last executing test programs: 4.135614946s ago: executing program 1 (id=30): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x2200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000004c0)=ANY=[@ANYBLOB="010000000015000072000040"]) 3.693310975s ago: executing program 1 (id=38): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0x41, 0x3f, 0x5f, 0x20, 0x61d, 0xc150, 0xce6f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x33, 0x0, 0x1, 0x18, 0x70, 0xfd, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x4}}]}}]}}]}}, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1203000069bcba0003533e8689b201020301"], 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xa8, &(0x7f0000000040)=ANY=[@ANYBLOB="a200004ef3b11f948ef66b0ee0b3d41b1b"]) 3.24610343s ago: executing program 4 (id=44): r0 = userfaultfd(0x1) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x665}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) read(r0, &(0x7f00000002c0)=""/196, 0x20) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) 2.269594768s ago: executing program 2 (id=48): openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) r0 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0xffffffff, 0xffdffffe}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0) 1.964930044s ago: executing program 4 (id=49): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=@updpolicy={0xb8, 0x19, 0xfd3649826d894c67, 0x0, 0xfffffffd, {{@in6=@dev={0xfe, 0x80, '\x00', 0x8}, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x26b9ffe36856e205}, {0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}}}, 0xb8}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x29}, {0x0, 0x0, 0x7, 0x0, 0x0, 0x2, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0xffffffffffffffff}}, [@mark={0xc, 0x15, {0x350759, 0xb29}}]}, 0xc4}}, 0x4004) syz_emit_ethernet(0x3e, &(0x7f0000000500)={@broadcast, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "6b88ef", 0x8, 0x3a, 0x0, @private1, @local, {[], @echo_reply}}}}}, 0x0) 1.943953763s ago: executing program 2 (id=50): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x40000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000180)={0x1, 0xaa4, 0x0, &(0x7f0000000300)="f90b9a2510b96361471bb731368eb4b9f52e74ff6d482d1089945509175db7030000000000000062f73ce8a5fb4467", 0x0, 0x2f}) ioctl$KVM_SET_CLOCK(r1, 0x4188aec6, &(0x7f0000000040)={0x1, 0x8, 0x0, 0x20000000000000}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 1.634487917s ago: executing program 1 (id=52): r0 = inotify_init1(0x80800) inotify_add_watch(r0, &(0x7f0000000000)='./cgroup\x00', 0x62000030) r1 = inotify_init1(0x0) inotify_add_watch(r1, &(0x7f0000000080)='.\x00', 0x2000434) unlink(&(0x7f0000000040)='./cgroup\x00') 1.592548178s ago: executing program 4 (id=54): r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) recvfrom(r0, &(0x7f0000000480)=""/104, 0x68, 0x12020, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]}) getrandom(0x0, 0x0, 0x1) 1.543000391s ago: executing program 0 (id=55): mq_open(&(0x7f0000000100)='\xbd\x16 lhOb\xed\xf1~\xe5\x01\xd1h\xfe\xb5\x1d\x90\x933\x9e\x8f\x06J\xc7\xc8y\xfbx\xd0\xee\xc3\xfcv\xf7L\xaa=Q\xe4R\xfan\xc1\xb7FGr\x82\xa5\xf2\x8fq\xf0\xcf\x82\xc3\xbb~Q\x7fV\x7f7\xb6\xb7\"qH\xe1\x11\x97\xc9d0\x9d\xfa\x86\xf8\x88\xb9\x89\xfd%Nny\xb5\x03\x83\x1c\xddD\x02\x00\x00\x00\x00\x00\x00\x00`\x1f~\xe9\xe4N@\xbb\xdb\x80\xcf\x1e \x9eW\x13\x02\xe2ct\xe9\x7f+8+\v\x88\x01\xf6\\x\x95|\xeab\xceE\xefVyS$\x92\xb5PAXg\xa68mRC\x93l\x83\xcd\xe21\x92X\x8c!\x0e\x1b(\xdf~ +\xb7{T\xb0\xff\xce\xbdv\xc1\xc0\xfc\xd9r,\xc9\xc5\xc7o\x1d]e\x03t)\xb6)\xe0\x88p\x84\x9e\xae\xaad\xf9\a\xce\x81\x99z\xb3\xb9\xa2\r{\x83\x05=\xfcu\xb3\xa1\x8b\xd1uw\f \xe0\x9fd\xcca&6\xa5{y\bS@\x00TO\'\xc7v\xa9\v_\xd7\x1f\x9cs\f\x7f\xab\x8d\x12\xf3\x1fR\x9f\x80M\x04\xa8\x1b5(s\x94\xeao\xe8\\\xa1sv\x81\xcd\xbd\xfd\x86\x14\xf0V\xe2\x84\xa4C\xfd\xf5c\xfe\x0f\x94>\x87\xdf\xf8\xc7\xe1\xce\xb1\xfe\xfc\xfd\x84\xa7\xee \xb4L*\xc7\xf6\xe4\xfa\x84\x95\xfb\xbd:\vfK-\x10YOja\x9a\xcd\xdb\xccj\xfd\x10\x8a\x1d\x9a\x8d\x00'/360, 0x40, 0x81, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000c40)={0x2000000b}) 1.492845861s ago: executing program 2 (id=56): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000380)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0x2def, 0x0, 0x0, 0x0, 0x0) ioctl$TCSETS(r0, 0x5402, &(0x7f0000000080)={0x28a68c40, 0x4, 0x10000007, 0x4093, 0x11, "625004e7c01dfb187f24016554520dac8a03a7"}) 1.406666144s ago: executing program 3 (id=57): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x24, &(0x7f0000000280)=0x1, 0x4) shutdown(r0, 0x0) recvmmsg(r0, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x300, 0x0, 0x0) 1.356832897s ago: executing program 2 (id=58): sendto$inet(0xffffffffffffffff, &(0x7f0000000700)="0c268a927f1f6588b967481241ba78600a34f65ac618ded8974895abeaf4b4834ff959bcecc7a95425a3a07e758044ab4ea6f7c555", 0x35, 0x0, 0x0, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000001500)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000035c0)=""/4106, 0x100a}, {&(0x7f0000000100)=""/126, 0x7e}], 0x2, 0x0, 0x0, 0x407006}, 0x104) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x5, 0x5, 0x9fd, 0x84, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f0000000040), &(0x7f0000000340), 0x800, r0}, 0x38) bpf$MAP_LOOKUP_BATCH(0x19, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000680), &(0x7f0000000540), 0x6c, r0}, 0x38) 1.324612702s ago: executing program 1 (id=59): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000180)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x40}, {0x6}]}, 0x8) syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="bbbbbbbbbbbbbbbbbbbbbbbb0800450000380000000000019078"], 0x0) 1.215394903s ago: executing program 0 (id=60): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f00000001c0)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="48000000000101040000ff0f0000000002000000240001801400018008000100e000000108000200e00000010c000280050001000000000010000580090001"], 0x48}}, 0x0) 1.132794012s ago: executing program 1 (id=61): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'macvlan0\x00', 0x0}) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0xa, 0x4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=r1, @ANYBLOB="00001700000000001c0037800b0001006970768a616e08000c0002800600010000000000050027"], 0x44}, 0x1, 0x0, 0x0, 0x50}, 0x0) 1.132273905s ago: executing program 3 (id=62): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f0000000200)={0x3}, 0x1) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c) sendto$inet6(r0, &(0x7f0000000500)="a4", 0x34000, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) 1.071350039s ago: executing program 2 (id=63): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bridge0\x00', 0x0}) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4) sendto$packet(r0, &(0x7f0000000280)="3f031c000302140006000bb52d04c71e0089008000000000000000c945000088aa0000810007", 0x26, 0x1, &(0x7f0000000540)={0xc9, 0x88a8, r1, 0x1, 0x1, 0x6, @random="d7669124fc2d"}, 0x14) 1.003655619s ago: executing program 0 (id=64): r0 = socket$l2tp(0x2, 0x2, 0x73) sendmsg$TIPC_NL_BEARER_ADD(0xffffffffffffffff, &(0x7f0000002f80)={0x0, 0x0, &(0x7f0000002f40)={&(0x7f0000000040)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) connect$inet(r0, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r0, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0) 821.885809ms ago: executing program 3 (id=65): r0 = socket(0x10, 0x803, 0x0) r1 = socket$netlink(0x10, 0x3, 0x14) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x61}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bond={{0x9}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x4000) 801.869886ms ago: executing program 2 (id=66): r0 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f00000001c0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x10, &(0x7f0000000240)=@ready={0x0, 0x0, 0x8, "a926b0dc", {0x1, 0x0, 0x7, 0x9}}) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="0c00004e15"]) 752.510045ms ago: executing program 1 (id=67): syz_usb_connect(0x0, 0x71, &(0x7f0000000640)={{0x12, 0x1, 0x0, 0x3d, 0xa3, 0x77, 0x20, 0x572, 0xcafe, 0x5501, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5f, 0x2, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x3, 0x2, 0x96, 0xdb, 0xa8, 0x0, [], [{{0x9, 0x5, 0x1}}, {}]}}, {{0x9, 0x4, 0x0, 0x9, 0x1, 0xa, 0xde, 0xef, 0x0, [@uac_as, @uac_control={{}, [@mixer_unit={0x5, 0x24, 0x4, 0x4}, @output_terminal={0x9, 0x24, 0x3, 0x4, 0x0, 0x0, 0x4}, @feature_unit={0xb, 0x24, 0x6, 0x0, 0x0, 0x2, [0x0, 0x0]}]}], [{{0x9, 0x5, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x4}]}}]}}]}}]}}, 0x0) write$hidraw(0xffffffffffffffff, 0x0, 0x0) syz_usb_connect(0x0, 0x0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0) 612.206476ms ago: executing program 4 (id=68): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x181040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000680)={{0x1, 0x80ad000, 0x10, 0xe, 0x5, 0x8, 0x9, 0xf, 0xfd, 0xb, 0x7, 0x2}, {0x2000, 0x2, 0xe, 0x9, 0xf7, 0x3, 0x0, 0x6, 0x8, 0x2, 0xe, 0x8}, {0x4000, 0xeeef0000, 0xe, 0x5, 0x3, 0xa, 0x1, 0x1d, 0x9, 0x5, 0x5, 0xd8}, {0x4, 0xf000, 0x8, 0x9, 0x5, 0x80, 0xe0, 0x9, 0x6, 0x1, 0x8, 0x5}, {0x0, 0x8000000, 0xf, 0x7, 0xe0, 0x0, 0xff, 0xff, 0x3, 0x0, 0x9, 0xff}, {0x1000, 0x2, 0x9, 0x5, 0x0, 0xe, 0xf9, 0x0, 0x2, 0xa, 0xcd, 0xd}, {0xeeff5000, 0x2000, 0xd, 0xfa, 0x2, 0xe, 0x9c, 0x4, 0x2, 0x4, 0x7, 0x30}, {0x4, 0x2, 0x3, 0x15, 0x81, 0x11, 0x7, 0x8, 0x1, 0x7, 0x9, 0x1}, {0xeeee8000, 0x7f}, {0xd000, 0x101}, 0x1, 0x0, 0x3000, 0x400, 0x3, 0xd01, 0xd000, [0x7ff, 0x5bab, 0x6, 0x5]}) 606.906308ms ago: executing program 0 (id=69): r0 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r0, &(0x7f0000001ff0)={0x1d, r1}, 0x10) sendmsg$can_raw(r0, &(0x7f0000001fc8)={0x0, 0x0, &(0x7f0000000ff0)={&(0x7f000000a000)=@canfd={{0x1}, 0x2, 0x0, 0x0, 0x0, "0327e1b22b5fcef7739c699f5ff986ca08990039576a7d5cb2bdac3fa80acf584ecb5fee496e6866856b76b5ee00000000000000094e2f9663a918fa1efd9b0b"}, 0x48}, 0xee, 0x0, 0x0, 0x20040000}, 0x200000c1) 451.096182ms ago: executing program 3 (id=70): mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000440), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000002100), 0x1, &(0x7f0000000200)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) chown(&(0x7f0000000140)='./file0\x00', 0xee01, 0x0) 405.746254ms ago: executing program 0 (id=71): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f0000001480)={0x2c, r1, 0x1, 0x70bd28, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x10, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x98}]}]}]}, 0x2c}}, 0x0) 330.670781ms ago: executing program 4 (id=72): pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r0, 0x0, 0x15) r1 = dup(r0) poll(&(0x7f0000000140)=[{r0, 0x620}], 0x1, 0x4) write$FUSE_DIRENTPLUS(r1, 0x0, 0xb0) 312.254205ms ago: executing program 3 (id=73): r0 = socket$inet_smc(0x2b, 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_PMKSA(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)={0x60, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_FILS_CACHE_ID={0x6}, @NL80211_ATTR_PMK_LIFETIME={0x8, 0x11f, 0x80}, @NL80211_ATTR_PMKID={0x14, 0x55, "841d7cb49e5b8cc49dc6e85ffe45460b"}, @NL80211_ATTR_PMK={0x14, 0xfe, "30f4531ebe0187bec12f4a8d620a0715"}]}, 0x60}}, 0x0) 236.67701ms ago: executing program 0 (id=74): getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0) r0 = gettid() timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x0) 206.30426ms ago: executing program 4 (id=75): r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x4, 0x6031, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ceb000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) ioctl$UFFDIO_CONTINUE(r0, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) 0s ago: executing program 3 (id=76): r0 = socket(0x8000000010, 0x2, 0x0) write(r0, &(0x7f00000002c0)="fc0000001c000704ab5b2509b868030002ab087a0100000001481093210001c0f0030584050060100000000000039815fa2c53c28648000000b9d95662537a00bc000c00f0ff7f0000b400600033d44000040560916a0033f436313012dafd5a32e273fc83ab82d710f74cec184406f90d435ef8b29d3ef3d92c94170e5bba2e177312e081bea05d3a021e8ca062914a46ccfc510bb73c9455cdc8363ae4f5df77bc4cfd6239ec2a0f0d1bcae5fa0f5f9dcdd51af51af8502943283f4bb102b2b8f5566791cf190201ded815b2ccd243f395ed94e0ad91bd6433802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4796f0000090548de", 0xfc) r1 = socket$inet_tcp(0x2, 0x1, 0x0) open(0x0, 0x18802, 0x162) ioctl$sock_inet_SIOCSARP(r1, 0x8953, &(0x7f0000000180)={{0x2, 0x0, @empty}, {0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x13}}, 0x0, {0x2, 0x0, @multicast1=0xe000cc02}}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.145' (ED25519) to the list of known hosts. [ 56.001910][ T5820] cgroup: Unknown subsys name 'net' [ 56.123419][ T5820] cgroup: Unknown subsys name 'cpuset' [ 56.131548][ T5820] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 57.470313][ T5820] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 60.824318][ T5836] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 60.831959][ T5836] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 60.841316][ T5836] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 60.850015][ T5836] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 60.857326][ T5836] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 60.880850][ T5836] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 60.883332][ T5843] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 60.888831][ T5839] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 60.896055][ T5844] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 60.912742][ T5844] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 60.920337][ T5844] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 60.922093][ T5839] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 60.928052][ T5844] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 60.947731][ T5836] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 60.950546][ T5838] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 60.964850][ T5836] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 60.966614][ T5844] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 60.972167][ T5836] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 60.983330][ T5838] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 60.986892][ T5839] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 60.994397][ T5838] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 61.001896][ T5836] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 61.008015][ T5838] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 61.021493][ T5836] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 61.029538][ T5836] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 61.037134][ T5836] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 61.045004][ T5836] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 61.053522][ T54] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 61.053849][ T5836] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 61.060915][ T54] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 61.476297][ T5845] chnl_net:caif_netlink_parms(): no params data found [ 61.513920][ T5849] chnl_net:caif_netlink_parms(): no params data found [ 61.605651][ T5847] chnl_net:caif_netlink_parms(): no params data found [ 61.710982][ T5850] chnl_net:caif_netlink_parms(): no params data found [ 61.720634][ T5851] chnl_net:caif_netlink_parms(): no params data found [ 61.761756][ T5849] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.768991][ T5849] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.776935][ T5849] bridge_slave_0: entered allmulticast mode [ 61.784195][ T5849] bridge_slave_0: entered promiscuous mode [ 61.824658][ T5845] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.832169][ T5845] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.839335][ T5845] bridge_slave_0: entered allmulticast mode [ 61.847003][ T5845] bridge_slave_0: entered promiscuous mode [ 61.854395][ T5845] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.862176][ T5845] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.869394][ T5845] bridge_slave_1: entered allmulticast mode [ 61.876255][ T5845] bridge_slave_1: entered promiscuous mode [ 61.890867][ T5849] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.897973][ T5849] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.905357][ T5849] bridge_slave_1: entered allmulticast mode [ 61.912091][ T5849] bridge_slave_1: entered promiscuous mode [ 61.977762][ T5845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.009474][ T5847] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.016760][ T5847] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.024924][ T5847] bridge_slave_0: entered allmulticast mode [ 62.031591][ T5847] bridge_slave_0: entered promiscuous mode [ 62.040831][ T5845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.059406][ T5849] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.097710][ T5847] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.104961][ T5847] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.112713][ T5847] bridge_slave_1: entered allmulticast mode [ 62.119327][ T5847] bridge_slave_1: entered promiscuous mode [ 62.136644][ T5849] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.153219][ T5851] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.163392][ T5851] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.170761][ T5851] bridge_slave_0: entered allmulticast mode [ 62.177424][ T5851] bridge_slave_0: entered promiscuous mode [ 62.197062][ T5845] team0: Port device team_slave_0 added [ 62.205227][ T5845] team0: Port device team_slave_1 added [ 62.234007][ T5851] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.241279][ T5851] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.248394][ T5851] bridge_slave_1: entered allmulticast mode [ 62.255747][ T5851] bridge_slave_1: entered promiscuous mode [ 62.280751][ T5849] team0: Port device team_slave_0 added [ 62.286791][ T5850] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.294044][ T5850] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.301321][ T5850] bridge_slave_0: entered allmulticast mode [ 62.307887][ T5850] bridge_slave_0: entered promiscuous mode [ 62.326150][ T5847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.346059][ T5849] team0: Port device team_slave_1 added [ 62.352380][ T5850] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.359475][ T5850] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.367169][ T5850] bridge_slave_1: entered allmulticast mode [ 62.373944][ T5850] bridge_slave_1: entered promiscuous mode [ 62.390839][ T5851] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.401730][ T5847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.419220][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.426303][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.452991][ T5845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.483936][ T5851] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.509426][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.517056][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.543318][ T5845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.564205][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.571298][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.597686][ T5849] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.626876][ T5847] team0: Port device team_slave_0 added [ 62.635404][ T5847] team0: Port device team_slave_1 added [ 62.647009][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.654787][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.681213][ T5849] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.702054][ T5850] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.714110][ T5850] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.735237][ T5851] team0: Port device team_slave_0 added [ 62.783359][ T5851] team0: Port device team_slave_1 added [ 62.799445][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.806569][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.832643][ T5847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.844994][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.852078][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.878052][ T5847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.915254][ T5850] team0: Port device team_slave_0 added [ 62.938906][ T5845] hsr_slave_0: entered promiscuous mode [ 62.945195][ T5845] hsr_slave_1: entered promiscuous mode [ 62.954302][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.961690][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.987957][ T5851] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.990882][ T5841] Bluetooth: hci3: command tx timeout [ 63.000447][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.011349][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.037501][ T5851] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.057313][ T5850] team0: Port device team_slave_1 added [ 63.070022][ T5841] Bluetooth: hci1: command tx timeout [ 63.074348][ T54] Bluetooth: hci2: command tx timeout [ 63.087037][ T5849] hsr_slave_0: entered promiscuous mode [ 63.093616][ T5849] hsr_slave_1: entered promiscuous mode [ 63.099546][ T5849] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 63.107569][ T5849] Cannot create hsr debugfs directory [ 63.150005][ T54] Bluetooth: hci0: command tx timeout [ 63.150081][ T5841] Bluetooth: hci4: command tx timeout [ 63.196229][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.203490][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.230739][ T5850] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 63.244885][ T5847] hsr_slave_0: entered promiscuous mode [ 63.254158][ T5847] hsr_slave_1: entered promiscuous mode [ 63.260311][ T5847] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 63.267862][ T5847] Cannot create hsr debugfs directory [ 63.286843][ T5851] hsr_slave_0: entered promiscuous mode [ 63.293243][ T5851] hsr_slave_1: entered promiscuous mode [ 63.299133][ T5851] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 63.306768][ T5851] Cannot create hsr debugfs directory [ 63.326806][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.336983][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.363603][ T5850] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.480233][ T5850] hsr_slave_0: entered promiscuous mode [ 63.486573][ T5850] hsr_slave_1: entered promiscuous mode [ 63.492929][ T5850] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 63.501363][ T5850] Cannot create hsr debugfs directory [ 63.761115][ T5845] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 63.773468][ T5845] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 63.784432][ T5845] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 63.793607][ T5845] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 63.851952][ T5851] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 63.862797][ T5851] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 63.887509][ T5851] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 63.898968][ T5851] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 63.936254][ T5850] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 63.962052][ T5850] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 63.973311][ T5850] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 63.982800][ T5850] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 64.071736][ T5847] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 64.085033][ T5847] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 64.111786][ T5847] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 64.123207][ T5847] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 64.159133][ T5845] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.203236][ T5849] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 64.214277][ T5849] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 64.231212][ T5849] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 64.240665][ T5849] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 64.274658][ T5851] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.284401][ T5845] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.303416][ T71] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.310719][ T71] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.336711][ T71] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.343841][ T71] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.385530][ T5850] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.443089][ T5851] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.464309][ T5850] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.477029][ T71] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.484143][ T71] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.493195][ T71] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.500371][ T71] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.532956][ T71] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.540122][ T71] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.574513][ T5847] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.591256][ T71] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.598343][ T71] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.624150][ T5847] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.658551][ T71] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.665670][ T71] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.691349][ T1050] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.698445][ T1050] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.719353][ T5849] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.739407][ T5845] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.762006][ T5849] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.811974][ T71] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.819052][ T71] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.831367][ T71] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.838480][ T71] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.891863][ T5851] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.906393][ T5849] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 64.975917][ T5849] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.007052][ T5845] veth0_vlan: entered promiscuous mode [ 65.020387][ T5850] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.051440][ T5847] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.066195][ T5845] veth1_vlan: entered promiscuous mode [ 65.070846][ T5841] Bluetooth: hci3: command tx timeout [ 65.093993][ T5851] veth0_vlan: entered promiscuous mode [ 65.105544][ T5851] veth1_vlan: entered promiscuous mode [ 65.154667][ T5841] Bluetooth: hci1: command tx timeout [ 65.155306][ T54] Bluetooth: hci2: command tx timeout [ 65.183744][ T5851] veth0_macvtap: entered promiscuous mode [ 65.194690][ T5849] veth0_vlan: entered promiscuous mode [ 65.204004][ T5845] veth0_macvtap: entered promiscuous mode [ 65.215581][ T5845] veth1_macvtap: entered promiscuous mode [ 65.229922][ T54] Bluetooth: hci4: command tx timeout [ 65.230091][ T5841] Bluetooth: hci0: command tx timeout [ 65.246641][ T5849] veth1_vlan: entered promiscuous mode [ 65.255309][ T5851] veth1_macvtap: entered promiscuous mode [ 65.275012][ T5850] veth0_vlan: entered promiscuous mode [ 65.300672][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.335912][ T5851] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.349432][ T5851] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.361438][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.373163][ T5850] veth1_vlan: entered promiscuous mode [ 65.382322][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.396864][ T5847] veth0_vlan: entered promiscuous mode [ 65.415205][ T5851] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.425967][ T5851] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.437343][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.457493][ T5845] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.466756][ T5845] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.476244][ T5845] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.486126][ T5845] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.497174][ T5849] veth0_macvtap: entered promiscuous mode [ 65.508559][ T5851] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.517841][ T5851] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.527007][ T5851] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.536381][ T5851] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.556367][ T5849] veth1_macvtap: entered promiscuous mode [ 65.564052][ T5847] veth1_vlan: entered promiscuous mode [ 65.615472][ T5850] veth0_macvtap: entered promiscuous mode [ 65.628499][ T5850] veth1_macvtap: entered promiscuous mode [ 65.637890][ T5849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.648627][ T5849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.659674][ T5849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.670564][ T5849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.681688][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.735165][ T5849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.746302][ T5849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.757648][ T5849] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.771203][ T5849] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.782909][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.798595][ T5849] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.817322][ T5849] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.826551][ T5849] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.835656][ T5849] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.880857][ T5850] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.891720][ T5850] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.902429][ T5850] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.913019][ T5850] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.922912][ T5850] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.933447][ T5850] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.944633][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.961176][ T5850] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.971865][ T5850] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.982201][ T5850] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.992754][ T5850] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.002622][ T5850] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.013170][ T5850] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.023773][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.057455][ T3557] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.057807][ T5850] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.071567][ T3557] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.076123][ T5850] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.092175][ T5850] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.101289][ T5850] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.131253][ T5847] veth0_macvtap: entered promiscuous mode [ 66.155196][ T5847] veth1_macvtap: entered promiscuous mode [ 66.191993][ T1050] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.203379][ T1050] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.234152][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.244414][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.297069][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.308102][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.319309][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.333606][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.344983][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.355821][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.366677][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.377202][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.390972][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.403354][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.403961][ T3557] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.413915][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.432346][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.443264][ T3557] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.444239][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.461688][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.472269][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.483147][ T5847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.493772][ T5847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.506654][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.524142][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.534247][ T5847] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.545392][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.553794][ T5847] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.562696][ T5847] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.571535][ T5847] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.583377][ T5851] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 66.628871][ T3118] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.642683][ T3118] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.788483][ T1050] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.812374][ T1050] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.858635][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.868784][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.889147][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.919038][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.968201][ T1050] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.025560][ T1050] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.062412][ T5895] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 67.121148][ T5883] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 67.150873][ T5841] Bluetooth: hci3: command tx timeout [ 67.230224][ T5841] Bluetooth: hci2: command tx timeout [ 67.230837][ T54] Bluetooth: hci1: command tx timeout [ 67.300050][ T5883] usb 2-1: Using ep0 maxpacket: 8 [ 67.310444][ T54] Bluetooth: hci0: command tx timeout [ 67.313351][ T5841] Bluetooth: hci4: command tx timeout [ 67.317615][ T5883] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 67.343687][ T5902] capability: warning: `syz.3.4' uses deprecated v2 capabilities in a way that may be insecure [ 67.355861][ T5883] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 67.411176][ T5904] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 67.430394][ T5883] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 67.462201][ T5883] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 67.527797][ T5883] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 67.562769][ T5883] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 67.829007][ T5883] usb 2-1: GET_CAPABILITIES returned 0 [ 67.886492][ T5883] usbtmc 2-1:16.0: can't read capabilities [ 68.175995][ T5883] usb 2-1: USB disconnect, device number 2 [ 69.230807][ T5841] Bluetooth: hci3: command tx timeout [ 69.310337][ T5841] Bluetooth: hci2: command tx timeout [ 69.310414][ T54] Bluetooth: hci1: command tx timeout [ 69.389386][ T5971] netlink: 24 bytes leftover after parsing attributes in process `syz.0.34'. [ 69.398528][ T54] Bluetooth: hci4: command tx timeout [ 69.401811][ T54] Bluetooth: hci0: command tx timeout [ 69.710411][ T5885] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 69.885233][ T5885] usb 2-1: Using ep0 maxpacket: 32 [ 69.926851][ T5885] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 69.955537][ T5885] usb 2-1: config 0 has no interface number 0 [ 69.972397][ T5885] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 70.000195][ T5885] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 70.008266][ T5885] usb 2-1: Product: syz [ 70.023092][ T5885] usb 2-1: Manufacturer: syz [ 70.027850][ T5885] usb 2-1: SerialNumber: syz [ 70.057384][ T5885] usb 2-1: config 0 descriptor?? [ 70.073116][ T5885] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 70.294700][ T5885] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 70.320593][ T5885] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 70.591148][ T5974] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 70.620071][ T5974] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 70.858862][ C1] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 70.871452][ T5885] usb 2-1: USB disconnect, device number 3 [ 70.904671][ T5885] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 70.948245][ T5885] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 70.977761][ T5885] quatech2 2-1:0.51: device disconnected [ 71.346153][ T6010] netlink: 4 bytes leftover after parsing attributes in process `syz.4.49'. [ 71.369263][ T6013] ALSA: mixer_oss: invalid OSS volume '}8z00000' [ 71.392596][ T6010] netlink: 4 bytes leftover after parsing attributes in process `syz.4.49'. [ 71.644937][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.651819][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.716036][ T6023] kernel read not supported for file / lhOb~h3JyxvL=QRnFGrqςû~QV7"qHd0%NnyD (pid: 6023 comm: syz.0.55) [ 71.756327][ T29] audit: type=1326 audit(1737774871.478:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6020 comm="syz.4.54" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53579 code=0x7ffc0000 [ 71.846210][ T29] audit: type=1326 audit(1737774871.508:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6020 comm="syz.4.54" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53579 code=0x7ffc0000 [ 71.908053][ T29] audit: type=1326 audit(1737774871.508:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6020 comm="syz.4.54" exe="/root/syz-executor" sig=0 arch=40000003 syscall=355 compat=1 ip=0xf7f53579 code=0x7ffc0000 [ 71.983124][ T29] audit: type=1326 audit(1737774871.508:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6020 comm="syz.4.54" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53579 code=0x7ffc0000 [ 72.004721][ C1] vkms_vblank_simulate: vblank timer overrun [ 72.125546][ T29] audit: type=1326 audit(1737774871.508:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6020 comm="syz.4.54" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53579 code=0x7ffc0000 [ 72.180840][ T6038] netlink: 'syz.1.61': attribute type 1 has an invalid length. [ 72.199988][ T6038] netlink: 'syz.1.61': attribute type 2 has an invalid length. [ 72.207710][ T29] audit: type=1800 audit(1737774871.528:7): pid=6023 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.55" name=BD16206C684F62EDF17EE501D168FEB51D9093339E8F064AC7C879FB78D0EEC3FC76F74CAA3D51E452FA6EC1B746477282A5F28F71F0CF82C3BB7E517F567F37B6B7227148E11197C964309DFA86F888B989FD254E6E79B503831CDD4402 dev="mqueue" ino=9207 res=0 errno=0 [ 72.242969][ C1] vkms_vblank_simulate: vblank timer overrun [ 72.439931][ T6044] 8021q: adding VLAN 0 to HW filter on device bond1 [ 72.488909][ T6044] bridge0: port 3(bond1) entered blocking state [ 72.518801][ T6044] bridge0: port 3(bond1) entered disabled state [ 72.525616][ T6044] bond1: entered allmulticast mode [ 72.539490][ T6044] bond1: entered promiscuous mode [ 72.545708][ T6044] bridge0: port 3(bond1) entered blocking state [ 72.552303][ T6044] bridge0: port 3(bond1) entered forwarding state [ 72.720755][ T5882] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 72.750111][ T1206] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 72.891421][ T5882] usb 2-1: Using ep0 maxpacket: 32 [ 72.911392][ T5882] usb 2-1: config 0 has an invalid interface number: 4 but max is 1 [ 72.921994][ T5882] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 72.948757][ T1206] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 72.959984][ T1206] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 72.968020][ T1206] usb 3-1: Product: syz [ 72.973905][ T5882] usb 2-1: config 0 has no interface number 1 [ 72.980719][ T5882] usb 2-1: config 0 interface 0 altsetting 3 endpoint 0x1 has invalid wMaxPacketSize 0 [ 72.995535][ T1206] usb 3-1: Manufacturer: syz [ 73.003913][ T1206] usb 3-1: SerialNumber: syz [ 73.009467][ T5882] usb 2-1: config 0 interface 0 altsetting 3 has an invalid descriptor for endpoint zero, skipping [ 73.034030][ T1206] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 73.061140][ T5882] usb 2-1: config 0 interface 0 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 73.100633][ T25] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 73.115093][ T5882] usb 2-1: config 0 interface 4 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 73.159747][ C0] [ 73.162122][ C0] ============================= [ 73.165668][ T5882] usb 2-1: config 0 interface 0 has no altsetting 0 [ 73.166959][ C0] [ BUG: Invalid wait context ] [ 73.166970][ C0] 6.13.0-syzkaller-07078-gb46c89c08f41 #0 Not tainted [ 73.166981][ C0] ----------------------------- [ 73.166986][ C0] syz.0.74/6062 is trying to lock: [ 73.166996][ C0] ffff88813fffc298 [ 73.189733][ T5882] usb 2-1: config 0 interface 0 has no altsetting 1 [ 73.189976][ C0] (&zone->lock){-.-.}-{3:3}, at: __rmqueue_pcplist+0x4a2/0x2a90 [ 73.201959][ T5882] usb 2-1: New USB device found, idVendor=0572, idProduct=cafe, bcdDevice=55.01 [ 73.205381][ C0] other info that might help us debug this: [ 73.205392][ C0] context-{2:2} [ 73.205399][ C0] 1 lock held by syz.0.74/6062: [ 73.205409][ C0] #0: ffff8880b8644958 (&pcp->lock){+.+.}-{3:3}, at: get_page_from_freelist+0x7d3/0x37a0 [ 73.205463][ C0] stack backtrace: [ 73.213502][ T5882] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 73.222169][ C0] CPU: 0 UID: 0 PID: 6062 Comm: syz.0.74 Not tainted 6.13.0-syzkaller-07078-gb46c89c08f41 #0 [ 73.222190][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 73.222201][ C0] Call Trace: [ 73.222210][ C0] [ 73.222216][ C0] dump_stack_lvl+0x241/0x360 [ 73.222237][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 73.222250][ C0] ? __pfx__printk+0x10/0x10 [ 73.222271][ C0] __lock_acquire+0x15a8/0x2100 [ 73.222293][ C0] lock_acquire+0x1ed/0x550 [ 73.222308][ C0] ? __rmqueue_pcplist+0x4a2/0x2a90 [ 73.222327][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 73.222345][ C0] ? __pfx_debug_object_activate+0x10/0x10 [ 73.222359][ C0] ? __queue_work+0x199/0xf50 [ 73.222376][ C0] _raw_spin_lock_irqsave+0xd5/0x120 [ 73.222390][ C0] ? __rmqueue_pcplist+0x4a2/0x2a90 [ 73.222404][ C0] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 73.222417][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 73.222436][ C0] __rmqueue_pcplist+0x4a2/0x2a90 [ 73.222465][ C0] get_page_from_freelist+0x886/0x37a0 [ 73.222505][ C0] __alloc_pages_noprof+0x292/0x710 [ 73.222525][ C0] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 73.222545][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 73.222563][ C0] ? __kernel_text_address+0xd/0x40 [ 73.222578][ C0] ? unwind_get_return_address+0x4d/0x90 [ 73.222598][ C0] alloc_pages_mpol_noprof+0x3e1/0x780 [ 73.222621][ C0] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 73.222642][ C0] ? stack_trace_save+0x118/0x1d0 [ 73.222659][ C0] ? alloc_pages_noprof+0x43/0x170 [ 73.222673][ C0] stack_depot_save_flags+0x72d/0x940 [ 73.222693][ C0] kasan_save_stack+0x4f/0x60 [ 73.222710][ C0] ? kasan_save_stack+0x3f/0x60 [ 73.222726][ C0] ? __kasan_record_aux_stack+0xac/0xc0 [ 73.222741][ C0] ? task_work_add+0xd9/0x490 [ 73.222759][ C0] ? run_posix_cpu_timers+0x6ac/0x810 [ 73.222774][ C0] ? tick_nohz_handler+0x37c/0x500 [ 73.222789][ C0] ? __hrtimer_run_queues+0x551/0xd30 [ 73.222808][ C0] ? hrtimer_interrupt+0x403/0xa40 [ 73.222827][ C0] ? __sysvec_apic_timer_interrupt+0x110/0x420 [ 73.222846][ C0] ? sysvec_apic_timer_interrupt+0xa1/0xc0 [ 73.222862][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 73.222881][ C0] ? chacha_block_generic+0x446/0x1340 [ 73.222899][ C0] ? get_random_bytes_user+0x19a/0x420 [ 73.222917][ C0] ? __ia32_sys_getrandom+0x151/0x250 [ 73.222933][ C0] ? __do_fast_syscall_32+0xb4/0x110 [ 73.222951][ C0] ? do_fast_syscall_32+0x34/0x80 [ 73.222967][ C0] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 73.222999][ C0] ? __phys_addr+0xba/0x170 [ 73.223018][ C0] __kasan_record_aux_stack+0xac/0xc0 [ 73.223035][ C0] task_work_add+0xd9/0x490 [ 73.223055][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 73.223073][ C0] ? __pfx_task_work_add+0x10/0x10 [ 73.223096][ C0] run_posix_cpu_timers+0x6ac/0x810 [ 73.223113][ C0] ? __pfx_run_posix_cpu_timers+0x10/0x10 [ 73.223128][ C0] ? sched_balance_trigger+0x1a3/0x890 [ 73.223149][ C0] tick_nohz_handler+0x37c/0x500 [ 73.223166][ C0] ? __pfx_tick_nohz_handler+0x10/0x10 [ 73.223182][ C0] __hrtimer_run_queues+0x551/0xd30 [ 73.223208][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 73.223227][ C0] ? sched_clock+0x4a/0x70 [ 73.223243][ C0] ? read_tsc+0x9/0x20 [ 73.223257][ C0] ? ktime_get_update_offsets_now+0x38e/0x3b0 [ 73.223278][ C0] hrtimer_interrupt+0x403/0xa40 [ 73.223306][ C0] __sysvec_apic_timer_interrupt+0x110/0x420 [ 73.223327][ C0] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 73.223343][ C0] [ 73.223348][ C0] [ 73.223354][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 73.223379][ C0] RIP: 0010:chacha_block_generic+0x446/0x1340 [ 73.223400][ C0] Code: b6 04 38 84 c0 0f 85 f0 08 00 00 44 03 33 49 8d 5d 20 4d 8d 65 23 48 89 d8 48 c1 e8 03 42 0f b6 04 38 84 c0 0f 85 fc 08 00 00 <4c> 89 e0 48 c1 e8 03 42 0f b6 04 38 84 c0 0f 85 14 09 00 00 44 89 [ 73.223411][ C0] RSP: 0018:ffffc9000cfd7b60 EFLAGS: 00000246 [ 73.223426][ C0] RAX: 0000000000000000 RBX: ffffc9000cfd7d40 RCX: 000000007d195b5a [ 73.223437][ C0] RDX: ffffc9000cfd7cc0 RSI: ffffc9000cfd7ba0 RDI: ffffc9000cfd7bc0 [ 73.223448][ C0] RBP: ffffc9000cfd7c50 R08: 000000002f982241 R09: ffffc9000cfd7bdc [ 73.223458][ C0] R10: 000000002dd88974 R11: 000000005748d72e R12: ffffc9000cfd7d43 [ 73.223469][ C0] R13: ffffc9000cfd7d20 R14: 0000000073ac9243 R15: dffffc0000000000 [ 73.223486][ C0] ? irqentry_exit+0x63/0x90 [ 73.223508][ C0] ? __pfx_chacha_block_generic+0x10/0x10 [ 73.223531][ C0] get_random_bytes_user+0x19a/0x420 [ 73.223552][ C0] ? __pfx_get_random_bytes_user+0x10/0x10 [ 73.223573][ C0] ? __se_compat_sys_ioctl+0x150/0xc10 [ 73.223593][ C0] ? __pfx___se_compat_sys_ioctl+0x10/0x10 [ 73.223611][ C0] ? import_ubuf+0x97/0x1d0 [ 73.223625][ C0] __ia32_sys_getrandom+0x151/0x250 [ 73.223645][ C0] ? __pfx___ia32_sys_getrandom+0x10/0x10 [ 73.223666][ C0] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 73.223683][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 73.223700][ C0] __do_fast_syscall_32+0xb4/0x110 [ 73.223717][ C0] ? exc_page_fault+0x590/0x8b0 [ 73.223734][ C0] do_fast_syscall_32+0x34/0x80 [ 73.223751][ C0] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 73.223771][ C0] RIP: 0023:0xf7f56579 [ 73.223789][ C0] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 73.223800][ C0] RSP: 002b:00000000f507655c EFLAGS: 00000206 ORIG_RAX: 0000000000000163 [ 73.223814][ C0] RAX: ffffffffffffffda RBX: 0000000020000240 RCX: 00000000ffffff9a [ 73.223824][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 73.223832][ C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 73.223841][ C0] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 73.223850][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 73.223864][ C0] [ 73.804245][ C1] vkms_vblank_simulate: vblank timer overrun [ 73.807861][ T5884] usb 3-1: USB disconnect, device number 2 [ 73.817184][ T25] ath9k_htc 3-1:1.0: ath9k_htc: Unable to initialize HTC services [ 73.877570][ T25] ath9k_htc: Failed to initialize the device [ 73.883848][ T5882] usb 2-1: Product: syz [ 73.887217][ T5884] usb 3-1: ath9k_htc: USB layer deinitialized [ 73.888052][ T5882] usb 2-1: Manufacturer: syz [ 73.896082][ T35] bridge0: port 3(bond1) entered disabled state [ 73.898922][ T5882] usb 2-1: SerialNumber: syz SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 73.911397][ T5882] usb 2-1: config 0 descriptor?? [ 73.926320][ T3557] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 74.161248][ T3557] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 74.371634][ T3557] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 74.432490][ T5882] cxacru 2-1:0.0: cxacru_bind: interface has incorrect endpoints [ 74.439190][ T5845] syz-executor (5845) used greatest stack depth: 18448 bytes left [ 74.446473][ T5882] cxacru 2-1:0.0: usbatm_usb_probe: bind failed: -19! [ 74.457006][ T5882] cxacru 2-1:0.4: cxacru_bind: interface has incorrect endpoints [ 74.465695][ T5882] cxacru 2-1:0.4: usbatm_usb_probe: bind failed: -19! [ 74.489879][ T5882] usb 2-1: USB disconnect, device number 4 [ 74.507246][ T3557] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 74.597642][ T3557] bond1: left allmulticast mode [ 74.604547][ T3557] bond1: left promiscuous mode [ 74.609425][ T3557] bridge0: port 3(bond1) entered disabled state [ 74.618278][ T3557] bridge_slave_1: left allmulticast mode [ 74.624286][ T3557] bridge_slave_1: left promiscuous mode [ 74.630051][ T3557] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.638008][ T3557] bridge_slave_0: left allmulticast mode [ 74.643939][ T3557] bridge_slave_0: left promiscuous mode [ 74.649572][ T3557] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.725440][ T3557] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 74.735340][ T3557] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 74.744800][ T3557] bond0 (unregistering): Released all slaves [ 74.755728][ T3557] bond1 (unregistering): Released all slaves [ 74.959369][ T3557] hsr_slave_0: left promiscuous mode [ 74.965641][ T3557] hsr_slave_1: left promiscuous mode [ 74.973176][ T3557] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 74.981929][ T3557] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 74.989662][ T3557] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 75.001179][ T3557] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 75.011850][ T3557] veth1_macvtap: left promiscuous mode [ 75.017382][ T3557] veth0_macvtap: left promiscuous mode [ 75.023905][ T3557] veth1_vlan: left promiscuous mode [ 75.029202][ T3557] veth0_vlan: left promiscuous mode [ 75.193799][ T3557] team0 (unregistering): Port device team_slave_1 removed [ 75.208336][ T3557] team0 (unregistering): Port device team_slave_0 removed [ 75.549196][ T3557] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 75.594037][ T3557] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 75.654561][ T3557] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 75.716199][ T3557] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 75.815256][ T3557] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 75.876870][ T3557] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 75.944257][ T3557] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 75.995033][ T3557] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.094821][ T3557] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.144321][ T3557] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.205539][ T3557] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.255480][ T3557] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.323971][ T3557] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.406142][ T3557] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.455191][ T3557] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.514555][ T3557] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.603923][ T3557] bridge_slave_1: left allmulticast mode [ 76.609627][ T3557] bridge_slave_1: left promiscuous mode [ 76.616770][ T3557] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.626234][ T3557] bridge_slave_0: left allmulticast mode [ 76.634135][ T3557] bridge_slave_0: left promiscuous mode [ 76.641065][ T3557] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.654152][ T3557] bridge_slave_1: left allmulticast mode [ 76.660645][ T3557] bridge_slave_1: left promiscuous mode [ 76.666338][ T3557] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.675974][ T3557] bridge_slave_0: left allmulticast mode [ 76.683922][ T3557] bridge_slave_0: left promiscuous mode [ 76.689613][ T3557] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.699661][ T3557] bridge_slave_1: left allmulticast mode [ 76.705807][ T3557] bridge_slave_1: left promiscuous mode [ 76.711799][ T3557] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.721036][ T3557] bridge_slave_0: left allmulticast mode [ 76.726708][ T3557] bridge_slave_0: left promiscuous mode [ 76.732642][ T3557] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.743510][ T3557] bridge_slave_1: left allmulticast mode [ 76.749192][ T3557] bridge_slave_1: left promiscuous mode [ 76.756253][ T3557] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.766897][ T3557] bridge_slave_0: left allmulticast mode [ 76.779800][ T3557] bridge_slave_0: left promiscuous mode [ 76.785576][ T3557] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.244770][ T3557] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 77.255345][ T3557] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 77.265254][ T3557] bond0 (unregistering): Released all slaves [ 77.276294][ T3557] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 77.286817][ T3557] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 77.296137][ T3557] bond0 (unregistering): Released all slaves [ 77.307362][ T3557] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 77.317409][ T3557] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 77.327290][ T3557] bond0 (unregistering): Released all slaves [ 77.339192][ T3557] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 77.348871][ T3557] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 77.359039][ T3557] bond0 (unregistering): Released all slaves [ 77.807474][ T3557] hsr_slave_0: left promiscuous mode [ 77.813246][ T3557] hsr_slave_1: left promiscuous mode [ 77.818790][ T3557] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 77.827189][ T3557] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 77.836269][ T3557] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 77.843830][ T3557] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 77.854108][ T3557] hsr_slave_0: left promiscuous mode [ 77.859844][ T3557] hsr_slave_1: left promiscuous mode [ 77.865460][ T3557] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 77.873074][ T3557] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 77.880718][ T3557] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 77.888112][ T3557] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 77.897787][ T3557] hsr_slave_0: left promiscuous mode [ 77.903595][ T3557] hsr_slave_1: left promiscuous mode [ 77.909163][ T3557] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 77.916675][ T3557] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 77.924897][ T3557] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 77.932347][ T3557] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 77.943597][ T3557] hsr_slave_0: left promiscuous mode [ 77.949233][ T3557] hsr_slave_1: left promiscuous mode [ 77.955163][ T3557] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 77.962653][ T3557] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 77.970369][ T3557] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 77.977770][ T3557] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 77.988638][ T3557] veth1_macvtap: left promiscuous mode [ 77.994157][ T3557] veth0_macvtap: left promiscuous mode [ 77.999645][ T3557] veth1_vlan: left promiscuous mode [ 78.004936][ T3557] veth0_vlan: left promiscuous mode [ 78.010896][ T3557] veth1_macvtap: left promiscuous mode [ 78.016361][ T3557] veth0_macvtap: left promiscuous mode [ 78.021932][ T3557] veth1_vlan: left promiscuous mode [ 78.027172][ T3557] veth0_vlan: left promiscuous mode [ 78.033543][ T3557] veth1_macvtap: left promiscuous mode [ 78.039016][ T3557] veth0_macvtap: left promiscuous mode [ 78.044610][ T3557] veth1_vlan: left promiscuous mode [ 78.050026][ T3557] veth0_vlan: left promiscuous mode [ 78.055822][ T3557] veth1_macvtap: left promiscuous mode [ 78.061422][ T3557] veth0_macvtap: left promiscuous mode [ 78.066958][ T3557] veth1_vlan: left promiscuous mode [ 78.072438][ T3557] veth0_vlan: left promiscuous mode [ 78.284219][ T3557] team0 (unregistering): Port device team_slave_1 removed [ 78.303769][ T3557] team0 (unregistering): Port device team_slave_0 removed [ 78.443146][ T3557] team0 (unregistering): Port device team_slave_1 removed [ 78.463320][ T3557] team0 (unregistering): Port device team_slave_0 removed [ 78.598186][ T3557] team0 (unregistering): Port device team_slave_1 removed [ 78.622791][ T3557] team0 (unregistering): Port device team_slave_0 removed [ 78.758834][ T3557] team0 (unregistering): Port device team_slave_1 removed [ 78.779769][ T3557] team0 (unregistering): Port device team_slave_0 removed [ 81.871033][ T977] cfg80211: failed to load regulatory.db