last executing test programs: 11.464753641s ago: executing program 1 (id=424): mkdir(&(0x7f0000000300)='./file0\x00', 0xfffffffffffffffe) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x4088080, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x0, 0x0) sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000032680)=""/102400, 0x19000) r3 = socket$inet6(0xa, 0x1000080002, 0x100000000000088) r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(r4, 0xc02064b6, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r4, 0xc02064b9, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000d9bffc), 0x4) r5 = socket$kcm(0x10, 0x2, 0x4) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x1, 0xf, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000ffffffff000000", @ANYBLOB="0000000000000000b702000014000000b7030000000000218500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000010000008500000084000000b7"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f00000000c0)=r6, 0x4) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) 9.907718024s ago: executing program 1 (id=425): socket$packet(0x11, 0x3, 0x300) fsopen(&(0x7f0000000180)='hfsplus\x00', 0x0) syz_open_dev$vim2m(&(0x7f0000000100), 0x2, 0x2) socket$vsock_stream(0x28, 0x1, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) unshare(0x22020600) pselect6(0x0, 0x0, 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) 9.905049934s ago: executing program 2 (id=426): syz_io_uring_setup(0x1104, &(0x7f0000000300)={0x0, 0x0, 0x80, 0x1, 0x8000021e}, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'geneve0\x00'}) syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)="39000000130003470fbb65e1c3e4ffff060060001600000056000000250000001900b3c0b6d20300070a0000000084db26b9e4e20000000000", 0x39}], 0x1) 9.389378699s ago: executing program 3 (id=429): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$xdp(0x2c, 0x3, 0x0) syz_emit_vhci(&(0x7f00000024c0)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x5}, @hci_rp_read_num_supported_iac={{0x75}, {0x6, 0x5}}}}, 0x8) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000480)={0x73622a85, 0x0, 0x2}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x802, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) 8.794149019s ago: executing program 2 (id=430): r0 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r0, &(0x7f0000000180), 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) getpid() r1 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x60081, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x15) writev(r1, &(0x7f00000024c0), 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) r3 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000000c0)="1400000035000b63d25a80648c2594f90324fc60", 0x14}], 0x1}, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r4 = syz_io_uring_setup(0xb7f, &(0x7f0000000180)={0x0, 0x38ab, 0x80, 0x0, 0x1e6}, &(0x7f0000000340), &(0x7f0000000600)) io_uring_register$IORING_REGISTER_PBUF_RING(r4, 0x16, &(0x7f00000000c0)={&(0x7f0000001000)={[{0x0, 0x0, 0x4, 0xf4}]}, 0x1, 0x1}, 0x1) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={0x20, 0x3, 0x7, 0x301, 0x0, 0x0, {0x5, 0x0, 0xd}, [@NFACCT_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 8.613423756s ago: executing program 3 (id=432): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000000)={{0x0, 0x8b93, 0x7, 0x5}, 'syz0\x00', 0x53}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000080)=0xffffffffffffffff, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89f3, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r3, &(0x7f0000000200)={0x2020}, 0x16a2) 7.689291036s ago: executing program 3 (id=433): mkdir(&(0x7f0000000300)='./file0\x00', 0xfffffffffffffffe) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x4088080, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x0, 0x0) sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000032680)=""/102400, 0x19000) r3 = socket$inet6(0xa, 0x1000080002, 0x100000000000088) r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(r4, 0xc02064b6, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r4, 0xc02064b9, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000d9bffc), 0x4) r5 = socket$kcm(0x10, 0x2, 0x4) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x1, 0xf, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000ffffffff000000", @ANYBLOB="0000000000000000b702000014000000b7030000000000218500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000010000008500000084000000b7"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f00000000c0)=r6, 0x4) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) 6.664149137s ago: executing program 3 (id=435): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) sched_setscheduler(0x0, 0x1, 0x0) read(0xffffffffffffffff, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_PARAMS(0xffffffffffffffff, 0x40505412, &(0x7f00000000c0)={0x7, 0x9dc5, 0x0, 0x0, 0xf}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x161}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, 0x0, 0x0) ioctl$sock_SIOCSIFBR(r2, 0x8941, &(0x7f00000002c0)=@generic={0x1, 0xffffffffffffffff, 0x6}) sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x40800) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, &(0x7f0000000140)={0x14, 0x0, 0x0}, 0x0) ioctl$KVM_CAP_X86_USER_SPACE_MSR(r0, 0x4068aea3, &(0x7f0000000080)={0xbc, 0x0, 0x1}) 5.444067402s ago: executing program 2 (id=438): syz_io_uring_setup(0x1104, &(0x7f0000000300)={0x0, 0x0, 0x80, 0x1, 0x8000021e}, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'geneve0\x00'}) syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$netlink(0x10, 0x3, 0x15) writev(r4, &(0x7f00000000c0)=[{&(0x7f0000000180)="39000000130003470fbb65e1c3e4ffff060060001600000056000000250000001900b3c0b6d20300070a0000000084db26b9e4e20000000000", 0x39}], 0x1) 5.181046384s ago: executing program 0 (id=439): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000c80)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}, @NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_KEY={0x4}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x3, 0x84}}}, 0xc4}, 0x1, 0x0, 0x0, 0xc800}, 0x0) 4.39882802s ago: executing program 2 (id=440): prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) io_setup(0x5, &(0x7f0000000e80)=0x0) io_pgetevents(r0, 0x1, 0x1, &(0x7f00000000c0)=[{}], 0x0, 0x0) r1 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0) landlock_restrict_self(r1, 0xa) openat$random(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) io_submit(r0, 0x0, &(0x7f0000001580)) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0xf) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r4 = io_uring_setup(0xbbc, &(0x7f0000000280)={0x0, 0xd54b, 0x2, 0x4, 0x345}) r5 = syz_usb_connect$hid(0x0, 0x6c, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000000000040b827ed0100000000000109022400010000000009040000010300000009210000200122050009058103"], 0x0) syz_usb_control_io(r5, 0x0, 0x0) r6 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet_buf(r6, 0x0, 0x30, &(0x7f0000000840)=""/225, &(0x7f0000000540)=0xe1) syz_usb_control_io$hid(r5, &(0x7f0000000b80)={0x24, 0x0, 0x0, &(0x7f0000000b00)={0x0, 0x22, 0x5, {[@global=@item_4={0x3, 0x1, 0x0, "efb9ce47"}]}}, 0x0}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000100), 0xffffffffffffffff) syz_usb_control_io$hid(r5, 0x0, 0x0) syz_usb_control_io(r5, 0x0, &(0x7f0000000bc0)={0x84, &(0x7f0000000000)=ANY=[@ANYBLOB="dda9b6"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) io_setup(0xb7b4, &(0x7f0000000140)) io_uring_enter(r4, 0x100000, 0x2, 0xf, 0x0, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) socket$netlink(0x10, 0x3, 0x14) 4.321222656s ago: executing program 0 (id=441): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000000)={{0x0, 0x8b93, 0x7, 0x5}, 'syz0\x00', 0x53}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000080)=0xffffffffffffffff, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b704000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r4, &(0x7f0000000200)={0x2020}, 0x16a2) 4.320691186s ago: executing program 1 (id=442): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0542, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0500000003f01f00040000009a00000001"], 0x48) bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000580)={r1, &(0x7f0000001600), &(0x7f0000001680)=""/227}, 0x20) syz_init_net_socket$rose(0xb, 0x5, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081) prctl$PR_SET_MM(0x23, 0x3, &(0x7f0000ffd000/0x1000)=nil) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r3 = syz_open_dev$loop(0x0, 0xb8a, 0x18b80) ioctl$BLKPBSZGET(r3, 0x127b, &(0x7f0000000340)) syz_open_dev$dvb_frontend(&(0x7f00000003c0), 0x0, 0xe82) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) ioctl$UI_SET_EVBIT(r4, 0x40045564, 0x16) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000380)={0x0, 0x1, &(0x7f0000000440)=[0x0], &(0x7f0000000200), &(0x7f00000000c0)=[0x0], &(0x7f0000000040), 0x0, 0x300}) 3.249193948s ago: executing program 3 (id=443): mkdir(&(0x7f0000000300)='./file0\x00', 0xfffffffffffffffe) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x4088080, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x0, 0x0) sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000032680)=""/102400, 0x19000) r3 = socket$inet6(0xa, 0x1000080002, 0x100000000000088) r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(r4, 0xc02064b6, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r4, 0xc02064b9, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000d9bffc), 0x4) r5 = socket$kcm(0x10, 0x2, 0x4) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x1, 0xf, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000ffffffff000000", @ANYBLOB="0000000000000000b702000014000000b7030000000000218500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000010000008500000084000000b7"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f00000000c0)=r6, 0x4) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) 3.197940449s ago: executing program 1 (id=444): sendmsg$NLBL_MGMT_C_ADDDEF(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r2 = dup(r1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r2, 0x2000) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x17) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x7ff}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x1) r3 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) mkdirat(r2, 0x0, 0x2) read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) 3.09313062s ago: executing program 0 (id=445): bpf$PROG_LOAD(0x5, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x20842, 0x63) unshare(0x2000400) bpf$MAP_LOOKUP_ELEM(0x15, &(0x7f0000000200)={0xffffffffffffffff, 0x0, 0x0}, 0x20) ioctl$TIOCGDEV(0xffffffffffffffff, 0x80045432, &(0x7f0000000100)) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x5, 0xc, 0x42, 0x40, 0xc0, 0x1}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x10f0, r0}, 0x38) 2.101289316s ago: executing program 3 (id=446): r0 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r0, &(0x7f0000000180), 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) getpid() r1 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x60081, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x15) writev(r1, &(0x7f00000024c0), 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) r3 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000000c0)="1400000035000b63d25a80648c2594f90324fc60", 0x14}], 0x1}, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r4 = syz_io_uring_setup(0xb7f, &(0x7f0000000180)={0x0, 0x38ab, 0x80, 0x0, 0x1e6}, &(0x7f0000000340), &(0x7f0000000600)) io_uring_register$IORING_REGISTER_PBUF_RING(r4, 0x16, &(0x7f00000000c0)={&(0x7f0000001000)={[{0x0, 0x0, 0x4, 0xf4}]}, 0x1, 0x1}, 0x1) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={0x20, 0x3, 0x7, 0x301, 0x0, 0x0, {0x5, 0x0, 0xd}, [@NFACCT_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 1.999190438s ago: executing program 0 (id=447): r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ptype\x00') preadv(r0, &(0x7f00000001c0)=[{&(0x7f0000000500)=""/212, 0xd4}], 0x1, 0xc0, 0xf1) 1.343174317s ago: executing program 1 (id=448): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800e80010000d0428bd7000fcdbff2500008000", @ANYRES32=r0, @ANYBLOB="1000000000000000280012800b00010062726964676500001800028005001900840000000c"], 0x48}}, 0x4084) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) sendmmsg(r0, &(0x7f0000000000), 0x4000000000001f2, 0x0) 1.211540533s ago: executing program 0 (id=449): syz_io_uring_setup(0x1104, &(0x7f0000000300)={0x0, 0x0, 0x80, 0x1, 0x8000021e}, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'geneve0\x00'}) syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$netlink(0x10, 0x3, 0x15) writev(r4, &(0x7f00000000c0)=[{&(0x7f0000000180)="39000000130003470fbb65e1c3e4ffff060060001600000056000000250000001900b3c0b6d20300070a0000000084db26b9e4e20000000000", 0x39}], 0x1) 1.015295647s ago: executing program 2 (id=450): r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x50) 1.010823386s ago: executing program 1 (id=451): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, 0x0}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x88}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000300)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x8d) close(r3) socket$vsock_stream(0x28, 0x1, 0x0) socket$tipc(0x1e, 0x5, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58) r5 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_int(r5, 0x29, 0x4e, &(0x7f0000000380)=0x7fffffff, 0x4) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000080)='iocharset', &(0x7f00000000c0)='io#harset', 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, 0x0, 0xc000) 629.279476ms ago: executing program 2 (id=452): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0500000003f01f00040000009a00000001"], 0x48) bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000580)={r2, &(0x7f0000001600), &(0x7f0000001680)=""/227}, 0x20) syz_init_net_socket$rose(0xb, 0x5, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081) prctl$PR_SET_MM(0x23, 0x3, &(0x7f0000ffd000/0x1000)=nil) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r4 = syz_open_dev$loop(0x0, 0xb8a, 0x18b80) ioctl$BLKPBSZGET(r4, 0x127b, &(0x7f0000000340)) syz_open_dev$dvb_frontend(&(0x7f00000003c0), 0x0, 0xe82) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x16) close_range(r1, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000380)={0x0, 0x1, &(0x7f0000000440)=[0x0], &(0x7f0000000200), &(0x7f00000000c0)=[0x0], &(0x7f0000000040), 0x0, 0x300}) 0s ago: executing program 0 (id=453): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000000)={{0x0, 0x8b93, 0x7, 0x5}, 'syz0\x00', 0x53}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000080)=0xffffffffffffffff, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b704000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r4, &(0x7f0000000200)={0x2020}, 0x16a2) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.32' (ED25519) to the list of known hosts. [ 70.100917][ T5757] cgroup: Unknown subsys name 'net' [ 70.266017][ T5757] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 71.795222][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.801925][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.969995][ T5757] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 73.526535][ T5775] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 73.534845][ T5775] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 73.549055][ T5782] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 73.557810][ T5782] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 73.566675][ T5782] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 73.567927][ T5781] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 73.575270][ T5782] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 73.589788][ T5781] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 73.589959][ T5782] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 73.597480][ T5781] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 73.605584][ T5782] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 73.619124][ T5781] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 73.619212][ T5782] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 73.626536][ T5781] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 73.635722][ T5782] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 73.661465][ T5781] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 73.669953][ T5782] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 73.677231][ T5780] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 73.677707][ T5782] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 73.685408][ T5780] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 73.693144][ T5782] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 73.707376][ T5782] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 73.707709][ T5780] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 73.715473][ T5782] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 74.141451][ T5772] chnl_net:caif_netlink_parms(): no params data found [ 74.289072][ T5773] chnl_net:caif_netlink_parms(): no params data found [ 74.301072][ T5770] chnl_net:caif_netlink_parms(): no params data found [ 74.380906][ T5771] chnl_net:caif_netlink_parms(): no params data found [ 74.406148][ T5772] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.413994][ T5772] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.421841][ T5772] bridge_slave_0: entered allmulticast mode [ 74.429724][ T5772] bridge_slave_0: entered promiscuous mode [ 74.465777][ T5772] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.473097][ T5772] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.480592][ T5772] bridge_slave_1: entered allmulticast mode [ 74.487579][ T5772] bridge_slave_1: entered promiscuous mode [ 74.538336][ T5770] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.545486][ T5770] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.553009][ T5770] bridge_slave_0: entered allmulticast mode [ 74.560925][ T5770] bridge_slave_0: entered promiscuous mode [ 74.601859][ T5770] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.611961][ T5770] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.619164][ T5770] bridge_slave_1: entered allmulticast mode [ 74.626103][ T5770] bridge_slave_1: entered promiscuous mode [ 74.659719][ T5773] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.666988][ T5773] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.674701][ T5773] bridge_slave_0: entered allmulticast mode [ 74.682420][ T5773] bridge_slave_0: entered promiscuous mode [ 74.706933][ T5772] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 74.721748][ T5773] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.732271][ T5773] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.739789][ T5773] bridge_slave_1: entered allmulticast mode [ 74.746596][ T5773] bridge_slave_1: entered promiscuous mode [ 74.767824][ T5770] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 74.781873][ T5770] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.793262][ T5772] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.877508][ T5770] team0: Port device team_slave_0 added [ 74.886892][ T5773] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 74.901837][ T5772] team0: Port device team_slave_0 added [ 74.909198][ T5771] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.916374][ T5771] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.923910][ T5771] bridge_slave_0: entered allmulticast mode [ 74.931758][ T5771] bridge_slave_0: entered promiscuous mode [ 74.941979][ T5770] team0: Port device team_slave_1 added [ 74.948029][ T5771] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.955665][ T5771] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.965274][ T5771] bridge_slave_1: entered allmulticast mode [ 74.972486][ T5771] bridge_slave_1: entered promiscuous mode [ 74.982933][ T5773] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.994234][ T5772] team0: Port device team_slave_1 added [ 75.091588][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 75.099190][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.126335][ T5772] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 75.139123][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 75.146103][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.172693][ T5770] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 75.186524][ T5771] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 75.201310][ T5771] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 75.213443][ T5773] team0: Port device team_slave_0 added [ 75.222927][ T5773] team0: Port device team_slave_1 added [ 75.231860][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 75.238899][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.265552][ T5772] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 75.277740][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 75.285365][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.312046][ T5770] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 75.369508][ T5771] team0: Port device team_slave_0 added [ 75.387663][ T5773] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 75.394808][ T5773] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.421348][ T5773] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 75.467581][ T5771] team0: Port device team_slave_1 added [ 75.474432][ T5773] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 75.481842][ T5773] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.508668][ T5773] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 75.535251][ T5770] hsr_slave_0: entered promiscuous mode [ 75.541999][ T5770] hsr_slave_1: entered promiscuous mode [ 75.593114][ T5772] hsr_slave_0: entered promiscuous mode [ 75.599452][ T5772] hsr_slave_1: entered promiscuous mode [ 75.605619][ T5772] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 75.613564][ T5772] Cannot create hsr debugfs directory [ 75.652769][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 75.660018][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.686633][ T5771] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 75.700909][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 75.707906][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.708968][ T5782] Bluetooth: hci1: command tx timeout [ 75.735082][ T5771] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 75.788546][ T5779] Bluetooth: hci3: command tx timeout [ 75.788565][ T51] Bluetooth: hci0: command tx timeout [ 75.801902][ T5782] Bluetooth: hci2: command tx timeout [ 75.866813][ T5773] hsr_slave_0: entered promiscuous mode [ 75.875348][ T5773] hsr_slave_1: entered promiscuous mode [ 75.882042][ T5773] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 75.890997][ T5773] Cannot create hsr debugfs directory [ 75.903359][ T5771] hsr_slave_0: entered promiscuous mode [ 75.910635][ T5771] hsr_slave_1: entered promiscuous mode [ 75.917032][ T5771] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 75.925305][ T5771] Cannot create hsr debugfs directory [ 76.286184][ T5772] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 76.300340][ T5772] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 76.314503][ T5772] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 76.325279][ T5772] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 76.385085][ T5770] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 76.409399][ T5770] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 76.443691][ T5770] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 76.454934][ T5770] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 76.510968][ T5771] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 76.523209][ T5771] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 76.545043][ T5771] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 76.555790][ T5771] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 76.669873][ T5773] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 76.682324][ T5773] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 76.693783][ T5773] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 76.706408][ T5773] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 76.783216][ T5772] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.836570][ T5770] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.865497][ T5772] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.894284][ T4764] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.901966][ T4764] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.940993][ T5000] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.948292][ T5000] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.979857][ T5770] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.024351][ T4992] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.031658][ T4992] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.049979][ T5771] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.064047][ T1143] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.071674][ T1143] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.123304][ T5771] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.171512][ T4992] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.179448][ T4992] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.221040][ T4992] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.228617][ T4992] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.249551][ T5773] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.319863][ T5773] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.337963][ T5000] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.345199][ T5000] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.422028][ T1080] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.429734][ T1080] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.485623][ T5771] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 77.591025][ T5773] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 77.651072][ T5772] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 77.790831][ T5782] Bluetooth: hci1: command tx timeout [ 77.797600][ T5770] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 77.868837][ T5782] Bluetooth: hci0: command tx timeout [ 77.874604][ T5782] Bluetooth: hci2: command tx timeout [ 77.881303][ T5779] Bluetooth: hci3: command tx timeout [ 77.943144][ T5770] veth0_vlan: entered promiscuous mode [ 77.961823][ T5772] veth0_vlan: entered promiscuous mode [ 77.993981][ T5771] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.025701][ T5772] veth1_vlan: entered promiscuous mode [ 78.045812][ T5770] veth1_vlan: entered promiscuous mode [ 78.132589][ T5770] veth0_macvtap: entered promiscuous mode [ 78.154712][ T5771] veth0_vlan: entered promiscuous mode [ 78.166698][ T5773] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.177898][ T5770] veth1_macvtap: entered promiscuous mode [ 78.216864][ T5771] veth1_vlan: entered promiscuous mode [ 78.230976][ T5772] veth0_macvtap: entered promiscuous mode [ 78.254444][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 78.265338][ T5772] veth1_macvtap: entered promiscuous mode [ 78.285903][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 78.300729][ T5770] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.310628][ T5770] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.319640][ T5770] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.328846][ T5770] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.354303][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 78.366010][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.379455][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 78.406546][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.417555][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.440133][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 78.467590][ T5772] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.476711][ T5772] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.486879][ T5772] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.499948][ T5772] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.529522][ T5771] veth0_macvtap: entered promiscuous mode [ 78.546774][ T5771] veth1_macvtap: entered promiscuous mode [ 78.586090][ T5773] veth0_vlan: entered promiscuous mode [ 78.655347][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 78.667135][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.679765][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 78.690642][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.702597][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 78.714703][ T5773] veth1_vlan: entered promiscuous mode [ 78.761025][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.773589][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.783813][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.794784][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.806493][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 78.827939][ T1080] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.838765][ T1080] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.873713][ T5771] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.885499][ T5771] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.896076][ T5771] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.905154][ T5771] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.926020][ T4992] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.938411][ T4992] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.974283][ T5773] veth0_macvtap: entered promiscuous mode [ 79.026788][ T1080] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.035570][ T1080] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.046933][ T5773] veth1_macvtap: entered promiscuous mode [ 79.066273][ T1080] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.075787][ T1080] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.161558][ T2114] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.176605][ T5773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 79.198894][ T2114] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.207814][ T5773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.220865][ T5773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 79.232856][ T5773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.244229][ T5773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 79.254944][ T5773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.267603][ T5773] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 79.307182][ T5773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 79.327687][ T5773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.339443][ T5773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 79.350330][ T5773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.360311][ T5773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 79.371543][ T5773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.383450][ T5773] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 79.421573][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.439634][ T5773] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.448313][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.478236][ T5773] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.508232][ T5773] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.538368][ T5773] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.638506][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 79.690667][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 79.708749][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 79.719903][ T5835] ntfs3: nbd0: try to read out of volume at offset 0x0 [ 79.868551][ T5782] Bluetooth: hci1: command tx timeout [ 79.948646][ T5782] Bluetooth: hci0: command tx timeout [ 79.958781][ T5779] Bluetooth: hci3: command tx timeout [ 79.964821][ T5782] Bluetooth: hci2: command tx timeout [ 80.319881][ T5836] Zero length message leads to an empty skb [ 80.450538][ T1143] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.525006][ T1143] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.545408][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 80.628839][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 80.852703][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 80.945039][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 80.955180][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 80.966443][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 81.011913][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 81.437488][ T1080] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.595658][ T1080] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.949003][ T5782] Bluetooth: hci1: command tx timeout [ 82.029249][ T5779] Bluetooth: hci3: command tx timeout [ 82.029637][ T51] Bluetooth: hci0: command tx timeout [ 82.034931][ T5782] Bluetooth: hci2: command tx timeout [ 82.257587][ T5864] netlink: 'syz.3.10': attribute type 25 has an invalid length. [ 87.160606][ T9] cfg80211: failed to load regulatory.db [ 87.381505][ T5893] ntfs3: nbd0: try to read out of volume at offset 0x0 [ 88.238023][ T5895] netlink: 'syz.2.19': attribute type 25 has an invalid length. [ 88.415530][ T5782] Bluetooth: hci2: SCO packet for unknown connection handle 0 [ 93.702166][ T5926] netlink: 44 bytes leftover after parsing attributes in process `syz.0.31'. [ 93.758938][ T5926] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.767517][ T5926] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.797351][ T5928] netlink: 'syz.1.32': attribute type 25 has an invalid length. [ 93.873230][ T5929] netlink: 44 bytes leftover after parsing attributes in process `syz.0.31'. [ 96.254164][ T5950] ntfs3: nbd3: try to read out of volume at offset 0x0 [ 97.966405][ T5961] netlink: 44 bytes leftover after parsing attributes in process `syz.3.42'. [ 98.058662][ T5961] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.066410][ T5961] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.139095][ T5962] netlink: 44 bytes leftover after parsing attributes in process `syz.3.42'. [ 104.544961][ T6005] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 106.118815][ T6022] syz.2.62[6022]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 106.130197][ T6022] loop7: detected capacity change from 0 to 1 [ 106.249487][ T6022] loop7: detected capacity change from 1 to 0 [ 108.569011][ T6038] ntfs3: nbd3: try to read out of volume at offset 0x0 [ 111.863902][ T6060] loop7: detected capacity change from 0 to 1 [ 111.993380][ T6060] loop7: detected capacity change from 1 to 0 [ 114.417957][ T6073] ntfs3: nbd0: try to read out of volume at offset 0x0 [ 117.295250][ T6096] netlink: 44 bytes leftover after parsing attributes in process `syz.2.76'. [ 117.333784][ T6096] bridge0: port 2(bridge_slave_1) entered disabled state [ 117.341482][ T6096] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.466834][ T6096] netlink: 44 bytes leftover after parsing attributes in process `syz.2.76'. [ 118.304460][ T6106] loop7: detected capacity change from 0 to 1 [ 118.365926][ T6106] loop7: detected capacity change from 1 to 0 [ 120.568135][ T6121] ntfs3: nbd2: try to read out of volume at offset 0x0 [ 121.966778][ T6133] input: syz0 as /devices/virtual/input/input10 [ 122.717980][ T6137] netlink: 44 bytes leftover after parsing attributes in process `syz.3.93'. [ 122.817175][ T6139] netlink: 44 bytes leftover after parsing attributes in process `syz.3.93'. [ 123.221569][ T6149] loop7: detected capacity change from 0 to 1 [ 123.288566][ T6149] loop7: detected capacity change from 1 to 0 [ 126.301468][ T6172] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 129.050686][ T6182] loop7: detected capacity change from 0 to 1 [ 129.223341][ T6184] input: syz0 as /devices/virtual/input/input11 [ 129.379513][ T6182] loop7: detected capacity change from 1 to 0 [ 129.938172][ T6185] netlink: 32 bytes leftover after parsing attributes in process `syz.2.107'. [ 130.754901][ T6189] fuse: Bad value for 'fd' [ 133.760156][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.766718][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 136.700988][ T6223] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 136.711672][ T6223] overlayfs: fs on './file1' does not support file handles, falling back to index=off,nfs_export=off. [ 137.803830][ T6227] fuse: Bad value for 'fd' [ 139.431076][ T6234] loop7: detected capacity change from 0 to 1 [ 139.488191][ T6234] loop7: detected capacity change from 1 to 0 [ 144.049371][ T6263] fuse: Bad value for 'fd' [ 148.555431][ T6293] input: syz0 as /devices/virtual/input/input13 [ 155.384376][ T5774] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 155.875370][ T5774] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 155.908137][ T5774] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 155.928224][ T5774] usb 1-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 155.937771][ T5774] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 155.991688][ T5774] usb 1-1: config 0 descriptor?? [ 157.304841][ T5774] hid-led 0003:27B8:01ED.0001: hidraw0: USB HID v0.00 Device [HID 27b8:01ed] on usb-dummy_hcd.0-1/input0 [ 157.416900][ T5774] hid-led 0003:27B8:01ED.0001: ThingM blink(1) initialized [ 157.649493][ T6343] input: syz0 as /devices/virtual/input/input15 [ 158.936584][ T6348] netlink: 32 bytes leftover after parsing attributes in process `syz.2.150'. [ 159.608520][ T8] usb 1-1: USB disconnect, device number 2 [ 163.208075][ C0] sched: RT throttling activated [ 168.589341][ T6387] netlink: 24 bytes leftover after parsing attributes in process `syz.1.153'. [ 169.279497][ T6386] orangefs_mount: mount request failed with -4 [ 170.480191][ T6401] netlink: 32 bytes leftover after parsing attributes in process `syz.2.166'. [ 170.564952][ T6402] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 170.574317][ T6402] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 170.583384][ T6402] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 170.592295][ T6402] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 171.535828][ T6402] netdevsim netdevsim2 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 171.544857][ T6402] netdevsim netdevsim2 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 171.553919][ T6402] netdevsim netdevsim2 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 171.563194][ T6402] netdevsim netdevsim2 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 172.222377][ T6403] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 172.231352][ T6403] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 172.240318][ T6403] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 172.249255][ T6403] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 173.045609][ T6403] netdevsim netdevsim2 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 173.055711][ T6403] netdevsim netdevsim2 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 173.065416][ T6403] netdevsim netdevsim2 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 173.074618][ T6403] netdevsim netdevsim2 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 175.559698][ T5611] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 176.227911][ T5611] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 176.243645][ T5611] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 176.265656][ T5611] usb 4-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 176.318158][ T5611] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 176.363327][ T5611] usb 4-1: config 0 descriptor?? [ 177.175677][ T6457] kernel profiling enabled (shift: 9) [ 177.261378][ T5611] hid-led 0003:27B8:01ED.0002: hidraw0: USB HID v0.00 Device [HID 27b8:01ed] on usb-dummy_hcd.3-1/input0 [ 177.418449][ T5611] hid-led 0003:27B8:01ED.0002: ThingM blink(1) initialized [ 179.606485][ T5611] usb 4-1: USB disconnect, device number 2 [ 179.841794][ T6488] input: syz0 as /devices/virtual/input/input20 [ 184.318043][ T6538] overlayfs: failed to resolve './file1/file0': -2 [ 185.332714][ T6522] sctp: failed to load transform for md5: -2 [ 186.948240][ T5837] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 186.971153][ T6568] loop7: detected capacity change from 0 to 1 [ 187.028301][ T6568] loop7: detected capacity change from 1 to 0 [ 187.826651][ T5837] usb 2-1: config index 0 descriptor too short (expected 23569, got 27) [ 187.838002][ T5837] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 187.868910][ T5837] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 187.878498][ T5837] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 187.886807][ T5837] usb 2-1: Manufacturer: syz [ 187.979094][ T5837] usb 2-1: config 0 descriptor?? [ 188.629953][ T5837] rc_core: IR keymap rc-hauppauge not found [ 188.661444][ T5837] Registered IR keymap rc-empty [ 188.692446][ T5837] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 188.757133][ T5837] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input22 [ 190.570258][ T6583] sctp: failed to load transform for md5: -2 [ 191.938325][ T23] usb 2-1: USB disconnect, device number 2 [ 192.115525][ T6596] binder: 6595:6596 ioctl c0306201 0 returned -14 [ 193.367109][ T6615] ntfs3: nbd3: try to read out of volume at offset 0x0 [ 194.749926][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.756719][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.706210][ T6639] binder: 6637:6639 ioctl c0306201 0 returned -14 [ 195.764069][ T6642] input: syz0 as /devices/virtual/input/input23 [ 196.401069][ T6649] netlink: 32 bytes leftover after parsing attributes in process `syz.2.227'. [ 196.829867][ T5775] Bluetooth: hci3: command 0x0406 tx timeout [ 196.830358][ T5779] Bluetooth: hci0: command 0x0406 tx timeout [ 196.836112][ T5086] Bluetooth: hci2: command 0x0406 tx timeout [ 196.836161][ T5086] Bluetooth: hci1: command 0x0406 tx timeout [ 198.769406][ T6664] loop7: detected capacity change from 0 to 1 [ 199.584796][ T6664] loop7: detected capacity change from 1 to 0 [ 200.154884][ T6677] netlink: 24 bytes leftover after parsing attributes in process `syz.2.237'. [ 200.242822][ T6679] binder: 6678:6679 ioctl c0306201 0 returned -14 [ 200.840983][ T6684] Bluetooth: MGMT ver 1.22 [ 201.608290][ T6676] orangefs_mount: mount request failed with -4 [ 202.598843][ T6697] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 203.508223][ T5781] Bluetooth: hci0: command 0x0406 tx timeout [ 203.688204][ T965] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 205.275153][ T965] usb 1-1: unable to read config index 0 descriptor/all [ 205.295263][ T965] usb 1-1: can't read configurations, error -71 [ 205.328440][ T6714] netlink: 'syz.1.246': attribute type 25 has an invalid length. [ 205.798689][ T965] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 205.998285][ T965] usb 1-1: Using ep0 maxpacket: 32 [ 206.010366][ T965] usb 1-1: config 0 has an invalid interface number: 89 but max is 0 [ 206.022928][ T965] usb 1-1: config 0 has no interface number 0 [ 206.036127][ T965] usb 1-1: config 0 interface 89 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 206.054358][ T965] usb 1-1: config 0 interface 89 has no altsetting 0 [ 206.081274][ T965] usb 1-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4a [ 206.095291][ T965] usb 1-1: New USB device strings: Mfr=130, Product=2, SerialNumber=3 [ 206.104359][ T965] usb 1-1: Product: syz [ 206.113686][ T965] usb 1-1: Manufacturer: syz [ 206.119274][ T965] usb 1-1: SerialNumber: syz [ 206.126656][ T965] usb 1-1: config 0 descriptor?? [ 206.139858][ T965] em28xx 1-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89) [ 206.150016][ T965] em28xx 1-1:0.89: Video interface 89 found: isoc [ 206.317535][ T6725] loop7: detected capacity change from 0 to 1 [ 207.073287][ T6725] loop7: detected capacity change from 1 to 0 [ 207.099994][ T965] em28xx 1-1:0.89: unknown em28xx chip ID (0) [ 207.235314][ T965] em28xx 1-1:0.89: reading from i2c device at 0xa0 failed (error=-5) [ 207.269272][ T965] em28xx 1-1:0.89: board has no eeprom [ 207.408737][ T965] em28xx 1-1:0.89: Identified as Terratec Grabby (card=67) [ 207.419622][ T965] em28xx 1-1:0.89: analog set to isoc mode. [ 207.427653][ T28] em28xx 1-1:0.89: Registering V4L2 extension [ 207.510659][ T965] usb 1-1: USB disconnect, device number 4 [ 207.537883][ T965] em28xx 1-1:0.89: Disconnecting em28xx [ 207.951855][ T28] em28xx 1-1:0.89: Config register raw data: 0xffffffed [ 207.974216][ T28] em28xx 1-1:0.89: AC97 chip type couldn't be determined [ 207.995155][ T28] em28xx 1-1:0.89: No AC97 audio processor [ 208.161499][ T28] usb 1-1: Decoder not found [ 208.166284][ T28] em28xx 1-1:0.89: failed to create media graph [ 208.206783][ T28] em28xx 1-1:0.89: V4L2 device video103 deregistered [ 208.240750][ T28] em28xx 1-1:0.89: Registering snapshot button... [ 208.498365][ T23] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 208.766718][ T28] input: em28xx snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.89/input/input26 [ 208.822112][ T28] em28xx 1-1:0.89: Remote control support is not available for this card. [ 208.834593][ T965] em28xx 1-1:0.89: Closing input extension [ 208.875473][ T965] em28xx 1-1:0.89: Deregistering snapshot button [ 208.953382][ T23] usb 2-1: config 0 has an invalid interface number: 231 but max is 0 [ 208.978139][ T23] usb 2-1: config 0 has no interface number 0 [ 208.990327][ T23] usb 2-1: config 0 interface 231 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 209.091000][ T23] usb 2-1: New USB device found, idVendor=067b, idProduct=27a1, bcdDevice=b0.9b [ 209.134307][ T965] em28xx 1-1:0.89: Freeing device [ 209.144054][ T23] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 209.152757][ T5837] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 209.198389][ T23] usb 2-1: Product: syz [ 209.202952][ T23] usb 2-1: Manufacturer: syz [ 209.230570][ T23] usb 2-1: SerialNumber: syz [ 209.252549][ T23] usb 2-1: config 0 descriptor?? [ 209.283908][ T6747] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 209.405057][ T23] plusb 2-1:0.231 usb0: register 'plusb' at usb-dummy_hcd.1-1, Prolific PL-2301/PL-2302/PL-25A1/PL-27A1, be:47:0f:db:ed:db [ 209.436336][ T5837] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 209.461260][ T5837] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 209.497146][ T5837] usb 3-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 209.637696][ T5837] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 209.652635][ T5837] usb 3-1: config 0 descriptor?? [ 211.588810][ T5837] hid-led 0003:27B8:01ED.0003: hidraw0: USB HID v0.00 Device [HID 27b8:01ed] on usb-dummy_hcd.2-1/input0 [ 211.663148][ T5837] hid-led 0003:27B8:01ED.0003: ThingM blink(1) initialized [ 211.688347][ T23] usb 2-1: USB disconnect, device number 3 [ 211.720669][ T23] plusb 2-1:0.231 usb0: unregister 'plusb' usb-dummy_hcd.1-1, Prolific PL-2301/PL-2302/PL-25A1/PL-27A1 [ 212.067171][ T6774] loop7: detected capacity change from 0 to 1 [ 212.888248][ T6774] loop7: detected capacity change from 1 to 0 [ 213.236753][ T965] usb 3-1: USB disconnect, device number 2 [ 213.696891][ T6777] binder: 6771:6777 ioctl c0306201 2000000002c0 returned -14 [ 217.388569][ T6817] netlink: 12 bytes leftover after parsing attributes in process `syz.1.270'. [ 227.075202][ T6887] netlink: 24 bytes leftover after parsing attributes in process `syz.3.289'. [ 229.248878][ T6885] orangefs_mount: mount request failed with -4 [ 232.338358][ T5611] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 232.563011][ T5611] usb 3-1: Using ep0 maxpacket: 16 [ 232.592703][ T5611] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 232.606446][ T5611] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 232.647547][ T5611] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 232.678237][ T5611] usb 3-1: New USB device found, idVendor=0457, idProduct=07da, bcdDevice= 0.00 [ 232.707962][ T5611] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 232.739652][ T5611] usb 3-1: config 0 descriptor?? [ 232.912594][ T6908] input: syz0 as /devices/virtual/input/input28 [ 233.156798][ T5611] hid-generic 0003:0457:07DA.0004: unknown main item tag 0x0 [ 233.184351][ T5611] hid-generic 0003:0457:07DA.0004: unknown main item tag 0x0 [ 233.202778][ T5611] hid-generic 0003:0457:07DA.0004: unknown main item tag 0x0 [ 233.218507][ T5611] hid-generic 0003:0457:07DA.0004: unknown main item tag 0x0 [ 233.238395][ T5611] hid-generic 0003:0457:07DA.0004: unknown main item tag 0x0 [ 233.256237][ T5611] hid-generic 0003:0457:07DA.0004: unknown main item tag 0x0 [ 233.277739][ T5611] hid-generic 0003:0457:07DA.0004: unknown main item tag 0x0 [ 233.361005][ T5611] hid-generic 0003:0457:07DA.0004: unknown main item tag 0x0 [ 233.383513][ T5611] hid-generic 0003:0457:07DA.0004: unknown main item tag 0x0 [ 233.415271][ T5611] hid-generic 0003:0457:07DA.0004: unknown main item tag 0x0 [ 233.426150][ T5611] hid-generic 0003:0457:07DA.0004: unknown main item tag 0x0 [ 233.436393][ T5611] hid-generic 0003:0457:07DA.0004: unknown main item tag 0x0 [ 233.456837][ T5611] hid-generic 0003:0457:07DA.0004: unknown main item tag 0x0 [ 233.476752][ T5611] hid-generic 0003:0457:07DA.0004: unknown main item tag 0x0 [ 234.047728][ T5611] hid-generic 0003:0457:07DA.0004: unknown main item tag 0x0 [ 234.087815][ T5611] hid-generic 0003:0457:07DA.0004: unknown main item tag 0x0 [ 234.124652][ T5611] hid-generic 0003:0457:07DA.0004: unknown main item tag 0x0 [ 234.158265][ T5611] hid-generic 0003:0457:07DA.0004: unknown main item tag 0x0 [ 234.176041][ T5611] hid-generic 0003:0457:07DA.0004: unknown main item tag 0x0 [ 234.196221][ T5611] hid-generic 0003:0457:07DA.0004: unknown main item tag 0x0 [ 234.220636][ T5611] hid-generic 0003:0457:07DA.0004: unknown main item tag 0x0 [ 234.238203][ T5611] hid-generic 0003:0457:07DA.0004: unknown main item tag 0x0 [ 234.262538][ T5611] hid-generic 0003:0457:07DA.0004: unknown main item tag 0x0 [ 234.284786][ T5611] hid-generic 0003:0457:07DA.0004: unknown main item tag 0x0 [ 234.304736][ T5611] hid-generic 0003:0457:07DA.0004: unknown main item tag 0x0 [ 235.431115][ T5611] hid-generic 0003:0457:07DA.0004: unknown main item tag 0x0 [ 235.488334][ T5611] hid-generic 0003:0457:07DA.0004: unknown main item tag 0x0 [ 235.496010][ T5611] hid-generic 0003:0457:07DA.0004: unknown main item tag 0x0 [ 235.528133][ T5611] hid-generic 0003:0457:07DA.0004: unknown main item tag 0x0 [ 235.535744][ T5611] hid-generic 0003:0457:07DA.0004: unknown main item tag 0x0 [ 235.562146][ T6921] input: syz0 as /devices/virtual/input/input29 [ 235.580074][ T5611] hid-generic 0003:0457:07DA.0004: unknown main item tag 0x0 [ 235.592704][ T5611] hid-generic 0003:0457:07DA.0004: unknown main item tag 0x0 [ 235.669232][ T6922] netlink: 32 bytes leftover after parsing attributes in process `syz.0.299'. [ 236.063006][ T5611] hid-generic 0003:0457:07DA.0004: unknown main item tag 0x0 [ 236.087529][ T5611] hid-generic 0003:0457:07DA.0004: unknown main item tag 0x0 [ 236.117946][ T5611] hid-generic 0003:0457:07DA.0004: hidraw0: USB HID v0.00 Device [HID 0457:07da] on usb-dummy_hcd.2-1/input0 [ 236.171484][ T5611] usb 3-1: USB disconnect, device number 3 [ 236.666515][ T6925] fido_id[6925]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 239.278207][ T5611] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 239.503152][ T5611] usb 4-1: Using ep0 maxpacket: 8 [ 239.513899][ T5611] usb 4-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d [ 239.548476][ T5611] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 239.556640][ T5611] usb 4-1: Product: syz [ 239.588493][ T5611] usb 4-1: Manufacturer: syz [ 239.593496][ T5611] usb 4-1: SerialNumber: syz [ 239.618270][ T5611] usb 4-1: config 0 descriptor?? [ 239.630537][ T5611] gspca_main: sonixj-2.14.0 probing 0c45:613e [ 241.906885][ T5611] gspca_sonixj: reg_r err -110 [ 241.958266][ T5611] sonixj: probe of 4-1:0.0 failed with error -110 [ 243.033549][ T965] usb 4-1: USB disconnect, device number 3 [ 246.178751][ T6981] netlink: 44 bytes leftover after parsing attributes in process `syz.1.315'. [ 246.284733][ T6981] bridge0: port 2(bridge_slave_1) entered disabled state [ 246.293187][ T6981] bridge0: port 1(bridge_slave_0) entered disabled state [ 256.145133][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.147591][ T7058] binder: 7054:7058 ioctl c0306201 0 returned -14 [ 256.153530][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 261.071970][ T7103] bridge0: port 3(syz_tun) entered blocking state [ 261.081071][ T7103] bridge0: port 3(syz_tun) entered disabled state [ 261.090851][ T7103] syz_tun: entered allmulticast mode [ 261.115046][ T7103] syz_tun: entered promiscuous mode [ 263.380606][ T7118] input: syz0 as /devices/virtual/input/input32 [ 263.416020][ T5781] Bluetooth: hci3: unexpected event for opcode 0x0c38 [ 263.591745][ T7120] binder: 7119:7120 unknown command 1074553619 [ 263.597967][ T7120] binder: 7119:7120 ioctl c0306201 200000000040 returned -22 [ 263.653820][ T7124] binder: 7119:7124 ioctl c0306201 0 returned -14 [ 263.781404][ T7126] netlink: 'syz.2.362': attribute type 25 has an invalid length. [ 267.858644][ T7143] bridge0: port 3(syz_tun) entered blocking state [ 267.865228][ T7143] bridge0: port 3(syz_tun) entered disabled state [ 267.873405][ T7143] syz_tun: entered allmulticast mode [ 267.879612][ T7143] syz_tun: entered promiscuous mode [ 270.550711][ T7171] netlink: 24 bytes leftover after parsing attributes in process `syz.1.372'. [ 271.332332][ T7176] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 271.692621][ T7167] orangefs_mount: mount request failed with -4 [ 273.515868][ T7185] netlink: 'syz.2.381': attribute type 25 has an invalid length. [ 276.214506][ T7208] input: syz0 as /devices/virtual/input/input33 [ 278.769589][ T7220] netlink: 'syz.1.391': attribute type 25 has an invalid length. [ 279.194411][ T5781] Bluetooth: hci1: unexpected event for opcode 0x0c38 [ 279.849782][ T7223] binder: 7221:7223 unknown command 1074553619 [ 279.856079][ T7223] binder: 7221:7223 ioctl c0306201 200000000040 returned -22 [ 279.979326][ T7226] binder: 7221:7226 ioctl c0306201 0 returned -14 [ 280.266282][ T7228] binder: BINDER_SET_CONTEXT_MGR already set [ 280.294158][ T7228] binder: 7227:7228 ioctl 4018620d 200000004a80 returned -16 [ 280.860691][ T7239] netlink: 24 bytes leftover after parsing attributes in process `syz.3.392'. [ 280.872221][ T7238] input: syz0 as /devices/virtual/input/input34 [ 280.911748][ T7238] netlink: 32 bytes leftover after parsing attributes in process `syz.1.399'. [ 281.982169][ T7236] orangefs_mount: mount request failed with -4 [ 282.203841][ T7246] block nbd1: shutting down sockets [ 282.484584][ T5781] Bluetooth: hci3: unexpected event for opcode 0x0c38 [ 282.514256][ T7254] binder: 7253:7254 unknown command 1074553619 [ 282.602694][ T7254] binder: 7253:7254 ioctl c0306201 200000000040 returned -22 [ 286.438771][ T7271] netlink: 24 bytes leftover after parsing attributes in process `syz.0.411'. [ 286.717182][ T7269] orangefs_mount: mount request failed with -4 [ 287.015918][ T5781] Bluetooth: hci0: unexpected event for opcode 0x0c38 [ 287.683191][ T7291] binder: 7290:7291 ioctl c0306201 2000000002c0 returned -14 [ 288.369700][ T7297] input: syz0 as /devices/virtual/input/input35 [ 289.150915][ T7305] netlink: 24 bytes leftover after parsing attributes in process `syz.3.423'. [ 290.715257][ T7301] orangefs_mount: mount request failed with -4 [ 291.860517][ T5781] Bluetooth: hci2: unexpected event for opcode 0x0c38 [ 295.191028][ T7342] binder: 7341:7342 ioctl c0306201 2000000002c0 returned -14 [ 297.133416][ T7357] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 297.175345][ T7356] input: syz0 as /devices/virtual/input/input37 [ 298.468340][ T28] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 299.177807][ T28] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 299.213957][ T28] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 299.244524][ T28] usb 3-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 299.258129][ T28] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 299.283623][ T7379] netlink: 8 bytes leftover after parsing attributes in process `syz.1.448'. [ 299.289203][ T28] usb 3-1: config 0 descriptor?? [ 299.351030][ T7379] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 299.360269][ T7379] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 299.369379][ T7379] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 299.379234][ T7379] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 299.400761][ T7380] netlink: 8 bytes leftover after parsing attributes in process `syz.1.448'. [ 299.446356][ T28] usb 3-1: can't set config #0, error -71 [ 299.491107][ T28] usb 3-1: USB disconnect, device number 4 [ 300.650904][ T7391] ================================================================== [ 300.659048][ T7391] BUG: KASAN: slab-use-after-free in dvb_device_open+0xca/0x370 [ 300.666740][ T7391] Read of size 8 at addr ffff888026926c18 by task syz.2.452/7391 [ 300.674752][ T7391] [ 300.677103][ T7391] CPU: 1 PID: 7391 Comm: syz.2.452 Not tainted syzkaller #0 [ 300.684773][ T7391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 300.694945][ T7391] Call Trace: [ 300.698325][ T7391] [ 300.701304][ T7391] dump_stack_lvl+0x18c/0x250 [ 300.706138][ T7391] ? __lock_acquire+0x7d40/0x7d40 [ 300.711287][ T7391] ? show_regs_print_info+0x20/0x20 [ 300.716524][ T7391] ? load_image+0x400/0x400 [ 300.721063][ T7391] ? _raw_spin_lock_irqsave+0xc0/0x100 [ 300.726563][ T7391] ? __virt_addr_valid+0x18c/0x540 [ 300.731719][ T7391] ? __virt_addr_valid+0x469/0x540 [ 300.736908][ T7391] print_report+0xa8/0x210 [ 300.741360][ T7391] ? dvb_device_open+0xca/0x370 [ 300.746252][ T7391] kasan_report+0x117/0x150 [ 300.750876][ T7391] ? chrdev_open+0x3e3/0x6a0 [ 300.755505][ T7391] ? dvb_device_open+0xca/0x370 [ 300.760482][ T7391] dvb_device_open+0xca/0x370 [ 300.765197][ T7391] ? do_raw_spin_unlock+0x121/0x230 [ 300.770522][ T7391] chrdev_open+0x5cc/0x6a0 [ 300.774992][ T7391] ? cd_forget+0x160/0x160 [ 300.779456][ T7391] ? fsnotify_perm+0x3ed/0x5e0 [ 300.784462][ T7391] ? cd_forget+0x160/0x160 [ 300.789083][ T7391] do_dentry_open+0x8c6/0x1500 [ 300.794531][ T7391] path_openat+0x27f1/0x3230 [ 300.799251][ T7391] ? do_sys_openat2+0xda/0x1d0 [ 300.804246][ T7391] ? verify_lock_unused+0x140/0x140 [ 300.809575][ T7391] ? do_filp_open+0x430/0x430 [ 300.814291][ T7391] ? __virt_addr_valid+0x18c/0x540 [ 300.819444][ T7391] do_filp_open+0x1f5/0x430 [ 300.824069][ T7391] ? vfs_tmpfile+0x490/0x490 [ 300.828805][ T7391] ? _raw_spin_unlock+0x28/0x40 [ 300.833775][ T7391] ? alloc_fd+0x58f/0x630 [ 300.838164][ T7391] do_sys_openat2+0x134/0x1d0 [ 300.842878][ T7391] ? do_sys_open+0xe0/0xe0 [ 300.847324][ T7391] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 300.853617][ T7391] ? lock_chain_count+0x20/0x20 [ 300.858504][ T7391] __x64_sys_openat+0x139/0x160 [ 300.863495][ T7391] do_syscall_64+0x55/0xa0 [ 300.867949][ T7391] ? clear_bhb_loop+0x40/0x90 [ 300.872663][ T7391] ? clear_bhb_loop+0x40/0x90 [ 300.877385][ T7391] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 300.883485][ T7391] RIP: 0033:0x7fd42815cfce [ 300.887935][ T7391] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 300.908101][ T7391] RSP: 002b:00007fd42900bb28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 300.916652][ T7391] RAX: ffffffffffffffda RBX: 00007fd42900c6c0 RCX: 00007fd42815cfce [ 300.924665][ T7391] RDX: 0000000000000e82 RSI: 00007fd42900bc00 RDI: ffffffffffffff9c [ 300.932671][ T7391] RBP: 00007fd42900bc00 R08: 0000000000000000 R09: 0000000000000000 [ 300.940669][ T7391] R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd [ 300.948667][ T7391] R13: 00007fd428416128 R14: 00007fd428416090 R15: 00007fff4aca87b8 [ 300.956766][ T7391] [ 300.959808][ T7391] [ 300.962150][ T7391] Allocated by task 1: [ 300.966295][ T7391] kasan_set_track+0x4e/0x70 [ 300.970919][ T7391] __kasan_kmalloc+0x8f/0xa0 [ 300.975533][ T7391] dvb_register_device+0x2fd/0x2210 [ 300.981033][ T7391] dvb_register_frontend+0x649/0x930 [ 300.986366][ T7391] vidtv_bridge_probe+0x9ab/0xf80 [ 300.991610][ T7391] platform_probe+0x13b/0x1c0 [ 300.996324][ T7391] really_probe+0x25b/0xb20 [ 301.000853][ T7391] __driver_probe_device+0x18c/0x330 [ 301.006317][ T7391] driver_probe_device+0x4f/0x420 [ 301.011653][ T7391] __driver_attach+0x44e/0x6e0 [ 301.016462][ T7391] bus_for_each_dev+0x235/0x2b0 [ 301.021353][ T7391] bus_add_driver+0x340/0x630 [ 301.026071][ T7391] driver_register+0x23a/0x310 [ 301.031074][ T7391] vidtv_bridge_init+0x3d/0x70 [ 301.035960][ T7391] do_one_initcall+0x242/0x790 [ 301.040815][ T7391] do_initcall_level+0x137/0x1f0 [ 301.045890][ T7391] do_initcalls+0x69/0xd0 [ 301.050255][ T7391] kernel_init_freeable+0x3ed/0x580 [ 301.055574][ T7391] kernel_init+0x1d/0x1c0 [ 301.060035][ T7391] ret_from_fork+0x48/0x80 [ 301.064591][ T7391] ret_from_fork_asm+0x11/0x20 [ 301.069478][ T7391] [ 301.071985][ T7391] Freed by task 7357: [ 301.076243][ T7391] kasan_set_track+0x4e/0x70 [ 301.080955][ T7391] kasan_save_free_info+0x2e/0x50 [ 301.086109][ T7391] ____kasan_slab_free+0x126/0x1e0 [ 301.091249][ T7391] slab_free_freelist_hook+0x130/0x1a0 [ 301.096850][ T7391] __kmem_cache_free+0xba/0x1e0 [ 301.101779][ T7391] dvb_device_open+0x2ee/0x370 [ 301.106941][ T7391] chrdev_open+0x5cc/0x6a0 [ 301.111389][ T7391] do_dentry_open+0x8c6/0x1500 [ 301.116186][ T7391] path_openat+0x27f1/0x3230 [ 301.121060][ T7391] do_filp_open+0x1f5/0x430 [ 301.125590][ T7391] do_sys_openat2+0x134/0x1d0 [ 301.130388][ T7391] __x64_sys_openat+0x139/0x160 [ 301.135365][ T7391] do_syscall_64+0x55/0xa0 [ 301.139824][ T7391] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 301.145748][ T7391] [ 301.148094][ T7391] The buggy address belongs to the object at ffff888026926c00 [ 301.148094][ T7391] which belongs to the cache kmalloc-256 of size 256 [ 301.162355][ T7391] The buggy address is located 24 bytes inside of [ 301.162355][ T7391] freed 256-byte region [ffff888026926c00, ffff888026926d00) [ 301.176299][ T7391] [ 301.178658][ T7391] The buggy address belongs to the physical page: [ 301.185095][ T7391] page:ffffea00009a4980 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x26926 [ 301.195271][ T7391] head:ffffea00009a4980 order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 301.204415][ T7391] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 301.212529][ T7391] page_type: 0xffffffff() [ 301.217071][ T7391] raw: 00fff00000000840 ffff888017c41b40 dead000000000122 0000000000000000 [ 301.225864][ T7391] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 301.234469][ T7391] page dumped because: kasan: bad access detected [ 301.240899][ T7391] page_owner tracks the page as allocated [ 301.246630][ T7391] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 14855942499, free_ts 0 [ 301.266641][ T7391] post_alloc_hook+0x1c1/0x200 [ 301.271459][ T7391] get_page_from_freelist+0x1951/0x19e0 [ 301.277034][ T7391] __alloc_pages+0x1f0/0x460 [ 301.281648][ T7391] alloc_page_interleave+0x24/0x1e0 [ 301.286981][ T7391] alloc_slab_page+0x5d/0x160 [ 301.291875][ T7391] new_slab+0x87/0x2d0 [ 301.296037][ T7391] ___slab_alloc+0xc5d/0x12f0 [ 301.300857][ T7391] __kmem_cache_alloc_node+0x19e/0x250 [ 301.306367][ T7391] kmalloc_trace+0x2a/0xe0 [ 301.310911][ T7391] bus_add_driver+0x162/0x630 [ 301.315710][ T7391] driver_register+0x23a/0x310 [ 301.320505][ T7391] usb_register_driver+0x206/0x3d0 [ 301.326087][ T7391] do_one_initcall+0x242/0x790 [ 301.330894][ T7391] do_initcall_level+0x137/0x1f0 [ 301.335920][ T7391] do_initcalls+0x69/0xd0 [ 301.340475][ T7391] kernel_init_freeable+0x3ed/0x580 [ 301.345708][ T7391] page_owner free stack trace missing [ 301.351353][ T7391] [ 301.353698][ T7391] Memory state around the buggy address: [ 301.359447][ T7391] ffff888026926b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 301.367549][ T7391] ffff888026926b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 301.375853][ T7391] >ffff888026926c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 301.384278][ T7391] ^ [ 301.389233][ T7391] ffff888026926c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 301.397586][ T7391] ffff888026926d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 301.405824][ T7391] ================================================================== [ 301.414209][ C1] vkms_vblank_simulate: vblank timer overrun [ 301.439930][ T7391] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 301.447196][ T7391] CPU: 1 PID: 7391 Comm: syz.2.452 Not tainted syzkaller #0 [ 301.454607][ T7391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 301.464794][ T7391] Call Trace: [ 301.468122][ T7391] [ 301.471077][ T7391] dump_stack_lvl+0x18c/0x250 [ 301.475885][ T7391] ? show_regs_print_info+0x20/0x20 [ 301.481230][ T7391] ? load_image+0x400/0x400 [ 301.486050][ T7391] panic+0x2dc/0x730 [ 301.489976][ T7391] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 301.496343][ T7391] ? bpf_jit_dump+0xd0/0xd0 [ 301.500900][ T7391] ? _raw_spin_unlock_irqrestore+0x111/0x120 [ 301.506917][ T7391] ? _raw_spin_unlock+0x40/0x40 [ 301.511970][ T7391] ? dvb_device_open+0xca/0x370 [ 301.517214][ T7391] check_panic_on_warn+0x84/0xa0 [ 301.522187][ T7391] ? dvb_device_open+0xca/0x370 [ 301.527076][ T7391] end_report+0x6f/0x130 [ 301.532045][ T7391] kasan_report+0x128/0x150 [ 301.536878][ T7391] ? chrdev_open+0x3e3/0x6a0 [ 301.541672][ T7391] ? dvb_device_open+0xca/0x370 [ 301.546674][ T7391] dvb_device_open+0xca/0x370 [ 301.551409][ T7391] ? do_raw_spin_unlock+0x121/0x230 [ 301.556736][ T7391] chrdev_open+0x5cc/0x6a0 [ 301.561359][ T7391] ? cd_forget+0x160/0x160 [ 301.565893][ T7391] ? fsnotify_perm+0x3ed/0x5e0 [ 301.570880][ T7391] ? cd_forget+0x160/0x160 [ 301.575326][ T7391] do_dentry_open+0x8c6/0x1500 [ 301.580138][ T7391] path_openat+0x27f1/0x3230 [ 301.584981][ T7391] ? do_sys_openat2+0xda/0x1d0 [ 301.589974][ T7391] ? verify_lock_unused+0x140/0x140 [ 301.595298][ T7391] ? do_filp_open+0x430/0x430 [ 301.600012][ T7391] ? __virt_addr_valid+0x18c/0x540 [ 301.605249][ T7391] do_filp_open+0x1f5/0x430 [ 301.610076][ T7391] ? vfs_tmpfile+0x490/0x490 [ 301.614718][ T7391] ? _raw_spin_unlock+0x28/0x40 [ 301.619603][ T7391] ? alloc_fd+0x58f/0x630 [ 301.623984][ T7391] do_sys_openat2+0x134/0x1d0 [ 301.628704][ T7391] ? do_sys_open+0xe0/0xe0 [ 301.633238][ T7391] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 301.639255][ T7391] ? lock_chain_count+0x20/0x20 [ 301.644136][ T7391] __x64_sys_openat+0x139/0x160 [ 301.649199][ T7391] do_syscall_64+0x55/0xa0 [ 301.653836][ T7391] ? clear_bhb_loop+0x40/0x90 [ 301.659098][ T7391] ? clear_bhb_loop+0x40/0x90 [ 301.663924][ T7391] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 301.670046][ T7391] RIP: 0033:0x7fd42815cfce [ 301.674583][ T7391] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 301.695191][ T7391] RSP: 002b:00007fd42900bb28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 301.703871][ T7391] RAX: ffffffffffffffda RBX: 00007fd42900c6c0 RCX: 00007fd42815cfce [ 301.711979][ T7391] RDX: 0000000000000e82 RSI: 00007fd42900bc00 RDI: ffffffffffffff9c [ 301.720282][ T7391] RBP: 00007fd42900bc00 R08: 0000000000000000 R09: 0000000000000000 [ 301.729067][ T7391] R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd [ 301.737415][ T7391] R13: 00007fd428416128 R14: 00007fd428416090 R15: 00007fff4aca87b8 [ 301.745605][ T7391] [ 301.748813][ T7391] Kernel Offset: disabled [ 301.753134][ T7391] Rebooting in 86400 seconds..