last executing test programs: 2m0.854376681s ago: executing program 1 (id=814): r0 = syz_open_dev$dri(&(0x7f0000000200), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0], 0x4, 0x0, 0x0, 0xffffffffffffffff}) ioctl$SOUND_MIXER_READ_DEVMASK(r1, 0x80044dfe, &(0x7f0000000080)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) bind$alg(0xffffffffffffffff, 0x0, 0x0) setpriority(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffb000/0x2000)=nil, 0x2000, &(0x7f0000000000)='/dev/audio#\x00') sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = getpid() process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}], 0x1, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000140)={r4}, 0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={0xffffffffffffffff, 0x2f08, 0x0, 0x8, 0x0, &(0x7f0000000700)=""/8, 0x447, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0x0, 0x0, 0x0, 0x0, 0x5}, 0x48) getrandom(0x0, 0x0, 0x5176620f307ad1db) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r5 = syz_open_dev$vim2m(&(0x7f00000000c0), 0x3, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f0000000040)={0x6, 0x1, 0x1}) ioctl$vim2m_VIDIOC_STREAMOFF(r5, 0x40045612, &(0x7f0000000080)=0x1) ioctl$vim2m_VIDIOC_QBUF(r5, 0xc058560f, &(0x7f0000000140)=@multiplanar_fd={0x7, 0x1, 0x4, 0x1, 0x4, {0x77359400}, {0x3, 0x1, 0xfa, 0x5, 0x40, 0x80, "c45cbfd1"}, 0x6, 0x4, {&(0x7f0000000280)=[{0x40, 0x0, {}, 0xc1e}, {0x8000, 0x8, {r1}, 0x6}]}}) close(r5) 1m41.178871715s ago: executing program 1 (id=814): r0 = syz_open_dev$dri(&(0x7f0000000200), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0], 0x4, 0x0, 0x0, 0xffffffffffffffff}) ioctl$SOUND_MIXER_READ_DEVMASK(r1, 0x80044dfe, &(0x7f0000000080)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) bind$alg(0xffffffffffffffff, 0x0, 0x0) setpriority(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffb000/0x2000)=nil, 0x2000, &(0x7f0000000000)='/dev/audio#\x00') sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = getpid() process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}], 0x1, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000140)={r4}, 0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={0xffffffffffffffff, 0x2f08, 0x0, 0x8, 0x0, &(0x7f0000000700)=""/8, 0x447, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0x0, 0x0, 0x0, 0x0, 0x5}, 0x48) getrandom(0x0, 0x0, 0x5176620f307ad1db) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r5 = syz_open_dev$vim2m(&(0x7f00000000c0), 0x3, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f0000000040)={0x6, 0x1, 0x1}) ioctl$vim2m_VIDIOC_STREAMOFF(r5, 0x40045612, &(0x7f0000000080)=0x1) ioctl$vim2m_VIDIOC_QBUF(r5, 0xc058560f, &(0x7f0000000140)=@multiplanar_fd={0x7, 0x1, 0x4, 0x1, 0x4, {0x77359400}, {0x3, 0x1, 0xfa, 0x5, 0x40, 0x80, "c45cbfd1"}, 0x6, 0x4, {&(0x7f0000000280)=[{0x40, 0x0, {}, 0xc1e}, {0x8000, 0x8, {r1}, 0x6}]}}) close(r5) 1m19.926661308s ago: executing program 1 (id=814): r0 = syz_open_dev$dri(&(0x7f0000000200), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0], 0x4, 0x0, 0x0, 0xffffffffffffffff}) ioctl$SOUND_MIXER_READ_DEVMASK(r1, 0x80044dfe, &(0x7f0000000080)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) bind$alg(0xffffffffffffffff, 0x0, 0x0) setpriority(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffb000/0x2000)=nil, 0x2000, &(0x7f0000000000)='/dev/audio#\x00') sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = getpid() process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}], 0x1, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000140)={r4}, 0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={0xffffffffffffffff, 0x2f08, 0x0, 0x8, 0x0, &(0x7f0000000700)=""/8, 0x447, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0x0, 0x0, 0x0, 0x0, 0x5}, 0x48) getrandom(0x0, 0x0, 0x5176620f307ad1db) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r5 = syz_open_dev$vim2m(&(0x7f00000000c0), 0x3, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f0000000040)={0x6, 0x1, 0x1}) ioctl$vim2m_VIDIOC_STREAMOFF(r5, 0x40045612, &(0x7f0000000080)=0x1) ioctl$vim2m_VIDIOC_QBUF(r5, 0xc058560f, &(0x7f0000000140)=@multiplanar_fd={0x7, 0x1, 0x4, 0x1, 0x4, {0x77359400}, {0x3, 0x1, 0xfa, 0x5, 0x40, 0x80, "c45cbfd1"}, 0x6, 0x4, {&(0x7f0000000280)=[{0x40, 0x0, {}, 0xc1e}, {0x8000, 0x8, {r1}, 0x6}]}}) close(r5) 55.60714122s ago: executing program 1 (id=814): r0 = syz_open_dev$dri(&(0x7f0000000200), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0], 0x4, 0x0, 0x0, 0xffffffffffffffff}) ioctl$SOUND_MIXER_READ_DEVMASK(r1, 0x80044dfe, &(0x7f0000000080)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) bind$alg(0xffffffffffffffff, 0x0, 0x0) setpriority(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffb000/0x2000)=nil, 0x2000, &(0x7f0000000000)='/dev/audio#\x00') sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = getpid() process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}], 0x1, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000140)={r4}, 0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={0xffffffffffffffff, 0x2f08, 0x0, 0x8, 0x0, &(0x7f0000000700)=""/8, 0x447, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0x0, 0x0, 0x0, 0x0, 0x5}, 0x48) getrandom(0x0, 0x0, 0x5176620f307ad1db) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r5 = syz_open_dev$vim2m(&(0x7f00000000c0), 0x3, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f0000000040)={0x6, 0x1, 0x1}) ioctl$vim2m_VIDIOC_STREAMOFF(r5, 0x40045612, &(0x7f0000000080)=0x1) ioctl$vim2m_VIDIOC_QBUF(r5, 0xc058560f, &(0x7f0000000140)=@multiplanar_fd={0x7, 0x1, 0x4, 0x1, 0x4, {0x77359400}, {0x3, 0x1, 0xfa, 0x5, 0x40, 0x80, "c45cbfd1"}, 0x6, 0x4, {&(0x7f0000000280)=[{0x40, 0x0, {}, 0xc1e}, {0x8000, 0x8, {r1}, 0x6}]}}) close(r5) 31.225946608s ago: executing program 1 (id=814): r0 = syz_open_dev$dri(&(0x7f0000000200), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0], 0x4, 0x0, 0x0, 0xffffffffffffffff}) ioctl$SOUND_MIXER_READ_DEVMASK(r1, 0x80044dfe, &(0x7f0000000080)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) bind$alg(0xffffffffffffffff, 0x0, 0x0) setpriority(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffb000/0x2000)=nil, 0x2000, &(0x7f0000000000)='/dev/audio#\x00') sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = getpid() process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}], 0x1, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000140)={r4}, 0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={0xffffffffffffffff, 0x2f08, 0x0, 0x8, 0x0, &(0x7f0000000700)=""/8, 0x447, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0x0, 0x0, 0x0, 0x0, 0x5}, 0x48) getrandom(0x0, 0x0, 0x5176620f307ad1db) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r5 = syz_open_dev$vim2m(&(0x7f00000000c0), 0x3, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f0000000040)={0x6, 0x1, 0x1}) ioctl$vim2m_VIDIOC_STREAMOFF(r5, 0x40045612, &(0x7f0000000080)=0x1) ioctl$vim2m_VIDIOC_QBUF(r5, 0xc058560f, &(0x7f0000000140)=@multiplanar_fd={0x7, 0x1, 0x4, 0x1, 0x4, {0x77359400}, {0x3, 0x1, 0xfa, 0x5, 0x40, 0x80, "c45cbfd1"}, 0x6, 0x4, {&(0x7f0000000280)=[{0x40, 0x0, {}, 0xc1e}, {0x8000, 0x8, {r1}, 0x6}]}}) close(r5) 15.395076201s ago: executing program 4 (id=1360): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001280)='/proc/sysvipc/sem\x00', 0x0, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000040), 0x12, 0x80801) ioctl$USBDEVFS_RELEASEINTERFACE(r1, 0x80045519, 0xffffffffffffffff) openat2$dir(0xffffffffffffff9c, &(0x7f0000000740)='./file0\x00', &(0x7f0000000780)={0x8000, 0x53, 0x1}, 0x18) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0xf0, 0x0, &(0x7f0000000b40)=[@transaction_sg={0x40486311, {0x2, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000140)={@fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x1, &(0x7f0000000040)=""/134, 0x86, 0x2, 0x2f}, @fda={0x66646185, 0x7, 0x0, 0x17}}, &(0x7f00000001c0)={0x0, 0x18, 0x40}}, 0x400}, @acquire_done, @reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x61, 0x0, 0x0, 0x68, 0x18, &(0x7f00000003c0)={@ptr={0x70742a85, 0x2, &(0x7f0000000480)=""/130, 0x82, 0x1, 0x19}, @ptr={0x70742a85, 0x0, &(0x7f0000000540)=""/220, 0xdc, 0x2, 0x14}, @flat=@binder={0x73622a85, 0x1000}}, &(0x7f0000000640)={0x0, 0x28, 0x50}}}, @decrefs={0x40046307, 0xfffffffe}, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x70, 0x18, &(0x7f00000007c0)={@fda={0x66646185, 0x2, 0x2, 0xa}, @ptr={0x70742a85, 0x8000, &(0x7f0000000940)=""/255, 0xff, 0x1, 0x1d}, @ptr={0x70742a85, 0x1, &(0x7f0000000440)=""/4, 0x4, 0x0, 0x4}}, &(0x7f0000000840)={0x0, 0x20, 0x48}}}], 0x1d, 0x0, &(0x7f00000002c0)="4fc2f350c65313159058ba0597c9f428cb134730d4e54875ca1b4961d8"}) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000000), 0x4) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000900)={'syztnl0\x00', &(0x7f0000000880)={'syztnl1\x00', 0x0, 0x2f, 0x8, 0x89, 0xa58, 0x2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x1, 0x700, 0xe93a, 0x5}}) syz_emit_ethernet(0x8e, &(0x7f0000000a40)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa8100000086dd6008010800142f00fc010000000000000000000000000000fc01000000000000000000000000000000008906", @ANYRESHEX=r1, @ANYRESDEC=r2, @ANYBLOB="0000fdff00000000cefbe146ed5b5b5ee956d569d5aa140aec1b60b33b2dde1f0af118cb17f9b9a0ac45038be1585520378235ad0301000000da4b2356a82cb23ca9013ed7ade9b3f2a6032c2270c9e0274407eec820a75bfd28f46a2bcfc29f9a5a4e6de3f4eedd33c3999a877a7b8e845d65e57670"], 0x0) socket$inet6_udp(0xa, 0x2, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000380)=ANY=[@ANYBLOB="12010000ef7f9740066c79c4f77b0102030109021b000100000000090400000108050100090500000000000000"], 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000970000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000"], &(0x7f0000000680)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0x0, 0x6, 0x8, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) socket$netlink(0x10, 0x3, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket(0x11, 0x3, 0x0) socket(0x0, 0x3, 0x5) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_procs(r4, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0/file0\x00', 0x0) r5 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000380)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r5, &(0x7f0000000040), 0x12) 11.526299184s ago: executing program 4 (id=1376): syz_emit_ethernet(0x82, &(0x7f0000000240)={@multicast, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x74, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x5, 0x0, 0x0, 0xe0, 0x0, 0xe000, {0x16, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @dev, {[@rr={0x7, 0x3}, @lsrr={0x83, 0x3}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x0, [{@private=0xa01012f}, {@multicast1}, {@initdev={0xac, 0x1e, 0x0, 0x0}}, {@local}, {}, {@dev}, {@private}]}]}}}}}}}, 0x0) 9.869974428s ago: executing program 4 (id=1380): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$fou(&(0x7f0000001540), 0xffffffffffffffff) sendmsg$FOU_CMD_ADD(r0, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000001580)={0x28, r1, 0x1, 0x0, 0x0, {}, [@FOU_ATTR_AF={0x5, 0x2, 0xa}, @FOU_ATTR_TYPE={0x5}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}]}, 0x28}}, 0x0) 9.655173879s ago: executing program 4 (id=1383): r0 = syz_usb_connect$cdc_ecm(0x0, 0x76, &(0x7f0000000200)={{0x12, 0x1, 0x310, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x0, 0x0, 0xffffffffffff8001, 0x1, [{{0x9, 0x2, 0x64, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x12, 0x2, 0x6, 0x0, 0x0, {{0x5}, {0x5}, {0xd, 0x24, 0xf, 0x1, 0x4, 0x0, 0x7ff}, [@call_mgmt={0x5, 0x24, 0x1, 0x1, 0xd7}, @dmm={0x7, 0x24, 0x14, 0x8, 0x3}, @mbim_extended={0x8, 0x24, 0x1c, 0x8004, 0x3, 0x9}, @mbim={0xc, 0x24, 0x1b, 0x7, 0xffe, 0x0, 0x7, 0x81, 0x2}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x200, 0x1, 0x4, 0xcf}}], {{0x9, 0x5, 0x82, 0x2, 0x200, 0x7f}}, {{0x9, 0x5, 0x3, 0x2, 0x400, 0x0, 0x4, 0x4}}}}}]}}]}}, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x810}}]}) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r3}, 0x4) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) mount$binder(0x0, &(0x7f0000000000)='./file0/../file0\x00', &(0x7f00000001c0), 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='stats=']) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70500000800000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0) pwritev2(r4, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5406, 0x0, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x103042, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0xfffffdef) umount2(&(0x7f00000001c0)='./file0\x00', 0x0) getdents64(r2, 0x0, 0x4100) ioctl$BLKFRASET(r2, 0x1264, &(0x7f0000000140)=0x8) ioctl$RTC_SET_TIME(r1, 0x4024700a, &(0x7f0000000040)={0x0, 0x8000000, 0xa, 0x14, 0x0, 0x3e, 0x1}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) openat$pidfd(0xffffffffffffff9c, &(0x7f0000000480), 0x109242, 0x0) syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello') 8.459870767s ago: executing program 0 (id=1386): r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) write$UHID_CREATE2(r0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a00000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119) writev(r0, &(0x7f0000000780)=[{&(0x7f00000003c0)="0e000000", 0x4}], 0x1) 7.66253084s ago: executing program 0 (id=1389): r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$netlink(0x10, 0x3, 0x0) io_setup(0x6, &(0x7f0000000680)=0x0) r2 = socket$inet_sctp(0x2, 0x5, 0x84) r3 = socket$inet_udp(0x2, 0x2, 0x0) io_submit(r1, 0x2, &(0x7f0000000140)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x8, 0x0, r2, 0x0}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x1000, r3, 0x0, 0x0, 0x0, 0x0, 0x2}]) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, 0x0) ioctl$KVM_GET_SUPPORTED_CPUID(0xffffffffffffffff, 0xc008ae05, &(0x7f0000000340)=""/224) ptrace$ARCH_MAP_VDSO_64(0x1e, 0x0, 0x0, 0x2003) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(0xffffffffffffffff, 0x40505331, 0x0) syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) r5 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, 0x0) ioctl$DRM_IOCTL_MODE_GETCRTC(r5, 0xc06864a1, &(0x7f00000002c0)={0x0}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r5, 0xc00c642d, &(0x7f0000000100)) pipe2$watch_queue(&(0x7f0000001180)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) r8 = add_key(&(0x7f0000000000)='id_resolver\x00', &(0x7f0000000100)={'syz', 0x3}, &(0x7f0000000080)="f8", 0x1, 0xfffffffffffffffe) keyctl$KEYCTL_WATCH_KEY(0x20, r8, r6, 0x0) close$fd_v4l2_buffer(r7) pipe2$watch_queue(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) keyctl$KEYCTL_WATCH_KEY(0x20, r8, r9, 0x0) r10 = syz_genetlink_get_family_id$nl80211(&(0x7f000000b500), 0xffffffffffffffff) r11 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_NOACK_MAP(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000006c0)={0x24, r10, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r12}, @void}}, [@NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x80}]}, 0x24}}, 0x0) 6.537264009s ago: executing program 4 (id=1391): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r0, 0x0, 0x7, &(0x7f0000000180)=0x7f, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8000}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0xfffd) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(r3, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000000c0)=ANY=[@ANYBLOB="ec278ac0e901d7d12a1c4688b80e72824458c10770526462c19f2f4f15d40ed7f552fb65936b21d340fd96774fa221d537757e7e140e5897a634fedaf0632d", @ANYRES16=r2, @ANYBLOB="010800000000000000000b00000008000300", @ANYRES32, @ANYBLOB="1800508014000400ec4b8736747e49e1d75df69d59e35ced"], 0x34}}, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='debugfs\x00', 0x0, 0x0) r6 = inotify_init1(0x0) inotify_add_watch(r6, &(0x7f00000000c0)='./file0\x00', 0x6400000c) r7 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29212b0000140007"], 0x6c}}, 0x0) r8 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r4, r8, 0x0, 0x20000023896) gettid() timer_create(0x0, 0x0, 0x0) rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0) r9 = msgget$private(0x0, 0x0) msgsnd(r9, &(0x7f00000001c0)=ANY=[], 0x1a8, 0x0) msgsnd(0x0, &(0x7f0000000d00)=ANY=[@ANYRESHEX], 0x401, 0x0) 3.063331729s ago: executing program 0 (id=1393): r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) setsockopt$WPAN_WANTACK(r0, 0x0, 0x0, 0x0, 0x0) 2.817457172s ago: executing program 0 (id=1395): openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x2}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="180100001700000000000000a54b0000850000007500000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000000c0)='signal_generate\x00', r0}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0x4, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000000c0)='signal_generate\x00', r1}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000005c0)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) 2.802364512s ago: executing program 1 (id=814): r0 = syz_open_dev$dri(&(0x7f0000000200), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0], 0x4, 0x0, 0x0, 0xffffffffffffffff}) ioctl$SOUND_MIXER_READ_DEVMASK(r1, 0x80044dfe, &(0x7f0000000080)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) bind$alg(0xffffffffffffffff, 0x0, 0x0) setpriority(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffb000/0x2000)=nil, 0x2000, &(0x7f0000000000)='/dev/audio#\x00') sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = getpid() process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}], 0x1, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000140)={r4}, 0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={0xffffffffffffffff, 0x2f08, 0x0, 0x8, 0x0, &(0x7f0000000700)=""/8, 0x447, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0x0, 0x0, 0x0, 0x0, 0x5}, 0x48) getrandom(0x0, 0x0, 0x5176620f307ad1db) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r5 = syz_open_dev$vim2m(&(0x7f00000000c0), 0x3, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f0000000040)={0x6, 0x1, 0x1}) ioctl$vim2m_VIDIOC_STREAMOFF(r5, 0x40045612, &(0x7f0000000080)=0x1) ioctl$vim2m_VIDIOC_QBUF(r5, 0xc058560f, &(0x7f0000000140)=@multiplanar_fd={0x7, 0x1, 0x4, 0x1, 0x4, {0x77359400}, {0x3, 0x1, 0xfa, 0x5, 0x40, 0x80, "c45cbfd1"}, 0x6, 0x4, {&(0x7f0000000280)=[{0x40, 0x0, {}, 0xc1e}, {0x8000, 0x8, {r1}, 0x6}]}}) close(r5) 1.577227934s ago: executing program 0 (id=1397): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff}, 0x0) syz_emit_ethernet(0x176, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaa48847000000000000000000000000603f599001340600fe8000000000000000000000000000aafe8000000000000000000000000000000000000000000000c204000000000000000c000000000000fc02000000000000000000000000000000000000000000000000ffff00000000fe800000000000000000000000000000fe80000000000000000000000000000000000000000000000000000000000000fc00"/190, @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="50000000907800006c3e4af6e95497a4e1f23137ae5d9ab0d6a6a3ff1ff52b15b109af0f93abe7bddfe72723968479f91c26bda6d7d589fb8cb68c4f8760051117d27ab8434eb2818254ab55825a80ba277e953c42c3e3a34d6f1998abd85935442e96e25dc77ffb0469578ffae16aa69caf18e96b08085370c0c242147969cf393604407755c55c4b539a2e36241dc73a3d65b8b2585660c1365e7ec6c7a536a08d21e53aa4e60cad0bd8eb60a00943"], 0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000480)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) write$P9_RLERRORu(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="8b"], 0x53) write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f00000008c0)={0xe, 0x18, 0xfa00, @ib_path={0x0}}, 0x20) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x75, 0x0, 0xa, 0x0, 0x0, 0x0, {}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x2c, 0x16, 0xa, 0x0, 0x0, 0x0, {}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}]}, @NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x0, 0xb00, 0x0, {}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HANDLE={0xc}]}], {0x14, 0x10}}, 0xa0}}, 0x0) write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000800000003003c02ffffffef3501"], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000540)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[], [], 0x6b}}) 1.576188539s ago: executing program 2 (id=1398): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f00000000c0)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={r0, 0xffffffffffffffff, 0x2d, 0x0, @void}, 0x10) 1.575431816s ago: executing program 3 (id=1399): r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) write$UHID_CREATE2(r0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a00000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119) writev(r0, &(0x7f0000000780)=[{&(0x7f00000003c0)="0e000000", 0x4}], 0x1) 1.5533975s ago: executing program 4 (id=1400): syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000d5e9bd40eb030200c0ba050000010902115c01000000000904000001b504b100090581"], 0x0) socket$inet_sctp(0x2, 0x0, 0x84) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f00000000c0)=0x7) io_uring_register$IORING_REGISTER_RESTRICTIONS(0xffffffffffffffff, 0xb, &(0x7f0000000040)=[@ioring_restriction_sqe_op, @ioring_restriction_sqe_flags_allowed, @ioring_restriction_sqe_flags_allowed], 0x3) r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, &(0x7f00000001c0)={@my=0x0}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) dup3(r1, r2, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0) sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IP_VS_SO_SET_DEL(r3, 0x0, 0x484, &(0x7f0000000140)={0xc, @remote, 0x4e20, 0x2, 'fo\x00', 0x10, 0x100}, 0x2c) getsockname$l2tp(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x0, @private}, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f00000002c0)) r4 = dup(r0) ioctl$IOCTL_VMCI_INIT_CONTEXT(r4, 0x7a0, &(0x7f0000000040)={@my=0x0}) r5 = syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0) ioctl$EVIOCGKEYCODE_V2(r5, 0x80284504, &(0x7f0000000040)=""/95) 1.399359915s ago: executing program 2 (id=1401): bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1}, 0x48) socket$inet_udp(0x2, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x0, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x0, 0x1}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0), 0x48) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r0, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70) 1.398630713s ago: executing program 3 (id=1402): futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000280)={0x77359400}, &(0x7f0000048000), 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]}) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x21}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) 1.26176328s ago: executing program 2 (id=1403): socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$smackfs_load(0xffffffffffffff9c, &(0x7f0000000080)='/sys/fs/smackfs/load-self2\x00', 0x2, 0x0) write$binfmt_script(r0, &(0x7f00000001c0)={'#! ', './file0', [{0x20, 'Awbl'}]}, 0x10) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, 0x0}) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) connect$bt_l2cap(r1, &(0x7f0000000040)={0x1f, 0x0, @none}, 0xe) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) connect$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @empty}, 0x10) socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_emit_ethernet(0x46, &(0x7f0000000000)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @loopback, @loopback}, "00186371ae9b1c03"}}}}}, 0x0) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f0000000380)={0x0}) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r3, 0xc0182101, &(0x7f0000000180)={r4, 0x0, 0x4}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f00000004c0)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r3, 0x40182103, &(0x7f0000000080)={r5, 0x3, r3, 0x5}) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) get_mempolicy(&(0x7f0000000100), &(0x7f0000000280), 0x101, &(0x7f0000ffc000/0x4000)=nil, 0x3) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, 0x0, 0x0, 0x0) ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x4048aec9, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1fb}, 0x0, 0x0) socket$igmp(0x2, 0x3, 0x2) socket$packet(0x11, 0x2, 0x300) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) 642.102752ms ago: executing program 0 (id=1404): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$kcm(0x29, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000180)="0f08440f20c03506000000440f22c0660f06c74424002b010000c7442402620000000f20d826460f080f22d866450f3821cd66ed66baf80cb8ec2b148fef66bafc0c66b8090066ef9c42f467260f4d3666ba2100", 0xaa}], 0x1, 0x2d, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000040)={0x0, 0x114000}) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000040)={0xa, 0x0, 0x0, @private2}, 0x1c) ioctl$KVM_RUN(r3, 0xae80, 0x0) 362.026299ms ago: executing program 3 (id=1405): r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) setsockopt$WPAN_WANTACK(r0, 0x0, 0x0, 0x0, 0x0) 341.651174ms ago: executing program 2 (id=1406): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-224\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) read$alg(r1, &(0x7f0000000100)=""/194, 0xc2) 236.462121ms ago: executing program 3 (id=1407): syz_emit_ethernet(0x46, &(0x7f0000000000)={@link_local={0x3, 0x80, 0xc2, 0x18}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x5, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @loopback, @loopback}, "00186371ae9b1c03"}}}}}, 0x0) 180.904471ms ago: executing program 2 (id=1408): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) listen(r0, 0x0) syz_emit_ethernet(0x8a, &(0x7f0000000040)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '(#\a', 0x54, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0xd, 0xc2, 0x0, 0x0, 0x0, {[@timestamp={0x22, 0xa}, @sack_perm={0x4, 0x2}, @window={0x3, 0x3}, @timestamp={0x8, 0xa}, @generic={0x2, 0x4, "67ca"}, @mptcp=@synack={0x1e, 0x10}, @mptcp=@synack={0x1e, 0x10}]}}}}}}}}, 0x0) 57.997137ms ago: executing program 3 (id=1409): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0xe, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000010000000000000000000000a5000000a000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xb9) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x12, 0x7, 0x8, 0x22}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000400)={@map=r2, r1, 0x5}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0xe, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000a40)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000400)={@map=r2, r3, 0x4}, 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={r2, &(0x7f0000000000), &(0x7f0000000040)=@udp=r0}, 0x20) 6.099692ms ago: executing program 3 (id=1410): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r0, 0x0, 0x7, &(0x7f0000000180)=0x7f, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8000}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0xfffd) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_KEY(r3, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000000c0)=ANY=[@ANYBLOB="ec278ac0e901d7d12a1c4688b80e72824458c10770526462c19f2f4f15d40ed7f552fb65936b21d340fd96774fa221d537757e7e140e5897a634fedaf0632d", @ANYRES16=r2, @ANYBLOB="010800000000000000000b00000008000300", @ANYRES32, @ANYBLOB="1800508014000400ec4b8736747e49e1d75df69d59e35ced"], 0x34}}, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='debugfs\x00', 0x0, 0x0) r6 = inotify_init1(0x0) inotify_add_watch(r6, &(0x7f00000000c0)='./file0\x00', 0x6400000c) r7 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29212b0000140007"], 0x6c}}, 0x0) r8 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r4, r8, 0x0, 0x20000023896) gettid() timer_create(0x0, 0x0, 0x0) rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0) r9 = msgget$private(0x0, 0x0) msgsnd(r9, &(0x7f00000001c0)=ANY=[], 0x1a8, 0x0) msgsnd(0x0, &(0x7f0000000d00)=ANY=[@ANYRESHEX], 0x401, 0x0) 0s ago: executing program 2 (id=1411): r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r1 = userfaultfd(0x801) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() r3 = openat$smackfs_change_rule(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) write$binfmt_script(r3, &(0x7f0000000400)={'#! ', './file1', [{0x20, 'lRB\xab^|\xd2F\xce\xe8\xdf\xe7\xb8\xc39*8m\xcc<\xdeb\xff\xed\xe0\x80\x98\xf3\xc0\xef\xd0lcG!\xa8\x7f\xee\x0e\xad{\x1c\x82\b\"\x03\xcc\xd1\x1ao\xba\x19\xdeS2\x94\xd7Y\xad\x9c\x9e\x1a\xda\x875\xf3\xb8\xac0\xb0S\xd9\r\x1d\x82\xcaav\x15h\x1dm\xa6\xa8\xbc\xb2J\xb0\x82\\\x98\x02p\xae\x9eD=\x9do\x9d\xcb\x85\xed\x15|\x9e\x8f\x9c\x94\xf0\xb4\xc5,Q\xf6\xd3\f\xd35\xe3?a\xc0*\xe6\x96\x9b:V\"\xe0(%G\xf1\x02\xdf-\x88\xa5\xf5#W\xcc\x8aq\x9e\xa3\x9a\xac\x95\xba\xc4c\a\x02\xc4'}]}, 0xa9) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) r4 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) ioctl$IOCTL_VMCI_GET_CONTEXT_ID(r4, 0x7b3, &(0x7f0000000280)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000bcc000/0x4000)=nil, 0x4000}}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) r7 = syz_io_uring_setup(0x7a3e, &(0x7f00000004c0)={0x0, 0x8000, 0x10100, 0x80000}, &(0x7f0000000040), &(0x7f0000000380)=0x0) syz_io_uring_setup(0x1864, &(0x7f00000003c0), &(0x7f0000000000)=0x0, &(0x7f0000000180)) syz_io_uring_submit(r9, r8, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54}) io_uring_enter(r7, 0x184c, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x202ddd, &(0x7f0000000080), 0x0, &(0x7f0000000140)) r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r10, 0x8933, &(0x7f00000000c0)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_KEY(r10, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001080)={0x3c, r11, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r12}, @NL802154_ATTR_SEC_KEY={0x20, 0x30, 0x0, 0x1, [@NL802154_KEY_ATTR_USAGE_FRAMES={0x5}, @NL802154_KEY_ATTR_BYTES={0x14, 0x4, "3205842adf2189591b0ca215d08f1191"}]}]}, 0x3c}}, 0x0) r13 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r13, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000340)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_MIIMON={0x8, 0xe, 0x9cc}]}}}]}, 0x3c}}, 0x0) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000080)={0x2, 0x2, 0x1}) kernel console output (not intermixed with test programs): [ 268.956513][ T5270] gs_usb 1-1:0.0: Couldn't get extended bit timing const for channel 0 (-EPROTO) [ 268.978682][ T5270] gs_usb 1-1:0.0: probe with driver gs_usb failed with error -71 [ 268.998619][ T5270] usb 1-1: USB disconnect, device number 16 [ 269.237374][ T8391] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 269.318714][ T8391] veth0_vlan: entered promiscuous mode [ 269.338930][ T8391] veth1_vlan: entered promiscuous mode [ 269.380136][ T8391] veth0_macvtap: entered promiscuous mode [ 269.397978][ T8391] veth1_macvtap: entered promiscuous mode [ 269.425412][ T8391] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 269.437104][ T8391] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 269.447443][ T8391] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 269.459880][ T8391] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 269.470154][ T8391] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 269.481306][ T8391] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 269.491377][ T8391] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 269.501972][ T8391] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 269.516699][ T8391] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 269.537145][ T8391] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 269.562245][ T8391] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 269.586643][ T8391] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 269.606641][ T8391] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 269.618518][ T8391] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 269.651936][ T8391] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 269.677615][ T8391] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 269.702219][ T8391] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 269.728765][ T8391] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 269.890926][ T8391] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 269.900300][ T8391] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 269.912108][ T8391] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.066028][ T8611] vim2m vim2m.0: vidioc_s_fmt queue busy [ 270.604763][ T8391] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 272.075107][ T7384] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 272.112519][ T7384] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 272.248565][ T7384] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 272.275209][ T7384] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 272.798154][ T8652] netlink: 12 bytes leftover after parsing attributes in process `syz.2.877'. [ 273.289158][ T8648] ebtables: ebtables: counters copy to user failed while replacing table [ 273.513965][ T5230] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 273.526141][ T5230] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 273.534730][ T5230] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 273.543551][ T5230] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 273.557820][ T5230] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 273.565202][ T5230] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 273.805146][ T8677] netlink: 'syz.2.882': attribute type 1 has an invalid length. [ 276.087522][ T5221] Bluetooth: hci0: command tx timeout [ 277.670801][ T8667] chnl_net:caif_netlink_parms(): no params data found [ 277.871485][ T8714] ebtables: ebtables: counters copy to user failed while replacing table [ 278.096641][ T5221] Bluetooth: hci0: command tx timeout [ 278.146648][ T8667] bridge0: port 1(bridge_slave_0) entered blocking state [ 278.166577][ T8667] bridge0: port 1(bridge_slave_0) entered disabled state [ 278.179586][ T8667] bridge_slave_0: entered allmulticast mode [ 278.197437][ T8667] bridge_slave_0: entered promiscuous mode [ 278.210059][ T8667] bridge0: port 2(bridge_slave_1) entered blocking state [ 278.232415][ T8667] bridge0: port 2(bridge_slave_1) entered disabled state [ 278.253036][ T8667] bridge_slave_1: entered allmulticast mode [ 278.267454][ T8667] bridge_slave_1: entered promiscuous mode [ 278.409945][ T8667] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 278.428731][ T8739] overlay: filesystem on ./bus is read-only [ 278.440672][ T8667] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 278.603387][ T8667] team0: Port device team_slave_0 added [ 278.637450][ T8667] team0: Port device team_slave_1 added [ 279.066987][ T8755] netlink: 12 bytes leftover after parsing attributes in process `syz.0.897'. [ 279.350181][ T8747] netlink: 8 bytes leftover after parsing attributes in process `syz.4.896'. [ 279.373218][ T8667] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 279.416515][ T8667] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 279.566280][ T8667] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 279.598813][ T8667] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 279.605794][ T8667] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 279.699165][ T8667] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 279.840046][ T2990] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 280.059091][ T2990] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 280.178203][ T5221] Bluetooth: hci0: command tx timeout [ 280.698210][ T2990] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 280.737954][ T8667] hsr_slave_0: entered promiscuous mode [ 280.756699][ T8667] hsr_slave_1: entered promiscuous mode [ 280.792686][ T8667] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 280.808762][ T8667] Cannot create hsr debugfs directory [ 280.870758][ T2990] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 280.876994][ T5230] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 280.903467][ T5230] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 280.916771][ T5230] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 280.924771][ T5230] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 280.932954][ T5230] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 280.940556][ T5230] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 281.144042][ T5230] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 281.156583][ T5230] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 281.164661][ T5230] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 281.172905][ T5230] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 281.181945][ T5230] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 281.191188][ T5230] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 281.466720][ T8667] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 281.521154][ T2990] bridge_slave_1: left allmulticast mode [ 281.526994][ T2990] bridge_slave_1: left promiscuous mode [ 281.536140][ T2990] bridge0: port 2(bridge_slave_1) entered disabled state [ 281.575620][ T2990] bridge_slave_0: left allmulticast mode [ 281.597917][ T2990] bridge_slave_0: left promiscuous mode [ 281.603998][ T2990] bridge0: port 1(bridge_slave_0) entered disabled state [ 282.339422][ T5221] Bluetooth: hci0: command tx timeout [ 282.978387][ T5221] Bluetooth: hci3: command tx timeout [ 283.301830][ T5221] Bluetooth: hci5: command tx timeout [ 283.577376][ T2990] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 283.600603][ T2990] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 283.619920][ T2990] bond0 (unregistering): Released all slaves [ 283.699035][ T8667] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.851493][ T8667] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.885817][ T8811] input: syz0 as /devices/virtual/input/input32 [ 283.989967][ T8806] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.907'. [ 284.000143][ T8806] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 284.008941][ T8806] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 284.054939][ T8667] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 284.324325][ T2990] hsr_slave_0: left promiscuous mode [ 284.334410][ T2990] hsr_slave_1: left promiscuous mode [ 284.396570][ T2990] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 284.423630][ T2990] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 284.494486][ T2990] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 284.536411][ T2990] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 284.588550][ T2990] veth1_macvtap: left promiscuous mode [ 284.594134][ T2990] veth0_macvtap: left promiscuous mode [ 284.615539][ T2990] veth1_vlan: left promiscuous mode [ 284.647817][ T2990] veth0_vlan: left promiscuous mode [ 284.699863][ T8839] CUSE: DEVNAME unspecified [ 284.829345][ T8837] netlink: 8 bytes leftover after parsing attributes in process `syz.0.914'. [ 285.066675][ T5221] Bluetooth: hci3: command tx timeout [ 285.185862][ T2990] team0 (unregistering): Port device team_slave_1 removed [ 285.186593][ T5272] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 285.233119][ T2990] team0 (unregistering): Port device team_slave_0 removed [ 285.395834][ T5221] Bluetooth: hci5: command tx timeout [ 285.411945][ T5272] usb 1-1: Using ep0 maxpacket: 16 [ 285.421362][ T5272] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 285.433267][ T5272] usb 1-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 285.442860][ T5272] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 285.454016][ T5272] usb 1-1: config 0 descriptor?? [ 285.910408][ T8837] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 285.928629][ T8837] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 285.942960][ T8786] chnl_net:caif_netlink_parms(): no params data found [ 285.994709][ T5272] hid (null): unknown global tag 0x83 [ 286.033239][ T5272] hid (null): unknown global tag 0xc [ 286.044711][ T5272] hid-generic 0003:0158:0100.0011: unknown main item tag 0x1 [ 286.063837][ T5272] hid-generic 0003:0158:0100.0011: unexpected long global item [ 286.079100][ T8667] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 286.092745][ T5272] hid-generic 0003:0158:0100.0011: probe with driver hid-generic failed with error -22 [ 286.166019][ T8667] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 286.209785][ T8667] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 286.263365][ T8780] chnl_net:caif_netlink_parms(): no params data found [ 286.307189][ T8667] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 286.323361][ T8837] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 286.332104][ T8837] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 286.531632][ T8786] bridge0: port 1(bridge_slave_0) entered blocking state [ 286.542303][ T8786] bridge0: port 1(bridge_slave_0) entered disabled state [ 286.554935][ T8786] bridge_slave_0: entered allmulticast mode [ 286.563773][ T8786] bridge_slave_0: entered promiscuous mode [ 286.572866][ T8786] bridge0: port 2(bridge_slave_1) entered blocking state [ 286.580640][ T8786] bridge0: port 2(bridge_slave_1) entered disabled state [ 286.589852][ T8786] bridge_slave_1: entered allmulticast mode [ 286.607401][ T8786] bridge_slave_1: entered promiscuous mode [ 286.834300][ T8786] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 286.848300][ T8786] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 286.862894][ T8780] bridge0: port 1(bridge_slave_0) entered blocking state [ 286.876608][ T8780] bridge0: port 1(bridge_slave_0) entered disabled state [ 286.884594][ T8780] bridge_slave_0: entered allmulticast mode [ 286.892944][ T8780] bridge_slave_0: entered promiscuous mode [ 286.923236][ T2990] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 286.967241][ C0] eth0: bad gso: type: 1, size: 1408 [ 287.027852][ T8780] bridge0: port 2(bridge_slave_1) entered blocking state [ 287.035017][ T8780] bridge0: port 2(bridge_slave_1) entered disabled state [ 287.042948][ T8780] bridge_slave_1: entered allmulticast mode [ 287.050910][ T8780] bridge_slave_1: entered promiscuous mode [ 287.138056][ T5221] Bluetooth: hci3: command tx timeout [ 287.149533][ T2990] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 287.175302][ T8786] team0: Port device team_slave_0 added [ 287.204408][ T8780] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 287.218969][ T8780] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 287.259394][ T2990] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 287.283185][ T8786] team0: Port device team_slave_1 added [ 287.456576][ T5221] Bluetooth: hci5: command tx timeout [ 287.511331][ T2990] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 287.584741][ T8780] team0: Port device team_slave_0 added [ 287.605400][ T8786] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 287.621507][ T8786] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 287.650415][ T8786] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 287.678448][ T8786] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 287.685422][ T8786] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 287.737362][ T8786] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 287.744141][ T1167] usb 1-1: USB disconnect, device number 17 [ 287.762653][ T8780] team0: Port device team_slave_1 added [ 287.974777][ T8780] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 287.993735][ T8780] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 288.045947][ T8780] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 288.059840][ T8780] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 288.067082][ T8780] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 288.094269][ T8780] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 288.121279][ T8897] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.924'. [ 288.137085][ T8897] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 288.145379][ T8897] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 288.247240][ T8786] hsr_slave_0: entered promiscuous mode [ 288.255683][ T8786] hsr_slave_1: entered promiscuous mode [ 288.263097][ T8786] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 288.271949][ T8786] Cannot create hsr debugfs directory [ 288.530109][ T8780] hsr_slave_0: entered promiscuous mode [ 288.563735][ T8780] hsr_slave_1: entered promiscuous mode [ 288.590039][ T8780] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 288.608512][ T8780] Cannot create hsr debugfs directory [ 288.663905][ T2990] bridge_slave_1: left allmulticast mode [ 288.685978][ T2990] bridge_slave_1: left promiscuous mode [ 288.703601][ T2990] bridge0: port 2(bridge_slave_1) entered disabled state [ 288.718466][ T2990] bridge_slave_0: left allmulticast mode [ 288.745177][ T2990] bridge_slave_0: left promiscuous mode [ 288.758247][ T2990] bridge0: port 1(bridge_slave_0) entered disabled state [ 288.977801][ T8920] ALSA: seq fatal error: cannot create timer (-22) [ 289.216472][ T5221] Bluetooth: hci3: command tx timeout [ 289.548152][ T5221] Bluetooth: hci5: command tx timeout [ 289.585093][ T2990] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 289.634829][ T2990] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 289.688686][ T2990] bond0 (unregistering): Released all slaves [ 289.724838][ T2990] bond1 (unregistering): Released all slaves [ 289.919623][ T8667] 8021q: adding VLAN 0 to HW filter on device bond0 [ 290.354236][ T8667] 8021q: adding VLAN 0 to HW filter on device team0 [ 290.472223][ T2990] hsr_slave_0: left promiscuous mode [ 290.478536][ T2990] hsr_slave_1: left promiscuous mode [ 290.501552][ T2990] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 290.516466][ T2990] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 290.537426][ T2990] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 290.544880][ T2990] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 290.594239][ T2990] veth1_macvtap: left promiscuous mode [ 290.600806][ T2990] veth0_macvtap: left promiscuous mode [ 290.606762][ T2990] veth1_vlan: left promiscuous mode [ 290.612105][ T2990] veth0_vlan: left promiscuous mode [ 291.193782][ T2990] team0 (unregistering): Port device team_slave_1 removed [ 291.241981][ T2990] team0 (unregistering): Port device team_slave_0 removed [ 291.408199][ T5231] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 291.597221][ T5231] usb 1-1: Using ep0 maxpacket: 16 [ 291.604213][ T5231] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 291.615342][ T5231] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 291.634125][ T5231] usb 1-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00 [ 291.664673][ T5231] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 291.675754][ T5231] usb 1-1: config 0 descriptor?? [ 291.715919][ T5272] bridge0: port 1(bridge_slave_0) entered blocking state [ 291.723183][ T5272] bridge0: port 1(bridge_slave_0) entered forwarding state [ 291.760223][ T5272] bridge0: port 2(bridge_slave_1) entered blocking state [ 291.767494][ T5272] bridge0: port 2(bridge_slave_1) entered forwarding state [ 292.122371][ T5231] playstation 0003:054C:05C4.0012: hidraw0: USB HID v0.00 Device [HID 054c:05c4] on usb-dummy_hcd.0-1/input0 [ 292.313883][ T5231] playstation 0003:054C:05C4.0012: Invalid byte count transferred, expected 16 got 0 [ 292.346581][ T5231] playstation 0003:054C:05C4.0012: Failed to retrieve DualShock4 pairing info: -22 [ 292.365791][ T5231] playstation 0003:054C:05C4.0012: Failed to get MAC address from DualShock4 [ 292.380953][ T8786] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 292.395474][ T5231] playstation 0003:054C:05C4.0012: Failed to create dualshock4. [ 292.408065][ T8786] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 292.441460][ T5231] playstation 0003:054C:05C4.0012: probe with driver playstation failed with error -22 [ 292.510568][ T8786] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 292.550302][ T8667] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 292.576162][ T8975] netlink: 24 bytes leftover after parsing attributes in process `syz.4.935'. [ 292.613956][ T5272] usb 1-1: USB disconnect, device number 18 [ 292.621229][ T8786] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 292.683094][ T8976] bridge0: port 3(macvlan2) entered blocking state [ 292.690834][ T8976] bridge0: port 3(macvlan2) entered disabled state [ 292.699958][ T8976] macvlan2: entered allmulticast mode [ 292.712889][ T8976] macvlan2: entered promiscuous mode [ 292.742586][ T8975] macvlan2 (unregistering): left allmulticast mode [ 292.751554][ T8975] macvlan2 (unregistering): left promiscuous mode [ 292.758271][ T8975] bridge0: port 3(macvlan2) entered disabled state [ 292.938205][ T8667] veth0_vlan: entered promiscuous mode [ 293.034542][ T8667] veth1_vlan: entered promiscuous mode [ 293.117004][ T8780] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 293.134525][ T8780] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 293.194585][ T8780] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 293.208006][ T8780] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 293.239768][ T8667] veth0_macvtap: entered promiscuous mode [ 293.389835][ T8786] 8021q: adding VLAN 0 to HW filter on device bond0 [ 293.425640][ T8667] veth1_macvtap: entered promiscuous mode [ 293.622928][ T8989] netlink: 16 bytes leftover after parsing attributes in process `syz.4.938'. [ 293.869922][ T8786] 8021q: adding VLAN 0 to HW filter on device team0 [ 293.892625][ T8987] netlink: 12 bytes leftover after parsing attributes in process `syz.0.937'. [ 293.970368][ T8667] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 294.002507][ T8667] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 294.042542][ T8667] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 294.109486][ T8667] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 294.142757][ T8667] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 294.153802][ T8667] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 294.165876][ T8667] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 294.224066][ T8667] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 294.246722][ T8667] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 294.266357][ T8667] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 294.286286][ T8667] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 294.302755][ T8667] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 294.315418][ T8667] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 294.342981][ T8667] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 294.365993][ T9001] CUSE: DEVNAME unspecified [ 294.375110][ T8667] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 294.389927][ T8667] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 294.399264][ T8667] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 294.408886][ T8667] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 294.441214][ T5274] bridge0: port 1(bridge_slave_0) entered blocking state [ 294.448436][ T5274] bridge0: port 1(bridge_slave_0) entered forwarding state [ 294.463349][ T5274] bridge0: port 2(bridge_slave_1) entered blocking state [ 294.470539][ T5274] bridge0: port 2(bridge_slave_1) entered forwarding state [ 294.502397][ T9003] netlink: 'syz.0.943': attribute type 10 has an invalid length. [ 294.522632][ T9005] netlink: 28 bytes leftover after parsing attributes in process `syz.0.943'. [ 294.545900][ T9003] team0: Failed to send options change via netlink (err -105) [ 294.557873][ T9003] team0: Port device netdevsim0 added [ 294.600164][ T5231] team0: Failed to send port change of device netdevsim0 via netlink (err -105) [ 294.733383][ T8780] 8021q: adding VLAN 0 to HW filter on device bond0 [ 294.769433][ T9007] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 294.771244][ T8780] 8021q: adding VLAN 0 to HW filter on device team0 [ 294.788397][ T9007] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 294.808060][ T9007] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 294.837049][ T5273] bridge0: port 1(bridge_slave_0) entered blocking state [ 294.844211][ T5273] bridge0: port 1(bridge_slave_0) entered forwarding state [ 294.855932][ T9007] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 294.875776][ T9007] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 294.884031][ T9007] Bluetooth: hci5: Error when powering off device on rfkill (-4) [ 294.892048][ T5269] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 294.912689][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 294.919868][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 295.116654][ T5269] usb 1-1: Using ep0 maxpacket: 8 [ 295.125397][ T5269] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 295.136911][ T8780] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 295.158362][ T5269] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 295.189597][ T5269] usb 1-1: config 1 has no interface number 1 [ 295.197205][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 295.231338][ T5269] usb 1-1: too many endpoints for config 1 interface 2 altsetting 220: 113, using maximum allowed: 30 [ 295.256432][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 295.283251][ T5269] usb 1-1: config 1 interface 2 altsetting 220 has 0 endpoint descriptors, different from the interface descriptor's value: 113 [ 295.338253][ T5269] usb 1-1: config 1 interface 2 has no altsetting 0 [ 295.398959][ T5269] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 295.442531][ T5269] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 295.472292][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 295.505674][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 295.506286][ T5269] usb 1-1: Product: 쑿퉈à¨ì‘» [ 295.608051][ T9029] hub 6-0:1.0: USB hub found [ 295.613745][ T9029] hub 6-0:1.0: 1 port detected [ 296.220754][ T8786] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 296.312366][ T5269] usb 1-1: Manufacturer: Ñ„ [ 296.317588][ T5269] usb 1-1: SerialNumber: syz [ 296.522221][ T8786] veth0_vlan: entered promiscuous mode [ 296.535456][ T8780] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 296.604245][ T8786] veth1_vlan: entered promiscuous mode [ 296.644770][ T5269] usb 1-1: USB disconnect, device number 19 [ 296.677989][ T9040] hsr0: entered promiscuous mode [ 296.684674][ T9040] macvlan2: entered allmulticast mode [ 296.692334][ T9040] hsr0: entered allmulticast mode [ 296.700939][ T9040] hsr_slave_0: entered allmulticast mode [ 296.710571][ T9040] hsr_slave_1: entered allmulticast mode [ 296.788440][ T8780] veth0_vlan: entered promiscuous mode [ 296.847834][ T8786] veth0_macvtap: entered promiscuous mode [ 296.861460][ T8780] veth1_vlan: entered promiscuous mode [ 296.885941][ T8786] veth1_macvtap: entered promiscuous mode [ 296.907944][ T6193] udevd[6193]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 296.984511][ T8780] veth0_macvtap: entered promiscuous mode [ 297.008960][ T8786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 297.025750][ T8786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 297.042580][ T8786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 297.172012][ T8786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 297.201831][ T8786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 297.235601][ T8786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 297.262146][ T8786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 297.272727][ T8786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 297.302659][ T8786] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 297.402783][ T8780] veth1_macvtap: entered promiscuous mode [ 297.453641][ T8786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 297.556988][ T8786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 297.613538][ T8786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 297.724071][ T9064] netlink: 12 bytes leftover after parsing attributes in process `syz.4.950'. [ 297.747420][ T8786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 297.953186][ T8786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 298.166428][ T8786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 298.196614][ T8786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 298.216385][ T8786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 298.233789][ T9065] netlink: 8 bytes leftover after parsing attributes in process `syz.0.951'. [ 298.235686][ T8786] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 298.323071][ T8780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 298.369530][ T8780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 298.393646][ T8780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 298.414524][ T8780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 298.429325][ T8780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 298.441971][ T8780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 298.452367][ T8780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 298.467353][ T8780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 298.496292][ T8780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 298.516393][ T8780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 298.526398][ T5272] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 298.545309][ T8780] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 298.593801][ T8786] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 298.619071][ T8786] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 298.638283][ T8786] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 298.655341][ T8786] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 298.706401][ T5272] usb 1-1: Using ep0 maxpacket: 16 [ 298.732463][ T5272] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 298.765674][ T8780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 298.766944][ T5272] usb 1-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 298.794184][ T5272] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 298.813389][ T9086] ALSA: seq fatal error: cannot create timer (-22) [ 298.827428][ T8780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 298.840851][ T5272] usb 1-1: config 0 descriptor?? [ 298.845635][ T8780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 298.870462][ T8780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 298.883170][ T8780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 298.899279][ T8780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 298.916012][ T8780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 298.929598][ T8780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 298.942400][ T8780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 298.953425][ T8780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 298.989638][ T8780] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 299.073690][ T8780] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 299.117630][ T8780] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 299.146851][ T8780] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 299.166306][ T8780] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 299.197177][ T9097] netlink: 28 bytes leftover after parsing attributes in process `syz.4.958'. [ 299.284559][ T9065] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 299.312697][ T9065] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 299.348225][ T5272] hid (null): unknown global tag 0x83 [ 299.377911][ T2955] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 299.380479][ T5272] hid (null): unknown global tag 0xc [ 299.416483][ T2955] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 299.424055][ T5272] hid-generic 0003:0158:0100.0013: unknown main item tag 0x1 [ 299.448652][ T5272] hid-generic 0003:0158:0100.0013: unexpected long global item [ 299.474923][ T5272] hid-generic 0003:0158:0100.0013: probe with driver hid-generic failed with error -22 [ 299.518029][ T2955] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 299.527703][ T2955] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 299.612964][ T7391] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 299.667477][ T7391] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 299.733469][ T9065] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 299.769504][ T9065] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 299.803509][ T5270] usb 1-1: USB disconnect, device number 20 [ 299.811050][ T2955] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 299.843144][ T2955] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 300.451311][ T7391] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 300.620625][ T9129] Invalid ELF section name index: 0 || e_shstrndx (0) >= e_shnum (0) [ 300.682577][ T7391] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 300.892123][ T7391] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 301.064283][ T7391] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 301.488812][ T7391] bridge_slave_1: left allmulticast mode [ 301.524640][ T5269] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 301.545549][ T7391] bridge_slave_1: left promiscuous mode [ 301.638413][ T7391] bridge0: port 2(bridge_slave_1) entered disabled state [ 302.370745][ T7391] bridge_slave_0: left allmulticast mode [ 302.390604][ T7391] bridge_slave_0: left promiscuous mode [ 302.396646][ T5269] usb 3-1: Using ep0 maxpacket: 16 [ 302.453709][ T5269] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 302.460388][ T7391] bridge0: port 1(bridge_slave_0) entered disabled state [ 302.465175][ T5230] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 302.480991][ T5269] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 302.488484][ T5230] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 302.491254][ T5269] usb 3-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00 [ 302.500443][ T5230] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 302.516665][ T5230] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 302.525491][ T5230] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 302.533429][ T5230] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 302.564383][ T5269] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 302.699400][ T5269] usb 3-1: config 0 descriptor?? [ 303.184131][ T5269] playstation 0003:054C:05C4.0014: hidraw0: USB HID v0.00 Device [HID 054c:05c4] on usb-dummy_hcd.2-1/input0 [ 303.379653][ T5269] playstation 0003:054C:05C4.0014: Invalid byte count transferred, expected 16 got 0 [ 303.408930][ T5269] playstation 0003:054C:05C4.0014: Failed to retrieve DualShock4 pairing info: -22 [ 303.430631][ T5269] playstation 0003:054C:05C4.0014: Failed to get MAC address from DualShock4 [ 303.439793][ T5269] playstation 0003:054C:05C4.0014: Failed to create dualshock4. [ 303.455578][ T5269] playstation 0003:054C:05C4.0014: probe with driver playstation failed with error -22 [ 303.673041][ T1167] usb 3-1: USB disconnect, device number 12 [ 303.754016][ T9215] Invalid ELF section name index: 0 || e_shstrndx (0) >= e_shnum (0) [ 303.769360][ T7391] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 303.793077][ T7391] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 303.819650][ T7391] bond0 (unregistering): Released all slaves [ 303.892596][ T9187] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 304.344736][ T7391] hsr_slave_0: left promiscuous mode [ 304.360990][ T7391] hsr_slave_1: left promiscuous mode [ 304.374175][ T7391] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 304.392555][ T7391] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 304.441903][ T7391] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 304.457597][ T7391] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 304.533068][ T7391] veth1_macvtap: left promiscuous mode [ 304.556634][ T7391] veth0_macvtap: left promiscuous mode [ 304.574496][ T7391] veth1_vlan: left promiscuous mode [ 304.580244][ T5230] Bluetooth: hci5: command tx timeout [ 304.594890][ T7391] veth0_vlan: left promiscuous mode [ 304.766450][ T9242] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 304.840497][ T9243] ALSA: seq fatal error: cannot create timer (-22) [ 305.672797][ T9252] program syz.3.987 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 305.963412][ T9259] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 306.696560][ T5230] Bluetooth: hci5: command tx timeout [ 307.176585][ T25] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 307.366424][ T25] usb 4-1: Using ep0 maxpacket: 16 [ 307.372315][ T7391] team0 (unregistering): Port device team_slave_1 removed [ 307.380245][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 307.380280][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 307.380325][ T25] usb 4-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00 [ 307.380349][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 307.382565][ T25] usb 4-1: config 0 descriptor?? [ 307.554833][ T7391] team0 (unregistering): Port device team_slave_0 removed [ 307.893891][ T25] playstation 0003:054C:05C4.0015: hidraw0: USB HID v0.00 Device [HID 054c:05c4] on usb-dummy_hcd.3-1/input0 [ 308.086385][ T25] playstation 0003:054C:05C4.0015: Invalid byte count transferred, expected 16 got 0 [ 308.105173][ T25] playstation 0003:054C:05C4.0015: Failed to retrieve DualShock4 pairing info: -22 [ 308.117044][ T25] playstation 0003:054C:05C4.0015: Failed to get MAC address from DualShock4 [ 308.125993][ T25] playstation 0003:054C:05C4.0015: Failed to create dualshock4. [ 308.164436][ T25] playstation 0003:054C:05C4.0015: probe with driver playstation failed with error -22 [ 308.301871][ T9266] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 308.428642][ T8] usb 4-1: USB disconnect, device number 11 [ 308.527060][ T29] audit: type=1326 audit(2000000027.799:334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9284 comm="syz.4.999" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f18abd77299 code=0x0 [ 308.619100][ T9169] chnl_net:caif_netlink_parms(): no params data found [ 308.736455][ T5230] Bluetooth: hci5: command tx timeout [ 308.994684][ T9169] bridge0: port 1(bridge_slave_0) entered blocking state [ 309.032878][ T9169] bridge0: port 1(bridge_slave_0) entered disabled state [ 309.067798][ T9169] bridge_slave_0: entered allmulticast mode [ 309.098930][ T9169] bridge_slave_0: entered promiscuous mode [ 309.144635][ T9169] bridge0: port 2(bridge_slave_1) entered blocking state [ 309.159184][ T9169] bridge0: port 2(bridge_slave_1) entered disabled state [ 309.171495][ T9169] bridge_slave_1: entered allmulticast mode [ 309.181639][ T9169] bridge_slave_1: entered promiscuous mode [ 309.355610][ T9169] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 309.394739][ T9169] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 310.494989][ T9327] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1005'. [ 310.556772][ T9169] team0: Port device team_slave_0 added [ 310.580162][ T9169] team0: Port device team_slave_1 added [ 310.619166][ T9311] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1001'. [ 310.654293][ T9311] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 310.672418][ T9311] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 310.746600][ T9169] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 310.763978][ T9169] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 310.811683][ T9169] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 310.816438][ T5230] Bluetooth: hci5: command tx timeout [ 310.853910][ T9169] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 310.863310][ T9169] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 310.891251][ T9169] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 311.048803][ T9169] hsr_slave_0: entered promiscuous mode [ 311.388836][ T9169] hsr_slave_1: entered promiscuous mode [ 311.665904][ T9169] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 311.745852][ T9169] Cannot create hsr debugfs directory [ 311.868020][ T9348] Bluetooth: MGMT ver 1.23 [ 312.378924][ T9368] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1017'. [ 312.443052][ T9368] bridge0: port 3(macvlan2) entered blocking state [ 312.476396][ T9368] bridge0: port 3(macvlan2) entered disabled state [ 312.506678][ T9368] macvlan2: entered allmulticast mode [ 312.537786][ T9368] macvlan2: entered promiscuous mode [ 312.658167][ T9377] Invalid ELF section name index: 0 || e_shstrndx (0) >= e_shnum (0) [ 314.124201][ T9169] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 314.171446][ T9169] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 314.209782][ T9169] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 314.263945][ T9169] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 314.504631][ T9169] 8021q: adding VLAN 0 to HW filter on device bond0 [ 314.550538][ T9169] 8021q: adding VLAN 0 to HW filter on device team0 [ 314.595557][ T5272] bridge0: port 1(bridge_slave_0) entered blocking state [ 314.602800][ T5272] bridge0: port 1(bridge_slave_0) entered forwarding state [ 314.653376][ T1167] bridge0: port 2(bridge_slave_1) entered blocking state [ 314.660606][ T1167] bridge0: port 2(bridge_slave_1) entered forwarding state [ 314.817253][ T9429] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1030'. [ 314.865120][ T9430] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.1027'. [ 314.924700][ T9427] netlink: 'syz.0.1031': attribute type 10 has an invalid length. [ 314.988018][ T9435] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1031'. [ 315.003204][ T9430] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 315.054814][ T9430] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 315.057591][ T9438] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 315.337989][ T1167] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 315.417491][ T9169] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 315.526365][ T1167] usb 1-1: Using ep0 maxpacket: 8 [ 315.549014][ T1167] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 315.581946][ T9169] veth0_vlan: entered promiscuous mode [ 315.606725][ T1167] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 315.629765][ T1167] usb 1-1: config 1 has no interface number 1 [ 315.641730][ T9169] veth1_vlan: entered promiscuous mode [ 315.648229][ T1167] usb 1-1: too many endpoints for config 1 interface 2 altsetting 220: 113, using maximum allowed: 30 [ 315.669086][ T1167] usb 1-1: config 1 interface 2 altsetting 220 has 0 endpoint descriptors, different from the interface descriptor's value: 113 [ 315.729146][ T9169] veth0_macvtap: entered promiscuous mode [ 315.741435][ T1167] usb 1-1: config 1 interface 2 has no altsetting 0 [ 315.762134][ T1167] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 315.774844][ T9169] veth1_macvtap: entered promiscuous mode [ 315.798530][ T1167] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 315.824064][ T9463] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1037'. [ 315.833328][ T9463] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1037'. [ 315.873029][ T1167] usb 1-1: Product: 쑿퉈à¨ì‘» [ 315.949783][ T1167] usb 1-1: Manufacturer: Ñ„ [ 315.957475][ T1167] usb 1-1: SerialNumber: syz [ 316.748159][ T9169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 316.805042][ T9169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 316.835700][ T9169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 316.851906][ T9169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 316.862825][ T9169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 316.886465][ T1167] usb 1-1: USB disconnect, device number 21 [ 316.891925][ T9169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 316.894857][ T9473] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1038'. [ 316.922086][ T9169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 316.981808][ T9169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 317.024184][ T9169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 317.040215][ T9169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 317.054775][ T9169] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 317.206465][ T9473] bridge0: port 2(bridge_slave_1) entered disabled state [ 317.215632][ T9473] bridge0: port 1(bridge_slave_0) entered disabled state [ 317.248645][ T6193] udevd[6193]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 317.399339][ T9473] bridge0: port 2(bridge_slave_1) entered blocking state [ 317.406674][ T9473] bridge0: port 2(bridge_slave_1) entered forwarding state [ 317.414932][ T9473] bridge0: port 1(bridge_slave_0) entered blocking state [ 317.422604][ T9473] bridge0: port 1(bridge_slave_0) entered forwarding state [ 317.461012][ T1265] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.467559][ T1265] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.509731][ T9473] team0: Port device bridge0 added [ 317.554043][ T9169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 317.599259][ T9169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 317.609357][ T9169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 317.622337][ T9169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 317.632443][ T9169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 317.643209][ T9169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 317.673792][ T9169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 317.698442][ T9169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 317.714624][ T9169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 317.732262][ T9169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 317.754049][ T9169] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 317.813396][ T9169] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 317.863374][ T9169] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 317.904424][ T9169] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 317.933849][ T9169] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 317.961174][ T9489] sctp: [Deprecated]: syz.2.1042 (pid 9489) Use of int in max_burst socket option deprecated. [ 317.961174][ T9489] Use struct sctp_assoc_value instead [ 318.187053][ T7384] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 318.235096][ T7384] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 318.283715][ T7384] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 318.312534][ T7384] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 319.258799][ T9522] netlink: 'syz.2.1047': attribute type 4 has an invalid length. [ 319.332511][ T9527] netlink: 'syz.2.1047': attribute type 4 has an invalid length. [ 320.668601][ T9535] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 320.697874][ T2467] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 320.825135][ T2467] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 321.031923][ T2467] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 321.103686][ T2467] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 321.219336][ T2467] bridge_slave_1: left allmulticast mode [ 321.225154][ T2467] bridge_slave_1: left promiscuous mode [ 321.231929][ T2467] bridge0: port 2(bridge_slave_1) entered disabled state [ 321.241725][ T2467] bridge_slave_0: left allmulticast mode [ 321.247829][ T2467] bridge_slave_0: left promiscuous mode [ 321.253504][ T2467] bridge0: port 1(bridge_slave_0) entered disabled state [ 322.562161][ T5221] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 322.583313][ T5221] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 322.597614][ T5221] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 322.625709][ T5221] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 322.633598][ T5221] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 322.648133][ T5221] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 322.661684][ T2467] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 322.694275][ T2467] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 322.712795][ T2467] bond0 (unregistering): Released all slaves [ 322.805826][ T9570] sctp: [Deprecated]: syz.0.1058 (pid 9570) Use of int in max_burst socket option deprecated. [ 322.805826][ T9570] Use struct sctp_assoc_value instead [ 323.621522][ T9588] REISERFS warning (device nullb0): super-6502 reiserfs_getopt: unknown mount option "l~^[ MˆaJ©Æ·§‰…c‘×-*£\ynSŸ¥nºYefÓNìoã´X+“%´ç+¥BO" [ 324.736780][ T5230] Bluetooth: hci5: command tx timeout [ 324.792902][ T9613] 9pnet_fd: Insufficient options for proto=fd [ 324.810607][ T9613] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1066'. [ 324.910125][ T9611] misc userio: Invalid payload size [ 324.985315][ T9611] sg_write: data in/out 155/14 bytes for SCSI command 0x0-- guessing data in; [ 324.985315][ T9611] program syz.0.1065 not setting count and/or reply_len properly [ 325.039875][ T2467] hsr_slave_0: left promiscuous mode [ 325.053116][ T2467] hsr_slave_1: left promiscuous mode [ 325.072959][ T2467] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 325.090625][ T2467] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 325.100796][ T2467] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 325.114952][ T2467] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 325.145117][ T2467] veth1_macvtap: left promiscuous mode [ 325.152084][ T2467] veth0_macvtap: left promiscuous mode [ 325.158316][ T2467] veth1_vlan: left promiscuous mode [ 325.163799][ T2467] veth0_vlan: left promiscuous mode [ 325.341639][ T25] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 325.539329][ T25] usb 3-1: Using ep0 maxpacket: 32 [ 325.561125][ T25] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 325.587034][ T25] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 325.598605][ T25] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 325.614917][ T25] usb 3-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 325.624127][ T25] usb 3-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 325.632725][ T25] usb 3-1: Product: syz [ 325.637036][ T25] usb 3-1: Manufacturer: syz [ 325.641699][ T25] usb 3-1: SerialNumber: syz [ 326.147495][ T25] input: appletouch as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input33 [ 326.326907][ T25] usb 3-1: USB disconnect, device number 13 [ 326.355995][ T25] appletouch 3-1:1.0: input: appletouch disconnected [ 326.523648][ T2467] team0 (unregistering): Port device team_slave_1 removed [ 326.564735][ T2467] team0 (unregistering): Port device team_slave_0 removed [ 326.819776][ T5230] Bluetooth: hci5: command tx timeout [ 326.942633][ T9632] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1071'. [ 327.075368][ T9635] syz.2.1071: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz2,mems_allowed=0-1 [ 327.075996][ T9635] CPU: 1 UID: 0 PID: 9635 Comm: syz.2.1071 Not tainted 6.10.0-syzkaller-12710-g3a7e02c040b1 #0 [ 327.076026][ T9635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 327.076047][ T9635] Call Trace: [ 327.076056][ T9635] [ 327.076067][ T9635] dump_stack_lvl+0x241/0x360 [ 327.076110][ T9635] ? __pfx_dump_stack_lvl+0x10/0x10 [ 327.076134][ T9635] ? __pfx__printk+0x10/0x10 [ 327.076163][ T9635] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 327.076187][ T9635] ? cpuset_print_current_mems_allowed+0x31e/0x350 [ 327.076217][ T9635] warn_alloc+0x278/0x410 [ 327.076240][ T9635] ? stack_depot_save_flags+0x29/0x830 [ 327.076268][ T9635] ? __vmalloc_node_range_noprof+0x10b/0x1460 [ 327.076294][ T9635] ? __pfx_warn_alloc+0x10/0x10 [ 327.076318][ T9635] ? kasan_save_track+0x3f/0x80 [ 327.076338][ T9635] ? __kasan_kmalloc+0x98/0xb0 [ 327.076360][ T9635] ? xsk_setsockopt+0x598/0x950 [ 327.076377][ T9635] ? do_sock_setsockopt+0x3af/0x720 [ 327.076401][ T9635] ? __sys_setsockopt+0x1ae/0x250 [ 327.076425][ T9635] ? __x64_sys_setsockopt+0xb5/0xd0 [ 327.076448][ T9635] ? do_syscall_64+0xf3/0x230 [ 327.076467][ T9635] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 327.076499][ T9635] __vmalloc_node_range_noprof+0x130/0x1460 [ 327.076556][ T9635] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 327.076589][ T9635] ? __kasan_kmalloc+0x98/0xb0 [ 327.076609][ T9635] ? xskq_create+0x54/0x170 [ 327.076635][ T9635] vmalloc_user_noprof+0x74/0x80 [ 327.076660][ T9635] ? xskq_create+0xb6/0x170 [ 327.076679][ T9635] xskq_create+0xb6/0x170 [ 327.076702][ T9635] xsk_init_queue+0xa1/0x100 [ 327.076726][ T9635] xsk_setsockopt+0x598/0x950 [ 327.076750][ T9635] ? __pfx_xsk_setsockopt+0x10/0x10 [ 327.076774][ T9635] ? __pfx_lock_acquire+0x10/0x10 [ 327.076801][ T9635] ? __fget_files+0x29/0x470 [ 327.076824][ T9635] ? __pfx_lock_release+0x10/0x10 [ 327.076847][ T9635] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 327.076871][ T9635] ? security_socket_setsockopt+0x87/0xb0 [ 327.076895][ T9635] ? __pfx_xsk_setsockopt+0x10/0x10 [ 327.076914][ T9635] do_sock_setsockopt+0x3af/0x720 [ 327.076948][ T9635] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 327.076974][ T9635] ? __fget_files+0x29/0x470 [ 327.076997][ T9635] ? __fget_files+0x3f6/0x470 [ 327.077032][ T9635] __sys_setsockopt+0x1ae/0x250 [ 327.077070][ T9635] __x64_sys_setsockopt+0xb5/0xd0 [ 327.077100][ T9635] do_syscall_64+0xf3/0x230 [ 327.077123][ T9635] ? clear_bhb_loop+0x35/0x90 [ 327.077151][ T9635] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 327.077180][ T9635] RIP: 0033:0x7f48e4777299 [ 327.077202][ T9635] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 327.077224][ T9635] RSP: 002b:00007f48e41ff048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 327.077247][ T9635] RAX: ffffffffffffffda RBX: 00007f48e4906130 RCX: 00007f48e4777299 [ 327.077262][ T9635] RDX: 0000000000000002 RSI: 000000000000011b RDI: 000000000000000a [ 327.077276][ T9635] RBP: 00007f48e47e48e6 R08: 0000000000000020 R09: 0000000000000000 [ 327.077289][ T9635] R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000000 [ 327.077302][ T9635] R13: 000000000000006e R14: 00007f48e4906130 R15: 00007ffdfb8dcb68 [ 327.077335][ T9635] [ 327.107677][ T9635] Mem-Info: [ 327.107695][ T9635] active_anon:271 inactive_anon:4468 isolated_anon:0 [ 327.107695][ T9635] active_file:4902 inactive_file:34956 isolated_file:0 [ 327.107695][ T9635] unevictable:768 dirty:479 writeback:0 [ 327.107695][ T9635] slab_reclaimable:9304 slab_unreclaimable:97797 [ 327.107695][ T9635] mapped:25303 shmem:1268 pagetables:862 [ 327.107695][ T9635] sec_pagetables:0 bounce:0 [ 327.107695][ T9635] kernel_misc_reclaimable:0 [ 327.107695][ T9635] free:1380954 free_pcp:493 free_cma:0 [ 327.107751][ T9635] Node 0 active_anon:1084kB inactive_anon:17872kB active_file:19428kB inactive_file:139824kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:101100kB dirty:1916kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10804kB pagetables:3448kB sec_pagetables:0kB all_unreclaimable? no [ 327.107805][ T9635] Node 1 active_anon:0kB inactive_anon:0kB active_file:180kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:112kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 327.107871][ T9635] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 327.107929][ T9635] lowmem_reserve[]: 0 2563 2565 0 0 [ 327.107977][ T9635] Node 0 DMA32 free:1558760kB boost:0kB min:35036kB low:43792kB high:52548kB reserved_highatomic:0KB active_anon:1080kB inactive_anon:17828kB active_file:17928kB inactive_file:139760kB unevictable:1536kB writepending:1916kB present:3129332kB managed:2653292kB mlocked:0kB bounce:0kB free_pcp:1952kB local_pcp:1516kB free_cma:0kB [ 327.108036][ T9635] lowmem_reserve[]: 0 0 1 0 0 [ 327.108079][ T9635] Node 0 Normal free:8kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB active_anon:4kB inactive_anon:44kB active_file:1500kB inactive_file:64kB unevictable:0kB writepending:0kB present:1048576kB managed:1640kB mlocked:0kB bounce:0kB free_pcp:20kB local_pcp:8kB free_cma:0kB [ 327.108133][ T9635] lowmem_reserve[]: 0 0 0 0 0 [ 327.108176][ T9635] Node 1 Normal free:3949688kB boost:0kB min:54844kB low:68552kB high:82260kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:180kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194304kB managed:4109120kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 327.108230][ T9635] lowmem_reserve[]: 0 0 0 0 0 [ 327.108271][ T9635] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 327.108500][ T9635] Node 0 DMA32: 71*4kB (U) 314*8kB (UME) 251*16kB (UME) 241*32kB (UME) 88*64kB (UME) 135*128kB (UME) 38*256kB (UME) 12*512kB (UME) 6*1024kB (UM) 4*2048kB (ME) 364*4096kB (UM) = 1558588kB [ 327.108696][ T9635] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 327.108822][ T9635] Node 1 Normal: 6*4kB (UM) 14*8kB (UM) 9*16kB (UM) 12*32kB (UM) 7*64kB (U) 3*128kB (UM) 3*256kB (U) 4*512kB (UM) 3*1024kB (U) 3*2048kB (U) 961*4096kB (M) = 3949784kB [ 327.109018][ T9635] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 327.109037][ T9635] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 327.109055][ T9635] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 327.109073][ T9635] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 327.109090][ T9635] 41126 total pagecache pages [ 327.109099][ T9635] 0 pages in swap cache [ 327.109109][ T9635] Free swap = 124396kB [ 327.109117][ T9635] Total swap = 124996kB [ 327.109127][ T9635] 2097051 pages RAM [ 327.109136][ T9635] 0 pages HighMem/MovableOnly [ 327.109144][ T9635] 402198 pages reserved [ 327.109152][ T9635] 0 pages cma reserved [ 327.421133][ T9566] chnl_net:caif_netlink_parms(): no params data found [ 327.889633][ T9566] bridge0: port 1(bridge_slave_0) entered blocking state [ 327.889735][ T9566] bridge0: port 1(bridge_slave_0) entered disabled state [ 327.889932][ T9566] bridge_slave_0: entered allmulticast mode [ 327.891344][ T9566] bridge_slave_0: entered promiscuous mode [ 327.894696][ T9566] bridge0: port 2(bridge_slave_1) entered blocking state [ 327.894792][ T9566] bridge0: port 2(bridge_slave_1) entered disabled state [ 327.894922][ T9566] bridge_slave_1: entered allmulticast mode [ 327.896171][ T9566] bridge_slave_1: entered promiscuous mode [ 328.235635][ T9673] 9pnet_fd: Insufficient options for proto=fd [ 328.342041][ T9674] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1078'. [ 328.619023][ T9566] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 328.683984][ T9566] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 328.865980][ T9566] team0: Port device team_slave_0 added [ 328.932385][ T5230] Bluetooth: hci5: command tx timeout [ 328.935969][ T9566] team0: Port device team_slave_1 added [ 329.082007][ T9689] usb usb8: check_ctrlrecip: process 9689 (syz.2.1081) requesting ep 01 but needs 81 [ 329.091669][ T9689] usb usb8: usbfs: process 9689 (syz.2.1081) did not claim interface 0 before use [ 329.588133][ T9691] Bluetooth: MGMT ver 1.23 [ 329.666536][ T9566] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 329.702480][ T9566] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 329.770101][ T9566] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 330.268578][ T9566] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 330.276564][ T9566] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 330.353172][ T9566] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 330.594640][ T9683] bridge2: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 330.631570][ T9566] hsr_slave_0: entered promiscuous mode [ 330.666824][ T9566] hsr_slave_1: entered promiscuous mode [ 330.689700][ T9566] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 330.709335][ T9566] Cannot create hsr debugfs directory [ 330.927139][ T9718] netlink: 248 bytes leftover after parsing attributes in process `syz.2.1089'. [ 330.983263][ T5230] Bluetooth: hci5: command tx timeout [ 331.520117][ T9730] 9pnet_fd: Insufficient options for proto=fd [ 331.601334][ T9730] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1093'. [ 332.143990][ T9746] usb usb8: check_ctrlrecip: process 9746 (syz.3.1095) requesting ep 01 but needs 81 [ 332.153658][ T9746] usb usb8: usbfs: process 9746 (syz.3.1095) did not claim interface 0 before use [ 333.438584][ T9759] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1100'. [ 333.532953][ T9757] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 333.701175][ T9566] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 333.740229][ T9566] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 333.792335][ T9566] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 333.828395][ T9566] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 335.191167][ T9786] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1110'. [ 335.211857][ T9787] IPVS: sync thread started: state = BACKUP, mcast_ifn = batadv0, syncid = 0, id = 0 [ 335.445628][ T9793] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1112'. [ 335.573782][ T9566] 8021q: adding VLAN 0 to HW filter on device bond0 [ 335.628323][ T9566] 8021q: adding VLAN 0 to HW filter on device team0 [ 335.683944][ T5273] bridge0: port 1(bridge_slave_0) entered blocking state [ 335.691126][ T5273] bridge0: port 1(bridge_slave_0) entered forwarding state [ 335.745496][ T5273] bridge0: port 2(bridge_slave_1) entered blocking state [ 335.752737][ T5273] bridge0: port 2(bridge_slave_1) entered forwarding state [ 335.946012][ T9566] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 336.612813][ T9566] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 336.785831][ T9566] veth0_vlan: entered promiscuous mode [ 336.825495][ T9566] veth1_vlan: entered promiscuous mode [ 336.937456][ T5273] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 336.948304][ T9566] veth0_macvtap: entered promiscuous mode [ 336.989208][ T9566] veth1_macvtap: entered promiscuous mode [ 337.090484][ T9566] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 337.104384][ T9566] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 337.142495][ T9566] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 337.166800][ T5273] usb 1-1: Using ep0 maxpacket: 8 [ 337.192863][ T5273] usb 1-1: New USB device found, idVendor=046d, idProduct=0900, bcdDevice=66.9e [ 337.222321][ T9566] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 337.227097][ T5273] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 337.266533][ T5273] usb 1-1: Product: syz [ 337.289697][ T5273] usb 1-1: Manufacturer: syz [ 337.304333][ T9566] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 337.327155][ T5273] usb 1-1: SerialNumber: syz [ 337.369396][ T9566] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 337.382549][ T5273] usb 1-1: config 0 descriptor?? [ 337.414120][ T9566] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 337.426707][ T5273] gspca_main: spca500-2.14.0 probing 046d:0900 [ 337.455257][ T9566] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 337.488595][ T9566] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 337.517154][ T9566] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 337.552530][ T9566] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 337.597806][ T9566] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 337.639436][ T9566] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 337.681333][ T9566] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 337.740432][ T9566] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 337.761909][ T9566] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 337.772993][ T9566] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 337.796559][ T9566] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 337.816413][ T9566] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 337.838140][ T9566] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 337.874807][ T9566] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 337.880579][ T9566] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 337.952176][ T9841] netlink: 'syz.2.1121': attribute type 4 has an invalid length. [ 338.034327][ T9842] netlink: 'syz.2.1121': attribute type 4 has an invalid length. [ 338.095224][ T5273] gspca_spca500: reg write: error -71 [ 338.105908][ T5273] gspca_spca500: reg write: error -71 [ 338.140018][ T5273] gspca_spca500: reg write: error -71 [ 338.160416][ T9566] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 338.185610][ T9566] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 338.204663][ T9566] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 338.233444][ T9566] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 338.250375][ T5273] gspca_spca500: reg write: error -71 [ 338.259633][ T5273] gspca_spca500: reg write: error -71 [ 338.265473][ T5273] gspca_spca500: reg write: error -71 [ 338.271628][ T5273] gspca_spca500: reg write: error -71 [ 338.277614][ T5273] gspca_spca500: reg write: error -71 [ 338.283925][ T5273] gspca_spca500: reg write: error -71 [ 338.290137][ T5273] gspca_spca500: reg write: error -71 [ 338.296273][ T5273] gspca_spca500: reg write: error -71 [ 338.302070][ T5273] gspca_spca500: reg write: error -71 [ 338.367828][ T5273] usb 1-1: USB disconnect, device number 22 [ 338.650990][ T9850] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1122'. [ 338.682053][ T2955] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 338.701166][ T9854] IPVS: sync thread started: state = BACKUP, mcast_ifn = batadv0, syncid = 0, id = 0 [ 338.742082][ T2955] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 338.843688][ T2955] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 338.884246][ T2955] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 340.417312][ T9896] ALSA: seq fatal error: cannot create timer (-22) [ 340.716434][ T5269] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 340.745835][ T9906] netlink: 'syz.3.1134': attribute type 4 has an invalid length. [ 340.773516][ T9908] netlink: 18 bytes leftover after parsing attributes in process `syz.2.1135'. [ 340.817414][ T9908] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1135'. [ 340.827600][ T9906] netlink: 'syz.3.1134': attribute type 4 has an invalid length. [ 340.892281][ T9908] xt_bpf: check failed: parse error [ 340.926609][ T5269] usb 1-1: Using ep0 maxpacket: 8 [ 340.937869][ T5269] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 340.958957][ T5269] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 340.992795][ T5269] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 341.003891][ T5269] usb 1-1: New USB device found, idVendor=05ac, idProduct=0217, bcdDevice=cf.dc [ 341.019371][ T5269] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 341.034677][ T5269] usb 1-1: config 0 descriptor?? [ 341.050875][ T5269] appletouch 1-1:0.0: Could not find int-in endpoint [ 341.064531][ T5269] appletouch 1-1:0.0: probe with driver appletouch failed with error -5 [ 341.075683][ T5269] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 341.198213][ T2978] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 341.278498][ T5349] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 342.120129][ T2978] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 342.166408][ T5349] usb 4-1: Using ep0 maxpacket: 8 [ 342.185569][ T5349] usb 4-1: New USB device found, idVendor=046d, idProduct=0900, bcdDevice=66.9e [ 342.208924][ T5349] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 342.222467][ T5349] usb 4-1: Product: syz [ 342.227619][ T5349] usb 4-1: Manufacturer: syz [ 342.232375][ T5349] usb 4-1: SerialNumber: syz [ 342.254324][ T5349] usb 4-1: config 0 descriptor?? [ 342.272517][ T2978] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 342.291965][ T5349] gspca_main: spca500-2.14.0 probing 046d:0900 [ 342.385771][ T2978] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 342.565624][ T2978] bridge_slave_1: left allmulticast mode [ 342.592279][ T2978] bridge_slave_1: left promiscuous mode [ 342.601367][ T2978] bridge0: port 2(bridge_slave_1) entered disabled state [ 342.613213][ T2978] bridge_slave_0: left allmulticast mode [ 342.619434][ T2978] bridge_slave_0: left promiscuous mode [ 342.625198][ T2978] bridge0: port 1(bridge_slave_0) entered disabled state [ 342.749280][ T9946] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1138'. [ 342.929607][ T5349] gspca_spca500: reg write: error -71 [ 342.942630][ T5349] gspca_spca500: reg write: error -71 [ 342.951434][ T5349] gspca_spca500: reg write: error -71 [ 342.962525][ T5349] gspca_spca500: reg write: error -71 [ 342.969797][ T5349] gspca_spca500: reg write: error -71 [ 342.975774][ T5349] gspca_spca500: reg write: error -71 [ 342.986197][ T5349] gspca_spca500: reg write: error -71 [ 342.992247][ T5349] gspca_spca500: reg write: error -71 [ 342.998813][ T5349] gspca_spca500: reg write: error -71 [ 343.004759][ T5349] gspca_spca500: reg write: error -71 [ 343.020317][ T5349] gspca_spca500: reg write: error -71 [ 343.027992][ T5349] gspca_spca500: reg write: error -71 [ 343.062720][ T5349] usb 4-1: USB disconnect, device number 12 [ 343.198548][ T5221] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 343.207740][ T5221] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 343.216641][ T5221] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 343.243535][ T5221] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 343.267865][ T5221] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 343.277683][ T5221] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 343.329455][ T5270] usb 1-1: USB disconnect, device number 23 [ 343.511933][ T2978] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 343.532826][ T2978] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 343.550882][ T2978] bond0 (unregistering): Released all slaves [ 343.611088][ T9945] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-": -EINTR [ 343.640806][ T9955] IPVS: sync thread started: state = BACKUP, mcast_ifn = batadv0, syncid = 0, id = 0 [ 343.760709][ T9954] block device autoloading is deprecated and will be removed. [ 343.771439][ T9954] syz.0.1140: attempt to access beyond end of device [ 343.771439][ T9954] md17: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 345.456403][ T5230] Bluetooth: hci5: command tx timeout [ 345.629761][ T2978] hsr_slave_0: left promiscuous mode [ 345.646967][ T2978] hsr_slave_1: left promiscuous mode [ 345.660866][ T2978] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 345.676552][ T2978] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 345.698745][ T2978] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 345.717460][ T2978] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 345.759128][ T9980] kvm: kvm [9979]: vcpu0, guest rIP: 0x20e Unhandled WRMSR(0xc1) = 0x800 [ 345.798205][ T2978] veth1_macvtap: left promiscuous mode [ 345.816785][ T2978] veth0_macvtap: left promiscuous mode [ 345.822469][ T2978] veth1_vlan: left promiscuous mode [ 345.846695][ T2978] veth0_vlan: left promiscuous mode [ 347.348635][T10022] netlink: 18 bytes leftover after parsing attributes in process `syz.0.1158'. [ 347.357904][T10022] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1158'. [ 347.471544][T10023] xt_bpf: check failed: parse error [ 347.536948][ T5230] Bluetooth: hci5: command tx timeout [ 348.179115][ T2978] team0 (unregistering): Port device team_slave_1 removed [ 348.214862][T10029] sctp: [Deprecated]: syz.3.1160 (pid 10029) Use of int in max_burst socket option deprecated. [ 348.214862][T10029] Use struct sctp_assoc_value instead [ 348.255043][ T2978] team0 (unregistering): Port device team_slave_0 removed [ 349.083166][ T9949] chnl_net:caif_netlink_parms(): no params data found [ 349.199544][T10037] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 349.616500][ T5230] Bluetooth: hci5: command tx timeout [ 350.062583][T10037] input: syz0 as /devices/virtual/input/input34 [ 350.574105][ T9949] bridge0: port 1(bridge_slave_0) entered blocking state [ 350.596772][ T9949] bridge0: port 1(bridge_slave_0) entered disabled state [ 350.604060][ T9949] bridge_slave_0: entered allmulticast mode [ 350.705492][ T9949] bridge_slave_0: entered promiscuous mode [ 350.783052][ T9949] bridge0: port 2(bridge_slave_1) entered blocking state [ 350.820096][ T9949] bridge0: port 2(bridge_slave_1) entered disabled state [ 350.971512][ T9949] bridge_slave_1: entered allmulticast mode [ 351.057498][ T9949] bridge_slave_1: entered promiscuous mode [ 351.718835][ T5230] Bluetooth: hci5: command tx timeout [ 351.902774][ T9949] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 351.952728][ T9949] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 352.239341][ T9949] team0: Port device team_slave_0 added [ 352.249770][ T9949] team0: Port device team_slave_1 added [ 352.736870][ T9949] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 352.775180][ T9949] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 352.809525][ T9949] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 352.837054][ T9949] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 352.854515][ T9949] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 352.887741][ T9949] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 353.127000][ T9949] hsr_slave_0: entered promiscuous mode [ 353.164866][ T9949] hsr_slave_1: entered promiscuous mode [ 353.205833][ T9949] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 353.230558][ T9949] Cannot create hsr debugfs directory [ 354.146532][T10121] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 354.238824][T10121] input: syz0 as /devices/virtual/input/input35 [ 355.041181][T10150] bridge0: port 3(vlan2) entered blocking state [ 355.066736][T10150] bridge0: port 3(vlan2) entered disabled state [ 355.085407][T10150] vlan2: entered allmulticast mode [ 355.104402][T10150] vlan2: left allmulticast mode [ 355.236341][ T5349] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 355.350125][T10155] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1189'. [ 355.469506][ T5349] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 355.554300][ T5349] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 355.592204][ T5349] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 355.618955][ T5349] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 355.648701][ T5349] usb 1-1: config 0 descriptor?? [ 355.956169][ T9949] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 356.036797][ T9949] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 356.170720][ T9949] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 356.410237][ T9949] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 356.573242][T10179] futex_wake_op: syz.4.1197 tries to shift op by -1; fix this program [ 357.132930][ T9949] 8021q: adding VLAN 0 to HW filter on device bond0 [ 357.286279][ T9949] 8021q: adding VLAN 0 to HW filter on device team0 [ 357.337364][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 357.344542][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 357.410859][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 357.418061][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 357.809202][ T5349] usbhid 1-1:0.0: can't add hid device: -71 [ 357.834243][ T5349] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 357.915812][ T5349] usb 1-1: USB disconnect, device number 24 [ 357.978706][T10213] sctp: [Deprecated]: syz.0.1204 (pid 10213) Use of int in max_burst socket option deprecated. [ 357.978706][T10213] Use struct sctp_assoc_value instead [ 358.939171][ T9949] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 359.269541][ T9949] veth0_vlan: entered promiscuous mode [ 359.288353][T10240] ALSA: seq fatal error: cannot create timer (-22) [ 359.387351][ T9949] veth1_vlan: entered promiscuous mode [ 359.479223][ T9949] veth0_macvtap: entered promiscuous mode [ 359.520289][ T9949] veth1_macvtap: entered promiscuous mode [ 359.565075][ T9949] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 359.586563][ T9949] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 359.596852][ T5270] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 359.618786][ T9949] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 359.630435][ T9949] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 359.665344][ T9949] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 359.690160][ T9949] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 359.704654][ T9949] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 359.725740][ T9949] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 359.746742][ T9949] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 359.767905][ T9949] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 359.790929][ T9949] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 359.818957][ T5270] usb 3-1: Using ep0 maxpacket: 8 [ 359.835004][ T5270] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 359.861664][ T9949] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 359.890500][ T5270] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 359.920948][ T9949] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 359.930960][ T9949] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 359.941674][ T9949] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 359.952199][ T9949] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 359.963092][ T9949] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 359.973426][ T9949] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 359.983433][ T5270] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 359.983916][ T9949] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 359.999250][ T5270] usb 3-1: New USB device found, idVendor=05ac, idProduct=0217, bcdDevice=cf.dc [ 360.186325][ T9949] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 360.228675][ T9949] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 360.277223][ T9949] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 360.380312][ T9949] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 360.434737][ T9949] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 360.434759][ T5270] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 360.436945][ T5270] usb 3-1: config 0 descriptor?? [ 360.467024][ T5270] appletouch 3-1:0.0: Could not find int-in endpoint [ 360.474008][ T9949] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 360.474124][ T5270] appletouch 3-1:0.0: probe with driver appletouch failed with error -5 [ 360.484836][ T5270] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 360.656702][ T9949] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 362.134450][T10282] xt_CT: You must specify a L4 protocol and not use inversions on it [ 362.376396][ T2978] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 363.733585][ T2978] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 363.794810][ T2978] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 363.827607][ T2978] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 363.876896][ T5231] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 364.097551][ T5231] usb 1-1: Using ep0 maxpacket: 32 [ 364.155685][T10292] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1219'. [ 364.198649][ T5231] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 364.221886][ T5231] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 364.234515][ T5231] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 364.250414][ T5231] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 364.292616][ T5231] hub 1-1:4.0: USB hub found [ 364.346904][ T5269] usb 3-1: USB disconnect, device number 14 [ 364.416630][T10292] syz.3.1219: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 364.416704][T10292] CPU: 1 UID: 0 PID: 10292 Comm: syz.3.1219 Not tainted 6.10.0-syzkaller-12710-g3a7e02c040b1 #0 [ 364.416729][T10292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 364.416741][T10292] Call Trace: [ 364.416750][T10292] [ 364.416758][T10292] dump_stack_lvl+0x241/0x360 [ 364.416789][T10292] ? __pfx_dump_stack_lvl+0x10/0x10 [ 364.416811][T10292] ? __pfx__printk+0x10/0x10 [ 364.416838][T10292] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 364.416858][T10292] ? cpuset_print_current_mems_allowed+0x31e/0x350 [ 364.416878][T10292] warn_alloc+0x278/0x410 [ 364.416898][T10292] ? stack_depot_save_flags+0x29/0x830 [ 364.416923][T10292] ? __vmalloc_node_range_noprof+0x10b/0x1460 [ 364.416945][T10292] ? __pfx_warn_alloc+0x10/0x10 [ 364.416964][T10292] ? kasan_save_track+0x3f/0x80 [ 364.416979][T10292] ? __kasan_kmalloc+0x98/0xb0 [ 364.416996][T10292] ? xsk_setsockopt+0x598/0x950 [ 364.417011][T10292] ? do_sock_setsockopt+0x3af/0x720 [ 364.417033][T10292] ? __sys_setsockopt+0x1ae/0x250 [ 364.417053][T10292] ? __x64_sys_setsockopt+0xb5/0xd0 [ 364.417073][T10292] ? do_syscall_64+0xf3/0x230 [ 364.417089][T10292] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 364.417127][T10292] __vmalloc_node_range_noprof+0x130/0x1460 [ 364.417176][T10292] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 364.417202][T10292] ? __kasan_kmalloc+0x98/0xb0 [ 364.417218][T10292] ? xskq_create+0x54/0x170 [ 364.417237][T10292] vmalloc_user_noprof+0x74/0x80 [ 364.417258][T10292] ? xskq_create+0xb6/0x170 [ 364.417296][T10292] xskq_create+0xb6/0x170 [ 364.417320][T10292] xsk_init_queue+0xa1/0x100 [ 364.417351][T10292] xsk_setsockopt+0x598/0x950 [ 364.417372][T10292] ? __pfx_xsk_setsockopt+0x10/0x10 [ 364.417393][T10292] ? __pfx_lock_acquire+0x10/0x10 [ 364.417416][T10292] ? __fget_files+0x29/0x470 [ 364.417434][T10292] ? __pfx_lock_release+0x10/0x10 [ 364.417456][T10292] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 364.417478][T10292] ? security_socket_setsockopt+0x87/0xb0 [ 364.417498][T10292] ? __pfx_xsk_setsockopt+0x10/0x10 [ 364.417515][T10292] do_sock_setsockopt+0x3af/0x720 [ 364.417543][T10292] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 364.417564][T10292] ? __fget_files+0x29/0x470 [ 364.417589][T10292] ? __fget_files+0x3f6/0x470 [ 364.417617][T10292] __sys_setsockopt+0x1ae/0x250 [ 364.417644][T10292] __x64_sys_setsockopt+0xb5/0xd0 [ 364.417670][T10292] do_syscall_64+0xf3/0x230 [ 364.417690][T10292] ? clear_bhb_loop+0x35/0x90 [ 364.417716][T10292] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 364.417736][T10292] RIP: 0033:0x7fb7bcb77299 [ 364.417753][T10292] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 364.417769][T10292] RSP: 002b:00007fb7bd926048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 364.417788][T10292] RAX: ffffffffffffffda RBX: 00007fb7bcd05f80 RCX: 00007fb7bcb77299 [ 364.417801][T10292] RDX: 0000000000000002 RSI: 000000000000011b RDI: 000000000000000a [ 364.417812][T10292] RBP: 00007fb7bcbe48e6 R08: 0000000000000020 R09: 0000000000000000 [ 364.417824][T10292] R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000000 [ 364.417836][T10292] R13: 000000000000000b R14: 00007fb7bcd05f80 R15: 00007ffe93d69ae8 [ 364.417862][T10292] [ 364.417871][T10292] Mem-Info: [ 364.417881][T10292] active_anon:237 inactive_anon:4699 isolated_anon:0 [ 364.417881][T10292] active_file:4934 inactive_file:34941 isolated_file:0 [ 364.417881][T10292] unevictable:768 dirty:383 writeback:0 [ 364.417881][T10292] slab_reclaimable:9218 slab_unreclaimable:98528 [ 364.417881][T10292] mapped:25292 shmem:1227 pagetables:804 [ 364.417881][T10292] sec_pagetables:0 bounce:0 [ 364.417881][T10292] kernel_misc_reclaimable:0 [ 364.417881][T10292] free:1379793 free_pcp:225 free_cma:0 [ 364.417930][T10292] Node 0 active_anon:948kB inactive_anon:18796kB active_file:19556kB inactive_file:139764kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:101116kB dirty:1528kB writeback:0kB shmem:3372kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10716kB pagetables:3216kB sec_pagetables:0kB all_unreclaimable? no [ 364.417982][T10292] Node 1 active_anon:0kB inactive_anon:0kB active_file:180kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:52kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 364.418030][T10292] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 364.418082][T10292] lowmem_reserve[]: 0 2563 2565 0 0 [ 364.418120][T10292] Node 0 DMA32 free:1554024kB boost:0kB min:35036kB low:43792kB high:52548kB reserved_highatomic:0KB active_anon:944kB inactive_anon:18752kB active_file:18056kB inactive_file:139700kB unevictable:1536kB writepending:1528kB present:3129332kB managed:2653292kB mlocked:0kB bounce:0kB free_pcp:880kB local_pcp:368kB free_cma:0kB [ 364.418175][T10292] lowmem_reserve[]: 0 0 1 0 0 [ 364.418215][T10292] Node 0 Normal free:8kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB active_anon:4kB inactive_anon:44kB active_file:1500kB inactive_file:64kB unevictable:0kB writepending:0kB present:1048576kB managed:1640kB mlocked:0kB bounce:0kB free_pcp:20kB local_pcp:12kB free_cma:0kB [ 364.418268][T10292] lowmem_reserve[]: 0 0 0 0 0 [ 364.418310][T10292] Node 1 Normal free:3949780kB boost:0kB min:54844kB low:68552kB high:82260kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:180kB inactive_file:0kB unevictable:1536kB writepending:4kB present:4194304kB managed:4109120kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 364.418364][T10292] lowmem_reserve[]: 0 0 0 0 0 [ 364.418406][T10292] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 364.418540][T10292] Node 0 DMA32: 419*4kB (UME) 433*8kB (UME) 286*16kB (UME) 223*32kB (UME) 123*64kB (UME) 105*128kB (UME) 43*256kB (UME) 17*512kB (UME) 7*1024kB (UME) 3*2048kB (ME) 362*4096kB (UM) = 1553940kB [ 364.418739][T10292] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 364.418868][T10292] Node 1 Normal: 5*4kB (UM) 14*8kB (UM) 9*16kB (UM) 12*32kB (UM) 7*64kB (U) 3*128kB (UM) 3*256kB (U) 4*512kB (UM) 3*1024kB (U) 3*2048kB (U) 961*4096kB (M) = 3949780kB [ 364.419063][T10292] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 364.419081][T10292] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 364.419099][T10292] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 364.419115][T10292] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 364.419132][T10292] 41104 total pagecache pages [ 364.419141][T10292] 0 pages in swap cache [ 364.419150][T10292] Free swap = 124600kB [ 364.419159][T10292] Total swap = 124996kB [ 364.419168][T10292] 2097051 pages RAM [ 364.419176][T10292] 0 pages HighMem/MovableOnly [ 364.419185][T10292] 402198 pages reserved [ 364.419193][T10292] 0 pages cma reserved [ 364.544372][ T5231] hub 1-1:4.0: config failed, can't read hub descriptor (err -22) [ 365.323631][ T5231] usb 1-1: USB disconnect, device number 25 [ 365.553578][ T7377] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 365.582334][T10308] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 365.645800][T10300] pim6reg1: entered allmulticast mode [ 365.658065][T10306] pim6reg1: entered promiscuous mode [ 365.694872][T10309] input: syz0 as /devices/virtual/input/input36 [ 365.786793][ T7377] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 365.937173][ T7377] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 366.021061][ T7377] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 366.212224][ T7377] bridge_slave_1: left allmulticast mode [ 366.226511][ T7377] bridge_slave_1: left promiscuous mode [ 366.232311][ T7377] bridge0: port 2(bridge_slave_1) entered disabled state [ 366.269696][ T7377] bridge_slave_0: left allmulticast mode [ 366.275436][ T7377] bridge_slave_0: left promiscuous mode [ 366.297319][ T7377] bridge0: port 1(bridge_slave_0) entered disabled state [ 367.278419][ T5221] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 367.303277][ T5221] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 367.317533][ T5221] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 367.326182][ T5221] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 367.338514][ T5221] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 367.347806][ T5221] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 367.786716][ T7377] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 368.033795][ T7377] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 368.078943][ T7377] bond0 (unregistering): Released all slaves [ 369.144599][ T7377] hsr_slave_0: left promiscuous mode [ 369.165626][ T7377] hsr_slave_1: left promiscuous mode [ 369.225367][ T7377] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 369.250658][ T7377] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 369.274808][ T7377] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 369.308606][ T7377] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 369.376462][ T5221] Bluetooth: hci5: command tx timeout [ 369.429246][ T7377] veth1_macvtap: left promiscuous mode [ 369.463070][ T7377] veth0_macvtap: left promiscuous mode [ 369.482727][ T7377] veth1_vlan: left promiscuous mode [ 369.488270][ T7377] veth0_vlan: left promiscuous mode [ 369.834513][T10386] syz.2.1236: attempt to access beyond end of device [ 369.834513][T10386] md17: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 370.220158][T10405] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1240'. [ 371.079911][ T7377] team0 (unregistering): Port device team_slave_1 removed [ 371.144365][ T7377] team0 (unregistering): Port device team_slave_0 removed [ 371.456496][ T5221] Bluetooth: hci5: command tx timeout [ 372.038355][T10343] chnl_net:caif_netlink_parms(): no params data found [ 372.848997][T10343] bridge0: port 1(bridge_slave_0) entered blocking state [ 372.864553][T10343] bridge0: port 1(bridge_slave_0) entered disabled state [ 372.912375][T10343] bridge_slave_0: entered allmulticast mode [ 372.957902][T10343] bridge_slave_0: entered promiscuous mode [ 372.989304][T10343] bridge0: port 2(bridge_slave_1) entered blocking state [ 373.035874][T10343] bridge0: port 2(bridge_slave_1) entered disabled state [ 373.046731][T10343] bridge_slave_1: entered allmulticast mode [ 373.073358][T10343] bridge_slave_1: entered promiscuous mode [ 373.298232][T10343] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 373.536418][ T5221] Bluetooth: hci5: command tx timeout [ 373.947917][T10343] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 374.865267][T10469] sctp: [Deprecated]: syz.3.1252 (pid 10469) Use of int in max_burst socket option deprecated. [ 374.865267][T10469] Use struct sctp_assoc_value instead [ 375.275441][T10475] overlay: Unknown parameter 'obj_role' [ 375.616722][ T5221] Bluetooth: hci5: command tx timeout [ 375.630909][T10484] syz.4.1254: attempt to access beyond end of device [ 375.630909][T10484] md17: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 375.651266][T10343] team0: Port device team_slave_0 added [ 375.764352][T10343] team0: Port device team_slave_1 added [ 375.984007][T10343] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 376.001248][T10343] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 376.053776][T10343] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 376.076978][T10343] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 376.085175][T10343] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 376.114944][T10343] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 376.288561][T10343] hsr_slave_0: entered promiscuous mode [ 376.316927][T10343] hsr_slave_1: entered promiscuous mode [ 376.338669][T10343] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 376.369794][T10343] Cannot create hsr debugfs directory [ 376.742406][T10503] futex_wake_op: syz.3.1259 tries to shift op by -1; fix this program [ 378.898272][ T1265] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.904737][ T1265] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.561231][T10531] netlink: 300 bytes leftover after parsing attributes in process `syz.3.1264'. [ 379.833730][T10537] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1266'. [ 380.263858][T10343] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 380.308079][T10343] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 380.322461][T10343] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 380.348207][T10343] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 380.542901][T10343] 8021q: adding VLAN 0 to HW filter on device bond0 [ 380.632038][T10343] 8021q: adding VLAN 0 to HW filter on device team0 [ 380.979607][ T5270] bridge0: port 1(bridge_slave_0) entered blocking state [ 380.986900][ T5270] bridge0: port 1(bridge_slave_0) entered forwarding state [ 381.055129][ T5273] bridge0: port 2(bridge_slave_1) entered blocking state [ 381.062398][ T5273] bridge0: port 2(bridge_slave_1) entered forwarding state [ 381.998381][T10343] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 382.091117][T10343] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 383.019347][T10609] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1282'. [ 383.123413][T10343] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 383.229948][T10620] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1284'. [ 383.271620][T10620] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1284'. [ 383.318817][T10343] veth0_vlan: entered promiscuous mode [ 383.382062][T10343] veth1_vlan: entered promiscuous mode [ 383.475706][T10343] veth0_macvtap: entered promiscuous mode [ 383.514654][T10343] veth1_macvtap: entered promiscuous mode [ 383.565105][T10343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 383.593135][T10343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 383.613447][T10343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 383.644200][T10343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 383.671648][T10343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 383.704020][T10343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 383.732966][T10343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 383.752802][T10343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 383.766436][T10343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 383.777265][T10343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 383.802972][T10343] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 383.816677][ T25] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 383.848594][T10343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 384.072331][T10343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 384.077471][ T25] usb 4-1: Using ep0 maxpacket: 16 [ 384.119307][T10343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 384.127342][ T25] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 384.168534][T10343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 384.181490][ T25] usb 4-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 384.191082][T10343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 384.202296][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 384.211089][T10343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 384.252766][ T25] usb 4-1: config 0 descriptor?? [ 384.289364][ T25] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 384.367432][T10343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 384.524395][T10343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 384.586283][T10343] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 384.636645][T10343] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 384.662761][T10343] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 384.741366][T10343] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 384.763751][ T25] usb 4-1: USB disconnect, device number 13 [ 384.776536][T10343] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 384.799653][T10343] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 384.830225][T10343] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 385.702958][ T2990] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 385.755702][ T2990] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 385.902006][ T2990] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 385.935040][ T2990] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 386.601994][ T5273] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 387.196633][ T5273] usb 4-1: Using ep0 maxpacket: 16 [ 387.404527][ T5273] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 387.594921][ T5273] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 387.814554][ T5273] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 388.203225][ T5273] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 388.539738][ T5273] usb 4-1: config 0 descriptor?? [ 388.611381][T10699] overlay: Unknown parameter 'obj_role' [ 389.913820][T10714] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 389.986936][ T5272] usb 4-1: USB disconnect, device number 14 [ 390.004498][T10716] sctp: [Deprecated]: syz.2.1307 (pid 10716) Use of int in max_burst socket option deprecated. [ 390.004498][T10716] Use struct sctp_assoc_value instead [ 390.049857][T10714] input: syz0 as /devices/virtual/input/input37 [ 390.096059][ T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 390.347862][ T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 390.630731][ T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 390.757919][ T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 391.081705][ T12] bridge_slave_1: left allmulticast mode [ 391.110577][ T12] bridge_slave_1: left promiscuous mode [ 391.150102][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 391.200481][ T12] bridge_slave_0: left allmulticast mode [ 391.206140][ T12] bridge_slave_0: left promiscuous mode [ 391.246477][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 393.022539][ T5230] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 393.067849][ T5230] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 393.139704][ T5230] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 393.170075][ T5230] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 393.179508][T10786] overlay: Unknown parameter 'obj_role' [ 393.186900][T10788] netlink: 15 bytes leftover after parsing attributes in process `syz.0.1319'. [ 393.198352][ T5230] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 393.220017][ T5230] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 394.126975][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 394.164817][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 394.185398][ T12] bond0 (unregistering): Released all slaves [ 394.220707][T10798] vlan2: entered promiscuous mode [ 394.230790][T10798] batadv0: entered promiscuous mode [ 394.395088][T10798] team0: Port device vlan2 added [ 394.984902][ T12] hsr_slave_0: left promiscuous mode [ 395.074625][ T12] hsr_slave_1: left promiscuous mode [ 395.110481][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 395.160020][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 395.217878][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 395.249523][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 395.306569][ T5221] Bluetooth: hci5: command tx timeout [ 395.347422][T10842] netlink: 15 bytes leftover after parsing attributes in process `syz.3.1331'. [ 395.357133][ T12] veth1_macvtap: left promiscuous mode [ 395.362706][ T12] veth0_macvtap: left promiscuous mode [ 395.390017][ T12] veth1_vlan: left promiscuous mode [ 395.415916][ T12] veth0_vlan: left promiscuous mode [ 396.559164][ T12] team0 (unregistering): Port device team_slave_1 removed [ 396.632247][ T12] team0 (unregistering): Port device team_slave_0 removed [ 396.653549][ C0] eth0: bad gso: type: 1, size: 1408 [ 397.216857][T10856] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1334'. [ 397.376338][ T5221] Bluetooth: hci5: command tx timeout [ 397.595773][T10864] vlan2: entered promiscuous mode [ 397.633568][T10864] batadv0: entered promiscuous mode [ 397.836983][T10864] team0: Port device vlan2 added [ 398.711368][T10885] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.1339'. [ 399.078796][T10781] chnl_net:caif_netlink_parms(): no params data found [ 399.661252][ T5221] Bluetooth: hci5: command tx timeout [ 401.384682][T10781] bridge0: port 1(bridge_slave_0) entered blocking state [ 401.399273][T10781] bridge0: port 1(bridge_slave_0) entered disabled state [ 401.407125][T10781] bridge_slave_0: entered allmulticast mode [ 401.414414][T10781] bridge_slave_0: entered promiscuous mode [ 401.504096][T10781] bridge0: port 2(bridge_slave_1) entered blocking state [ 401.527181][T10922] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 401.533789][T10781] bridge0: port 2(bridge_slave_1) entered disabled state [ 401.616468][T10781] bridge_slave_1: entered allmulticast mode [ 401.623828][T10781] bridge_slave_1: entered promiscuous mode [ 401.633871][T10922] input: syz0 as /devices/virtual/input/input38 [ 401.823598][ T5221] Bluetooth: hci5: command tx timeout [ 404.086130][T10781] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 404.135628][T10781] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 404.383129][T10781] team0: Port device team_slave_0 added [ 404.426596][T10940] program syz.2.1354 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 404.445098][T10781] team0: Port device team_slave_1 added [ 405.637907][T10781] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 405.942057][T10781] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 406.389677][T10781] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 406.486577][T10781] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 406.493526][T10781] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 406.546095][T10781] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 406.684228][ C0] eth0: bad gso: type: 1, size: 1408 [ 406.737092][T10781] hsr_slave_0: entered promiscuous mode [ 406.756957][T10781] hsr_slave_1: entered promiscuous mode [ 406.787066][T10781] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 406.794764][T10781] Cannot create hsr debugfs directory [ 406.815141][ T29] audit: type=1400 audit(2000000531.300:335): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="trusted.overlay.redirect" requested=w pid=10976 comm="syz.0.1364" [ 406.871406][T10979] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1365'. [ 406.987267][ T5270] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 407.186425][ T5270] usb 4-1: Using ep0 maxpacket: 32 [ 407.195345][ T5270] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 36 [ 407.263569][ T5270] usb 4-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 407.287880][ T5270] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 407.305580][ T5270] usb 4-1: Product: syz [ 407.310849][T10993] wg1: entered promiscuous mode [ 407.314031][ T5270] usb 4-1: Manufacturer: syz [ 407.325697][ T5270] usb 4-1: SerialNumber: syz [ 407.352265][ T5270] usb 4-1: config 0 descriptor?? [ 407.370737][T10972] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 407.391093][ T5270] hub 4-1:0.0: bad descriptor, ignoring hub [ 407.408738][ T5270] hub 4-1:0.0: probe with driver hub failed with error -5 [ 407.422366][ T5270] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input39 [ 407.438548][ T5349] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 407.636458][ T5349] usb 1-1: Using ep0 maxpacket: 16 [ 407.689225][ T5270] usb 4-1: USB disconnect, device number 15 [ 407.689337][ T5349] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 407.695190][ C1] usbtouchscreen 4-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 407.768322][ T5349] usb 1-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 407.796463][ T5349] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 407.964470][ T5349] usb 1-1: config 0 descriptor?? [ 408.185536][ T5349] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 409.005105][ T5349] usb 1-1: USB disconnect, device number 26 [ 409.182393][T10781] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 409.218988][T10781] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 409.246794][T10781] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 409.274132][T10781] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 409.442128][T11019] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 409.451122][T11019] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 409.464961][T11019] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 410.283761][T10781] 8021q: adding VLAN 0 to HW filter on device bond0 [ 410.303678][T10781] 8021q: adding VLAN 0 to HW filter on device team0 [ 410.432712][ T5231] bridge0: port 1(bridge_slave_0) entered blocking state [ 410.439873][ T5231] bridge0: port 1(bridge_slave_0) entered forwarding state [ 410.478235][ T5231] bridge0: port 2(bridge_slave_1) entered blocking state [ 410.485400][ T5231] bridge0: port 2(bridge_slave_1) entered forwarding state [ 411.006036][T10781] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 411.066324][T10781] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 411.397367][ T5349] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 411.704108][T10781] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 411.768242][T10781] veth0_vlan: entered promiscuous mode [ 411.804029][ T5349] usb 3-1: config index 0 descriptor too short (expected 23569, got 27) [ 411.831824][T11060] xt_CT: You must specify a L4 protocol and not use inversions on it [ 411.861273][ T5349] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 411.970995][T10781] veth1_vlan: entered promiscuous mode [ 412.229353][ T5349] usb 3-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 412.426385][ T5349] usb 3-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 412.434673][ T5349] usb 3-1: Manufacturer: syz [ 412.442799][ T5349] usb 3-1: config 0 descriptor?? [ 412.506934][T10781] veth0_macvtap: entered promiscuous mode [ 412.542337][T10781] veth1_macvtap: entered promiscuous mode [ 412.571785][T10781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 412.586496][T10781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 412.611160][T10781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 412.622525][T10781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 412.634310][T10781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 412.636463][ T5349] rc_core: IR keymap rc-hauppauge not found [ 412.661189][T10781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 412.676527][ T5349] Registered IR keymap rc-empty [ 412.680225][T10781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 412.697815][ T5349] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 412.722350][T10781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 412.735978][ T5349] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input40 [ 412.762755][T10781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 412.785429][T10781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 412.797327][T10781] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 412.825748][T10781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 412.905566][T11070] IPVS: set_ctl: invalid protocol: 12 172.20.20.187:20000 [ 412.915265][T10781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 412.944596][ T5349] hid-generic 0000:0000:0000.0016: unknown main item tag 0x0 [ 412.952456][T10781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 412.952480][T10781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 412.952500][T10781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 412.952514][T10781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 412.952531][T10781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 412.952545][T10781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 412.952560][T10781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 412.952574][T10781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 412.954029][T10781] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 413.009007][ T5349] hid-generic 0000:0000:0000.0016: hidraw0: HID v0.00 Device [syz1] on syz0 [ 413.183897][ T5269] usb 3-1: USB disconnect, device number 15 [ 413.208093][T10781] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 413.218338][T10781] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 413.229596][T10781] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 413.239549][T10781] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 413.746782][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 413.786914][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 413.862552][ T2990] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 413.926774][ T2990] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 414.644811][T11112] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1391'. [ 418.499922][ T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 418.638584][ T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 418.723911][ T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 418.823433][ T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 418.928722][ T12] bridge_slave_1: left allmulticast mode [ 418.936579][ T12] bridge_slave_1: left promiscuous mode [ 418.950765][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 418.964783][ T12] bridge_slave_0: left allmulticast mode [ 418.971630][ T12] bridge_slave_0: left promiscuous mode [ 418.977663][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 419.304710][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 419.315928][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 419.327764][ T12] bond0 (unregistering): Released all slaves [ 419.914899][ T12] hsr_slave_0: left promiscuous mode [ 419.918701][ T29] audit: type=1326 audit(2000000544.400:336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11165 comm="syz.3.1402" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb7bcb77299 code=0x0 [ 419.942181][ T12] hsr_slave_1: left promiscuous mode [ 419.978997][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 419.989391][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 419.991188][ T5230] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 420.010613][ T5230] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 420.010889][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 420.038042][ T5230] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 420.056065][ T5230] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 420.063283][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 420.072754][ T5230] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 420.083794][ T5230] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 420.163556][ T12] veth1_macvtap: left promiscuous mode [ 420.188797][ T12] veth0_macvtap: left promiscuous mode [ 420.194492][ T12] veth1_vlan: left promiscuous mode [ 420.216398][ T12] veth0_vlan: left promiscuous mode [ 420.890036][T11193] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 422.132293][ T30] INFO: task syz-executor:5218 blocked for more than 143 seconds. [ 422.151517][ T30] Not tainted 6.10.0-syzkaller-12710-g3a7e02c040b1 #0 [ 422.170503][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 422.179689][ T5221] Bluetooth: hci5: command tx timeout [ 422.182716][ T30] task:syz-executor state:D stack:20048 pid:5218 tgid:5218 ppid:1 flags:0x00004004 [ 422.203649][ T30] Call Trace: [ 422.207294][ T30] [ 422.210236][ T30] __schedule+0x17ae/0x4a10 [ 422.215885][ T30] ? __pfx___schedule+0x10/0x10 [ 422.225516][ T30] ? __pfx_lock_release+0x10/0x10 [ 422.231978][ T30] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 422.252672][ T30] ? schedule+0x90/0x320 [ 422.266298][ T30] schedule+0x14b/0x320 [ 422.276532][ T30] v9fs_evict_inode+0x171/0x360 [ 422.282354][ T30] ? _raw_spin_unlock+0x28/0x50 [ 422.296254][ T30] ? __pfx_v9fs_evict_inode+0x10/0x10 [ 422.304722][ T30] ? __pfx_var_wake_function+0x10/0x10 [ 422.314544][ T30] ? __pfx_wake_bit_function+0x10/0x10 [ 422.320262][ T30] ? do_raw_spin_unlock+0x13c/0x8b0 [ 422.335722][ T30] ? _raw_spin_unlock+0x28/0x50 [ 422.347867][ T30] ? __pfx_v9fs_evict_inode+0x10/0x10 [ 422.353259][ T30] evict+0x2a8/0x630 [ 422.367095][ T30] __dentry_kill+0x20d/0x630 [ 422.385883][ T30] ? dput+0x37/0x2b0 [ 422.390240][ T30] dput+0x19f/0x2b0 [ 422.394076][ T30] shrink_dcache_for_umount+0xb4/0x180 [ 422.415844][ T30] generic_shutdown_super+0x6a/0x2d0 [ 422.421495][ T30] kill_anon_super+0x3b/0x70 [ 422.426107][ T30] v9fs_kill_super+0x4c/0x90 [ 422.431686][ T30] deactivate_locked_super+0xc4/0x130 [ 422.437297][ T30] cleanup_mnt+0x41f/0x4b0 [ 422.441733][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 422.446977][ T30] task_work_run+0x24f/0x310 [ 422.451590][ T30] ? __pfx_task_work_run+0x10/0x10 [ 422.456910][ T30] ? __x64_sys_umount+0x123/0x170 [ 422.461945][ T30] ? syscall_exit_to_user_mode+0xa3/0x370 [ 422.471041][ T30] syscall_exit_to_user_mode+0x168/0x370 [ 422.476917][ T30] do_syscall_64+0x100/0x230 [ 422.481525][ T30] ? clear_bhb_loop+0x35/0x90 [ 422.486270][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 422.492195][ T30] RIP: 0033:0x7fe2225785c7 [ 422.497097][ T30] RSP: 002b:00007ffc2142ebd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 422.505530][ T30] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fe2225785c7 [ 422.513554][ T30] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc2142ec90 [ 422.521686][ T30] RBP: 00007ffc2142ec90 R08: 0000000000000000 R09: 0000000000000000 [ 422.529936][ T30] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc2142fd10 [ 422.538713][ T30] R13: 00007fe2225e4784 R14: 000000000003fb3e R15: 00007ffc2142fd50 [ 422.546834][ T30] [ 422.552809][ T30] [ 422.552809][ T30] Showing all locks held in the system: [ 422.561638][ T30] 4 locks held by kworker/u8:1/12: [ 422.573648][ T30] 1 lock held by khungtaskd/30: [ 422.582055][ T30] #0: ffffffff8e737660 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 422.600974][ T30] 2 locks held by kworker/u8:2/35: [ 422.606110][ T30] #0: ffff888015489148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 422.625970][ T30] #1: ffffc90000ab7d00 ((work_completion)(&wreq->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 422.646322][ T30] 3 locks held by kworker/0:2/1167: [ 422.651547][ T30] #0: ffff888015480948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 422.670423][ T30] #1: ffffc900043cfd00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 422.685220][ T30] #2: ffffffff8fa6c288 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 422.702277][ T30] 1 lock held by dhcpcd/4887: [ 422.707747][ T30] #0: ffffffff8fa6c288 (rtnl_mutex){+.+.}-{3:3}, at: devinet_ioctl+0x2ce/0x1bc0 [ 422.724653][ T30] 2 locks held by getty/4973: [ 422.729675][ T30] #0: ffff88802bc290a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 422.746369][ T30] #1: ffffc9000312b2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 422.764545][ T30] 1 lock held by syz-executor/5218: [ 422.770314][ T30] #0: ffff88807b9240e0 (&type->s_umount_key#75){+.+.}-{3:3}, at: deactivate_super+0xb5/0xf0 [ 422.781076][ T30] 3 locks held by kworker/1:3/5269: [ 422.794483][ T30] 1 lock held by syz.4.1400/11156: [ 422.803199][ T30] 1 lock held by syz-executor/11176: [ 422.819339][ T30] #0: ffffffff8fa6c288 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 422.841342][ T30] 1 lock held by syz.0.1404/11184: [ 422.850305][ T30] #0: ffffffff8e73c900 (rcu_state.barrier_mutex){+.+.}-{3:3}, at: rcu_barrier+0x4c/0x530 [ 422.860433][ T30] 2 locks held by syz.3.1410/11200: [ 422.865643][ T30] #0: ffffffff8fad1990 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 422.874062][ T30] #1: ffffffff8fad1848 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x121/0xec0 [ 422.883152][ T30] 2 locks held by syz.3.1410/11206: [ 422.888588][ T30] #0: ffffffff8fad1990 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 422.897235][ T30] #1: ffffffff8fad1848 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x121/0xec0 [ 422.906407][ T30] 3 locks held by syz.2.1411/11202: [ 422.911610][ T30] #0: ffffffff8fad1990 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 422.919861][ T30] #1: ffffffff8fad1848 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x121/0xec0 [ 422.929096][ T30] #2: ffffffff8fa6c288 (rtnl_mutex){+.+.}-{3:3}, at: nl802154_pre_doit+0xb5/0xac0 [ 422.938555][ T30] 1 lock held by syz.2.1411/11204: [ 422.943895][ T30] #0: ffffffff8fa6c288 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 422.953543][ T30] [ 422.955930][ T30] ============================================= [ 422.955930][ T30] [ 422.964462][ T30] NMI backtrace for cpu 0 [ 422.968802][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.10.0-syzkaller-12710-g3a7e02c040b1 #0 [ 422.978947][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 422.988998][ T30] Call Trace: [ 422.992271][ T30] [ 422.995194][ T30] dump_stack_lvl+0x241/0x360 [ 422.999872][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 423.005063][ T30] ? __pfx__printk+0x10/0x10 [ 423.009645][ T30] ? vprintk_emit+0x631/0x770 [ 423.014312][ T30] ? __pfx_vprintk_emit+0x10/0x10 [ 423.019334][ T30] nmi_cpu_backtrace+0x49c/0x4d0 [ 423.024273][ T30] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 423.029724][ T30] ? _printk+0xd5/0x120 [ 423.033870][ T30] ? __pfx__printk+0x10/0x10 [ 423.038450][ T30] ? __wake_up_klogd+0xcc/0x110 [ 423.043293][ T30] ? __pfx__printk+0x10/0x10 [ 423.047879][ T30] ? __rcu_read_unlock+0xa1/0x110 [ 423.052897][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 423.058873][ T30] nmi_trigger_cpumask_backtrace+0x198/0x320 [ 423.064859][ T30] watchdog+0xfee/0x1030 [ 423.069098][ T30] ? watchdog+0x1ea/0x1030 [ 423.073519][ T30] ? __pfx_watchdog+0x10/0x10 [ 423.078186][ T30] kthread+0x2f0/0x390 [ 423.082242][ T30] ? __pfx_watchdog+0x10/0x10 [ 423.086909][ T30] ? __pfx_kthread+0x10/0x10 [ 423.091513][ T30] ret_from_fork+0x4b/0x80 [ 423.095946][ T30] ? __pfx_kthread+0x10/0x10 [ 423.100544][ T30] ret_from_fork_asm+0x1a/0x30 [ 423.105321][ T30] [ 423.109022][ T30] Sending NMI from CPU 0 to CPUs 1: [ 423.114276][ C1] NMI backtrace for cpu 1 [ 423.114289][ C1] CPU: 1 UID: 0 PID: 5269 Comm: kworker/1:3 Not tainted 6.10.0-syzkaller-12710-g3a7e02c040b1 #0 [ 423.114310][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 423.114321][ C1] Workqueue: events kfree_rcu_work [ 423.114347][ C1] RIP: 0010:__sanitizer_cov_trace_pc+0x31/0x70 [ 423.114372][ C1] Code: 24 65 48 8b 0c 25 00 d7 03 00 65 8b 15 30 54 70 7e f7 c2 00 01 ff 00 74 11 f7 c2 00 01 00 00 74 35 83 b9 1c 16 00 00 00 74 2c <8b> 91 f8 15 00 00 83 fa 02 75 21 48 8b 91 00 16 00 00 48 8b 32 48 [ 423.114386][ C1] RSP: 0018:ffffc9000412f4b0 EFLAGS: 00000246 [ 423.114399][ C1] RAX: ffffffff81413ee9 RBX: ffffc9000412fdc8 RCX: ffff8880610e3c00 [ 423.114416][ C1] RDX: 0000000080000001 RSI: 0000000000000001 RDI: ffffc9000412fdc8 [ 423.114428][ C1] RBP: 1ffff92000825eb6 R08: ffffffff814117ed R09: ffffffff81411746 [ 423.114440][ C1] R10: 0000000000000003 R11: ffff8880610e3c00 R12: ffffc9000412fdc8 [ 423.114452][ C1] R13: dffffc0000000000 R14: 1ffff92000825eb5 R15: 1ffff92000825eb4 [ 423.114464][ C1] FS: 0000000000000000(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000 [ 423.114478][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 423.114489][ C1] CR2: 00007fb7bd8e2fc8 CR3: 000000007ba94000 CR4: 00000000003526f0 [ 423.114503][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 423.114512][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 423.114523][ C1] Call Trace: [ 423.114529][ C1] [ 423.114536][ C1] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 423.114559][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 423.114583][ C1] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 423.114605][ C1] ? nmi_handle+0x2a/0x5a0 [ 423.114628][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 423.114649][ C1] ? nmi_handle+0x14f/0x5a0 [ 423.114663][ C1] ? nmi_handle+0x2a/0x5a0 [ 423.114679][ C1] ? __sanitizer_cov_trace_pc+0x31/0x70 [ 423.114699][ C1] ? default_do_nmi+0x63/0x160 [ 423.114722][ C1] ? exc_nmi+0x123/0x1f0 [ 423.114744][ C1] ? end_repeat_nmi+0xf/0x53 [ 423.114768][ C1] ? unwind_next_frame+0xff6/0x2a00 [ 423.114790][ C1] ? unwind_next_frame+0x109d/0x2a00 [ 423.114812][ C1] ? __read_once_word_nocheck+0x9/0x20 [ 423.114837][ C1] ? __sanitizer_cov_trace_pc+0x31/0x70 [ 423.114859][ C1] ? __sanitizer_cov_trace_pc+0x31/0x70 [ 423.114881][ C1] ? __sanitizer_cov_trace_pc+0x31/0x70 [ 423.114902][ C1] [ 423.114907][ C1] [ 423.114913][ C1] __read_once_word_nocheck+0x9/0x20 [ 423.114936][ C1] unwind_next_frame+0x1356/0x2a00 [ 423.114964][ C1] ? process_scheduled_works+0xa2c/0x1830 [ 423.114986][ C1] ? process_scheduled_works+0xa2c/0x1830 [ 423.115005][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 423.115026][ C1] arch_stack_walk+0x151/0x1b0 [ 423.115046][ C1] ? process_scheduled_works+0xa2c/0x1830 [ 423.115069][ C1] stack_trace_save+0x118/0x1d0 [ 423.115089][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 423.115113][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 423.115137][ C1] kasan_save_track+0x3f/0x80 [ 423.115153][ C1] ? kasan_save_track+0x3f/0x80 [ 423.115168][ C1] ? kasan_save_free_info+0x40/0x50 [ 423.115189][ C1] ? poison_slab_object+0xe0/0x150 [ 423.115205][ C1] ? __kasan_slab_free+0x37/0x60 [ 423.115221][ C1] ? kmem_cache_free_bulk+0x1f8/0x370 [ 423.115242][ C1] ? kvfree_rcu_bulk+0x24b/0x4e0 [ 423.115262][ C1] ? kfree_rcu_work+0x44b/0x500 [ 423.115281][ C1] ? process_scheduled_works+0xa2c/0x1830 [ 423.115328][ C1] ? kvfree_rcu_bulk+0x24b/0x4e0 [ 423.115347][ C1] kasan_save_free_info+0x40/0x50 [ 423.115369][ C1] poison_slab_object+0xe0/0x150 [ 423.115392][ C1] __kasan_slab_free+0x37/0x60 [ 423.115413][ C1] kmem_cache_free_bulk+0x1f8/0x370 [ 423.115436][ C1] ? kvfree_rcu_bulk+0x24b/0x4e0 [ 423.115463][ C1] kvfree_rcu_bulk+0x24b/0x4e0 [ 423.115484][ C1] ? kvfree_rcu_bulk+0x101/0x4e0 [ 423.115506][ C1] kfree_rcu_work+0x44b/0x500 [ 423.115527][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 423.115551][ C1] ? __pfx_kfree_rcu_work+0x10/0x10 [ 423.115579][ C1] ? process_scheduled_works+0x945/0x1830 [ 423.115598][ C1] process_scheduled_works+0xa2c/0x1830 [ 423.115635][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 423.115660][ C1] ? assign_work+0x364/0x3d0 [ 423.115683][ C1] worker_thread+0x86d/0xd40 [ 423.115708][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 423.115735][ C1] ? __kthread_parkme+0x169/0x1d0 [ 423.115759][ C1] ? __pfx_worker_thread+0x10/0x10 [ 423.115779][ C1] kthread+0x2f0/0x390 [ 423.115792][ C1] ? __pfx_worker_thread+0x10/0x10 [ 423.115813][ C1] ? __pfx_kthread+0x10/0x10 [ 423.115828][ C1] ret_from_fork+0x4b/0x80 [ 423.115849][ C1] ? __pfx_kthread+0x10/0x10 [ 423.115863][ C1] ret_from_fork_asm+0x1a/0x30 [ 423.115894][ C1] [ 423.586666][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 423.593552][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.10.0-syzkaller-12710-g3a7e02c040b1 #0 [ 423.603708][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 423.613757][ T30] Call Trace: [ 423.617029][ T30] [ 423.619950][ T30] dump_stack_lvl+0x241/0x360 [ 423.624625][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 423.629814][ T30] ? __pfx__printk+0x10/0x10 [ 423.634392][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 423.640372][ T30] ? vscnprintf+0x5d/0x90 [ 423.644695][ T30] panic+0x349/0x860 [ 423.648583][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 423.654731][ T30] ? __pfx_panic+0x10/0x10 [ 423.659135][ T30] ? tick_nohz_tick_stopped+0x82/0xb0 [ 423.664500][ T30] ? __irq_work_queue_local+0x137/0x410 [ 423.670218][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 423.675581][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 423.681728][ T30] ? nmi_trigger_cpumask_backtrace+0x2d4/0x320 [ 423.687878][ T30] ? nmi_trigger_cpumask_backtrace+0x2d9/0x320 [ 423.694028][ T30] watchdog+0x102d/0x1030 [ 423.698358][ T30] ? watchdog+0x1ea/0x1030 [ 423.702772][ T30] ? __pfx_watchdog+0x10/0x10 [ 423.707439][ T30] kthread+0x2f0/0x390 [ 423.711496][ T30] ? __pfx_watchdog+0x10/0x10 [ 423.716169][ T30] ? __pfx_kthread+0x10/0x10 [ 423.720850][ T30] ret_from_fork+0x4b/0x80 [ 423.725259][ T30] ? __pfx_kthread+0x10/0x10 [ 423.729834][ T30] ret_from_fork_asm+0x1a/0x30 [ 423.734604][ T30] [ 423.737850][ T30] Kernel Offset: disabled [ 423.742164][ T30] Rebooting in 86400 seconds..