]}, 0x1, 0x4c0, &(0x7f0000000f00)="$eJzs3ctvW1UaAPDPdpMmaWb6mNGo7WimlTpS56HmqVGTmdnMaoZFJUQlNiCVkLghxImj2ClN1EUCuy5YIBBIiAV7/gI2dEWFhFjDHrFARVCCBEhIRvfabhM3DhakMc39/aTbnPuwv3NifafnHt+bG0BmnU3+yUUMRsRHEXG0vrr9gLP1H5t3b0wnSy5qtctf5tLjkvXmoc3XHYmI9Yjoi4gn/hfxbO7BuJXVtfmpUqm43Fgfri4sDVdW1y7MLUzNFmeLi6MTFycnJ0bGxyb3rK03X37+5qV3H+t959uX7tx+5f33kmoNNvZtbcdeqje9J45v2XYoIv7zMIJ1QaHRnv5uV4SfJfn8fhcR59L8PxqF9NMEsqBWq9V+qB1ut3u9BhxY+XQMnMsPRUS9nM8PDdXH8L+PgXypXKn+42p5ZXGmPlY+Fj35q3Ol4kjjXOFY9OSS9dG0fH99rGV9PCIdA79a6E/Xh6bLpZn97eqAFkda8v+bQj3/gYxwyg/ZJf8hu+Q/ZJf8h+yS/5Bd8h+yS/5Ddsl/yC75D9lV6HYFgK7x/z9k0uOXLiVLrXn/+8y11ZX58rULM8XK/NDCyvTQdHl5aWi2XJ5N79lZ+Kn3K5XLS6P/jJXrw9VipTpcWV27slBeWaxeSe/rv1Ls2ZdWAZ04fubWJ7mIWP9Xf7okehv75CocbLVaLrp9DzLQHab+ILtM/UF2OccHWv9Eb+u4oK/dC5fuzxcCj5Z8tysAdM35U77/g6wy/w/ZZf4fsssYH9jhEX3b7Db/DzyazP9Ddg22ef7Xb7Y8u2skIn4bER8Xeg43n/UFHAT5z3ON8f/5o38ZbN3bm/su/YqgNyJeePPy69enqtXl0WT7V/e2V99obB/b8sK2JwxAtzTztJnHAEB2bd69Md1c9jPuF/+tX4TwYPxDjbnJvvQ7yoHN3LZrFXJ7dO3C+kZEnNwpfq7xvPP6iczAZuGB+CcaP3P1t0jreyh9bvr+xD+1Jf6ft8Q//Yt/K5ANt5L+Z2Sn/MunOR338m97/zO4R9dOtO//8vf6v0Kb/u9MhzGee+vFz9rG34g4vWP8Zry+NFZr/KRu5zuMf+fpJ//Qbl/t7fr77BS/KSkNVxeWhiuraxfmFjZmi7PFxdGJi5OTEyPjY5PDV+dKxT8daR//3yc/vL1b+wca8Xui8/Yn2/7WYfu//+MHT53dJf5fz+38+Z/YJX5/RPy9w/hfj336TLt9SfyZNr///C7xk23jHcavvPb/wx0eCgDsg8rq2vxUqVRcVlBQ6Eph49dRjZZCt3sm4GGrrCan5knSd7smAAAAAAAAAAAAQKf243LibrcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAg+DEAAP//KbnRCQ==") r0 = creat(&(0x7f0000000200)='./file1\x00', 0x1) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000000)={0x1, 0xfffffffc, 0x5f, 0x2, 0x211b}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = open(&(0x7f0000000140)='./file1\x00', 0x64042, 0x178) pwritev2(r4, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x78c00}], 0x1, 0x2000, 0x0, 0x3) 1m32.360111906s ago: executing program 32 (id=22): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x4, &(0x7f00000002c0)={[{@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x7f}}]}, 0x1, 0x4c0, &(0x7f0000000f00)="$eJzs3ctvW1UaAPDPdpMmaWb6mNGo7WimlTpS56HmqVGTmdnMaoZFJUQlNiCVkLghxImj2ClN1EUCuy5YIBBIiAV7/gI2dEWFhFjDHrFARVCCBEhIRvfabhM3DhakMc39/aTbnPuwv3NifafnHt+bG0BmnU3+yUUMRsRHEXG0vrr9gLP1H5t3b0wnSy5qtctf5tLjkvXmoc3XHYmI9Yjoi4gn/hfxbO7BuJXVtfmpUqm43Fgfri4sDVdW1y7MLUzNFmeLi6MTFycnJ0bGxyb3rK03X37+5qV3H+t959uX7tx+5f33kmoNNvZtbcdeqje9J45v2XYoIv7zMIJ1QaHRnv5uV4SfJfn8fhcR59L8PxqF9NMEsqBWq9V+qB1ut3u9BhxY+XQMnMsPRUS9nM8PDdXH8L+PgXypXKn+42p5ZXGmPlY+Fj35q3Ol4kjjXOFY9OSS9dG0fH99rGV9PCIdA79a6E/Xh6bLpZn97eqAFkda8v+bQj3/gYxwyg/ZJf8hu+Q/ZJf8h+yS/5Bd8h+yS/5Ddsl/yC75D9lV6HYFgK7x/z9k0uOXLiVLrXn/+8y11ZX58rULM8XK/NDCyvTQdHl5aWi2XJ5N79lZ+Kn3K5XLS6P/jJXrw9VipTpcWV27slBeWaxeSe/rv1Ls2ZdWAZ04fubWJ7mIWP9Xf7okehv75CocbLVaLrp9DzLQHab+ILtM/UF2OccHWv9Eb+u4oK/dC5fuzxcCj5Z8tysAdM35U77/g6wy/w/ZZf4fsssYH9jhEX3b7Db/DzyazP9Ddg22ef7Xb7Y8u2skIn4bER8Xeg43n/UFHAT5z3ON8f/5o38ZbN3bm/su/YqgNyJeePPy69enqtXl0WT7V/e2V99obB/b8sK2JwxAtzTztJnHAEB2bd69Md1c9jPuF/+tX4TwYPxDjbnJvvQ7yoHN3LZrFXJ7dO3C+kZEnNwpfq7xvPP6iczAZuGB+CcaP3P1t0jreyh9bvr+xD+1Jf6ft8Q//Yt/K5ANt5L+Z2Sn/MunOR338m97/zO4R9dOtO//8vf6v0Kb/u9MhzGee+vFz9rG34g4vWP8Zry+NFZr/KRu5zuMf+fpJ//Qbl/t7fr77BS/KSkNVxeWhiuraxfmFjZmi7PFxdGJi5OTEyPjY5PDV+dKxT8daR//3yc/vL1b+wca8Xui8/Yn2/7WYfu//+MHT53dJf5fz+38+Z/YJX5/RPy9w/hfj336TLt9SfyZNr///C7xk23jHcavvPb/wx0eCgDsg8rq2vxUqVRcVlBQ6Eph49dRjZZCt3sm4GGrrCan5knSd7smAAAAAAAAAAAAQKf243LibrcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAg+DEAAP//KbnRCQ==") r0 = creat(&(0x7f0000000200)='./file1\x00', 0x1) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000000)={0x1, 0xfffffffc, 0x5f, 0x2, 0x211b}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = open(&(0x7f0000000140)='./file1\x00', 0x64042, 0x178) pwritev2(r4, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x78c00}], 0x1, 0x2000, 0x0, 0x3) 1m3.056706299s ago: executing program 1 (id=103): syz_mount_image$squashfs(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0x0, &(0x7f00000002c0), 0x1, 0x228, &(0x7f0000000300)="$eJzKKC4sZmdgYPj7sSaZgUGAAQRYGEQYLjAwMrAwMDDIM4KFGD4yQeipUPomlGaDyl+B0r5Q8XYo/de8KiKKgYExU+meGdMB8RRFRgEGHpGvpx4wJDPwxzJYzvNecykoc8pVobdL94PUe4VWbmJgVE/hXzRnwwSnmbxgYxkjo5DNYT4gM4sDZBADA8PkPxH3HrBIMoggmSXK8U/sVMvyVWad9xlmdExLY2A0mMXBwMCgd0R3pp0BbzcT1MziyqrsxJyc1KLiMwyo5k9m3M+kyAhSd+bv1eAHjHYM3bEMjAxyG/zVFn/7I1W5cVN95PSqiJqp3U03l66PY9im//eKidT7iRlh/x8cEtSyyMv/ME9G6fvmhjkfauqemDh2NirP5W+9/Pfd+5ja4gQ1psfiXYVs/AluWjWfnJ3cLB/PTa9u31KsuCArzWXisakX/yYcX8vAMPnCE1v9mjOH4hVjOKXcKufG3HWLF+Rapn6+7g0Dw8GozxMZGJcz7mdiYJgZtnMPsr/KG6CRwcDMwMCgwsDAwMTAwpCWmZNq4MHAyMAM5RiyQFXBVDMxcIAl9JLzc1LaGRjBSQCsbTkDC9wMw8cMrHCOETLH2KIBahJDO5RWgdIeUHo5lH4MpeXRkg0L2IR+KE+jgYGBjaEisaSkyJCNgQHKgosZwcWMBOA2M0FtncuE6rnjTAyjYBSMglEwCkbBKBgFo2AUjIJRMJIBIAAA///ZbLn7") openat(0xffffffffffffff9c, &(0x7f0000000100)='./file2\x00', 0x181000, 0x0) 1m1.709735221s ago: executing program 1 (id=105): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r1 = syz_io_uring_setup(0x49b, &(0x7f0000000380)={0x0, 0x2c0c, 0x400, 0x7, 0x2000284}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4007, @fd_index=0x3, 0x0, 0x0}) io_uring_enter(r1, 0x40f6, 0x4f7c, 0x0, 0x0, 0x0) 59.827662324s ago: executing program 1 (id=108): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) sendmmsg$inet(r0, &(0x7f0000001240)=[{{0x0, 0x0, &(0x7f0000001dc0)=[{&(0x7f0000000740)="91f8a9849519def28691bbc4173c3d6f357de68907e50e997fc26e4c91ea4feb931647fc5393de1f0000000000002c847ecfbcfa0a026a6f96a4ffd844b1252fa8332e469c6b1aafc08e0e632da389ba8899e94ce0216d23bec00ff251e11ba4e19e7fe33f6d7635fbf6f16f1f0a381d1e3219c1cfa013b391b6623f164f55a0a33902f0c938d626905f8cd1fba51334c16b150281addd9ae74a51c0572bfcc1af96ea1177e68f6f60136d777fb081848b4eddb2ede3cd121b0a5630932fdbce2a202e9ad400bf330b68344c8eda3e9fcbe42abb4486553d2e3e6c6b62650eedfc021896346567b68ee468501d5174cd4febc162dd79ef058d6e6ac11d1dc8d3d06498d64ba74b1846c2abfb704cae1af98a3eb2dd6f414e350b1c25fb4571d1670499461260284142405ba6e49bdc94821f2f52a6f45e6189022f76", 0x13c}, {&(0x7f0000000e80)="44900000000056ee66c372f3105eb186dd8062fad2d5b5bfb0ba06f274a8d026bd209da8ffa6a26e3b3f8075704a9d0ef9aff7f1e7db24609f02d34e76992c9df9fe6888c6c9a4825c6223be6ac54536025af1dea54e527c68b0ff250261953f2da79a78104c2d9e7b16ed86b124945aa9ab7581ebd385fb61d442035db81e18c2d2462d0bb25fff9d3b1ce90b597992b2a4d541611ce77f58dce7c9500118229e7cdf4ca7f6adca92c73d97ce54164c1942b2568635bec8e020b41fb2f8000000000000000000000000000000001c8a9f7956583e26f6f0edc415851d0b8305fe66c2b7c114", 0xe6}], 0x2}}, {{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000b80)="f77d2b5dd5f7d74f0748cf3d2cf218d644566a14103b1c7dd35fd2951bd022f10f2dc7f4ce0d8ac5f4abaca4b97b706153756913b7dd48248b5bfb10460019248bf238743fa2aeb5bef21ce832db670920dc5e911ef2ad63e849901d1001129dbacbfd4924d7545517fd18b5d29978f32a5b5c81755cb89cc0490958ba3211eb99df5cdbbc0f9c941aaa1495893dada02d8188acd26b5afd7476413f322c8f79de769debb56343f3eded2dca93ed6641e50fe595e1e0dbe84ed0f70abb4ed2dfb6648df7dbbd18fa5533a6b0acc138c81a8acbcb2fb79a7d7857d41bca238e0548c5e955d74bbb106fe965274cbb3a29b895df0b4e028b6d65c115b81328e0b660253f1c9a359dde67917fa232e2f566483ddbb93ff9b103c1cac356c9f0f6ab5fe77ea4", 0x124}], 0x1}}, {{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000380)="42e013913edbeb683c44e18a52b5a2462064ddd92caaba941de80d06047dedb7eeeff3a27eacf4c416b6979d6c918608807c44d01535dbaab3b390086e4fd43c6b5931187023646d6beac2340fdc7a0d81214ac76a818f64d287311e8828dfd3e3dd67efdb129a6e52745d1540e570891f6bf411cc16a18c4d34e522a1f003498f1a03ea1f8828b6c902286c71a9bc21923972dacfa74fef6a0fd3267e599c1dd33dff5d7b28f134bda4a29962fd5daa4fc9", 0xb2}], 0x1}}], 0x3, 0x2090) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 57.796541192s ago: executing program 1 (id=111): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/pm_test', 0x42, 0x18) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYRES32, @ANYRES16=0x0, @ANYRES8=r0], 0x1c}, 0x1, 0x0, 0x0, 0x20000844}, 0x48885) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r1, &(0x7f0000000000), 0xd) 56.977826135s ago: executing program 1 (id=115): syz_io_uring_setup(0xbdc, &(0x7f0000000000)={0x0, 0x800ce90, 0x10, 0x3, 0x40004333}, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=ANY=[@ANYBLOB="380000001800dd8d0900000000000000020000fc000000050000000006001500020000001400168010000880"], 0x38}}, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c00000013000100000000000000000007000000", @ANYRES32=r2, @ANYBLOB], 0x5c}}, 0x8000) 54.006081853s ago: executing program 1 (id=119): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)={0x4c, 0x2, 0x6, 0x701, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0x14, 0x3, 'hash:ip,port,ip\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}]}, 0x4c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000000000000aa1800148014000240fc000000000000000000000000000000060004404e1f0000050007008400000006000540"], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0) r2 = socket$netlink(0x10, 0x3, 0xc) sendmmsg(0xffffffffffffffff, &(0x7f0000001d00)=[{{0x0, 0x0, &(0x7f0000000100)}}], 0x1, 0x24005805) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000000)=[@in={0x2, 0x4e22, @rand_addr=0x64010100}], 0x10) sendto$inet6(r3, &(0x7f00000004c0)="b0", 0x1, 0x0, 0x0, 0x0) sendto$inet6(r3, &(0x7f0000000580)="9b", 0x29fff, 0x0, 0x0, 0x0) shutdown(r3, 0x1) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0x12, 0xffffffffffffffff, 0xf305000) ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(0xffffffffffffffff, 0xc01064bd, &(0x7f0000000100)={&(0x7f0000000080), 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_DESTROYPROPBLOB(0xffffffffffffffff, 0xc00464be, &(0x7f0000000140)={r4}) r5 = socket(0x10, 0x803, 0x0) close_range(0xffffffffffffffff, r5, 0x2) sendmsg$nl_route_sched(r5, &(0x7f0000000700)={0x0, 0x0, 0x0}, 0x24040084) 36.419121965s ago: executing program 33 (id=119): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)={0x4c, 0x2, 0x6, 0x701, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0x14, 0x3, 'hash:ip,port,ip\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}]}, 0x4c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000000000000aa1800148014000240fc000000000000000000000000000000060004404e1f0000050007008400000006000540"], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0) r2 = socket$netlink(0x10, 0x3, 0xc) sendmmsg(0xffffffffffffffff, &(0x7f0000001d00)=[{{0x0, 0x0, &(0x7f0000000100)}}], 0x1, 0x24005805) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000000)=[@in={0x2, 0x4e22, @rand_addr=0x64010100}], 0x10) sendto$inet6(r3, &(0x7f00000004c0)="b0", 0x1, 0x0, 0x0, 0x0) sendto$inet6(r3, &(0x7f0000000580)="9b", 0x29fff, 0x0, 0x0, 0x0) shutdown(r3, 0x1) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0x12, 0xffffffffffffffff, 0xf305000) ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(0xffffffffffffffff, 0xc01064bd, &(0x7f0000000100)={&(0x7f0000000080), 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_DESTROYPROPBLOB(0xffffffffffffffff, 0xc00464be, &(0x7f0000000140)={r4}) r5 = socket(0x10, 0x803, 0x0) close_range(0xffffffffffffffff, r5, 0x2) sendmsg$nl_route_sched(r5, &(0x7f0000000700)={0x0, 0x0, 0x0}, 0x24040084) 14.623615041s ago: executing program 2 (id=158): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000) r2 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r2, &(0x7f0000000200)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc) r3 = syz_io_uring_setup(0x497, &(0x7f0000000540)={0x0, 0x744e, 0x400, 0x7, 0x2285}, 0x0, &(0x7f0000000480)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(0x0, r4, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r2, 0x0, 0x0}) openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000000), 0x0) socket(0x10, 0x803, 0x0) socket$unix(0x1, 0x5, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$BTRFS_IOC_BALANCE(r1, 0x5000940c, 0x0) io_uring_enter(r3, 0x3498, 0x969, 0xffff000000000000, 0x0, 0x0) 13.211792963s ago: executing program 2 (id=159): r0 = socket$key(0xf, 0x3, 0x2) syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0x0, &(0x7f00000000c0)={[{@noload}, {@stripe={'stripe', 0x3d, 0xdc}}, {@nomblk_io_submit}, {@noload}, {@abort}, {@auto_da_alloc}]}, 0xff, 0x459, &(0x7f00000004c0)="$eJzs3MtvVNUfAPDvvTMtlMev/Sk+QNAqGomPlpbnwg1GExeamOgC46q2hSADVVoTIUTRBS4NiXvj0sS/wJVujLoycat7Q0IMG9DEZMy9c28ZhpnSoQODzOeTXDhn7pne873nnplzz5mZAAbWePZPErEpIn6LiNFG9voC443/rl4+O/vX5bOzSdTrb/yZ5OWuXD47WxYtn7exkanXi/y6Nsc9/3bETK02f6rITy6deG9y8fSZ54+dmDk6f3T+5PTBg3v37BjeP72vJ3FmcV3Z9tHC9q2vvHXhtdnDF9756ZusvpuK/c1x9MjIeOPstvVUjw/Wb5ub0km1jxWhK5WIyJprKO//o1GJkeV9o/Hyp32tHHBb1ev1erv358K5OnAPS6LfNQD6o3yjz+5/y+0ODT3uCpcORbx/oBH/1WJr7KlGWpQZarm/7aXxiDh87u8vsy1uzzwEAMB1vjsUEc+1G/+l8WBTuf8VayhjEfH/iLgvIu6PiC0R8UBEXvahiHi4y+O3rpDcOP5JL95SYKuUjf9eKNa2lsd//9Tz+AtjlSK3OY9/KDlyrDa/uzgnu2JoXZafWuEY37/06+ed9jWP/7ItO345FmxIL1ZbJujmZpZm1hj2skufRGyrtsSfS6JcxkkiYmtEbOvqL1+7wzj2zNfbO5W6efwr6ME6U/2riKcb7X8uWuIvJR3XJ6cO7J/eN7k+avO7J8ur4kY//3L+9U7HX1P8PZC1/4bW6z+3HP9Ysj5i8fSZ4/l67WK0rhDf1PnfP+t4T3Or1/9w8maeHi4e+3BmaenUVMRw8uqNj09fe26RrzbHv2tnu/jT/DWujPaRiMgu4h0R8WhEPFbU/fGIeCIidq4Q/48vPvlu9/GvMCvfQ1n8czdr/2hu/+4TleM/fNt9/KWs/ffmqV3FI6t5/VttBddy7gAAAOC/Is0/A5+kE8vpNJ2YaHyGf0tsSGsLi0vPHln44ORc47PyYzGUljNdo03zoVPF3HCZn27J7ynmjb+ojOT5idmF2ly/g4cBt7FD/8/8Uel37YDbzve1YHDp/zC49H8YXPo/DC79HwZXu/7/cR/qAdx53v9hcOn/MLj0fxhc+j8MpI7fjU/X9JV/iXs+EWn3z6pGX+ucrPTDECN3xVltk6iu+scsbjGxru2ufr8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9Ma/AQAA//+nZunQ") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x40001e0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl(0xffffffffffffffff, 0x8916, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x94) shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000400)={{0x2, 0x0, 0x0, 0x0, 0x0, 0x12, 0x4}, 0x9, 0xfffffffffffffffe, 0x80, 0x290761e6, r1, r1, 0x4}) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000100)=ANY=[], 0x10) syz_init_net_socket$x25(0x9, 0x5, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x242, 0x11) truncate(&(0x7f0000000940)='./file1\x00', 0x2fffffd) sendfile(r4, r4, 0x0, 0xe3aa6ea) sendmsg$key(r0, &(0x7f0000000040)={0x4000000, 0x0, &(0x7f0000000000)={&(0x7f0000000700)=ANY=[@ANYBLOB="020f000008000000000000040000000001001000"], 0x40}}, 0x0) 9.857578621s ago: executing program 4 (id=161): socket$inet_mptcp(0x2, 0x1, 0x106) socket$inet6_sctp(0xa, 0x1, 0x84) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) socket$inet6_sctp(0xa, 0x1, 0x84) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000001840)={0xc, 0x5, &(0x7f0000000240)=ANY=[@ANYBLOB="180200000700000000000000fdffffff850000002700000085000000a00000"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x2, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) socket$kcm(0x11, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000080)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001400000008000200fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES32=r0], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x80) 9.035655658s ago: executing program 2 (id=162): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, 0x0, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060"], 0xb8}}, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000000000000000ac1e000182"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc00000000000000010000"], 0xb8}}, 0x20004000) sendmsg$nl_xfrm(r1, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x4000) 8.111357759s ago: executing program 2 (id=165): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x54, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 7.76544089s ago: executing program 4 (id=166): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x180) mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f00000001c0), 0x8, &(0x7f00000002c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') r0 = open(&(0x7f0000000240)='./file1\x00', 0x14d142, 0x2) ftruncate(r0, 0x2008001) sendfile(r0, r0, 0x0, 0x800000009) 7.297226321s ago: executing program 2 (id=167): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000) r2 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r2, &(0x7f0000000200)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc) r3 = syz_io_uring_setup(0x497, &(0x7f0000000540)={0x0, 0x744e, 0x400, 0x7, 0x2285}, 0x0, &(0x7f0000000480)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(0x0, r4, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r2, 0x0, 0x0}) openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000000), 0x0) socket(0x10, 0x803, 0x0) socket$unix(0x1, 0x5, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$BTRFS_IOC_BALANCE(r1, 0x5000940c, 0x0) io_uring_enter(r3, 0x3498, 0x969, 0xffff000000000000, 0x0, 0x0) 6.651074682s ago: executing program 2 (id=169): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r0, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r2 = syz_io_uring_setup(0x49b, &(0x7f0000000380)={0x0, 0x2c0c, 0x400, 0x7, 0x2000284}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4007, @fd_index=0x3, 0x0, 0x0}) io_uring_enter(r2, 0x40f6, 0x4f7c, 0x0, 0x0, 0x0) 6.452761156s ago: executing program 4 (id=170): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x4, &(0x7f00000002c0)={[{@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x7f}}]}, 0x1, 0x4c0, &(0x7f0000000f00)="$eJzs3ctvW1UaAPDPdpMmaWb6mNGo7WimlTpS56HmqVGTmdnMaoZFJUQlNiCVkLghxImj2ClN1EUCuy5YIBBIiAV7/gI2dEWFhFjDHrFARVCCBEhIRvfabhM3DhakMc39/aTbnPuwv3NifafnHt+bG0BmnU3+yUUMRsRHEXG0vrr9gLP1H5t3b0wnSy5qtctf5tLjkvXmoc3XHYmI9Yjoi4gn/hfxbO7BuJXVtfmpUqm43Fgfri4sDVdW1y7MLUzNFmeLi6MTFycnJ0bGxyb3rK03X37+5qV3H+t959uX7tx+5f33kmoNNvZtbcdeqje9J45v2XYoIv7zMIJ1QaHRnv5uV4SfJfn8fhcR59L8PxqF9NMEsqBWq9V+qB1ut3u9BhxY+XQMnMsPRUS9nM8PDdXH8L+PgXypXKn+42p5ZXGmPlY+Fj35q3Ol4kjjXOFY9OSS9dG0fH99rGV9PCIdA79a6E/Xh6bLpZn97eqAFkda8v+bQj3/gYxwyg/ZJf8hu+Q/ZJf8h+yS/5Bd8h+yS/5Ddsl/yC75D9lV6HYFgK7x/z9k0uOXLiVLrXn/+8y11ZX58rULM8XK/NDCyvTQdHl5aWi2XJ5N79lZ+Kn3K5XLS6P/jJXrw9VipTpcWV27slBeWaxeSe/rv1Ls2ZdWAZ04fubWJ7mIWP9Xf7okehv75CocbLVaLrp9DzLQHab+ILtM/UF2OccHWv9Eb+u4oK/dC5fuzxcCj5Z8tysAdM35U77/g6wy/w/ZZf4fsssYH9jhEX3b7Db/DzyazP9Ddg22ef7Xb7Y8u2skIn4bER8Xeg43n/UFHAT5z3ON8f/5o38ZbN3bm/su/YqgNyJeePPy69enqtXl0WT7V/e2V99obB/b8sK2JwxAtzTztJnHAEB2bd69Md1c9jPuF/+tX4TwYPxDjbnJvvQ7yoHN3LZrFXJ7dO3C+kZEnNwpfq7xvPP6iczAZuGB+CcaP3P1t0jreyh9bvr+xD+1Jf6ft8Q//Yt/K5ANt5L+Z2Sn/MunOR338m97/zO4R9dOtO//8vf6v0Kb/u9MhzGee+vFz9rG34g4vWP8Zry+NFZr/KRu5zuMf+fpJ//Qbl/t7fr77BS/KSkNVxeWhiuraxfmFjZmi7PFxdGJi5OTEyPjY5PDV+dKxT8daR//3yc/vL1b+wca8Xui8/Yn2/7WYfu//+MHT53dJf5fz+38+Z/YJX5/RPy9w/hfj336TLt9SfyZNr///C7xk23jHcavvPb/wx0eCgDsg8rq2vxUqVRcVlBQ6Eph49dRjZZCt3sm4GGrrCan5knSd7smAAAAAAAAAAAAQKf243LibrcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAg+DEAAP//KbnRCQ==") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = open(&(0x7f0000000140)='./file1\x00', 0x64042, 0x178) pwritev2(r3, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x78c00}], 0x1, 0x2000, 0x0, 0x3) 6.297285642s ago: executing program 3 (id=171): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000000)={0x1, 0x0, [{0x2bb, 0x4, 0x0, 0x0, @msi={0x3, 0xc0000000, 0x6, 0x6}}]}) 5.557485702s ago: executing program 3 (id=172): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000140), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000180)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_HARDIF(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x24, r1, 0x1, 0x70bd2a, 0x25dfdbff, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}, @BATADV_ATTR_HARD_IFINDEX={0x8}]}, 0x24}}, 0x0) 5.32021817s ago: executing program 3 (id=173): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, 0x0, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060"], 0xb8}}, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000000000000000ac1e000182"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc00000000000000010000"], 0xb8}}, 0x20004000) sendmsg$nl_xfrm(r1, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x4000) 4.707532468s ago: executing program 3 (id=174): socket$inet_mptcp(0x2, 0x1, 0x106) socket$inet6_sctp(0xa, 0x1, 0x84) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) socket$inet6_sctp(0xa, 0x1, 0x84) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000001840)={0xc, 0x5, &(0x7f0000000240)=ANY=[@ANYBLOB="180200000700000000000000fdffffff850000002700000085000000a0000000"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x2, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) socket$kcm(0x11, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000080)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001400000008000200fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES32=r0], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x80) 2.41489911s ago: executing program 4 (id=175): syz_open_dev$dri(0x0, 0x40100001, 0x0) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xfe, 0x7fff0006}]}) r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0xa2003, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r1, 0xc0184800, &(0x7f0000000100)={0x20004, r0, 0x2}) r3 = syz_open_dev$dri(&(0x7f0000000280), 0x1ff, 0x140) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r3, 0xc00c642e, &(0x7f00000000c0)={0x0, 0x0, r2}) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) close_range(r4, 0xffffffffffffffff, 0x0) 1.822199985s ago: executing program 4 (id=176): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$kcm(0x11, 0x3, 0x0) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, 0x0, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x8810}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newtfilter={0x58, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0xb, 0x4}, {}, {0x7, 0x300}}, [@filter_kind_options=@f_basic={{0xa}, {0x28, 0x2, [@TCA_BASIC_EMATCHES={0x24, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0x18, 0x2, 0x0, 0x1, [@TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0xceb, 0x7, 0x2}, {{0x0, 0x0, 0x1, 0x1}, {0x0, 0x0, 0x1}}}}]}]}]}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20041090}, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r5) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r2, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x7, r6, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)='\'', 0x5dc}], 0x1}, 0x4) 816.202414ms ago: executing program 3 (id=177): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000) r2 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r2, &(0x7f0000000200)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc) r3 = syz_io_uring_setup(0x497, &(0x7f0000000540)={0x0, 0x744e, 0x400, 0x7, 0x2285}, 0x0, &(0x7f0000000480)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(0x0, r4, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r2, 0x0, 0x0}) openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000000), 0x0) socket(0x10, 0x803, 0x0) socket$unix(0x1, 0x5, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$BTRFS_IOC_BALANCE(r1, 0x5000940c, 0x0) io_uring_enter(r3, 0x3498, 0x969, 0xffff000000000000, 0x0, 0x0) 468.314253ms ago: executing program 3 (id=178): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000780)=ANY=[@ANYBLOB="12010000cf8bed20d90f25004029000000010902120001000000000904"], 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000580)={0x24, &(0x7f0000000700)=ANY=[@ANYBLOB="201109"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000200)={0x1, 0x6, 0x4, &(0x7f0000000080)={0x11, "cc9efc7ddb01702fa9a7f77d040b00"}}) 0s ago: executing program 4 (id=179): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_io_uring_setup(0x10f, &(0x7f00000000c0)={0x0, 0x211a, 0x800, 0x4, 0x305}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000040)=0xffefffdc, 0x0, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r6, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r6, 0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_ACCEPT={0xd, 0x8, 0x1, 0xffffffffffffffff, 0x0}) io_uring_enter(r3, 0x3516, 0x7dd6, 0x8, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.170' (ED25519) to the list of known hosts. [ 164.952338][ T5752] cgroup: Unknown subsys name 'net' [ 165.093943][ T5752] cgroup: Unknown subsys name 'cpuset' [ 165.120134][ T5752] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 172.458226][ T5752] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 178.739801][ T5778] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 178.749001][ T5778] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 178.765628][ T5781] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 178.775889][ T5781] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 178.786489][ T5781] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 178.796088][ T5781] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 178.801879][ T5785] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 178.813048][ T5781] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 178.825687][ T5785] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 178.825687][ T5781] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 178.847965][ T5781] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 178.851423][ T5788] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 178.860897][ T5781] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 178.879188][ T5786] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 178.887244][ T5788] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 178.901954][ T5788] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 178.914207][ T5788] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 178.923266][ T5781] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 178.924532][ T5785] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 178.939516][ T5781] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 178.956009][ T5068] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 178.967274][ T5068] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 178.976447][ T5068] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 178.994494][ T5068] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 179.035986][ T5785] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 180.478492][ T5772] chnl_net:caif_netlink_parms(): no params data found [ 180.767764][ T5770] chnl_net:caif_netlink_parms(): no params data found [ 181.001020][ T5771] chnl_net:caif_netlink_parms(): no params data found [ 181.076433][ T5778] Bluetooth: hci2: command tx timeout [ 181.076575][ T5788] Bluetooth: hci3: command tx timeout [ 181.083040][ T49] Bluetooth: hci0: command tx timeout [ 181.089232][ T5785] Bluetooth: hci1: command tx timeout [ 181.151710][ T5785] Bluetooth: hci4: command tx timeout [ 181.180904][ T5782] chnl_net:caif_netlink_parms(): no params data found [ 181.326299][ T5773] chnl_net:caif_netlink_parms(): no params data found [ 181.766813][ T5772] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.785512][ T5772] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.799378][ T5772] bridge_slave_0: entered allmulticast mode [ 181.818205][ T5772] bridge_slave_0: entered promiscuous mode [ 181.916389][ T5772] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.951227][ T5772] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.971500][ T5772] bridge_slave_1: entered allmulticast mode [ 182.012359][ T5772] bridge_slave_1: entered promiscuous mode [ 182.314995][ T5770] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.351518][ T5770] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.381386][ T5770] bridge_slave_0: entered allmulticast mode [ 182.432940][ T5770] bridge_slave_0: entered promiscuous mode [ 182.572989][ T5771] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.589654][ T5771] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.600180][ T5771] bridge_slave_0: entered allmulticast mode [ 182.613431][ T5771] bridge_slave_0: entered promiscuous mode [ 182.630159][ T5771] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.641718][ T5771] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.652632][ T5771] bridge_slave_1: entered allmulticast mode [ 182.670092][ T5771] bridge_slave_1: entered promiscuous mode [ 182.687112][ T5770] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.699384][ T5770] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.708665][ T5770] bridge_slave_1: entered allmulticast mode [ 182.718279][ T5770] bridge_slave_1: entered promiscuous mode [ 182.744777][ T5772] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 182.852681][ T5772] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 183.063575][ T5773] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.073804][ T5773] bridge0: port 1(bridge_slave_0) entered disabled state [ 183.084317][ T5773] bridge_slave_0: entered allmulticast mode [ 183.096262][ T5773] bridge_slave_0: entered promiscuous mode [ 183.150917][ T5788] Bluetooth: hci0: command tx timeout [ 183.151034][ T49] Bluetooth: hci3: command tx timeout [ 183.158477][ T5788] Bluetooth: hci2: command tx timeout [ 183.177635][ T5771] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 183.177798][ T5785] Bluetooth: hci1: command tx timeout [ 183.210601][ T5771] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 183.232733][ T5785] Bluetooth: hci4: command tx timeout [ 183.245447][ T5770] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 183.286992][ T5773] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.297186][ T5773] bridge0: port 2(bridge_slave_1) entered disabled state [ 183.305870][ T5773] bridge_slave_1: entered allmulticast mode [ 183.316875][ T5773] bridge_slave_1: entered promiscuous mode [ 183.326818][ T5782] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.335446][ T5782] bridge0: port 1(bridge_slave_0) entered disabled state [ 183.344976][ T5782] bridge_slave_0: entered allmulticast mode [ 183.356545][ T5782] bridge_slave_0: entered promiscuous mode [ 183.404774][ T5770] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 183.442859][ T5772] team0: Port device team_slave_0 added [ 183.496921][ T5782] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.506335][ T5782] bridge0: port 2(bridge_slave_1) entered disabled state [ 183.519008][ T5782] bridge_slave_1: entered allmulticast mode [ 183.531836][ T5782] bridge_slave_1: entered promiscuous mode [ 183.626076][ T5772] team0: Port device team_slave_1 added [ 183.721099][ T5771] team0: Port device team_slave_0 added [ 183.742250][ T5771] team0: Port device team_slave_1 added [ 183.832227][ T5773] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 183.909783][ T5770] team0: Port device team_slave_0 added [ 183.955936][ T5773] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 183.975422][ T5782] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 184.027923][ T5770] team0: Port device team_slave_1 added [ 184.038376][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 184.046433][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 184.082111][ T5772] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 184.128527][ T5782] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 184.178974][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 184.188356][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 184.224646][ T5771] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 184.271946][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 184.284901][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 184.318123][ T5772] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 184.392794][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 184.400649][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 184.430141][ T5771] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 184.491997][ T5773] team0: Port device team_slave_0 added [ 184.508791][ T5782] team0: Port device team_slave_0 added [ 184.539163][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 184.546884][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 184.576571][ T5770] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 184.598116][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 184.607377][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 184.647577][ T5770] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 184.672004][ T5773] team0: Port device team_slave_1 added [ 184.692147][ T5782] team0: Port device team_slave_1 added [ 185.003486][ T5771] hsr_slave_0: entered promiscuous mode [ 185.013023][ T5771] hsr_slave_1: entered promiscuous mode [ 185.025661][ T5773] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 185.034098][ T5773] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 185.068998][ T5773] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 185.085121][ T5782] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 185.092546][ T5782] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 185.120898][ T5782] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 185.147936][ T5772] hsr_slave_0: entered promiscuous mode [ 185.157282][ T5772] hsr_slave_1: entered promiscuous mode [ 185.165787][ T5772] debugfs: 'hsr0' already exists in 'hsr' [ 185.171896][ T5772] Cannot create hsr debugfs directory [ 185.231075][ T5788] Bluetooth: hci1: command tx timeout [ 185.231222][ T5778] Bluetooth: hci2: command tx timeout [ 185.237196][ T5785] Bluetooth: hci3: command tx timeout [ 185.243414][ T49] Bluetooth: hci0: command tx timeout [ 185.258610][ T5773] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 185.266104][ T5773] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 185.292649][ T5773] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 185.306758][ T5782] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 185.314748][ T5782] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 185.321105][ T49] Bluetooth: hci4: command tx timeout [ 185.345881][ T5782] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 185.387186][ T5770] hsr_slave_0: entered promiscuous mode [ 185.397169][ T5770] hsr_slave_1: entered promiscuous mode [ 185.405702][ T5770] debugfs: 'hsr0' already exists in 'hsr' [ 185.412435][ T5770] Cannot create hsr debugfs directory [ 185.897104][ T5773] hsr_slave_0: entered promiscuous mode [ 185.906297][ T5773] hsr_slave_1: entered promiscuous mode [ 185.916878][ T5773] debugfs: 'hsr0' already exists in 'hsr' [ 185.923983][ T5773] Cannot create hsr debugfs directory [ 185.945819][ T5782] hsr_slave_0: entered promiscuous mode [ 185.957713][ T5782] hsr_slave_1: entered promiscuous mode [ 185.966260][ T5782] debugfs: 'hsr0' already exists in 'hsr' [ 185.974671][ T5782] Cannot create hsr debugfs directory [ 187.174638][ T5771] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 187.207919][ T5771] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 187.236067][ T5771] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 187.271263][ T5771] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 187.312537][ T5785] Bluetooth: hci3: command tx timeout [ 187.312684][ T5778] Bluetooth: hci2: command tx timeout [ 187.319672][ T5788] Bluetooth: hci1: command tx timeout [ 187.332516][ T49] Bluetooth: hci0: command tx timeout [ 187.391907][ T5788] Bluetooth: hci4: command tx timeout [ 187.436207][ T5772] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 187.487222][ T5772] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 187.525498][ T5772] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 187.557970][ T5772] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 187.665274][ T5770] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 187.707414][ T5770] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 187.768496][ T5770] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 187.843533][ T5770] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 187.964928][ T5773] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 188.035417][ T5773] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 188.098612][ T5773] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 188.165060][ T5773] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 188.446581][ T5771] 8021q: adding VLAN 0 to HW filter on device bond0 [ 188.516579][ T5782] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 188.577043][ T5782] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 188.609165][ T5782] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 188.650616][ T5782] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 188.826618][ T5771] 8021q: adding VLAN 0 to HW filter on device team0 [ 188.995380][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.004951][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 189.034018][ T5772] 8021q: adding VLAN 0 to HW filter on device bond0 [ 189.135773][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.146214][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 189.311779][ T5770] 8021q: adding VLAN 0 to HW filter on device bond0 [ 189.326954][ T5772] 8021q: adding VLAN 0 to HW filter on device team0 [ 189.455251][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.467050][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 189.535359][ T5770] 8021q: adding VLAN 0 to HW filter on device team0 [ 189.559540][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.569576][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 189.633485][ T5773] 8021q: adding VLAN 0 to HW filter on device bond0 [ 189.687101][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.696528][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 189.804548][ T142] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.813686][ T142] bridge0: port 2(bridge_slave_1) entered forwarding state [ 189.981496][ T5773] 8021q: adding VLAN 0 to HW filter on device team0 [ 190.126696][ T142] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.137212][ T142] bridge0: port 1(bridge_slave_0) entered forwarding state [ 190.285752][ T5772] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 190.350227][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.359588][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 190.455652][ T5770] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 190.566719][ T5782] 8021q: adding VLAN 0 to HW filter on device bond0 [ 190.718722][ T5771] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 190.992336][ T5782] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.086760][ T57] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.094739][ T57] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.283780][ T79] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.293267][ T79] bridge0: port 2(bridge_slave_1) entered forwarding state [ 191.600252][ T5772] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 191.920332][ T5770] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 192.115474][ T5771] veth0_vlan: entered promiscuous mode [ 192.347596][ T5771] veth1_vlan: entered promiscuous mode [ 192.561797][ T5772] veth0_vlan: entered promiscuous mode [ 192.659314][ T5773] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 192.780313][ T5772] veth1_vlan: entered promiscuous mode [ 193.066758][ T5771] veth0_macvtap: entered promiscuous mode [ 193.205476][ T5771] veth1_macvtap: entered promiscuous mode [ 193.506568][ T5773] veth0_vlan: entered promiscuous mode [ 193.558151][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 193.586378][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 193.606116][ T5772] veth0_macvtap: entered promiscuous mode [ 193.678289][ T5773] veth1_vlan: entered promiscuous mode [ 193.713566][ T142] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 193.732594][ T142] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 193.745350][ T5772] veth1_macvtap: entered promiscuous mode [ 193.820117][ T5782] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 193.838624][ T142] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 193.865035][ T142] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 194.192650][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 194.225955][ T5770] veth0_vlan: entered promiscuous mode [ 194.348393][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 194.451628][ T5773] veth0_macvtap: entered promiscuous mode [ 194.482300][ T5770] veth1_vlan: entered promiscuous mode [ 194.516754][ T5773] veth1_macvtap: entered promiscuous mode [ 194.636185][ T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 194.683796][ T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 194.699153][ T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 194.829857][ T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 194.965373][ T5773] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 195.106813][ T5782] veth0_vlan: entered promiscuous mode [ 195.155703][ T5773] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 195.217482][ T5770] veth0_macvtap: entered promiscuous mode [ 195.381689][ T5782] veth1_vlan: entered promiscuous mode [ 195.456983][ T79] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.473931][ T5770] veth1_macvtap: entered promiscuous mode [ 195.549834][ T79] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.583198][ T35] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.688349][ T35] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.855655][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 195.967407][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 196.078988][ T5782] veth0_macvtap: entered promiscuous mode [ 196.141732][ T13] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.166476][ T13] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.213762][ T13] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.233760][ T13] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.313801][ T5782] veth1_macvtap: entered promiscuous mode [ 196.491067][ T5782] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 196.588583][ T5782] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 196.740765][ T35] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.790719][ T35] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.859859][ T35] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.903445][ T35] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.549532][ T1140] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 198.582175][ T1140] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 198.807640][ T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 198.870758][ T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 199.347147][ T5771] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 200.087321][ T5941] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 200.311453][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 200.319996][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 200.643774][ T142] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 200.687818][ T142] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 201.868903][ T79] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 201.961415][ T79] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 202.257265][ T5961] loop0: detected capacity change from 0 to 512 [ 202.344919][ T1140] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 202.360564][ T5961] EXT4-fs (loop0): Test dummy encryption mode enabled [ 202.360658][ T5961] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 202.360732][ T5961] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 202.499480][ T5961] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2858: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 202.517988][ T5966] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 202.566711][ T5961] EXT4-fs (loop0): 1 truncate cleaned up [ 202.612953][ T5961] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 202.640595][ T1140] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 203.147464][ T5771] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 203.379479][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 203.450638][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 203.762133][ T5974] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3'. [ 203.915849][ T1140] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 204.003449][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 204.012447][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 204.015546][ T5839] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 204.079829][ T1140] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 204.246605][ T5839] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 204.269326][ T5839] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 204.350228][ T5839] usb 2-1: Product: syz [ 204.373274][ T5839] usb 2-1: Manufacturer: syz [ 204.387654][ T5839] usb 2-1: SerialNumber: syz [ 204.411529][ T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 204.416470][ T5839] usb 2-1: config 0 descriptor?? [ 204.462069][ T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 204.712816][ T1013] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 204.762188][ T5839] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 204.764094][ T1013] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 205.168274][ T5985] netlink: 56 bytes leftover after parsing attributes in process `syz.0.11'. [ 205.213614][ T5985] netlink: 56 bytes leftover after parsing attributes in process `syz.0.11'. [ 206.315090][ T5839] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 206.407624][ T5839] usb 2-1: USB disconnect, device number 2 [ 206.579120][ T5993] kvm: kvm [5991]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x70000002d [ 206.605823][ T5993] kvm: kvm [5991]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 206.631638][ T5993] kvm_intel: kvm [5991]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0x70000008e [ 206.704327][ T5993] kvm: kvm [5991]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0xf0000004f [ 208.435910][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 208.801655][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 208.872879][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 209.075760][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 209.211484][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 209.313850][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 209.620651][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 209.722893][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 210.132496][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 210.227119][ T6008] process 'syz.0.16' launched './file0' with NULL argv: empty string added [ 210.285700][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 214.447271][ T6026] loop0: detected capacity change from 0 to 512 [ 214.647614][ T6026] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 214.744083][ T6026] ext4 filesystem being mounted at /7/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 215.791429][ T29] audit: type=1800 audit(1772600890.149:2): pid=6038 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.22" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 216.676967][ T6049] loop4: detected capacity change from 0 to 256 [ 217.214501][ T6049] FAT-fs (loop4): Directory bread(block 64) failed [ 217.270962][ T6049] FAT-fs (loop4): Directory bread(block 65) failed [ 217.311212][ T6049] FAT-fs (loop4): Directory bread(block 66) failed [ 217.361098][ T6049] FAT-fs (loop4): Directory bread(block 67) failed [ 217.369390][ T6049] FAT-fs (loop4): Directory bread(block 68) failed [ 217.424960][ T6049] FAT-fs (loop4): Directory bread(block 69) failed [ 217.468271][ T6049] FAT-fs (loop4): Directory bread(block 70) failed [ 217.528159][ T6049] FAT-fs (loop4): Directory bread(block 71) failed [ 217.631783][ T6049] FAT-fs (loop4): Directory bread(block 72) failed [ 217.660768][ T6049] FAT-fs (loop4): Directory bread(block 73) failed [ 217.898705][ T6060] loop3: detected capacity change from 0 to 512 [ 218.269801][ T6060] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 218.386894][ T6060] ext4 filesystem being mounted at /6/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 218.517672][ T6065] loop2: detected capacity change from 0 to 22 [ 218.696138][ T6065] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 220.640746][ T29] audit: type=1800 audit(1772600894.529:3): pid=6069 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.32" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 222.904515][ T5782] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 223.494088][ T6077] Bluetooth: MGMT ver 1.23 [ 223.500238][ T6077] Bluetooth: hci0: unsupported parameter 255 [ 223.586245][ T6077] Bluetooth: hci0: unsupported parameter 255 [ 223.617897][ T6075] loop2: detected capacity change from 0 to 2048 [ 223.845705][ T6080] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 223.949874][ T29] audit: type=1800 audit(1772600898.339:4): pid=6075 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.37" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 224.352373][ T6083] NILFS (loop2): nilfs_palloc_commit_free_entry (ino=3): entry number 7168 already freed [ 224.471912][ T6080] NILFS (loop2): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 224.508250][ T6080] NILFS error (device loop2): nilfs_bmap_propagate: broken bmap (inode number=4) [ 224.563669][ T6080] Remounting filesystem read-only [ 224.840049][ T5773] NILFS (loop2): disposed unprocessed dirty file(s) when stopping log writer [ 225.354487][ T6095] loop4: detected capacity change from 0 to 1024 [ 225.456077][ T6099] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 225.538272][ T6095] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 229.047253][ T5770] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 229.437575][ T6114] Bluetooth: hci0: unsupported parameter 255 [ 229.450889][ T6114] Bluetooth: hci0: unsupported parameter 255 [ 229.965440][ T6035] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 230.391473][ T9] usb 3-1: new full-speed USB device number 2 using dummy_hcd [ 230.623309][ T9] usb 3-1: config 0 has no interfaces? [ 230.694206][ T9] usb 3-1: New USB device found, idVendor=0b57, idProduct=8528, bcdDevice=6d.39 [ 230.760677][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 230.810778][ T9] usb 3-1: Product: syz [ 230.867610][ T9] usb 3-1: Manufacturer: syz [ 230.888510][ T9] usb 3-1: SerialNumber: syz [ 231.013740][ T9] usb 3-1: config 0 descriptor?? [ 233.995791][ T5785] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 235.411481][ T5785] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 235.452606][ T5785] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 235.484233][ T5785] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 235.549964][ T5785] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 235.649099][ T9] usb 3-1: USB disconnect, device number 2 [ 236.498269][ T5788] Bluetooth: Fragment is too long (len 14, expected 2) [ 236.554442][ T6140] loop1: detected capacity change from 0 to 4096 [ 237.161182][ T6152] Bluetooth: hci0: unsupported parameter 255 [ 237.191205][ T6152] Bluetooth: hci0: unsupported parameter 255 [ 237.710663][ T5788] Bluetooth: hci5: command tx timeout [ 239.049055][ T142] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 239.321730][ T5839] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 239.454888][ T6130] chnl_net:caif_netlink_parms(): no params data found [ 239.553702][ T5839] usb 4-1: config 0 has no interfaces? [ 239.577074][ T142] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 239.601221][ T5839] usb 4-1: New USB device found, idVendor=0b57, idProduct=8528, bcdDevice=6d.39 [ 239.641515][ T6158] Zero length message leads to an empty skb [ 239.665276][ T5839] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 239.710971][ T5839] usb 4-1: Product: syz [ 239.715899][ T5839] usb 4-1: Manufacturer: syz [ 239.818360][ T5788] Bluetooth: hci5: command tx timeout [ 239.840578][ T5839] usb 4-1: SerialNumber: syz [ 239.868396][ T5839] usb 4-1: config 0 descriptor?? [ 240.386574][ T142] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 240.862287][ T142] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 241.881279][ T5788] Bluetooth: hci5: command tx timeout [ 243.470723][ T9] usb 4-1: USB disconnect, device number 2 [ 243.603629][ T142] bridge_slave_1: left allmulticast mode [ 243.672671][ T142] bridge_slave_1: left promiscuous mode [ 243.679348][ T142] bridge0: port 2(bridge_slave_1) entered disabled state [ 243.765544][ T142] bridge_slave_0: left allmulticast mode [ 243.806204][ T142] bridge_slave_0: left promiscuous mode [ 243.824586][ T142] bridge0: port 1(bridge_slave_0) entered disabled state [ 243.846638][ T6189] Bluetooth: MGMT ver 1.23 [ 243.969423][ T5788] Bluetooth: hci5: command tx timeout [ 244.393437][ T6193] Bluetooth: hci0: unsupported parameter 255 [ 244.471362][ T6193] Bluetooth: hci0: unsupported parameter 255 [ 246.656441][ T142] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 246.783827][ T142] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 247.086153][ T142] bond0 (unregistering): Released all slaves [ 247.642226][ T6130] bridge0: port 1(bridge_slave_0) entered blocking state [ 247.671101][ T6130] bridge0: port 1(bridge_slave_0) entered disabled state [ 247.703986][ T6130] bridge_slave_0: entered allmulticast mode [ 247.818255][ T6130] bridge_slave_0: entered promiscuous mode [ 248.010754][ T6130] bridge0: port 2(bridge_slave_1) entered blocking state [ 248.118681][ T6130] bridge0: port 2(bridge_slave_1) entered disabled state [ 248.208431][ T6130] bridge_slave_1: entered allmulticast mode [ 248.281324][ T6130] bridge_slave_1: entered promiscuous mode [ 248.363452][ T5839] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 249.160203][ T5839] usb 2-1: Using ep0 maxpacket: 8 [ 249.186987][ T5839] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE9, changing to 0x89 [ 249.254077][ T5839] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 113, setting to 64 [ 249.318035][ T5839] usb 2-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e [ 249.334151][ T6130] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 249.360875][ T5839] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 249.405503][ T5839] usb 2-1: Product: syz [ 249.423076][ T6130] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 249.559611][ T9] usb 3-1: new full-speed USB device number 3 using dummy_hcd [ 249.767882][ T9] usb 3-1: config 0 has no interfaces? [ 249.799985][ T9] usb 3-1: New USB device found, idVendor=0b57, idProduct=8528, bcdDevice=6d.39 [ 249.834331][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 249.885423][ T9] usb 3-1: Product: syz [ 249.890002][ T9] usb 3-1: Manufacturer: syz [ 249.930742][ T9] usb 3-1: SerialNumber: syz [ 249.982726][ T9] usb 3-1: config 0 descriptor?? [ 250.151274][ T6130] team0: Port device team_slave_0 added [ 250.206465][ T5839] usb 2-1: Manufacturer: syz [ 250.221513][ T5839] usb 2-1: SerialNumber: syz [ 250.289941][ T5839] usb 2-1: config 0 descriptor?? [ 250.634673][ T6130] team0: Port device team_slave_1 added [ 252.667253][ T6221] loop4: detected capacity change from 0 to 512 [ 252.858236][ T6221] EXT4-fs: Ignoring removed nomblk_io_submit option [ 253.032728][ T5839] usb 2-1: can't set config #0, error -71 [ 253.131277][ T5839] usb 2-1: USB disconnect, device number 3 [ 253.261700][ T6226] Bluetooth: hci0: invalid length 0, exp 2 for type 3 [ 253.496552][ T6221] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 253.614129][ T6221] ext4 filesystem being mounted at /23/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 253.697196][ T9] usb 3-1: USB disconnect, device number 3 [ 253.797303][ T6130] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 253.850691][ T6130] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 254.050791][ T6130] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 254.178708][ T6130] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 254.203460][ T6130] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 254.233969][ T5770] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 254.272504][ T6130] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 255.891709][ T142] hsr_slave_0: left promiscuous mode [ 255.944171][ T142] hsr_slave_1: left promiscuous mode [ 255.974569][ T142] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 256.026740][ T142] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 256.133313][ T142] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 256.176465][ T142] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 256.269880][ T6257] netlink: 12 bytes leftover after parsing attributes in process `syz.3.97'. [ 256.321767][ T6257] netlink: 12 bytes leftover after parsing attributes in process `syz.3.97'. [ 256.359656][ T142] veth1_macvtap: left promiscuous mode [ 256.381083][ T142] veth0_macvtap: left promiscuous mode [ 256.386967][ T142] veth1_vlan: left promiscuous mode [ 256.441165][ T142] veth0_vlan: left promiscuous mode [ 257.665887][ T6262] loop1: detected capacity change from 0 to 4096 [ 257.898226][ T6270] Bluetooth: hci0: invalid length 0, exp 2 for type 3 [ 258.677469][ T142] team0 (unregistering): Port device team_slave_1 removed [ 258.731775][ T6275] loop1: detected capacity change from 0 to 8 [ 258.793777][ T142] team0 (unregistering): Port device team_slave_0 removed [ 259.584045][ T29] audit: type=1800 audit(1772600933.959:5): pid=6275 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.103" name="file2" dev="loop1" ino=6 res=0 errno=0 [ 260.151474][ T6130] hsr_slave_0: entered promiscuous mode [ 260.180600][ T29] audit: type=1800 audit(1772600934.569:6): pid=6279 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.104" name="/" dev="fuse" ino=9 res=0 errno=0 [ 260.881233][ T6130] hsr_slave_1: entered promiscuous mode [ 264.194901][ T6303] Bluetooth: hci0: unsupported parameter 255 [ 264.204943][ T6303] Bluetooth: hci0: invalid length 0, exp 2 for type 0 [ 265.486004][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 265.493190][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 266.926449][ T6130] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 267.688903][ T6333] comedi comedi4: bad chanlist[0]=0x80100006 chan=6 range length=1 [ 267.727204][ T6335] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 268.078482][ T6130] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 268.346044][ T6130] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 268.483621][ T6130] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 272.034414][ T6130] 8021q: adding VLAN 0 to HW filter on device bond0 [ 272.246842][ T6130] 8021q: adding VLAN 0 to HW filter on device team0 [ 272.486132][ T1140] bridge0: port 1(bridge_slave_0) entered blocking state [ 272.494510][ T1140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 272.598986][ T1140] bridge0: port 2(bridge_slave_1) entered blocking state [ 272.606837][ T1140] bridge0: port 2(bridge_slave_1) entered forwarding state [ 280.575045][ T6379] loop4: detected capacity change from 0 to 256 [ 281.190820][ T6378] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 282.710578][ T6395] block device autoloading is deprecated and will be removed. [ 286.460263][ T6409] loop2: detected capacity change from 0 to 128 [ 286.618984][ T6409] gfs2: gfs2 mount does not exist [ 288.226383][ T6412] loop7: detected capacity change from 0 to 16384 [ 288.312289][ T6415] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 2 [ 288.428965][ T6415] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 288.540786][ T3080] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 288.819796][ T6415] Buffer I/O error on dev loop7, logical block 0, async page read [ 288.893253][ T6130] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 295.329721][ T5785] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 295.356977][ T5785] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 295.366691][ T5785] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 295.381455][ T5785] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 295.421344][ T5785] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 296.612563][ T5788] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 296.678744][ T5788] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 296.692312][ T5788] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 296.732674][ T5788] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 296.744816][ T5788] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 297.471559][ T5785] Bluetooth: hci2: command tx timeout [ 298.505534][ T5785] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 298.515467][ T5785] CPU: 0 UID: 0 PID: 5785 Comm: kworker/u9:6 Not tainted syzkaller #0 PREEMPT(full) [ 298.515603][ T5785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 298.515727][ T5785] Workqueue: hci0 hci_rx_work [ 298.515895][ T5785] Call Trace: [ 298.515946][ T5785] [ 298.516001][ T5785] __dump_stack+0x26/0x30 [ 298.516154][ T5785] dump_stack_lvl+0x14c/0x1c0 [ 298.516309][ T5785] dump_stack+0x1e/0x25 [ 298.516446][ T5785] sysfs_create_dir_ns+0x46c/0x540 [ 298.516651][ T5785] kobject_add_internal+0x1084/0x19b0 [ 298.516841][ T5785] kobject_add+0x2c1/0x410 [ 298.517024][ T5785] ? kmsan_get_metadata+0xf1/0x160 [ 298.517207][ T5785] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 298.517402][ T5785] device_add+0xa70/0x1c00 [ 298.517569][ T5785] hci_conn_add_sysfs+0x159/0x2e0 [ 298.517759][ T5785] le_conn_complete_evt+0x1d0a/0x2250 [ 298.517953][ T5785] hci_le_conn_complete_evt+0x157/0x260 [ 298.518134][ T5785] hci_le_meta_evt+0x6eb/0x960 [ 298.518283][ T5785] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 298.518460][ T5785] hci_event_packet+0xce2/0x1e40 [ 298.518586][ T5785] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 298.518774][ T5785] hci_rx_work+0x8c3/0xfc0 [ 298.518908][ T5785] ? kmsan_get_metadata+0xf1/0x160 [ 298.519096][ T5785] ? __pfx_hci_rx_work+0x10/0x10 [ 298.519231][ T5785] process_scheduled_works+0xb21/0x1e30 [ 298.519442][ T5785] worker_thread+0xede/0x1580 [ 298.519624][ T5785] kthread+0x53f/0x600 [ 298.519784][ T5785] ? __pfx_worker_thread+0x10/0x10 [ 298.519939][ T5785] ? __pfx_kthread+0x10/0x10 [ 298.520097][ T5785] ret_from_fork+0x20f/0x910 [ 298.520240][ T5785] ? __switch_to+0x51c/0x750 [ 298.520406][ T5785] ? __pfx_kthread+0x10/0x10 [ 298.520559][ T5785] ret_from_fork_asm+0x1a/0x30 [ 298.520746][ T5785] [ 299.511892][ T5788] Bluetooth: hci6: command tx timeout [ 299.551141][ T5788] Bluetooth: hci2: command tx timeout [ 299.647249][ T5785] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 299.661924][ T5785] Bluetooth: hci0: failed to register connection device [ 302.391235][ T5778] Bluetooth: hci6: command tx timeout [ 302.403272][ T5778] Bluetooth: hci2: command tx timeout [ 302.868180][ T1140] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 303.307223][ T1140] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 303.697523][ T1140] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 304.109631][ T1140] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 304.711344][ T5785] Bluetooth: hci2: command tx timeout [ 304.717226][ T5788] Bluetooth: hci6: command tx timeout [ 304.723295][ T5068] Bluetooth: hci3: command 0x0406 tx timeout [ 304.729723][ T5778] Bluetooth: hci0: command 0x0406 tx timeout [ 304.736406][ T5068] Bluetooth: hci4: command 0x0406 tx timeout [ 305.861744][ T6440] chnl_net:caif_netlink_parms(): no params data found [ 306.751676][ T49] Bluetooth: hci6: command tx timeout [ 307.018019][ T6443] chnl_net:caif_netlink_parms(): no params data found [ 308.261574][ T1140] bridge_slave_1: left allmulticast mode [ 308.267598][ T1140] bridge_slave_1: left promiscuous mode [ 308.381505][ T1140] bridge0: port 2(bridge_slave_1) entered disabled state [ 308.607241][ T1140] bridge_slave_0: left allmulticast mode [ 308.676462][ T1140] bridge_slave_0: left promiscuous mode [ 308.721387][ T1140] bridge0: port 1(bridge_slave_0) entered disabled state [ 308.887394][ T6506] loop2: detected capacity change from 0 to 512 [ 308.995461][ T6506] EXT4-fs: Ignoring removed nomblk_io_submit option [ 309.072755][ T6506] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 309.196460][ T6506] EXT4-fs (loop2): 1 truncate cleaned up [ 309.277424][ T6506] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 312.675247][ T5773] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 313.091718][ T1140] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 313.202227][ T1140] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 313.242204][ T1140] bond0 (unregistering): Released all slaves [ 314.362716][ T6440] bridge0: port 1(bridge_slave_0) entered blocking state [ 314.386707][ T6440] bridge0: port 1(bridge_slave_0) entered disabled state [ 314.411029][ T6440] bridge_slave_0: entered allmulticast mode [ 314.421049][ T6440] bridge_slave_0: entered promiscuous mode [ 314.568917][ T6440] bridge0: port 2(bridge_slave_1) entered blocking state [ 314.593353][ T6440] bridge0: port 2(bridge_slave_1) entered disabled state [ 314.603183][ T6440] bridge_slave_1: entered allmulticast mode [ 314.624549][ T6440] bridge_slave_1: entered promiscuous mode [ 314.883239][ T6443] bridge0: port 1(bridge_slave_0) entered blocking state [ 314.912176][ T6443] bridge0: port 1(bridge_slave_0) entered disabled state [ 314.919882][ T6443] bridge_slave_0: entered allmulticast mode [ 314.964313][ T6443] bridge_slave_0: entered promiscuous mode [ 315.749966][ T6443] bridge0: port 2(bridge_slave_1) entered blocking state [ 315.752396][ T6563] loop4: detected capacity change from 0 to 512 [ 315.763709][ T6443] bridge0: port 2(bridge_slave_1) entered disabled state [ 315.773128][ T6443] bridge_slave_1: entered allmulticast mode [ 315.784292][ T6443] bridge_slave_1: entered promiscuous mode [ 315.893010][ T6563] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 315.985894][ T6563] ext4 filesystem being mounted at /42/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 316.047509][ T1140] hsr_slave_0: left promiscuous mode [ 316.092944][ T1140] hsr_slave_1: left promiscuous mode [ 316.123576][ T1140] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 316.143129][ T1140] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 316.203500][ T1140] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 316.226019][ T1140] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 316.354114][ T1140] veth1_macvtap: left promiscuous mode [ 316.390506][ T1140] veth0_macvtap: left promiscuous mode [ 316.429199][ T1140] veth1_vlan: left promiscuous mode [ 316.446600][ T1140] veth0_vlan: left promiscuous mode [ 317.302308][ T29] audit: type=1800 audit(1772600991.629:7): pid=6573 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.170" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 319.064672][ T5770] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 319.778925][ T1140] team0 (unregistering): Port device team_slave_1 removed [ 319.837327][ T1140] team0 (unregistering): Port device team_slave_0 removed [ 320.484075][ T6440] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 320.558301][ T6443] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 320.635767][ T6443] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 320.847084][ T6583] syzkaller0: entered promiscuous mode [ 320.867009][ T6583] syzkaller0: entered allmulticast mode [ 320.917645][ T6440] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 321.370869][ T9] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 321.459108][ T6443] team0: Port device team_slave_0 added [ 321.510061][ T6440] team0: Port device team_slave_0 added [ 321.585166][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 321.607654][ T9] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 321.621538][ T6443] team0: Port device team_slave_1 added [ 321.665392][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 321.668546][ T6440] team0: Port device team_slave_1 added [ 321.696361][ T9] usb 4-1: config 0 descriptor?? [ 322.073163][ T9] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 322.203695][ T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 322.277340][ T6593] ===================================================== [ 322.285069][ T6593] BUG: KMSAN: kernel-infoleak in _copy_to_user+0xcc/0x120 [ 322.293524][ T6593] _copy_to_user+0xcc/0x120 [ 322.298191][ T6593] i2cdev_ioctl_smbus+0x586/0x660 [ 322.303660][ T6593] i2cdev_ioctl+0xa14/0xf40 [ 322.308423][ T6593] __se_sys_ioctl+0x23c/0x400 [ 322.313763][ T6593] __x64_sys_ioctl+0x97/0xe0 [ 322.318622][ T6593] x64_sys_call+0x1975/0x3ea0 [ 322.323663][ T6593] do_syscall_64+0x134/0xf80 [ 322.328610][ T6593] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 322.338460][ T6593] [ 322.341234][ T6593] Uninit was stored to memory at: [ 322.346639][ T6593] __i2c_smbus_xfer+0x25a0/0x3120 [ 322.352139][ T6593] i2c_smbus_xfer+0x2d8/0x480 [ 322.357000][ T6593] i2cdev_ioctl_smbus+0x4a1/0x660 [ 322.364234][ T6593] i2cdev_ioctl+0xa14/0xf40 [ 322.369781][ T6593] __se_sys_ioctl+0x23c/0x400 [ 322.374888][ T6593] __x64_sys_ioctl+0x97/0xe0 [ 322.379997][ T6593] x64_sys_call+0x1975/0x3ea0 [ 322.386427][ T6593] do_syscall_64+0x134/0xf80 [ 322.391587][ T6593] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 322.398549][ T6593] [ 322.401210][ T6593] Local variable msgbuf1.i created at: [ 322.406756][ T6593] __i2c_smbus_xfer+0x853/0x3120 [ 322.412126][ T6593] i2c_smbus_xfer+0x2d8/0x480 [ 322.417101][ T6593] [ 322.420043][ T6593] Bytes 0-1 of 2 are uninitialized [ 322.425780][ T6593] Memory access of size 2 starts at ffff88803e377d06 [ 322.432886][ T6593] Data copied to user address 0000200000000080 [ 322.439162][ T6593] [ 322.441855][ T6593] CPU: 0 UID: 0 PID: 6593 Comm: syz.3.178 Not tainted syzkaller #0 PREEMPT(full) [ 322.451668][ T6593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 322.464568][ T6593] ===================================================== [ 322.472661][ T6593] Disabling lock debugging due to kernel taint [ 322.542029][ T9] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 322.636167][ T9] usb 4-1: media controller created SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 322.941046][ T6443] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 322.948691][ T6443] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 323.029332][ T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 323.210685][ T6443] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 323.490836][ T6593] Kernel panic - not syncing: kmsan.panic set ... [ 323.497424][ T6593] CPU: 1 UID: 0 PID: 6593 Comm: syz.3.178 Tainted: G B syzkaller #0 PREEMPT(full) [ 323.508357][ T6593] Tainted: [B]=BAD_PAGE [ 323.512762][ T6593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 323.522937][ T6593] Call Trace: [ 323.526397][ T6593] [ 323.529410][ T6593] __dump_stack+0x26/0x30 [ 323.533930][ T6593] dump_stack_lvl+0x50/0x1c0 [ 323.538698][ T6593] ? dump_stack+0x12/0x25 [ 323.543303][ T6593] dump_stack+0x1e/0x25 [ 323.547610][ T6593] vpanic+0x7b4/0x1430 [ 323.551866][ T6593] panic+0x15d/0x160 [ 323.555961][ T6593] kmsan_report+0x31a/0x320 [ 323.560736][ T6593] ? kmsan_internal_check_memory+0x1e8/0x240 [ 323.566913][ T6593] ? kmsan_copy_to_user+0xef/0x190 [ 323.572308][ T6593] ? _copy_to_user+0xcc/0x120 [ 323.577141][ T6593] ? i2cdev_ioctl_smbus+0x586/0x660 [ 323.582535][ T6593] ? i2cdev_ioctl+0xa14/0xf40 [ 323.588100][ T6593] ? __se_sys_ioctl+0x23c/0x400 [ 323.593126][ T6593] ? __x64_sys_ioctl+0x97/0xe0 [ 323.598192][ T6593] ? x64_sys_call+0x1975/0x3ea0 [ 323.604083][ T6593] ? do_syscall_64+0x134/0xf80 [ 323.608992][ T6593] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 323.615214][ T6593] ? __pfx_az6027_i2c_xfer+0x10/0x10 [ 323.620651][ T6593] ? __pfx_az6027_i2c_xfer+0x10/0x10 [ 323.626070][ T6593] ? __i2c_transfer+0x1179/0x3280 [ 323.631327][ T6593] ? kmsan_get_metadata+0xf1/0x160 [ 323.636735][ T6593] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 323.643801][ T6593] ? kmsan_get_metadata+0xf1/0x160 [ 323.649210][ T6593] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 323.655397][ T6593] ? __i2c_smbus_xfer+0x1f6c/0x3120 [ 323.660785][ T6593] ? kmsan_get_metadata+0xf1/0x160 [ 323.666104][ T6593] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 323.672121][ T6593] kmsan_internal_check_memory+0x1e8/0x240 [ 323.678123][ T6593] kmsan_copy_to_user+0xef/0x190 [ 323.683422][ T6593] _copy_to_user+0xcc/0x120 [ 323.688878][ T6593] i2cdev_ioctl_smbus+0x586/0x660 [ 323.694167][ T6593] i2cdev_ioctl+0xa14/0xf40 [ 323.698815][ T6593] ? kmsan_report+0x2f6/0x320 [ 323.703765][ T6593] ? __pfx_i2cdev_ioctl+0x10/0x10 [ 323.708938][ T6593] __se_sys_ioctl+0x23c/0x400 [ 323.713801][ T6593] __x64_sys_ioctl+0x97/0xe0 [ 323.718570][ T6593] x64_sys_call+0x1975/0x3ea0 [ 323.723507][ T6593] do_syscall_64+0x134/0xf80 [ 323.728235][ T6593] ? clear_bhb_loop+0x50/0xa0 [ 323.733066][ T6593] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 323.739659][ T6593] RIP: 0033:0x7fea34b9c799 [ 323.744217][ T6593] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 323.764091][ T6593] RSP: 002b:00007fea35989028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 323.772679][ T6593] RAX: ffffffffffffffda RBX: 00007fea34e15fa0 RCX: 00007fea34b9c799 [ 323.780786][ T6593] RDX: 0000200000000200 RSI: 0000000000000720 RDI: 0000000000000004 [ 323.788904][ T6593] RBP: 00007fea34c32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 323.797002][ T6593] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 323.805176][ T6593] R13: 00007fea34e16038 R14: 00007fea34e15fa0 R15: 00007ffe8a9a12a8 [ 323.813315][ T6593] [ 323.816806][ T6593] Kernel Offset: disabled [ 323.821205][ T6593] Rebooting in 86400 seconds..