last executing test programs: 4m27.709627594s ago: executing program 1 (id=129): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="400000000203010100000000000000ffffff7f000800034000000000080004400000000008000540000000000900020000000000070000000800010001"], 0x40}}, 0x0) 4m23.916083345s ago: executing program 1 (id=142): r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r0, 0x0, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[], 0x30}}, 0x40) close(r0) 4m23.733891438s ago: executing program 1 (id=145): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) socket$igmp6(0xa, 0x3, 0x2) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, 0x0) r2 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$sock_SIOCETHTOOL(r2, 0x8946, 0x0) nanosleep(0x0, 0x0) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f00000003c0)=ANY=[@ANYBLOB], 0x20) r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r3, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8) socket$netlink(0x10, 0x3, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r5, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0) 4m21.474291561s ago: executing program 1 (id=153): r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000600)=0x9, 0x4) r1 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f00000001c0)=[@in={0x2, 0xe21, @dev={0xac, 0x14, 0x14, 0x26}}], 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x31}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x26}}], 0x10) close(0x3) 4m21.028276482s ago: executing program 1 (id=157): openat$nullb(0xffffffffffffff9c, 0x0, 0x84042, 0x0) socket$kcm(0x10, 0x6, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) socketpair$unix(0x1, 0x3, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f00000002c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0x6, 0xfa11, 0xffffffff}, 0x0) syz_open_dev$video(0x0, 0x101, 0xab02) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$kvm(0xffffff9c, 0x0, 0x800, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) write$P9_RSTATu(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="d60400007d0000000524010000000000000000000000000000000000000000000c40000000000000000000000000000000002e00046e6f645a3dbf640237fc6225ffffff8005000000000000ff03ff92e91600059b65712c93cb3db6c231d119aaa139007002007dfa673effeb09b5351f5bde054000000000187b82d9b56928fbbf0b00002b595fcb14034354b9fd9ef196a51cd5157adc8106b494e13500cf60372d61cceab8c88641eb93b4ccf6002ab87bfc012796093f68305c4d2220837e0108e2e748501c51484ba02f109caaf91509a25500f8f669fb716dcf315ecaf385409ac65b9408678c2c3b9e1d52c36cde7ba4a400b4b0b4f174a666a8529a451b3407dbdab2884baf050000000000000047ec21cabff20f9c1cbe36f4fd1a4cdb80e8d40700000037009d036f6465762f6eb17b2300f9daa5ee23266ecf85fea65e42d979a3fde5f475daf03b1172d97badc7095afd76fe4f0c41f7f7741eac030000ecff0000dba0c2f7f09ff53c7e4d1ad66e2d070198019f30118447aa75f8246bcc42eaa8c631c0c500959a74f51685f506ae894806878267d5a1298d792c4a37f2e1cbbd2482929a0d8972b5cf732ea5b0d7238593aed3b42ee7cac07de09d1d68a60333a882467d2b31aafb56c57d7dc626e4390796a1eb48274669ab13f8b11d146059f310e2634d593fecdfd529f382066664c0fb4e4c90570a70049f399f061f75b7797ce1fe11ea919609d51a41dd3de304bd7c7ed0a456f0ae122e6105c9ce887df5a6e0b6a77d596cf88ba6e5c6397c7d5021d7989528fd1739e1c2d87fc200000030e4ee2bfc7f8050851143e5161acd47150acbaf743822dfe203b108d37e914dc1e53e234c509eca4107a1712caa9da53d051c36884c79182661f3ca36bcdbfbbd267109f8319d8dd5c07099eb1b11030655f562694f61743d19421b4a19ef8b8b4ce9c993c7d6cb300c4e657a4e50a35b5cc16b8c161a8e3df9036bbcf28adcd19a6c4c291709aee5ab3e5bc5ae29f475e4d24408b5167d0faf5fc1566b705c8b60afa8aca42f7e0469188a0ef062ca18e38f9ee10ac77d2b7eb9d60ea79fdb556411e59dfbd8dbb8a2a6622ebcf84c696fa4da21bad2320d0d68e9bf4346f0686119a39e400395c8f2825ea069ae0e143bd1a44179ed8e3cea0b5e9a19cc7ffa500fa41b6c8049bde45827d54ec901d27ad125056889b3336b3f06838c5b667ae22efe3bc15b825f7fbce48027281cf9fe8fc21fc77c243de26705310eb81cf74de0293192a13f6ad057de61fd8aba8ef4439bc06a45b2b03162515a23433afeb52aedb5ab6f334653380515f779f35dc8a78c37772492a2284c21d21356d473f00f85137c7bf0636f757d3528869b3f007735cff85c9d978bf55dcc26d62d25e308f08827a91ff47bec92f8e91e7908665400aa4e39b35986239d5c7b9492c5bb26bc55b55b49ed70486e6e7da38c208450f9f79e1b4100000000000000000000000000ae51ceba44f717f0a07749239b5d08f8c5c0ad7951e0a7c7f3db8dfd3f8657258a6c04f32d57ad2873de45fa98b0f8267917ff9b3e9c0d74a5aca206fe29e0c1039f22553c2747425d831030782ee78f8ba35de318c53f094f925cc9782e94b6c870a487678bfae745dff268bda7fdec873ce4fb4b8dcba0419b30449adfef724162bfb10aafcfea48a67fae7733cc3a", @ANYRES32, @ANYRES32=0x0], 0x4d6) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x200000a, 0x204031, r0, 0xffffd000) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x800) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) 4m19.415791161s ago: executing program 1 (id=164): socket$kcm(0x10, 0x2, 0x0) epoll_create(0x1) socket$alg(0x26, 0x5, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000200)={0xffffffffffffffff, 0x0, 0x3, 0x0, &(0x7f00000002c0)='\\ S', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x50) r0 = syz_io_uring_setup(0x54d, &(0x7f0000000040)={0x0, 0x735a, 0x100, 0x805, 0x350}, &(0x7f0000000100)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2e, 0x0, 0x0, 0x5}]}, 0x10) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x2, 0x6000, @fd_index=0x5, 0x73, 0x0, 0x0, 0x1e, 0x1, {0x3}}) io_uring_enter(r0, 0x7085, 0x0, 0x0, 0x0, 0x0) 4m2.986846276s ago: executing program 32 (id=164): socket$kcm(0x10, 0x2, 0x0) epoll_create(0x1) socket$alg(0x26, 0x5, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000200)={0xffffffffffffffff, 0x0, 0x3, 0x0, &(0x7f00000002c0)='\\ S', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x50) r0 = syz_io_uring_setup(0x54d, &(0x7f0000000040)={0x0, 0x735a, 0x100, 0x805, 0x350}, &(0x7f0000000100)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2e, 0x0, 0x0, 0x5}]}, 0x10) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x2, 0x6000, @fd_index=0x5, 0x73, 0x0, 0x0, 0x1e, 0x1, {0x3}}) io_uring_enter(r0, 0x7085, 0x0, 0x0, 0x0, 0x0) 4.230341639s ago: executing program 4 (id=1091): sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000000000002) io_setup(0x3ff, &(0x7f0000000500)) setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x13, &(0x7f00000000c0)="9d", 0x1) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)) mbind(&(0x7f0000007000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x101, 0x6) r0 = msgget$private(0x0, 0x1c0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000000280)={{0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x96}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}) msgsnd(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="00001c0000000000"], 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) 3.989840741s ago: executing program 3 (id=1093): r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa, 0xc9}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000ff8000/0x4000)=nil, 0x4000}}) 3.93304458s ago: executing program 2 (id=1094): r0 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000780)=@newtfilter={0x884, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r1, {0xb, 0xfff3}, {}, {0x7, 0xffff}}, [@filter_kind_options=@f_flow={{0x9}, {0x854, 0x2, [@TCA_FLOW_POLICE={0x848, 0xa, 0x0, 0x1, [@TCA_POLICE_TBF={0x3c, 0x1, {0x5, 0x8, 0x65, 0x2, 0x4d, {0x1, 0x2, 0x2, 0x3, 0x3, 0x4}, {0x5, 0x0, 0x400, 0xab, 0x0, 0x9}, 0x2, 0x6, 0x8000}}, @TCA_POLICE_RATE={0x404, 0x2, [0x7, 0x7fffffff, 0x8, 0x7ff, 0x3, 0x2, 0x1, 0x401, 0xb9, 0xace, 0x0, 0x1, 0x9, 0x43, 0x7, 0x2, 0x0, 0x1ce00000, 0x7, 0x6, 0x103, 0x3, 0x1c000, 0x1ff, 0x2, 0x6, 0x9b16, 0x6, 0x100, 0x15a, 0xe, 0x40, 0x5, 0x4, 0x80000001, 0x4a, 0x1, 0x8, 0x99a9, 0x340d, 0x3, 0x2, 0x7, 0xd, 0x400, 0xfffffffa, 0x6, 0x100, 0x0, 0x5, 0x5, 0xe, 0xffff0001, 0x2, 0xdd1, 0x9, 0xfb, 0x4, 0xf, 0x324, 0x6, 0x3, 0x6, 0xff, 0x8, 0x401, 0x7fffffff, 0x4, 0x5, 0x800, 0x8261, 0x3, 0x6, 0x8, 0x2, 0x9, 0x4, 0x4, 0x6, 0x5, 0xf, 0x9, 0x38c8, 0x80000001, 0x4, 0xa11, 0x6, 0x8, 0x604, 0xfff, 0xab, 0x7, 0x5, 0x8, 0x1, 0x9, 0x401, 0x0, 0x4, 0x1ff, 0x4, 0x17, 0xffffff7f, 0x7c, 0x4, 0x4, 0xa42, 0xfffffff7, 0x4, 0x5b564ea6, 0xaa32, 0x2, 0x2, 0x4000008, 0x1ff, 0x5, 0x3, 0x7, 0x6, 0xfffff000, 0x12aeb60c, 0x4, 0xbb6, 0x1, 0x3, 0x5, 0x2, 0x3, 0x85, 0x10, 0x1, 0x5, 0x1, 0x10004, 0xb, 0xf65, 0x1d7, 0x9, 0x100, 0x0, 0x0, 0xc2, 0x1, 0x3, 0xffffffff, 0x1ff, 0x1, 0x30bb, 0x7, 0x40, 0xfffffff8, 0x5, 0x2, 0x1, 0x8, 0x8000, 0x5, 0x4, 0x31e, 0xffff8001, 0x6, 0xff, 0xa, 0x1ff, 0x9, 0x7, 0x7, 0x2, 0x412, 0x6, 0xf441, 0x6, 0x1, 0x7, 0x89, 0x3, 0x5, 0x0, 0x9, 0x7, 0x1, 0x4, 0x0, 0x4, 0x4, 0x200, 0x1, 0x720a, 0xff7f, 0xfff, 0x9, 0x7fff, 0x8, 0x3ac8efcb, 0x8, 0xf2c, 0x7, 0x80000000, 0x12, 0xfffff802, 0x2e4, 0x7, 0xfffffff9, 0x400, 0x4, 0x30, 0x10000, 0xfd, 0x4, 0x1, 0x5, 0x7, 0x0, 0x7, 0x47, 0x0, 0x0, 0x1, 0x7, 0x0, 0x8, 0x3, 0x6, 0x0, 0x10001, 0x0, 0xe9, 0x5, 0x1, 0x4, 0xaacc, 0x6f, 0x7fffffff, 0x5, 0x6, 0x2, 0xffff, 0x4, 0x10000, 0x9, 0xe, 0x45e8, 0x9, 0xfffffff8, 0x6, 0x100, 0x5, 0xe, 0x73d, 0x31, 0x3, 0x0, 0x2, 0x3, 0xb70, 0x3]}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0xfffffff7, 0x5, 0x7, 0x4, 0x2, 0x6, 0x1, 0xfb0, 0x8, 0x3, 0x5, 0x3, 0x0, 0x4, 0x9a, 0x9, 0x7, 0xfff, 0x7, 0x40, 0x5, 0x7fff, 0x6c, 0x3, 0x5, 0x7ff, 0x4, 0x2, 0x7, 0x2, 0x83d, 0x2, 0x3b, 0x4, 0x0, 0x4, 0x9, 0xc, 0x1cabbb02, 0x4, 0x4, 0x2, 0x8001, 0x7fff, 0x80000000, 0x10000, 0xffff8906, 0x7fffffff, 0x0, 0x0, 0x9, 0xc0000000, 0x2, 0x6, 0x83, 0x3, 0x10000, 0x3, 0x1, 0x6, 0x0, 0x1, 0x100, 0xcc2, 0x3800, 0x6, 0x18, 0x0, 0xfffffe00, 0x3, 0x6, 0x4, 0x3, 0x7, 0x1, 0xfffffffc, 0x8e4, 0xf5c1, 0x1, 0x5077, 0x3, 0x5, 0x7fff, 0x2, 0x4, 0x2, 0x3, 0x401, 0x6, 0x40, 0x7, 0x95, 0x5, 0x200, 0x1, 0x2, 0x7ff, 0x4, 0x8, 0xb, 0x6, 0x2, 0x0, 0xd266, 0x4, 0x0, 0x10001, 0x2, 0x101, 0x401, 0x200, 0x6, 0x1, 0x4a, 0x8, 0x2, 0xfffffffe, 0x14e, 0x4, 0x3, 0x1, 0x2, 0x94e6, 0xfffffbff, 0x5, 0x2, 0xfffd, 0xc, 0x4, 0x2, 0x40800000, 0x1f, 0x4, 0xffffffff, 0x800, 0x401, 0x3ff, 0x7ff, 0x101, 0x10, 0x5, 0x374, 0xc2f, 0x3, 0xffffff81, 0xfffffff7, 0x6, 0x8000, 0x8, 0x1, 0x1, 0x200, 0xcae, 0xc64, 0xffff, 0x7fff, 0x1, 0x8, 0x3c0, 0x9, 0x0, 0x6d3, 0xfffffff3, 0x9, 0x476b3752, 0xff, 0x0, 0x9, 0x7ff, 0x4, 0x3, 0x4, 0x7, 0x7249, 0x7, 0xffff8001, 0x95f, 0x8, 0x0, 0x1000, 0x800, 0x0, 0xfff, 0xf2, 0x0, 0x3, 0xffff, 0x0, 0x0, 0x8000, 0x9, 0x4, 0xcc6, 0xffe01000, 0x22, 0xd56, 0xfffffff0, 0x3bb8, 0x10, 0x140, 0x81, 0x9, 0x40, 0x2, 0x2, 0x4, 0x3, 0x0, 0x3, 0xf, 0x0, 0xc527, 0x9, 0x8, 0x1, 0xffff86fd, 0x7, 0x2, 0x8, 0x3, 0x9, 0x5, 0x0, 0x4, 0xc12, 0x7f, 0x0, 0x0, 0x80000000, 0x6f3, 0x7, 0x9, 0x7, 0x9, 0x4, 0x2, 0xc9, 0xaf8, 0x3, 0x80000000, 0xad8c, 0x4, 0x2, 0xea9, 0x9a1, 0x5, 0x1, 0x4, 0x8, 0x5, 0x10000, 0x3, 0x7fb, 0xdbbb, 0x4, 0x2]}]}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1}]}}]}, 0x884}, 0x1, 0x0, 0x0, 0x20041090}, 0xd0) 3.843344911s ago: executing program 3 (id=1095): move_pages(0x0, 0x20a0, &(0x7f0000000040), &(0x7f0000001180), &(0x7f0000000000), 0x0) 3.820849795s ago: executing program 0 (id=1096): r0 = epoll_create1(0x0) r1 = socket$unix(0x1, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0x2e, &(0x7f0000000040)=0x80, 0x4) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, 0x0) 3.809707015s ago: executing program 2 (id=1097): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(aes))\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) recvmsg$unix(r1, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000100)=""/28, 0x1c}], 0x1}, 0x0) 3.699529901s ago: executing program 0 (id=1098): socket$pppl2tp(0x18, 0x1, 0x1) r0 = socket$pppl2tp(0x18, 0x1, 0x1) mq_open(0x0, 0x1, 0x89, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @multicast2}, 0x2, 0x0, 0x4}}, 0x2e) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff) close(r0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0xff, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000340), 0x40, 0x0) writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002cbd7010fddbdf2505000000080009000200000008000c00a80a0000060001000500000008000b"], 0x3c}}, 0x20000034) 3.606866198s ago: executing program 0 (id=1099): bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001540)=ANY=[@ANYBLOB="b7020000f53f6314bfa300000000000024020000fffeff7f7a03f0fff0ffffff79a4f0ff00000000b7060000ffffffff2e64050000000000750afaff07cd02020404000000247d60b7030000030a00006a0a00fe0000000c850000000a000000b70000000000002995000000000000001da5ad3548ebb63d18c5071c7e821c9b767ac8308fbcd5c5e4a5ad1065b572c2c9ff215ac60c2ceaea4c0ec908abb6e7325ec1956bd8660bf3664148a2c96752fe2bb328dff1a15750ab9a780001000000000000d4bf20c2bd152d814f01f2cd519e078d4ffab418e4682b2aec5e4a35629e8ef040c50287c37a7f4182f32333b08c6e497687e10a4daea5cac0ceafdbb126eb02a1f5104d16ddb64963d84d91814cd5817e0b8f6f5e6ee7a39e180b5a18ed786b782ab1321ea5e82ae5ba2c42a5e23ea6253d5df768d0cb9f35e4f41a6211e52bb3598e9b5d4f22d8c19f958e8b34de35949a7a48ce18799ee53da177a81ea65e652c1d71b7ee86a75b0100000042127a8f84538a9a311c757f7169f006f3f5c95177fbd0b14b36259e2905ef911785c88a16aae46084d676d8ef8aa6ecc2d32e3f4ee367c5a769c0a606636c9f4a4413c098f4fcc96623b7c373b0ef04d55b846b094bf97e2ef5987b6e09a6a7cab79bffda141f65e7d9ebe3be70c436432b70a80cce69df30d3d67d84ccf3f9db9b690111de2ddc4b153c989ef100bbf76063d3f6ffffb73d70e9c3d7b90aecf48e7565efff2dbbb512218c98442406333c890923a797e00b75481739952fe87fde27ce81893f54ec0ea8e792414f639bc9ce1fea3f6ac0d7025759d4b45576c205c70631e8ad585951950e521f4e210b6494e3c52d927195737945cc03d5668483151710de246420a1b6c55b73876a6ed7fd0d9338923789a1edcd8043fe83919088383268324a25df14010c8ed6b8d43400eaa00ff9bc46e1cfecbdc0e451ac53b409d04544d3a7edd4d447d2fb431e226ae182b8dcc86fe09b404e0b7c723d3b19c3dc382fa91fb0fb8f9f3f13296bb1758b24aad0922091d49e2bc408a5a37deee7a60b903d2d9fe9d451cafcc8dc389671c2d08b6e264150a6b9445b00cee4585af04fa69e0380be0d66649dcf3bf8a906b029faca75ce34c41aec7aa86e596119109ea8b3f7c65c902499227c087301643baab1c95bb22cedd913b22dcaa197ccc34586dc50bd9f4628e3e77a0de32e356521df06f995cb57f97052fc4158250ccecfb67ea8faf509593fadc7eafb613327b052397af1ede94d87590ce90a0a7579766f0e5eb09d38ac46e99e7ec4fcd3cb0b1a8c531724d5ef6b334803cedaa9cedf16dc3af6e0b67f62a83a256474c97c925d9d447175b535c87dbdeb0dcca5303eed6689ea91e1665c691df736368dde47e6672e93a314c5f60e7b68c2242bd0f0d8c66449d8687dcf2d0f76668b2b9bf8b32b99b7daf34b2d825d192ade90a1162acfe9749d516d014cef5f99126324ea02baea5808c430985749901b09e4902a6f5addc0103756b894418e4591c624a9b206abbfb888d413d923b0d7c9d997d6d8e64787c4d397f57a15b6e0b4212b6cb55b9c207bbe08f483b1bea05f41b9a1d3af087047c568ae6ebfc0bb5ec10b6290dc757a4903a88fb2c035b2349b6d2f0c051b8b7718384eebd5fc19928cea713ff09e179c308fbe9bd64374d96ef2447a2a4af5ca0c39e7ca2e801e57560a55e9cfa095cf3f74398219ad1030a79517a88de7596429a20793e12616aa32b3e720c6521fbe93963e9536d16f3db211fca7dd99c0a0125ff8ef534b93dcb34e1da2c008a9f2a29e30823bf0ec3639cadaf9be9608358e1e5ab17eea477b1754f78f45468c9568471667f82f5e250b979b9f2bd0d1b6bc03d11811ac6eec9a3ecd9e3c3299ee5eb3c6cac8fbd06514b7ee743ece79c04566d02a08fd5fcabbab3d129c0cced3ce11dafa380700000000000000c114d0b423e64c6157fac5e4e2168f33541daeff9983d0e488a78bef538f870b84798272b2101e0abf1cd64500b79e01e11d727389653bd80a39d5bbe2e23d2f5ff10047423429981bd9b4ce680e174c266391e3e7689452654e5cd5ada6e025327a1942b5a068f15fa58eaa267d4e0881783dddbdd777f8be0824ffdf6d06c621880dbbe9534f15e8c2e364d3ec67deb6ab9f2a0f03212972dbd38500000008173553a67be48633103809eee0be51d67d7ce230b389607b4c3b18da1c48f3180f2e0d79e54565fdd9a099b5b5ba2761905b88b7cbfc39c35dd153609da3da263438f12769602c2195245ff83e249119d4f6cabfbdef84ada19ef4a67ed66d7043036515d0be5a231f99e71aba5d5ae04676eff3e85f0844c41bbcfde7a931d1ec55c01f703bfd1b97756bfe55a91f6b379f34a018906339771157c66dbd7471d1beec7f029ef552cf5e92a1a0db21b59355763967ce26a577bc514b6d22a09c385c5ba6caf524e1688fc0f29f8bb35ae7bc8eb5ba51aebdf7d972c3267cedbe77ed70d9c539bc455a6f88b39196c8a224b0acf4d796fea59a07baa34cc270fb096ef330fbebdf872d7d0bc4f9a963355c554abc5cdb91464faabcd09cd9a53f5d1b2ea7e96f428f7cd6735c19c61dc9942d30bf29ef85ed01c2fcd6060aa40eeff971477b4fde48507b7bad95a496540adff7e4a72fd1f94d7c703ab1525c946c54e0da3d7ebfcc8cea2e84c3b310aaea5a1627df898c00a9aaf2d88a36afa4c5b1816384310600001c33125ad7f7970beeb256aec06e39fc6c66544e1d1dc5fea4b68a82e3568ca30aea9a1d097f06f11dc362f4bae5ef57c67686a15855cd351bf26f40fb1348cfce79897682228e6d9643530c81bab27bf7b1c4a76a5be180bb830cf06827c3f38a9c9c580c732c30aaceda78b0297de35a922b1375b129655beb31899e26052cc216f832fdb0a0015f93c9cff77f59cda1ec5f3e358848756cebb074266a47e39ae26e80e8c65aaf73c24925458520a9ca98760d1005c9f81846459ae6d5baa4f02807939ddc29c3520f7c58ed9bc5a569c7a1bc33cf4f330a18276ffb4550b9166c3939e8041094bec034aa0ec6638b74fe34f0f1ec6903a1135808d5d8d26c9203c3f87e66c407b7c5c0888d4558dd657cc0213efad68e76fdd7b23e68064fd4b271ed79c50abacdd2871b0c1f8c971df59a5a1901ddf804bed43e391f882d2a45c51cdbba86b2a1b7c0c4923642a731ea4dcbad2b6ebbebe787a8e28e781d75beee924b3b1e390750f316648133922c021f98fd2d5d71a7a3679397ef6cf432837b7e264831ec01c4c3146ba0caac3b13d55945ec00e978a1c1712cd51187936200606c9cd6877b2f72125295c54721f8e15df2ae282a8becb99a726fd92acc92141e1f574b4b0b3c992a61af3372d0d9217776b1a42cd2cee816a70bf1ddd69b590d53e28ba356e74b38e23e50d898e95cdc7cc809e462c884b53f672aab1411ecfd4c91e7a9782fc6763f0efd4bcbaf1fc3a00000000000000000000000000000000500000000000000000000000048e510340087caf22439d5304bd704a6a78a512269a9b1cbd13bea78c807bbc73853ae187cbb768673e9d1bf74a3b0a6c234accd8506adf314f4c5e08174540b69d3c0da660052b43b86baf49e7ac64d9c21598b1e01dc1e1b5a53626b090496dbf7af441e397016c3c094d5c91ffe0a7ceacfd225ed9a6c905f79ad7052747dd6cceef4c310e0e935311118bc6bf0e5ca6c7cca7d5c03be570308da8a40578b4db14961fbccf6e2f2d56e9509c434126515b56d032e20c12e830d1bc64826fc9b318da5911e466878dbb81edeff69363fb75af5cd80536f14d2eaa7764db23acdbd394bbbbccfd8b129258bb0a93cee1d44f8665172c06933d20f184b78b435462c52a85149451ffd564c56a7cbf11a1127c77242915e43b2bc"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x200000, 0x10, &(0x7f0000000000), 0x143}, 0x48) 3.537056699s ago: executing program 4 (id=1100): r0 = memfd_create(&(0x7f0000000740)='\x00\xac=W[[\x87\x12\x04\xd5\xbc\x80K\x06\xcd]4(\xa2\xee2A7:n\x8c\xa7P\x1a\x87\xd9c\xecR\xd6\xe8\xf3Y\x12\"p^\xc1\x0f\x00\x00\x00\x00\x00\x00\x00t\x00\x00\x00\x00\x00\x00\x00\x05\x00\x00\x00\x19M\xc2N%\x93t[\xf3\xee\xa4\xb4\xfbf\x8dz7\\\x8e\xac\x18\x00\xfd\x89\xe1d\xfa\xcfb\xf3\xdc\xd4CY\x9a\xef\xa3\\\xa7\xa9^\xafL:[\x8e\x83U\xff\xfd\xff\xfa\xdaL\xa99\x9b\xcfA\xe4n\xa0^\n\x1c\x84\x04\xc5a\xdf\xe5\xd4Hyn\xba:/\xa5\xf4\xaa\xfa\xcd\xc7T\x83\xf5N^\xf2n\xd0=\xb9\t\xdd-F\xacb\xac \xd3\xccj\x13\xa2\x9fLu\'\xed\x91\x867\xaa\xf5\xa0]\xb6\xaa\xea\xfd\xde\xa6\xec\b\x16\x86l:;\xf9\xdb\xcf\x88\"\xca\xe0E\xdb\xec\xf9\xb3\xed\a\x00\x00\x00\x00\x00\x00\x00\xd6.\xf7\x92\xc42\xdf\xefE\xce}\x1b\xda\xdd?\n6\xe1\xb1\xd8Y\x960\xd1\x00\x00\x00\x00\x00\x00MW\x8f\xc6\x82\xe4\x15\xf7\xe9\xd8\xc5b\x0e\x91\xc5\xc76$\x18\xa4\xbe\xe8V\x8d-\xe3\x8fC\xd5\xf5\xd6L\xe3\xce\xa1\x8dz\xce\xa7\xa5\xc8\xcbhM\x1b\xf8\x98\xc4\xfbD6\x88\xfd\xe5i\x8a\xd8\xcfm\x81Z\x19\xf0\xef\xc15\xe8\xcb\xf5\t\t\x00\x17\xfa\x1fqb\xe7\"\xcb4\xb8\xe5/\xd52\x17\x12\x1d\x04\x00\xb9|\x8d\x83\xea\xcc\x94\xebZ\xae\xaf\x19\xa4\xb2\xc6\xe1\x926B\xb6\x89Z\xa9\xb5/\xbb\x9d&\xeeO\xb3\xb3\xd4\bB\xa9f\x84\xad\t\x1a\xc2\xd5\x88\xbfo\x80V\x93\x9fl\xd7\xff\x03\xb7J\xed\x183\xe3\x7f\xfaq,\xca\x06\xb0\xc9\x92\x93\xa5I\x89\xb7\x85\x90\xb7\x1b0\xce\xd7!\x8fD\x96\xe1 ^>\x9f\x04\x89<\xb7S\x7f\x1a\x88\xab$\xd3y\xc2\xe1\x99\xbch\xd3\x83\xcd\x7f\xc5n\xb1\xc1X \x90\xbb\x1f\x01\x90\xb1O\x8d\x7f\xa8\xd4\xdbO\xef\x99\xf3\xd1M\x0f\t\x7f\n,\x84\x1f\xfa\xe2\xc8\x99\x97Oq\xae\x9b\x86h\xfa3\xb9\xfd\xbb\xd4^\xc0t\xa7]Y\xe9\x7f[\x11\xb1\xf3m\x17F\x9d\x18\xe2\xe1\x01\xb6f=-?\xbcI\xf2\xd9\xc4>-\xc0E\x9a\x82\xcc7S\xd4\xb6\'\xd2DY\xa5\x83,\xd1\xbc\xc7\xf6\xe0\x1f o\x06\xc2t\x14\xc2\xe0\x92\xc1\x8a\x85>@\xc9\xb0% \xc7\x13l\x8bJ\xe5\xec\x1dE\xf5\xc5\xe2\xe3\x10G7r#\xbc\x95&\x14\x1e\x97\xce\x83>Q@\xfb\xeb=\x1e\xb3\xd5H\x02\x86\xc6\xf3\xe1i\\\x1d\xf4\xc1\xacJC+\xc8}\x1b{\x86\x17\x00\n\"\xec\xa5x\xe6\xb1i\xeb\xb3\xb7I\x90\x9eai\xde\x01\xdc\xfeA\x05Sn\xe6\xe8^\xdf\x8c`\x17\xca\xbd\\QG\xb15\x82*=\xbd\xe9\xaf\x12<\xd7\xe1$\xa4\xdaU\xfb^\xd8!\xacxy\xd5X\xef\x03\xa7\x10\xa1C#S~\x0f\x17\t>X\\mv0\x9eZ\x89\xf4\xae\a\xc8\x16\xd2o\x16\xf3X%Q\xbd\xe9\x86V\xf2\x99^0\xe8xI(\xde-\x04s\x15\x06#2\xef\xef@\xa3t0d^^\xad\xf6\xad\xe0\x16\xf6\xa8\x99!\x0e\x9d+;D&\xebN\x94\x12\x04\x95o\xd6\x9fl\xcb\x16gc\xf5(\xaa_\xec\x9aiE\f\xd4\xc6\xf2\xae\x85n\x995\xcd\xa7\xbb\xf0pz\xff\x0f\x00\x00\x00\x00\x00\x00Li\r\x95Z\x89\"_\xe4\xba\xd4\x93\xab\xe1\xb9\xd8E[\xbb\xc9.M+\xbe\x81N\xd2\xae\xf4\x18\xd0\xe7\x98\x90,\xce\ft\xc4\xc7\x02\xaa\xc7\xeb1;\x86b)\x12{k#c\x1d@\xc31\x00\xd2}f\x8cX\xce\xed\xa4\xe4\xca\x00\x00\x00\x00\x00\x03\xfcWZ!<\x16a5ZL.\xe6\x15]\xebY\xaa\xbea\x8e\xdc\xc52r\"\xea\x9e\x03\x11&\xc3JU\xa7\xd6\x8a\xf8\xae>S\xdew\x94\x01\x88K\xe6\x86\xaf)hW\xc8\\/Pl\x9b\x1b\xf2\xf1_\xbb\xaa\xc9?\xf7\xae\x13\xc2\f=\x059\x1c\xb7\x1ca\xe4\xb8C[\x06\x8c\f%l\x19I\x1fq9y)\xaf~~\xa8\xaf\'S\xf0kA\xa8\x93\x8a\xd3\x98\xbf[5\x0f\x05\"\xbd4h\xd9\xd4\xb8\x17P\xb4\xa7\xd6\x03\x86\xe6\xb0\x90W\xc3\xbd\xcb\x1er\xc4e\xc2\x96\r\x15\x84\xda\x16m\xc7\x19g\x83O\a=\xcb\'\xb7E\xc2\xd3L\xd5\xe5\xc2&L\xebjb\xfaOBc\x95\xb7\x97[\xcd$n\xbcO\x81\x03\xc3e:C&\"\x06B:\xa4\xe9\xab\x95DG(^\xd7\xb4\x8e5\x1a\xdb\xcf\x12\xccV\xb7\x98i\xfb\xadv\xb3', 0x0) write(r0, &(0x7f0000000140)='/', 0x1) sendfile(r0, r0, &(0x7f0000000040), 0xfec) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x100000c, 0x11, r0, 0x0) utimensat(0xffffffffffffffff, &(0x7f0000000140)='./file0/file0\x00', &(0x7f00000001c0)={{}, {0x0, 0x2710}}, 0x100) 3.525399763s ago: executing program 3 (id=1101): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, 0x0) 3.479430493s ago: executing program 2 (id=1102): socket(0x80000000000000a, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) unshare(0x6020400) epoll_create1(0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000001200)='syzkaller\x00'}, 0x80) r1 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x8) r3 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000003c0)={r0, r2}, 0x10) bpf$ITER_CREATE(0x1d, &(0x7f0000000040)={r3, 0x7}, 0x8) 3.356084193s ago: executing program 0 (id=1103): r0 = add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, 0x0, &(0x7f0000000180)) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="4c0000001f0001"], 0x4c}, 0x1, 0x0, 0x0, 0x8801}, 0x10) 3.356000063s ago: executing program 3 (id=1104): madvise(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x64) 3.34222172s ago: executing program 5 (id=1105): r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0000005e00679a3601ffc4910700004f78d4c1a0731ccc3d"], 0x1c}, 0x1, 0x0, 0x0, 0x20002000}, 0x0) recvmmsg$unix(r0, &(0x7f0000002fc0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000042c0)=""/4083, 0xff3}, {&(0x7f0000002140)=""/130, 0x82}], 0x2}}], 0x2, 0x42, 0x0) 3.194198956s ago: executing program 5 (id=1106): capset(&(0x7f0000000000)={0x20080522}, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='oom_score_adj\x00') preadv(r0, &(0x7f00000003c0)=[{&(0x7f0000000380)=""/44, 0x2c}], 0x1, 0x0, 0x0) writev(r0, &(0x7f00000003c0), 0x100000000000022d) write$vhost_msg(r0, &(0x7f0000000200)={0x1, {&(0x7f0000000080)=""/100, 0x64, &(0x7f0000000100)=""/228, 0x2, 0x1}}, 0x48) 3.052095039s ago: executing program 3 (id=1107): r0 = io_uring_setup(0xc01, &(0x7f0000000000)={0x0, 0x1e78, 0x40, 0x2, 0x20b}) io_uring_register$IORING_REGISTER_RESTRICTIONS(r0, 0xb, &(0x7f0000000380), 0x0) io_uring_register$IORING_REGISTER_ENABLE_RINGS(r0, 0xc, 0x0, 0x0) io_uring_register$IORING_REGISTER_RESIZE_RINGS(r0, 0x21, 0x0, 0x1) 3.046719222s ago: executing program 5 (id=1108): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x88800, 0x0) ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r4, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r3, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r4, 0x0, 0xffffffffffffffff, 0x1}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r3, 0x3ba0, &(0x7f0000000080)={0x48, 0x7, r5, 0x0, 0x10000, 0x0, 0x1, 0x2ea473, 0x2eb80c}) openat$iommufd(0xffffffffffffff9c, &(0x7f0000000200), 0x80000, 0x0) 2.997426522s ago: executing program 2 (id=1109): r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x60}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, 0x0) 2.880118782s ago: executing program 3 (id=1110): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) 2.784880064s ago: executing program 2 (id=1111): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000018c0)=[{{0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000400)=""/4096, 0x1000}, {0x0}], 0x2}, 0x100}], 0x1, 0x10041, 0x0) 2.241068008s ago: executing program 0 (id=1112): r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000940)=ANY=[@ANYBLOB="61158800000000006113500000000000bfa000000000000007000000ee0016055e15010000000000160500000000000069163e0000000000bf07000000000000260507000fff07206706000020000000150600000ee60060bf500000000000002f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05002000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ace0600006e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc0da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44e2a2235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d00c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932fb3bba54b3a6aa57f1ad2e99e0e67ab9ff16d20000009f0f53acbb40b4f8e2738270001562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000007b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000815266b2c9e1bfadc7498e9dda5d000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631822a11dc3c693962895496d4f6e9cc54db6c7205a6b26f92121ef53e553acdf42068fff496d2da7d6327f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710eec53f1b11cced7bc3c8da0c44d2fbf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db80300c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d99"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb}, 0x94) ioctl$sock_FIOSETOWN(r0, 0x8901, &(0x7f00000001c0)=r2) socket$nl_route(0x10, 0x3, 0x0) pipe2(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x0, &(0x7f00000000c0)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r6}, 0x2c, {[{@cache_fscache}]}}) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFT_BATCH(r1, 0x0, 0x20049854) 2.05153282s ago: executing program 2 (id=1113): move_pages(0x0, 0x20a0, &(0x7f0000000040), &(0x7f0000001180), &(0x7f0000000000), 0x0) 1.955769982s ago: executing program 5 (id=1114): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)) fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0x3ff}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7) r1 = getpid() syz_pidfd_open(r1, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = io_uring_setup(0x28a6, &(0x7f0000000100)={0x0, 0xfffffffd, 0x2, 0x0, 0x2}) io_uring_register$IORING_REGISTER_BUFFERS2(r4, 0xf, &(0x7f0000002280)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001540)}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) io_uring_enter(r4, 0x64f5, 0x90f4, 0x1, 0x0, 0x0) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r4, 0x10, &(0x7f0000001b00)={0x0, 0x0, &(0x7f0000001a80)=[{0x0}], 0x0, 0x1}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x0, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r5, r5}, &(0x7f0000000300), &(0x7f0000000340)='%-010d \x00'}, 0x1c) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000380)={r5, r5}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x3, 0x10, &(0x7f0000000480)=@framed={{}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1234}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r5}}]}, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xa0) r6 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r6}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xa0) r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x3, 0xf, &(0x7f0000000900)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r7}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xa0) bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 1.954897178s ago: executing program 4 (id=1115): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0xa02, 0x0) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) read$FUSE(r1, &(0x7f0000000640)={0x2020}, 0x2020) 1.14023783s ago: executing program 0 (id=1116): socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) newfstatat(0xffffffffffffff9c, &(0x7f00000004c0)='.\x00', &(0x7f0000000440), 0x4000) ptrace$setregset(0x4205, r0, 0x200, &(0x7f0000000080)={0x0}) r3 = socket(0x10, 0x3, 0x0) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000200)={0x1, &(0x7f0000000080)=[{0x6, 0x7, 0x2, 0x2}]}, 0x10) sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@bridge_getlink={0x20, 0x12, 0x70d, 0x70bd2a, 0x25dfdbde, {0x7, 0x0, 0x0, 0x0, 0x20, 0x5d000}}, 0x20}}, 0x20008080) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x8}}, 0x240440c0) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000140)={0x2, 0x3, 0x0, 0x0, 0xe, 0x0, 0x0, 0xfffffffd, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @loopback}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0xc, 0x60000002}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x4e22, 0x0, @loopback}}]}, 0x70}, 0x1, 0x7}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x79, 0x11, 0xa8}, [@ldst={0x6, 0x3}], {0x95, 0x0, 0xc00}}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f2, 0x10, &(0x7f0000000000), 0xfffffe51}, 0x48) 1.140064812s ago: executing program 4 (id=1117): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000880)=ANY=[@ANYBLOB="440000001000ffff2cbd7000fbdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="2911010020100000140012800c0001006d6163766c616e000400028008000500", @ANYBLOB='\b\x00\n'], 0x44}, 0x1, 0x0, 0x0, 0x8014}, 0x14040040) 487.820688ms ago: executing program 5 (id=1118): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r0, &(0x7f0000000140)='2', 0x1, 0x8000c61) copy_file_range(r0, 0x0, r0, &(0x7f0000000180)=0x40, 0x8, 0x0) 328.225426ms ago: executing program 4 (id=1119): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) bind$netlink(r1, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfd, 0x400}, 0xc) getsockname$packet(r1, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=@newlink={0x20, 0x10, 0x40d, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, r2, 0x1}}, 0x20}, 0x1, 0x0, 0x0, 0x40040}, 0x0) 259.096355ms ago: executing program 5 (id=1120): pipe(0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000040)='.\x00', 0x18920f4, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, &(0x7f0000000000)) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000003c0)={'syz0\x00', {0x9, 0x0, 0x1, 0x400}, 0x36, [0xfffffffe, 0x8, 0x0, 0x0, 0x1, 0x0, 0x8, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x7, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x9f1, 0x7, 0x1, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0xfffffff8, 0x0, 0x0, 0x1, 0x3f8, 0x10, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], [0x2, 0x0, 0x0, 0xffffbffd, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x55], [0x0, 0x0, 0x0, 0x5d71, 0x0, 0xbd8f, 0x0, 0x4, 0x0, 0xfffffffd, 0xff, 0x5, 0x4, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x10001, 0x810, 0x6, 0x0, 0x0, 0x800000, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0xffffffff, 0xffffffff, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x6, 0x0, 0x1, 0x1d, 0x0, 0x0, 0x4, 0x2000000], [0x4, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x1, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x80000000, 0x4, 0x91a, 0x3, 0x0, 0x0, 0x6, 0x0, 0x0, 0x1000, 0x0, 0x5, 0x0, 0x2001, 0xfffffffd, 0x80, 0xfffffffc, 0xffffffff, 0x0, 0x0, 0x0, 0x8f4, 0x400000, 0x0, 0x0, 0x10200000, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x4]}, 0x45c) setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, &(0x7f0000000400)=ANY=[], 0x8) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000240)='bridge0\x00', 0x10) write(0xffffffffffffffff, &(0x7f00000000c0)="8f2a0a65bd8c602b0304000e0580a7b6070d63e286a5cefe", 0x5ac) 0s ago: executing program 4 (id=1121): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB="9feb01001800000000000000340000003400000007000000020000000200000f03000000020000000000000300000000000000000000000000000044942d000000000000000f01000000840000615f2e"], &(0x7f0000000340)=""/13, 0x53, 0xd, 0x1}, 0x28) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.206' (ED25519) to the list of known hosts. [ 66.069334][ T5826] cgroup: Unknown subsys name 'net' [ 66.199886][ T5826] cgroup: Unknown subsys name 'cpuset' [ 66.209157][ T5826] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 67.629845][ T5826] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 70.302564][ T5850] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 70.316879][ T5852] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 70.325405][ T5854] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 70.336400][ T5852] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 70.339936][ T5856] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 70.344484][ T5852] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 70.359273][ T5856] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 70.359388][ T5854] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 70.375703][ T5856] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 70.375845][ T5852] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 70.393344][ T5854] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 70.393705][ T5856] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 70.401723][ T5852] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 70.410592][ T5856] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 70.418899][ T5852] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 70.428500][ T5856] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 70.430316][ T5854] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 70.440858][ T5856] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 70.446523][ T5852] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 70.451556][ T5860] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 70.466924][ T5856] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 70.477427][ T5856] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 70.487315][ T5856] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 70.516825][ T5850] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 70.526917][ T5850] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 71.134626][ T5838] chnl_net:caif_netlink_parms(): no params data found [ 71.221352][ T5845] chnl_net:caif_netlink_parms(): no params data found [ 71.315970][ T5839] chnl_net:caif_netlink_parms(): no params data found [ 71.431223][ T5840] chnl_net:caif_netlink_parms(): no params data found [ 71.503300][ T5846] chnl_net:caif_netlink_parms(): no params data found [ 71.517027][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.525105][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.533497][ T5838] bridge_slave_0: entered allmulticast mode [ 71.541038][ T5838] bridge_slave_0: entered promiscuous mode [ 71.552224][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.553766][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.559609][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.560003][ T5838] bridge_slave_1: entered allmulticast mode [ 71.567892][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.575436][ T5838] bridge_slave_1: entered promiscuous mode [ 71.722643][ T5845] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.730006][ T5845] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.737578][ T5845] bridge_slave_0: entered allmulticast mode [ 71.744871][ T5845] bridge_slave_0: entered promiscuous mode [ 71.762352][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.778917][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.787904][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.796083][ T5839] bridge_slave_0: entered allmulticast mode [ 71.803477][ T5839] bridge_slave_0: entered promiscuous mode [ 71.811618][ T5845] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.819445][ T5845] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.827036][ T5845] bridge_slave_1: entered allmulticast mode [ 71.834411][ T5845] bridge_slave_1: entered promiscuous mode [ 71.852524][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.878145][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.885518][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.893523][ T5839] bridge_slave_1: entered allmulticast mode [ 71.901176][ T5839] bridge_slave_1: entered promiscuous mode [ 71.988585][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.995979][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.003188][ T5840] bridge_slave_0: entered allmulticast mode [ 72.010819][ T5840] bridge_slave_0: entered promiscuous mode [ 72.035734][ T5845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.058600][ T5838] team0: Port device team_slave_0 added [ 72.068271][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.075568][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.082854][ T5840] bridge_slave_1: entered allmulticast mode [ 72.090420][ T5840] bridge_slave_1: entered promiscuous mode [ 72.101240][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.113644][ T5845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.138629][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.145985][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.153563][ T5846] bridge_slave_0: entered allmulticast mode [ 72.161153][ T5846] bridge_slave_0: entered promiscuous mode [ 72.171671][ T5838] team0: Port device team_slave_1 added [ 72.205123][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.224952][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.232244][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.239834][ T5846] bridge_slave_1: entered allmulticast mode [ 72.247266][ T5846] bridge_slave_1: entered promiscuous mode [ 72.297950][ T5845] team0: Port device team_slave_0 added [ 72.316857][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.323809][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.349968][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.366585][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.390232][ T5845] team0: Port device team_slave_1 added [ 72.399892][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.410838][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.418117][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.444187][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.458569][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.470563][ T5839] team0: Port device team_slave_0 added [ 72.490428][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.500199][ T5841] Bluetooth: hci2: command tx timeout [ 72.500192][ T5850] Bluetooth: hci1: command tx timeout [ 72.535443][ T5839] team0: Port device team_slave_1 added [ 72.566881][ T5846] team0: Port device team_slave_0 added [ 72.576886][ T5850] Bluetooth: hci4: command tx timeout [ 72.577120][ T5856] Bluetooth: hci0: command tx timeout [ 72.589683][ T5841] Bluetooth: hci3: command tx timeout [ 72.608729][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.615748][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.642040][ T5845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.656047][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.663007][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.689305][ T5845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.702984][ T5846] team0: Port device team_slave_1 added [ 72.711469][ T5840] team0: Port device team_slave_0 added [ 72.762760][ T5840] team0: Port device team_slave_1 added [ 72.769979][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.777152][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.803550][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.834653][ T5838] hsr_slave_0: entered promiscuous mode [ 72.842102][ T5838] hsr_slave_1: entered promiscuous mode [ 72.874754][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.882133][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.908492][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.936150][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.944179][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.970717][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 73.012679][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 73.019681][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 73.045631][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 73.058245][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 73.065246][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 73.091600][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 73.105761][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 73.112722][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 73.138765][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 73.167867][ T5845] hsr_slave_0: entered promiscuous mode [ 73.174489][ T5845] hsr_slave_1: entered promiscuous mode [ 73.181108][ T5845] debugfs: 'hsr0' already exists in 'hsr' [ 73.186958][ T5845] Cannot create hsr debugfs directory [ 73.327994][ T5839] hsr_slave_0: entered promiscuous mode [ 73.334606][ T5839] hsr_slave_1: entered promiscuous mode [ 73.341417][ T5839] debugfs: 'hsr0' already exists in 'hsr' [ 73.347225][ T5839] Cannot create hsr debugfs directory [ 73.359868][ T5846] hsr_slave_0: entered promiscuous mode [ 73.366986][ T5846] hsr_slave_1: entered promiscuous mode [ 73.373360][ T5846] debugfs: 'hsr0' already exists in 'hsr' [ 73.381965][ T5846] Cannot create hsr debugfs directory [ 73.441169][ T5840] hsr_slave_0: entered promiscuous mode [ 73.447976][ T5840] hsr_slave_1: entered promiscuous mode [ 73.454444][ T5840] debugfs: 'hsr0' already exists in 'hsr' [ 73.460519][ T5840] Cannot create hsr debugfs directory [ 74.049710][ T5838] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 74.066196][ T5838] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 74.078528][ T5838] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 74.099863][ T5838] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 74.177468][ T5845] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 74.196932][ T5845] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 74.213319][ T5845] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 74.229679][ T5845] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 74.339970][ T5840] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 74.354986][ T5840] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 74.367601][ T5840] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 74.379117][ T5840] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 74.509873][ T5846] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 74.521176][ T5846] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 74.532694][ T5846] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 74.543760][ T5846] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 74.576449][ T5856] Bluetooth: hci1: command tx timeout [ 74.586306][ T5856] Bluetooth: hci2: command tx timeout [ 74.628886][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.656620][ T5856] Bluetooth: hci0: command tx timeout [ 74.656634][ T5841] Bluetooth: hci4: command tx timeout [ 74.656656][ T5850] Bluetooth: hci3: command tx timeout [ 74.704208][ T5839] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 74.731802][ T5839] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 74.744953][ T5839] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 74.758459][ T5839] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 74.808172][ T5838] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.840853][ T1072] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.848626][ T1072] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.898116][ T139] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.905337][ T139] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.949668][ T5845] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.018442][ T5845] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.064236][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.083497][ T139] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.090679][ T139] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.135342][ T69] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.142591][ T69] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.185525][ T5840] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.247588][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.261193][ T69] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.268502][ T69] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.313005][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.320328][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.405322][ T5846] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.439699][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.462264][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.469422][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.512858][ T5839] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.530794][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.538042][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.584221][ T1072] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.591462][ T1072] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.672004][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.679253][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.698946][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.822080][ T5846] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 75.888573][ T5845] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.094001][ T5838] veth0_vlan: entered promiscuous mode [ 76.133855][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.165393][ T5838] veth1_vlan: entered promiscuous mode [ 76.429212][ T5838] veth0_macvtap: entered promiscuous mode [ 76.443050][ T5840] veth0_vlan: entered promiscuous mode [ 76.453887][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.469144][ T5838] veth1_macvtap: entered promiscuous mode [ 76.504351][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.539008][ T5840] veth1_vlan: entered promiscuous mode [ 76.567929][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.621516][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.656262][ T5841] Bluetooth: hci2: command tx timeout [ 76.656318][ T5856] Bluetooth: hci1: command tx timeout [ 76.683613][ T1072] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.693745][ T1072] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.704051][ T5845] veth0_vlan: entered promiscuous mode [ 76.728993][ T1072] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.736248][ T5856] Bluetooth: hci0: command tx timeout [ 76.738021][ T5841] Bluetooth: hci3: command tx timeout [ 76.743133][ T5850] Bluetooth: hci4: command tx timeout [ 76.750317][ T1072] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.803726][ T5839] veth0_vlan: entered promiscuous mode [ 76.811363][ T5846] veth0_vlan: entered promiscuous mode [ 76.821722][ T5845] veth1_vlan: entered promiscuous mode [ 76.865143][ T5840] veth0_macvtap: entered promiscuous mode [ 76.894066][ T5846] veth1_vlan: entered promiscuous mode [ 76.905853][ T5839] veth1_vlan: entered promiscuous mode [ 76.917983][ T5840] veth1_macvtap: entered promiscuous mode [ 76.995451][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 77.010421][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.046684][ T1072] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.060069][ T1072] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.073122][ T90] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.082011][ T90] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.119234][ T90] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.130088][ T90] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.163342][ T5845] veth0_macvtap: entered promiscuous mode [ 77.192188][ T90] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.193969][ T5839] veth0_macvtap: entered promiscuous mode [ 77.210636][ T90] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.218229][ T5846] veth0_macvtap: entered promiscuous mode [ 77.225884][ T5846] veth1_macvtap: entered promiscuous mode [ 77.238161][ T5845] veth1_macvtap: entered promiscuous mode [ 77.275510][ T5839] veth1_macvtap: entered promiscuous mode [ 77.378831][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 77.382297][ T5838] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 77.421634][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 77.437720][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 77.453676][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.487086][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.498059][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.502729][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.552517][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.574520][ T1072] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.920505][ T1072] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.749801][ T5841] Bluetooth: hci1: command tx timeout [ 78.749812][ T5856] Bluetooth: hci2: command tx timeout [ 78.816784][ T5841] Bluetooth: hci0: command tx timeout [ 78.817021][ T5850] Bluetooth: hci4: command tx timeout [ 78.827854][ T5856] Bluetooth: hci3: command tx timeout [ 79.322973][ T1072] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.336522][ T1151] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.378259][ T1151] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.388613][ T1151] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.424639][ T1151] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.436613][ T1151] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.477739][ T1151] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.487324][ T1151] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.508561][ T1072] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.518106][ T1072] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.579985][ T1072] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.588808][ T1072] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.780339][ T43] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.806201][ T43] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.022831][ T1072] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.051886][ T1072] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.576992][ T5847] IPVS: starting estimator thread 0... [ 80.729174][ T5980] IPVS: using max 33 ests per chain, 79200 per kthread [ 81.752920][ T43] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.987889][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.689102][ T43] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.467886][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.809984][ T139] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.818327][ T139] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.880072][ T5993] netlink: 'syz.1.9': attribute type 4 has an invalid length. [ 85.893116][ T1072] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.902701][ T1072] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.205961][ T5999] Zero length message leads to an empty skb [ 86.293488][ T6000] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 86.600122][ T6010] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5'. [ 86.695335][ T6003] sctp: [Deprecated]: syz.1.10 (pid 6003) Use of int in max_burst socket option. [ 86.695335][ T6003] Use struct sctp_assoc_value instead [ 86.787241][ T6009] veth3: entered promiscuous mode [ 86.939093][ T6017] No such timeout policy "syz1" [ 87.407814][ T24] cfg80211: failed to load regulatory.db [ 89.280876][ T6027] tipc: Enabling of bearer rejected, failed to enable media [ 89.583728][ T6027] netlink: 44 bytes leftover after parsing attributes in process `syz.1.15'. [ 90.448957][ T6046] netlink: 'syz.4.17': attribute type 1 has an invalid length. [ 90.596169][ T5841] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 90.606011][ T5841] CPU: 0 UID: 0 PID: 5841 Comm: kworker/u9:2 Not tainted syzkaller #0 PREEMPT(full) [ 90.606038][ T5841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 90.606052][ T5841] Workqueue: hci1 hci_rx_work [ 90.606090][ T5841] Call Trace: [ 90.606104][ T5841] [ 90.606114][ T5841] dump_stack_lvl+0xe8/0x150 [ 90.606150][ T5841] sysfs_create_dir_ns+0x271/0x2a0 [ 90.606188][ T5841] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 90.606219][ T5841] ? do_raw_spin_unlock+0xf5/0x210 [ 90.606251][ T5841] kobject_add_internal+0x62b/0xd00 [ 90.606289][ T5841] kobject_add+0x163/0x240 [ 90.606321][ T5841] ? __pfx_kobject_add+0x10/0x10 [ 90.606350][ T5841] ? _raw_spin_unlock+0x3f/0x50 [ 90.606375][ T5841] ? get_device_parent+0x366/0x3a0 [ 90.606407][ T5841] device_add+0x408/0xb70 [ 90.606437][ T5841] hci_conn_add_sysfs+0xd5/0x210 [ 90.606466][ T5841] le_conn_complete_evt+0xf1d/0x1430 [ 90.606505][ T5841] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 90.606533][ T5841] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 90.606562][ T5841] ? __pfx___mutex_lock+0x10/0x10 [ 90.606589][ T5841] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 90.606613][ T5841] ? skb_pull_data+0xfb/0x200 [ 90.606648][ T5841] hci_le_conn_complete_evt+0x187/0x470 [ 90.606684][ T5841] hci_event_packet+0x7af/0x12c0 [ 90.606714][ T5841] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 90.606742][ T5841] ? __pfx_hci_event_packet+0x10/0x10 [ 90.606769][ T5841] ? kcov_remote_start+0x49a/0x7a0 [ 90.606795][ T5841] ? hci_send_to_monitor+0xe2/0x590 [ 90.606832][ T5841] hci_rx_work+0x3ee/0x1040 [ 90.606858][ T5841] ? preempt_schedule_thunk+0x16/0x30 [ 90.606888][ T5841] ? process_one_work+0x8b7/0x1710 [ 90.606917][ T5841] process_one_work+0x9a3/0x1710 [ 90.606967][ T5841] ? __pfx_process_one_work+0x10/0x10 [ 90.606994][ T5841] ? do_raw_spin_lock+0x12b/0x2f0 [ 90.607035][ T5841] worker_thread+0xba8/0x11e0 [ 90.607080][ T5841] kthread+0x388/0x470 [ 90.607104][ T5841] ? __pfx_worker_thread+0x10/0x10 [ 90.607120][ T5841] ? __pfx_kthread+0x10/0x10 [ 90.607144][ T5841] ret_from_fork+0x51e/0xb90 [ 90.607189][ T5841] ? __pfx_ret_from_fork+0x10/0x10 [ 90.607218][ T5841] ? __switch_to+0xc7d/0x1420 [ 90.607249][ T5841] ? __pfx_kthread+0x10/0x10 [ 90.607276][ T5841] ret_from_fork_asm+0x1a/0x30 [ 90.607312][ T5841] [ 90.607470][ T5841] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 90.885830][ T5841] Bluetooth: hci1: failed to register connection device [ 90.896898][ T6050] netlink: 4 bytes leftover after parsing attributes in process `syz.2.18'. [ 91.093079][ T6052] netlink: 28 bytes leftover after parsing attributes in process `syz.4.17'. [ 91.422324][ T6050] nbd: socks must be embedded in a SOCK_ITEM attr [ 94.058146][ T5991] udevd[5991]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 94.070682][ T6051] veth3: entered promiscuous mode [ 94.339622][ T6075] overlayfs: missing 'lowerdir' [ 95.364667][ T6084] netlink: 8 bytes leftover after parsing attributes in process `syz.0.25'. [ 95.380911][ T6084] bond0: Unable to set down delay as MII monitoring is disabled [ 95.728775][ T6088] No such timeout policy "syz1" [ 96.140523][ T6092] process 'syz.2.27' launched '/dev/fd/4' with NULL argv: empty string added [ 96.150585][ T6091] tipc: Enabling of bearer rejected, failed to enable media [ 96.338665][ T6091] netlink: 44 bytes leftover after parsing attributes in process `syz.0.28'. [ 96.512773][ T6099] tipc: Enabling of bearer rejected, failed to enable media [ 96.680609][ T6077] loop1: detected capacity change from 0 to 32768 [ 96.709682][ T6077] ======================================================= [ 96.709682][ T6077] WARNING: The mand mount option has been deprecated and [ 96.709682][ T6077] and is ignored by this kernel. Remove the mand [ 96.709682][ T6077] option from the mount to silence this warning. [ 96.709682][ T6077] ======================================================= [ 96.809387][ T6119] netlink: 44 bytes leftover after parsing attributes in process `syz.4.29'. [ 96.870409][ T6077] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 96.880862][ T6113] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 96.891327][ T6113] batadv_slave_0: entered promiscuous mode [ 97.246063][ T6077] XFS (loop1): Ending clean mount [ 97.334006][ T6077] XFS (loop1): Quotacheck needed: Please wait. [ 98.301973][ T6077] XFS (loop1): Quotacheck: Done. [ 98.464076][ T6138] No such timeout policy "syz1" [ 98.867732][ T5840] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 100.340029][ T5841] Bluetooth: hci1: command 0x0406 tx timeout [ 101.305792][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 101.932250][ T6162] No such timeout policy "syz1" [ 102.569375][ T6166] fuse: Bad value for 'fd' [ 102.793557][ T6169] netlink: 'syz.1.42': attribute type 1 has an invalid length. [ 102.824921][ T6171] tipc: Enabling of bearer rejected, failed to enable media [ 103.231368][ T6181] No such timeout policy "syz1" [ 103.850263][ T6187] netlink: 44 bytes leftover after parsing attributes in process `syz.2.44'. [ 104.287808][ T24] IPVS: starting estimator thread 0... [ 104.778681][ T6193] IPVS: using max 29 ests per chain, 69600 per kthread [ 107.662546][ T6211] netlink: 182 bytes leftover after parsing attributes in process `syz.2.50'. [ 108.720962][ T5928] IPVS: starting estimator thread 0... [ 108.743797][ T6220] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 108.846000][ T6223] IPVS: using max 31 ests per chain, 74400 per kthread [ 110.534477][ T6239] netlink: 'syz.4.57': attribute type 4 has an invalid length. [ 110.893882][ T6247] tipc: Enabling of bearer rejected, failed to enable media [ 111.714420][ T6258] netlink: 44 bytes leftover after parsing attributes in process `syz.4.59'. [ 112.757264][ T5856] Bluetooth: hci3: unexpected event 0x2f length: 509 > 260 [ 113.534238][ T6280] overlayfs: missing 'lowerdir' [ 113.665748][ T6288] No such timeout policy "syz1" [ 114.160931][ T5856] Bluetooth: hci4: ISO packet for unknown connection handle 0 [ 114.711242][ T5856] Bluetooth: hci3: hcon ffff88807dc10000 sent 1 < count 24576 [ 115.384463][ T6303] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 115.393016][ T6303] batadv_slave_0: entered promiscuous mode [ 115.467309][ T6310] tipc: Enabling of bearer rejected, failed to enable media [ 115.696737][ T6320] netlink: 44 bytes leftover after parsing attributes in process `syz.4.74'. [ 116.974017][ T6337] Driver unsupported XDP return value 0 on prog (id 4) dev N/A, expect packet loss! [ 117.055288][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 118.466918][ T6353] binder: 6348:6353 ioctl c0306201 0 returned -14 [ 119.161479][ T6363] netlink: 182 bytes leftover after parsing attributes in process `syz.1.86'. [ 119.791366][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 119.983298][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 120.084504][ T6371] tipc: Enabling of bearer rejected, failed to enable media [ 120.351543][ T6371] netlink: 44 bytes leftover after parsing attributes in process `syz.0.90'. [ 123.687005][ T6398] tipc: Started in network mode [ 123.704300][ T6398] tipc: Node identity be081e54fef6, cluster identity 4711 [ 123.746859][ T6398] tipc: Enabled bearer , priority 0 [ 123.765824][ T6399] syzkaller0: entered promiscuous mode [ 123.845339][ T6399] syzkaller0: entered allmulticast mode [ 124.127590][ T6399] tipc: Resetting bearer [ 124.670941][ T6397] tipc: Resetting bearer [ 125.226878][ T6397] tipc: Disabling bearer [ 125.359839][ T808] tipc: Node number set to 1090395732 [ 126.453384][ T6423] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 126.467538][ T6423] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 127.979962][ T6447] sctp: [Deprecated]: syz.4.104 (pid 6447) Use of int in max_burst socket option. [ 127.979962][ T6447] Use struct sctp_assoc_value instead [ 128.805338][ T6454] netlink: 'syz.0.109': attribute type 1 has an invalid length. [ 130.235527][ T6469] netlink: 182 bytes leftover after parsing attributes in process `syz.2.112'. [ 130.690498][ T6464] veth3: entered promiscuous mode [ 131.037798][ T6483] tipc: Enabling of bearer rejected, failed to enable media [ 131.242660][ T6493] netlink: 44 bytes leftover after parsing attributes in process `syz.1.119'. [ 131.761889][ T6481] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 131.770494][ T6481] batadv_slave_0: entered promiscuous mode [ 133.030962][ T0] NOHZ tick-stop error: local softirq work is pending, handler #c2!!! [ 134.594715][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 134.608877][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 135.172975][ T6532] tipc: Enabling of bearer rejected, failed to enable media [ 135.392051][ T6539] netlink: 44 bytes leftover after parsing attributes in process `syz.3.131'. [ 135.405848][ T6540] loop2: detected capacity change from 0 to 16 [ 135.564623][ T6540] erofs (device loop2): invalid ishare xattr prefix id 0 [ 135.921722][ T6548] mmap: syz.3.134 (6548) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 138.989103][ T6580] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 140.678101][ T6604] netlink: 8 bytes leftover after parsing attributes in process `syz.0.152'. [ 140.725956][ T6606] netlink: 'syz.4.154': attribute type 1 has an invalid length. [ 140.882648][ T6606] veth3: entered promiscuous mode [ 141.895934][ T6620] loop4: detected capacity change from 0 to 16 [ 141.936878][ T6620] erofs (device loop4): invalid ishare xattr prefix id 0 [ 142.969125][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 145.430087][ T6658] loop4: detected capacity change from 0 to 256 [ 146.271114][ T0] NOHZ tick-stop error: local softirq work is pending, handler #142!!! [ 146.709309][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 148.362800][ T5856] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 148.372522][ T5856] CPU: 1 UID: 0 PID: 5856 Comm: kworker/u9:7 Tainted: G L syzkaller #0 PREEMPT(full) [ 148.372556][ T5856] Tainted: [L]=SOFTLOCKUP [ 148.372564][ T5856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 148.372579][ T5856] Workqueue: hci3 hci_rx_work [ 148.372619][ T5856] Call Trace: [ 148.372634][ T5856] [ 148.372643][ T5856] dump_stack_lvl+0xe8/0x150 [ 148.372681][ T5856] sysfs_create_dir_ns+0x271/0x2a0 [ 148.372715][ T5856] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 148.372744][ T5856] ? do_raw_spin_unlock+0xf5/0x210 [ 148.372775][ T5856] kobject_add_internal+0x62b/0xd00 [ 148.372813][ T5856] kobject_add+0x163/0x240 [ 148.372845][ T5856] ? __pfx_kobject_add+0x10/0x10 [ 148.372873][ T5856] ? _raw_spin_unlock+0x28/0x50 [ 148.372897][ T5856] ? get_device_parent+0x366/0x3a0 [ 148.372931][ T5856] device_add+0x408/0xb70 [ 148.372961][ T5856] hci_conn_add_sysfs+0xd5/0x210 [ 148.372988][ T5856] le_conn_complete_evt+0xf1d/0x1430 [ 148.373028][ T5856] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 148.373055][ T5856] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 148.373084][ T5856] ? __pfx___mutex_lock+0x10/0x10 [ 148.373109][ T5856] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 148.373134][ T5856] ? skb_pull_data+0xfb/0x200 [ 148.373169][ T5856] hci_le_conn_complete_evt+0x187/0x470 [ 148.373205][ T5856] hci_event_packet+0x7af/0x12c0 [ 148.373235][ T5856] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 148.373264][ T5856] ? __pfx_hci_event_packet+0x10/0x10 [ 148.373293][ T5856] ? kcov_remote_start+0x49a/0x7a0 [ 148.373320][ T5856] ? hci_send_to_monitor+0xe2/0x590 [ 148.373354][ T5856] hci_rx_work+0x3ee/0x1040 [ 148.373388][ T5856] ? process_one_work+0x8b7/0x1710 [ 148.373417][ T5856] process_one_work+0x9a3/0x1710 [ 148.373468][ T5856] ? __pfx_process_one_work+0x10/0x10 [ 148.373495][ T5856] ? do_raw_spin_lock+0x12b/0x2f0 [ 148.373535][ T5856] worker_thread+0xba8/0x11e0 [ 148.373580][ T5856] kthread+0x388/0x470 [ 148.373604][ T5856] ? __pfx_worker_thread+0x10/0x10 [ 148.373621][ T5856] ? __pfx_kthread+0x10/0x10 [ 148.373653][ T5856] ret_from_fork+0x51e/0xb90 [ 148.373688][ T5856] ? __pfx_ret_from_fork+0x10/0x10 [ 148.373716][ T5856] ? __switch_to+0xc7d/0x1420 [ 148.373746][ T5856] ? __pfx_kthread+0x10/0x10 [ 148.373771][ T5856] ret_from_fork_asm+0x1a/0x30 [ 148.373808][ T5856] [ 148.373859][ T5856] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 148.670360][ T6676] netlink: 4 bytes leftover after parsing attributes in process `syz.4.175'. [ 149.021445][ T6676] nbd: socks must be embedded in a SOCK_ITEM attr [ 149.490052][ T5856] Bluetooth: hci3: failed to register connection device [ 151.764244][ T5841] Bluetooth: hci3: command 0x2016 tx timeout [ 152.447681][ T6689] syz.0.178 uses obsolete (PF_INET,SOCK_PACKET) [ 152.499261][ T5893] udevd[5893]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 152.521226][ T5893] udevd[5893]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 153.534854][ T5856] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 153.544499][ T5856] CPU: 0 UID: 0 PID: 5856 Comm: kworker/u9:7 Tainted: G L syzkaller #0 PREEMPT(full) [ 153.544530][ T5856] Tainted: [L]=SOFTLOCKUP [ 153.544537][ T5856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 153.544550][ T5856] Workqueue: hci1 hci_rx_work [ 153.544581][ T5856] Call Trace: [ 153.544589][ T5856] [ 153.544598][ T5856] dump_stack_lvl+0xe8/0x150 [ 153.544633][ T5856] sysfs_create_dir_ns+0x271/0x2a0 [ 153.544664][ T5856] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 153.544690][ T5856] ? do_raw_spin_unlock+0xf5/0x210 [ 153.544719][ T5856] kobject_add_internal+0x62b/0xd00 [ 153.544758][ T5856] kobject_add+0x163/0x240 [ 153.544791][ T5856] ? __pfx_kobject_add+0x10/0x10 [ 153.544820][ T5856] ? _raw_spin_unlock+0x28/0x50 [ 153.544844][ T5856] ? get_device_parent+0x366/0x3a0 [ 153.544876][ T5856] device_add+0x408/0xb70 [ 153.544906][ T5856] hci_conn_add_sysfs+0xd5/0x210 [ 153.544932][ T5856] le_conn_complete_evt+0xf1d/0x1430 [ 153.544974][ T5856] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 153.545006][ T5856] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 153.545035][ T5856] ? __pfx___mutex_lock+0x10/0x10 [ 153.545068][ T5856] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 153.545095][ T5856] ? skb_pull_data+0xfb/0x200 [ 153.545132][ T5856] hci_le_conn_complete_evt+0x187/0x470 [ 153.545168][ T5856] hci_event_packet+0x7af/0x12c0 [ 153.545198][ T5856] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 153.545225][ T5856] ? __pfx_hci_event_packet+0x10/0x10 [ 153.545254][ T5856] ? kcov_remote_start+0x49a/0x7a0 [ 153.545280][ T5856] ? hci_send_to_monitor+0xe2/0x590 [ 153.545313][ T5856] hci_rx_work+0x3ee/0x1040 [ 153.545347][ T5856] ? process_one_work+0x8b7/0x1710 [ 153.545375][ T5856] process_one_work+0x9a3/0x1710 [ 153.545426][ T5856] ? __pfx_process_one_work+0x10/0x10 [ 153.545453][ T5856] ? do_raw_spin_lock+0x12b/0x2f0 [ 153.545493][ T5856] worker_thread+0xba8/0x11e0 [ 153.545537][ T5856] kthread+0x388/0x470 [ 153.545561][ T5856] ? __pfx_worker_thread+0x10/0x10 [ 153.545578][ T5856] ? __pfx_kthread+0x10/0x10 [ 153.545603][ T5856] ret_from_fork+0x51e/0xb90 [ 153.545636][ T5856] ? __pfx_ret_from_fork+0x10/0x10 [ 153.545664][ T5856] ? __switch_to+0xc7d/0x1420 [ 153.545693][ T5856] ? __pfx_kthread+0x10/0x10 [ 153.545718][ T5856] ret_from_fork_asm+0x1a/0x30 [ 153.545754][ T5856] [ 153.545806][ T5856] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 153.939940][ T6698] netlink: 4 bytes leftover after parsing attributes in process `syz.2.180'. [ 153.993547][ T5841] Bluetooth: hci3: command 0x2016 tx timeout [ 154.445709][ T5856] Bluetooth: hci1: failed to register connection device [ 154.595364][ T6698] nbd: socks must be embedded in a SOCK_ITEM attr [ 156.922974][ T5841] Bluetooth: hci1: command 0x0406 tx timeout [ 158.241818][ T6718] No such timeout policy "syz1" [ 158.782382][ T5856] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 158.823224][ T5856] CPU: 0 UID: 0 PID: 5856 Comm: kworker/u9:7 Tainted: G L syzkaller #0 PREEMPT(full) [ 158.823255][ T5856] Tainted: [L]=SOFTLOCKUP [ 158.823262][ T5856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 158.823276][ T5856] Workqueue: hci3 hci_rx_work [ 158.823304][ T5856] Call Trace: [ 158.823312][ T5856] [ 158.823321][ T5856] dump_stack_lvl+0xe8/0x150 [ 158.823355][ T5856] sysfs_create_dir_ns+0x271/0x2a0 [ 158.823387][ T5856] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 158.823415][ T5856] ? do_raw_spin_unlock+0xf5/0x210 [ 158.823445][ T5856] kobject_add_internal+0x62b/0xd00 [ 158.823488][ T5856] kobject_add+0x163/0x240 [ 158.823521][ T5856] ? __pfx_kobject_add+0x10/0x10 [ 158.823550][ T5856] ? _raw_spin_unlock+0x28/0x50 [ 158.823575][ T5856] ? get_device_parent+0x366/0x3a0 [ 158.823607][ T5856] device_add+0x408/0xb70 [ 158.823637][ T5856] hci_conn_add_sysfs+0xd5/0x210 [ 158.823670][ T5856] le_conn_complete_evt+0xf1d/0x1430 [ 158.823710][ T5856] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 158.823738][ T5856] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 158.823767][ T5856] ? __pfx___mutex_lock+0x10/0x10 [ 158.823797][ T5856] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 158.823822][ T5856] ? skb_pull_data+0xfb/0x200 [ 158.823858][ T5856] hci_le_conn_complete_evt+0x187/0x470 [ 158.823892][ T5856] hci_event_packet+0x7af/0x12c0 [ 158.823923][ T5856] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 158.823951][ T5856] ? __pfx_hci_event_packet+0x10/0x10 [ 158.823980][ T5856] ? kcov_remote_start+0x49a/0x7a0 [ 158.824006][ T5856] ? hci_send_to_monitor+0xe2/0x590 [ 158.824040][ T5856] hci_rx_work+0x3ee/0x1040 [ 158.824074][ T5856] ? process_one_work+0x8b7/0x1710 [ 158.824103][ T5856] process_one_work+0x9a3/0x1710 [ 158.824154][ T5856] ? __pfx_process_one_work+0x10/0x10 [ 158.824180][ T5856] ? do_raw_spin_lock+0x12b/0x2f0 [ 158.824219][ T5856] worker_thread+0xba8/0x11e0 [ 158.824264][ T5856] kthread+0x388/0x470 [ 158.824288][ T5856] ? __pfx_worker_thread+0x10/0x10 [ 158.824305][ T5856] ? __pfx_kthread+0x10/0x10 [ 158.824329][ T5856] ret_from_fork+0x51e/0xb90 [ 158.824361][ T5856] ? __pfx_ret_from_fork+0x10/0x10 [ 158.824389][ T5856] ? __switch_to+0xc7d/0x1420 [ 158.824418][ T5856] ? __pfx_kthread+0x10/0x10 [ 158.824442][ T5856] ret_from_fork_asm+0x1a/0x30 [ 158.824479][ T5856] [ 159.052918][ T5856] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 159.067491][ T5856] Bluetooth: hci3: failed to register connection device [ 159.107470][ T5850] Bluetooth: hci1: command 0x0406 tx timeout [ 159.301237][ T6725] netlink: 4 bytes leftover after parsing attributes in process `syz.4.185'. [ 159.310199][ T6725] nbd: device at index 64 is going down [ 160.678926][ T5850] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 160.688927][ T5850] CPU: 1 UID: 0 PID: 5850 Comm: kworker/u9:4 Tainted: G L syzkaller #0 PREEMPT(full) [ 160.688958][ T5850] Tainted: [L]=SOFTLOCKUP [ 160.688965][ T5850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 160.688978][ T5850] Workqueue: hci0 hci_rx_work [ 160.689008][ T5850] Call Trace: [ 160.689017][ T5850] [ 160.689026][ T5850] dump_stack_lvl+0xe8/0x150 [ 160.689059][ T5850] sysfs_create_dir_ns+0x271/0x2a0 [ 160.689090][ T5850] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 160.689118][ T5850] ? do_raw_spin_unlock+0xf5/0x210 [ 160.689149][ T5850] kobject_add_internal+0x62b/0xd00 [ 160.689187][ T5850] kobject_add+0x163/0x240 [ 160.689219][ T5850] ? __pfx_kobject_add+0x10/0x10 [ 160.689248][ T5850] ? _raw_spin_unlock+0x3f/0x50 [ 160.689273][ T5850] ? get_device_parent+0x366/0x3a0 [ 160.689303][ T5850] device_add+0x408/0xb70 [ 160.689334][ T5850] hci_conn_add_sysfs+0xd5/0x210 [ 160.689360][ T5850] le_conn_complete_evt+0xf1d/0x1430 [ 160.689389][ T5850] ? irqentry_exit+0x61a/0x700 [ 160.689422][ T5850] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 160.689458][ T5850] ? skb_pull_data+0xfb/0x200 [ 160.689494][ T5850] hci_le_conn_complete_evt+0x187/0x470 [ 160.689530][ T5850] hci_event_packet+0x7af/0x12c0 [ 160.689553][ T5850] ? irqentry_exit+0x61a/0x700 [ 160.689580][ T5850] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 160.689608][ T5850] ? __pfx_hci_event_packet+0x10/0x10 [ 160.689648][ T5850] hci_rx_work+0x3ee/0x1040 [ 160.689674][ T5850] ? preempt_schedule_thunk+0x16/0x30 [ 160.689703][ T5850] ? process_one_work+0x8b7/0x1710 [ 160.689732][ T5850] process_one_work+0x9a3/0x1710 [ 160.689782][ T5850] ? __pfx_process_one_work+0x10/0x10 [ 160.689809][ T5850] ? do_raw_spin_lock+0x12b/0x2f0 [ 160.689858][ T5850] worker_thread+0xba8/0x11e0 [ 160.689907][ T5850] kthread+0x388/0x470 [ 160.689931][ T5850] ? __pfx_worker_thread+0x10/0x10 [ 160.689948][ T5850] ? __pfx_kthread+0x10/0x10 [ 160.689972][ T5850] ret_from_fork+0x51e/0xb90 [ 160.690004][ T5850] ? __pfx_ret_from_fork+0x10/0x10 [ 160.690031][ T5850] ? __switch_to+0xc7d/0x1420 [ 160.690059][ T5850] ? __pfx_kthread+0x10/0x10 [ 160.690084][ T5850] ret_from_fork_asm+0x1a/0x30 [ 160.690119][ T5850] [ 160.690409][ T5850] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 161.036124][ T5850] Bluetooth: hci0: failed to register connection device [ 161.538488][ T5856] Bluetooth: hci3: command 0x2016 tx timeout [ 161.820344][ T5893] udevd[5893]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 162.907106][ T5850] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 162.923440][ T5850] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 162.931819][ T5850] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 162.944976][ T5850] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 162.953369][ T5850] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 163.204865][ T6759] netlink: 96 bytes leftover after parsing attributes in process `syz.3.194'. [ 163.327954][ T6761] netlink: 96 bytes leftover after parsing attributes in process `syz.3.194'. [ 163.345578][ T6750] chnl_net:caif_netlink_parms(): no params data found [ 163.812651][ T5841] Bluetooth: hci3: command 0x2016 tx timeout [ 163.886779][ T6770] capability: warning: `syz.4.195' uses deprecated v2 capabilities in a way that may be insecure [ 165.319035][ T5841] Bluetooth: hci5: command tx timeout [ 166.701949][ T5841] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 166.718698][ T6787] netlink: 28 bytes leftover after parsing attributes in process `syz.4.199'. [ 166.730213][ T6787] netlink: 28 bytes leftover after parsing attributes in process `syz.4.199'. [ 167.715078][ T5856] Bluetooth: hci5: command tx timeout [ 168.589469][ T5856] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 168.614003][ T5988] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 168.737786][ T6813] netlink: 4 bytes leftover after parsing attributes in process `syz.0.206'. [ 168.757190][ T6750] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.764907][ T6750] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.838585][ T6750] bridge_slave_0: entered allmulticast mode [ 168.881803][ T6750] bridge_slave_0: entered promiscuous mode [ 168.912782][ T6813] nbd: socks must be embedded in a SOCK_ITEM attr [ 168.929495][ T5991] block nbd64: NBD_DISCONNECT [ 169.004805][ T5988] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 169.058948][ T6750] bridge0: port 2(bridge_slave_1) entered blocking state [ 169.081734][ T6750] bridge0: port 2(bridge_slave_1) entered disabled state [ 169.100990][ T6750] bridge_slave_1: entered allmulticast mode [ 169.133459][ T6750] bridge_slave_1: entered promiscuous mode [ 169.180697][ T5893] udevd[5893]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 169.277404][ T5988] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 169.289660][ T5841] Bluetooth: hci0: command 0x0406 tx timeout [ 169.300687][ T6830] netlink: 28 bytes leftover after parsing attributes in process `syz.4.212'. [ 169.319761][ T24] IPVS: starting estimator thread 0... [ 169.328730][ T6830] netlink: 'syz.4.212': attribute type 7 has an invalid length. [ 169.352067][ T6830] netlink: 'syz.4.212': attribute type 8 has an invalid length. [ 169.379732][ T6750] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 169.393426][ T6830] netlink: 4 bytes leftover after parsing attributes in process `syz.4.212'. [ 169.418922][ T6833] IPVS: using max 59 ests per chain, 141600 per kthread [ 169.429035][ T6750] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 169.585430][ T6750] team0: Port device team_slave_0 added [ 169.603833][ T5988] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 169.929950][ T5841] Bluetooth: hci5: command tx timeout [ 170.114725][ T6750] team0: Port device team_slave_1 added [ 170.185992][ T6750] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 170.209739][ T6750] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 170.273716][ T6750] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 170.323081][ T6750] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 170.334578][ T6750] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 170.420307][ T6750] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 171.331441][ T6847] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 171.339397][ T6847] batadv_slave_0: entered promiscuous mode [ 171.627774][ T6750] hsr_slave_0: entered promiscuous mode [ 171.637719][ T6750] hsr_slave_1: entered promiscuous mode [ 171.648543][ T6750] debugfs: 'hsr0' already exists in 'hsr' [ 171.656070][ T6750] Cannot create hsr debugfs directory [ 171.965735][ T6858] tipc: Failed to remove unknown binding: 66,0,0/1090395732:799632970/799632971 [ 172.104879][ T5841] Bluetooth: hci5: command tx timeout [ 172.708040][ T5841] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201' [ 172.718912][ T5841] CPU: 0 UID: 0 PID: 5841 Comm: kworker/u9:2 Tainted: G L syzkaller #0 PREEMPT(full) [ 172.718942][ T5841] Tainted: [L]=SOFTLOCKUP [ 172.718949][ T5841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 172.718960][ T5841] Workqueue: hci4 hci_rx_work [ 172.718988][ T5841] Call Trace: [ 172.718995][ T5841] [ 172.719003][ T5841] dump_stack_lvl+0xe8/0x150 [ 172.719023][ T5841] sysfs_create_dir_ns+0x271/0x2a0 [ 172.719039][ T5841] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 172.719054][ T5841] ? do_raw_spin_unlock+0xf5/0x210 [ 172.719070][ T5841] kobject_add_internal+0x62b/0xd00 [ 172.719090][ T5841] kobject_add+0x163/0x240 [ 172.719107][ T5841] ? __pfx_kobject_add+0x10/0x10 [ 172.719122][ T5841] ? _raw_spin_unlock+0x28/0x50 [ 172.719135][ T5841] ? get_device_parent+0x366/0x3a0 [ 172.719151][ T5841] device_add+0x408/0xb70 [ 172.719167][ T5841] hci_conn_add_sysfs+0xd5/0x210 [ 172.719180][ T5841] le_conn_complete_evt+0xf1d/0x1430 [ 172.719202][ T5841] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 172.719216][ T5841] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 172.719231][ T5841] ? __pfx___mutex_lock+0x10/0x10 [ 172.719245][ T5841] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 172.719257][ T5841] ? skb_pull_data+0xfb/0x200 [ 172.719276][ T5841] hci_le_conn_complete_evt+0x187/0x470 [ 172.719294][ T5841] hci_event_packet+0x7af/0x12c0 [ 172.719310][ T5841] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 172.719324][ T5841] ? __pfx_hci_event_packet+0x10/0x10 [ 172.719339][ T5841] ? kcov_remote_start+0x49a/0x7a0 [ 172.719353][ T5841] ? hci_send_to_monitor+0xe2/0x590 [ 172.719370][ T5841] hci_rx_work+0x3ee/0x1040 [ 172.719387][ T5841] ? process_one_work+0x8b7/0x1710 [ 172.719403][ T5841] process_one_work+0x9a3/0x1710 [ 172.719429][ T5841] ? __pfx_process_one_work+0x10/0x10 [ 172.719443][ T5841] ? do_raw_spin_lock+0x12b/0x2f0 [ 172.719468][ T5841] worker_thread+0xba8/0x11e0 [ 172.719490][ T5841] kthread+0x388/0x470 [ 172.719503][ T5841] ? __pfx_worker_thread+0x10/0x10 [ 172.719512][ T5841] ? __pfx_kthread+0x10/0x10 [ 172.719524][ T5841] ret_from_fork+0x51e/0xb90 [ 172.719542][ T5841] ? __pfx_ret_from_fork+0x10/0x10 [ 172.719556][ T5841] ? __switch_to+0xc7d/0x1420 [ 172.719571][ T5841] ? __pfx_kthread+0x10/0x10 [ 172.719584][ T5841] ret_from_fork_asm+0x1a/0x30 [ 172.719602][ T5841] [ 172.719639][ T5841] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 172.961620][ T5841] Bluetooth: hci4: failed to register connection device [ 173.762440][ T6867] veth5: entered promiscuous mode [ 174.587432][ T5988] bridge_slave_1: left allmulticast mode [ 174.594335][ T5988] bridge_slave_1: left promiscuous mode [ 174.602430][ T5988] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.650220][ T5988] bridge_slave_0: left allmulticast mode [ 174.763457][ T5988] bridge_slave_0: left promiscuous mode [ 174.776337][ T5988] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.601671][ T6913] tipc: Failed to remove unknown binding: 66,0,0/0:3897784794/3897784795 [ 175.623684][ T5928] IPVS: starting estimator thread 0... [ 175.754630][ T6914] IPVS: using max 30 ests per chain, 72000 per kthread [ 176.281494][ T5988] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 176.299834][ T5988] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 176.314233][ T5856] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection [ 176.340392][ T5988] bond0 (unregistering): Released all slaves [ 176.393068][ T6924] netlink: 4 bytes leftover after parsing attributes in process `syz.3.235'. [ 176.538495][ T6924] nbd: socks must be embedded in a SOCK_ITEM attr [ 176.714499][ T6926] sctp: [Deprecated]: syz.0.237 (pid 6926) Use of int in max_burst socket option. [ 176.714499][ T6926] Use struct sctp_assoc_value instead [ 176.868024][ T6928] sctp: [Deprecated]: syz.2.236 (pid 6928) Use of int in max_burst socket option. [ 176.868024][ T6928] Use struct sctp_assoc_value instead [ 176.875983][ T5893] udevd[5893]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 177.760945][ T6948] netlink: 28 bytes leftover after parsing attributes in process `syz.4.240'. [ 177.770160][ T6948] netlink: 28 bytes leftover after parsing attributes in process `syz.4.240'. [ 178.646812][ T5988] hsr_slave_0: left promiscuous mode [ 178.750725][ T5841] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 178.781655][ T5841] CPU: 0 UID: 0 PID: 5841 Comm: kworker/u9:2 Tainted: G L syzkaller #0 PREEMPT(full) [ 178.781690][ T5841] Tainted: [L]=SOFTLOCKUP [ 178.781698][ T5841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 178.781711][ T5841] Workqueue: hci3 hci_rx_work [ 178.781742][ T5841] Call Trace: [ 178.781751][ T5841] [ 178.781759][ T5841] dump_stack_lvl+0xe8/0x150 [ 178.781794][ T5841] sysfs_create_dir_ns+0x271/0x2a0 [ 178.781824][ T5841] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 178.781851][ T5841] ? do_raw_spin_unlock+0xf5/0x210 [ 178.781878][ T5841] kobject_add_internal+0x62b/0xd00 [ 178.781913][ T5841] kobject_add+0x163/0x240 [ 178.781944][ T5841] ? __pfx_kobject_add+0x10/0x10 [ 178.781973][ T5841] ? _raw_spin_unlock+0x28/0x50 [ 178.781994][ T5841] ? get_device_parent+0x366/0x3a0 [ 178.782023][ T5841] device_add+0x408/0xb70 [ 178.782051][ T5841] hci_conn_add_sysfs+0xd5/0x210 [ 178.782074][ T5841] le_conn_complete_evt+0xf1d/0x1430 [ 178.782113][ T5841] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 178.782140][ T5841] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 178.782170][ T5841] ? __pfx___mutex_lock+0x10/0x10 [ 178.782204][ T5841] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 178.782229][ T5841] ? skb_pull_data+0xfb/0x200 [ 178.782266][ T5841] hci_le_conn_complete_evt+0x187/0x470 [ 178.782303][ T5841] hci_event_packet+0x7af/0x12c0 [ 178.782334][ T5841] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 178.782363][ T5841] ? __pfx_hci_event_packet+0x10/0x10 [ 178.782390][ T5841] ? kcov_remote_start+0x49a/0x7a0 [ 178.782416][ T5841] ? hci_send_to_monitor+0xe2/0x590 [ 178.782446][ T5841] hci_rx_work+0x3ee/0x1040 [ 178.782475][ T5841] ? process_one_work+0x8b7/0x1710 [ 178.782500][ T5841] process_one_work+0x9a3/0x1710 [ 178.782545][ T5841] ? __pfx_process_one_work+0x10/0x10 [ 178.782570][ T5841] ? do_raw_spin_lock+0x12b/0x2f0 [ 178.782610][ T5841] worker_thread+0xba8/0x11e0 [ 178.782651][ T5841] kthread+0x388/0x470 [ 178.782675][ T5841] ? __pfx_worker_thread+0x10/0x10 [ 178.782691][ T5841] ? __pfx_kthread+0x10/0x10 [ 178.782714][ T5841] ret_from_fork+0x51e/0xb90 [ 178.782745][ T5841] ? __pfx_ret_from_fork+0x10/0x10 [ 178.782770][ T5841] ? __switch_to+0xc7d/0x1420 [ 178.782795][ T5841] ? __pfx_kthread+0x10/0x10 [ 178.782816][ T5841] ret_from_fork_asm+0x1a/0x30 [ 178.782848][ T5841] [ 178.782904][ T5841] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 179.986247][ T5988] hsr_slave_1: left promiscuous mode [ 180.282933][ T5841] Bluetooth: hci3: failed to register connection device [ 180.292564][ T5988] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 180.357406][ T5988] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 180.432772][ T5988] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 180.488824][ T5988] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 180.676839][ T5988] veth1_macvtap: left promiscuous mode [ 180.708370][ T5988] veth0_macvtap: left promiscuous mode [ 180.747033][ T5988] veth1_vlan: left promiscuous mode [ 180.761834][ T5988] veth0_vlan: left promiscuous mode [ 181.811856][ T5988] team0 (unregistering): Port device team_slave_1 removed [ 181.878610][ T5988] team0 (unregistering): Port device team_slave_0 removed [ 182.013542][ T6750] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 182.167561][ T6750] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 182.281648][ T6750] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 182.449793][ T6750] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 182.476537][ T6996] sctp: [Deprecated]: syz.4.249 (pid 6996) Use of int in max_burst socket option. [ 182.476537][ T6996] Use struct sctp_assoc_value instead [ 184.120586][ T7026] veth3: entered promiscuous mode [ 184.981508][ T5841] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 186.470090][ T5988] IPVS: stop unused estimator thread 0... [ 186.637915][ T6750] 8021q: adding VLAN 0 to HW filter on device bond0 [ 186.663679][ T6750] 8021q: adding VLAN 0 to HW filter on device team0 [ 186.686548][ T5990] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.693708][ T5990] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.716891][ T7060] netlink: 56 bytes leftover after parsing attributes in process `syz.3.262'. [ 186.884884][ T5990] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.892064][ T5990] bridge0: port 2(bridge_slave_1) entered forwarding state [ 187.406665][ T5841] Bluetooth: hci3: command 0x2016 tx timeout [ 189.326975][ T7085] netlink: 28 bytes leftover after parsing attributes in process `syz.4.266'. [ 189.336700][ T7085] netlink: 28 bytes leftover after parsing attributes in process `syz.4.266'. [ 189.445548][ T6750] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 193.558218][ T6750] veth0_vlan: entered promiscuous mode [ 193.706141][ T6750] veth1_vlan: entered promiscuous mode [ 193.999400][ T5841] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 195.118459][ T6750] veth0_macvtap: entered promiscuous mode [ 195.830028][ T6750] veth1_macvtap: entered promiscuous mode [ 196.949272][ T6750] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 197.080877][ T6750] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 197.104308][ T6064] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.654005][ T6064] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.911154][ T6064] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.474577][ T6064] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.585883][ T7169] netlink: 28 bytes leftover after parsing attributes in process `syz.2.284'. [ 198.629421][ T7169] netlink: 'syz.2.284': attribute type 7 has an invalid length. [ 198.675231][ T7169] netlink: 'syz.2.284': attribute type 8 has an invalid length. [ 198.752009][ T7169] netlink: 4 bytes leftover after parsing attributes in process `syz.2.284'. [ 198.884309][ T7174] netlink: 28 bytes leftover after parsing attributes in process `syz.4.286'. [ 198.929150][ T6183] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 198.952891][ T6183] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 199.027791][ T5841] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection [ 199.074598][ T7174] veth5: entered promiscuous mode [ 199.104391][ T7179] netlink: 4 bytes leftover after parsing attributes in process `syz.3.287'. [ 199.164495][ T6064] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 199.197244][ T6064] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 199.297612][ T7179] nbd: socks must be embedded in a SOCK_ITEM attr [ 199.312770][ T7187] netlink: 12 bytes leftover after parsing attributes in process `syz.0.289'. [ 199.318112][ T5893] block nbd64: NBD_DISCONNECT [ 199.582113][ T7192] veth5: entered promiscuous mode [ 199.619196][ T5893] udevd[5893]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 200.341151][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 200.347881][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 202.760245][ T5852] Bluetooth: hci4: command 0x0406 tx timeout [ 202.792238][ T5852] Bluetooth: hci1: command 0x0406 tx timeout [ 202.799306][ T5860] Bluetooth: hci0: command 0x0406 tx timeout [ 202.799393][ T5848] Bluetooth: hci3: command 0x2016 tx timeout [ 203.035456][ T7226] netlink: 'syz.4.297': attribute type 1 has an invalid length. [ 203.044368][ T7226] netlink: 'syz.4.297': attribute type 3 has an invalid length. [ 203.052197][ T7226] netlink: 224 bytes leftover after parsing attributes in process `syz.4.297'. [ 206.704687][ T7244] loop5: detected capacity change from 0 to 32768 [ 206.805476][ T7244] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 206.967497][ T7244] XFS (loop5): Ending clean mount [ 206.985845][ T7244] XFS (loop5): Quotacheck needed: Please wait. [ 207.056873][ T7244] XFS (loop5): Quotacheck: Done. [ 207.461174][ T6750] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 209.201088][ T0] NOHZ tick-stop error: local softirq work is pending, handler #c0!!! [ 209.628581][ T0] NOHZ tick-stop error: local softirq work is pending, handler #142!!! [ 209.774933][ T7299] tipc: Failed to remove unknown binding: 66,0,0/1090395732:3646364152/3646364153 [ 210.182237][ T7312] veth3: entered promiscuous mode [ 211.407811][ T7332] netlink: 'syz.4.325': attribute type 1 has an invalid length. [ 212.108186][ T51] Bluetooth: hci3: Opcode 0x206a failed: -110 [ 212.115001][ T51] Bluetooth: hci3: command 0x2016 tx timeout [ 212.372880][ T7337] veth5: entered promiscuous mode [ 212.563603][ T7337] bond1: (slave veth5): Enslaving as an active interface with an up link [ 212.660070][ T7354] netlink: 182 bytes leftover after parsing attributes in process `syz.5.327'. [ 214.051224][ T7363] netlink: 28 bytes leftover after parsing attributes in process `syz.4.330'. [ 214.072944][ T7363] netlink: 28 bytes leftover after parsing attributes in process `syz.4.330'. [ 214.965739][ T7388] syzkaller0: entered promiscuous mode [ 215.062101][ T7388] syzkaller0: entered allmulticast mode [ 215.469305][ T7404] netlink: 12 bytes leftover after parsing attributes in process `syz.0.339'. [ 215.532023][ T7388] netlink: 44 bytes leftover after parsing attributes in process `syz.4.335'. [ 217.085155][ T7433] sctp: [Deprecated]: syz.5.343 (pid 7433) Use of int in max_burst socket option. [ 217.085155][ T7433] Use struct sctp_assoc_value instead [ 219.375481][ T7465] netlink: 44 bytes leftover after parsing attributes in process `syz.4.352'. [ 220.202331][ T7490] netlink: 8 bytes leftover after parsing attributes in process `syz.0.357'. [ 221.180759][ T7517] veth3: entered promiscuous mode [ 222.372059][ T7538] veth5: entered promiscuous mode [ 223.406452][ T7560] netlink: 4 bytes leftover after parsing attributes in process `syz.0.378'. [ 223.882353][ T7560] veth5: entered promiscuous mode [ 224.152476][ T7551] loop4: detected capacity change from 0 to 2048 [ 224.399122][ T7551] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 224.414971][ T7585] netlink: 28 bytes leftover after parsing attributes in process `syz.0.389'. [ 224.442269][ T7585] netlink: 28 bytes leftover after parsing attributes in process `syz.0.389'. [ 224.570772][ T7588] netlink: 8 bytes leftover after parsing attributes in process `syz.2.390'. [ 225.196532][ T7601] netlink: 'syz.2.395': attribute type 1 has an invalid length. [ 226.023939][ T7610] netlink: 28 bytes leftover after parsing attributes in process `syz.5.398'. [ 226.033467][ T7610] netlink: 28 bytes leftover after parsing attributes in process `syz.5.398'. [ 226.531961][ T7613] veth3: entered promiscuous mode [ 227.452417][ T7634] netlink: 'syz.2.407': attribute type 1 has an invalid length. [ 227.575230][ T7640] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 228.050947][ T7639] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 228.495840][ T7641] veth3: entered promiscuous mode [ 228.838123][ T7641] bond1: (slave veth3): Enslaving as an active interface with an up link [ 233.041363][ T7723] netlink: 'syz.3.425': attribute type 1 has an invalid length. [ 233.871281][ T7722] netlink: 28 bytes leftover after parsing attributes in process `syz.0.426'. [ 233.880539][ T7722] netlink: 28 bytes leftover after parsing attributes in process `syz.0.426'. [ 234.078645][ T5850] Bluetooth: hci0: Opcode 0x206a failed: -110 [ 234.085500][ T51] Bluetooth: hci0: command 0x0406 tx timeout [ 234.224714][ T7739] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 236.144985][ T7767] hugetlbfs: syz.3.436 (7767): Using mlock ulimits for SHM_HUGETLB is obsolete [ 238.049449][ T7792] loop5: detected capacity change from 0 to 256 [ 240.296947][ T7815] netlink: 28 bytes leftover after parsing attributes in process `syz.2.450'. [ 241.633621][ T7815] veth5: entered promiscuous mode [ 245.739899][ T7887] netlink: 28 bytes leftover after parsing attributes in process `syz.0.454'. [ 245.916494][ T7887] veth5: entered promiscuous mode [ 245.957871][ T7892] netlink: 182 bytes leftover after parsing attributes in process `syz.2.461'. [ 248.172266][ T7923] netlink: 8 bytes leftover after parsing attributes in process `syz.3.475'. [ 248.309605][ T7926] netlink: 56 bytes leftover after parsing attributes in process `syz.0.476'. [ 248.577665][ T51] Bluetooth: hci0: unexpected cc 0x200b length: 3 > 1 [ 248.585002][ T51] Bluetooth: hci0: unexpected event for opcode 0x200b [ 252.530282][ T7987] kernel profiling enabled (shift: 9) [ 256.750898][ T8033] netlink: 28 bytes leftover after parsing attributes in process `syz.3.507'. [ 256.773921][ T8033] netlink: 28 bytes leftover after parsing attributes in process `syz.3.507'. [ 256.812216][ T8033] erspan0: entered promiscuous mode [ 256.852843][ T8033] gretap0: entered promiscuous mode [ 257.232889][ T8049] No such timeout policy "syz1" [ 260.309463][ T8087] loop2: detected capacity change from 0 to 256 [ 260.951766][ T8083] netlink: 28 bytes leftover after parsing attributes in process `syz.5.524'. [ 260.976400][ T8083] netlink: 28 bytes leftover after parsing attributes in process `syz.5.524'. [ 261.194256][ T8083] erspan0: entered promiscuous mode [ 261.218780][ T8083] gretap0: entered promiscuous mode [ 261.390805][ T8083] debugfs: 'hsr1' already exists in 'hsr' [ 261.432991][ T8083] Cannot create hsr debugfs directory [ 263.185144][ T8117] sctp: [Deprecated]: syz.4.530 (pid 8117) Use of int in max_burst socket option. [ 263.185144][ T8117] Use struct sctp_assoc_value instead [ 265.805195][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 265.811990][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 268.195157][ T51] Bluetooth: hci4: unexpected cc 0x200b length: 3 > 1 [ 268.202389][ T51] Bluetooth: hci4: unexpected event for opcode 0x200b [ 270.442042][ T8220] netlink: 8 bytes leftover after parsing attributes in process `syz.0.562'. [ 270.479258][ T8220] netlink: 8 bytes leftover after parsing attributes in process `syz.0.562'. [ 273.722569][ T8264] netlink: 28 bytes leftover after parsing attributes in process `syz.5.573'. [ 273.733857][ T8264] netlink: 28 bytes leftover after parsing attributes in process `syz.5.573'. [ 274.692754][ T8273] netlink: 'syz.0.576': attribute type 1 has an invalid length. [ 275.436938][ T8276] netlink: 28 bytes leftover after parsing attributes in process `syz.4.575'. [ 275.448788][ T8276] netlink: 28 bytes leftover after parsing attributes in process `syz.4.575'. [ 276.111623][ T8282] veth5: entered promiscuous mode [ 276.154859][ T8282] bond2: (slave veth5): Enslaving as a backup interface with a down link [ 278.464622][ T8319] netlink: 'syz.2.592': attribute type 1 has an invalid length. [ 278.741378][ T8319] veth5: entered promiscuous mode [ 278.815207][ T8319] bond2: (slave veth5): Enslaving as a backup interface with a down link [ 282.953618][ T51] Bluetooth: hci4: unexpected event 0x2f length: 509 > 260 [ 286.168722][ T8395] netlink: 'syz.0.616': attribute type 1 has an invalid length. [ 286.535653][ T8401] netlink: 8 bytes leftover after parsing attributes in process `syz.4.617'. [ 287.209329][ T8398] veth7: entered promiscuous mode [ 287.280548][ T8398] bond3: (slave veth7): Enslaving as a backup interface with a down link [ 287.499278][ T51] Bluetooth: hci3: unexpected event 0x2f length: 509 > 260 [ 289.981808][ T8433] tipc: Failed to remove unknown binding: 66,0,0/0:2929515172/2929515173 [ 291.614536][ T8452] netlink: 'syz.3.631': attribute type 1 has an invalid length. [ 294.656677][ T5931] libceph: connect (1)[c::]:6789 error -101 [ 294.680180][ T5931] libceph: mon0 (1)[c::]:6789 connect error [ 294.714060][ T5931] libceph: connect (1)[c::]:6789 error -101 [ 294.727078][ T5931] libceph: mon0 (1)[c::]:6789 connect error [ 294.891463][ T8471] ceph: No mds server is up or the cluster is laggy [ 295.411188][ T5931] libceph: connect (1)[c::]:6789 error -101 [ 295.417415][ T5931] libceph: mon0 (1)[c::]:6789 connect error [ 295.424994][ T8485] netlink: 28 bytes leftover after parsing attributes in process `syz.0.642'. [ 295.458217][ T8485] netlink: 'syz.0.642': attribute type 7 has an invalid length. [ 295.458494][ T8494] netlink: 8 bytes leftover after parsing attributes in process `syz.2.644'. [ 295.475403][ T8485] netlink: 'syz.0.642': attribute type 8 has an invalid length. [ 295.503663][ T8485] netlink: 4 bytes leftover after parsing attributes in process `syz.0.642'. [ 295.546983][ T5850] Bluetooth: hci5: command 0x0406 tx timeout [ 297.287577][ T8503] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 297.501358][ T8511] netlink: 'syz.3.651': attribute type 1 has an invalid length. [ 297.509137][ T8511] netlink: 'syz.3.651': attribute type 2 has an invalid length. [ 298.093593][ T8511] netlink: 20 bytes leftover after parsing attributes in process `syz.3.651'. [ 299.858620][ T8523] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 301.307947][ T8541] netlink: 8 bytes leftover after parsing attributes in process `syz.3.662'. [ 303.593916][ T8544] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 306.188264][ T8584] sctp: [Deprecated]: syz.3.674 (pid 8584) Use of int in max_burst socket option. [ 306.188264][ T8584] Use struct sctp_assoc_value instead [ 308.884028][ T8622] fuse: Unknown parameter 'user_id00000000000000000000' [ 313.418950][ T8668] tipc: Enabling of bearer rejected, failed to enable media [ 313.455077][ T8668] syzkaller0: entered promiscuous mode [ 313.478112][ T8668] syzkaller0: entered allmulticast mode [ 313.611264][ T8674] fuse: Unknown parameter 'user_id00000000000000000000' [ 313.611790][ T8672] netlink: 44 bytes leftover after parsing attributes in process `syz.5.700'. [ 313.845776][ T8681] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 316.890983][ T8716] netlink: 'syz.5.717': attribute type 1 has an invalid length. [ 316.971041][ T8721] netlink: 8 bytes leftover after parsing attributes in process `syz.5.717'. [ 316.984306][ T8723] fuse: fd is not a fuse device [ 317.045968][ T8718] tipc: Enabling of bearer rejected, failed to enable media [ 317.067421][ T8726] syzkaller0: entered promiscuous mode [ 317.080900][ T8726] syzkaller0: entered allmulticast mode [ 317.230428][ T8731] loop4: detected capacity change from 0 to 2048 [ 317.260556][ T8731] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 317.934493][ T8728] veth3: entered promiscuous mode [ 317.990644][ T8728] bond1: (slave veth3): Enslaving as a backup interface with a down link [ 318.064230][ T8733] netlink: 44 bytes leftover after parsing attributes in process `syz.2.718'. [ 318.546197][ T8759] netlink: 'syz.2.731': attribute type 1 has an invalid length. [ 319.131551][ T8765] netlink: 8 bytes leftover after parsing attributes in process `syz.2.731'. [ 319.343179][ T8766] veth7: entered promiscuous mode [ 319.446648][ T8766] bond3: (slave veth7): Enslaving as a backup interface with a down link [ 323.003607][ T8884] loop5: detected capacity change from 0 to 32768 [ 323.057565][ T8884] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.780 (8884) [ 323.092628][ T8884] BTRFS info (device loop5): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 323.103103][ T8884] BTRFS info (device loop5): using crc32c checksum algorithm [ 323.110851][ T8884] BTRFS warning (device loop5): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 323.805330][ T8884] BTRFS info (device loop5): rebuilding free space tree [ 323.849881][ T8884] BTRFS info (device loop5): disabling free space tree [ 323.858249][ T8884] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 323.869086][ T8884] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 323.893307][ T8884] BTRFS info (device loop5): enabling ssd optimizations [ 323.900337][ T8884] BTRFS info (device loop5): turning on async discard [ 323.907169][ T8884] BTRFS info (device loop5): enabling disk space caching [ 323.914198][ T8884] BTRFS info (device loop5): force clearing of disk cache [ 323.921394][ T8884] BTRFS info (device loop5): use zstd compression, level 3 [ 324.620010][ T8909] smbdirect: ib_dev[syz1]: added: RNIC max_fast_reg_page_list_len=256 device_cap_flags=0x200000 kernel_cap_flags=0x10 page_size_cap=0x1000 [ 324.740165][ T8909] smbdirect: ib_dev[syz1]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=1 max_cqe=3276800 max_qp_wr=32768 max_send_sge=6 max_recv_sge=6 [ 324.770742][ T8909] smbdirect: ib_dev[syz1]PORT[1]: iwarp=1 ib=0 roce=0 v1=0 v2=0 core_cap_flags=0x400008 [ 324.799280][ T6750] BTRFS info (device loop5): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 324.983199][ T8909] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 325.658506][ T8909] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 326.256032][ T8936] netlink: 4 bytes leftover after parsing attributes in process `syz.3.792'. [ 326.380408][ T8938] loop5: detected capacity change from 0 to 256 [ 326.446395][ T8938] FAT-fs (loop5): Directory bread(block 64) failed [ 326.472986][ T8938] FAT-fs (loop5): Directory bread(block 65) failed [ 326.491775][ T8938] FAT-fs (loop5): Directory bread(block 66) failed [ 326.534014][ T8938] FAT-fs (loop5): Directory bread(block 67) failed [ 326.572054][ T8938] FAT-fs (loop5): Directory bread(block 68) failed [ 326.598902][ T8938] FAT-fs (loop5): Directory bread(block 69) failed [ 326.623101][ T8938] FAT-fs (loop5): Directory bread(block 70) failed [ 326.641796][ T8938] FAT-fs (loop5): Directory bread(block 71) failed [ 326.722388][ T8938] FAT-fs (loop5): Directory bread(block 72) failed [ 326.762445][ T8938] FAT-fs (loop5): Directory bread(block 73) failed [ 327.173899][ T8953] faux_driver vgem: [drm] Unknown color mode 9; guessing buffer size. [ 328.723907][ T8972] xt_connbytes: Forcing CT accounting to be enabled [ 331.472065][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 331.488897][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 332.549880][ T9005] loop4: detected capacity change from 0 to 40427 [ 332.565631][ T9005] F2FS-fs (loop4): invalid crc value [ 332.644370][ T9005] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 332.656462][ T9005] F2FS-fs (loop4): Start checkpoint disabled! [ 332.672152][ T9005] F2FS-fs (loop4): f2fs_disable_checkpoint() finish, err:0 [ 332.681760][ T9005] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 332.707153][ T30] audit: type=1800 audit(1774021423.070:2): pid=9005 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.818" name="SYSV00000000" dev="hugetlbfs" ino=2 res=0 errno=0 [ 333.114011][ T30] audit: type=1800 audit(1774021423.453:3): pid=9008 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.818" name="bus" dev="loop4" ino=10 res=0 errno=0 [ 334.557598][ T5989] kworker/u8:10: attempt to access beyond end of device [ 334.557598][ T5989] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 334.574050][ T5989] CPU: 0 UID: 0 PID: 5989 Comm: kworker/u8:10 Tainted: G L syzkaller #0 PREEMPT(full) [ 334.574079][ T5989] Tainted: [L]=SOFTLOCKUP [ 334.574086][ T5989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 334.574097][ T5989] Workqueue: writeback wb_workfn (flush-7:4) [ 334.574136][ T5989] Call Trace: [ 334.574144][ T5989] [ 334.574153][ T5989] dump_stack_lvl+0xe8/0x150 [ 334.574183][ T5989] f2fs_handle_critical_error+0x37c/0x540 [ 334.574215][ T5989] f2fs_write_end_io+0x1274/0x1740 [ 334.574272][ T5989] __submit_merged_bio+0x256/0x6a0 [ 334.574305][ T5989] __submit_merged_write_cond+0x3c9/0x4e0 [ 334.574338][ T5989] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 334.574388][ T5989] f2fs_write_data_pages+0x287e/0x34f0 [ 334.574459][ T5989] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 334.574498][ T5989] ? ktime_get+0x45/0x220 [ 334.574517][ T5989] ? lock_acquire+0x106/0x350 [ 334.574578][ T5989] ? lapic_next_event+0x11/0x20 [ 334.574600][ T5989] ? __lock_acquire+0x6b5/0x2cf0 [ 334.574647][ T5989] ? __lock_acquire+0x6b5/0x2cf0 [ 334.574695][ T5989] ? kvm_sched_clock_read+0x11/0x20 [ 334.574716][ T5989] ? sched_clock+0x3f/0x60 [ 334.574737][ T5989] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 334.574765][ T5989] do_writepages+0x32e/0x550 [ 334.574796][ T5989] ? reacquire_held_locks+0x104/0x190 [ 334.574816][ T5989] ? writeback_sb_inodes+0x463/0x19d0 [ 334.574846][ T5989] __writeback_single_inode+0x133/0x10e0 [ 334.574871][ T5989] ? do_raw_spin_unlock+0xf5/0x210 [ 334.574898][ T5989] writeback_sb_inodes+0x979/0x19d0 [ 334.574919][ T5989] ? __lock_acquire+0x6b5/0x2cf0 [ 334.574976][ T5989] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 334.574996][ T5989] ? do_raw_spin_lock+0x12b/0x2f0 [ 334.575070][ T5989] ? rcu_is_watching+0x15/0xb0 [ 334.575100][ T5989] wb_writeback+0x445/0xb00 [ 334.575127][ T5989] ? queue_io+0x221/0x470 [ 334.575158][ T5989] ? __pfx_wb_writeback+0x10/0x10 [ 334.575177][ T5989] ? do_raw_spin_lock+0x12b/0x2f0 [ 334.575217][ T5989] wb_workfn+0x3f8/0xf10 [ 334.575234][ T5989] ? __lock_acquire+0x6b5/0x2cf0 [ 334.575265][ T5989] ? look_up_lock_class+0x57/0x110 [ 334.575308][ T5989] ? __pfx_wb_workfn+0x10/0x10 [ 334.575331][ T5989] ? do_raw_spin_lock+0x12b/0x2f0 [ 334.575351][ T5989] ? lock_acquire+0x106/0x350 [ 334.575377][ T5989] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 334.575402][ T5989] ? process_one_work+0x8b7/0x1710 [ 334.575429][ T5989] ? process_one_work+0x8b7/0x1710 [ 334.575469][ T5989] ? process_one_work+0x8b7/0x1710 [ 334.575493][ T5989] process_one_work+0x9a3/0x1710 [ 334.575545][ T5989] ? __pfx_process_one_work+0x10/0x10 [ 334.575569][ T5989] ? do_raw_spin_lock+0x12b/0x2f0 [ 334.575611][ T5989] worker_thread+0xba8/0x11e0 [ 334.575660][ T5989] kthread+0x388/0x470 [ 334.575682][ T5989] ? __pfx_worker_thread+0x10/0x10 [ 334.575698][ T5989] ? __pfx_kthread+0x10/0x10 [ 334.575721][ T5989] ret_from_fork+0x51e/0xb90 [ 334.575749][ T5989] ? __pfx_ret_from_fork+0x10/0x10 [ 334.575772][ T5989] ? __switch_to+0xc7d/0x1420 [ 334.575799][ T5989] ? __pfx_kthread+0x10/0x10 [ 334.575822][ T5989] ret_from_fork_asm+0x1a/0x30 [ 334.575860][ T5989] [ 334.882296][ T5989] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 335.044877][ T5931] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 335.355060][ T5931] usb 3-1: too many configurations: 9, using maximum allowed: 8 [ 335.380848][ T5931] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 335.399256][ T5931] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 335.424764][ T5931] usb 3-1: config 0 interface 0 has no altsetting 0 [ 335.434642][ T5931] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 335.444644][ T5931] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 335.455990][ T5931] usb 3-1: config 0 interface 0 has no altsetting 0 [ 335.464033][ T5931] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 335.475553][ T5931] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 335.489513][ T5931] usb 3-1: config 0 interface 0 has no altsetting 0 [ 335.497285][ T5931] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 335.508504][ T5931] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 335.530515][ T5931] usb 3-1: config 0 interface 0 has no altsetting 0 [ 335.531124][ T9025] 0xfffffffffffffffd-0x000000020000 : "" [ 335.544815][ T5931] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 335.556932][ T5931] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 335.563681][ T9025] mtd: partition "" is out of reach -- disabled [ 335.570436][ T9028] loop4: detected capacity change from 0 to 1024 [ 335.581045][ T5931] usb 3-1: config 0 interface 0 has no altsetting 0 [ 335.593939][ T5931] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 335.610411][ T5931] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 335.641602][ T5931] usb 3-1: config 0 interface 0 has no altsetting 0 [ 335.661755][ T5931] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 335.670637][ T9025] ftl_cs: FTL header not found. [ 335.692240][ T5931] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 335.707704][ T9028] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 335.740910][ T5931] usb 3-1: config 0 interface 0 has no altsetting 0 [ 335.774246][ T5931] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 335.817461][ T5931] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 335.889718][ T5931] usb 3-1: config 0 interface 0 has no altsetting 0 [ 335.958857][ T9028] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4222: comm syz.4.821: Allocating blocks 497-513 which overlap fs metadata [ 336.141917][ T9028] EXT4-fs (loop4): pa ffff888035dfb488: logic 131104, phys. 177, len 21 [ 336.150470][ T9028] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5465: group 0, free 0, pa_free 1 [ 336.286613][ T9037] netlink: 12 bytes leftover after parsing attributes in process `syz.0.826'. [ 336.702121][ T5931] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 336.734944][ T5931] usb 3-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 336.763222][ T5931] usb 3-1: Product: syz [ 336.861043][ T5845] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 336.900568][ T5931] usb 3-1: Manufacturer: syz [ 336.907445][ T5931] usb 3-1: SerialNumber: syz [ 336.947418][ T5931] usb 3-1: config 0 descriptor?? [ 337.160683][ T5931] yurex 3-1:0.0: USB YUREX device now attached to Yurex #0 [ 337.188303][ T5931] usb 3-1: USB disconnect, device number 2 [ 337.776816][ T9053] fuse: Bad value for 'rootmode' [ 337.824427][ T5931] yurex 3-1:0.0: USB YUREX #0 now disconnected [ 339.529657][ T9066] xt_hashlimit: size too large, truncated to 1048576 [ 339.709978][ T9051] loop2: detected capacity change from 0 to 32768 [ 339.829992][ T9051] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 340.109157][ T9051] XFS (loop2): Ending clean mount [ 340.539074][ T9090] loop5: detected capacity change from 0 to 40427 [ 340.556468][ T9090] F2FS-fs (loop5): invalid crc value [ 340.637803][ T9090] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 340.647636][ T9090] F2FS-fs (loop5): Start checkpoint disabled! [ 340.660795][ T9090] F2FS-fs (loop5): f2fs_disable_checkpoint() finish, err:0 [ 340.673536][ T9090] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6 [ 340.687707][ T30] audit: type=1800 audit(1774021430.537:4): pid=9090 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.842" name="file1" dev="loop5" ino=10 res=0 errno=0 [ 340.919762][ T5838] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 341.140040][ T9101] syz.5.842: attempt to access beyond end of device [ 341.140040][ T9101] loop5: rw=10241, sector=45096, nr_sectors = 8 limit=40427 [ 341.157398][ T9101] syz.5.842: attempt to access beyond end of device [ 341.157398][ T9101] loop5: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 341.172257][ T9101] syz.5.842: attempt to access beyond end of device [ 341.172257][ T9101] loop5: rw=2049, sector=45112, nr_sectors = 8 limit=40427 [ 341.186652][ T9101] syz.5.842: attempt to access beyond end of device [ 341.186652][ T9101] loop5: rw=2049, sector=45120, nr_sectors = 8 limit=40427 [ 341.203028][ T9101] syz.5.842: attempt to access beyond end of device [ 341.203028][ T9101] loop5: rw=2049, sector=45128, nr_sectors = 8 limit=40427 [ 341.218138][ T9101] syz.5.842: attempt to access beyond end of device [ 341.218138][ T9101] loop5: rw=2049, sector=45136, nr_sectors = 16 limit=40427 [ 341.232562][ T9101] syz.5.842: attempt to access beyond end of device [ 341.232562][ T9101] loop5: rw=2049, sector=45152, nr_sectors = 8 limit=40427 [ 341.246786][ T9101] syz.5.842: attempt to access beyond end of device [ 341.246786][ T9101] loop5: rw=2049, sector=45160, nr_sectors = 8 limit=40427 [ 341.261322][ T9101] syz.5.842: attempt to access beyond end of device [ 341.261322][ T9101] loop5: rw=2049, sector=45168, nr_sectors = 8 limit=40427 [ 341.275534][ T9101] syz.5.842: attempt to access beyond end of device [ 341.275534][ T9101] loop5: rw=2049, sector=45176, nr_sectors = 8 limit=40427 [ 341.922830][ T13] CPU: 0 UID: 0 PID: 13 Comm: kworker/u8:1 Tainted: G L syzkaller #0 PREEMPT(full) [ 341.922861][ T13] Tainted: [L]=SOFTLOCKUP [ 341.922867][ T13] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 341.922877][ T13] Workqueue: writeback wb_workfn (flush-7:5) [ 341.922908][ T13] Call Trace: [ 341.922915][ T13] [ 341.922924][ T13] dump_stack_lvl+0xe8/0x150 [ 341.922953][ T13] f2fs_handle_critical_error+0x37c/0x540 [ 341.922984][ T13] f2fs_write_end_io+0x1274/0x1740 [ 341.923033][ T13] __submit_merged_bio+0x256/0x6a0 [ 341.923064][ T13] __submit_merged_write_cond+0x3c9/0x4e0 [ 341.923097][ T13] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 341.923147][ T13] f2fs_write_data_pages+0x287e/0x34f0 [ 341.923216][ T13] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 341.923296][ T13] ? __lock_acquire+0x6b5/0x2cf0 [ 341.923339][ T13] ? unwind_next_frame+0xa6/0x2550 [ 341.923377][ T13] ? unwind_next_frame+0xa6/0x2550 [ 341.923399][ T13] ? unwind_next_frame+0xa6/0x2550 [ 341.923418][ T13] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 341.923444][ T13] do_writepages+0x32e/0x550 [ 341.923474][ T13] ? reacquire_held_locks+0x104/0x190 [ 341.923492][ T13] ? writeback_sb_inodes+0x463/0x19d0 [ 341.923522][ T13] __writeback_single_inode+0x133/0x10e0 [ 341.923546][ T13] ? do_raw_spin_unlock+0xf5/0x210 [ 341.923573][ T13] writeback_sb_inodes+0x979/0x19d0 [ 341.923593][ T13] ? __lock_acquire+0x6b5/0x2cf0 [ 341.923650][ T13] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 341.923669][ T13] ? do_raw_spin_lock+0x12b/0x2f0 [ 341.923742][ T13] ? rcu_is_watching+0x15/0xb0 [ 341.923771][ T13] wb_writeback+0x445/0xb00 [ 341.923798][ T13] ? queue_io+0x221/0x470 [ 341.923829][ T13] ? __pfx_wb_writeback+0x10/0x10 [ 341.923849][ T13] ? do_raw_spin_lock+0x12b/0x2f0 [ 341.923889][ T13] wb_workfn+0x3f8/0xf10 [ 341.923905][ T13] ? __lock_acquire+0x6b5/0x2cf0 [ 341.923927][ T13] ? look_up_lock_class+0x57/0x110 [ 341.923971][ T13] ? __pfx_wb_workfn+0x10/0x10 [ 341.923998][ T13] ? do_raw_spin_unlock+0xf5/0x210 [ 341.924026][ T13] ? process_one_work+0x8b7/0x1710 [ 341.924053][ T13] ? process_one_work+0x8b7/0x1710 [ 341.924092][ T13] ? process_one_work+0x8b7/0x1710 [ 341.924115][ T13] process_one_work+0x9a3/0x1710 [ 341.924165][ T13] ? __pfx_process_one_work+0x10/0x10 [ 341.924188][ T13] ? do_raw_spin_lock+0x12b/0x2f0 [ 341.924229][ T13] worker_thread+0xba8/0x11e0 [ 341.924275][ T13] kthread+0x388/0x470 [ 341.924297][ T13] ? __pfx_worker_thread+0x10/0x10 [ 341.924312][ T13] ? __pfx_kthread+0x10/0x10 [ 341.924335][ T13] ret_from_fork+0x51e/0xb90 [ 341.924363][ T13] ? __pfx_ret_from_fork+0x10/0x10 [ 341.924385][ T13] ? __switch_to+0xc7d/0x1420 [ 341.924418][ T13] ? __pfx_kthread+0x10/0x10 [ 341.924441][ T13] ret_from_fork_asm+0x1a/0x30 [ 341.924478][ T13] [ 342.286338][ T13] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 342.418100][ T9110] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 343.542772][ T9126] netlink: 64 bytes leftover after parsing attributes in process `syz.4.852'. [ 343.586414][ T9126] netlink: 64 bytes leftover after parsing attributes in process `syz.4.852'. [ 350.746350][ T9174] netlink: 180 bytes leftover after parsing attributes in process `syz.4.868'. [ 350.817939][ T51] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 350.827729][ T51] CPU: 1 UID: 0 PID: 51 Comm: kworker/u9:0 Tainted: G L syzkaller #0 PREEMPT(full) [ 350.827761][ T51] Tainted: [L]=SOFTLOCKUP [ 350.827768][ T51] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 350.827782][ T51] Workqueue: hci3 hci_rx_work [ 350.827817][ T51] Call Trace: [ 350.827828][ T51] [ 350.827838][ T51] dump_stack_lvl+0xe8/0x150 [ 350.827875][ T51] sysfs_create_dir_ns+0x271/0x2a0 [ 350.827906][ T51] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 350.827936][ T51] ? do_raw_spin_unlock+0xf5/0x210 [ 350.827968][ T51] kobject_add_internal+0x62b/0xd00 [ 350.828006][ T51] kobject_add+0x163/0x240 [ 350.828034][ T51] ? kobject_put+0xc1/0x560 [ 350.828063][ T51] ? __pfx_kobject_add+0x10/0x10 [ 350.828091][ T51] ? _raw_spin_unlock+0x28/0x50 [ 350.828124][ T51] ? get_device_parent+0x366/0x3a0 [ 350.828158][ T51] device_add+0x408/0xb70 [ 350.828191][ T51] hci_conn_add_sysfs+0xd5/0x210 [ 350.828219][ T51] le_conn_complete_evt+0xf1d/0x1430 [ 350.828261][ T51] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 350.828288][ T51] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 350.828318][ T51] ? __pfx___mutex_lock+0x10/0x10 [ 350.828344][ T51] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 350.828368][ T51] ? skb_pull_data+0xfb/0x200 [ 350.828404][ T51] hci_le_conn_complete_evt+0x187/0x470 [ 350.828440][ T51] hci_event_packet+0x7af/0x12c0 [ 350.828471][ T51] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 350.828498][ T51] ? __pfx_hci_event_packet+0x10/0x10 [ 350.828533][ T51] ? hci_send_to_monitor+0xe2/0x590 [ 350.828567][ T51] hci_rx_work+0x3ee/0x1040 [ 350.828593][ T51] ? preempt_schedule_thunk+0x16/0x30 [ 350.828624][ T51] ? process_one_work+0x8b7/0x1710 [ 350.828653][ T51] process_one_work+0x9a3/0x1710 [ 350.828704][ T51] ? __pfx_process_one_work+0x10/0x10 [ 350.828731][ T51] ? do_raw_spin_lock+0x12b/0x2f0 [ 350.828772][ T51] worker_thread+0xba8/0x11e0 [ 350.828819][ T51] kthread+0x388/0x470 [ 350.828843][ T51] ? __pfx_worker_thread+0x10/0x10 [ 350.828859][ T51] ? __pfx_kthread+0x10/0x10 [ 350.828884][ T51] ret_from_fork+0x51e/0xb90 [ 350.828916][ T51] ? __pfx_ret_from_fork+0x10/0x10 [ 350.828943][ T51] ? __switch_to+0xc7d/0x1420 [ 350.828973][ T51] ? __pfx_kthread+0x10/0x10 [ 350.828997][ T51] ret_from_fork_asm+0x1a/0x30 [ 350.829034][ T51] [ 350.829238][ T51] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 351.130001][ T51] Bluetooth: hci3: failed to register connection device [ 353.403045][ T51] Bluetooth: hci3: command 0x2016 tx timeout [ 353.427789][ T9182] netlink: 4 bytes leftover after parsing attributes in process `syz.3.872'. [ 354.107548][ T9189] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 354.121392][ T9189] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 354.803083][ T9189] bond0 (unregistering): Released all slaves [ 355.560036][ T51] Bluetooth: hci3: command 0x2016 tx timeout [ 355.722107][ T30] audit: type=1326 audit(1774021444.612:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9209 comm="syz.3.879" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f560af9c799 code=0x0 [ 356.121341][ T9225] netlink: 312 bytes leftover after parsing attributes in process `syz.0.885'. [ 356.440485][ T51] Bluetooth: hci3: unexpected event for opcode 0x1804 [ 357.064844][ T9239] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 357.963175][ T9220] loop5: detected capacity change from 0 to 32768 [ 358.361763][ T9220] (syz.5.883,9220,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 358.574508][ T9220] (syz.5.883,9220,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 358.694300][ T9262] fuse: Bad value for 'fd' [ 358.774585][ T9220] JBD2: Ignoring recovery information on journal [ 358.857493][ T9265] netlink: 312 bytes leftover after parsing attributes in process `syz.3.898'. [ 359.587249][ T9220] JBD2: journal reset failed [ 359.630803][ T9220] (syz.5.883,9220,1):ocfs2_journal_load:1157 ERROR: Failed to load journal! [ 359.863800][ T9220] (syz.5.883,9220,0):ocfs2_check_volume:2376 ERROR: ocfs2 journal load failed! -4 [ 360.307149][ T9281] program syz.2.903 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 360.776535][ T51] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 360.785352][ T51] Bluetooth: hci3: Injecting HCI hardware error event [ 360.798145][ T5850] Bluetooth: hci3: hardware error 0x00 [ 363.101646][ T5850] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 363.965867][ T9318] loop4: detected capacity change from 0 to 16 [ 363.975874][ T9318] erofs: Unknown parameter '' [ 364.845292][ T9319] nfs: Unknown parameter 'ÿÿÿÿ' [ 366.154979][ T9337] fuse: fd is not a fuse device [ 369.550926][ T9361] loop4: detected capacity change from 0 to 1024 [ 369.561688][ T9361] EXT4-fs: Ignoring removed orlov option [ 369.567573][ T9361] EXT4-fs: quotafile must be on filesystem root [ 370.801994][ T9381] loop5: detected capacity change from 0 to 2048 [ 371.802273][ T9381] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 372.385270][ T30] audit: type=1326 audit(1774021460.202:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9401 comm="syz.3.942" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f560af9c799 code=0x0 [ 373.170053][ T6750] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 373.562364][ T9415] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 373.596566][ T9413] netlink: 'syz.4.947': attribute type 10 has an invalid length. [ 373.610489][ T9422] netlink: 20 bytes leftover after parsing attributes in process `syz.0.952'. [ 373.751716][ T9427] loop4: detected capacity change from 0 to 512 [ 373.808916][ T24] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 374.101461][ T9431] fuse: fd is not a fuse device [ 374.185323][ T24] usb 3-1: Using ep0 maxpacket: 8 [ 374.372364][ T24] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 374.382913][ T24] usb 3-1: config 179 has no interface number 0 [ 374.389698][ T24] usb 3-1: config 179 interface 65 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 374.402724][ T24] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7 [ 374.423539][ T24] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0 [ 374.445791][ T24] usb 3-1: config 179 interface 65 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 374.475708][ T24] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 374.499004][ T24] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 374.539204][ T24] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 374.588081][ T24] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 374.622926][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 374.734929][ T9418] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 375.481706][ T10] usb 3-1: USB disconnect, device number 3 [ 376.037887][ T9456] netlink: 8 bytes leftover after parsing attributes in process `syz.3.963'. [ 376.759231][ T9445] loop5: detected capacity change from 0 to 32768 [ 376.786661][ T9445] XFS (loop5): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 377.086538][ T9478] netlink: 28 bytes leftover after parsing attributes in process `syz.0.966'. [ 377.095833][ T9478] netlink: 28 bytes leftover after parsing attributes in process `syz.0.966'. [ 377.890344][ T9445] XFS (loop5): Ending clean mount [ 378.184990][ T9483] fuse: Bad value for 'fd' [ 379.806387][ T6750] XFS (loop5): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 381.204200][ T9505] netlink: 16 bytes leftover after parsing attributes in process `syz.0.975'. [ 382.331711][ T9503] loop2: detected capacity change from 0 to 32768 [ 382.408056][ T9503] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 382.463655][ T9503] XFS (loop2): Ending clean mount [ 382.479040][ T9503] XFS (loop2): Quotacheck needed: Please wait. [ 382.677961][ T9503] XFS (loop2): Quotacheck: Done. [ 382.811558][ T9520] fuse: Bad value for 'fd' [ 383.179398][ T5838] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 386.895968][ T9570] loop5: detected capacity change from 0 to 1024 [ 390.351741][ T9614] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1011'. [ 393.393704][ T9687] overlayfs: failed to clone lowerpath [ 393.660991][ T9703] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1050'. [ 394.194108][ T9716] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1054'. [ 394.502271][ T9718] loop5: detected capacity change from 0 to 8192 [ 394.696553][ T9724] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1059'. [ 394.729083][ T9724] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1059'. [ 396.324114][ T9771] loop4: detected capacity change from 0 to 128 [ 397.127376][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 397.134752][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 397.237214][ T1072] bio_check_eod: 1 callbacks suppressed [ 397.237233][ T1072] kworker/u8:7: attempt to access beyond end of device [ 397.237233][ T1072] loop4: rw=1, sector=145, nr_sectors = 16 limit=128 [ 397.306118][ T9783] x_tables: duplicate underflow at hook 4 [ 397.744592][ T9801] fuse: Bad value for 'fd' [ 398.371388][ T9823] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1098'. [ 398.974104][ T9840] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1103'. [ 401.487536][ T9871] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1117'. [ 401.934844][ T9878] node ffff88806ab09600 offset 0 parent ffff88806ab09340 shift 0 count 64 values 0 array ffff888022f75f40 list ffff88806ab09618 ffff88806ab09618 marks 0 0 0 [ 402.335987][ T9878] ------------[ cut here ]------------ [ 402.341757][ T9878] kernel BUG at ./include/linux/xarray.h:1441! [ 402.404689][ T9878] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI [ 402.410998][ T9878] CPU: 1 UID: 0 PID: 9878 Comm: syz.3.1110 Tainted: G L syzkaller #0 PREEMPT(full) [ 402.421943][ T9878] Tainted: [L]=SOFTLOCKUP [ 402.426255][ T9878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 402.436303][ T9878] RIP: 0010:collapse_scan_file+0x4fba/0x5220 [ 402.442301][ T9878] Code: ff 4c 89 e7 48 c7 c6 60 b3 dc 8b e8 00 e4 f1 fe 90 0f 0b 48 85 db 0f 84 d1 00 00 00 e8 0f 10 90 ff 48 89 df e8 d7 e1 77 09 90 <0f> 0b e8 ff 0f 90 ff 48 89 df 48 c7 c6 60 b3 dc 8b e8 d0 e3 f1 fe [ 402.462020][ T9878] RSP: 0018:ffffc9000de46e20 EFLAGS: 00010246 [ 402.468096][ T9878] RAX: 0000000000000000 RBX: ffff88806ab09600 RCX: beadd5de7622ed00 [ 402.476146][ T9878] RDX: ffffc9000dfe3000 RSI: 000000000000ae21 RDI: 000000000000ae22 [ 402.484117][ T9878] RBP: ffffc9000de47130 R08: ffffc9000de46ba7 R09: 1ffff92001bc8d74 [ 402.492082][ T9878] R10: dffffc0000000000 R11: fffff52001bc8d75 R12: dffffc0000000000 [ 402.500039][ T9878] R13: ffffea00014697f0 R14: 0000000000000000 R15: ffffc9000de47010 [ 402.508002][ T9878] FS: 00007f560be1b6c0(0000) GS:ffff888125549000(0000) knlGS:0000000000000000 [ 402.516950][ T9878] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 402.523522][ T9878] CR2: 00007ffe4b42769c CR3: 000000005863e000 CR4: 00000000003526f0 [ 402.531490][ T9878] Call Trace: [ 402.534772][ T9878] [ 402.537701][ T9878] ? collapse_scan_file+0x1bf/0x5220 [ 402.542992][ T9878] ? __pfx_collapse_scan_file+0x10/0x10 [ 402.548546][ T9878] ? is_bpf_text_address+0x26/0x2b0 [ 402.553742][ T9878] ? is_bpf_text_address+0x292/0x2b0 [ 402.559054][ T9878] ? is_bpf_text_address+0x26/0x2b0 [ 402.564255][ T9878] ? __up_read+0x291/0x6b0 [ 402.568670][ T9878] ? __pfx___up_read+0x10/0x10 [ 402.573429][ T9878] collapse_single_pmd+0x22b/0x4480 [ 402.578636][ T9878] ? __mutex_trylock_common+0x158/0x260 [ 402.584190][ T9878] ? __pfx___mutex_trylock_common+0x10/0x10 [ 402.590079][ T9878] ? trace_contention_end+0x3d/0x140 [ 402.595357][ T9878] ? __mutex_lock+0x320/0x1420 [ 402.600116][ T9878] ? __pfx_collapse_single_pmd+0x10/0x10 [ 402.605742][ T9878] ? madvise_collapse+0x18c/0x820 [ 402.610765][ T9878] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 402.616394][ T9878] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 402.622365][ T9878] ? mlock_drain_local+0x79/0x480 [ 402.627380][ T9878] ? mlock_drain_local+0x28d/0x480 [ 402.632573][ T9878] ? has_bh_in_lru+0x307/0x340 [ 402.637417][ T9878] madvise_collapse+0x34c/0x820 [ 402.642264][ T9878] madvise_vma_behavior+0x1094/0x4460 [ 402.647666][ T9878] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 402.653381][ T9878] ? __lock_acquire+0x6b5/0x2cf0 [ 402.658357][ T9878] ? unwind_next_frame+0xa6/0x2550 [ 402.663463][ T9878] ? unwind_next_frame+0xa6/0x2550 [ 402.668567][ T9878] ? is_bpf_text_address+0x26/0x2b0 [ 402.673766][ T9878] ? is_bpf_text_address+0x26/0x2b0 [ 402.678971][ T9878] ? is_bpf_text_address+0x292/0x2b0 [ 402.684377][ T9878] ? is_bpf_text_address+0x26/0x2b0 [ 402.689594][ T9878] ? kernel_text_address+0xa5/0xe0 [ 402.694707][ T9878] ? __kernel_text_address+0xd/0x30 [ 402.699927][ T9878] ? unwind_get_return_address+0x4d/0x90 [ 402.705603][ T9878] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 402.711786][ T9878] ? arch_stack_walk+0xfb/0x150 [ 402.716647][ T9878] ? mas_prev_slot+0xb7b/0xbf0 [ 402.721410][ T9878] ? find_vma_prev+0x123/0x1b0 [ 402.726172][ T9878] ? __pfx_find_vma_prev+0x10/0x10 [ 402.731287][ T9878] ? file_ioctl+0x273/0x860 [ 402.735786][ T9878] madvise_walk_vmas+0x573/0xae0 [ 402.740732][ T9878] ? __lock_acquire+0x6b5/0x2cf0 [ 402.745761][ T9878] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 402.751224][ T9878] ? blk_start_plug+0x6e/0x1b0 [ 402.756041][ T9878] madvise_do_behavior+0x386/0x540 [ 402.761268][ T9878] ? __pfx_madvise_do_behavior+0x10/0x10 [ 402.766903][ T9878] ? down_read+0x270/0x2e0 [ 402.771319][ T9878] ? madvise_lock+0x146/0x2e0 [ 402.775990][ T9878] do_madvise+0x1fa/0x2e0 [ 402.780322][ T9878] ? __pfx_do_madvise+0x10/0x10 [ 402.785188][ T9878] ? rcu_is_watching+0x15/0xb0 [ 402.789950][ T9878] ? __pfx_kcov_ioctl+0x10/0x10 [ 402.794799][ T9878] __x64_sys_madvise+0xa6/0xc0 [ 402.799560][ T9878] do_syscall_64+0x14d/0xf80 [ 402.804152][ T9878] ? trace_irq_disable+0x3b/0x140 [ 402.809192][ T9878] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 402.815278][ T9878] ? clear_bhb_loop+0x40/0x90 [ 402.819960][ T9878] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 402.825868][ T9878] RIP: 0033:0x7f560af9c799 [ 402.830309][ T9878] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 402.849938][ T9878] RSP: 002b:00007f560be1b028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 402.858369][ T9878] RAX: ffffffffffffffda RBX: 00007f560b216090 RCX: 00007f560af9c799 [ 402.866418][ T9878] RDX: 0000000000000019 RSI: 0000000000600000 RDI: 0000200000000000 [ 402.874377][ T9878] RBP: 00007f560b032c99 R08: 0000000000000000 R09: 0000000000000000 [ 402.882334][ T9878] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 402.890302][ T9878] R13: 00007f560b216128 R14: 00007f560b216090 R15: 00007ffe7b8d9348 [ 402.898272][ T9878] [ 402.901286][ T9878] Modules linked in: [ 402.906233][ T9878] ---[ end trace 0000000000000000 ]--- [ 402.926351][ T9878] RIP: 0010:collapse_scan_file+0x4fba/0x5220 [ 403.042530][ T9878] Code: ff 4c 89 e7 48 c7 c6 60 b3 dc 8b e8 00 e4 f1 fe 90 0f 0b 48 85 db 0f 84 d1 00 00 00 e8 0f 10 90 ff 48 89 df e8 d7 e1 77 09 90 <0f> 0b e8 ff 0f 90 ff 48 89 df 48 c7 c6 60 b3 dc 8b e8 d0 e3 f1 fe [ 403.110246][ T9878] RSP: 0018:ffffc9000de46e20 EFLAGS: 00010246 [ 403.120633][ T9878] RAX: 0000000000000000 RBX: ffff88806ab09600 RCX: beadd5de7622ed00 [ 403.131473][ T9878] RDX: ffffc9000dfe3000 RSI: 000000000000ae21 RDI: 000000000000ae22 [ 403.139599][ T9878] RBP: ffffc9000de47130 R08: ffffc9000de46ba7 R09: 1ffff92001bc8d74 [ 403.149067][ T9878] R10: dffffc0000000000 R11: fffff52001bc8d75 R12: dffffc0000000000 [ 403.157420][ T9878] R13: ffffea00014697f0 R14: 0000000000000000 R15: ffffc9000de47010 [ 403.165628][ T9878] FS: 00007f560be1b6c0(0000) GS:ffff888125449000(0000) knlGS:0000000000000000 [ 403.174628][ T9878] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 403.181215][ T9878] CR2: 00007f38d07e92f8 CR3: 000000005863e000 CR4: 00000000003526f0 [ 403.189305][ T9878] Kernel panic - not syncing: Fatal exception [ 403.195783][ T9878] Kernel Offset: disabled [ 403.200104][ T9878] Rebooting in 86400 seconds..