last executing test programs: 3m5.676813972s ago: executing program 3 (id=40): openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c01803001d000b63d25a80648c2594f90124fc60100c030002040009053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x4000}, 0x3500000000000000) 2m39.255857267s ago: executing program 3 (id=40): openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c01803001d000b63d25a80648c2594f90124fc60100c030002040009053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x4000}, 0x3500000000000000) 2m7.646215292s ago: executing program 3 (id=40): openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c01803001d000b63d25a80648c2594f90124fc60100c030002040009053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x4000}, 0x3500000000000000) 1m34.682760861s ago: executing program 3 (id=40): openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c01803001d000b63d25a80648c2594f90124fc60100c030002040009053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x4000}, 0x3500000000000000) 59.71301512s ago: executing program 3 (id=40): openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c01803001d000b63d25a80648c2594f90124fc60100c030002040009053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x4000}, 0x3500000000000000) 16.12813281s ago: executing program 3 (id=40): openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c01803001d000b63d25a80648c2594f90124fc60100c030002040009053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x4000}, 0x3500000000000000) 11.076399666s ago: executing program 4 (id=1029): socket(0x10, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) dup(0xffffffffffffffff) sched_setaffinity(0x0, 0x8, &(0x7f0000000500)) getpeername$packet(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x47f6, 0x0, 0x0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000440)=ANY=[@ANYBLOB="040f0401fa1104e114192c6b26510fe6ae30296e8c9e"], 0x7) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @dev}, 0x10) 10.874556091s ago: executing program 4 (id=1031): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000540)={@rand_addr=' \x01\x00', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @private1}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'ip6gre0\x00', 0x0}) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_inet6_SIOCADDRT(r3, 0x890b, &(0x7f0000000540)={@private2, @rand_addr=' \x01\x00', @rand_addr=' \x01\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, r2}) 10.017001693s ago: executing program 1 (id=1032): syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x10, &(0x7f0000000680), 0xfe, 0x244, &(0x7f0000000400)="$eJzs3T9oJFUcB/DvzO565m6RUxtB/AMiooFwdoJNbBQCEoKIoEJExEZJhJhgl1jZWGitksomiJ3RUtIEG0WwipoiNoIGC4OFFiu7k0hMVqNu3Dkynw9MZibz3vzesPN9u83sBmisq0mmk7SSTCbpJCmON7i7Wq4e7q5PbM8nvd4TPxWDdtV+5ajflSRrSR5KslUWeamdrGw+s/fLzmP3vbncuff9zacnxnqRh/b3dh8/eG/2jY9mHlz54qsfZotMp/un6zp/xZD/tYvklv+j2HWiaNc9Av6Judc+/Lqf+1uT3DPIfydlqhfvraUbtjp54N2/6vv2j1/ePs6xAuev1+v03wPXekDjlEm6KcqpJNV2WU5NVZ/hv2ldLl9eXHp18sXF5YUX6p6pgPPSTXYf/eTSx1dO5P/7VpV/4OLq5//JuY1v+9sHrbpHA4zFHdWqn//J51bvj/xD48g/NJf8Q3PJPzSX/ENzyT80l/zDBdb5+8PyD80l/9Bc8g/NdTz/AECz9C7V/QQyUJe65x8AAAAAAAAAAAAAAAAAAOC09Ynt+aNlXDU/eyfZfyRJe1j91uD3iJMbB38v/1z0m/2hqLqN5Nm7RjzBiD6o+enrm76rt/7nd9Zbf3UhWXs9ybV2+/T9Vxzef//dzWcc7zw/YoF/qTix//BT461/0m8b9daf2Uk+7c8/14bNP2VuG6yHzz/ds79i+Uyv/DriCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABib3wMAAP//+kBtTA==") ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, &(0x7f0000000240)=0x7) 9.508636454s ago: executing program 1 (id=1036): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_HEADER(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000680)={0x28, 0xc, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x28}}, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000700)={@broadcast, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x67, 0x0, @rand_addr, @broadcast}, @time_exceeded={0x21, 0x0, 0x0, 0x12, 0x0, 0x2802, {0x9, 0x2, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @rand_addr=0xe0000000, {[@cipso={0x86, 0x8, 0x0, [{0x0, 0x2}]}, @cipso={0x86, 0x6}]}}}}}}}, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000000200), 0x2680, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = socket(0x11, 0xa, 0x0) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) write$uinput_user_dev(r4, &(0x7f0000000a80)={'syz1\x00', {}, 0x0, [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10]}, 0x45c) ioctl$UI_SET_RELBIT(r4, 0x40045566, 0x8) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000040)='contention_end\x00'}, 0x10) ioctl$UI_DEV_CREATE(r4, 0x5501) ioctl$UI_DEV_DESTROY(r4, 0x5502) sendmsg$can_bcm(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x8, 0x0, 0x0, 0x44}, 0x0) r5 = socket(0x10, 0x3, 0x0) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r6}, 0x10) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={0x0, 0x0}, 0x20) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000600)=@setneightbl={0x20, 0x43, 0x1, 0x0, 0x0, {}, [@NDTA_NAME={0xb, 0x8, 'vxcan1\x00'}]}, 0x20}}, 0x0) write(r5, &(0x7f0000000000)="240000001a005f0214f9f407000904001f000000ff020002000200000800040001000000", 0x24) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0x4e}, [@ldst]}, &(0x7f0000003ff6)='GPL\x00', 0x0, 0xb593, &(0x7f000000cf3d)=""/195}, 0x23) bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2c}}, 0x10) connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) 9.485212231s ago: executing program 2 (id=1037): socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$OSF_MSG_ADD(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f00000000c0)=[@in={0x2, 0x0, @loopback}, @in], 0x20) getpid() setsockopt$inet_sctp_SCTP_AUTH_CHUNK(0xffffffffffffffff, 0x84, 0x15, &(0x7f00000000c0)={0xeb}, 0x1) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) r2 = socket$kcm(0x29, 0x5, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x5452, &(0x7f0000000040)) sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0}, 0x400c885) memfd_create(0x0, 0x0) fanotify_mark(0xffffffffffffffff, 0x1, 0x105b, 0xffffffffffffffff, 0x0) add_key(&(0x7f0000001340)='big_key\x00', &(0x7f0000001380)={'syz', 0x1}, &(0x7f0000001300)='n', 0x1, 0xffffffffffffffff) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x24000044, 0x0, 0x0) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0xa00000000000000, 0x80, 0x0, 0x78) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00'}, 0x90) 6.14328527s ago: executing program 4 (id=1040): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000400)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r0, &(0x7f0000003700)={0x0, 0x7000004, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000008100000008000300", @ANYRES32=r2, @ANYBLOB="0a000600080211000001000006006600c78800001c0033"], 0x4c}}, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = accept(r0, &(0x7f0000000100)=@l2={0x1f, 0x0, @fixed}, &(0x7f0000000000)=0x80) socket$inet(0x2, 0x80001, 0x84) syz_emit_vhci(&(0x7f0000000300)=ANY=[@ANYBLOB="04df0a02deb70000000000007148537b9b2adde4c76296c45bd14200080000000000009d8220f9ef"], 0xd) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) ioctl$AUTOFS_IOC_SETTIMEOUT(r3, 0x80049367, &(0x7f0000000340)=0x3) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10162, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000700)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0), 0x2}}, 0x20) r8 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r8, 0x0, 0x0) writev(r7, &(0x7f0000000000)=[{&(0x7f0000000080), 0x62}, {&(0x7f0000000100)="06010000246837f73199aee6fdb9291b3091ec1a2d41d227975ad8ec030f5919f397867997f9c0efa9c9092a31cdbb98ea272787afda0af59a320709c3a59ef05c6f40ceafec53f48d6186e7d8409e35306221caf67b370d875eff3191932728e5ab6c9a3acf6ccee3e352c898f5744abaedfb53f92c37acb126bd143f3e9cdfcf25a8d6129fcc3a141c3f5ab6db772f87c787817a9b699dd60732d952716b103bc1e91ac5b1ed92f35389580994bb0df9bce07e7a80921888f984139f488d256a67fec0cbb5c4e93d5c151d97f676ab93b1efbd46f600dc964231e3257bf358448fddf894c0cdfa9115adbe5b19bc912fcbc8aac7719b649b1ff1267491da", 0x682c}, {&(0x7f0000001480)="d1ffacd516de50ac9d15bc75316da4defa1e72f65a65cdd26dcc389aacf7856da9aecf3765d4c032e1960faf25bad906b7d3440b6e71a82f1d8f8b8db35b6091f3af94c6b46b9ab10fe3923f268771078d2668be7bd3eb941d4bb5baa8547e36283a065ce5766cbff3a8fc37fc4507643d3786bbf231d3ed88cb8b01eab14e4372cf4f89bd1b853caa5d9f07f523b9dfa8cc09053ff36fde08e96fb6b3acc196b1bd1e2d3a6c65f585df7e2b8b17439a7ab29a7dfe642c2f0ac7a81eca8073b559663f2daf7a0832b2b09557794a21bf114831f8e6db3922d0cd169e5a8b4adc95d7322ee75944de15f57780b88fef7f3d9b256705ccfa2125b43ce8e3aacaead963cdd7f792f14c9b24493f9f830f6de8da93bbd4357095631adec14224dd9bb049e826f3a49624393e6a031103faff0902ba88ae30af4a61caa77ff956214196fcf3c5536d823284306f367afcb46fb43231911cc53091671e7d853ebf015241b18e9fb6ac6d9a7a1b05dfd6d9e56a51567cd8837dd045abf6b85550f0dd8dded43147ab9bfadc18b9984699d5d875cb21a95a7f584d8c466d033df75193f9ae58b85cfacc54f6c6e12a0debe40ee361a839563bc2cb64271672a55370c2b035b482074ce2487ef8a3bc1c68856e6e09539276d961a0c647f1ee3237496fc99623e8fd33faf7797d86a88dcee152d15e10739bcbbd6077b76867e291f350d999024c12faf81f83792f48f7f6dd66aa6854e460ef7f8c755f3a6dd76509ea0d2db39057a5129185b2fb11546cd5d6cc59f640e9028ae6c7075fba5e5b5593d7f79ec387833f465d09bde464112821eaec5e6e8f2aee8d7358f9c14afe2018856f610848706c71cda62493aef2e39efb71b4a8e804847eda66b2b5b1d75b478f19208ee1ac43afb2dbbba5dd0f29f6946022e09fb853cb176ca3474ba2fa67cb245fe85ec61a095d6fd9ac2ac5685920201617342fe56072427b9bd3626a1a371e67041fcda781be0c234d6feb5ad500e8bc7074381fd0d04983a4a6cdb6c8e03d59dc50925e9e4b24e6f8e455f02818959f2927f0a2d9ff62ec3c5c399077048f7d3dad0830b2e6563693f2f9d48eca8c34804a7626282a4a214d13786993c011a88194dbf7b23e25f592e62186c9fb565fac7632de356153c89a6be0b6b26ba48c2427424769fcbd7ee072ed4bd4d0731d06c8537d616b1145a6c70edb13fb4dba3565221b3a2897a23861cd0e8e0060021cdd7de002d5e785e5d6d3d07f4e445ada9c8d9ba8b819d0b5c7b5d15a5192d3a83c125c8e117c823a9e33316b8c9154e7330d3a865048dbd9c14757691bfe56f10423f6ab717bec5eebeac6ba9ad1aeb6cde09d7fda8e475a71ac48d46b8d9a40879c9dec2db5c4799e5fc8e8b3d419031c1033fce88ae2c93d7ca62c9302e6b45ca8dfebe5b92724f035e8e9d7704efb23f445999fe08cfa28404874d8acc8d37870d394d9fcc8dbe763bc85c37f0f3bcc2cbea420cd073db598e7d89c14a31e5bf57cbefa301427c93091505f1f3e5cdf712958b2e8fc56684d3388107c1728f0e5a3be2164246071653e256ed3bf3000c17301da9a5a3d9ca475867c4f311a24e5ae909a62047a9e6bb71cbcb4f159c2ef0f66b4d0f9da51aba99cd9448443dd277362af18d32f111c48a952ef555b2c7c58b997ce61e74cc7551b57eaffe411219baddf490926d8e260dcd87c069e617195c352950f9b51ce88c12c4f7997ba515f77e68d44f831cdf4d7ee8b1b7cedcb4c4fc7e85ba288c8555d49d5b4b9bb70dc4b688bd12e6b38e37150f3ea457a76b23d5abe6551ea598e090aed87822b0954b8db1a7c605c925b7f9240b0e7a020f292a1fd4a37c74139bc6e7ff08373ebfc8feea371ae0b6c61c715f6f1f4b0b994c7e2e129f87db959aae6ff48664d824b29ba9f255890f9c537178db9c5302097891557f8175a46f308b1a2530aa726ea9d4cfce76db50637369724d0c5f51c97edb58ff5eb9b2434b3721b61688ba12471b97c6a65ba085e15406568ac852590701f2ef8451c5cf1191d70f51eaea9ddc4cbdd7428f627db5069111f65062d5cc34581826af3e670613dda99e31c42736aabd87be56e214ed606862a152455f91891b7430bae03284569c234588f495a5ecc4a23fad6ba34e2ee9ebde8c7f5f62c9344659375c2a1fe6fa6e4ef68712223b9471c513bb11429dbb8a45463c8882f462275ee0da567c60c2d8038843e0c20486676e9978f2aec9187820c94a6e7e519d06daf2ab198f5cafcab4d9c90a479800906192d66a3301a34fa6c5a931cea0a479a4d98d86d9de3e061323504b57186dd33df7a16ccb688c0de203666cb0a6b543a9d069dded44a3b432cbb71da921dcab6be1c2d7494d3b07841d9b4f9d659b5d3d3b2ed916f91588d589128e4b2d4448e6aab5a8160eddca0f6e022abb85e251a11cd6bae57a09b2c434ab5bdf6264afb20d5ab022d152e345bd32ba9283aa5b3cd9118bd271a8ac9083c98b8a83064e65428f7ad7b35bf1d60d4e703f22d2d316fc12bd68bcced82cf0962a3d5769c6a3d75d59f7a7b76454661fd3574b8c8e26d20c372407854505ea6c2406fbd8a1ba7bb017c565228aa6d03d18ed309a308ffb1ecec73c246413e7c70f25070eafed9e70d22e9e8b44125c44eceff37e65bf073bc6fad1ea2b72675af4bf70586a8f7e0f35700de94c802522897576ed115fa21b3d23a367844520b33f5b9aedc0245096765f4cb3b2ff4e54f39bd7346c2347875d75a931b17c6c424ddb4767e0e63cc7725a8fc4b1dbe7929b2f909cc5be8b09e63330341e6471dcac0f8b44693d01805a1467b71612260e2a273861b3697440a5f75497796bffcf79d62a4a50a6ed5ef2efe8c83374f2ecd08d8d628aa03b01a11caeb2bdecc0ab2abcecfa15627979d7c3f9dec5389fc6625e957f8075e23e636dd5514596189d568e14d33ae518e6e9978c6a36a74b49fdbd1260095c9abe447e618878039b75e305b1d2c9ddeb9e5cedb11802e0833739d8595d57d749c890c9290cca4aa96e6718747543796a187e54a66c2f71beefddf911a7a74b59c48ba642d5ecd4d415f48dfbde5baac8a4ba063c1b985d9f9f3180e8a1c8b2cf6a25c2ff17688cc858ac8b9c67960f09a1ca5f28f8e877159e00fe7fb10cca73b391508895e7e52c22f9b38d73dabd6ff7c55ebf4e1611daee8d52b4ceee49a6df7daeb81bf9d1c943a74c03d3dda52c5b99f3225c1b87074f5cef6187878bc5b665ec0561adcc9781280dd1c6592555d327afea78b21beeeb66a0af3eab3249245f41cdbca309d3fba5d4b345319dd0a26134c0c896f2c8d32fda28600013f6a4c95b4038faba70d6c480b360c55bdc0595f7ca636e85521ba505d894f9c5f0a90719bc9944f386ad7491422ff12f34a3c048708d51305a8cc5b2a502ac1575a14c75e9fb7219ede2f6d9c1b362230b6189e0d8cd8ccd11fd0325182c6e46c9977bf63aa02f7024aeb4389f989f5733a198b45e4329c4c1a538a009f216ad3ac09cac39547b4fd21a5d7146ea307ad9b9339f39d5161d17b59860a0aed38cd89d1b68c6438346d51a3a283074e34ee01d2eca527b1b3836ccdf7e807007152c79d14324e3d887c9551a9447527db4434810f5b0b73d855f32a0c89aa784e43f4c1657d408dd33f88aeae1e5186bbcc2a348b708e3cec9080e12ee3676beb5ee86a9b5cc4a3496c242b95a248906ed62f984b22373bdfd97515441f34e01006d8d1244aa88403f207cd8820ffe07634fc86d00f871c1e4c9e8fc1a00d295e36d98119599b62379cda10ada85efe7b50c5f38d8d010a2cd53db900939db1ffce14feffb7940d12842f4f2b507e1fa49e526752d1e3d80a0c2a75e870d85f77fd91fc46ac1b1288dd33338cdad154d6b80b5a925431868d62a3fb0036f28fe259a3f555f767526a9ea230c33843efc49ac3182a357845ea122d606ab22c9f937b2b905e02dd1cb07d380e3486be6167f00b6e6d90a3c1d6aee15da439a55542ce177e498998ba8ac69a848e63e4c7564e4dc04aad595fa1ab81275edafa0d352029c304200d2f2c5881cbf5a26b2141bdb117879cc11e7c13bd62f221ae1ac04dca3d8d58a13c130557ecf5f36184c7366d3852d0cbd6ca42f2a971d87c0bb204097af1a3abdab7b95d07fcdbf5f42607695dedcd26e30b8fc5cfd7b333a95f3ee69d5ba7911dadb1394285c437a0f26fc027737ba5ee7d63333f80acb59f1a7faf2ec3031c6533107502bffc92d8726a48ce00cdb5f1258d85ff8eb72bfb162e122022f1f3e8a72b41d2689d5228b1130fbc946384401f3bbe726314bb09d430333ad78de07b3cec5c18a4f4abb69507b6451ca4e610b8fc988c983426e0cc3b9d15393026eb75d3d08634b8a7495cef69aab83d27ea1b5b41f40b996dd10023d81f77d61192930ffc25cae1e149412322fcb0aa47bee3afc44ec3dda96c9294854e2cbaebfea6f9a90f0b3797d5f505824b4de964151569f881f87f9dd9d30a2a2f9ed01059a909cba157902903c77f2f3d056231e7c7483a3f35e04360e084f0d3f94a92c92c77b3f06479fbc417366d7fe87ddfcdfd86274f87a5f817b0f947924cbe2329f16f6b00c8a0ab96164f7b35fed38a388380af05c3600abc37a944c9e75a691728c26896ac3615297766f406aeb0f2fd147d68fad3fb3b032880280ebb4bf89252a36b0d9eb393daae72829b8da870b886676244897d5322b32703fcf138b66eedeb3024666a88fd99d8962f696ab7b34e19ced1bd27488aa2ffe5bfa11f8f9289bd8c052d4e88316cc33b0255ef1bfca4c17067d7f78175c56db481fe8dc6f73b1cbdf9d5823f115c9e03f2dfd07bc1ad88564d48b18cd9a30d83cbd5e6a3eedcb0ee86e5dd47f32820cb74dcf730b2052b31297b529e5e24f042335d13915e4048132fe1a101841e919c7870bb680eddead9a6111394bc12e274fbd88abaf2d254721c42e82abf4d1e319a631794ed6ce319ddd844ac5e9b1fc96dd9aaad42f2e087abe1b85430c4a00631970e3e74a6ed923f49e0df75685e044fae3fcea0af4dbfeebe0a9c2e73e8a89b89603a75f585e3ebba5453ae595da1469ea90ea3c9fb6a22411c56c58dfbf504caa629dbfc73ebbedc91669f2babf8b8215c525edf8feb366f104ffa9eb2bb79232660aece4730ef1ae8585c629ffe1390356a58e900da145b83ad177c7bb2d125e59d7ff4d3a8562efc620b4cf9b33c2305bbf1957e0f8b06f0fbe9c80db73b08fdd0be4a1ea4f91f52af47160040424aed8ac3c10251fb0b5d9be08247edf3dda5d1750d0597d60c8a0d9418a4e0c9325bb90f0886f9e5dda9e88ac1942ec1e53da0cf5ccad66b9cdfc2fdca784dd06a73713ef73785706d024873ddca5ccfcf0b91748a2c1fbd8c241934b5b473007b29d76aec5addf7b945a5f7abd6ddeccc8d0ccb26d69d4793b7224c27ba7bf45aac8a2be56086ab8c65ea69fdd593a01a29e2912378002d824bd98e6ed1c5dd5f33be529e640997f5f1bbde051fb2a669145966db4889bf32aa13777ac6c077c51bb8b2523954cea3adc307cfe53b8cbb00edf0c04c456392aea6613e8078a309dc538a6a24f80fc1b7f9fce3e3291ca6dab8090a634fcdb24e7a9de8aecd595b988f597cd623d148a8841b0a5203953166ea2e85316928f28dd2604d37c9ec80a49c0d91cbfe6d584b9b6a321b97bf99ae1d67985fd441976a828c97456003a7892c7c7f4a51bb49e3d3ea1e95ec29c89a2676", 0x1001}], 0x3) sendmsg$inet(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="43707511a0ccac586e704a8f22a41d46f166", 0x12}, {&(0x7f0000000180)="1bdfb42a7490c4b1cff6c4b96b7cd03c0300fbc7111fb483f60000efd12fce12fa3199355b2e204b2d9a909329cdde97dcf4563e398e601cccbae1d92fd91385f1ecd9dc746e482d2f1decd7cd216c519af9a0cbb022fb400c3725e2dff1336a3a0c1b3f90e644acd913853a2b23c599a9bbfdb5f9cf081d194a9c6132d31f3856ddaa4d2672778d4350f23a043f7795e1f618ecc61accac3f725dbcb1b3833b1db86ca2eb12ea7569bf29e6bcf886d8860c8e88fd630dea9fc693431807acd98ccb4cc84b6e4982", 0xc8}, {&(0x7f0000000080)="919e4819964e98a1e651d3167d444745c7524283ee4ad51008b30b0ab039d1f5583201f481b45ae7c431ed4c1f8d470bcdb272", 0x33}], 0x3, &(0x7f0000000100)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0x81}}], 0x18}, 0x0) r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000ed000095"], &(0x7f00000000c0)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r9}, 0x10) r10 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000400)='net/wireless\x00') preadv(r10, &(0x7f0000000300)=[{&(0x7f0000000040)=""/5, 0x5}], 0x1, 0x1ff, 0x0) 6.073622746s ago: executing program 2 (id=1041): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r1, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @dev}, 0x10) sendmmsg(r1, &(0x7f0000001380), 0x3fffffffffffeed, 0x0) 6.007583689s ago: executing program 1 (id=1042): socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_LINKINFO_SET(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x0, 0x0, 0x92, 0x0, 0x2d88, 0xffffffffffffffff, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x5, 0x2}, 0x48) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000004c0)={{r0}, &(0x7f0000000440), 0x0}, 0x20) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) bind$can_j1939(0xffffffffffffffff, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) socket$inet6_udp(0xa, 0x2, 0x0) r4 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000000000)) ioctl$SNDCTL_DSP_SPEED(r4, 0xc0045002, &(0x7f00000000c0)) ioctl$SNDCTL_DSP_SETFMT(r4, 0xc0045005, &(0x7f0000000640)=0x10) 4.992523825s ago: executing program 1 (id=1043): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x8}, 0x48) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$kcm(0x2, 0x1000000000000002, 0x0) socket(0x10, 0x803, 0x0) socket$inet(0x2, 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x19, 0x4, 0x4, 0x9}, 0x48) landlock_create_ruleset(&(0x7f0000000080)={0x0, 0x2}, 0x10, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000080)=ANY=[@ANYRES16, @ANYRES32=0x0, @ANYRES16=r0], 0x20}, 0x1, 0xc00000000000000}, 0x0) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="4c00030007"], 0xd) 4.902441616s ago: executing program 4 (id=1044): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) openat$btrfs_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) io_uring_setup(0x17ba, &(0x7f00000002c0)) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000340)) openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r4 = fanotify_init(0x0, 0x0) ioctl$AUTOFS_IOC_PROTOVER(r4, 0x541b, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480), 0x1f) socket$xdp(0x2c, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4) 4.549095635s ago: executing program 1 (id=1045): r0 = openat$null(0xffffff9c, &(0x7f0000000000), 0x214782, 0x0) ioctl$IOMMU_HWPT_ALLOC$NONE(0xffffffffffffffff, 0x3b89, &(0x7f0000000080)={0x28, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b, &(0x7f0000000040)="c67032476eed1abbc36525172ae208d8645971078fa72622e8532db4a96e1f054df377dfcf566ac3cdd48a6c344a922cca234b32c23f6fbd7aa641"}) ioctl$IOMMU_DESTROY$hwpt(r0, 0x3b80, &(0x7f0000000100)={0x8, r1}) write$cgroup_pid(0xffffffffffffffff, &(0x7f00000000c0), 0x12) r2 = mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x2, 0xd, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x2, 0x2, 0x0, 0x0, 0x0, {0x12, 0x32, 0x2, 0x0, 0x0, 0x0, 0x0, @in=@rand_addr=0x2000000, @in6=@private2}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @local}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @private}}]}, 0x80}}, 0x0) mq_timedsend(r2, &(0x7f0000000380)="5cd7e11f0b98c28ba3346eecbba7180f68456e89d26928a06c2146e9b081a7ecd20ee46f887c5b7c4b9d59638c36d8036ed82c352dc5aeef5694246f118432f8d2467aa8fac3b82113b0b514b782fb33bcd362943978b24c83ea02b4a4f105c6c54a258f2fbf00f2f40852b22c51e4c2efe8ccd9075ef4955ffbde8902e478aa2829bdbd4f4f244189eff0aed3d3fed80f2ea6cfe958a51d419546bda0849c78215b4cee279d6be6292e1261a00e2a48636a612ad58ed112561d7f9b6a028d15c11066d6ec00c2c0363965695c7f915e3c93ebb1bcce00cf215791cc59a91d497ee96d4e4e78e8c79cd4e7e2182e37e55bac9945683007b8936eb863436f54e6c72daf2b3a5c130f895bee516ca1d49167ef5dd83ec7c03936a9d3f18bce9c56330b36a02667dc2a27dbf3d091fc80e7093a3bd477367f51a0a5534582ab2846abd0fbed11f18d05f606c5e09ad649a48cbb96b20ffe4549c4c8bbbf694f320dc0da927a3bb5251276e315ff1a7c34e29592d9666bba7f852d1aa561ffd8ad01b708a4fc626d04355cbbf5187b3d92e9afcf7b6d3343e20179ca72d67dc4bf8423a7ac515b276f41ba795ed05270a1f4c864056e4e49e34e937ca0692f0ac4284f28c38e4cf56bf56a5e491f7eca50bc7ccd8bb092e7c4a97c814e8482627a39acc87a0d58ef96d289129e3e7ad24021b67a7ae66a220816514399c771bbe2243c7e32d7449a5ee926992565d63655df56deb08c346177cba0cf6e8a927354fe9bc425a1e0ed7554d2dcd63a77a78413848d4092519dbf3a1043b4d119693a356fa3ee20a137ef7414926bf007605553d3917f96654b705fcfadfbb708d166a57c6edba14bd18ae87d32b57666825f9b522e6464e363569234bdcdc681c16907f1790262e3c736cb22877d3297d8db1cd9e43ed2c2115d5bc9802a079cae35652f29777530eb65f6b12fdf295978f77b57853be6c90e74f32cbc2e02c25736663feef4352e4e3cd857e52ecdbb14ccb3101b02caec408bcbf048e84c04f67478e6398bdb00b6284e996d302158813b896752976365fe0dd867d0d03fc3174a617d0268a183d508324464a439d59c04468f9da8086616adb407a5348f67634c16f0bdb49d8cf622ad040639ca0a24d291918776e170e0bc97ac64a92fe495f003fdf2db8f0a3a645b0ff725cd00504e96e109e85750a9ef82e2cdf5ae605c461d8183bdb9f2795bf9bbbefe6759dd62ce95d9461a690b0bc1925123404502d892a688cf8acbc08d7d6e278e5ec201a972412c4e79986219d77075cd00ddbf1e87ecd4d14fc34f1754618f61c4dee552c221c6dc8674763529be6cee48798c86b756e9ff769cef21ebd742bc487ff639ccf919545fefadd369f2fc472ea5691584bcb5186538f175e886e660638997df234761a7be1fe2b8a2190b43ade617055e3014a3f38bd53fc752c5a122af640b13c68271b6eb67249baee5cdd44399c4536e522bf5fdd10b181250c4b25ab820c8e47c6e478450a09f2f528abb2d845d7f590c94cfd106b245a94aa3240124b6a67e77d846b11351b69ea8bf9688e2748b1414e12df2ae92161b0833cce4b53c9dfb320ff21b6a44fbc9294891dbaedcfe93ba7b2707de60dd9e688b9be8ca155d20e71b20278bfa9ec123f8a7c7fd3619162f4cf0b188d72e69db66d4603313f2196b6a369b33afe7015d476a96458acf30fc682858fe5eb25c73e355cbd827d9e6ba4ee3daf28255a8a4083d0ae8fe2b46fb7b37272678f6f1702fdf068185ee68fb87da77954c3f69b1edfd11bffc0f4dbfd6d7aa84d96ad2f8359d26dd935de46cfa6d01ffc86c8480c7637ae6cb4b01bab89f05273f7c81dcb289e9104dd46f711c1835899cfc60fa9dc9a9ce3006016f576efead9f390c5f74e33d680dc5d1f16ffacddfde1a167a8a663b4c8633a9e6195c1cb945951a43e294328c280328bd1c4743a06399bb4f979b3030cb2c5ab0d09be93d18490102f452b5ad3f6e850a9ceb07c3760c4147976f30d9cd124ffc76265b8be60995e6f0f9f716931823fe879d99a10abafb5f8ac631a7519576d6255daff62d6ba5ffc4a147f81320a87716d13363c0f00380b32857a36bce61b5441aa36870f17c3703ca3fb35a3f579475149a40fee96cbe700d9e250972c2394b4b2a8fe9aecfca76cce364811ed529464a4edfae97d6c141ae29ac95e947e4e3975d22ea9fae41c8465ab4b2c464561aa84cd9913279c80a58f3fe94098a87d7550aab7123e2c15e266089f27868a92d7651b650b8454f0d5afb42c73eda75e4facf0da630e0b79d39cb47604cb61b9d04c34055f37be818262ef7e0975654b21a184eb875ea8002f25350f8afa8c8f754ec89dc489c8cbd22d7132c997a1ad96ef1ba092057e46b9993e7804b8a28422739ac4185b2547d79db6ca1a82c042b794c2cb726c22e2b6e7b6d454dc885c840c8f4f1f695ee919f4f24f6a6da249f1db094415e598e1b9cf26d018bb57dd66ca59e06311475decbc876cd716fa484269d716e68c4d293d140b21822de2d70e67fda76ea0b17340c116e33b21a3d519e49ac910b0aba160c8750857ca495c7bd89e0779344b67ed22f58dff8c0e08d41cfc5cf82a3a8a811da78edfc0511624eeb56ebdad4d0be70e55c983f383e80d8fb2a2022b07aec33388e9fababd4e3e6fa97792bb1a81b171f969261066ebaa22c03bcd7d02e7101367ccb4f09736de7a3b54b18708749abc18457fa1e0037f5028bc3e8a7106ffa8ae5d9fe8bea14a64dd0d51f9ae14ba7e6191a2932a3845ee17e425cc994e9af060470ca65494b6f19afc673765ac95c9f469aa0fd9821b17de03df3f98941474d8f927cb1760fa6e026a083a5f1fd4c75c08050872ca331f88ca79b17056ed6e15b8ef06ff6411ec7a72b69c84f98c47992488ef8038a20dcad451cead0b87c04248edc2a310e8502099d958bbee36eb0f21ee732e9af6a25fad1f4ca4781be868998368d35f52782cdae3b4114b54736e3ebb036505d8dded405baa54a9ca1d5677a6d697e89cfb7a9c1f7e4f22916dfce78e78f8e6c4109e437276c79ef75cbd25af6b72016077bbd3535a0da876400cb8656d7e0c8779315d82dd9cfaea934b3fdbfa34c7788ac52440838b46b6b3d5124b3746fe5e3b4f401b5d6371a16ee4765d144cfa8489f3772bd44e2ba18a6e69bc61e176363bed125b1f3784c1dad97f64368f4ed0d3b5928d97fb6ac185b7a280d968ae40161ea46f768118b9133f50c0a78ca54dcde3a125af0947f49438303bbf49b6f8e4b7eceed98f4bd1432bedf1013c1445215cea4da0a7c7007a1fbcb6800c94ebe194468f624a75ad6dbb17ed464085555082b2be669a913493453fb07da125c9299f036730ed5e5f6f94f05cadda736dc6755bf11d2da56ad0f081995aabb1cd37b49b5ccb2faffb066654a1c7c574bf62180777bdeeb4c1eceaaca1ad74562e6cd4b40d9de48ec61ddedc88b68392fb3ce7ff0acfe983f9406cdf335fe242472b3cc75f58325e8a4f9ddfdcf885756df7b2d1fb25ef14f3aac80a86c3fff72d44b5b0e42ecb6e3f1947236a4398cff071809ea96383d240da104921543a0eaef99fe42d0eaefb136fd3478b3f7ab3132d23709e1d9b3b871ab4e1f3eadfd28365b2096dbeeda44854eb34d69043f0a893e12f2444762505c5acc5edca83473c23352c29d644cc4bd9633777cdf106f2fe5bac70de822f4cf975b020601073a4ee1b0c743ebd880f4a4c2446afe1c30233ac55afec2a7995f8841ddfece68c7138aad71aae18a575ad29ee543c6b9401fdd19df408b9568afa3854c7c052cc171f0f37542c35fa9d3a866e05850cc6de4b37c8781ed938f2345c99dfedbc5c60d88d33995f69a3a14fb813a5db388f3db1c75c459e7ad3bc87272c48c5df4995fc3b2558c2c4d671a0d0777608c5606ed928191af1d731be3bd1ac90d850203931cf037c465e7e759c19fc43661bb289642dd077a85565aee8821e7ed23dc8fe526d3ede019f4caa6b8101f640e5646c76dcededbbea9f2eb6ce97a6c8168a3c95a64c3e5bc9480fdf4510fc7d19542ae1c5c2c415310641f37bf410e07c411d1192cb1301f73b327c4a3657bd056e41888f30bb8d86a22c378a87e38066daa7ca208b2f3f380bbcc1e6752f1bf12bbdce22e887c265192f8559d06e60c15785a63451003e8e56c4361215ab1855b82ca9d1cd9deecd6a8de27a36ebb6aac5e06d4eaef9556d38989724b937ba612a22e6247e50c6f4c48491d1516e518d05b6f25d1417654e65ea12dbd8e41e3a9eabbe03b2e3477796b36c5d7224ea6ee3cd339d25a6ff70ad5f9d185a63147b4b6d1120c9d355ca57ced26b5d4c25b852ddc63b7d28a9f6dfa54cc85f06f4579bc0a1345864bd2682e7627617c5f63802a91237c11ca92a19b875ea28eb4f8806fbcd245fafc23e1a2210287665367bc85dcad5e2c173105476253b07338b939f6e308230d8ae3d8e55e75e4e11378f88c3f391fcffa921df07077c512837811f7e98e944cfa5643dd16987c44fa2632d4ee2fa4cbecc8ea0f282ccd1ae6f67c455d142b53f825dcb5039f64275cb9bfa9637b6560c5b66ccb4da06b0e6cd79bcf99cb2fe9b23cf03212ca504961e46d252cdcd4f1c696c6a71ae80358dd9f59ef39880412cc0cbd9601277a3a946ea51bdbaf557df293214c139da52f721b13d3f050c0544803872d1ac26e8481f70dc23ea54ca293cf96ba776f6112884a4f614a512711ba37db356cc690124e64ded97fbd69d1b2983a833b7e9ec209b66a6ebc13b52c2e3ead8558a227b014b6fb138cac090960e30a3a63c0c6bdc70e9052c7b9b4d9b16d8cf4cf833b9d9615491e1cb7f503277fad7e9e6f9548f069bec0fa0d17fa8da385095c59f23193eb1cda524d527a098ed641d267a844169069e1f04b5ce61efd2d0a47e86ddb21aa084e5f89c65b726cd9047aa604dff7b29dd83257861d3830d93043f61fa414da821772a17e22dc33f7bd507a1c4109739f4a085a6450181828bffdb7eee965f217b4527e9907fbb27801f823822bbff0f070b8f7883369c83cff73b70b619a1e7a1aa7db3f55ab1b8c109f6555ea2a94993c24868a5812e018e0d88c86462b58a6be861c929d66a1967d632a55d1f6f74e99b9bbec9d492b04704813a0ec69f8f23ea78f6e24233813a656dd4859f7c96dcd26994a3f65065ff860189589194d3c6cb67f8c3e781f67e0c05574abe210d15432613d41d690ad24a600ecf4ab709450e3771ee28c2f3e0c67ffe8a62a145bd8ad97474e9deb30f74359cdfbacd215458e4f77731824458f5df85ba5955aa0eb568297513e4b51387a5e881858f03edc11512680af552049a80909a21d25d16ba607ee797820100d55cdbf17683c488e7aac265119022851ebcad2d4e0e13874c87dd2912dd7677ba05c4adee47f9953ec1d574eead6948aa0dec5783835ee13e6d7c4f2919b4d9fdbefafb7ce98b9c618f87851eed88832c8dbe563e58447e0478a2f5fa9233797a4dd64e93f9c1229490e39de316a78180dee4312077dcbe38e67e3b628aa662e69c561ca50058bab73723bdd0efcc0d768c12b1dd468ae86bddd9146765354d4a75067c20fc1ea51129b33f0d91013e9a244c3f5aa16df506498a34d213ab496ae8fb0fc5d2628e885b6a0a832a82594b80a1795093d", 0xfd1, 0x0, 0x0) mq_timedsend(r2, 0x0, 0x0, 0x0, 0x0) dup2(r3, r2) mq_unlink(&(0x7f0000000340)='eth0\x00') r5 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000009e602206d0414c340000000000109022400010400a000090400000103010100093700086ce82201000905815f"], 0x0) r6 = syz_open_dev$video(&(0x7f0000000080), 0x9, 0x0) ioctl$VIDIOC_S_PARM(r6, 0xc0cc5616, &(0x7f00000001c0)={0xd, @output}) syz_usb_control_io$hid(r5, &(0x7f00000001c0)={0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="00020c0000000c0002"], 0x0, 0x0, 0x0}, 0x0) 4.434448732s ago: executing program 2 (id=1046): r0 = creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) ioctl$EXT4_IOC_CHECKPOINT(r0, 0x4004662b, &(0x7f0000000240)=0x7) 4.356241159s ago: executing program 0 (id=1047): r0 = socket$inet6(0xa, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001100)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000840)=[@hoplimit_2292={{0x14}}], 0x18}}], 0x1, 0x844) 4.19433038s ago: executing program 2 (id=1048): r0 = socket$inet6(0xa, 0x3, 0x88) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x8004, 0x4) recvmmsg(r0, &(0x7f0000000400)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_STOP_AP(r1, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f00000028c0)={0x0, 0x28}}, 0x0) getsockname$packet(r1, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) r2 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000000)=0x1, 0xfef2) dup(0xffffffffffffffff) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000500)=0x20000000005) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r3, &(0x7f0000000100)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0) r4 = syz_io_uring_setup(0x110, &(0x7f0000000140), &(0x7f0000000240)=0x0, &(0x7f0000000040)=0x0) syz_emit_ethernet(0xa2, &(0x7f00000002c0)=ANY=[@ANYBLOB="aaaaaaaaaa10aaaaaaaaaaaa86dc6092c01f006c2f00fe8000000000000000000000000000bb00000000000000000000ffff000000002420880b000000000000002113565ccefe5d31f29e248840f7360be63033d565b8cfe3af99d096c6022c5d97cf495bfa81adb370bf61883a57f2000086dd080088be00000004100000000100000000000000080022eb10000000200000000200000000000000000000000800655800000000"], 0x0) syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYRESDEC=0x0], 0xa) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r7 = socket$packet(0x11, 0x3, 0x300) getpeername$packet(r7, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000200)=0x14) add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xffffffffffffffff) keyctl$join(0x1, 0x0) keyctl$join(0x1, 0x0) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) syz_io_uring_submit(r5, r6, &(0x7f00000000c0)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd_index=0x1, 0x0, 0x0, 0x6, 0x8b14c6a5df82cbe, 0x0, {0x0, r8}}) io_uring_enter(r4, 0x47f6, 0x0, 0x0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000440)=ANY=[@ANYBLOB="040f0401fa1104e114192c6b26510fe6ae30296e8c9ef9c74344ac5b82bff1d21103b2cdf12f8d65350bfdb1934b23b1a55ad92441caa943589d367dc5bcc85f99a4666f67ff9bf5c94e0787a163f8eed04438d01f102b081de7dcd3ce9be707c0b84d30d141e7ac28a59ef6760fca670a8b2023cdf33079338506b92655d9065bda9e298673d7d594c9d7b66ff634aa53d598aee8cdcc8a1fddbd0295e356"], 0x7) connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @dev}, 0x10) 3.84596397s ago: executing program 0 (id=1049): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) r4 = syz_io_uring_setup(0x7b, &(0x7f00000003c0)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r5, r6, &(0x7f0000000600)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r7, 0x0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000019c0)=[{&(0x7f00000002c0)=""/183, 0xb7}], 0x1}}) io_uring_enter(r4, 0x46f3, 0x0, 0x0, 0x0, 0x0) 3.191653715s ago: executing program 2 (id=1050): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(&(0x7f00000001c0)=@filename='\x00', &(0x7f0000000140)='./file0/../file0\x00', &(0x7f0000000080)='devpts\x00', 0x0, 0x0) link(&(0x7f0000000300)='./file1\x00', &(0x7f0000000340)='./file0/../file0\x00') 2.957531224s ago: executing program 2 (id=1051): socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$OSF_MSG_ADD(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f00000000c0)=[@in={0x2, 0x0, @loopback}, @in], 0x20) getpid() setsockopt$inet_sctp_SCTP_AUTH_CHUNK(0xffffffffffffffff, 0x84, 0x15, &(0x7f00000000c0)={0xeb}, 0x1) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) r2 = socket$kcm(0x29, 0x5, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x5452, &(0x7f0000000040)) sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0}, 0x400c885) memfd_create(0x0, 0x0) fanotify_mark(0xffffffffffffffff, 0x1, 0x105b, 0xffffffffffffffff, 0x0) add_key(&(0x7f0000001340)='big_key\x00', &(0x7f0000001380)={'syz', 0x1}, &(0x7f0000001300)='n', 0x1, 0xffffffffffffffff) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x24000044, 0x0, 0x0) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0xa00000000000000, 0x80, 0x0, 0x78) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00'}, 0x90) 2.765047644s ago: executing program 0 (id=1052): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) mount(0x0, 0x0, 0x0, 0x0, 0x0) sendmmsg$unix(r0, 0x0, 0x0, 0x0) 2.585696599s ago: executing program 0 (id=1053): socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_LINKINFO_SET(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x0, 0x0, 0x92, 0x0, 0x2d88, 0xffffffffffffffff, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x5, 0x2}, 0x48) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000004c0)={{r0}, &(0x7f0000000440), 0x0}, 0x20) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) bind$can_j1939(0xffffffffffffffff, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) socket$inet6_udp(0xa, 0x2, 0x0) r4 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000000000)) ioctl$SNDCTL_DSP_SPEED(r4, 0xc0045002, &(0x7f00000000c0)) ioctl$SNDCTL_DSP_SETFMT(r4, 0xc0045005, &(0x7f0000000640)=0x10) 1.481418683s ago: executing program 0 (id=1054): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000080)) r1 = dup2(r0, r0) write$vhost_msg_v2(r1, &(0x7f0000000380)={0x2, 0x0, {&(0x7f0000000400)=""/131, 0x83, 0x0, 0x2, 0x2}}, 0x48) r2 = syz_open_dev$tty20(0xc, 0x4, 0x0) r3 = socket(0x2, 0x80805, 0x0) sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000001a40)=[{&(0x7f0000000000)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}], 0x1, 0x0) r4 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r3, 0x84, 0x11, &(0x7f0000000380)={r5}, 0x8) ioctl$TIOCL_PASTESEL(r2, 0x541c, 0x0) alarm(0x800) r6 = socket$netlink(0x10, 0x3, 0x0) unshare(0x22020600) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000280)='./file1\x00', &(0x7f0000000240)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000080)='./file1\x00') r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.throttle.io_serviced\x00', 0x275a, 0x0) quotactl_fd$Q_SETQUOTA(r7, 0xffffffff80000800, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}) r8 = syz_open_procfs$namespace(0x0, &(0x7f0000000140)='ns/mnt\x00') r9 = getuid() fstat(r8, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000200), 0x2000000, &(0x7f0000000480)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r7, @ANYRESHEX, @ANYBLOB=',cachetag=tmpfs\x00,defcontext=unconfined_u,fsmagic=0x0000000000000aac,fsuuid=256fd821-[8fd-&012-fX8d-b168b5W6,pcr=00000000000000000060,secl', @ANYRESDEC=r9, @ANYBLOB="0000000000000004", @ANYRESDEC=r10, @ANYBLOB]) setns(r8, 0x0) close_range(r6, 0xffffffffffffffff, 0x0) socket$inet(0x2, 0x0, 0x0) 1.325744053s ago: executing program 1 (id=1055): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000300)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f00000010c0)={0x84, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000100000005"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000006c0)={0x44, &(0x7f0000000100)=ANY=[@ANYBLOB="1f00020000009a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000007c0)={0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 1.13034531s ago: executing program 4 (id=1056): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000100)={0xa0179e1d}) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000080), 0x76, 0x101301) ioctl$USBDEVFS_DROP_PRIVILEGES(r3, 0x4004551e, 0x0) ioctl$USBDEVFS_CONTROL(r3, 0xc0185500, &(0x7f000001a080)={0x0, 0x9, 0x92, 0x0, 0x0, 0x0, &(0x7f0000019080)}) syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaa88aaaaaaaaaaaaaa"], 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/route\x00') pread64(0xffffffffffffffff, &(0x7f0000000080)=""/102356, 0x18fd4, 0xc2a) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) syz_mount_image$vfat(&(0x7f0000000280), &(0x7f00000002c0)='./file0\x00', 0x10, &(0x7f0000000140)=ANY=[@ANYRES8=0x0, @ANYRESDEC=0x0, @ANYRES64, @ANYRESOCT], 0x3, 0x2c8, &(0x7f00000005c0)="$eJzs3c9KG10YB+DX+Cf53ET4uipdDHTTVVDvIBQLpYGCJQu7MlSFYkSINNBSqrveS2+lu15Gr8BC6RQzU02sttoYJybPA8O8OPPDMzMh5wTOSTYf7O1u7R/sbJQiYu3z+zcRR/EtIqIUszFoprctDPztKACAu2Z9vVUvug2MVqdTb81HRPm3I81PhTQIAAAAAAAAAACAoZ3O////a1QqScxFHMVxxFLf/P+ZfF8y/x8AJoL5/5Ov06m3FvPx2yDz/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDiHKdpNf3DdlmufLvNBABu0JX6f509AEyUf/38DwDcXcfpbET86utnQv8PAJPvxcbLZ/VGY209SSoRex+7zW4z22fH6zvxOtqxHctRje9xMj7IZfWTp4215aRnKTb3DvP8Ybc3rujLr0Q1li7Or2T5ZCDfnI/F/vxqVOPexfnVC/ML8ehhlk/T9DBqUY0vr2I/2rF1MuLpy39YSZLHzxvn8uXeeT2lwh4PAAAAAAAAAAAAAAAAAAAAU6KWnBpcv9/M1u/Xapcdz/LX+H6Ac+vr5+L+XLHXDgAAAAAAAAAAAAAAAAAAAOPi4O273Va7vd258WIh/n5ODPEvKiNo87DFfxExm9/ZcWjPOBc/0uulSiN8rV5WlPNnOR537HaLAt+UAAAAAAAAAAAAAAAAAABgSp0t+r3K2d3RNwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACnD2+/+jK4q+RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGA6/AwAAP//Mn7jLQ==") socket$inet_udp(0x2, 0x2, 0x0) 764.887µs ago: executing program 0 (id=1057): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x44f, 0xb320, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, {0x9}}}]}}]}}, 0x0) r2 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_USER_AVC(r2, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000005304"], 0x14}}, 0x0) 0s ago: executing program 4 (id=1058): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="180200000000000000000000000000008500000017000000950000000000000060bda108010da26a15544b2a4c738e0fa0f897aa278b325764f2dcd6b865984f599ffe6cad199d36bc80e98b17249acf845992d69cc4a092d0655f0e225d2f568bd76a618d10b49d26440819e5f1e36c54"], &(0x7f00000005c0)='GPL\x00'}, 0x80) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r4, r3, 0x25, 0x0, @void}, 0x10) syz_emit_ethernet(0xfdef, &(0x7f0000000a40)=ANY=[], 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$PROG_BIND_MAP(0x23, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r5}, 0x10) r6 = fsopen(&(0x7f0000000000)='sysfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0) fcntl$lock(0xffffffffffffffff, 0x26, &(0x7f0000000000)={0x1}) r7 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1e7d, 0x30d4, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r7, 0x0, 0x0) syz_usb_control_io$hid(r7, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x22, 0x7, {[@main=@item_4={0x3, 0x0, 0x0, "f81d36c1"}, @main, @local]}}, 0x0}, 0x0) syz_usb_control_io(r7, 0x0, &(0x7f0000000740)={0x84, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) kernel console output (not intermixed with test programs): sing ep0 maxpacket: 32 [ 383.166502][ T46] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 27, changing to 8 [ 383.224035][ T46] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 16698, setting to 1024 [ 383.261257][ T46] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 383.281774][ T46] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 383.384411][ T46] hub 2-1:4.0: USB hub found [ 383.509590][ T54] Bluetooth: hci3: command tx timeout [ 383.599534][ T46] hub 2-1:4.0: 2 ports detected [ 383.604533][ T46] usb 2-1: selecting invalid altsetting 1 [ 383.622213][ T46] hub 2-1:4.0: Using single TT (err -22) [ 383.720727][ T5150] gp8psk: usb in 128 operation failed. [ 383.737596][ T5150] gp8psk: usb in 137 operation failed. [ 383.743992][ T5150] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver error while loading driver (-22) [ 383.754352][ T5150] dvb_usb_gp8psk 5-1:0.0: probe with driver dvb_usb_gp8psk failed with error -22 [ 383.791317][ T9675] netlink: 'syz.2.807': attribute type 41 has an invalid length. [ 383.796226][ T5150] usb 5-1: USB disconnect, device number 23 [ 383.813787][ T46] hub 2-1:4.0: hub_hub_status failed (err = -71) [ 383.842782][ T46] hub 2-1:4.0: config failed, can't get hub status (err -71) [ 383.972578][ T46] usb 2-1: USB disconnect, device number 16 [ 384.144645][ T9704] 9pnet_fd: Insufficient options for proto=fd [ 385.268619][ T9711] netlink: 'syz.0.814': attribute type 10 has an invalid length. [ 385.298372][ T9711] netlink: 40 bytes leftover after parsing attributes in process `syz.0.814'. [ 385.689076][ T5116] Bluetooth: hci3: command tx timeout [ 387.372670][ T9677] chnl_net:caif_netlink_parms(): no params data found [ 387.638340][ T29] audit: type=1326 audit(1720464545.075:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9745 comm="syz.2.821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09d8b75bd9 code=0x7ffc0000 [ 387.695218][ T29] audit: type=1326 audit(1720464545.115:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9745 comm="syz.2.821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f09d8b75bd9 code=0x7ffc0000 [ 387.723136][ T29] audit: type=1326 audit(1720464545.115:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9745 comm="syz.2.821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09d8b75bd9 code=0x7ffc0000 [ 387.749828][ T9677] bridge0: port 1(bridge_slave_0) entered blocking state [ 387.837981][ T29] audit: type=1326 audit(1720464545.115:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9745 comm="syz.2.821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09d8b75bd9 code=0x7ffc0000 [ 387.838245][ T5116] Bluetooth: hci3: command tx timeout [ 387.860173][ C1] vkms_vblank_simulate: vblank timer overrun [ 387.867892][ T9677] bridge0: port 1(bridge_slave_0) entered disabled state [ 387.883993][ T29] audit: type=1326 audit(1720464545.115:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9745 comm="syz.2.821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f09d8b74610 code=0x7ffc0000 [ 387.899485][ T9677] bridge_slave_0: entered allmulticast mode [ 387.936811][ T29] audit: type=1326 audit(1720464545.115:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9745 comm="syz.2.821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f09d8b757db code=0x7ffc0000 [ 387.945342][ T9677] bridge_slave_0: entered promiscuous mode [ 387.958905][ C1] vkms_vblank_simulate: vblank timer overrun [ 387.977994][ T29] audit: type=1326 audit(1720464545.115:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9745 comm="syz.2.821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f09d8b757db code=0x7ffc0000 [ 388.000970][ T9] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 388.017860][ T29] audit: type=1326 audit(1720464545.125:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9745 comm="syz.2.821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f09d8b757db code=0x7ffc0000 [ 388.049033][ T29] audit: type=1326 audit(1720464545.125:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9745 comm="syz.2.821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f09d8b757db code=0x7ffc0000 [ 388.051052][ T9677] bridge0: port 2(bridge_slave_1) entered blocking state [ 388.078369][ T9677] bridge0: port 2(bridge_slave_1) entered disabled state [ 388.085902][ T29] audit: type=1326 audit(1720464545.245:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9745 comm="syz.2.821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f09d8b757db code=0x7ffc0000 [ 388.113370][ T9677] bridge_slave_1: entered allmulticast mode [ 388.134431][ T9677] bridge_slave_1: entered promiscuous mode [ 388.202067][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 388.211879][ T9] usb 3-1: config 0 has no interfaces? [ 388.219127][ T9] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 388.254722][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 388.298592][ T9] usb 3-1: config 0 descriptor?? [ 388.426947][ T9677] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 388.503672][ T9754] loop4: detected capacity change from 0 to 1024 [ 388.541031][ T9677] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 388.880136][ T9677] team0: Port device team_slave_0 added [ 388.945662][ T9677] team0: Port device team_slave_1 added [ 389.616878][ T52] hfsplus: b-tree write err: -5, ino 4 [ 389.929308][ T5116] Bluetooth: hci3: command tx timeout [ 390.992024][ T9677] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 391.009137][ T9677] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 391.169102][ T9677] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 391.240829][ T9677] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 391.267822][ T5152] usb 3-1: USB disconnect, device number 10 [ 391.293741][ T9677] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 391.450236][ T9677] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 392.930068][ T9677] hsr_slave_0: entered promiscuous mode [ 393.019345][ T9677] hsr_slave_1: entered promiscuous mode [ 393.039205][ T9677] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 393.063864][ T9677] Cannot create hsr debugfs directory [ 393.834366][ T9810] netlink: 'syz.2.829': attribute type 41 has an invalid length. [ 393.899337][ T9813] loop1: detected capacity change from 0 to 2048 [ 393.930030][ T9813] EXT4-fs: Ignoring removed mblk_io_submit option [ 394.303527][ T9813] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 394.570780][ T5102] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 395.459320][ T9841] cifs: Unknown parameter '[bIT&:"1:ӭ'4,Zz-#F<]%gC [ 395.459320][ T9841] SȘȞZ6' [ 396.441285][ T9677] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 396.450895][ T46] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 396.485840][ T9843] loop2: detected capacity change from 0 to 1024 [ 396.550589][ T9677] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 396.611831][ T9677] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 396.647219][ T9677] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 396.670115][ T46] usb 1-1: Using ep0 maxpacket: 16 [ 396.694906][ T46] usb 1-1: New USB device found, idVendor=1943, idProduct=2250, bcdDevice= 0.09 [ 396.746396][ T46] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 396.779055][ T46] usb 1-1: Product: syz [ 396.795010][ T46] usb 1-1: Manufacturer: syz [ 396.816600][ T46] usb 1-1: SerialNumber: syz [ 396.847707][ T46] usb 1-1: config 0 descriptor?? [ 397.065906][ T9677] 8021q: adding VLAN 0 to HW filter on device bond0 [ 397.162261][ T3899] hfsplus: b-tree write err: -5, ino 4 [ 397.208657][ T9677] 8021q: adding VLAN 0 to HW filter on device team0 [ 397.588193][ T5154] bridge0: port 1(bridge_slave_0) entered blocking state [ 397.595483][ T5154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 397.737844][ T9858] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 398.363906][ T5154] bridge0: port 2(bridge_slave_1) entered blocking state [ 398.371198][ T5154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 398.389159][ T5150] usb 1-1: USB disconnect, device number 21 [ 399.477668][ T9872] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 399.494331][ T9872] syzkaller0: entered promiscuous mode [ 399.499995][ T9872] syzkaller0: entered allmulticast mode [ 399.934372][ T9900] loop2: detected capacity change from 0 to 2048 [ 399.961775][ T9900] EXT4-fs: Ignoring removed mblk_io_submit option [ 400.007369][ T9900] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 400.093014][ T8557] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 400.647070][ T9907] input: syz1 as /devices/virtual/input/input13 [ 401.766203][ T9897] netlink: 'syz.4.842': attribute type 41 has an invalid length. [ 401.780129][ T9908] netlink: 'syz.2.844': attribute type 8 has an invalid length. [ 402.071828][ T9677] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 403.040778][ T9677] veth0_vlan: entered promiscuous mode [ 403.159334][ T9677] veth1_vlan: entered promiscuous mode [ 403.979674][ T9945] cifs: Unknown parameter '[bIT&:"1:ӭ'4,Zz-#F<]%gC [ 403.979674][ T9945] SȘȞZ6' [ 404.924341][ T9677] veth0_macvtap: entered promiscuous mode [ 405.021604][ T9677] veth1_macvtap: entered promiscuous mode [ 405.064217][ T9677] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 405.079177][ T928] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 405.098818][ T9677] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 405.115852][ T9677] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 405.129290][ T9677] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 405.142382][ T9677] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 405.168290][ T9677] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 405.179718][ T9677] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 405.193214][ T9677] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 405.221942][ T9677] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 405.255660][ T9677] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 405.276734][ T928] usb 3-1: Using ep0 maxpacket: 16 [ 405.282196][ T9677] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 405.298907][ T928] usb 3-1: New USB device found, idVendor=1943, idProduct=2250, bcdDevice= 0.09 [ 405.308700][ T928] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 405.316920][ T9677] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 405.327838][ T928] usb 3-1: Product: syz [ 405.334439][ T9677] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 405.355852][ T928] usb 3-1: Manufacturer: syz [ 405.366823][ T928] usb 3-1: SerialNumber: syz [ 405.371978][ T9677] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 405.384835][ T928] usb 3-1: config 0 descriptor?? [ 405.399044][ T9677] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 405.429323][ T9677] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 405.457937][ T9677] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 405.475590][ T9677] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 405.497034][ T9677] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 405.506154][ T9677] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 405.521140][ T9677] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 405.533417][ T9677] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 406.474332][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 406.513831][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 406.946219][ T5152] usb 3-1: USB disconnect, device number 11 [ 407.878498][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 407.966662][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 407.978347][ T9975] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 408.000584][ T9975] syzkaller0: entered promiscuous mode [ 408.006421][ T9975] syzkaller0: entered allmulticast mode [ 409.920998][T10002] netlink: 'syz.4.860': attribute type 29 has an invalid length. [ 410.493406][ T9989] netlink: 'syz.0.857': attribute type 41 has an invalid length. [ 410.694966][T10002] netlink: 'syz.4.860': attribute type 29 has an invalid length. [ 410.734242][T10007] netlink: 'syz.4.860': attribute type 29 has an invalid length. [ 411.958215][ T11] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 412.038640][ T11] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 412.092066][ T11] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 412.138540][ T11] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 412.311159][ T11] bridge_slave_1: left allmulticast mode [ 412.316877][ T11] bridge_slave_1: left promiscuous mode [ 412.324416][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 412.336053][ T11] bridge_slave_0: left allmulticast mode [ 412.346843][ T11] bridge_slave_0: left promiscuous mode [ 412.356226][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 412.986895][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 413.007569][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 413.039554][ T11] bond0 (unregistering): Released all slaves [ 413.690302][T10070] cifs: Unknown parameter '[bIT&:"1:ӭ'4,Zz-#F<]%gC [ 413.690302][T10070] SȘȞZ6' [ 414.559410][ T46] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 414.782865][ T11] hsr_slave_0: left promiscuous mode [ 414.810197][ T11] hsr_slave_1: left promiscuous mode [ 414.823125][ T46] usb 5-1: Using ep0 maxpacket: 16 [ 414.865908][ T46] usb 5-1: New USB device found, idVendor=1943, idProduct=2250, bcdDevice= 0.09 [ 414.904650][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 414.934939][ T46] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 414.946809][ T46] usb 5-1: Product: syz [ 414.951363][ T46] usb 5-1: Manufacturer: syz [ 414.957093][ T46] usb 5-1: SerialNumber: syz [ 415.032998][ T46] usb 5-1: config 0 descriptor?? [ 415.051708][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 415.384752][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 415.505665][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 415.741046][ T54] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 415.771515][ T54] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 415.784513][ T54] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 415.797762][ T54] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 415.808382][ T54] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 415.817091][ T54] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 415.852384][ T11] veth1_macvtap: left promiscuous mode [ 415.907416][ T11] veth0_macvtap: left promiscuous mode [ 415.931294][ T11] veth1_vlan: left promiscuous mode [ 415.946082][ T11] veth0_vlan: left promiscuous mode [ 416.409809][ T46] usb 5-1: USB disconnect, device number 24 [ 417.247955][T10109] loop2: detected capacity change from 0 to 512 [ 417.290223][T10109] FAT-fs (loop2): bogus logical sector size 0 [ 417.312396][T10109] FAT-fs (loop2): Can't find a valid FAT filesystem [ 417.991830][ T54] Bluetooth: hci3: command tx timeout [ 419.537001][T10108] loop0: detected capacity change from 0 to 40427 [ 419.565187][T10108] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 419.598732][T10108] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 419.656882][T10108] F2FS-fs (loop0): invalid crc value [ 419.722932][T10108] F2FS-fs (loop0): Found nat_bits in checkpoint [ 419.821942][T10128] loop2: detected capacity change from 0 to 128 [ 419.856591][T10128] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 419.877752][T10108] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 419.896331][T10108] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 420.113823][ T54] Bluetooth: hci3: command tx timeout [ 420.158974][ C1] DEBUG: holding rtnl_mutex for 550 jiffies. [ 420.165032][ C1] task:kworker/u8:0 state:R running task stack:18296 pid:11 tgid:11 ppid:2 flags:0x00004000 [ 420.176902][ C1] Workqueue: netns cleanup_net [ 420.181763][ C1] Call Trace: [ 420.185083][ C1] [ 420.187964][ C1] sched_show_task+0x506/0x6d0 [ 420.192846][ C1] ? report_rtnl_holders+0x29e/0x3f0 [ 420.198214][ C1] ? __pfx__printk+0x10/0x10 [ 420.202942][ C1] ? __pfx_sched_show_task+0x10/0x10 [ 420.208271][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 420.214266][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 420.220675][ C1] report_rtnl_holders+0x320/0x3f0 [ 420.225845][ C1] call_timer_fn+0x18e/0x650 [ 420.230534][ C1] ? call_timer_fn+0xc0/0x650 [ 420.235251][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 420.241020][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 420.246178][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 420.251915][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 420.257605][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 420.263346][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 420.268592][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 420.273892][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 420.279614][ C1] __run_timer_base+0x66a/0x8e0 [ 420.284538][ C1] ? __pfx___run_timer_base+0x10/0x10 [ 420.290027][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 420.296445][ C1] run_timer_softirq+0xb7/0x170 [ 420.301411][ C1] handle_softirqs+0x2c4/0x970 [ 420.306249][ C1] ? __irq_exit_rcu+0xf4/0x1c0 [ 420.311138][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 420.316485][ C1] ? irqtime_account_irq+0xd4/0x1e0 [ 420.321773][ C1] __irq_exit_rcu+0xf4/0x1c0 [ 420.326442][ C1] ? __pfx___irq_exit_rcu+0x10/0x10 [ 420.331737][ C1] irq_exit_rcu+0x9/0x30 [ 420.336012][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 420.341725][ C1] [ 420.344687][ C1] [ 420.347642][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 420.353767][ C1] RIP: 0010:finish_task_switch+0x1ea/0x870 [ 420.359687][ C1] Code: c9 50 e8 a9 b9 0b 00 48 83 c4 08 4c 89 f7 e8 dd 38 00 00 e9 de 04 00 00 4c 89 f7 e8 30 59 38 0a e8 1b 88 37 00 fb 48 8b 5d c0 <48> 8d bb f8 15 00 00 48 89 f8 48 c1 e8 03 49 be 00 00 00 00 00 fc [ 420.379385][ C1] RSP: 0018:ffffc900001071e8 EFLAGS: 00000282 [ 420.385508][ C1] RAX: 11e20410c9555b00 RBX: ffff8880172cbc00 RCX: ffffffff816fddda [ 420.393568][ C1] RDX: dffffc0000000000 RSI: ffffffff8bcac900 RDI: ffffffff8c207f20 [ 420.401626][ C1] RBP: ffffc90000107230 R08: ffffffff9301078f R09: 1ffffffff26020f1 [ 420.409670][ C1] R10: dffffc0000000000 R11: fffffbfff26020f2 R12: 1ffff110172a7ef3 [ 420.417677][ C1] R13: dffffc0000000000 R14: ffff8880b943ea00 R15: ffff8880b953f798 [ 420.425757][ C1] ? mark_lock+0x9a/0x360 [ 420.430185][ C1] ? finish_task_switch+0x1e5/0x870 [ 420.435455][ C1] __schedule+0x1808/0x4a60 [ 420.440086][ C1] ? __pfx___schedule+0x10/0x10 [ 420.444994][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 420.451090][ C1] ? preempt_schedule_irq+0xf0/0x1c0 [ 420.456437][ C1] preempt_schedule_irq+0xfb/0x1c0 [ 420.461645][ C1] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 420.467435][ C1] irqentry_exit+0x5e/0x90 [ 420.471958][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 420.477989][ C1] RIP: 0010:lockdep_unregister_key+0x56d/0x610 [ 420.484266][ C1] Code: ff 92 48 c7 c6 10 bc 6f 81 e8 8f 04 0a 00 e8 fa 18 0a 00 e9 e5 fb ff ff e8 c0 62 21 0a 41 f7 c7 00 02 00 00 74 d0 fb 45 84 f6 <75> cf eb e0 90 0f 0b 90 45 31 f6 e9 62 ff ff ff 90 0f 0b 90 e9 a1 [ 420.503962][ C1] RSP: 0018:ffffc900001075c0 EFLAGS: 00000246 [ 420.510154][ C1] RAX: dffffc0000000000 RBX: 1ffff92000020ec0 RCX: ffffffff947f4803 [ 420.518164][ C1] RDX: 0000000000000001 RSI: ffffffff8bcad5e0 RDI: ffffffff8c207f20 [ 420.526238][ C1] RBP: ffffc90000107698 R08: ffffffff930067e7 R09: 1ffffffff2600cfc [ 420.534285][ C1] R10: dffffc0000000000 R11: fffffbfff2600cfd R12: ffffc90000107600 [ 420.542365][ C1] R13: 1ffff92000020ebc R14: 0000000000000000 R15: 0000000000000a02 [ 420.550450][ C1] ? __pfx_lockdep_unregister_key+0x10/0x10 [ 420.556406][ C1] ? rcu_is_watching+0x15/0xb0 [ 420.561264][ C1] ? qdisc_reset+0x3bf/0x5b0 [ 420.565897][ C1] __qdisc_destroy+0x165/0x410 [ 420.570737][ C1] dev_shutdown+0x9b/0x440 [ 420.575194][ C1] unregister_netdevice_many_notify+0x9c7/0x1d20 [ 420.581666][ C1] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 420.588503][ C1] ? unregister_netdevice_queue+0x26b/0x370 [ 420.594515][ C1] ? batadv_softif_destroy_netlink+0x1e0/0x270 [ 420.600763][ C1] default_device_exit_batch+0xa0f/0xa90 [ 420.606471][ C1] ? __pfx___might_resched+0x10/0x10 [ 420.611856][ C1] ? __pfx_default_device_exit_batch+0x10/0x10 [ 420.618069][ C1] ? cfg802154_pernet_exit+0xc3/0xe0 [ 420.623440][ C1] ? __pfx_default_device_exit_batch+0x10/0x10 [ 420.629702][ C1] cleanup_net+0x89d/0xcc0 [ 420.634168][ C1] ? __pfx_cleanup_net+0x10/0x10 [ 420.639198][ C1] ? process_scheduled_works+0x945/0x1830 [ 420.644963][ C1] process_scheduled_works+0xa2c/0x1830 [ 420.650649][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 420.656698][ C1] ? assign_work+0x364/0x3d0 [ 420.661421][ C1] worker_thread+0x86d/0xd40 [ 420.666077][ C1] ? __kthread_parkme+0x169/0x1d0 [ 420.671190][ C1] ? __pfx_worker_thread+0x10/0x10 [ 420.676354][ C1] kthread+0x2f0/0x390 [ 420.680538][ C1] ? __pfx_worker_thread+0x10/0x10 [ 420.685699][ C1] ? __pfx_kthread+0x10/0x10 [ 420.690415][ C1] ret_from_fork+0x4b/0x80 [ 420.694877][ C1] ? __pfx_kthread+0x10/0x10 [ 420.699552][ C1] ret_from_fork_asm+0x1a/0x30 [ 420.704392][ C1] [ 420.707446][ C1] [ 420.707446][ C1] Showing all locks held in the system: [ 420.715261][ C1] 6 locks held by kworker/u8:0/11: [ 420.720470][ C1] #0: ffff888015edd948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 420.731490][ C1] #1: ffffc90000107d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 420.742147][ C1] #2: ffffffff8f5f2c10 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 [ 420.751674][ C1] #3: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0xe9/0xa90 [ 420.761831][ C1] #4: ffffc90000a18c00 (net/core/rtnetlink.c:83){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 [ 420.772065][ C1] #5: ffffffff8e335860 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 420.782045][ C1] 3 locks held by kworker/u8:3/52: [ 420.787183][ C1] #0: ffff88802a65c948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 420.798956][ C1] #1: ffffc90000bc7d00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 420.812828][ C1] #2: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x19/0x30 [ 420.822502][ C1] 1 lock held by dhcpcd/4764: [ 420.827213][ C1] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: devinet_ioctl+0x2ce/0x1bc0 [ 420.836486][ C1] 2 locks held by getty/4854: [ 420.841245][ C1] #0: ffff88802b1190a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 420.851112][ C1] #1: ffffc900031332f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 420.861453][ C1] 3 locks held by kworker/1:4/5151: [ 420.866678][ C1] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 420.877780][ C1] #1: ffffc90004067d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 420.888905][ C1] #2: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 420.897989][ C1] 1 lock held by syz-executor/10086: [ 420.903359][ C1] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 420.912995][ C1] 2 locks held by syz.1.868/10091: [ 420.918232][ C1] #0: ffff888077544f58 (sk_lock-AF_SMC){+.+.}-{0:0}, at: smc_connect+0xb7/0xde0 [ 420.927504][ C1] #1: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: smc_vlan_by_tcpsk+0x399/0x4e0 [ 420.937096][ C1] 1 lock held by syz.4.871/10106: [ 420.942198][ C1] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 420.951868][ C1] 2 locks held by syz.4.871/10110: [ 420.957444][ C1] #0: ffffffff8f668fb0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 420.965800][ C1] #1: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: nl80211_pre_doit+0x5f/0x8b0 [ 420.975154][ C1] 1 lock held by syz.0.872/10132: [ 420.980261][ C1] [ 420.982611][ C1] ============================================= [ 420.982611][ C1] [ 421.115385][ T11] team0 (unregistering): Port device team_slave_1 removed [ 421.204001][ T11] team0 (unregistering): Port device team_slave_0 removed [ 421.357044][ T5097] bio_check_eod: 1 callbacks suppressed [ 421.357067][ T5097] syz-executor: attempt to access beyond end of device [ 421.357067][ T5097] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 421.399172][ T5097] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 422.069584][ C1] DEBUG: waiting rtnl_mutex for 622 jiffies. [ 422.075643][ C1] task:kworker/1:4 state:D stack:20888 pid:5151 tgid:5151 ppid:2 flags:0x00004000 [ 422.085936][ C1] Workqueue: events linkwatch_event [ 422.091251][ C1] Call Trace: [ 422.094577][ C1] [ 422.097549][ C1] __schedule+0x1800/0x4a60 [ 422.102134][ C1] ? __pfx___schedule+0x10/0x10 [ 422.106998][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 422.113012][ C1] ? __pfx_lock_release+0x10/0x10 [ 422.118076][ C1] ? kick_pool+0x1bd/0x620 [ 422.122566][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 422.127802][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 422.133067][ C1] ? schedule+0x90/0x320 [ 422.137361][ C1] schedule+0x14b/0x320 [ 422.141585][ C1] schedule_preempt_disabled+0x13/0x30 [ 422.147079][ C1] __mutex_lock+0x6a4/0xd70 [ 422.151305][ T54] Bluetooth: hci3: command tx timeout [ 422.151646][ C1] ? __mutex_lock+0x527/0xd70 [ 422.161682][ C1] ? linkwatch_event+0xe/0x60 [ 422.166368][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 422.171494][ C1] ? get_rtnl_holder+0x144/0x190 [ 422.176467][ C1] ? process_scheduled_works+0x945/0x1830 [ 422.182253][ C1] linkwatch_event+0xe/0x60 [ 422.186782][ C1] process_scheduled_works+0xa2c/0x1830 [ 422.192412][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 422.198409][ C1] ? assign_work+0x364/0x3d0 [ 422.203032][ C1] worker_thread+0x86d/0xd40 [ 422.207634][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 422.213589][ C1] ? __kthread_parkme+0x169/0x1d0 [ 422.218638][ C1] ? __pfx_worker_thread+0x10/0x10 [ 422.223795][ C1] kthread+0x2f0/0x390 [ 422.227870][ C1] ? __pfx_worker_thread+0x10/0x10 [ 422.233007][ C1] ? __pfx_kthread+0x10/0x10 [ 422.237607][ C1] ret_from_fork+0x4b/0x80 [ 422.242075][ C1] ? __pfx_kthread+0x10/0x10 [ 422.246675][ C1] ret_from_fork_asm+0x1a/0x30 [ 422.251507][ C1] [ 422.254544][ C1] DEBUG: waiting rtnl_mutex for 634 jiffies. [ 422.260564][ C1] task:syz-executor state:D stack:23696 pid:10086 tgid:10086 ppid:10058 flags:0x00000000 [ 422.270822][ C1] Call Trace: [ 422.274116][ C1] [ 422.277103][ C1] __schedule+0x1800/0x4a60 [ 422.281672][ C1] ? __pfx___schedule+0x10/0x10 [ 422.286532][ C1] ? __pfx_lock_release+0x10/0x10 [ 422.291608][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 422.297091][ C1] ? schedule+0x90/0x320 [ 422.301376][ C1] schedule+0x14b/0x320 [ 422.305557][ C1] schedule_preempt_disabled+0x13/0x30 [ 422.311043][ C1] __mutex_lock+0x6a4/0xd70 [ 422.315563][ C1] ? __mutex_lock+0x527/0xd70 [ 422.320305][ C1] ? rtnetlink_rcv_msg+0x847/0x1180 [ 422.325519][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 422.330594][ C1] ? get_rtnl_holder+0x144/0x190 [ 422.335535][ C1] rtnetlink_rcv_msg+0x847/0x1180 [ 422.340599][ C1] ? rtnetlink_rcv_msg+0x208/0x1180 [ 422.345808][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 422.351290][ C1] ? is_bpf_text_address+0x285/0x2a0 [ 422.356587][ C1] ? __pfx_validate_chain+0x10/0x10 [ 422.361900][ C1] ? __pfx_validate_chain+0x10/0x10 [ 422.367108][ C1] ? arch_stack_walk+0x16d/0x1b0 [ 422.372079][ C1] ? mark_lock+0x9a/0x360 [ 422.376422][ C1] ? __pfx_validate_chain+0x10/0x10 [ 422.381649][ C1] ? __lock_acquire+0x1359/0x2000 [ 422.386691][ C1] ? mark_lock+0x9a/0x360 [ 422.391054][ C1] ? __lock_acquire+0x1359/0x2000 [ 422.396100][ C1] netlink_rcv_skb+0x1e3/0x430 [ 422.400896][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 422.406385][ C1] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 422.411719][ C1] ? netlink_deliver_tap+0x2e/0x1b0 [ 422.416944][ C1] netlink_unicast+0x7f0/0x990 [ 422.421746][ C1] ? __pfx_netlink_unicast+0x10/0x10 [ 422.427055][ C1] ? __virt_addr_valid+0x183/0x530 [ 422.432223][ C1] ? __check_object_size+0x49c/0x900 [ 422.437518][ C1] ? bpf_lsm_netlink_send+0x9/0x10 [ 422.442675][ C1] netlink_sendmsg+0x8e4/0xcb0 [ 422.447480][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 422.452787][ C1] ? aa_sock_msg_perm+0x91/0x160 [ 422.457725][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 422.463027][ C1] ? security_socket_sendmsg+0x87/0xb0 [ 422.468490][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 422.473819][ C1] __sock_sendmsg+0x221/0x270 [ 422.478513][ C1] __sys_sendto+0x3a4/0x4f0 [ 422.483055][ C1] ? __pfx___sys_sendto+0x10/0x10 [ 422.488106][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 422.494116][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 422.500468][ C1] ? exc_page_fault+0x590/0x8c0 [ 422.505330][ C1] __x64_sys_sendto+0xde/0x100 [ 422.510122][ C1] do_syscall_64+0xf3/0x230 [ 422.514624][ C1] ? clear_bhb_loop+0x35/0x90 [ 422.519349][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 422.525250][ C1] RIP: 0033:0x7fe0da77796c [ 422.529708][ C1] RSP: 002b:00007ffcfed267c0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 422.538161][ C1] RAX: ffffffffffffffda RBX: 00007fe0db434620 RCX: 00007fe0da77796c [ 422.546177][ C1] RDX: 0000000000000028 RSI: 00007fe0db434670 RDI: 0000000000000003 [ 422.554214][ C1] RBP: 0000000000000000 R08: 00007ffcfed26814 R09: 000000000000000c [ 422.562231][ C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 422.570238][ C1] R13: 0000000000000000 R14: 00007fe0db434670 R15: 0000000000000000 [ 422.578233][ C1] [ 422.581280][ C1] DEBUG: waiting rtnl_mutex for 548 jiffies. [ 422.587255][ C1] task:syz.1.868 state:D stack:23952 pid:10091 tgid:10087 ppid:5102 flags:0x00004004 [ 422.597491][ C1] Call Trace: [ 422.600798][ C1] [ 422.603735][ C1] __schedule+0x1800/0x4a60 [ 422.608270][ C1] ? __pfx___schedule+0x10/0x10 [ 422.613159][ C1] ? __pfx_lock_release+0x10/0x10 [ 422.618203][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 422.623704][ C1] ? schedule+0x90/0x320 [ 422.627953][ C1] schedule+0x14b/0x320 [ 422.632155][ C1] schedule_preempt_disabled+0x13/0x30 [ 422.637631][ C1] __mutex_lock+0x6a4/0xd70 [ 422.642169][ C1] ? __mutex_lock+0x527/0xd70 [ 422.646866][ C1] ? smc_vlan_by_tcpsk+0x399/0x4e0 [ 422.652018][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 422.657064][ C1] ? get_rtnl_holder+0x144/0x190 [ 422.662043][ C1] smc_vlan_by_tcpsk+0x399/0x4e0 [ 422.666999][ C1] ? __pfx_smc_vlan_by_tcpsk+0x10/0x10 [ 422.672487][ C1] ? __smc_connect+0x1c8/0x1890 [ 422.677344][ C1] ? __kmalloc_cache_noprof+0x19c/0x2c0 [ 422.682930][ C1] __smc_connect+0x2a4/0x1890 [ 422.687619][ C1] ? do_raw_spin_unlock+0x13c/0x8b0 [ 422.692860][ C1] smc_connect+0x868/0xde0 [ 422.697291][ C1] __sys_connect+0x2df/0x310 [ 422.701932][ C1] ? __pfx___sys_connect+0x10/0x10 [ 422.707064][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 422.713447][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 422.719806][ C1] ? __irq_exit_rcu+0x100/0x1c0 [ 422.724665][ C1] __x64_sys_connect+0x7a/0x90 [ 422.729478][ C1] do_syscall_64+0xf3/0x230 [ 422.733989][ C1] ? clear_bhb_loop+0x35/0x90 [ 422.738699][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 422.744620][ C1] RIP: 0033:0x7ff032d75bd9 [ 422.749079][ C1] RSP: 002b:00007ff033bef048 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 422.757560][ C1] RAX: ffffffffffffffda RBX: 00007ff032f04038 RCX: 00007ff032d75bd9 [ 422.765559][ C1] RDX: 0000000000000010 RSI: 0000000020000080 RDI: 0000000000000007 [ 422.773564][ C1] RBP: 00007ff032de4e60 R08: 0000000000000000 R09: 0000000000000000 [ 422.781560][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 422.789556][ C1] R13: 000000000000006e R14: 00007ff032f04038 R15: 00007ffc9b416e18 [ 422.797543][ C1] [ 422.800587][ C1] DEBUG: waiting rtnl_mutex for 564 jiffies. [ 422.806558][ C1] task:syz.4.871 state:D stack:25728 pid:10106 tgid:10104 ppid:5100 flags:0x00004004 [ 422.816806][ C1] Call Trace: [ 422.820126][ C1] [ 422.823074][ C1] __schedule+0x1800/0x4a60 [ 422.827609][ C1] ? __pfx___schedule+0x10/0x10 [ 422.832499][ C1] ? __pfx_lock_release+0x10/0x10 [ 422.837532][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 422.843033][ C1] ? schedule+0x90/0x320 [ 422.847280][ C1] schedule+0x14b/0x320 [ 422.851474][ C1] schedule_preempt_disabled+0x13/0x30 [ 422.856945][ C1] __mutex_lock+0x6a4/0xd70 [ 422.861480][ C1] ? __mutex_lock+0x527/0xd70 [ 422.866198][ C1] ? rtnetlink_rcv_msg+0x847/0x1180 [ 422.871452][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 422.876501][ C1] ? get_rtnl_holder+0x144/0x190 [ 422.881488][ C1] rtnetlink_rcv_msg+0x847/0x1180 [ 422.886527][ C1] ? rtnetlink_rcv_msg+0x208/0x1180 [ 422.891757][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 422.897232][ C1] ? __local_bh_enable_ip+0x168/0x200 [ 422.902626][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 422.907831][ C1] ? __local_bh_enable_ip+0x168/0x200 [ 422.913225][ C1] ? dev_hard_start_xmit+0x773/0x7e0 [ 422.918513][ C1] ? __dev_queue_xmit+0x2da/0x3e90 [ 422.923647][ C1] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 422.929398][ C1] ? __dev_queue_xmit+0x2da/0x3e90 [ 422.934513][ C1] ? __dev_queue_xmit+0x1763/0x3e90 [ 422.939728][ C1] ? kasan_save_track+0x51/0x80 [ 422.944595][ C1] ? vfs_writev+0x37c/0xbb0 [ 422.949141][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 422.955229][ C1] ? __dev_queue_xmit+0x2da/0x3e90 [ 422.960375][ C1] ? __pfx___dev_queue_xmit+0x10/0x10 [ 422.965764][ C1] ? ref_tracker_free+0x643/0x7e0 [ 422.970819][ C1] netlink_rcv_skb+0x1e3/0x430 [ 422.975597][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 422.981135][ C1] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 422.986454][ C1] ? netlink_deliver_tap+0x2e/0x1b0 [ 422.991676][ C1] netlink_unicast+0x7f0/0x990 [ 422.996458][ C1] ? __pfx_netlink_unicast+0x10/0x10 [ 423.001766][ C1] ? __virt_addr_valid+0x183/0x530 [ 423.006910][ C1] ? __check_object_size+0x49c/0x900 [ 423.012219][ C1] ? bpf_lsm_netlink_send+0x9/0x10 [ 423.017339][ C1] netlink_sendmsg+0x8e4/0xcb0 [ 423.022138][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 423.027424][ C1] ? aa_sock_msg_perm+0x91/0x160 [ 423.032398][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 423.037696][ C1] ? security_socket_sendmsg+0x87/0xb0 [ 423.043180][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 423.048483][ C1] __sock_sendmsg+0x221/0x270 [ 423.053201][ C1] sock_write_iter+0x2dd/0x400 [ 423.057980][ C1] ? __pfx_sock_write_iter+0x10/0x10 [ 423.063309][ C1] ? futex_wait_queue+0x14e/0x1d0 [ 423.068341][ C1] ? futex_unqueue+0xcb/0xf0 [ 423.072972][ C1] do_iter_readv_writev+0x60a/0x890 [ 423.078179][ C1] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 423.083924][ C1] ? bpf_lsm_file_permission+0x9/0x10 [ 423.089317][ C1] ? security_file_permission+0x7f/0xa0 [ 423.094862][ C1] ? rw_verify_area+0x1d2/0x6b0 [ 423.099736][ C1] vfs_writev+0x37c/0xbb0 [ 423.104101][ C1] ? __pfx_vfs_writev+0x10/0x10 [ 423.109026][ C1] do_writev+0x1b1/0x350 [ 423.113303][ C1] ? __pfx_do_writev+0x10/0x10 [ 423.118071][ C1] ? do_syscall_64+0x100/0x230 [ 423.122881][ C1] ? do_syscall_64+0xb6/0x230 [ 423.127569][ C1] do_syscall_64+0xf3/0x230 [ 423.132096][ C1] ? clear_bhb_loop+0x35/0x90 [ 423.136803][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 423.142717][ C1] RIP: 0033:0x7f6d22175bd9 [ 423.147129][ C1] RSP: 002b:00007f6d22e87048 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 423.155567][ C1] RAX: ffffffffffffffda RBX: 00007f6d22303f60 RCX: 00007f6d22175bd9 [ 423.163564][ C1] RDX: 0000000000000001 RSI: 0000000020000140 RDI: 0000000000000005 [ 423.171561][ C1] RBP: 00007f6d221e4e60 R08: 0000000000000000 R09: 0000000000000000 [ 423.179552][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 423.187520][ C1] R13: 000000000000000b R14: 00007f6d22303f60 R15: 00007ffed1402258 [ 423.195528][ C1] [ 423.198546][ C1] DEBUG: waiting rtnl_mutex for 595 jiffies. [ 423.204537][ C1] task:syz.4.871 state:D stack:27056 pid:10110 tgid:10104 ppid:5100 flags:0x00000004 [ 423.214721][ C1] Call Trace: [ 423.217996][ C1] [ 423.220950][ C1] __schedule+0x1800/0x4a60 [ 423.225477][ C1] ? __pfx___schedule+0x10/0x10 [ 423.230354][ C1] ? __pfx_lock_release+0x10/0x10 [ 423.235386][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 423.240880][ C1] ? schedule+0x90/0x320 [ 423.245134][ C1] schedule+0x14b/0x320 [ 423.249313][ C1] schedule_preempt_disabled+0x13/0x30 [ 423.254779][ C1] __mutex_lock+0x6a4/0xd70 [ 423.259309][ C1] ? __mutex_lock+0x527/0xd70 [ 423.263998][ C1] ? nl80211_pre_doit+0x5f/0x8b0 [ 423.268991][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 423.274046][ C1] ? genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 423.280318][ C1] ? get_rtnl_holder+0x144/0x190 [ 423.285260][ C1] nl80211_pre_doit+0x5f/0x8b0 [ 423.290058][ C1] genl_rcv_msg+0xaaa/0xec0 [ 423.294564][ C1] ? mark_lock+0x9a/0x360 [ 423.298994][ C1] ? __pfx_genl_rcv_msg+0x10/0x10 [ 423.304051][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 423.309118][ C1] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 423.314510][ C1] ? __pfx_nl80211_tx_mgmt+0x10/0x10 [ 423.319816][ C1] ? __pfx_nl80211_post_doit+0x10/0x10 [ 423.325278][ C1] ? __pfx___might_resched+0x10/0x10 [ 423.330592][ C1] netlink_rcv_skb+0x1e3/0x430 [ 423.335376][ C1] ? __pfx_genl_rcv_msg+0x10/0x10 [ 423.340425][ C1] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 423.345728][ C1] ? __netlink_deliver_tap+0x77e/0x7c0 [ 423.351223][ C1] genl_rcv+0x28/0x40 [ 423.355216][ C1] netlink_unicast+0x7f0/0x990 [ 423.360108][ C1] ? __pfx_netlink_unicast+0x10/0x10 [ 423.365431][ C1] ? __virt_addr_valid+0x183/0x530 [ 423.370582][ C1] ? __check_object_size+0x49c/0x900 [ 423.375872][ C1] ? bpf_lsm_netlink_send+0x9/0x10 [ 423.381012][ C1] netlink_sendmsg+0x8e4/0xcb0 [ 423.385785][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 423.391095][ C1] ? __import_iovec+0x536/0x820 [ 423.395971][ C1] ? aa_sock_msg_perm+0x91/0x160 [ 423.400934][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 423.406228][ C1] ? security_socket_sendmsg+0x87/0xb0 [ 423.411721][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 423.417007][ C1] __sock_sendmsg+0x221/0x270 [ 423.421802][ C1] ____sys_sendmsg+0x525/0x7d0 [ 423.426579][ C1] ? __pfx_____sys_sendmsg+0x10/0x10 [ 423.431902][ C1] __sys_sendmsg+0x2b0/0x3a0 [ 423.436512][ C1] ? __pfx___sys_sendmsg+0x10/0x10 [ 423.441680][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 423.448014][ C1] ? do_syscall_64+0x100/0x230 [ 423.452837][ C1] ? do_syscall_64+0xb6/0x230 [ 423.457558][ C1] do_syscall_64+0xf3/0x230 [ 423.462102][ C1] ? clear_bhb_loop+0x35/0x90 [ 423.466901][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 423.472824][ C1] RIP: 0033:0x7f6d22175bd9 [ 423.477243][ C1] RSP: 002b:00007f6d22e66048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 423.485682][ C1] RAX: ffffffffffffffda RBX: 00007f6d22304038 RCX: 00007f6d22175bd9 [ 423.493677][ C1] RDX: 0000000000000000 RSI: 0000000020001380 RDI: 0000000000000003 [ 423.501680][ C1] RBP: 00007f6d221e4e60 R08: 0000000000000000 R09: 0000000000000000 [ 423.509698][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 423.517669][ C1] R13: 000000000000006e R14: 00007f6d22304038 R15: 00007ffed1402258 [ 423.525673][ C1] [ 423.528706][ C1] DEBUG: holding rtnl_mutex for 886 jiffies. [ 423.534700][ C1] task:kworker/u8:0 state:R running task stack:18296 pid:11 tgid:11 ppid:2 flags:0x00004008 [ 423.546475][ C1] Workqueue: netns cleanup_net [ 423.551270][ C1] Call Trace: [ 423.554551][ C1] [ 423.557392][ C1] sched_show_task+0x506/0x6d0 [ 423.562180][ C1] ? report_rtnl_holders+0x29e/0x3f0 [ 423.567476][ C1] ? __pfx__printk+0x10/0x10 [ 423.572102][ C1] ? __pfx_sched_show_task+0x10/0x10 [ 423.577387][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 423.583324][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 423.589708][ C1] report_rtnl_holders+0x320/0x3f0 [ 423.594838][ C1] call_timer_fn+0x18e/0x650 [ 423.599469][ C1] ? call_timer_fn+0xc0/0x650 [ 423.604145][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 423.609811][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 423.614924][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 423.620585][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 423.626248][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 423.631907][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 423.637109][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 423.642334][ C1] ? __pfx_report_rtnl_holders+0x10/0x10 [ 423.647972][ C1] __run_timer_base+0x66a/0x8e0 [ 423.652862][ C1] ? __pfx___run_timer_base+0x10/0x10 [ 423.658254][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 423.664625][ C1] run_timer_softirq+0xb7/0x170 [ 423.669536][ C1] handle_softirqs+0x2c4/0x970 [ 423.674316][ C1] ? __irq_exit_rcu+0xf4/0x1c0 [ 423.679128][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 423.684420][ C1] ? irqtime_account_irq+0xd4/0x1e0 [ 423.689649][ C1] __irq_exit_rcu+0xf4/0x1c0 [ 423.694249][ C1] ? __pfx___irq_exit_rcu+0x10/0x10 [ 423.699473][ C1] irq_exit_rcu+0x9/0x30 [ 423.703765][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 423.709465][ C1] [ 423.712406][ C1] [ 423.715359][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 423.721376][ C1] RIP: 0010:lockdep_unregister_key+0x56d/0x610 [ 423.727542][ C1] Code: ff 92 48 c7 c6 10 bc 6f 81 e8 8f 04 0a 00 e8 fa 18 0a 00 e9 e5 fb ff ff e8 c0 62 21 0a 41 f7 c7 00 02 00 00 74 d0 fb 45 84 f6 <75> cf eb e0 90 0f 0b 90 45 31 f6 e9 62 ff ff ff 90 0f 0b 90 e9 a1 [ 423.747185][ C1] RSP: 0018:ffffc900001075c0 EFLAGS: 00000246 [ 423.753292][ C1] RAX: dffffc0000000000 RBX: 1ffff92000020ec0 RCX: ffffffff947f4803 [ 423.761289][ C1] RDX: 0000000000000001 RSI: ffffffff8bcad5e0 RDI: ffffffff8c207f20 [ 423.769288][ C1] RBP: ffffc90000107698 R08: ffffffff930067ef R09: 1ffffffff2600cfd [ 423.777269][ C1] R10: dffffc0000000000 R11: fffffbfff2600cfe R12: ffffc90000107600 [ 423.785270][ C1] R13: 1ffff92000020ebc R14: 0000000000000000 R15: 0000000000000a02 [ 423.793288][ C1] ? __pfx_lockdep_unregister_key+0x10/0x10 [ 423.799240][ C1] ? rcu_is_watching+0x15/0xb0 [ 423.804011][ C1] ? qdisc_reset+0x3bf/0x5b0 [ 423.808622][ C1] __qdisc_destroy+0x165/0x410 [ 423.813410][ C1] dev_shutdown+0x9b/0x440 [ 423.817854][ C1] unregister_netdevice_many_notify+0x9c7/0x1d20 [ 423.824219][ C1] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 423.831050][ C1] ? unregister_netdevice_queue+0x26b/0x370 [ 423.836969][ C1] ? batadv_softif_destroy_netlink+0x1e0/0x270 [ 423.843198][ C1] default_device_exit_batch+0xa0f/0xa90 [ 423.848893][ C1] ? __pfx___might_resched+0x10/0x10 [ 423.854260][ C1] ? __pfx_default_device_exit_batch+0x10/0x10 [ 423.860455][ C1] ? cfg802154_pernet_exit+0xc3/0xe0 [ 423.865747][ C1] ? __pfx_default_device_exit_batch+0x10/0x10 [ 423.871956][ C1] cleanup_net+0x89d/0xcc0 [ 423.876392][ C1] ? __pfx_cleanup_net+0x10/0x10 [ 423.881375][ C1] ? process_scheduled_works+0x945/0x1830 [ 423.887111][ C1] process_scheduled_works+0xa2c/0x1830 [ 423.892747][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 423.898748][ C1] ? assign_work+0x364/0x3d0 [ 423.903367][ C1] worker_thread+0x86d/0xd40 [ 423.907972][ C1] ? __kthread_parkme+0x169/0x1d0 [ 423.913025][ C1] ? __pfx_worker_thread+0x10/0x10 [ 423.918146][ C1] kthread+0x2f0/0x390 [ 423.922243][ C1] ? __pfx_worker_thread+0x10/0x10 [ 423.927358][ C1] ? __pfx_kthread+0x10/0x10 [ 423.931976][ C1] ret_from_fork+0x4b/0x80 [ 423.936400][ C1] ? __pfx_kthread+0x10/0x10 [ 423.941016][ C1] ret_from_fork_asm+0x1a/0x30 [ 423.945816][ C1] [ 423.948838][ C1] DEBUG: waiting rtnl_mutex for 636 jiffies. [ 423.954841][ C1] task:dhcpcd state:D stack:20384 pid:4764 tgid:4764 ppid:4763 flags:0x00004002 [ 423.965038][ C1] Call Trace: [ 423.968338][ C1] [ 423.971298][ C1] __schedule+0x1800/0x4a60 [ 423.975830][ C1] ? __pfx___schedule+0x10/0x10 [ 423.980716][ C1] ? __pfx_lock_release+0x10/0x10 [ 423.985748][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 423.991245][ C1] ? schedule+0x90/0x320 [ 423.995492][ C1] schedule+0x14b/0x320 [ 423.999708][ C1] schedule_preempt_disabled+0x13/0x30 [ 424.005170][ C1] __mutex_lock+0x6a4/0xd70 [ 424.009704][ C1] ? __mutex_lock+0x527/0xd70 [ 424.014391][ C1] ? devinet_ioctl+0x2ce/0x1bc0 [ 424.019269][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 424.024302][ C1] ? bpf_lsm_capable+0x9/0x10 [ 424.029025][ C1] ? security_capable+0x90/0xb0 [ 424.033905][ C1] ? get_rtnl_holder+0x144/0x190 [ 424.038855][ C1] devinet_ioctl+0x2ce/0x1bc0 [ 424.043557][ C1] ? get_user_ifreq+0x1bb/0x200 [ 424.048416][ C1] inet_ioctl+0x3d7/0x4f0 [ 424.052916][ C1] ? __pfx_inet_ioctl+0x10/0x10 [ 424.057796][ C1] sock_do_ioctl+0x158/0x460 [ 424.062435][ C1] ? __pfx_sock_do_ioctl+0x10/0x10 [ 424.067599][ C1] sock_ioctl+0x629/0x8e0 [ 424.071974][ C1] ? __pfx_sock_ioctl+0x10/0x10 [ 424.076834][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 424.082849][ C1] ? bpf_lsm_file_ioctl+0x9/0x10 [ 424.087785][ C1] ? security_file_ioctl+0x87/0xb0 [ 424.092923][ C1] ? __pfx_sock_ioctl+0x10/0x10 [ 424.097786][ C1] __se_sys_ioctl+0xfc/0x170 [ 424.102411][ C1] do_syscall_64+0xf3/0x230 [ 424.106917][ C1] ? clear_bhb_loop+0x35/0x90 [ 424.111622][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 424.117537][ C1] RIP: 0033:0x7fb4fe3d5d49 [ 424.121969][ C1] RSP: 002b:00007ffd5b5b82d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 424.130408][ C1] RAX: ffffffffffffffda RBX: 00007fb4fe3076c0 RCX: 00007fb4fe3d5d49 [ 424.138401][ C1] RDX: 00007ffd5b5c84c8 RSI: 0000000000008914 RDI: 0000000000000016 [ 424.146480][ C1] RBP: 00007ffd5b5d8688 R08: 00007ffd5b5c8488 R09: 00007ffd5b5c8438 [ 424.154481][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 424.162510][ C1] R13: 00007ffd5b5c84c8 R14: 0000000000000028 R15: 0000000000008914 [ 424.170517][ C1] [ 424.173559][ C1] [ 424.173559][ C1] Showing all locks held in the system: [ 424.181287][ C1] 6 locks held by kworker/u8:0/11: [ 424.186416][ C1] #0: ffff888015edd948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 424.197342][ C1] #1: ffffc90000107d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 424.207911][ C1] #2: ffffffff8f5f2c10 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 [ 424.217349][ C1] #3: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0xe9/0xa90 [ 424.227402][ C1] #4: ffffc90000a18c00 (net/core/rtnetlink.c:83){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 [ 424.229232][ T54] Bluetooth: hci3: command tx timeout [ 424.237529][ C1] #5: ffffffff8e335860 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 424.252904][ C1] 3 locks held by kworker/u8:3/52: [ 424.258011][ C1] #0: ffff88802a65c948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 424.269623][ C1] #1: ffffc90000bc7d00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 424.283320][ C1] #2: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x19/0x30 [ 424.292864][ C1] 2 locks held by kworker/u8:4/70: [ 424.298018][ C1] 1 lock held by klogd/4539: [ 424.302644][ C1] 1 lock held by dhcpcd/4764: [ 424.307312][ C1] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: devinet_ioctl+0x2ce/0x1bc0 [ 424.316955][ C1] 2 locks held by getty/4854: [ 424.321651][ C1] #0: ffff88802b1190a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 424.331441][ C1] #1: ffffc900031332f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 424.341590][ C1] 3 locks held by kworker/1:4/5151: [ 424.346782][ C1] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 424.357805][ C1] #1: ffffc90004067d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 424.368809][ C1] #2: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 424.377822][ C1] 1 lock held by syz-executor/10086: [ 424.383147][ C1] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 424.392691][ C1] 2 locks held by syz.1.868/10091: [ 424.397799][ C1] #0: ffff888077544f58 (sk_lock-AF_SMC){+.+.}-{0:0}, at: smc_connect+0xb7/0xde0 [ 424.406973][ C1] #1: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: smc_vlan_by_tcpsk+0x399/0x4e0 [ 424.416430][ C1] 1 lock held by syz.4.871/10106: [ 424.421476][ C1] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 424.431017][ C1] 2 locks held by syz.4.871/10110: [ 424.436133][ C1] #0: ffffffff8f668fb0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 424.444353][ C1] #1: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: nl80211_pre_doit+0x5f/0x8b0 [ 424.453627][ C1] [ 424.455953][ C1] ============================================= [ 424.455953][ C1] [ 424.709022][T10106] netlink: 'syz.4.871': attribute type 41 has an invalid length. [ 425.364431][T10157] cifs: Unknown parameter '[bIT&:"1:ӭ'4,Zz-#F<]%gC [ 425.364431][T10157] SȘȞZ6' [ 426.339126][ T5154] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 426.529334][ T5154] usb 5-1: Using ep0 maxpacket: 16 [ 426.567230][ T5154] usb 5-1: New USB device found, idVendor=1943, idProduct=2250, bcdDevice= 0.09 [ 426.606904][ T5154] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 426.650869][ T5154] usb 5-1: Product: syz [ 426.668246][ T5154] usb 5-1: Manufacturer: syz [ 426.676374][ T5154] usb 5-1: SerialNumber: syz [ 426.703857][ T5154] usb 5-1: config 0 descriptor?? [ 426.717005][T10086] chnl_net:caif_netlink_parms(): no params data found [ 427.359687][T10086] bridge0: port 1(bridge_slave_0) entered blocking state [ 427.428434][T10086] bridge0: port 1(bridge_slave_0) entered disabled state [ 427.476778][T10086] bridge_slave_0: entered allmulticast mode [ 427.528135][T10086] bridge_slave_0: entered promiscuous mode [ 427.565931][T10086] bridge0: port 2(bridge_slave_1) entered blocking state [ 427.913161][T10086] bridge0: port 2(bridge_slave_1) entered disabled state [ 428.524833][T10086] bridge_slave_1: entered allmulticast mode [ 428.546457][ T5151] usb 5-1: USB disconnect, device number 25 [ 428.562794][T10086] bridge_slave_1: entered promiscuous mode [ 428.786292][T10086] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 428.828691][T10086] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 428.843119][T10183] netlink: 52 bytes leftover after parsing attributes in process `syz.4.886'. [ 428.897950][T10183] netlink: 4 bytes leftover after parsing attributes in process `syz.4.886'. [ 429.030702][T10191] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3) [ 429.037295][T10191] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 429.091976][T10086] team0: Port device team_slave_0 added [ 429.109139][T10191] vhci_hcd vhci_hcd.0: Device attached [ 429.127008][T10086] team0: Port device team_slave_1 added [ 429.157015][T10164] loop0: detected capacity change from 0 to 40427 [ 429.193347][T10164] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 429.207495][T10164] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 429.234927][T10196] loop4: detected capacity change from 0 to 256 [ 429.254844][T10164] F2FS-fs (loop0): Found nat_bits in checkpoint [ 429.283732][T10086] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 429.309600][ T5154] vhci_hcd: vhci_device speed not set [ 429.312572][T10086] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 429.389635][T10196] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 429.409380][ T5154] usb 11-1: new full-speed USB device number 3 using vhci_hcd [ 429.412389][T10086] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 429.444568][ T29] kauditd_printk_skb: 29 callbacks suppressed [ 429.444588][ T29] audit: type=1800 audit(1720464586.885:268): pid=10196 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.888" name="file1" dev="loop4" ino=1048635 res=0 errno=0 [ 429.539155][ T928] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 429.573036][T10196] syz.4.888: attempt to access beyond end of device [ 429.573036][T10196] loop4: rw=0, sector=256, nr_sectors = 8 limit=256 [ 429.586579][T10164] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 429.597100][T10086] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 429.656792][T10164] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 429.665184][T10164] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 429.679163][T10086] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 429.705084][ C0] vkms_vblank_simulate: vblank timer overrun [ 429.756190][T10086] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 429.767484][ T928] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 429.782462][ T928] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 429.820693][ T928] usb 2-1: New USB device found, idVendor=046d, idProduct=c13f, bcdDevice= 0.00 [ 429.831953][ T928] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 429.866771][ T928] usb 2-1: config 0 descriptor?? [ 430.070758][T10086] hsr_slave_0: entered promiscuous mode [ 430.091079][ T928] usb 2-1: USB disconnect, device number 17 [ 430.120762][T10192] vhci_hcd: connection reset by peer [ 430.134384][ T12] vhci_hcd: stop threads [ 430.147366][T10086] hsr_slave_1: entered promiscuous mode [ 430.184861][T10086] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 430.195811][ T12] vhci_hcd: release socket [ 430.224518][ T12] vhci_hcd: disconnect device [ 430.227673][T10086] Cannot create hsr debugfs directory [ 430.589208][T10218] netlink: 'syz.0.891': attribute type 41 has an invalid length. [ 430.684793][ T5116] Bluetooth: hci1: unexpected event for opcode 0x0411 [ 431.462456][T10246] cifs: Unknown parameter '[bIT&:"1:ӭ'4,Zz-#F<]%gC [ 431.462456][T10246] SȘȞZ6' [ 432.349008][ T25] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 432.599087][ T25] usb 3-1: Using ep0 maxpacket: 16 [ 432.636957][ T25] usb 3-1: New USB device found, idVendor=1943, idProduct=2250, bcdDevice= 0.09 [ 432.646898][ T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 432.660418][ T25] usb 3-1: Product: syz [ 432.664782][ T25] usb 3-1: Manufacturer: syz [ 432.670775][ T25] usb 3-1: SerialNumber: syz [ 432.710950][ T25] usb 3-1: config 0 descriptor?? [ 433.170424][T10086] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 433.171620][T10239] loop4: detected capacity change from 0 to 512 [ 433.211336][T10086] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 433.227480][T10239] FAT-fs (loop4): bogus logical sector size 0 [ 433.244740][T10239] FAT-fs (loop4): Can't find a valid FAT filesystem [ 433.255270][T10086] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 433.273662][T10086] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 433.891156][T10086] 8021q: adding VLAN 0 to HW filter on device bond0 [ 433.914916][T10086] 8021q: adding VLAN 0 to HW filter on device team0 [ 433.951717][T10270] netlink: 52 bytes leftover after parsing attributes in process `syz.4.899'. [ 433.959941][ T928] bridge0: port 1(bridge_slave_0) entered blocking state [ 433.967753][ T928] bridge0: port 1(bridge_slave_0) entered forwarding state [ 434.014893][ T5152] bridge0: port 2(bridge_slave_1) entered blocking state [ 434.022162][ T5152] bridge0: port 2(bridge_slave_1) entered forwarding state [ 434.033043][T10270] netlink: 4 bytes leftover after parsing attributes in process `syz.4.899'. [ 434.120851][T10274] loop0: detected capacity change from 0 to 4096 [ 434.226434][T10086] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 434.289168][ T46] usb 3-1: USB disconnect, device number 12 [ 434.359708][T10086] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 434.373385][T10279] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 435.325883][T10280] batman_adv: batadv0: Interface deactivated: bridge0 [ 435.347173][ T5154] vhci_hcd: vhci_device speed not set [ 435.408645][T10280] bridge0: port 2(bridge_slave_1) entered disabled state [ 435.418631][T10280] bridge0: port 1(bridge_slave_0) entered disabled state [ 435.530115][T10280] bridge0: entered allmulticast mode [ 435.573951][T10288] netlink: 'syz.4.903': attribute type 41 has an invalid length. [ 435.631443][T10294] loop1: detected capacity change from 0 to 8 [ 435.999895][T10086] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 436.198172][T10086] veth0_vlan: entered promiscuous mode [ 436.246752][T10086] veth1_vlan: entered promiscuous mode [ 436.389781][T10086] veth0_macvtap: entered promiscuous mode [ 436.421498][T10086] veth1_macvtap: entered promiscuous mode [ 436.479722][T10086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 436.536471][T10086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 436.568191][T10086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 436.590973][T10086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 436.615327][T10086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 436.670040][T10086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 436.710217][T10086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 436.763119][T10086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 436.790005][T10086] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 436.846477][T10320] SQUASHFS error: lzo decompression failed, data probably corrupt [ 436.872410][T10086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 436.900344][T10320] SQUASHFS error: Failed to read block 0x71: -5 [ 436.905639][T10086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 436.925318][T10086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 436.941954][T10320] SQUASHFS error: lzo decompression failed, data probably corrupt [ 436.950818][T10086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 436.974752][T10086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 437.008374][T10086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 437.031252][T10086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 437.043453][T10320] SQUASHFS error: Failed to read block 0x71: -5 [ 437.057331][ T29] audit: type=1800 audit(1720464594.495:269): pid=10320 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.904" name="file0" dev="loop1" ino=3 res=0 errno=0 [ 437.062824][T10086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 437.135600][T10086] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 437.602535][T10086] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 437.645739][T10086] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 437.655622][T10086] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 437.684020][T10086] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 438.028079][T10343] cifs: Unknown parameter '[bIT&:"1:ӭ'4,Zz-#F<]%gC [ 438.028079][T10343] SȘȞZ6' [ 438.329313][ T5154] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 438.647279][T10345] netlink: 52 bytes leftover after parsing attributes in process `syz.4.912'. [ 438.662340][ T5154] usb 1-1: Using ep0 maxpacket: 16 [ 438.691121][ T5154] usb 1-1: New USB device found, idVendor=1943, idProduct=2250, bcdDevice= 0.09 [ 438.716621][ T5154] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 438.745825][ T5154] usb 1-1: Product: syz [ 438.756200][ T5154] usb 1-1: Manufacturer: syz [ 438.765387][T10345] netlink: 4 bytes leftover after parsing attributes in process `syz.4.912'. [ 438.779217][ T5154] usb 1-1: SerialNumber: syz [ 438.806384][ T5154] usb 1-1: config 0 descriptor?? [ 440.476869][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.485347][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.715495][ T5152] usb 1-1: USB disconnect, device number 22 [ 441.987268][T10369] syzkaller0: entered promiscuous mode [ 441.993054][T10369] syzkaller0: entered allmulticast mode [ 444.746027][T10404] netlink: 'syz.4.916': attribute type 41 has an invalid length. [ 444.798870][ T70] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 444.844954][ T70] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 445.015938][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 445.036445][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 445.242971][ T29] audit: type=1326 audit(1720464602.685:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10410 comm="syz.0.919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a2b575bd9 code=0x7fc00000 [ 445.343605][ T29] audit: type=1326 audit(1720464602.685:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10410 comm="syz.0.919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f9a2b575bd9 code=0x7fc00000 [ 445.347716][T10423] loop1: detected capacity change from 0 to 8 [ 445.869069][ T29] audit: type=1326 audit(1720464603.285:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10410 comm="syz.0.919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a2b575bd9 code=0x7fc00000 [ 445.907130][ T52] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 445.924657][ T29] audit: type=1326 audit(1720464603.285:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10410 comm="syz.0.919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f9a2b575bd9 code=0x7fc00000 [ 445.989235][ T29] audit: type=1326 audit(1720464603.285:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10410 comm="syz.0.919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a2b575bd9 code=0x7fc00000 [ 446.077627][ T29] audit: type=1326 audit(1720464603.285:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10410 comm="syz.0.919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a2b575bd9 code=0x7fc00000 [ 446.107141][ T29] audit: type=1326 audit(1720464603.285:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10410 comm="syz.0.919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a2b575bd9 code=0x7fc00000 [ 446.154002][ T52] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 446.164542][ T29] audit: type=1326 audit(1720464603.285:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10410 comm="syz.0.919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a2b575bd9 code=0x7fc00000 [ 446.191363][ T29] audit: type=1326 audit(1720464603.305:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10410 comm="syz.0.919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a2b575bd9 code=0x7fc00000 [ 446.266592][T10431] SQUASHFS error: lzo decompression failed, data probably corrupt [ 446.274755][T10431] SQUASHFS error: Failed to read block 0x71: -5 [ 446.281327][T10431] SQUASHFS error: lzo decompression failed, data probably corrupt [ 446.289299][T10431] SQUASHFS error: Failed to read block 0x71: -5 [ 446.377201][ T29] audit: type=1326 audit(1720464603.305:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10410 comm="syz.0.919" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a2b575bd9 code=0x7fc00000 [ 446.846648][ T52] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 446.920713][ T52] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 447.048475][ T52] bridge_slave_1: left allmulticast mode [ 447.067641][ T52] bridge_slave_1: left promiscuous mode [ 447.074013][ T52] bridge0: port 2(bridge_slave_1) entered disabled state [ 447.091465][ T52] bridge_slave_0: left allmulticast mode [ 447.097179][ T52] bridge_slave_0: left promiscuous mode [ 447.106358][ T52] bridge0: port 1(bridge_slave_0) entered disabled state [ 448.356648][ T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 448.439392][ T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 448.543601][ T52] bond0 (unregistering): Released all slaves [ 448.679993][ T5116] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 448.681009][T10453] netlink: 4 bytes leftover after parsing attributes in process `syz.0.926'. [ 448.713196][ T5116] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 448.725098][ T5116] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 448.748458][ T5116] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 448.766209][ T5116] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 448.808360][T10463] syzkaller0: entered promiscuous mode [ 448.813939][T10463] syzkaller0: entered allmulticast mode [ 448.823833][ T5116] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 449.412679][T10474] loop0: detected capacity change from 0 to 2048 [ 449.435423][T10474] EXT4-fs: Ignoring removed mblk_io_submit option [ 450.050382][T10474] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 450.775788][T10474] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.930: bg 0: block 234: padding at end of block bitmap is not set [ 450.835974][T10474] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 128 with error 28 [ 450.861406][T10474] EXT4-fs (loop0): This should not happen!! Data will be lost [ 450.861406][T10474] [ 450.872482][T10474] EXT4-fs (loop0): Total free blocks count 0 [ 450.886568][T10474] EXT4-fs (loop0): Free/Dirty block details [ 450.923449][T10474] EXT4-fs (loop0): free_blocks=0 [ 450.947365][T10474] EXT4-fs (loop0): dirty_blocks=128 [ 450.953205][ T5116] Bluetooth: hci3: command tx timeout [ 450.966365][T10474] EXT4-fs (loop0): Block reservation details [ 450.966395][T10474] EXT4-fs (loop0): i_reserved_data_blocks=8 [ 451.126529][ T5097] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 451.284065][T10478] netlink: 'syz.2.931': attribute type 41 has an invalid length. [ 451.664280][T10497] netlink: 'syz.2.934': attribute type 7 has an invalid length. [ 451.699313][T10497] netlink: 244 bytes leftover after parsing attributes in process `syz.2.934'. [ 452.005011][ T52] hsr_slave_0: left promiscuous mode [ 452.076561][T10505] netlink: 'syz.2.935': attribute type 7 has an invalid length. [ 452.096981][ T52] hsr_slave_1: left promiscuous mode [ 452.099196][T10505] netlink: 244 bytes leftover after parsing attributes in process `syz.2.935'. [ 452.160801][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 452.175697][T10512] loop1: detected capacity change from 0 to 8 [ 452.190292][ T52] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 452.230935][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 452.274004][ T52] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 452.339718][ T29] kauditd_printk_skb: 50 callbacks suppressed [ 452.339742][ T29] audit: type=1326 audit(1720464609.745:330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10507 comm="syz.0.936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a2b575bd9 code=0x7fc00000 [ 452.369250][T10513] netlink: 16 bytes leftover after parsing attributes in process `syz.0.936'. [ 452.464128][ T29] audit: type=1326 audit(1720464609.755:331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10507 comm="syz.0.936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f9a2b575bd9 code=0x7fc00000 [ 452.522142][ T52] veth1_macvtap: left promiscuous mode [ 452.566504][ T52] veth0_macvtap: left promiscuous mode [ 452.593444][ T52] veth1_vlan: left promiscuous mode [ 452.610534][ T52] veth0_vlan: left promiscuous mode [ 452.930191][ T29] audit: type=1326 audit(1720464610.375:332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10507 comm="syz.0.936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a2b575bd9 code=0x7fc00000 [ 453.018234][ T29] audit: type=1326 audit(1720464610.375:333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10507 comm="syz.0.936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f9a2b575bd9 code=0x7fc00000 [ 453.049263][ T5116] Bluetooth: hci3: command tx timeout [ 453.136423][ T29] audit: type=1326 audit(1720464610.375:334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10507 comm="syz.0.936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a2b575bd9 code=0x7fc00000 [ 453.187465][ T29] audit: type=1326 audit(1720464610.375:335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10507 comm="syz.0.936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a2b575bd9 code=0x7fc00000 [ 453.246734][ T29] audit: type=1326 audit(1720464610.375:336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10507 comm="syz.0.936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a2b575bd9 code=0x7fc00000 [ 453.366881][ T29] audit: type=1326 audit(1720464610.375:337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10507 comm="syz.0.936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a2b575bd9 code=0x7fc00000 [ 453.435887][ T29] audit: type=1326 audit(1720464610.375:338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10507 comm="syz.0.936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a2b575bd9 code=0x7fc00000 [ 453.474625][ T29] audit: type=1326 audit(1720464610.375:339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10507 comm="syz.0.936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a2b575bd9 code=0x7fc00000 [ 453.613647][T10534] SQUASHFS error: lzo decompression failed, data probably corrupt [ 453.624980][T10534] SQUASHFS error: Failed to read block 0x71: -5 [ 453.631916][T10534] SQUASHFS error: lzo decompression failed, data probably corrupt [ 453.639860][T10534] SQUASHFS error: Failed to read block 0x71: -5 [ 454.258661][ T52] team0 (unregistering): Port device team_slave_1 removed [ 454.393283][ T52] team0 (unregistering): Port device team_slave_0 removed [ 454.521177][T10536] loop2: detected capacity change from 0 to 2048 [ 454.539251][T10536] EXT4-fs: Ignoring removed mblk_io_submit option [ 454.575825][T10536] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 455.119002][ T5116] Bluetooth: hci3: command tx timeout [ 455.327907][T10536] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.942: bg 0: block 234: padding at end of block bitmap is not set [ 455.354838][T10536] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 455.384722][T10536] EXT4-fs (loop2): This should not happen!! Data will be lost [ 455.384722][T10536] [ 455.412911][T10536] EXT4-fs (loop2): Total free blocks count 0 [ 455.421320][T10536] EXT4-fs (loop2): Free/Dirty block details [ 455.427393][T10536] EXT4-fs (loop2): free_blocks=0 [ 455.433175][T10536] EXT4-fs (loop2): dirty_blocks=5552 [ 455.438607][T10536] EXT4-fs (loop2): Block reservation details [ 455.445157][T10536] EXT4-fs (loop2): i_reserved_data_blocks=347 [ 455.583180][ T1064] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 2048 with error 28 [ 455.748017][T10532] netlink: 4 bytes leftover after parsing attributes in process `syz.4.941'. [ 455.825877][T10545] syzkaller0: entered promiscuous mode [ 455.832275][T10545] syzkaller0: entered allmulticast mode [ 457.189132][ T5116] Bluetooth: hci3: command tx timeout [ 458.264266][T10564] netlink: 'syz.2.944': attribute type 41 has an invalid length. [ 459.250195][T10596] loop2: detected capacity change from 0 to 8 [ 459.356919][T10471] chnl_net:caif_netlink_parms(): no params data found [ 459.890755][ T29] kauditd_printk_skb: 32 callbacks suppressed [ 459.890776][ T29] audit: type=1326 audit(1720464617.335:372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10601 comm="syz.4.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d22175bd9 code=0x7fc00000 [ 460.042051][T10611] SQUASHFS error: lzo decompression failed, data probably corrupt [ 460.050122][T10611] SQUASHFS error: Failed to read block 0x71: -5 [ 460.056566][T10611] SQUASHFS error: lzo decompression failed, data probably corrupt [ 460.064623][T10611] SQUASHFS error: Failed to read block 0x71: -5 [ 460.258897][ T29] audit: type=1326 audit(1720464617.385:373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10601 comm="syz.4.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f6d22175bd9 code=0x7fc00000 [ 460.289935][ T29] audit: type=1800 audit(1720464617.515:374): pid=10611 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.953" name="file0" dev="loop2" ino=3 res=0 errno=0 [ 460.309359][T10608] netlink: 16 bytes leftover after parsing attributes in process `syz.4.955'. [ 460.327742][T10471] bridge0: port 1(bridge_slave_0) entered blocking state [ 460.342576][T10471] bridge0: port 1(bridge_slave_0) entered disabled state [ 460.432693][T10471] bridge_slave_0: entered allmulticast mode [ 460.461117][T10471] bridge_slave_0: entered promiscuous mode [ 460.479057][ T29] audit: type=1326 audit(1720464617.905:375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10601 comm="syz.4.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d22175bd9 code=0x7fc00000 [ 460.479231][ T29] audit: type=1326 audit(1720464617.905:376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10601 comm="syz.4.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f6d22175bd9 code=0x7fc00000 [ 460.479311][ T29] audit: type=1326 audit(1720464617.905:377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10601 comm="syz.4.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d22175bd9 code=0x7fc00000 [ 460.479361][ T29] audit: type=1326 audit(1720464617.905:378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10601 comm="syz.4.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d22175bd9 code=0x7fc00000 [ 460.479408][ T29] audit: type=1326 audit(1720464617.905:379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10601 comm="syz.4.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d22175bd9 code=0x7fc00000 [ 460.479456][ T29] audit: type=1326 audit(1720464617.905:380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10601 comm="syz.4.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d22175bd9 code=0x7fc00000 [ 460.479504][ T29] audit: type=1326 audit(1720464617.905:381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10601 comm="syz.4.955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d22175bd9 code=0x7fc00000 [ 460.530151][T10471] bridge0: port 2(bridge_slave_1) entered blocking state [ 460.530269][T10471] bridge0: port 2(bridge_slave_1) entered disabled state [ 460.530496][T10471] bridge_slave_1: entered allmulticast mode [ 460.532664][T10471] bridge_slave_1: entered promiscuous mode [ 460.735952][T10471] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 461.058311][T10471] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 461.288526][T10620] netlink: 4 bytes leftover after parsing attributes in process `syz.2.956'. [ 461.327650][T10471] team0: Port device team_slave_0 added [ 461.409700][T10471] team0: Port device team_slave_1 added [ 461.864014][T10629] syzkaller0: entered promiscuous mode [ 461.869866][T10629] syzkaller0: entered allmulticast mode [ 461.965458][T10471] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 461.980369][T10471] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 462.026181][T10471] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 462.139607][T10471] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 462.146620][T10471] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 462.179122][T10471] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 462.207936][T10626] netlink: 'syz.2.959': attribute type 41 has an invalid length. [ 464.544100][T10668] loop4: detected capacity change from 0 to 8 [ 464.787913][T10471] hsr_slave_0: entered promiscuous mode [ 464.839503][T10471] hsr_slave_1: entered promiscuous mode [ 464.856300][T10471] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 464.881261][T10471] Cannot create hsr debugfs directory [ 465.144941][T10675] loop0: detected capacity change from 0 to 1024 [ 465.665935][T10689] SQUASHFS error: lzo decompression failed, data probably corrupt [ 465.673991][T10689] SQUASHFS error: Failed to read block 0x71: -5 [ 465.680472][T10689] SQUASHFS error: lzo decompression failed, data probably corrupt [ 465.688296][T10689] SQUASHFS error: Failed to read block 0x71: -5 [ 465.694804][ T29] kauditd_printk_skb: 335 callbacks suppressed [ 465.694821][ T29] audit: type=1800 audit(1720464623.135:717): pid=10689 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.966" name="file0" dev="loop4" ino=3 res=0 errno=0 [ 466.006182][ T5097] hfsplus: bad catalog entry type [ 466.051977][ T5097] hfsplus: bad catalog entry type [ 466.136801][ T1064] hfsplus: b-tree write err: -5, ino 4 [ 467.398300][ T1034] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 467.424514][ T1034] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 467.893771][ T1034] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 467.977941][ T1034] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 469.107414][ T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 469.121672][ T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 469.130214][ T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 469.142364][ T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 469.150344][ T54] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 469.157864][ T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 469.376968][T10723] loop2: detected capacity change from 0 to 164 [ 469.384992][T10723] iso9660: Unknown parameter 'u#' [ 469.599232][ T928] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 469.601802][ T1034] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 469.789093][ T928] usb 5-1: Using ep0 maxpacket: 8 [ 469.796900][ T928] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 469.799242][ T1034] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 469.817004][ T928] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 469.817042][ T928] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 469.817069][ T928] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 469.817096][ T928] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 469.817148][ T928] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 469.817183][ T928] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 469.894723][ T928] usbtmc 5-1:16.0: probe with driver usbtmc failed with error -22 [ 470.109879][ T1034] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 470.130498][ T1034] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 470.252393][T10730] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3) [ 470.258990][T10730] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 470.325798][T10730] vhci_hcd vhci_hcd.0: Device attached [ 470.383442][T10471] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 470.448576][T10471] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 470.465329][T10471] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 470.499197][ T928] vhci_hcd: vhci_device speed not set [ 470.515993][T10471] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 470.574652][ T928] usb 13-1: new full-speed USB device number 3 using vhci_hcd [ 470.679375][ T5154] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 470.755166][ T1034] bridge_slave_1: left allmulticast mode [ 470.768013][ T1034] bridge_slave_1: left promiscuous mode [ 470.782627][ T1034] bridge0: port 2(bridge_slave_1) entered disabled state [ 470.802608][ T1034] bridge_slave_0: left allmulticast mode [ 470.808329][ T1034] bridge_slave_0: left promiscuous mode [ 470.815545][ T1034] bridge0: port 1(bridge_slave_0) entered disabled state [ 470.842401][ T1034] batman_adv: batadv0: Interface deactivated: bridge0 [ 470.901572][ T5154] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 470.913203][ T5154] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 470.936016][ T5154] usb 3-1: New USB device found, idVendor=046d, idProduct=c13f, bcdDevice= 0.00 [ 470.959910][ T5154] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 470.995748][ T5154] usb 3-1: config 0 descriptor?? [ 471.224229][ T8] usb 3-1: USB disconnect, device number 13 [ 471.238400][T10731] vhci_hcd: connection reset by peer [ 471.252720][ T52] vhci_hcd: stop threads [ 471.260062][ T52] vhci_hcd: release socket [ 471.264942][ T52] vhci_hcd: disconnect device [ 471.270606][ T54] Bluetooth: hci0: command tx timeout [ 471.682551][ T1034] batman_adv: batadv0: Removing interface: bridge0 [ 472.148790][ T1034] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 472.186045][ T1034] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 472.210875][ T1034] bond0 (unregistering): Released all slaves [ 472.308624][ T5154] usb 5-1: USB disconnect, device number 26 [ 473.349365][ T54] Bluetooth: hci0: command tx timeout [ 473.954895][T10720] chnl_net:caif_netlink_parms(): no params data found [ 474.246253][T10794] input: syz1 as /devices/virtual/input/input14 [ 474.799508][ T1034] hsr_slave_0: left promiscuous mode [ 474.879935][ T1034] hsr_slave_1: left promiscuous mode [ 474.886560][ T1034] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 474.905960][ T1034] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 474.925324][ T1034] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 474.949666][ T1034] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 475.086496][ T1034] veth1_macvtap: left promiscuous mode [ 475.096693][ T1034] veth0_macvtap: left promiscuous mode [ 475.115939][ T1034] veth1_vlan: left promiscuous mode [ 475.131735][ T1034] veth0_vlan: left promiscuous mode [ 475.431766][ T54] Bluetooth: hci0: command tx timeout [ 475.457503][T10812] loop2: detected capacity change from 0 to 128 [ 475.550345][T10812] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 475.609803][T10812] ext4 filesystem being mounted at /93/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 475.752958][ T8557] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 475.766683][ T928] vhci_hcd: vhci_device speed not set [ 475.965480][T10825] tmpfs: Unknown parameter 'nolazytime' [ 476.129655][T10828] loop2: detected capacity change from 0 to 2048 [ 476.177284][T10828] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 477.519124][ T54] Bluetooth: hci0: command tx timeout [ 477.581878][ T1034] team0 (unregistering): Port device team_slave_1 removed [ 477.643988][ T1034] team0 (unregistering): Port device team_slave_0 removed [ 478.687094][T10795] netlink: 'syz.1.990': attribute type 8 has an invalid length. [ 478.897985][T10471] 8021q: adding VLAN 0 to HW filter on device bond0 [ 479.724443][ T8557] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 479.913712][T10471] 8021q: adding VLAN 0 to HW filter on device team0 [ 479.950575][T10720] bridge0: port 1(bridge_slave_0) entered blocking state [ 479.953974][T10898] loop1: detected capacity change from 0 to 1024 [ 479.957746][T10720] bridge0: port 1(bridge_slave_0) entered disabled state [ 480.044038][T10898] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 480.076320][T10720] bridge_slave_0: entered allmulticast mode [ 480.128355][T10720] bridge_slave_0: entered promiscuous mode [ 480.165257][T10898] EXT4-fs error (device loop1): ext4_ext_check_inode:520: inode #11: comm syz.1.1003: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 480.200416][T10720] bridge0: port 2(bridge_slave_1) entered blocking state [ 480.227202][T10720] bridge0: port 2(bridge_slave_1) entered disabled state [ 480.241579][T10898] EXT4-fs error (device loop1): ext4_orphan_get:1399: comm syz.1.1003: couldn't read orphan inode 11 (err -117) [ 480.272500][T10720] bridge_slave_1: entered allmulticast mode [ 480.276831][T10898] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 480.317100][T10720] bridge_slave_1: entered promiscuous mode [ 480.374959][ T5155] bridge0: port 1(bridge_slave_0) entered blocking state [ 480.382121][ T5155] bridge0: port 1(bridge_slave_0) entered forwarding state [ 480.617909][ T5155] bridge0: port 2(bridge_slave_1) entered blocking state [ 480.625148][ T5155] bridge0: port 2(bridge_slave_1) entered forwarding state [ 483.135341][T10720] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 483.154336][ T5102] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 483.295608][T10720] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 484.628798][ T1034] IPVS: stop unused estimator thread 0... [ 484.963059][T10720] team0: Port device team_slave_0 added [ 485.067947][T10720] team0: Port device team_slave_1 added [ 485.284589][T10720] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 485.312935][T10720] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 485.355751][T10720] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 485.382542][T10720] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 485.399219][T10720] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 485.472113][T10720] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 485.627722][T10720] hsr_slave_0: entered promiscuous mode [ 485.660850][T10720] hsr_slave_1: entered promiscuous mode [ 485.678988][T10720] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 485.707076][T10720] Cannot create hsr debugfs directory [ 486.127239][ T5155] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 486.197231][T10956] loop1: detected capacity change from 0 to 128 [ 486.225455][T10956] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 486.317157][T10471] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 486.327204][T10956] ext4 filesystem being mounted at /253/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 486.569168][ T5155] usb 5-1: Using ep0 maxpacket: 32 [ 486.583528][ T5155] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 486.589558][ T5102] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 486.592041][ T5155] usb 5-1: can't read configurations, error -61 [ 487.144912][T10471] veth0_vlan: entered promiscuous mode [ 487.221834][T10471] veth1_vlan: entered promiscuous mode [ 487.494576][ T5155] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 487.512844][T10471] veth0_macvtap: entered promiscuous mode [ 487.548463][T10720] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 487.555962][T10974] input: syz1 as /devices/virtual/input/input15 [ 487.575618][T10471] veth1_macvtap: entered promiscuous mode [ 487.609964][T10720] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 487.637876][T10720] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 487.705302][T10720] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 487.725586][ T5155] usb 5-1: Using ep0 maxpacket: 32 [ 487.760866][T10974] netlink: 'syz.2.1012': attribute type 8 has an invalid length. [ 487.780298][ T5155] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 487.790610][ T5155] usb 5-1: can't read configurations, error -61 [ 487.815847][ T5155] usb usb5-port1: attempt power cycle [ 487.816113][T10471] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 487.854938][T10471] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 487.871366][T10471] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 487.895577][T10471] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 487.916405][T10471] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 487.938695][T10471] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 487.963231][T10471] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 488.031309][T10471] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 488.051265][T10471] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 488.063318][T10471] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 488.095429][T10471] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 488.099089][ T5150] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 488.108951][T10471] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 488.183746][T10471] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 488.207588][T10471] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 488.239309][ T5155] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 488.264838][T10471] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 488.278237][T10471] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 488.279830][ T5155] usb 5-1: Using ep0 maxpacket: 32 [ 488.297686][T10471] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 488.304010][ T5150] usb 2-1: Using ep0 maxpacket: 32 [ 488.310927][T10471] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 488.327195][ T5150] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 27, changing to 8 [ 488.346103][ T5155] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 488.366381][ T5155] usb 5-1: can't read configurations, error -61 [ 488.379437][ T5150] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 16698, setting to 1024 [ 488.393957][ T5150] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 488.429360][ T5150] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 488.514349][ T5150] hub 2-1:4.0: USB hub found [ 488.539112][ T5155] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 488.561776][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 488.581745][ T5155] usb 5-1: Using ep0 maxpacket: 32 [ 488.587054][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 488.607928][ T5155] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 488.636554][T10720] 8021q: adding VLAN 0 to HW filter on device bond0 [ 488.645023][ T5155] usb 5-1: can't read configurations, error -61 [ 488.662112][ T5155] usb usb5-port1: unable to enumerate USB device [ 488.716362][ T5150] hub 2-1:4.0: 2 ports detected [ 488.726403][ T5150] usb 2-1: selecting invalid altsetting 1 [ 488.736560][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 488.740038][ T5150] hub 2-1:4.0: Using single TT (err -22) [ 488.776480][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 488.791990][T10720] 8021q: adding VLAN 0 to HW filter on device team0 [ 488.831506][ T931] bridge0: port 1(bridge_slave_0) entered blocking state [ 488.838699][ T931] bridge0: port 1(bridge_slave_0) entered forwarding state [ 488.917971][ T5150] hub 2-1:4.0: hub_hub_status failed (err = -71) [ 488.921557][ T5154] bridge0: port 2(bridge_slave_1) entered blocking state [ 488.931554][ T5154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 488.959417][ T5150] hub 2-1:4.0: config failed, can't get hub status (err -71) [ 489.051232][T11001] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3) [ 489.057833][T11001] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 489.061062][ T5150] usb 2-1: USB disconnect, device number 18 [ 489.131009][T11001] vhci_hcd vhci_hcd.0: Device attached [ 489.352111][ T9] vhci_hcd: vhci_device speed not set [ 489.419989][ T5155] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 489.439437][ T9] usb 17-1: new full-speed USB device number 3 using vhci_hcd [ 489.513233][ T11] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 489.634942][ T5155] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 489.689086][ T5155] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 489.703585][ T5155] usb 5-1: New USB device found, idVendor=046d, idProduct=c13f, bcdDevice= 0.00 [ 489.725384][ T11] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 489.735935][ T5155] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 489.746818][ T5155] usb 5-1: config 0 descriptor?? [ 489.786244][T10720] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 489.812817][ T11] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 489.873410][T10720] veth0_vlan: entered promiscuous mode [ 489.887501][T10720] veth1_vlan: entered promiscuous mode [ 489.921603][ T11] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 489.965894][ T25] usb 5-1: USB disconnect, device number 31 [ 489.970571][T10720] veth0_macvtap: entered promiscuous mode [ 489.975046][T11002] vhci_hcd: connection reset by peer [ 489.983202][T10720] veth1_macvtap: entered promiscuous mode [ 490.004171][ T1064] vhci_hcd: stop threads [ 490.012119][ T1064] vhci_hcd: release socket [ 490.016685][ T1064] vhci_hcd: disconnect device [ 490.028505][T10720] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 490.039439][T10720] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 490.051610][T10720] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 490.062188][T10720] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 490.072750][T10720] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 490.083335][T10720] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 490.093275][T10720] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 490.104122][T10720] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 490.116923][T10720] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 490.128847][T10720] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 490.140601][T10720] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 490.151233][T10720] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 490.163707][T10720] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 490.174108][T10720] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 490.184769][T10720] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 490.194637][T10720] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 490.205361][T10720] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 490.216774][T10720] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 490.243074][T10720] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 490.253015][T10720] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 490.263845][T10720] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 490.272932][T10720] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 490.458195][ T11] bridge_slave_1: left allmulticast mode [ 490.465029][ T11] bridge_slave_1: left promiscuous mode [ 490.471654][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 490.483377][ T11] bridge_slave_0: left allmulticast mode [ 490.489627][ T11] bridge_slave_0: left promiscuous mode [ 490.495524][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 491.080819][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 491.095653][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 491.108530][ T11] bond0 (unregistering): Released all slaves [ 491.136532][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 491.153055][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 491.256733][ T1064] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 491.296423][ T1064] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 491.853831][T11050] loop2: detected capacity change from 0 to 128 [ 491.887294][T11050] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 491.908091][ T11] hsr_slave_0: left promiscuous mode [ 491.948750][ T11] hsr_slave_1: left promiscuous mode [ 491.967670][T11050] ext4 filesystem being mounted at /102/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 492.018341][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 492.062441][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 492.087358][ T5116] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 492.102453][ T5116] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 492.111612][ T5116] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 492.123687][ T5116] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 492.137579][ T5116] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 492.152081][ T5116] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 492.160491][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 492.167927][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 492.328842][ T8557] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 492.341290][ T11] veth1_macvtap: left promiscuous mode [ 492.363233][ T11] veth0_macvtap: left promiscuous mode [ 492.377133][ T11] veth1_vlan: left promiscuous mode [ 492.422449][ T11] veth0_vlan: left promiscuous mode [ 493.749915][ T5155] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 494.300180][ T54] Bluetooth: hci3: command tx timeout [ 494.340426][ T5155] usb 1-1: Using ep0 maxpacket: 32 [ 494.372346][ T5155] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 27, changing to 8 [ 494.439059][ T5155] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 16698, setting to 1024 [ 494.495123][ T5155] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 494.525822][ T5155] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 494.552080][ T9] vhci_hcd: vhci_device speed not set [ 494.586450][ T5155] hub 1-1:4.0: USB hub found [ 494.790599][ T5155] hub 1-1:4.0: 2 ports detected [ 494.829594][ T5155] usb 1-1: selecting invalid altsetting 1 [ 494.845812][ T5155] hub 1-1:4.0: Using single TT (err -22) [ 494.991945][ T5155] hub 1-1:4.0: hub_hub_status failed (err = -71) [ 494.998368][ T5155] hub 1-1:4.0: config failed, can't get hub status (err -71) [ 495.093588][ T5155] usb 1-1: USB disconnect, device number 23 [ 495.772248][T11102] loop1: detected capacity change from 0 to 128 [ 495.813436][T11102] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 495.845445][T11102] ext4 filesystem being mounted at /260/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 495.958840][ T5102] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 496.051335][ T11] team0 (unregistering): Port device team_slave_1 removed [ 496.202833][T11120] input: syz1 as /devices/virtual/input/input16 [ 496.220224][ T11] team0 (unregistering): Port device team_slave_0 removed [ 496.322419][ T54] Bluetooth: hci3: command tx timeout [ 497.268989][ C1] DEBUG: waiting rtnl_mutex for 512 jiffies. [ 497.275129][ C1] task:kworker/u8:1 state:D stack:19736 pid:12 tgid:12 ppid:2 flags:0x00004000 [ 497.285381][ C1] Workqueue: ipv6_addrconf addrconf_dad_work [ 497.291457][ C1] Call Trace: [ 497.294740][ C1] [ 497.297693][ C1] __schedule+0x1800/0x4a60 [ 497.302295][ C1] ? __pfx___schedule+0x10/0x10 [ 497.307185][ C1] ? __pfx_lock_release+0x10/0x10 [ 497.312286][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 497.317874][ C1] ? kthread_data+0x52/0xd0 [ 497.322461][ C1] ? schedule+0x90/0x320 [ 497.326741][ C1] ? wq_worker_sleeping+0x66/0x240 [ 497.331942][ C1] ? schedule+0x90/0x320 [ 497.336220][ C1] schedule+0x14b/0x320 [ 497.340449][ C1] schedule_preempt_disabled+0x13/0x30 [ 497.345941][ C1] __mutex_lock+0x6a4/0xd70 [ 497.350512][ C1] ? mark_lock+0x9a/0x360 [ 497.354881][ C1] ? __mutex_lock+0x527/0xd70 [ 497.359637][ C1] ? addrconf_dad_work+0xd0/0x16f0 [ 497.364790][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 497.369905][ C1] ? get_rtnl_holder+0x144/0x190 [ 497.374874][ C1] addrconf_dad_work+0xd0/0x16f0 [ 497.379941][ C1] ? __pfx_addrconf_dad_work+0x10/0x10 [ 497.385443][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 497.391853][ C1] ? process_scheduled_works+0x945/0x1830 [ 497.397625][ C1] process_scheduled_works+0xa2c/0x1830 [ 497.403284][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 497.409354][ C1] ? assign_work+0x364/0x3d0 [ 497.413966][ C1] worker_thread+0x86d/0xd40 [ 497.418578][ C1] ? __kthread_parkme+0x169/0x1d0 [ 497.423681][ C1] ? __pfx_worker_thread+0x10/0x10 [ 497.428834][ C1] kthread+0x2f0/0x390 [ 497.433028][ C1] ? __pfx_worker_thread+0x10/0x10 [ 497.438189][ C1] ? __pfx_kthread+0x10/0x10 [ 497.442870][ C1] ret_from_fork+0x4b/0x80 [ 497.447337][ C1] ? __pfx_kthread+0x10/0x10 [ 497.452004][ C1] ret_from_fork_asm+0x1a/0x30 [ 497.456820][ C1] [ 497.459910][ C1] DEBUG: waiting rtnl_mutex for 527 jiffies. [ 497.465929][ C1] task:syz-executor state:D stack:24992 pid:11059 tgid:11059 ppid:11031 flags:0x00000000 [ 497.476207][ C1] Call Trace: [ 497.479539][ C1] [ 497.482473][ C1] __schedule+0x1800/0x4a60 [ 497.487008][ C1] ? __pfx___schedule+0x10/0x10 [ 497.491933][ C1] ? __pfx_lock_release+0x10/0x10 [ 497.497001][ C1] ? __mutex_trylock_common+0x92/0x2e0 [ 497.502555][ C1] ? schedule+0x90/0x320 [ 497.506834][ C1] schedule+0x14b/0x320 [ 497.511065][ C1] schedule_preempt_disabled+0x13/0x30 [ 497.516559][ C1] __mutex_lock+0x6a4/0xd70 [ 497.521142][ C1] ? __mutex_lock+0x527/0xd70 [ 497.525857][ C1] ? rtnetlink_rcv_msg+0x847/0x1180 [ 497.531138][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 497.536205][ C1] ? get_rtnl_holder+0x144/0x190 [ 497.541216][ C1] rtnetlink_rcv_msg+0x847/0x1180 [ 497.546277][ C1] ? rtnetlink_rcv_msg+0x208/0x1180 [ 497.551555][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 497.557058][ C1] ? is_bpf_text_address+0x285/0x2a0 [ 497.562422][ C1] ? __pfx_validate_chain+0x10/0x10 [ 497.567699][ C1] ? __pfx_validate_chain+0x10/0x10 [ 497.572995][ C1] ? arch_stack_walk+0x16d/0x1b0 [ 497.577986][ C1] ? mark_lock+0x9a/0x360 [ 497.582396][ C1] ? __pfx_validate_chain+0x10/0x10 [ 497.587649][ C1] ? __lock_acquire+0x1359/0x2000 [ 497.592780][ C1] ? mark_lock+0x9a/0x360 [ 497.597240][ C1] ? __lock_acquire+0x1359/0x2000 [ 497.602363][ C1] netlink_rcv_skb+0x1e3/0x430 [ 497.607173][ C1] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 497.612718][ C1] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 497.618084][ C1] ? netlink_deliver_tap+0x2e/0x1b0 [ 497.623373][ C1] netlink_unicast+0x7f0/0x990 [ 497.628212][ C1] ? __pfx_netlink_unicast+0x10/0x10 [ 497.633572][ C1] ? __virt_addr_valid+0x183/0x530 [ 497.638737][ C1] ? __check_object_size+0x49c/0x900 [ 497.644101][ C1] ? bpf_lsm_netlink_send+0x9/0x10 [ 497.649317][ C1] netlink_sendmsg+0x8e4/0xcb0 [ 497.654133][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 497.659545][ C1] ? aa_sock_msg_perm+0x91/0x160 [ 497.664521][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 497.669888][ C1] ? security_socket_sendmsg+0x87/0xb0 [ 497.675387][ C1] ? __pfx_netlink_sendmsg+0x10/0x10 [ 497.680759][ C1] __sock_sendmsg+0x221/0x270 [ 497.685478][ C1] __sys_sendto+0x3a4/0x4f0 [ 497.690092][ C1] ? __pfx___sys_sendto+0x10/0x10 [ 497.695221][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 497.701360][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 497.707757][ C1] ? exc_page_fault+0x590/0x8c0 [ 497.712696][ C1] __x64_sys_sendto+0xde/0x100 [ 497.717521][ C1] do_syscall_64+0xf3/0x230 [ 497.722142][ C1] ? clear_bhb_loop+0x35/0x90 [ 497.726886][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 497.732893][ C1] RIP: 0033:0x7f2da1d7796c [ 497.737445][ C1] RSP: 002b:00007ffdb7d121a0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 497.745943][ C1] RAX: ffffffffffffffda RBX: 00007f2da2a34620 RCX: 00007f2da1d7796c [ 497.754035][ C1] RDX: 0000000000000028 RSI: 00007f2da2a34670 RDI: 0000000000000003 [ 497.762078][ C1] RBP: 0000000000000000 R08: 00007ffdb7d121f4 R09: 000000000000000c [ 497.770152][ C1] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 497.778144][ C1] R13: 0000000000000000 R14: 00007f2da2a34670 R15: 0000000000000000 [ 497.786203][ C1] [ 497.789278][ C1] DEBUG: waiting rtnl_mutex for 548 jiffies. [ 497.795268][ C1] task:kworker/1:3 state:D stack:20752 pid:5150 tgid:5150 ppid:2 flags:0x00004000 [ 497.805529][ C1] Workqueue: events linkwatch_event [ 497.810808][ C1] Call Trace: [ 497.814090][ C1] [ 497.817054][ C1] __schedule+0x1800/0x4a60 [ 497.821652][ C1] ? __pfx___schedule+0x10/0x10 [ 497.826541][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 497.832590][ C1] ? __pfx_lock_release+0x10/0x10 [ 497.837649][ C1] ? kick_pool+0x45c/0x620 [ 497.842164][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 497.847392][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 497.852663][ C1] ? schedule+0x90/0x320 [ 497.856937][ C1] schedule+0x14b/0x320 [ 497.861165][ C1] schedule_preempt_disabled+0x13/0x30 [ 497.866656][ C1] __mutex_lock+0x6a4/0xd70 [ 497.871239][ C1] ? __mutex_lock+0x527/0xd70 [ 497.875950][ C1] ? linkwatch_event+0xe/0x60 [ 497.880718][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 497.885784][ C1] ? get_rtnl_holder+0x144/0x190 [ 497.890799][ C1] ? process_scheduled_works+0x945/0x1830 [ 497.896549][ C1] linkwatch_event+0xe/0x60 [ 497.901112][ C1] process_scheduled_works+0xa2c/0x1830 [ 497.906710][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 497.912759][ C1] ? assign_work+0x364/0x3d0 [ 497.917383][ C1] worker_thread+0x86d/0xd40 [ 497.922054][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 497.927984][ C1] ? __kthread_parkme+0x169/0x1d0 [ 497.933091][ C1] ? __pfx_worker_thread+0x10/0x10 [ 497.938239][ C1] kthread+0x2f0/0x390 [ 497.942381][ C1] ? __pfx_worker_thread+0x10/0x10 [ 497.947537][ C1] ? __pfx_kthread+0x10/0x10 [ 497.952223][ C1] ret_from_fork+0x4b/0x80 [ 497.956674][ C1] ? __pfx_kthread+0x10/0x10 [ 497.961353][ C1] ret_from_fork_asm+0x1a/0x30 [ 497.966182][ C1] [ 497.969264][ C1] DEBUG: holding rtnl_mutex for 612 jiffies. [ 497.975280][ C1] task:kworker/u8:0 state:D stack:18296 pid:11 tgid:11 ppid:2 flags:0x00004000 [ 497.985515][ C1] Workqueue: netns cleanup_net [ 497.990350][ C1] Call Trace: [ 497.993633][ C1] [ 497.996569][ C1] __schedule+0x1800/0x4a60 [ 498.001207][ C1] ? __pfx___schedule+0x10/0x10 [ 498.006095][ C1] ? __pfx_lock_release+0x10/0x10 [ 498.011187][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 498.017119][ C1] ? kthread_data+0x52/0xd0 [ 498.021689][ C1] ? wq_worker_sleeping+0x66/0x240 [ 498.026847][ C1] ? schedule+0x90/0x320 [ 498.031166][ C1] schedule+0x14b/0x320 [ 498.035356][ C1] synchronize_rcu_expedited+0x684/0x830 [ 498.041060][ C1] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 498.047260][ C1] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 498.052625][ C1] ? __pfx___might_resched+0x10/0x10 [ 498.057938][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 498.063999][ C1] ? __pfx_autoremove_wake_function+0x10/0x10 [ 498.070124][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 498.076473][ C1] synchronize_rcu+0x11b/0x360 [ 498.081328][ C1] ? __pfx_synchronize_rcu+0x10/0x10 [ 498.086665][ C1] lockdep_unregister_key+0x556/0x610 [ 498.092112][ C1] ? __pfx_lockdep_unregister_key+0x10/0x10 [ 498.098058][ C1] ? rcu_is_watching+0x15/0xb0 [ 498.102892][ C1] ? qdisc_reset+0x3bf/0x5b0 [ 498.107516][ C1] __qdisc_destroy+0x165/0x410 [ 498.112354][ C1] dev_shutdown+0x357/0x440 [ 498.116896][ C1] unregister_netdevice_many_notify+0x9c7/0x1d20 [ 498.123313][ C1] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 498.130158][ C1] ? unregister_netdevice_queue+0x26b/0x370 [ 498.136099][ C1] ? batadv_softif_destroy_netlink+0x1e0/0x270 [ 498.142325][ C1] default_device_exit_batch+0xa0f/0xa90 [ 498.148004][ C1] ? __pfx___might_resched+0x10/0x10 [ 498.153364][ C1] ? __pfx_default_device_exit_batch+0x10/0x10 [ 498.159603][ C1] ? cfg802154_pernet_exit+0xc3/0xe0 [ 498.164897][ C1] ? __pfx_default_device_exit_batch+0x10/0x10 [ 498.171123][ C1] cleanup_net+0x89d/0xcc0 [ 498.175594][ C1] ? __pfx_cleanup_net+0x10/0x10 [ 498.180617][ C1] ? process_scheduled_works+0x945/0x1830 [ 498.186372][ C1] process_scheduled_works+0xa2c/0x1830 [ 498.192019][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 498.198039][ C1] ? assign_work+0x364/0x3d0 [ 498.202719][ C1] worker_thread+0x86d/0xd40 [ 498.207357][ C1] ? __kthread_parkme+0x169/0x1d0 [ 498.212458][ C1] ? __pfx_worker_thread+0x10/0x10 [ 498.217618][ C1] kthread+0x2f0/0x390 [ 498.221785][ C1] ? __pfx_worker_thread+0x10/0x10 [ 498.226935][ C1] ? __pfx_kthread+0x10/0x10 [ 498.231615][ C1] ret_from_fork+0x4b/0x80 [ 498.236067][ C1] ? __pfx_kthread+0x10/0x10 [ 498.240756][ C1] ret_from_fork_asm+0x1a/0x30 [ 498.245570][ C1] [ 498.248600][ C1] [ 498.248600][ C1] Showing all locks held in the system: [ 498.256375][ C1] 5 locks held by kworker/u8:0/11: [ 498.261560][ C1] #0: ffff888015edd948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 498.272523][ C1] #1: ffffc90000107d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 498.283158][ C1] #2: ffffffff8f5f2c10 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 [ 498.292638][ C1] #3: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0xe9/0xa90 [ 498.302748][ C1] #4: ffffffff8e33ac38 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830 [ 498.313704][ C1] 3 locks held by kworker/u8:1/12: [ 498.318832][ C1] #0: ffff88802a65c948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 498.330571][ C1] #1: ffffc90000117d00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 498.343456][ C1] #2: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xd0/0x16f0 [ 498.352999][ C1] 1 lock held by dhcpcd/4764: [ 498.357675][ C1] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: devinet_ioctl+0x2ce/0x1bc0 [ 498.366897][ C1] 2 locks held by getty/4854: [ 498.371638][ C1] #0: ffff88802b1190a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 498.381469][ C1] #1: ffffc900031332f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 498.391670][ C1] 3 locks held by kworker/1:3/5150: [ 498.396900][ C1] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 498.399066][ T54] Bluetooth: hci3: command tx timeout [ 498.407935][ C1] #1: ffffc90004057d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 498.424396][ C1] #2: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 498.433461][ C1] 1 lock held by syz-executor/11059: [ 498.438770][ C1] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 498.448367][ C1] 1 lock held by syz.4.1031/11096: [ 498.453543][ C1] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: ipv6_route_ioctl+0x4cb/0x870 [ 498.462941][ C1] 1 lock held by syz.4.1031/11097: [ 498.468073][ C1] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: ipv6_route_ioctl+0x4cb/0x870 [ 498.477468][ C1] 2 locks held by syz.0.1038/11118: [ 498.482716][ C1] #0: ffffc90000a18c00 (net/core/rtnetlink.c:83){+.-.}-{0:0}, at: call_timer_fn+0xc0/0x650 [ 498.492883][ C1] #1: ffffffff8e335860 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 498.502826][ C1] 1 lock held by syz.1.1036/11120: [ 498.508242][ C1] #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180 [ 498.517820][ C1] 2 locks held by syz.1.1036/11121: [ 498.523064][ C1] #0: ffff88805581d678 (nlk_cb_mutex-ROUTE){+.+.}-{3:3}, at: __netlink_dump_start+0x119/0x780 [ 498.533527][ C1] #1: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_dumpit+0x9e/0x210 [ 498.542435][ C1] [ 498.544762][ C1] ============================================= [ 498.544762][ C1] [ 499.235428][T11120] netlink: 'syz.1.1036': attribute type 8 has an invalid length. [ 500.263169][T11133] warning: `syz.4.1040' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 500.474806][ T54] Bluetooth: hci3: command tx timeout [ 500.682890][T11144] Bluetooth: MGMT ver 1.23 [ 501.311333][T11059] chnl_net:caif_netlink_parms(): no params data found [ 501.358672][ T5151] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 501.586761][ T5151] usb 2-1: Using ep0 maxpacket: 32 [ 501.602610][ T54] Bluetooth: hci1: unexpected event for opcode 0x0411 [ 501.669495][ T5151] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 27, changing to 8 [ 501.718234][T11059] bridge0: port 1(bridge_slave_0) entered blocking state [ 501.727928][ T5151] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 16698, setting to 1024 [ 501.747273][T11059] bridge0: port 1(bridge_slave_0) entered disabled state [ 501.960157][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.979201][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.005199][T11059] bridge_slave_0: entered allmulticast mode [ 502.097762][ T5151] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 502.119515][T11059] bridge_slave_0: entered promiscuous mode [ 502.138982][ T5151] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 502.156082][T11059] bridge0: port 2(bridge_slave_1) entered blocking state [ 502.178469][T11059] bridge0: port 2(bridge_slave_1) entered disabled state [ 502.222036][ T5151] hub 2-1:4.0: USB hub found [ 502.241205][T11059] bridge_slave_1: entered allmulticast mode [ 502.271958][T11059] bridge_slave_1: entered promiscuous mode [ 502.468022][ T5151] hub 2-1:4.0: 2 ports detected [ 502.486425][ T5151] usb 2-1: selecting invalid altsetting 1 [ 502.498867][ T5151] hub 2-1:4.0: Using single TT (err -22) [ 502.505620][T11059] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 502.586646][T11059] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 502.618468][ T5151] hub 2-1:4.0: hub_hub_status failed (err = -71) [ 502.631055][ T5151] hub 2-1:4.0: config failed, can't get hub status (err -71) [ 502.741943][ T5151] usb 2-1: USB disconnect, device number 19 [ 502.846844][T11059] team0: Port device team_slave_0 added [ 502.877663][T11059] team0: Port device team_slave_1 added [ 503.146288][T11059] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 503.157025][T11059] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 503.382113][ T54] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 503.391078][ T54] Bluetooth: hci0: Injecting HCI hardware error event [ 503.402484][ T54] Bluetooth: hci0: hardware error 0x00 [ 503.931892][T11059] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 504.072060][T11059] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 504.117794][T11059] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 504.217588][T11059] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 504.520707][T11059] hsr_slave_0: entered promiscuous mode [ 504.562364][T11059] hsr_slave_1: entered promiscuous mode [ 504.595615][T11059] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 504.626004][T11059] Cannot create hsr debugfs directory [ 504.773756][T11219] loop4: detected capacity change from 0 to 512 [ 504.782540][T11219] FAT-fs (loop4): bogus logical sector size 0 [ 504.788663][T11219] FAT-fs (loop4): Can't find a valid FAT filesystem [ 505.501128][ T5155] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 505.509622][ T54] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 505.628631][T11221] Oops: stack segment: 0000 [#1] PREEMPT SMP KASAN PTI [ 505.628660][T11221] CPU: 0 UID: 0 PID: 11221 Comm: syz.4.1058 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0 [ 505.628679][T11221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 505.628690][T11221] RIP: 0010:bpf_xdp_redirect+0x59/0x1a0 SYZFAIL: failed to recv rpc fd=3 want=4 sent=0 n=0 (errno 9: Bad file descriptor) [ 505.628719][T11221] Code: 81 c3 00 18 00 00 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 b5 18 90 f8 48 8b 1b 4c 8d 63 38 4c 89 e5 48 c1 ed 03 <42> 0f b6 44 2d 00 84 c0 0f 85 d0 00 00 00 45 8b 34 24 44 89 f6 83 [ 505.628733][T11221] RSP: 0018:ffffc9000ca176f8 EFLAGS: 00010202 [ 505.628748][T11221] RAX: 1ffff110057326c0 RBX: 0000000000000000 RCX: 0000000000040000 [ 505.628759][T11221] RDX: ffffc900098f9000 RSI: 0000000000001aaf RDI: 0000000000001ab0 [ 505.628770][T11221] RBP: 0000000000000007 R08: ffffffff895fff80 R09: 1ffff11017288938 [ 505.628782][T11221] R10: dffffc0000000000 R11: ffffed1017288939 R12: 0000000000000038 [ 505.628793][T11221] R13: dffffc0000000000 R14: 1ffff92001942f21 R15: 0000000000000000 [ 505.628804][T11221] FS: 00007f6d22e876c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 505.628819][T11221] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 505.628830][T11221] CR2: 0000000020010000 CR3: 0000000079462000 CR4: 00000000003506f0 [ 505.628845][T11221] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 505.628854][T11221] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 505.628865][T11221] Call Trace: [ 505.628871][T11221] [ 505.628877][T11221] ? __die_body+0x88/0xe0 [ 505.628915][T11221] ? die+0xcf/0x110 [ 505.628946][T11221] ? do_trap+0x15a/0x3a0 [ 505.628980][T11221] ? do_error_trap+0x1dc/0x2c0 [ 505.629026][T11221] ? __pfx_do_error_trap+0x10/0x10 [ 505.629057][T11221] ? rcu_is_watching+0x15/0xb0 [ 505.629093][T11221] ? exc_stack_segment+0x38/0x50 [ 505.629117][T11221] ? asm_exc_stack_segment+0x26/0x30 [ 505.629139][T11221] ? bpf_prog_run_generic_xdp+0x5f0/0x14c0 [ 505.629164][T11221] ? bpf_xdp_redirect+0x59/0x1a0 [ 505.629187][T11221] ? bpf_xdp_redirect+0x25/0x1a0 [ 505.629216][T11221] bpf_prog_bd73926c2776e1d5+0x1a/0x1c [ 505.629230][T11221] bpf_prog_run_generic_xdp+0x679/0x14c0 [ 505.629264][T11221] do_xdp_generic+0x673/0xb90 [ 505.629288][T11221] ? __pfx_do_xdp_generic+0x10/0x10 [ 505.629307][T11221] ? tun_get_user+0x26c8/0x4560 [ 505.629329][T11221] ? tun_get_user+0x26c8/0x4560 [ 505.629343][T11221] tun_get_user+0x2805/0x4560 [ 505.629368][T11221] ? __pfx_tun_get_user+0x10/0x10 [ 505.629386][T11221] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 505.629402][T11221] ? tun_get+0x1e/0x2f0 [ 505.629424][T11221] ? tun_get+0x1e/0x2f0 [ 505.629437][T11221] ? tun_get+0x27d/0x2f0 [ 505.629452][T11221] tun_chr_write_iter+0x113/0x1f0 [ 505.629469][T11221] vfs_write+0xa72/0xc90 [ 505.629485][T11221] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 505.629500][T11221] ? __pfx_vfs_write+0x10/0x10 [ 505.629513][T11221] ? do_futex+0x33b/0x560 [ 505.629541][T11221] ksys_write+0x1a0/0x2c0 [ 505.629558][T11221] ? __pfx_ksys_write+0x10/0x10 [ 505.629572][T11221] ? do_syscall_64+0x100/0x230 [ 505.629588][T11221] ? do_syscall_64+0xb6/0x230 [ 505.629603][T11221] do_syscall_64+0xf3/0x230 [ 505.629616][T11221] ? clear_bhb_loop+0x35/0x90 [ 505.629636][T11221] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.629654][T11221] RIP: 0033:0x7f6d2217475f [ 505.629666][T11221] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 8c 02 00 48 [ 505.629679][T11221] RSP: 002b:00007f6d22e87010 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 505.629695][T11221] RAX: ffffffffffffffda RBX: 00007f6d22303f60 RCX: 00007f6d2217475f [ 505.629706][T11221] RDX: 000000000000fdef RSI: 0000000020000a40 RDI: 00000000000000c8 [ 505.629716][T11221] RBP: 00007f6d221e4e60 R08: 0000000000000000 R09: 0000000000000000 [ 505.629726][T11221] R10: 000000000000fdef R11: 0000000000000293 R12: 0000000000000000 [ 505.629736][T11221] R13: 000000000000000b R14: 00007f6d22303f60 R15: 00007ffed1402258 [ 505.629753][T11221] [ 505.629758][T11221] Modules linked in: [ 505.629851][T11221] ---[ end trace 0000000000000000 ]--- [ 505.792008][ T5155] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 505.796831][T11221] RIP: 0010:bpf_xdp_redirect+0x59/0x1a0 [ 505.796885][T11221] Code: 81 c3 00 18 00 00 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 b5 18 90 f8 48 8b 1b 4c 8d 63 38 4c 89 e5 48 c1 ed 03 <42> 0f b6 44 2d 00 84 c0 0f 85 d0 00 00 00 45 8b 34 24 44 89 f6 83 [ 505.796908][T11221] RSP: 0018:ffffc9000ca176f8 EFLAGS: 00010202 [ 505.796932][T11221] RAX: 1ffff110057326c0 RBX: 0000000000000000 RCX: 0000000000040000 [ 505.796955][T11221] RDX: ffffc900098f9000 RSI: 0000000000001aaf RDI: 0000000000001ab0 [ 505.796973][T11221] RBP: 0000000000000007 R08: ffffffff895fff80 R09: 1ffff11017288938 [ 505.796989][T11221] R10: dffffc0000000000 R11: ffffed1017288939 R12: 0000000000000038 [ 505.797007][T11221] R13: dffffc0000000000 R14: 1ffff92001942f21 R15: 0000000000000000 [ 505.797025][T11221] FS: 00007f6d22e876c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 505.797048][T11221] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 505.797065][T11221] CR2: 0000000020010000 CR3: 0000000079462000 CR4: 00000000003506f0 [ 505.797086][T11221] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 505.797102][T11221] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 505.797121][T11221] Kernel panic - not syncing: Fatal exception in interrupt [ 505.797364][T11221] Kernel Offset: disabled