last executing test programs: 40.245411108s ago: executing program 0 (id=1774): sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) socket(0x10, 0x3, 0x0) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new default user:syz 00004093'], 0x2a, 0xfffffffffffffffc) r1 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(r1, 0x0, 0x48b, &(0x7f00000000c0)={0x2, 'veth1_macvtap\x00'}, 0x18) setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, &(0x7f0000000040)={0x2, 'ip_vti0\x00'}, 0x18) add_key(&(0x7f0000000200)='.request_key_auth\x00', &(0x7f0000000180)={'syz', 0x3}, &(0x7f0000000100), 0x2c, 0x0) fsopen(0x0, 0x0) openat$audio1(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x8, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf090000000000004509010000000000ac00000000000000bf9800000000000056080000000000008500000007000000b7000000000000009500000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) syz_usb_connect$hid(0x0, 0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="12010000000000406a0594000000000000010902876a5e127b340a3d0400001803000000fe57330c0b92a80581030000000000000000f641ba6e66229d9f6002"], 0x0) socket$kcm(0x10, 0x2, 0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) fchdir(0xffffffffffffffff) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r5 = fanotify_init(0x200, 0x0) fanotify_mark(r5, 0x201, 0x4800003e, r4, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) 39.330824016s ago: executing program 3 (id=1779): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) sendmsg$inet(r0, &(0x7f00000017c0)={0x0, 0x0, &(0x7f0000000440)=[{0x0}, {&(0x7f0000000580)="52088b3201505df8986d030a1d45245750aca79b8ec439b2d2c02fc4f7559d7cb1fe5782483d417dd83fd9ca6867a0d807703d35964931fcfa34ef2104484bf5ee3690cec75ee467c53a3e9f9f3cb0645050da9b7fd34f6e4b7fb735e6e235f3be50a87eb69622674ba74c82608b89f039863bc7c49bbca54bc7e9e28597187c4f84fae52160139d1679a90e42b273f044a669f06181ef1773974f996b5d84b7c7d9000fb2126b3de6de6cd6988c0994e97996aa7c72b49fa6044576565e4d221cbdbf62d539ffe59459fbe5c68fd3d391f8372cdfbd035bb85d416bb57323766fdf22c9f8d58e22f8efbdc38bf2cdfe3345997f177387c53cc98330efdcccfaa7e74769b0f4e741619deabc1af8ddfd4a4123cab9309d56a6443abdedf19bb65b2c1bbea4804327f55f70ea3e0787a1b18a32c49b19662dd11a5d7a3258922aa3f7b319ab28275f67ef987fd8691493ccf0b06ecb039995142bae0b322ad3087244c9e42cc95824217312b31c9e14599fbfef980d9915c059947f0a43f7486642d06def07d512a30018cf778ec4dcaa6d818b1bfb969d4560fab0add00b05f143d5f8fc15132ffb38470d93330e0b6fc813e6ef0d120948a5b39986c3715b1e7dc875c91417eefbc4d782239b332445498f344210288b740ed38fd97b809595048c77b1a069d86df1998347fd51550ac9e5c8a1cd87fbf9c8e220706b2b2bb38191a0e256202868b220e60e5b0065aa4e826b39954b8430bb2e6973a0e83add03c4958ae55f36ac72601e3f31db80dbe1e499c56681d023e2c3d18a6122db33169d7d84f936e612b4675bd1af5251ad05c8ff8732d3b863a3f7a8ddc9bc59669b5822b2be29fb31031736cc51568223b41ae058a8657c2ae450380908ba1bc657f64237d64f16edff325fe772e4d050d67f05033838d10cd7ef3ad3bfdab9cbe1fd4f527adffd627f9e9a50ea816f56411d7078d065827b7bef7cf4756802cac070919d86307a54eff236f9124c6295a5b98f3965d0bd3ac3adb907bbb4b074ca447556a324c5a2edb7e1d28bee71d93c6e7dd93390804b044032eea582091de3c9f57bb439c5e1d734b9b8fc74c0142c173b1d550bbfce6df8963d6da92282680ee541729531198ab613300274bbccd63af07548e8baef0ab3ccd4b25551efba04ae929af4a3c812a0875d7d2f200f78af1c94f780fb22dc38974aad7c4df9944c32b07b1a1419008db3c2d5a6b9a3a8bf23dce25b7fa2763dd524bdec0ddd50cfd984d8eb8c7189553b7610905bcc508abbdd513d7ce8085dad9140040e73478a99b12c609839fc706e123dd46d86bb916c1b551375128e2daacc7abd89e29b0b019d422889a3ee8da399928ac2a18aaf099f369cf0d3e86ffc7af15bb3a46512a8970e7774bd53922548cc975f1df5556070ec4069269c9d65b2dd91dfb4af356a92ed628bb89212d366fcb1f1d231cab9038dbd816a9471bb7c2a58933edca2e15034440784a6ef1b327092ee6c129d50f669fe093fec19908eb0970ac0584dec91de2055ab888dfbca26085f1ad583a67b1a95ed6cab3210f289a8e3a2a1199273b51fe9ae42c346f34a13279b7c0085c7fb004acf476a0054ab1084bc673e4a083b1908f202957c06ff3dc7efc2e9953f05a80f6f355be09c98ecc3716ace0eb4143750314f632f5ce491b1133c4712cb84e4c33b30a44d38ce963b09dfde432a4551457829c4f9fb23fde03efc7b63a902be526ef42697ab53ad501998cce6e0ee4d8af00547566f5ec2ab8a246b16e1d0e0844cad8d65e5228562401a44a7da50eaa3e8c437ee4f334de821d11fad3bf86fdd07a80f0649cffe7bb142c36740330712705cca6acec88ded39f76cdb4620f17eca3160f7d6e62006b8b188f3f41a2fa0f6f7cdec1b7d2271472ed5261f215e6c5aecbb7ca14c302643e4cbfe5bb5df77c5a164eb0d6749", 0x56e}], 0x2, &(0x7f0000000040)=[@ip_retopts={{0x38, 0x0, 0x7, {[@timestamp_addr={0x44, 0x24, 0x3b, 0x1, 0x4, [{@dev}, {@broadcast, 0x7}, {@multicast1}, {@remote}]}, @ra={0x94, 0x4}]}}}], 0x38}, 0x0) 39.261772667s ago: executing program 3 (id=1780): prlimit64(0x0, 0xe, &(0x7f00000014c0)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0xfffffffffffffeae}, 0x4049085) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc4c85512, &(0x7f0000000280)={{0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz0\x00', 0x0}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000002b00)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r2, &(0x7f0000001880)=[{{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000001380)="1ee88f78de7d57006d8ffa3f1d92c228a43f6c865534aa138605308cde6be03b4ec0251663c809fa1c4e38621d819ab4d5b12eb81ea0ed4ad7e253", 0x3b}, {&(0x7f0000001bc0)="5c89eeb1aa86c6f680f09cc1c1d4bc5fc6a067d295afd3aa97af3d777b81db48f9ceb270e506af840503c6fbf20760e4cd8df9c220cd0728585229123d5c61507d00561b8f1a15e64fa2779be424fdeff46058eaee7acfc80b2ae9840e9ac1e33ac8378c98695a08bdb8f2a756b1704c036e3b0ff2d1e9d397a82e24debd371e6855b7dc2dea47d57a9dfbf4fb2ccb3f975c3851c6b5399ab80c4ba95604f70a69674cfe820d82fb06b243625a8a9e4ee52e7c2ec4d6", 0xb6}], 0x2}}, {{0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000000700)="acc841985992b79554acfc02163bb0fb2bb293e68702bb40b6b870bde5", 0x1d}], 0x1}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000001980)}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x4, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r3, 0xc06864a1, &(0x7f00000004c0)={0x0, 0x0, r4, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r3, 0xc06864ce, &(0x7f0000000380)={r5, 0x0, 0x0, 0x0, 0x2, [0x0], [0x0, 0x4, 0x0, 0x2], [0x0, 0xc6], [0x0, 0x1000000000]}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r3, 0xc00c642d, &(0x7f0000000080)={r6, 0x0, 0xffffffffffffffff}) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1000004, 0x13, r7, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r2, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27) 36.912806671s ago: executing program 0 (id=1784): mknod(&(0x7f0000000000)='./bus\x00', 0x1000, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0xb802, 0x0, 0x0, 0xe4}]}, 0x10) r1 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8) write$binfmt_elf32(r1, &(0x7f00000003c0)=ANY=[@ANYRESOCT], 0x82) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[], 0x60}}, 0x0) close(r1) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) rename(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000240)='./file0\x00') open(&(0x7f0000000300)='./bus\x00', 0xc0902, 0x20) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x0, 0x0) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, 0x0, 0x0) r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1e7d, 0x30d4, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r4, 0x0, 0x0) syz_usb_control_io$hid(r4, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x22, 0x5, {[@local=@item_012={0x2, 0x2, 0xa, "54b6"}, @main, @local]}}, 0x0}, 0x0) r5 = syz_open_dev$vbi(&(0x7f0000000200), 0x0, 0x2) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000340), 0xffffffffffffffff) r8 = syz_open_procfs(0x0, &(0x7f0000000040)='ns\x00') getdents(r8, 0xffffffffffffffff, 0x5a) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) syz_usb_connect(0x0, 0x3f, &(0x7f0000000380)={{0x12, 0x1, 0x0, 0xd7, 0x18, 0x58, 0x8, 0xf3d, 0x68a3, 0x14f8, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x7, 0x0, 0x3, 0x22, 0xec, 0x20, 0x0, [], [{{0x9, 0x5, 0x8}}, {{0x9, 0x5, 0xb}}, {{0x9, 0x5, 0xd}}]}}]}}]}}, 0x0) sendmsg$TIPC_NL_LINK_GET(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x2c, r7, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_LINK={0x18, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x14}, 0x0) ioctl$VIDIOC_G_PARM(r5, 0xc0cc5615, &(0x7f0000000580)={0x6, @raw_data="53b703d9cc6c8d410ded59c21b4f3e2ed0f302e3ba2e17910ffe4eef451887541c0badddaec909dfd969912818cb8a58e4a9bc8659428ad305f405d30745ade553da16021d6667f02121a59cd76f839682be22f44ec402c840ac4011c885b0d86213a32e0b1f8aac3be8c7a70ec2b61e416265d177b3d866879b5c97bc71b4f6bc87434d0344bcae6cf457e2f28e22bb615d5435a4f7c28ac5bd9aa269d468e36976cf7a41255e77a7cfba3fd29141841ab8673eb769507b00f439a710998423b93aac041042827f"}) r10 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r10}, &(0x7f0000bbdffc)) 36.686276339s ago: executing program 3 (id=1786): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)) ioctl$CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, &(0x7f0000000380)={'\v\x00', 0x0, 0x5, 0x0, 0x0, 0x0, "f759e10000001000000000fc6300", "00000100", "81001a7a", "e859ad13", ["8bada940edff000a00", "ffffff004000", "200000001a00", "0000000000000000000100"]}) socket$l2tp(0x2, 0x2, 0x73) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) sendmsg$nl_generic(r0, 0x0, 0x0) ioctl$EVIOCGMASK(0xffffffffffffffff, 0x80104592, 0x0) syz_open_dev$evdev(0x0, 0x0, 0x0) r1 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0019030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) read$char_usb(r2, &(0x7f0000000440)=""/154, 0x9a) r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) read$char_usb(r3, &(0x7f0000000200)=""/128, 0x80) syz_usb_disconnect(r1) ioctl$EVIOCSKEYCODE_V2(0xffffffffffffffff, 0xc0189436, 0x0) syz_open_dev$evdev(0x0, 0x0, 0x0) syz_usb_ep_write(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$evdev(0x0, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_META_DREG={0x8}, @NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0xe}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x7c}}, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = dup(r5) syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000183b9220b113420016580102030109021b00010000000009040000017a8bb5000905020bff"], 0x0) ioctl$KVM_SET_MSRS(r6, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000000800008504"]) 33.737220011s ago: executing program 0 (id=1792): r0 = getpid() r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe55, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000002140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000200)='cmdline\x00') r4 = syz_open_dev$loop(&(0x7f00000001c0), 0x100000, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="3400000021000100000000000000000002000000faff000000000000080018004e284e220500160000000000080017004e224e24"], 0x34}}, 0x0) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@newspdinfo={0x1c, 0x24, 0x21, 0x0, 0x0, 0x0, [@XFRMA_SPD_IPV4_HTHRESH={0x6}]}, 0x1c}}, 0x0) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=@updpolicy={0xb8, 0x19, 0xfd3649826d894c67, 0x0, 0x0, {{@in=@dev, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x2b}}}, 0xb8}}, 0x0) syz_emit_ethernet(0x3a, &(0x7f0000000180)={@link_local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1}, {0x0, 0x4e22, 0x18, 0x0, @wg=@data}}}}}, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_UNLINK(r8, 0x40044160, 0x3) ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f0000000000)={r3, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x3, 0x8, 0x0, "82ffe9a7ca8d338e0978c80c568a9d94969744223a3bf7b1ce1f566ac0b5502df67a3a54817e92bda7e02337b5186bf1532b41dc173f2ef38ea641dbf4bea193", "2c8d978bbbaf836770b6bc05c7d33d4ba1eeb28b81365fd5b98b898cd82f59b99d77af213e51d53d7e04d4e85e1d41ee121ea3aad63b499c7a25e1b181ac9ebf", "9fef7affaecac6ed08f4c36330801327cabc8491b2a7e8063de5ae1f02b8cb3a", [0x0, 0x3]}}) preadv(r3, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/223, 0xdf}], 0x1, 0xfffff62d, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) sendfile(r4, r3, 0x0, 0x1) r9 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_buf(r9, 0x6, 0x1c, 0x0, &(0x7f0000000080)) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000480)=ANY=[@ANYRESDEC=r2, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x0, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) unshare(0x62040200) unshare(0x62040200) socket$igmp(0x2, 0x3, 0x2) 33.607421006s ago: executing program 2 (id=1793): socket$nl_route(0x10, 0x3, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000880)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x40040}, {0x0, 0x0, &(0x7f00000007c0), 0x0, 0x0, 0x0, 0x4}], 0x2, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000440)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0xdc30) getpid() sendmsg$NFT_BATCH(r1, &(0x7f0000000400)={0x0, 0xffffffffffffffbc, &(0x7f00000003c0)={&(0x7f00000005c0)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000100), 0x387a01, 0x0) socket(0x200000000000011, 0x0, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r3, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) sendmsg$netlink(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000140)=ANY=[@ANYBLOB="180000002ff716ce3700"/24], 0x18}], 0x1}, 0x4000090) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000100)) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) r5 = dup3(0xffffffffffffffff, r2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x2000009b, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000711061000000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) io_uring_enter(0xffffffffffffffff, 0xb15, 0x0, 0x0, 0x0, 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000740), 0xff67) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, 0x0) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000280)=[@register_looper], 0x1, 0x1000000, &(0x7f00000006c0)='U'}) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000580), 0x0, 0x0, 0x0}) sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000000900010073797a300000000040000000160a01000000000000000000010000000900010073797a30000000000900020073797a3000000000140003800800014000000000080002400000000050000000160a0101000b000000000000010000000900020073797a30000000000900010073797a30000000001c000380980003801400010076657468305f746f5f68737200000000080007"], 0xd8}}, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f00000000c0)={'wlan1\x00', &(0x7f0000000180)=@ethtool_cmd={0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb}}) 33.244539057s ago: executing program 4 (id=1794): sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) socket(0x10, 0x3, 0x0) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new default user:syz 00004093'], 0x2a, 0xfffffffffffffffc) r1 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(r1, 0x0, 0x48b, &(0x7f00000000c0)={0x2, 'veth1_macvtap\x00'}, 0x18) setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, &(0x7f0000000040)={0x2, 'ip_vti0\x00'}, 0x18) add_key(&(0x7f0000000200)='.request_key_auth\x00', &(0x7f0000000180)={'syz', 0x3}, &(0x7f0000000100), 0x2c, 0x0) fsopen(0x0, 0x0) openat$audio1(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x8, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf090000000000004509010000000000ac00000000000000bf9800000000000056080000000000008500000007000000b7000000000000009500000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) syz_usb_connect$hid(0x0, 0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="12010000000000406a0594000000000000010902876a5e127b340a3d0400001803000000fe57330c0b92a80581030000000000000000f641ba6e66229d9f6002"], 0x0) socket$kcm(0x10, 0x2, 0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) fchdir(r4) r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r6 = fanotify_init(0x200, 0x0) fanotify_mark(r6, 0x201, 0x4800003e, r5, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) 32.850718918s ago: executing program 3 (id=1795): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x6b, &(0x7f0000000480)=0x1) sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000004ac0)) getpid() pipe(&(0x7f00000000c0)={0xffffffffffffffff}) getsockname$unix(0xffffffffffffffff, &(0x7f0000000100)=@abs, &(0x7f0000000280)=0x6e) sendmsg$IPCTNL_MSG_EXP_NEW(r3, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000380)={&(0x7f0000000400)=ANY=[@ANYBLOB="6800000000020101000000004c0002801400018008000100ac1414bb08000200d800000106000340000100002200018014000300fc010000000000000000000000000001140004000000000000000000000000000000000108000b0073697000"/112], 0x68}, 0x1, 0x0, 0x0, 0x4060}, 0x0) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000080)={@mcast1={0x2, 0x0}, 0x0, 0x0, 0x1, 0x3}, 0x20) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) dup(0xffffffffffffffff) ioctl$VHOST_VDPA_SET_CONFIG(0xffffffffffffffff, 0x4008af74, 0x0) r5 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip6_flowlabel\x00') preadv(r5, &(0x7f0000000040)=[{&(0x7f0000000ac0)=""/100, 0x64}, {&(0x7f0000000180)=""/250, 0xfa}], 0x2, 0x0, 0x0) r6 = socket(0x10, 0x3, 0x0) sendto$inet6(r6, &(0x7f0000000900)="7800000018002507b9409b14ffff00000204be04020b06050e020909430009003f00064c0a0000000d0085a168d0bf46d32345653600648d0a000500eb16000049935ade4a460c89b6ec0cff3959547f509058ba86c902000000004a23000400160004000a0000000000e000e218d1ddf66ed538f2523250", 0x78, 0x0, 0x0, 0x0) r7 = open(&(0x7f0000000180)='./bus\x00', 0x4827f, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3000008, 0x4002011, r7, 0xb874d000) fallocate(r7, 0x0, 0x0, 0x1000f4) socket$vsock_stream(0x28, 0x1, 0x0) r8 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000300)={0x0, 0x1b, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="5cffffff10000fff26bd70000200000000000000", @ANYRES32=0x0, @ANYBLOB="6a7a72d94543bff99b9a1bb35790e0c921b995854365f2fc2d0e69c33383eadb4c953bc670af33220aff6be8b4d2264da1da552fd9d66992b2d0473d351ab571520997faeb619ef2413a1d3cd5ca162eba28628d1194e4a459b46dd50a5a79c6438bb4ed7e1f779067467157e54810a2b4172333b7eabf1e675a074730e0afbee6daa83f13c49f2bfba96087f3a1263be54e66c1442798be7d58afae6418f6c41a8348bb00ccdaea2da0ca8052ceee6f8539f66114c2d8f5e177da458a5f2da8017dd297d438ff1d9ea5cd462b0b9b094fb10fdf8398094ae0f0ad48fa325f364a82d7a1fd9d2a262aa44aec52c4f391f6a818d8aec89b4806fa30c38ed70ca290743c1cbe6be45fdc5199caac83d3ab7c9abd0d67e00d5ce14e04cf607f7c10e4704828db2c8b3cfdbf6d12becc0176e7a6f4cc24e6d8f48a65f617ff69da58e399261055fb8f6169a91a506ea70e064036d3568357ca4444236701dd0706c6739eb1ef2920145248b30c851f37cfb2dd2d0e2fae1aee3945893317d27488a4aa5406e828ddaa0137e869eeecef8d8c861861c7d22560c96033831f7d79442b07dc2a86d5694847c8e73c5fe928c4a96a2a996a786ebdb16e5024aace0bbe695b6d23a5bdf07befd7407930acef4b3efe3eb26c431ba6cdeae594074c6984cbc988084ea63784c311d4b5ba1464e9c26d7ccbda33cc6e62895d1b73ef6cc0711c793b2d1e8d9b1678abddbaad14184d12362acc4859d7ba5821c1bb66e4ac"], 0x50}}, 0x0) 32.571786814s ago: executing program 2 (id=1796): prlimit64(0x0, 0xe, &(0x7f00000014c0)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=ANY=[], 0xfffffffffffffeae}, 0x4049085) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc4c85512, &(0x7f0000000280)={{0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz0\x00', 0x0}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000002b00)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r3, &(0x7f0000001880)=[{{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000001380)="1ee88f78de7d57006d8ffa3f1d92c228a43f6c865534aa138605308cde6be03b4ec0251663c809fa1c4e38621d819ab4d5b12eb81ea0ed4ad7e253", 0x3b}, {&(0x7f0000001bc0)="5c89eeb1aa86c6f680f09cc1c1d4bc5fc6a067d295afd3aa97af3d777b81db48f9ceb270e506af840503c6fbf20760e4cd8df9c220cd0728585229123d5c61507d00561b8f1a15e64fa2779be424fdeff46058eaee7acfc80b2ae9840e9ac1e33ac8378c98695a08bdb8f2a756b1704c036e3b0ff2d1e9d397a82e24debd371e6855b7dc2dea47d57a9dfbf4fb2ccb3f975c3851c6b5399ab80c4ba95604f70a69674cfe820d82fb06b243625a8a9e4ee52e7c2ec4d6", 0xb6}], 0x2}}, {{0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000000700)="acc841985992b79554acfc02163bb0fb2bb293e68702bb40b6b870bde5", 0x1d}], 0x1}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000001980)}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x4, 0x0) r4 = syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, &(0x7f00000004c0)={0x0, 0x0, r5, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f0000000380)={r6, 0x0, 0x0, 0x0, 0x2, [0x0], [0x0, 0x4, 0x0, 0x2], [0x0, 0xc6], [0x0, 0x1000000000]}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r4, 0xc00c642d, &(0x7f0000000080)={r7, 0x0, 0xffffffffffffffff}) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1000004, 0x13, r8, 0x0) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r3, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27) 32.431478852s ago: executing program 0 (id=1797): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x0, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x9, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x90) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) fsetxattr$system_posix_acl(0xffffffffffffffff, 0x0, &(0x7f0000000280)=ANY=[@ANYRES64=r1], 0x24, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_open_procfs(0x0, &(0x7f0000000300)='map_files\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_open_dev$vim2m(&(0x7f00000004c0), 0x4, 0x2) ioctl$VIDIOC_QBUF(0xffffffffffffffff, 0xc058560f, &(0x7f0000003880)=@userptr={0x804, 0xa, 0x4, 0x0, 0x8, {0x77359400}, {0x6, 0xc, 0xcb, 0xe, 0xf8, 0x10, "a003dbb9"}, 0x5, 0x2, {0x0}, 0x2}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) r4 = syz_io_uring_setup(0x3ac6, &(0x7f0000000080)={0x0, 0xfffffffd, 0x10100, 0x4, 0x37b}, &(0x7f0000000180)=0x0, &(0x7f0000000100)=0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r5, r6, &(0x7f0000000380)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, &(0x7f0000003880), 0x63}, 0x0, 0xe3d08660d3cd4684}) io_uring_enter(r4, 0x92, 0x0, 0x0, 0x0, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0) ioctl$KVM_RUN(r8, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0xaaaaaaaaaaaab66, 0x0, 0x0, 0x0) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB="fd7e694ba8059ef09919dfa96389ea90518cc4d9e63223276f8659c72931c1368681fea7b6694463", @ANYBLOB="0500000000000000f2ff0500000008000300", @ANYRES32=r11, @ANYBLOB], 0x24}}, 0x0) add_key(&(0x7f0000000000)='pkcs7_test\x00', 0x0, &(0x7f00000021c0)="305c0607e182087051667557c7d7982b8f57fb20a3adc9e3baa292ce8f0a861e6417acfc8648ad1b86400393d502b0", 0x2f, 0xfffffffffffffffe) sendmsg$NL80211_CMD_CONNECT(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB=',\x00', @ANYRES16=r10, @ANYBLOB="050000000000000000", @ANYRES32=r11, @ANYBLOB="0a003400020202020284c402000004007a52ae439f6ef95ecf2eca8d97ceccd19d9b2fff5b77df8d867683bdcb557b574877f4849caef94ef864ee90ef108d94b9f624426b3c2af242599d4400771298e39a6d5d812b3c9e5e86ce639ca6a33cdd602ba1e7e2a013a89a7823ff4f5ccfd3161065892488e426c2033a7cedf3188ab6bfcb8b901f88ba3edbc287f25b6c98b087ae3f9063841d7a5f45863c549ccd900d9af9db19f9daf210d68ba3b21166d594463d5119b912e8391ce74d2fa8c20127aa3a0ca6af2b50db53f0e56311de0b511e43e4a0fdd6dc0e3c704db7411ac256a19c2224764c2c4a4bbb0211de410722b8838fc8e541ee1dcb9227"], 0x2c}}, 0x0) 31.438950009s ago: executing program 0 (id=1799): socket$kcm(0x10, 0x2, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e04800304fe95a66bfeda7df4a4a416180841020000009babecd729da1915a6b166c8b72fc35b5b4eb2c5"], 0x7) r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0) syz_usb_disconnect(r0) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r1, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) recvmsg$kcm(r1, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000001300)=[{&(0x7f0000000240)=""/213, 0xd5}, {&(0x7f0000000ec0)=""/252, 0xff85}, {&(0x7f0000002140)=""/4058, 0xfda}, {&(0x7f00000006c0)=""/235, 0xeb}, {&(0x7f0000000a00)=""/203, 0xcb}, {&(0x7f0000000340)=""/176, 0xb0}, {&(0x7f0000000b00)=""/226, 0xe2}, {&(0x7f00000010c0)=""/21, 0x15}, {&(0x7f0000000400)=""/35, 0x23}, {&(0x7f0000001480)=""/161, 0x9b}, {&(0x7f0000001400)=""/75, 0x40}, {&(0x7f00000008c0)=""/54, 0x36}, {&(0x7f0000001100)=""/236, 0xec}, {&(0x7f0000000d00)=""/26, 0x1a}, {&(0x7f0000000d40)=""/146, 0x92}], 0xf}, 0x0) recvmsg$kcm(r1, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x0) recvmsg$kcm(r1, &(0x7f0000001080)={0x0, 0x0, 0x0}, 0x0) syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000"], 0x0) ioctl$EVIOCRMFF(r0, 0x4004550f, 0x0) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x4, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r2, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) r4 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f00000001c0)={r5, @in={{0x2, 0x0, @empty}}}, 0x9c) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r2, 0x84, 0x1, &(0x7f00000000c0)={r5, 0xed37, 0x751, 0x1, 0x8, 0xff}, &(0x7f0000000100)=0x14) socket$inet_sctp(0x2, 0x5, 0x84) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000001b00), 0xfdef) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) set_mempolicy(0x4005, &(0x7f0000000040)=0x1001, 0x4) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) r7 = syz_open_procfs(0x0, &(0x7f0000000580)='net/tcp6\x00') preadv(r7, &(0x7f0000000780)=[{&(0x7f0000000000)=""/65, 0x41}], 0x1, 0x1f3, 0x0) 30.731513222s ago: executing program 3 (id=1800): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r0, 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) r1 = userfaultfd(0x80001) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x80}) eventfd(0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)=@ipv6_delroute={0x4c, 0x19, 0x1, 0x70bd26, 0x25dfdbfd, {0xa, 0x14, 0x0, 0x80, 0xfe, 0x0, 0xff, 0xa, 0x900}, [@RTA_PRIORITY={0x8, 0x6, 0x8}, @RTA_ENCAP={0x10, 0x16, 0x0, 0x1, @LWT_BPF_OUT={0xc, 0x2, 0x0, 0x1, @LWT_BPF_PROG_NAME={0x7, 0x2, 'lo\x00'}}}, @RTA_PRIORITY={0x8, 0x6, 0x4}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x5}, @RTA_MARK={0x8, 0x10, 0x10000}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000044}, 0x80) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000000c0)={'lo\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@bridge_newneigh={0x34, 0x1c, 0x5, 0x0, 0x0, {0x2, 0x0, 0x0, r4, 0xa1}, [@NDA_DST_MAC={0xa}, @NDA_LLADDR={0xa, 0x2, @link_local}]}, 0x34}}, 0x0) mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r8, &(0x7f00000023c0)={0x2020}, 0x2020) 30.174073007s ago: executing program 2 (id=1802): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYRES64=r0, @ANYBLOB="15158edaf21c228c80e7369a55d0d3048c584243cabffeabb31608d92edb1270eb01407e5047d95a7c1b63c80cd598f68070d6a73ae55d8d724ffbb9bba9d58827053fb002a86c381df9dcb19a521391b8ee8d955b1d72610daebb8c881d6b53f5c93a059d850267ff1c9f74f208f60104819ad61bc5340118d0980c62266c61f233496c", @ANYRES8=r0, @ANYRESHEX=r0, @ANYRES16=r0, @ANYBLOB='\x00'/28], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0xf, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000900000018110000", @ANYRES32=r1, @ANYBLOB="00000004a6b7eb5f4b01060000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000577b5b0000000000950000000000001b17cd2338208fb1e28cf2ad8c"], &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r2, 0xfca804a0, 0x4, 0x8, &(0x7f00000002c0)="b8000005", &(0x7f0000000300)=""/8, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1d, 0x4, 0x0, 0x0, 0x201, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) creat(&(0x7f0000000280)='./file0\x00', 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setreuid(0x0, r4) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r5}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x5}}, {}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="580000001400192340834b", 0xb}, {&(0x7f00000002c0)="db6dfa07d8098bd2ced64ad5edc54382ee45da9203efd5732acfcc727b53d3079ed06ecae1342e4ec9c8283311dceddf89948d3ef84ff58ffb015760e03187c365999492cb07f544c5f8e72917b4af1e3e47b4655360c078947e62afae62d2ec31a3e0043a888d2096a4fe21b43cef30a6299fda9e752ea4ac9bd768a5a01356f8f5d1dae5c092d7f0fba15747b05104819751a787c6202cca9911ddff6f00ddc9997b", 0xa3}], 0x100000e0) r6 = socket$netlink(0x10, 0x3, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000800000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_VALIDATION={0x5, 0xd, 0x3}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8080}, 0x0) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) io_uring_setup(0x4011, &(0x7f0000000180)={0x0, 0x6e42, 0x2000, 0x3, 0x3d7}) syz_io_uring_setup(0x8a7, &(0x7f0000000080)={0x0, 0xb4db, 0x0, 0x3, 0x2}, &(0x7f0000000580)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r8, r9, &(0x7f0000000280)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index}) r10 = openat$vcs(0xffffffffffffff9c, &(0x7f0000001880), 0x400000, 0x0) dup(r10) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) 29.992817279s ago: executing program 4 (id=1803): bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) socket$nl_route(0x10, 0x3, 0x0) syz_emit_vhci(0x0, 0x22) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) r1 = syz_open_dev$cec(&(0x7f0000000280), 0x0, 0x480) ioctl$CEC_S_MODE(r1, 0x40046109, &(0x7f0000000a00)) syz_emit_vhci(&(0x7f00000003c0)=ANY=[@ANYBLOB="04040a00000000000054679202ce9eaa48b326b038d97544c8b681bad547412afab3663029531077c8c4fa2f7501610d4eae6214096ae92430cd63486f07b04d9c519ab15a6e842e1352398f95ff35f5115a2c6c50f63336179b5e6b1f774a63506e8cb76bba42c6bee078240ec871a2bcf7dd5691833ac53a02f3614eae3afb9549df1b77ce0baebc9f630664"], 0xd) syz_emit_vhci(&(0x7f0000000140)=@HCI_EVENT_PKT={0x4, @hci_ev_sync_conn_complete={{0x2c, 0x11}, {0x0, 0xc8, @any, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}}, 0x14) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000180), 0x111, 0x6}}, 0x20) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000100), 0xfecc) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='map_files\x00') lseek(r2, 0x4, 0x0) ioctl$MON_IOCX_GET(0xffffffffffffffff, 0x40189206, &(0x7f00000002c0)={0x0, &(0x7f0000000340)=""/121, 0x79}) ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f0000000ac0)={[0x0, 0x0, 0xfffffffffffffffd, 0x10, 0x4, 0x3, 0xd, 0x1ff, 0x7, 0xfffffffc, 0xffffffffffffffe1, 0x0, 0x0, 0x10001, 0xfffffffffffff924, 0xfffffffffffffff1], 0x2}) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r4 = syz_io_uring_setup(0x5169, &(0x7f0000000200)={0x0, 0x0, 0x10100, 0x400}, &(0x7f0000000100), &(0x7f0000000000)=0x0) syz_io_uring_setup(0xa94, &(0x7f0000000300)={0x0, 0x0, 0x20, 0x0, 0xe1}, &(0x7f00000000c0)=0x0, &(0x7f00000005c0)) syz_io_uring_submit(r6, r5, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xfffffffffffffffc, 0x0}) io_uring_enter(r4, 0xb15, 0x0, 0x0, 0x0, 0x0) preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) uname(&(0x7f0000000000)=""/174) syz_emit_vhci(&(0x7f0000000700)=ANY=[@ANYBLOB="029fc800fd00f90001000fc304000700000002050400000006000300080003000c000000080003a90800ff00ec67000026070531140003000c00bc00040904000000240200007805010011030200000104024a000900ff0304090200050200faff02000702ff0706100702ffff02000000ff7f0000ff07000e0007021b1b05010007020800010201000610ff0256f90000000000000000010000000b0059000400e9aaa6aba2538f93b03e6aef22892d9b98385e1df1b3891207edbf1d954e7423ade5b055495719ea413f488160e3c063ef6461cf331038d364cb0d6f9cec069df069488d19df8ebb3ce2079c2e30af76940121e9ec219f07a00400ffff01c0215e3ab22f8f06f50dc56a5867eb09220bf9a77cf0a2a09828eeceb9d9ff201925ec9e65c0aac30f672bda3d22fd58f0e11e9e7482873981157c17cd311fd811f1c2b0000000"], 0x102) 29.389210655s ago: executing program 0 (id=1805): r0 = socket(0x28, 0x1, 0x0) setsockopt$IP_VS_SO_SET_EDIT(r0, 0x0, 0x483, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000280)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x4) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x7, 0x2172, 0xffffffffffffffff, 0x2000) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0xe7e74b3a17e1ad5c, 0x1}) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x2, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r4 = dup3(r3, r2, 0x0) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000005c0)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r5, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000200)) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000800)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x30, &(0x7f0000000140)={@flat=@binder={0x73622a85, 0x1000, 0x3}, @ptr={0x73622a85, 0xfc, 0x0, 0x0, 0x0, 0x2f}, @flat=@weak_handle={0x77682a85, 0xa}}, &(0x7f0000000240)={0x0, 0x18, 0x40}}}], 0x0, 0x0, 0x0}) mremap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f0000008000/0x3000)=nil) ioctl$RFKILL_IOCTL_NOINPUT(r1, 0x5201) r6 = socket$unix(0x1, 0x2, 0x0) bind$unix(r6, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r7 = socket$unix(0x1, 0x2, 0x0) connect$unix(r7, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) writev(r7, &(0x7f0000000040)=[{&(0x7f0000003140)="c2fb924ba22ebaa6eece98fa81b830040d67afa5d15cd1830b9b5a21de50c69350618a088de2596501e387a7700272f952047d4adbc8f9b9285d84c41119454b43cfc0", 0x43}], 0x1) ioprio_get$pid(0x3, 0x0) setsockopt$SO_TIMESTAMP(r6, 0x1, 0x23, &(0x7f0000000080)=0x6, 0x26) r8 = fsopen(&(0x7f0000000140)='iso9660\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r8, 0x1, &(0x7f0000000ac0)='gid', &(0x7f0000000b00)='\xbf%#\x00', 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0) 28.621780066s ago: executing program 2 (id=1806): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001280)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB=',\x00', @ANYRES16=0x0, @ANYBLOB="1bc400000000000000000f00000008000300", @ANYRES32=0x0, @ANYBLOB="0d00330000001ce20800720010000000"], 0x2c}}, 0x0) syz_open_dev$video4linux(&(0x7f0000000000), 0x0, 0x0) openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) ioctl$IOC_WATCH_QUEUE_SET_FILTER(0xffffffffffffffff, 0x5761, &(0x7f0000000140)={0x2, 0x0, [{}, {0x0, 0x0, 0x7}]}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r2 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x20) connect$l2tp6(r2, 0x0, 0x0) sendmmsg$inet6(r2, &(0x7f0000000ac0)=[{{&(0x7f0000000180)={0xa, 0x0, 0x0, @empty}, 0x18, 0x0, 0x0, 0x0, 0x0, 0xe0}}], 0x17fd147c801ae9ab, 0xff00) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f0000001900)={&(0x7f0000001840)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000018c0)={&(0x7f0000001880)={0x34, 0x0, 0x8, 0x70bd26, 0x25dfdbfb, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x4008080) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="000000000400"/20, @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'}) write$sndseq(0xffffffffffffffff, &(0x7f0000000000)=[{0xfe, 0x7, 0x2, 0x0, @tick=0x5a, {}, {0x4, 0x2}, @result={0x8001, 0x3}}], 0x1c) read$hiddev(r0, &(0x7f00000000c0)=""/4092, 0xffc) preadv(r0, &(0x7f00000012c0)=[{0x0}, {&(0x7f0000000000)=""/183, 0xb7}, {&(0x7f0000001500)=""/208, 0xd0}, {&(0x7f00000010c0)=""/42, 0x2a}, {0x0}, {0x0}], 0x6, 0x4, 0x0) semget$private(0x0, 0x6, 0x14b) syz_io_uring_setup(0x7937, &(0x7f00000000c0), 0x0, 0x0) r3 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000001700), 0x0, 0x0) ioctl$SW_SYNC_IOC_INC(r3, 0xc0105702, &(0x7f00000000c0)) read$hiddev(r0, &(0x7f0000001100)=""/234, 0xea) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) syz_emit_vhci(&(0x7f00000004c0)=ANY=[@ANYBLOB="040e0501460c1f00c7f641737da8c5df97e629d54f8eef8f4b4c287248623393943b5ba71f4c252077dee7cda5f191af639f6bc9ccce6307303924e47e62deed5d1bb5921eea00000c30f73971da9388b9ec29139dedf9d61d113d31eeef342c9d"], 0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) 28.295976041s ago: executing program 4 (id=1807): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB], 0x0, 0x4d, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x8, &(0x7f0000005c00)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x20000, 0x0, 0x0, 0x40e00, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xffffffff}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0, r0}, 0x10) socket$netlink(0x10, 0x3, 0x400000000000004) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000002100), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000002140)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DEL_STATION(r2, &(0x7f0000002240)={0x0, 0x0, &(0x7f0000002200)={&(0x7f0000002180)={0x24, r3, 0xa29, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_MGMT_SUBTYPE={0x5, 0x29, 0xa}]}, 0x24}}, 0x0) socket(0x2c, 0x3, 0x0) socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(0xffffffffffffffff, 0x11b, 0x3, &(0x7f0000000080)=0x100000, 0x4) pipe(&(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0x1, 0x40, 0x40, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x1, 0x13, &(0x7f0000000680)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4362}, {}, {}, [@btf_id={0x18, 0x9, 0x3, 0x0, 0x2}, @map_val={0x18, 0x4, 0x2, 0x0, r6, 0x0, 0x0, 0x0, 0x101}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000180)='GPL\x00', 0x1, 0xb7, &(0x7f0000000240)=""/183, 0x41000, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440), 0x10, 0x8001, @void, @value}, 0x94) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000000180), 0x1003, r7}, 0x38) bpf$MAP_LOOKUP_ELEM(0x4, &(0x7f0000000b80)={r7, &(0x7f00000014c0)='o', &(0x7f0000000b40)=""/31}, 0x20) r8 = socket$inet_udp(0x2, 0x2, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x13}}, 0x10) close(r8) socket$nl_route(0x10, 0x3, 0x0) r9 = socket(0x2a, 0x2, 0x0) getsockname$packet(r9, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r10, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newtfilter={0x3c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r10, {0x0, 0xfff3}, {}, {0x1c, 0xe}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_ARP_OP={0x5, 0x3d, 0x1}]}}]}, 0x3c}}, 0x0) r11 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r11, &(0x7f00000002c0), 0x40000000000009f, 0x0) write$binfmt_misc(r6, &(0x7f0000000000), 0xfffffecc) splice(r5, 0x0, r8, 0x0, 0x4ffe6, 0x4) 27.607934741s ago: executing program 3 (id=1808): bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000006c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000e80)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="25003300d0000000080211000001080211000000505050505050000003010000000100da0f000000"], 0x44}}, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f0000000040)={0x2, 0x0, @dev}, 0x10) setsockopt$inet_udp_int(r3, 0x11, 0x67, &(0x7f0000000000)=0x507, 0x4) sendmmsg$inet(r3, &(0x7f0000000600)=[{{&(0x7f0000000c00)={0x2, 0x4e20, @multicast2}, 0x10, 0x0}}], 0x1, 0x2000c044) sendto$inet(r3, &(0x7f00000000c0)="8689d46205a34100bf2bbe11a5ce7839edaf02afe39ead95913e9c4f8cf31440006769ebdf12cfacae8e8c03f5db079da7d9ecda75e2a7d49d5cbcb370c4d789390a328ba42c9c60cf2154d1b659aa709e8980a522cfb72f23ad87fb7019706ccae98cfe7c4fd23e8297b8cabc46ede1ac3da78f1b488c6357e7edfcd417df6660af20a54ecdcb02f689ae15ee655d4b7b1ea733e88ee9f53669388dff487c1c49953f3bc142112bd4b582b29b35d43962ed245c2cd5d5df40a3e0ed6beaf3b641e84b0f0dfa121a9efe05269f9f4a0e9bcbf43c7a90a711f453668c730c3badedca687b71a9c27bab9e724cc4a4918713031596ea6fd01124f973f257ccd9665aee7df4a9d64f079d176abc00000000d7af3e2dd4396f72373fb0a787a6129ca41181f5087fb843212550b58e3707d5a0399de36c2503836cbe2133de4f574e9e05c96788b0de1bd13e390445433d96737b964fa8af2ac4b2f0f9390ca93d8d3d810044d024359e067c4553230ab748947d33f8fc115ce9a49e6571c45a05d786cbd49342c236537dbbeec666b07baab917252113a5b9a77283189b518f356debe42d80cf2d0687b9c64d0253a6a09286fded6e4f8557b8fb4f25ca4fb138af8945c74bbc98748eaaa030be5317646f195e6e085ac6ddb29542e3581961259987241f7e7061526a7afec8962e74215fea43703a4e543ee9d1a3c3f5f2a41977ece8fdadcf89ce331ce59bebae5f53513d0e10485d7ddbda60513bf339602510b3a23ea29a0d5d03a61e34d12942ea4a847c884b27b5344a456d02a55f8929cc567e7c792c01fab7a7b32780a14c361000609b817dd91507b04d875279527946fdb8fb92a512485e234d092c28f1d0a0498731ccc0eb10515d510e8945839307b46512ceca6f495fdd2c6ae5eb2ef3b2a40ebdc7edf0048e3fb5e3d97a9ea5113a6b70d20ad5c43f0df95d88c0f121a1884da21a21f0ba47420f8391a97921cc51871dbb272e43710fe71d5e342c3afd10608a8b02f00e8fbd8d570b6faace86c494ecea8913233391e7b7cec3d571bb3032181ed58e1b513e511f79ee562c8cde9b3b74c2e95dcde7fadb5a666bdc0c1684794620ce8cf0c0aee8e90b3ef6e7160d3f055cb4d1ced32e4edc15e7d102952d3237e6c02c591a95a182bf190c0124abc7f1225332ff1c5e1b94e4e9bf02c1a18bd7bfce20707f7298da322560bc1a4cf298d46f5bf8ff41da21e25aa17f65f9ee43ca890b5ef6a3ccf3efedf3ca60a9acef1352ad0c43e6cf375108cf0974ce89a99adba7e6a3f8949dc573440fafe0e3abdd0066057a2d868e8386080f18a421568d8e7a89536a4173861bd55245c8fcf7dcba18edce36d2e85b9630fbc218db9ebd16abb11ac06fdbf2bc3e6394d4c6e7ae71813d30772d487743a2856348fee09989ce03331e7848770fc91e62191c20fe5f4a73c5dae467dd612bdb63b1e50921d38271305d7412103d5a6214d6d534d1d530b9169f882b6926bbd338f0282a8bd9a44603934e5249e83f1d0947b39f82a7843d2b6f796d8abf7ff3e66cfd4519324d71cebbf6580dffc10d555e479e9acaa12c3c59e3732c181aa4223d0fcdac514e9d7c7963c2634964520286b028f60a4ae612b8e6049315139e884cbffd6836253094ad023329183496cf663366ad4d7f7f5f1bd2db9b0d33f106c041fba4494c7da404d45d8955e5459ca4a62862721ec1fa534fd95e262c5814426816e60000000000000000001aa4fb6f40ec24f42f6949cc28d2a0d4eb61cb1664627582d962523586539445b81e9759321652280ecb", 0xffe3, 0x0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) r5 = syz_io_uring_setup(0x7279, &(0x7f0000000080)={0x0, 0x0, 0x13100}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) r8 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r8, 0x10f, 0x87, &(0x7f0000000200)={0x43, 0x18000000}, 0x10) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r9, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x30, r10, 0x1, 0x0, 0x0, {{}, {}, {0x14, 0x19, {0xfffffffe, 0x0, 0x0, 0xc1}}}}, 0x30}}, 0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r5, 0x2def, 0x0, 0x0, 0x0, 0x0) write$rfkill(r4, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) r11 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000000)={'erspan0\x00'}) ioprio_set$pid(0x2, 0x0, 0x4000) r12 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x1458c2, 0x0) r13 = openat$random(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) sendfile(r12, r13, 0x0, 0x15) r14 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) r15 = dup2(r14, r14) ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r15, 0xc01864b0, &(0x7f0000000040)={0x0, 0x0, 0x6, 0x20}) 26.85771238s ago: executing program 2 (id=1809): socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_generic(0x10, 0x3, 0x10) mlock2(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0) mbind(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x4003, &(0x7f0000000000)=0x6, 0x5, 0x2) socket$inet6_udp(0xa, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x0, 0x0, 0xffffffff}, 0x1c) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x6, 0x0, 0x0) memfd_create(0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) io_setup(0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) preadv(r1, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102384, 0x18ff0}], 0x1, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_procs(r2, &(0x7f0000000040)='tasks\x00', 0x2, 0x0) write$cgroup_pid(r3, &(0x7f00000000c0), 0x12) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) r5 = openat$cgroup_int(r4, &(0x7f0000000080)='cpuset.mems\x00', 0x2, 0x0) r6 = openat$cgroup_ro(r4, &(0x7f0000000140)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600006, 0x8003, &(0x7f0000000000)=0x6, 0x8, 0x0) sendfile(r5, r6, 0x0, 0x3c) r7 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$SO_BINDTODEVICE(r7, 0x1, 0x19, &(0x7f0000000240)='wlan0\x00', 0x10) bind$inet(r7, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) connect$inet(r7, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r7, &(0x7f0000000900), 0x0, 0x0) 26.846787045s ago: executing program 4 (id=1810): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00'}) sendmsg$nl_route_sched(r0, 0x0, 0x0) 26.322736639s ago: executing program 4 (id=1812): socket$alg(0x26, 0x5, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x20800, 0x0) symlinkat(&(0x7f00000001c0)='.\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00') r3 = openat$autofs(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r3, 0xc018937e, &(0x7f0000000240)={{0x1, 0x1, 0x5f, 0xffffffffffffffff, {0x18}}, './file0\x00'}) preadv(r2, &(0x7f0000000240), 0x0, 0x0, 0x800) syz_open_procfs(0x0, &(0x7f00000009c0)='net/tcp6\x00') futex_waitv(0x0, 0x0, 0x2, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r4 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0xa800, 0x0) r6 = fanotify_init(0x200, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) r7 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r7, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x2c, &(0x7f0000000100)=[@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e24, 0x0, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}}]}, &(0x7f0000000180)=0x10) r8 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r8, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r7, 0x84, 0x1, &(0x7f0000000080)={r9, 0x2000}, 0x14) syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_RINGS_SET(0xffffffffffffffff, 0x0, 0x0) fanotify_mark(r6, 0x409, 0x4800003e, r5, 0x0) write$6lowpan_control(r4, &(0x7f0000000040)='connect aa:aa:aa:aa:aa:10 0', 0x1b) 24.318112531s ago: executing program 4 (id=1813): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$UI_SET_MSCBIT(r1, 0x40045568, 0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) ptrace$getregs(0xffffffffffffffff, 0x0, 0x6, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) socket$inet_udp(0x2, 0x2, 0x0) syz_usb_connect(0x0, 0x36, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r3) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r4, 0x0) r5 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$sock_int(r5, 0x1, 0x8, &(0x7f0000000140), 0x4) connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r6 = accept(r3, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYRESDEC], 0xfffffdef}}, 0x1) recvfrom(r5, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x0, 0x0, 0x0) setsockopt(0xffffffffffffffff, 0x84, 0x7f, 0x0, 0x0) openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) r7 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r7, 0xaf01, 0x0) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x4) write$uinput_user_dev(r1, &(0x7f00000001c0)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x868]}, 0x45c) ioctl$UI_DEV_CREATE(r1, 0x5501) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) 23.399125047s ago: executing program 1 (id=1814): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) dup(r0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000000)={0x0, 0x3}, 0x8) sendto$inet6(r1, &(0x7f0000000300)="aa", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}}, 0x1c) sendto$inet6(r1, &(0x7f0000000140)="11", 0x1, 0x0, &(0x7f0000000040)={0xa, 0x0, 0x0, @private2}, 0x1c) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f00000002c0), 0x8) syz_emit_vhci(&(0x7f0000000240)=ANY=[@ANYBLOB="040e0a010e04"], 0xd) pipe(0x0) syz_emit_ethernet(0x0, 0x0, 0x0) r2 = socket$packet(0x11, 0xa, 0x300) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000100)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x80000006}]}, 0x10) r3 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f00000002c0)={'ip6_vti0\x00', &(0x7f0000000240)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @empty}}) syz_emit_vhci(&(0x7f00000000c0)=@HCI_EVENT_PKT={0x4, @hci_ev_user_confirm_req={{0x33, 0xa}, {@none, 0x3}}}, 0xd) syz_emit_ethernet(0xb3, 0x0, 0x0) ioctl$sock_inet6_SIOCDELRT(r3, 0x890c, &(0x7f0000000180)={@remote, @loopback, @remote, 0x4, 0xff, 0xcd, 0x400, 0x20, 0x1800000, r4}) r5 = socket$inet6_sctp(0xa, 0x801, 0x84) connect$inet6(r5, &(0x7f0000000000)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) shutdown(r5, 0x1) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r5, 0x84, 0x6, &(0x7f0000000440)={0x0, @in={{0x2, 0x0, @empty}}}, &(0x7f0000000040)=0x84) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000340)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x0, 0x46}, @l2cap_cid_signaling={{0x42}, [@l2cap_conf_req={{0x4, 0x20, 0x13}, {0x4, 0x8, [@l2cap_conf_flushto={0x2, 0x2, 0x4faf}, @l2cap_conf_fcs={0x5, 0x1, 0x1}, @l2cap_conf_mtu={0x1, 0x2, 0x807d}, @l2cap_conf_ews={0x7, 0x2, 0x8}]}}, @l2cap_disconn_req={{0x6, 0x0, 0x4}, {0x6, 0x6a21}}, @l2cap_move_chan_req={{0xe, 0x9, 0x3}, {0xaf, 0x3}}, @l2cap_conf_rsp={{0x5, 0x55, 0x18}, {0x9, 0xb9, 0x3ff, [@l2cap_conf_efs={0x6, 0x10, {0x3f, 0x0, 0x100, 0x3, 0x7f, 0x80}}]}}]}}, 0x4b) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r6, 0x0, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) r7 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) unshare(0x2a020400) fcntl$setpipe(r7, 0x2, 0x0) 17.528191057s ago: executing program 2 (id=1816): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0) r0 = shmget$private(0x0, 0x2000, 0x1000, &(0x7f0000ffc000/0x2000)=nil) mmap$binder(&(0x7f0000395000/0x4000)=nil, 0x4000, 0x1, 0x11, 0xffffffffffffffff, 0xec07) set_mempolicy(0x8001, 0x0, 0x80) shmdt(0x0) shmat(r0, &(0x7f00003b7000/0x1000)=nil, 0x6000) mlockall(0x7) shmctl$SHM_LOCK(0x0, 0xb) ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, &(0x7f0000000100)=0x80000) bpf$MAP_CREATE(0x0, &(0x7f00000075c0)=@base={0x17, 0x0, 0x4, 0xff, 0x2000, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) syz_usb_connect$cdc_ecm(0x0, 0x5a, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000020000102505a1a440000000010109024800010100000009040000160202000005c07fab6205240000000d240f0100000000000000000004240200090581034000000000090582020002000000090503024002"], 0x0) r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80882) write$UHID_INPUT(r1, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102373, 0x18fe5}], 0x1, 0x0, 0x0) r3 = socket$kcm(0x1e, 0x1, 0x0) sendmsg$kcm(r3, &(0x7f00000014c0)={&(0x7f0000001540)=@tipc=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x80, 0x0}, 0x0) recvmsg$kcm(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000001c0)=""/5, 0x63}], 0x1, 0xfffffffffffffffe, 0x19}, 0x0) sendmsg$kcm(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000340)="ff", 0x27}], 0x1, &(0x7f0000000580)=ANY=[@ANYRESOCT], 0x11f0}, 0x20008000) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) add_key(&(0x7f0000000080)='dns_resolver\x00', 0x0, &(0x7f0000000100)="26c2", 0xfffff, 0xffffffffffffffff) r4 = socket(0x2b, 0x80801, 0x1) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x1c) ioctl$sock_inet6_udp_SIOCOUTQ(r4, 0x5411, &(0x7f00000006c0)) ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, &(0x7f0000000140)={@my=0x1}) sendmsg$nl_xfrm(r2, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="e00000001c000c002cbd7000fedbdf25ff820008007e0008000101760073fb86b668f367ad3c578314288b76645f5b8bd8c9f09cbb353c794c96bd3bdcd027cd7ef20a84c02cc48c40c42c7e2c0b585e436ca748f8f8c40e57126ee6fcc55d987c4effe4f064e15bce26936c5b2293e10197fbc76e25f57f49ca2a8522783dc5fb1f67e37c9bb0301837ebdbf2e6eaaaeff6f80000480002007063626328626c6f776669736829000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f9b97888835109c25c6ed4b0015b6e6ca65762b3339cc56dee9c7fb49309480d083ef8528b2820357fe651a8f9dd3af103104f986edc837510298dc8ea1f86d8831c87d05a225969f9ac497678735a2ca9cc41846a8d28140cb8b593d236f17da7e1111879f52ce3dab62c2eb4e1eb591bf81c4a35b59a40ea75bae80e7157fe64e8435251f7668105f5aef90ce1256f341621"], 0xe0}}, 0x80) socket$inet_smc(0x2b, 0x1, 0x0) 14.31537871s ago: executing program 1 (id=1818): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1e7d, 0x2d5a, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) r1 = socket(0x10, 0x3, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0), 0x0, 0x0) ioctl$TUNSETQUEUE(r2, 0x400454d9, &(0x7f0000000600)={'pimreg1\x00', 0x600}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0xd0f, 0x20, 0x0, {0x60, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_FWMARK={0x8}]}}]}, 0x3c}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000040)={0x0, 0x0, 0x5, {0x5, 0x0, "820027"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) r5 = syz_usb_connect(0x0, 0x24, &(0x7f0000000f40)=ANY=[@ANYBLOB="12010000dc3f6e4013080100083a0000000109021200"], 0x0) r6 = socket$inet6(0xa, 0x3, 0x7) sendmmsg$alg(r6, &(0x7f0000001840)=[{0x20000000, 0xff00, 0x0, 0x0, &(0x7f0000000040)=[@op={0x10, 0x29, 0x39}], 0x18}], 0x1, 0x0) syz_usb_control_io(r5, &(0x7f0000000880)={0x2c, &(0x7f0000000640)={0x40, 0x24, 0xde, {0xde, 0x24, "e58c164296d05705b80140e801b6af6460d844aa48c2fa0db05378eb69687c297727547c510ef0e0dd7f02d71f57c544bc77bd748b6b2a605bd6ede5ea5f2e482d06e125aceb2d1ce66faf9e15ef86a04d72fe059719269d722f60eb05975a49b574a741a9d4037e9dde0ac0337f8794de313b719a1e5bba89df036417d3a0d3ee548c1bab1115194b11b0fcff7e4d702fba839ea33a3577c64bf638ce473923f2e5b12109c59120254324c5e01507609216c051582b76049ce1ff46c401c3f6204f3e7f3fa6125d54fba18bd284e44f04e28cfe2562145cbd06628a"}}, &(0x7f0000000740)={0x0, 0x3, 0x2f, @string={0x2f, 0x3, "61579c06ec71e027df6ca85724553592acddfd14eebb238a9ac0dfc5d4d087c55927484848a893803d2a730864"}}, &(0x7f00000007c0)={0x0, 0xf, 0x26, {0x5, 0xf, 0x26, 0x3, [@ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "4cafc3793ae0068212f3224171eb248b"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x2, 0xd3, 0x4, 0x8}]}}, &(0x7f0000000800)={0x20, 0x29, 0xf, {0xf, 0x29, 0x5, 0x3, 0x6, 0x0, "34cacbbc", "15cfbd01"}}, &(0x7f0000000840)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x23, 0x2, 0x1, 0x2, 0x0, 0x5}}}, &(0x7f0000000e00)={0x84, &(0x7f0000000980)={0x0, 0x16, 0x93, "bbd8d7ae80b1e41d6207027df20e2951d102a21396895d13b5ed1ca8631ff087e578a119f15f533ee46ab4aba240757aa60ddfef51636c7a917982ac93840fa160b4e02f751344be36fd34a87dd380c42817ff46f640cb62c8bfab855be61d7a7c4d46d304d3daafaef21b529b6657178fbebfca9982135b3a62026a361e7cfa9d5efa00ab07f449e810bc75823f4173867146"}, &(0x7f0000000a40)={0x0, 0xa, 0x1, 0xe}, &(0x7f0000000a80)={0x0, 0x8, 0x1, 0x1}, &(0x7f0000000ac0)={0x20, 0x0, 0x4, {0x1, 0x3}}, &(0x7f0000000b00)={0x20, 0x0, 0x8, {0x0, 0x20, [0xf000]}}, &(0x7f0000000b40)={0x40, 0x7, 0x2, 0x4}, &(0x7f0000000b80)={0x40, 0x9, 0x1, 0x3}, &(0x7f0000000bc0)={0x40, 0xb, 0x2, "dbdc"}, &(0x7f0000000c00)={0x40, 0xf, 0x2, 0x9}, &(0x7f0000000c40)={0x40, 0x13, 0x6, @remote}, &(0x7f0000000c80)={0x40, 0x17, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x27}}, &(0x7f0000000cc0)={0x40, 0x19, 0x2, "f4dc"}, &(0x7f0000000d00)={0x40, 0x1a, 0x2, 0x3}, &(0x7f0000000d40)={0x40, 0x1c, 0x1, 0x1}, &(0x7f0000000d80)={0x40, 0x1e, 0x1, 0xff}, &(0x7f0000000dc0)={0x40, 0x21, 0x1, 0x7}}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)=ANY=[@ANYBLOB="3800000010000507000000000004000000000000", @ANYRES32, @ANYBLOB="000000160100000018001200080001"], 0x38}}, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a310000000040000000030a010200000000000000000100000009000300739c7a320000000014000480080002400000000008000140000000050900010073797a310000000044000000050a01020000000000000000010000000c00024000000000000000010900010073797a3100000000180004"], 0xcc}}, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) syz_open_dev$cec(&(0x7f0000000000), 0xffffffffffffffff, 0x0) gettid() r8 = io_uring_setup(0x7fe7, &(0x7f0000000140)={0x0, 0x0, 0x3000}) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r10 = socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r10, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)={0x7c, r11, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r12}, @void}}, [@NL80211_ATTR_FRAME={0x5d, 0x33, @beacon={{{}, {0x8}, @device_b, @device_b}, 0x1000, @random, 0x0, @void, @val, @val={0x3, 0x1, 0x3}, @void, @void, @val={0x5, 0x3}, @void, @void, @val={0x3c, 0x4, {0x0, 0x0, 0xb7}}, @val={0x2d, 0x1a, {0x2, 0x2, 0x6, 0x0, {0x6df, 0xff, 0x0, 0x3, 0x0, 0x1, 0x0, 0x3, 0x1}, 0x1, 0x101, 0x5}}, @void, @val={0x71, 0x7, {0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x60}}, @void}}]}, 0x7c}, 0x1, 0x0, 0x0, 0x4005}, 0x0) io_uring_enter(r8, 0x0, 0xe257, 0x1, 0x0, 0x0) r13 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) ioctl$TUNSETDEBUG(r13, 0x400454c9, &(0x7f0000000280)=0xd) syz_io_uring_setup(0xd5, &(0x7f0000000480), &(0x7f0000000040), &(0x7f0000000080)) 8.354693409s ago: executing program 1 (id=1820): socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000300)="d8000000180081054e81f783db4cb9040a1db00006007c02e8fc55a10a0015000600142603600e120800020000000401a8000500fec0ffff00000000035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbaceac3c2fb14c2ee5a7cef4090000001fb71b14d6d930dfe1d9d322fe7c9f8775820d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad9e3bb9ad809d5e1cace0d81ed0bffece0b42a9ecbee5de6ccd4e1ffffffffc1c9b6278754ca397c388b0dd6e4edef3d9300"/216, 0xd8}], 0x1}, 0x0) r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000200), 0x402, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x38011, r0, 0x0) unshare(0x2a020400) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) socket$can_raw(0x1d, 0x3, 0x1) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000000000003b"], 0x3c}}, 0x4) ioctl$KVM_SET_GSI_ROUTING(r2, 0x4020ae46, &(0x7f0000000180)=ANY=[@ANYBLOB="01000000000000"]) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x6) socket$inet6(0xa, 0x1, 0x8010000000000084) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000280)=ANY=[@ANYRESDEC], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='cmdline\x00') readv(r3, &(0x7f0000000280), 0x2) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000280)='./binderfs/binder0\x00', 0x2, 0x0) sendmsg$AUDIT_USER_AVC(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="100000005304000202630d21b9624b45d665ab704f6fe88f58ba7031e94c6056d4ea1a89c7fa58a8d9616f805b8728"], 0x10}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000080) ioprio_set$uid(0x3, 0x0, 0x0) r4 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r4, &(0x7f0000000080), 0xc) read(r4, 0x0, 0x0) r5 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r5, 0x0, 0x0) write$binfmt_script(r5, 0x0, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000240)={{{@in=@loopback, @in6=@private0, 0x4e22, 0x8000, 0x4e24, 0x1000, 0x2, 0x0, 0x40, 0x2b}, {0x0, 0x0, 0x0, 0x60677287, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffffc}, {0x0, 0x0, 0x9, 0x8000000000000000}, 0x1c00, 0x6e6bbe, 0x2, 0x0, 0x0, 0x3}, {{@in=@broadcast, 0x0, 0x33}, 0x0, @in=@local, 0xffffffff, 0x0, 0x0, 0x5b, 0x29, 0x5}}, 0xe8) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000001500010000000000000000000100000008000100", @ANYBLOB="2c86795a879364549170a2a17c32868133"], 0x1c}}, 0x4000) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000480)={'#! ', './file0'}, 0xb) 5.155187015s ago: executing program 1 (id=1821): syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) r2 = io_uring_setup(0x1de0, &(0x7f0000000440)={0x0, 0x0, 0x40}) r3 = openat$cgroup_ro(r1, &(0x7f00000004c0)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r3, 0x0) io_uring_register$IORING_REGISTER_RESTRICTIONS(r2, 0xb, &(0x7f0000000000)=[@ioring_restriction_sqe_flags_required], 0x6) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) io_submit(0x0, 0x11, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB="2400000003080102000000000000000000000000060002400000e9eefa900301000000009b68a08ccc81915cd6f83b489e8370daaf341cdafe0d96d2b905f0be3a5d901b1ddb1cf6e5af6451b7923fb1b5926dca21307929a5743e0395f958007d866a36beb634e518bf61d3c5a4e58e76ee7fdce517a98d1dcf239daf2ef30db669226c5feecd3bd7d433175aa23d16bd6431ba3e"], 0x24}}, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mlock2(&(0x7f0000006000/0x3000)=nil, 0x3000, 0x0) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mremap(&(0x7f0000241000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000) move_pages(0x0, 0x1, &(0x7f0000000180)=[&(0x7f0000a7a000/0x3000)=nil], &(0x7f00000001c0), 0x0, 0x0) ioctl$TIOCSTI(r5, 0x5423, &(0x7f0000000080)=0x7) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) unshare(0x20000400) 1.597375727s ago: executing program 1 (id=1823): r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000440)='.\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000340)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x200000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) ioctl$sock_inet_udp_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f00000003c0)) ptrace$pokeuser(0x6, 0x0, 0x8, 0x9ca) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000780)=ANY=[@ANYRES8=r1, @ANYBLOB="7ec735ef193f77d2722a85d674c1df2c69189478fd1ca4575e028596f20f579294252bcbd5b9dc00e7b1a8b6d82978333b104412fd41200d0c49ff5935271ba9471cda2a880690d3e05e483c235558fec5eb1b7dace1657774543df2444fc9dade1d515c8fc697c3555116984399e6359dc638a621e241a9ce0c15180caad6cfb6a0017d7a8a54c084ca0971677073cc48a770fc47c501b387c0d58191c4e7a450d5bca20de8444c42a7212ebd53f98a3e90e102022a3026765657c347833971be646c1466d1762268dd79fdbc6534d7b5dc245e412f2a4275d98088aee9bef52f3813ced15c0bcd072a34d96b5ee4530980c9da76e1dd", @ANYBLOB, @ANYRES64, @ANYRES16=r2, @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2, @void, @value}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{}, 0x0, &(0x7f00000002c0)}, 0x20) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000400)='xen_cpu_load_idt\x00', r5}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0, @void, @value, @void, @value}, 0x48) socket$unix(0x1, 0x2, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f00000004c0)=ANY=[@ANYBLOB="6d5c69729407a784cdbf4ecde16dc6a1856624593f590375c9ad9399399d01f86d1907706d56410d23e3a7100e94e84615291f9f6cdea7dd30466bde7b91bc9d4deef4288b86ba8c2e05c1e1af13d6662fcf49f1ecc8dd244a8bc109bec2bfb8f1ea4e0147723a43a133f1ebd7dc74d7649e3530b251dbfc22ce752a2f9ee4012255faf67177010de7f8ce4a6f55293adc117587b8f9ad37ebb901c6dcd8a1ca1f8721150340ad0c2e8a31013c4dfbdb5753c73158d2796f88812dfc0105d0d201ba76d436e803cd26db76a48eb1015f147434eb97a69c2bfc99d9f4e4b1f381"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x90) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x7, 0x8, 0x7, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x8a) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f00000001c0)='ext4_ext_remove_space\x00', r6}, 0x10) bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0) request_key(&(0x7f0000000100)='asymmetric\x00', &(0x7f0000000140)={'syz', 0x1}, &(0x7f0000000180)='keyring\x00', 0x0) mknodat$loop(r0, &(0x7f0000000080)='./file0\x00', 0x1000, 0x0) faccessat2(r0, &(0x7f0000000000)='./file0\x00', 0x2, 0x0) 0s ago: executing program 1 (id=1824): socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{0x0}], 0x1, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) pipe2$9p(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000080)={'\x00', 0x1}) ioctl$TUNSETOFFLOAD(r3, 0x400454c9, 0xb) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, 0x0) syz_emit_ethernet(0x6e, &(0x7f00000004c0)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x38, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, {[@md5sig={0x13, 0x12, "d082e275205e556149a021cc13c33d89"}, @md5sig={0x13, 0x12, "27406263e43d5959a166a23bd1116edc"}]}}}}}}}}, 0x0) socket$unix(0x1, 0x1, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000580)=ANY=[@ANYBLOB="12010000000000200b06010000000000000109022400010000000009040000010300000009210000000122050009058103a00000000efb78bc108f0200"], 0x0) r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f00000003c0)=ANY=[@ANYBLOB="120100009ac0b620110f211066865578ac0109029c000100000400090400bf900b64ea00090587033b"], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) r5 = syz_io_uring_setup(0x2ddd, &(0x7f00000006c0)={0x0, 0x0, 0x10100}, &(0x7f00000003c0), &(0x7f0000000440)=0x0) syz_io_uring_setup(0x5c4, &(0x7f0000000200), &(0x7f0000000140)=0x0, &(0x7f00000002c0)) syz_io_uring_submit(r7, r6, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x4}) io_uring_enter(r5, 0xa3d, 0x0, 0x0, 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r8 = socket$kcm(0x10, 0x2, 0x0) write$cgroup_subtree(r8, &(0x7f0000000000)=ANY=[@ANYBLOB='V?\x00\x00-\x00Y'], 0xfe33) ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000140)={0xc, 0x0, 0x0}) ioctl$IOMMU_HWPT_ALLOC$TEST(r4, 0x3b89, &(0x7f00000002c0)={0x18, 0x0, 0x0, r9, 0x0, 0x0, 0xdead, 0x4, &(0x7f0000000280)}) ioctl$IOMMU_OPTION$IOMMU_OPTION_HUGE_PAGES(r4, 0x3b87, &(0x7f0000000080)={0x18, 0x1, 0x0, 0x0, r9}) kernel console output (not intermixed with test programs): 1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 745.007421][T15692] bridge0: port 1(bridge_slave_0) entered blocking state [ 745.023669][ T5301] usb 3-1: config 0 descriptor?? [ 745.050485][T15692] bridge0: port 1(bridge_slave_0) entered disabled state [ 745.080139][T15692] bridge_slave_0: entered allmulticast mode [ 745.087800][T15692] bridge_slave_0: entered promiscuous mode [ 745.107814][T15692] bridge0: port 2(bridge_slave_1) entered blocking state [ 745.116182][T15692] bridge0: port 2(bridge_slave_1) entered disabled state [ 745.123582][T15692] bridge_slave_1: entered allmulticast mode [ 745.136061][T15692] bridge_slave_1: entered promiscuous mode [ 745.210873][T15735] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 745.284153][T15735] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 745.337027][T15692] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 745.396570][T15737] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1619'. [ 745.416899][T15735] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 745.437259][ T1119] hsr_slave_0: left promiscuous mode [ 745.498007][ T1119] 0·: left promiscuous mode [ 745.503452][T15735] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 745.528702][ T1119] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 745.562631][ T1119] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 745.575303][ T1119] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 745.596766][ T1119] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 745.720534][ T1119] veth1_macvtap: left promiscuous mode [ 745.751121][ T1119] veth0_macvtap: left promiscuous mode [ 745.765999][ T1119] veth1_vlan: left promiscuous mode [ 745.790634][ T1119] veth0_vlan: left promiscuous mode [ 745.944362][ T5236] Bluetooth: hci4: command tx timeout [ 746.952503][ T51] usb 2-1: USB disconnect, device number 61 [ 747.212375][ T1119] team0 (unregistering): Port device team_slave_1 removed [ 747.328859][ T5301] usbhid 3-1:0.0: can't add hid device: -71 [ 747.337965][ T5301] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 747.340677][ T1119] team0 (unregistering): Port device team_slave_0 removed [ 747.352306][ T5301] usb 3-1: USB disconnect, device number 93 [ 747.359191][ T51] usb 2-1: new high-speed USB device number 62 using dummy_hcd [ 747.466480][ T1269] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.472926][ T1269] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.515609][ T51] usb 2-1: Using ep0 maxpacket: 16 [ 747.524777][ T51] usb 2-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice= 7.79 [ 747.535106][ T51] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 747.543178][ T51] usb 2-1: Product: syz [ 747.553418][ T51] usb 2-1: Manufacturer: syz [ 747.563860][ T51] usb 2-1: SerialNumber: syz [ 747.580536][ T51] usb 2-1: config 0 descriptor?? [ 747.812930][ T51] usb 2-1: Limiting number of CPorts to U8_MAX [ 747.835133][ T51] usb 2-1: Not enough endpoints found in device, aborting! [ 748.023930][ T5301] usb 2-1: USB disconnect, device number 62 [ 748.030002][ T5236] Bluetooth: hci4: command tx timeout [ 748.977364][ T5301] usb 2-1: new high-speed USB device number 63 using dummy_hcd [ 749.038107][T15692] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 749.159711][ T5301] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 749.170535][ T5301] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 0 [ 749.182448][ T5301] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 749.192935][ T5301] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0xA has invalid maxpacket 0 [ 749.258759][ T5301] usb 2-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.00 [ 749.284041][ T5301] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 749.292090][ T5301] usb 2-1: Product: syz [ 749.302965][ T5301] usb 2-1: Manufacturer: syz [ 749.308920][ T5301] usb 2-1: SerialNumber: syz [ 749.326579][ T5301] usb 2-1: config 0 descriptor?? [ 749.345424][ T5301] ums-isd200 2-1:0.0: USB Mass Storage device detected [ 749.447042][T15692] team0: Port device team_slave_0 added [ 749.521994][T15692] team0: Port device team_slave_1 added [ 749.607783][T15692] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 749.644355][T15692] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 749.744451][T15692] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 749.846529][T15692] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 749.909400][T15692] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 749.935608][ C0] vkms_vblank_simulate: vblank timer overrun [ 750.083844][T15692] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 750.109120][ T5236] Bluetooth: hci4: command tx timeout [ 750.472161][T15692] hsr_slave_0: entered promiscuous mode [ 750.498338][T15692] hsr_slave_1: entered promiscuous mode [ 750.518651][T15692] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 750.555756][T15692] Cannot create hsr debugfs directory [ 750.743132][ T5240] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 750.764693][ T5240] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 750.778331][ T5240] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 750.794654][ T5240] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 750.803406][ T5240] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 750.810797][ T5240] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 750.892844][T15778] delete_channel: no stack [ 750.977252][ T5240] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 750.989745][ T5240] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 751.001688][ T5240] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 751.016799][ T5240] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 751.027033][ T5240] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 751.034794][ T5240] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 751.175720][ T1119] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 751.518670][ T1119] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 751.796470][ T5301] scsi host1: usb-storage 2-1:0.0 [ 751.834107][ T5301] usb 2-1: USB disconnect, device number 63 [ 751.870491][ T1119] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 752.161081][ T1119] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 752.294446][ T5301] usb 2-1: new high-speed USB device number 64 using dummy_hcd [ 752.454033][ T5301] usb 2-1: Using ep0 maxpacket: 16 [ 752.467430][ T5301] usb 2-1: New USB device found, idVendor=2137, idProduct=0001, bcdDevice=2a.35 [ 752.478242][ T5301] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 752.498878][ T5301] usb 2-1: Product: syz [ 752.508697][ T5301] usb 2-1: Manufacturer: syz [ 752.512568][T15791] chnl_net:caif_netlink_parms(): no params data found [ 752.513454][ T5301] usb 2-1: SerialNumber: syz [ 752.531475][ T5301] usb 2-1: config 0 descriptor?? [ 752.572624][ T5301] as10x_usb: device has been detected [ 752.582562][ T5301] dvbdev: DVB: registering new adapter (Sky IT Digital Key (green led)) [ 752.627853][ T1119] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 752.635542][ T5301] usb 2-1: DVB: registering adapter 1 frontend 0 (Sky IT Digital Key (green led))... [ 752.770088][ T5301] as10x_usb: error during firmware upload part1 [ 752.779066][ T1119] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 752.796627][ T5301] Registered device Sky IT Digital Key (green led) [ 752.920719][ T5236] Bluetooth: hci2: command tx timeout [ 752.963231][T15791] bridge0: port 1(bridge_slave_0) entered blocking state [ 752.972095][T15791] bridge0: port 1(bridge_slave_0) entered disabled state [ 752.999126][T15791] bridge_slave_0: entered allmulticast mode [ 753.006354][T15791] bridge_slave_0: entered promiscuous mode [ 753.017037][T15830] random: crng reseeded on system resumption [ 753.090215][ T5236] Bluetooth: hci3: command tx timeout [ 753.196166][ T1119] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 753.278348][T15791] bridge0: port 2(bridge_slave_1) entered blocking state [ 753.286848][T15791] bridge0: port 2(bridge_slave_1) entered disabled state [ 753.294980][T15791] bridge_slave_1: entered allmulticast mode [ 753.302207][T15791] bridge_slave_1: entered promiscuous mode [ 753.363614][T15795] chnl_net:caif_netlink_parms(): no params data found [ 753.404830][ T1119] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 753.459036][T15791] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 753.537265][T15791] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 753.547898][ T5236] Bluetooth: hci1: command 0x0406 tx timeout [ 753.635861][T15833] netlink: 'syz.1.1633': attribute type 1 has an invalid length. [ 753.769518][T15791] team0: Port device team_slave_0 added [ 753.854596][ T5286] usb 3-1: new high-speed USB device number 94 using dummy_hcd [ 753.869042][T15791] team0: Port device team_slave_1 added [ 753.966551][T15692] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 753.983314][T15795] bridge0: port 1(bridge_slave_0) entered blocking state [ 753.992882][T15795] bridge0: port 1(bridge_slave_0) entered disabled state [ 754.003178][T15795] bridge_slave_0: entered allmulticast mode [ 754.011923][ T5286] usb 3-1: Using ep0 maxpacket: 32 [ 754.025242][ T5286] usb 3-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 754.034793][T15795] bridge_slave_0: entered promiscuous mode [ 754.046741][T15791] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 754.056261][ T5286] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 754.075348][T15791] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 754.115245][ T5286] usb 3-1: config 0 descriptor?? [ 754.121562][T15791] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 754.136272][ T5286] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 754.150680][T15791] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 754.161942][T15791] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 754.194399][T15791] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 754.208391][T15692] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 754.234941][T15795] bridge0: port 2(bridge_slave_1) entered blocking state [ 754.251079][T15795] bridge0: port 2(bridge_slave_1) entered disabled state [ 754.259795][T15795] bridge_slave_1: entered allmulticast mode [ 754.275948][T15795] bridge_slave_1: entered promiscuous mode [ 754.290771][ T1119] bridge_slave_1: left allmulticast mode [ 754.312850][ T1119] bridge_slave_1: left promiscuous mode [ 754.319871][ T1119] bridge0: port 2(bridge_slave_1) entered disabled state [ 754.330231][ T1119] bridge_slave_0: left allmulticast mode [ 754.339485][ T1119] bridge_slave_0: left promiscuous mode [ 754.345441][ T1119] bridge0: port 1(bridge_slave_0) entered disabled state [ 754.359365][ T1119] bridge_slave_1: left allmulticast mode [ 754.370712][ T1119] bridge_slave_1: left promiscuous mode [ 754.379596][ T1119] bridge0: port 2(bridge_slave_1) entered disabled state [ 754.390834][ T1119] bridge_slave_0: left allmulticast mode [ 754.397784][ T1119] bridge_slave_0: left promiscuous mode [ 754.403593][ T1119] bridge0: port 1(bridge_slave_0) entered disabled state [ 754.852284][ T5286] gspca_vc032x: reg_w err -110 [ 754.857219][ T5286] gspca_vc032x: I2c Bus Busy Wait 00 [ 754.864028][ T5286] gspca_vc032x: I2c Bus Busy Wait 00 [ 754.896523][ T5286] gspca_vc032x: I2c Bus Busy Wait 00 [ 754.901865][ T5286] gspca_vc032x: I2c Bus Busy Wait 00 [ 754.929030][ T5286] gspca_vc032x: I2c Bus Busy Wait 00 [ 754.935208][ T5286] gspca_vc032x: I2c Bus Busy Wait 00 [ 754.937670][ T5235] usb 2-1: USB disconnect, device number 64 [ 754.946582][ T5286] gspca_vc032x: I2c Bus Busy Wait 00 [ 754.952677][ T5286] gspca_vc032x: I2c Bus Busy Wait 00 [ 754.962862][ T5286] gspca_vc032x: I2c Bus Busy Wait 00 [ 754.975888][ T5286] gspca_vc032x: I2c Bus Busy Wait 00 [ 754.983223][ T5286] gspca_vc032x: I2c Bus Busy Wait 00 [ 754.989914][ T5286] gspca_vc032x: I2c Bus Busy Wait 00 [ 754.995523][ T5240] Bluetooth: hci2: command tx timeout [ 755.012918][ T5286] gspca_vc032x: I2c Bus Busy Wait 00 [ 755.042641][ T5235] Unregistered device Sky IT Digital Key (green led) [ 755.046410][ T5235] as10x_usb: device has been disconnected [ 755.047103][ T5286] gspca_vc032x: I2c Bus Busy Wait 00 [ 755.075836][ T5286] gspca_vc032x: I2c Bus Busy Wait 00 [ 755.081197][ T5286] gspca_vc032x: I2c Bus Busy Wait 00 [ 755.093450][ T5240] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 755.109447][ T5286] gspca_vc032x: I2c Bus Busy Wait 00 [ 755.118776][ T5286] gspca_vc032x: I2c Bus Busy Wait 00 [ 755.130899][ T5286] gspca_vc032x: Unknown sensor... [ 755.141585][ T5286] vc032x 3-1:0.0: probe with driver vc032x failed with error -22 [ 755.153989][ T5240] Bluetooth: hci3: command tx timeout [ 755.323693][ T29] audit: type=1326 audit(1727504977.379:5768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15852 comm="syz.1.1636" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7023d7dff9 code=0x0 [ 755.436944][T15856] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(10) [ 755.443579][T15856] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 755.453693][T15856] vhci_hcd vhci_hcd.0: Device attached [ 755.480572][T15856] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1636'. [ 755.641845][ T5235] vhci_hcd: vhci_device speed not set [ 755.713872][ T5235] usb 11-1: new full-speed USB device number 4 using vhci_hcd [ 755.857698][ T1119] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 755.889291][ T1119] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 755.907544][ T1119] bond0 (unregistering): Released all slaves [ 755.966214][T15857] vhci_hcd: connection reset by peer [ 755.981762][ T35] vhci_hcd: stop threads [ 755.986140][ T35] vhci_hcd: release socket [ 756.002245][ T35] vhci_hcd: disconnect device [ 756.227011][ T1119] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 756.243513][ T1119] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 756.255984][ T1119] bond0 (unregistering): Released all slaves [ 756.294901][T15692] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 756.461374][T15853] netlink: 'syz.1.1636': attribute type 5 has an invalid length. [ 756.473891][T15856] netlink: 'syz.1.1636': attribute type 1 has an invalid length. [ 756.481851][T15856] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1636'. [ 756.498424][ T5290] usb 3-1: USB disconnect, device number 94 [ 756.540759][T15856] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 756.551974][T15856] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 756.562806][T15856] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 756.574752][T15856] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 756.645961][T15692] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 756.807932][T15795] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 756.837059][T15795] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 756.893362][T15791] hsr_slave_0: entered promiscuous mode [ 756.915481][T15791] hsr_slave_1: entered promiscuous mode [ 756.921895][T15791] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 756.954121][T15791] Cannot create hsr debugfs directory [ 757.064110][ T5240] Bluetooth: hci2: command tx timeout [ 757.092848][ T5240] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 757.097247][ T29] audit: type=1326 audit(1727504979.149:5769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15872 comm="syz.2.1639" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fefd997dff9 code=0x0 [ 757.102853][ T5240] Bluetooth: hci1: Malformed Event: 0x02 [ 757.220717][T15795] team0: Port device team_slave_0 added [ 757.224129][ T5240] Bluetooth: hci3: command tx timeout [ 757.279923][T15795] team0: Port device team_slave_1 added [ 757.540960][T15795] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 757.559593][T15795] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 757.585536][ C0] vkms_vblank_simulate: vblank timer overrun [ 757.609084][T15795] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 757.687566][T15795] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 757.696375][T15795] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 757.729674][T15795] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 757.852759][ T1119] hsr_slave_0: left promiscuous mode [ 757.859192][ T1119] hsr_slave_1: left promiscuous mode [ 757.870878][ T1119] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 757.904498][ T1119] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 757.916287][ T1119] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 757.928529][ T1119] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 757.960496][ T1119] hsr_slave_0: left promiscuous mode [ 757.972459][ T1119] hsr_slave_1: left promiscuous mode [ 757.988170][ T1119] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 757.996723][ T1119] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 758.014925][ T1119] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 758.023081][ T1119] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 758.066447][ T1119] veth1_macvtap: left promiscuous mode [ 758.072022][ T1119] veth0_macvtap: left promiscuous mode [ 758.078787][ T1119] veth1_vlan: left promiscuous mode [ 758.088915][ T1119] veth0_vlan: left promiscuous mode [ 758.129248][ T1119] veth1_macvtap: left promiscuous mode [ 758.137879][ T1119] veth0_macvtap: left promiscuous mode [ 758.143636][ T1119] veth1_vlan: left promiscuous mode [ 758.176083][ T1119] veth0_vlan: left promiscuous mode [ 758.500883][T15897] SET target dimension over the limit! [ 759.144117][ T5240] Bluetooth: hci2: command tx timeout [ 759.304150][ T5240] Bluetooth: hci3: command tx timeout [ 759.885747][ T1119] team0 (unregistering): Port device team_slave_1 removed [ 760.136254][ T1119] team0 (unregistering): Port device team_slave_0 removed [ 760.379000][T15906] VFS: Mount too revealing [ 760.824096][ T5235] vhci_hcd: vhci_device speed not set [ 761.730009][ T1119] team0 (unregistering): Port device team_slave_1 removed [ 761.792775][ T1119] team0 (unregistering): Port device team_slave_0 removed [ 762.501075][T15908] netlink: 'syz.1.1643': attribute type 10 has an invalid length. [ 762.530342][T15908] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 762.545215][T15908] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 762.607477][T15795] hsr_slave_0: entered promiscuous mode [ 762.641259][T15795] hsr_slave_1: entered promiscuous mode [ 762.648042][T15795] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 762.656085][T15795] Cannot create hsr debugfs directory [ 762.867396][T15913] tipc: Invalid UDP bearer configuration [ 762.867441][T15913] tipc: Enabling of bearer rejected, failed to enable media [ 762.943885][ T5235] usb 2-1: new high-speed USB device number 65 using dummy_hcd [ 762.987382][T15692] 8021q: adding VLAN 0 to HW filter on device bond0 [ 763.094953][ T5235] usb 2-1: Using ep0 maxpacket: 32 [ 763.125317][ T5235] usb 2-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 763.153104][T15692] 8021q: adding VLAN 0 to HW filter on device team0 [ 763.168864][ T5235] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 763.218184][ T5235] usb 2-1: config 0 descriptor?? [ 763.301702][ T5235] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 763.335593][ T1114] bridge0: port 1(bridge_slave_0) entered blocking state [ 763.342698][ T1114] bridge0: port 1(bridge_slave_0) entered forwarding state [ 763.368168][ T1114] bridge0: port 2(bridge_slave_1) entered blocking state [ 763.375325][ T1114] bridge0: port 2(bridge_slave_1) entered forwarding state [ 763.738068][T15930] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1646'. [ 763.761885][T15791] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 763.779208][ T5235] gspca_vc032x: reg_w err -71 [ 763.784347][ T5235] gspca_vc032x: I2c Bus Busy Wait 00 [ 763.805267][T15791] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 763.810784][ T5235] gspca_vc032x: I2c Bus Busy Wait 00 [ 763.826174][ T5235] gspca_vc032x: I2c Bus Busy Wait 00 [ 763.827465][T15791] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 763.831531][ T5235] gspca_vc032x: I2c Bus Busy Wait 00 [ 763.860946][T15791] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 763.872040][ T5235] gspca_vc032x: I2c Bus Busy Wait 00 [ 763.884035][ T5235] gspca_vc032x: I2c Bus Busy Wait 00 [ 763.894439][ T5235] gspca_vc032x: I2c Bus Busy Wait 00 [ 763.907296][ T5235] gspca_vc032x: I2c Bus Busy Wait 00 [ 763.912627][ T5235] gspca_vc032x: I2c Bus Busy Wait 00 [ 763.946790][ T5235] gspca_vc032x: I2c Bus Busy Wait 00 [ 763.952132][ T5235] gspca_vc032x: I2c Bus Busy Wait 00 [ 763.960212][ T5235] gspca_vc032x: I2c Bus Busy Wait 00 [ 763.968762][ T5235] gspca_vc032x: I2c Bus Busy Wait 00 [ 763.981988][ T5235] gspca_vc032x: I2c Bus Busy Wait 00 [ 763.988505][ T5235] gspca_vc032x: I2c Bus Busy Wait 00 [ 764.006562][ T5235] gspca_vc032x: I2c Bus Busy Wait 00 [ 764.022984][ T5235] gspca_vc032x: I2c Bus Busy Wait 00 [ 764.044850][ T5235] gspca_vc032x: I2c Bus Busy Wait 00 [ 764.051957][ T5235] gspca_vc032x: Unknown sensor... [ 764.062565][T15692] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 764.072515][T15939] bridge0: port 3(erspan0) entered blocking state [ 764.074791][ T5235] vc032x 2-1:0.0: probe with driver vc032x failed with error -22 [ 764.082874][T15939] bridge0: port 3(erspan0) entered disabled state [ 764.097182][T15939] erspan0: entered allmulticast mode [ 764.115159][T15939] erspan0: entered promiscuous mode [ 764.120969][T15939] bridge0: port 3(erspan0) entered blocking state [ 764.129300][T15939] bridge0: port 3(erspan0) entered forwarding state [ 764.137428][ T5235] usb 2-1: USB disconnect, device number 65 [ 764.287060][T15692] veth0_vlan: entered promiscuous mode [ 764.312181][T15692] veth1_vlan: entered promiscuous mode [ 764.470289][ T29] audit: type=1326 audit(1727504986.529:5770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15949 comm="syz.1.1648" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7023d7dff9 code=0x0 [ 764.555600][T15692] veth0_macvtap: entered promiscuous mode [ 764.633467][T15692] veth1_macvtap: entered promiscuous mode [ 764.656808][T15795] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 764.695394][T15795] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 764.738014][T15791] 8021q: adding VLAN 0 to HW filter on device bond0 [ 764.746638][T15795] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 764.761195][T15795] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 764.789492][T15692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 764.803378][T15692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 764.819145][T15692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 764.843537][T15692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 764.870302][T15692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 764.901517][T15692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 764.923928][T15692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 764.946154][T15692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 764.960447][T15692] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 764.983301][T15791] 8021q: adding VLAN 0 to HW filter on device team0 [ 765.006585][T15692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 765.018562][T15692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 765.029639][T15692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 765.041552][T15692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 765.051722][T15692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 765.062383][T15692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 765.092268][T15692] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 765.103065][T15692] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 765.114972][T15692] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 765.153390][ T2565] bridge0: port 1(bridge_slave_0) entered blocking state [ 765.160518][ T2565] bridge0: port 1(bridge_slave_0) entered forwarding state [ 765.198736][ T2565] bridge0: port 2(bridge_slave_1) entered blocking state [ 765.205900][ T2565] bridge0: port 2(bridge_slave_1) entered forwarding state [ 765.227830][T15692] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 765.245299][T15692] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 765.261071][T15692] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 765.276907][T15692] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 765.639754][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 765.666154][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 765.697778][T15795] 8021q: adding VLAN 0 to HW filter on device bond0 [ 765.721640][T15791] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 765.729228][T15974] syz.1.1650 (15974): drop_caches: 4 [ 765.775055][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 765.796853][ T5240] Bluetooth: hci1: unexpected event for opcode 0x080d [ 765.816534][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 765.831412][T15795] 8021q: adding VLAN 0 to HW filter on device team0 [ 765.891237][ T1119] bridge0: port 1(bridge_slave_0) entered blocking state [ 765.898394][ T1119] bridge0: port 1(bridge_slave_0) entered forwarding state [ 765.956559][ T1119] bridge0: port 2(bridge_slave_1) entered blocking state [ 765.963803][ T1119] bridge0: port 2(bridge_slave_1) entered forwarding state [ 766.136514][T15791] veth0_vlan: entered promiscuous mode [ 766.326357][T15791] veth1_vlan: entered promiscuous mode [ 766.354020][T15983] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 766.370377][T15983] ipvlan0: entered promiscuous mode [ 766.376772][T15983] ipvlan0: left promiscuous mode [ 766.381924][T15983] netdevsim netdevsim4 netdevsim0: left promiscuous mode [ 766.641573][T15795] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 766.672341][T15791] veth0_macvtap: entered promiscuous mode [ 766.733332][T15791] veth1_macvtap: entered promiscuous mode [ 766.796430][T15791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 766.838436][T15791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 766.851903][T15791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 766.875997][T15791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 766.931605][T15791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 766.986070][T15791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 767.010524][T15791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 767.032471][T15791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 767.048761][T15791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 767.059694][T15791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 767.079705][T15791] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 767.097389][T15995] tipc: Invalid UDP bearer configuration [ 767.097431][T15995] tipc: Enabling of bearer rejected, failed to enable media [ 767.132361][T15795] veth0_vlan: entered promiscuous mode [ 767.151914][T15791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 767.163388][T15791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 767.179603][T15791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 767.226668][T15791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 767.241250][T15791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 767.253095][T15791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 767.270018][T15791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 767.281037][T15791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 767.296628][T15791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 767.317429][T15791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 767.382347][T15791] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 767.391531][T15998] futex_wake_op: syz.4.1654 tries to shift op by -1; fix this program [ 767.440543][T15791] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 767.452458][T15791] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 767.462531][T15791] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 767.480298][T15791] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 767.568447][T15795] veth1_vlan: entered promiscuous mode [ 767.692870][ T1114] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 767.763451][ T1114] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 767.839844][T15795] veth0_macvtap: entered promiscuous mode [ 767.885721][T15795] veth1_macvtap: entered promiscuous mode [ 767.934820][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 767.943186][ T29] audit: type=1326 audit(1727504989.999:5771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16010 comm="syz.4.1656" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f931fb7dff9 code=0x0 [ 767.953677][T15795] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 767.973546][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 768.030226][T15795] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 768.063071][T15795] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 768.083900][T15795] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 768.095037][T15795] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 768.110854][T15795] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 768.122286][T15795] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 768.141318][T15795] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 768.151804][T15795] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 768.163000][T15795] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 768.173490][T15795] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 768.201571][T15795] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 768.229536][T15795] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 768.307396][ T29] audit: type=1326 audit(1727504990.369:5772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16014 comm="syz.1.1657" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7023d7dff9 code=0x0 [ 768.309450][T15795] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 768.351281][T15795] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 768.363453][T15795] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 768.379604][T15795] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 768.413653][T15795] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 768.477432][T15795] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 768.488075][T15795] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 768.499244][T15795] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 768.511111][T15795] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 768.522051][T15795] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 768.532882][T15795] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 768.547001][T15795] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 768.591883][T15795] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 768.647780][T15795] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 768.703084][T15795] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 768.790614][T15795] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 768.883987][T15795] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 768.930490][ T29] audit: type=1326 audit(1727504990.989:5773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16050 comm="syz.4.1659" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f931fb7dff9 code=0x7ffc0000 [ 769.030882][ T29] audit: type=1326 audit(1727504991.019:5774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16050 comm="syz.4.1659" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f931fb7dff9 code=0x7ffc0000 [ 769.054386][ T29] audit: type=1326 audit(1727504991.019:5775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16050 comm="syz.4.1659" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f931fb7dff9 code=0x7ffc0000 [ 769.079760][ T29] audit: type=1326 audit(1727504991.019:5776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16050 comm="syz.4.1659" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f931fb7dff9 code=0x7ffc0000 [ 769.124680][ T29] audit: type=1326 audit(1727504991.019:5777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16050 comm="syz.4.1659" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f931fb7dff9 code=0x7ffc0000 [ 769.231488][ T29] audit: type=1326 audit(1727504991.039:5778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16050 comm="syz.4.1659" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f931fb7dff9 code=0x7ffc0000 [ 769.302560][ T29] audit: type=1326 audit(1727504991.039:5779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16050 comm="syz.4.1659" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f931fb7dff9 code=0x7ffc0000 [ 769.403500][ T1119] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 769.446296][ T1119] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 769.490255][ T1119] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 769.517323][ T1119] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 769.875317][ T5240] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 769.885004][ T5240] Bluetooth: hci1: Injecting HCI hardware error event [ 769.896475][ T5240] Bluetooth: hci1: hardware error 0x00 [ 770.063685][T16071] could not allocate digest TFM handle sha256-arm64-neon [ 770.214744][ T5301] usb 1-1: new high-speed USB device number 77 using dummy_hcd [ 770.373871][ T5301] usb 1-1: Using ep0 maxpacket: 8 [ 770.432282][ T5301] usb 1-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 770.453029][ T5301] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 770.481499][ T5301] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 770.498221][ T5321] usb 4-1: new high-speed USB device number 69 using dummy_hcd [ 770.523585][ T5301] usb 1-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 770.576507][ T5301] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 770.619311][ T5301] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 770.667626][ T5321] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 770.714368][ T5301] usbtmc 1-1:16.0: bulk endpoints not found [ 770.731323][ T5321] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 770.804220][ T5321] usb 4-1: config 0 descriptor?? [ 770.815727][ T5321] cp210x 4-1:0.0: cp210x converter detected [ 770.884472][T16105] tipc: Invalid UDP bearer configuration [ 770.884517][T16105] tipc: Enabling of bearer rejected, failed to enable media [ 771.131682][ T1114] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 771.341282][ T1114] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 771.375521][ T5321] cp210x 4-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 771.471644][ T1114] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 771.603161][ T5321] usb 4-1: cp210x converter now attached to ttyUSB0 [ 771.612468][ T1114] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 771.774210][ T1114] erspan0: left allmulticast mode [ 771.782434][ T1114] erspan0: left promiscuous mode [ 771.795281][ T1114] bridge0: port 3(erspan0) entered disabled state [ 771.822841][ T1114] bridge_slave_1: left allmulticast mode [ 771.836476][ T1114] bridge_slave_1: left promiscuous mode [ 771.847282][ T1114] bridge0: port 2(bridge_slave_1) entered disabled state [ 771.862436][ T1114] bridge_slave_0: left allmulticast mode [ 771.871963][ T1114] bridge_slave_0: left promiscuous mode [ 771.881489][ T1114] bridge0: port 1(bridge_slave_0) entered disabled state [ 772.035370][ T5240] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 772.158379][ T29] kauditd_printk_skb: 64 callbacks suppressed [ 772.158398][ T29] audit: type=1326 audit(1727504994.219:5844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16109 comm="syz.1.1668" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7023d7dff9 code=0x0 [ 772.257756][T16113] netlink: 209840 bytes leftover after parsing attributes in process `syz.4.1670'. [ 772.507113][ T5236] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 772.517254][ T5236] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 772.529440][ T5236] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 772.538859][ T5236] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 772.564662][ T5236] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 772.575503][ T5236] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 772.585447][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 772.715724][ T5235] usb 1-1: USB disconnect, device number 77 [ 773.243960][ T5235] usb 1-1: new high-speed USB device number 78 using dummy_hcd [ 773.312189][ T1114] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 773.327215][ T1114] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 773.344570][ T1114] bond0 (unregistering): Released all slaves [ 773.372027][ T8] usb 4-1: USB disconnect, device number 69 [ 773.392479][ T8] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 773.421595][ T8] cp210x 4-1:0.0: device disconnected [ 773.433883][ T5235] usb 1-1: Using ep0 maxpacket: 8 [ 773.537703][T16129] autofs4:pid:16129:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(1.2), cmd(0xc018937e) [ 773.555815][ T29] audit: type=1326 audit(1727504995.619:5845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16127 comm="syz.1.1673" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7023d7dff9 code=0x0 [ 773.611131][T16129] autofs4:pid:16129:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc018937e) [ 773.639927][ T5235] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 773.651194][ T5235] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 773.660661][ T5235] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 773.689171][ T5235] usb 1-1: config 0 descriptor?? [ 773.749846][T16129] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1672'. [ 773.919867][T16141] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1672'. [ 773.933658][ T5235] iowarrior 1-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 774.664502][ T5236] Bluetooth: hci1: command tx timeout [ 774.786186][ T1114] hsr_slave_0: left promiscuous mode [ 774.802024][ T1114] hsr_slave_1: left promiscuous mode [ 774.809137][ T1114] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 774.826057][T16151] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1675'. [ 774.870173][T16151] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1675'. [ 774.889562][ T1114] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 774.952669][ T1114] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 775.065628][ T1114] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 775.231735][ T1114] veth1_macvtap: left promiscuous mode [ 775.294931][ T1114] veth0_macvtap: left promiscuous mode [ 775.313920][ T1114] veth1_vlan: left promiscuous mode [ 775.327864][ T1114] veth0_vlan: left promiscuous mode [ 775.616356][ T5235] usb 1-1: USB disconnect, device number 78 [ 775.616388][ C1] iowarrior 1-1:0.0: iowarrior_callback - usb_submit_urb failed with result -19 [ 775.632456][ T5235] iowarrior 1-1:0.0: I/O-Warror #0 now disconnected [ 776.692626][T16171] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1679'. [ 776.745116][ T5236] Bluetooth: hci1: command tx timeout [ 776.791342][ T29] audit: type=1326 audit(1727504998.849:5846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16170 comm="syz.4.1679" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f931fb7dff9 code=0x0 [ 777.191442][ T1114] team0 (unregistering): Port device team_slave_1 removed [ 777.295565][ T1114] team0 (unregistering): Port device team_slave_0 removed [ 777.949934][T16120] chnl_net:caif_netlink_parms(): no params data found [ 777.980028][T16162] netlink: 'syz.1.1677': attribute type 29 has an invalid length. [ 777.989516][T16168] tipc: Invalid UDP bearer configuration [ 777.989551][T16168] tipc: Enabling of bearer rejected, failed to enable media [ 778.012803][T16171] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1679'. [ 778.038975][T16184] netlink: 'syz.3.1681': attribute type 10 has an invalid length. [ 778.097148][T16184] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 778.402283][T16196] sctp: [Deprecated]: syz.4.1684 (pid 16196) Use of int in max_burst socket option deprecated. [ 778.402283][T16196] Use struct sctp_assoc_value instead [ 778.557424][T16120] bridge0: port 1(bridge_slave_0) entered blocking state [ 778.573893][T16120] bridge0: port 1(bridge_slave_0) entered disabled state [ 778.607417][T16120] bridge_slave_0: entered allmulticast mode [ 778.614518][T16120] bridge_slave_0: entered promiscuous mode [ 778.637733][T16120] bridge0: port 2(bridge_slave_1) entered blocking state [ 778.637802][T16120] bridge0: port 2(bridge_slave_1) entered disabled state [ 778.638003][T16120] bridge_slave_1: entered allmulticast mode [ 778.638700][T16120] bridge_slave_1: entered promiscuous mode [ 778.662383][T16120] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 778.674648][T16214] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1687'. [ 778.677475][T16120] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 778.717584][T16120] team0: Port device team_slave_0 added [ 778.729406][T16120] team0: Port device team_slave_1 added [ 778.824654][ T5236] Bluetooth: hci1: command tx timeout [ 778.897734][T16120] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 778.897748][T16120] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 778.897765][T16120] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 778.898784][T16120] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 778.898795][T16120] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 778.898809][T16120] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 779.014576][ T5290] usb 4-1: new high-speed USB device number 70 using dummy_hcd [ 779.110408][T16120] hsr_slave_0: entered promiscuous mode [ 779.119461][T16120] hsr_slave_1: entered promiscuous mode [ 779.272279][T16197] tty tty3: ldisc open failed (-12), clearing slot 2 [ 779.388318][ T5290] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 779.407220][ T5290] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 779.434791][ T5290] usb 4-1: Product: syz [ 779.453998][ T5290] usb 4-1: Manufacturer: syz [ 779.458645][ T5290] usb 4-1: SerialNumber: syz [ 779.489080][ T5290] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 779.512827][ T5235] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 780.138058][T16248] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1692'. [ 780.524790][T16253] netem: incorrect ge model size [ 780.564469][T16253] netem: change failed [ 780.580129][T16259] tipc: Invalid UDP bearer configuration [ 780.580169][T16259] tipc: Enabling of bearer rejected, failed to enable media [ 780.593923][ T5235] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 780.628654][ T5235] ath9k_htc: Failed to initialize the device [ 780.747108][ T5235] usb 4-1: ath9k_htc: USB layer deinitialized [ 780.905448][ T5236] Bluetooth: hci1: command tx timeout [ 780.990884][ T5301] usb 4-1: USB disconnect, device number 70 [ 781.293134][T16120] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 781.308150][T16120] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 781.398924][T16120] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 781.478725][T16120] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 781.727326][T16278] netlink: 'syz.0.1697': attribute type 29 has an invalid length. [ 781.779229][T16292] netlink: 'syz.0.1697': attribute type 29 has an invalid length. [ 781.814870][T16278] netlink: 'syz.0.1697': attribute type 29 has an invalid length. [ 781.855853][T16278] netlink: 'syz.0.1697': attribute type 29 has an invalid length. [ 781.890553][T16297] kAFS: unable to lookup cell '×­àé6Wêáâ6ß¾—™äé%¾$ɆJJ¼÷=1 ©üU–¿Çxƒì' [ 781.949728][T16120] 8021q: adding VLAN 0 to HW filter on device bond0 [ 781.968796][T16120] 8021q: adding VLAN 0 to HW filter on device team0 [ 781.993160][ T1119] bridge0: port 1(bridge_slave_0) entered blocking state [ 782.000312][ T1119] bridge0: port 1(bridge_slave_0) entered forwarding state [ 782.035207][ T1119] bridge0: port 2(bridge_slave_1) entered blocking state [ 782.042368][ T1119] bridge0: port 2(bridge_slave_1) entered forwarding state [ 782.164718][ T51] usb 1-1: new high-speed USB device number 79 using dummy_hcd [ 782.170685][T16120] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 782.209934][T16120] veth0_vlan: entered promiscuous mode [ 782.225517][T16120] veth1_vlan: entered promiscuous mode [ 782.247998][T16120] veth0_macvtap: entered promiscuous mode [ 782.254065][ T5301] usb 5-1: new high-speed USB device number 68 using dummy_hcd [ 782.260914][T16120] veth1_macvtap: entered promiscuous mode [ 782.331394][ T51] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 782.339149][T16120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 782.351456][ T51] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 782.393906][T16120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 782.410762][T16120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 782.421401][ T5301] usb 5-1: too many configurations: 77, using maximum allowed: 8 [ 782.435323][T16120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 782.454463][ T51] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 782.494489][T16120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 782.510318][ T51] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 782.557032][T16120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 782.586841][ T51] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 782.605445][T16120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 782.617836][ T51] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 782.640225][ T51] usb 1-1: Product: syz [ 782.653995][T16120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 782.671932][ T51] usb 1-1: Manufacturer: syz [ 782.685556][T16120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 782.714653][ T51] cdc_wdm 1-1:1.0: probe with driver cdc_wdm failed with error -22 [ 782.748843][T16120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 782.783203][T16120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 782.819211][ T5301] usb 5-1: New USB device found, idVendor=0c45, idProduct=614a, bcdDevice=e6.af [ 782.838884][ T5301] usb 5-1: New USB device strings: Mfr=244, Product=113, SerialNumber=47 [ 782.848142][T16120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 782.878545][ T5301] usb 5-1: Product: syz [ 782.890967][T16120] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 782.905576][ T5301] usb 5-1: Manufacturer: syz [ 782.920582][ T5301] usb 5-1: SerialNumber: syz [ 782.947591][T16120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 782.968322][ T5301] usb 5-1: config 0 descriptor?? [ 783.005385][ T5301] gspca_main: 0c45:614a too many config [ 783.013502][T16120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 783.077390][T16120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 783.110793][T16120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 783.117358][ T5290] usb 4-1: new high-speed USB device number 71 using dummy_hcd [ 783.141359][T16120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 783.188665][T16120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 783.238417][T16120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 783.279990][T16120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 783.294258][ T5290] usb 4-1: Using ep0 maxpacket: 32 [ 783.302338][ T5290] usb 4-1: New USB device found, idVendor=2040, idProduct=c602, bcdDevice= 1.8e [ 783.320731][T16120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 783.331673][ T5290] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 783.345021][T16120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 783.369563][ T5290] usb 4-1: config 0 descriptor?? [ 783.394233][T16120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 783.450189][T16120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 783.475804][ T5290] usb 4-1: dvb_usb_v2: found a 'HCW 126xxx' in warm state [ 783.492637][T16120] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 783.520393][ T5290] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 783.531147][ T5290] dvbdev: DVB: registering new adapter (HCW 126xxx) [ 783.538227][ T5290] usb 4-1: media controller created [ 783.563270][ T5290] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 783.611617][T16120] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 783.652224][T16120] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 783.664306][ T5290] usb 4-1: selecting invalid altsetting 1 [ 783.670073][ T5290] set interface failed [ 783.670102][ T5290] usb 4-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 783.680707][ T5290] error writing reg: 0xff, val: 0x00 [ 783.701725][T16120] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 783.765861][ T5290] dvb_usb_mxl111sf 4-1:0.0: probe with driver dvb_usb_mxl111sf failed with error -22 [ 783.864463][T16120] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 784.096891][ T1114] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 784.101675][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 784.113268][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 784.159097][ T1114] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 784.404418][ T5301] usb 1-1: USB disconnect, device number 79 [ 784.621406][T16342] IPVS: stopping backup sync thread 16351 ... [ 784.622403][T16351] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth1_macvtap, syncid = 0, id = 0 [ 785.049953][ T5290] usb 1-1: new high-speed USB device number 80 using dummy_hcd [ 785.249201][ T5301] usb 4-1: USB disconnect, device number 71 [ 785.265507][ T5290] usb 1-1: config index 0 descriptor too short (expected 27271, got 36) [ 785.342235][ T5290] usb 1-1: config 18 has too many interfaces: 94, using maximum allowed: 32 [ 785.376789][ T25] usb 5-1: USB disconnect, device number 68 [ 785.424779][ T5290] usb 1-1: config 18 has an invalid descriptor of length 61, skipping remainder of the config [ 785.474135][ T5290] usb 1-1: config 18 has 0 interfaces, different from the descriptor's value: 94 [ 785.483329][ T5290] usb 1-1: New USB device found, idVendor=056a, idProduct=0094, bcdDevice= 0.00 [ 785.525576][ T5290] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 785.829507][T16371] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1706'. [ 785.861132][T16371] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1706'. [ 785.872182][T16371] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1706'. [ 785.972407][ T2565] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 786.041014][T16370] tipc: Invalid UDP bearer configuration [ 786.043945][T16370] tipc: Enabling of bearer rejected, failed to enable media [ 786.158119][ T2565] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 786.478297][ T2565] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 786.782455][ T2565] bond0: (slave netdevsim0): Releasing backup interface [ 786.869667][ T2565] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 786.995190][T16380] netlink: 'syz.2.1712': attribute type 29 has an invalid length. [ 787.020082][T16380] netlink: 'syz.2.1712': attribute type 29 has an invalid length. [ 787.176510][T16380] netlink: 'syz.2.1712': attribute type 29 has an invalid length. [ 787.205118][ T5240] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 787.240292][T16386] netlink: 'syz.2.1712': attribute type 29 has an invalid length. [ 787.250595][ T5240] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 787.303004][ T5240] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 787.355120][ T5240] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 787.368955][ T5240] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 787.378846][ T5240] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 787.514596][ T25] usb 3-1: new high-speed USB device number 95 using dummy_hcd [ 787.532028][ T2565] bridge_slave_1: left allmulticast mode [ 787.571754][ T2565] bridge_slave_1: left promiscuous mode [ 787.581314][ T2565] bridge0: port 2(bridge_slave_1) entered disabled state [ 787.592190][ T5290] usb 1-1: string descriptor 0 read error: -71 [ 787.607467][ T5290] usb 1-1: USB disconnect, device number 80 [ 787.617901][ T2565] bridge_slave_0: left allmulticast mode [ 787.623597][ T2565] bridge_slave_0: left promiscuous mode [ 787.652428][ T2565] bridge0: port 1(bridge_slave_0) entered disabled state [ 787.666756][ T25] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 787.681353][ T25] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 787.707369][ T25] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 787.728277][ T25] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 787.751881][ T25] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 787.762758][ T25] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 787.764153][ T5235] usb 2-1: new high-speed USB device number 66 using dummy_hcd [ 787.778360][ T25] usb 3-1: Product: syz [ 787.782649][ T25] usb 3-1: Manufacturer: syz [ 787.813574][ T25] cdc_wdm 3-1:1.0: probe with driver cdc_wdm failed with error -22 [ 787.914658][T16392] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 787.960032][T16392] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 787.980919][ T5235] usb 2-1: too many configurations: 18, using maximum allowed: 8 [ 788.031323][ T5235] usb 2-1: New USB device found, idVendor=0c45, idProduct=8001, bcdDevice=90.0a [ 788.079158][ T5235] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 788.116993][ T5235] usb 2-1: config 0 descriptor?? [ 788.128783][ T5235] gspca_main: 0c45:8001 too many config [ 788.375347][ T51] usb 2-1: USB disconnect, device number 66 [ 789.160850][ T2565] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 789.178452][ T2565] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 789.202980][ T2565] bond0 (unregistering): Released all slaves [ 789.432365][ T29] audit: type=1326 audit(1727505011.489:5847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16399 comm="syz.4.1715" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f931fb7dff9 code=0x0 [ 789.464122][ T5236] Bluetooth: hci2: command tx timeout [ 789.769061][T16387] chnl_net:caif_netlink_parms(): no params data found [ 789.808479][ T29] audit: type=1326 audit(1727505011.869:5848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16410 comm="syz.0.1716" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcf6717dff9 code=0x0 [ 789.832446][ T8] usb 3-1: USB disconnect, device number 95 [ 789.995384][ T2565] hsr_slave_0: left promiscuous mode [ 790.021027][ T2565] hsr_slave_1: left promiscuous mode [ 790.048114][ T2565] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 790.068366][ T2565] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 790.082223][ T2565] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 790.094249][ T2565] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 790.172226][ T2565] veth1_macvtap: left promiscuous mode [ 790.188631][ T2565] veth0_macvtap: left promiscuous mode [ 790.188868][T16433] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 790.199727][ T2565] veth1_vlan: left promiscuous mode [ 790.221619][ T2565] veth0_vlan: left promiscuous mode [ 791.277115][ T2565] team0 (unregistering): Port device team_slave_1 removed [ 791.379033][ T2565] team0 (unregistering): Port device team_slave_0 removed [ 791.552335][ T5236] Bluetooth: hci2: command tx timeout [ 792.778271][T16387] bridge0: port 1(bridge_slave_0) entered blocking state [ 792.788791][T16387] bridge0: port 1(bridge_slave_0) entered disabled state [ 792.806202][T16387] bridge_slave_0: entered allmulticast mode [ 792.815190][T16387] bridge_slave_0: entered promiscuous mode [ 792.848349][T16457] netlink: 'syz.1.1726': attribute type 10 has an invalid length. [ 792.874639][T16457] vlan0: entered allmulticast mode [ 792.900598][T16457] veth0_vlan: entered allmulticast mode [ 793.035471][T16457] vlan0: entered promiscuous mode [ 793.073246][T16457] team0: Port device vlan0 added [ 793.087386][T16460] netlink: 'syz.0.1727': attribute type 29 has an invalid length. [ 793.116784][T16461] netlink: 'syz.0.1727': attribute type 29 has an invalid length. [ 793.134848][T16387] bridge0: port 2(bridge_slave_1) entered blocking state [ 793.152174][T16387] bridge0: port 2(bridge_slave_1) entered disabled state [ 793.164393][T16387] bridge_slave_1: entered allmulticast mode [ 793.171369][T16387] bridge_slave_1: entered promiscuous mode [ 793.257544][T16462] netlink: 'syz.0.1727': attribute type 29 has an invalid length. [ 793.293259][ T5301] usb 1-1: new high-speed USB device number 81 using dummy_hcd [ 793.298323][T16465] netlink: 'syz.0.1727': attribute type 29 has an invalid length. [ 793.327424][T16387] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 793.367630][T16387] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 793.457235][ T51] usb 5-1: new low-speed USB device number 69 using dummy_hcd [ 793.492245][ T5301] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 793.502597][ T5301] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 793.522899][T16387] team0: Port device team_slave_0 added [ 793.541334][ T5301] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 793.577371][T16387] team0: Port device team_slave_1 added [ 793.583177][ T5301] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 793.603678][ T5301] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 793.614061][ T5301] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 793.622087][ T5301] usb 1-1: Product: syz [ 793.627009][ T5236] Bluetooth: hci2: command tx timeout [ 793.632869][ T5301] usb 1-1: Manufacturer: syz [ 793.643112][ T5301] cdc_wdm 1-1:1.0: probe with driver cdc_wdm failed with error -22 [ 793.655677][ T51] usb 5-1: too many configurations: 21, using maximum allowed: 8 [ 793.666302][ T51] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 793.676367][ T51] usb 5-1: can't read configurations, error -61 [ 793.731156][T16387] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 793.816001][ T51] usb 5-1: new low-speed USB device number 70 using dummy_hcd [ 793.825416][T16387] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 793.851350][ C1] vkms_vblank_simulate: vblank timer overrun [ 793.923790][T16387] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 793.964072][T16387] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 793.985266][T16387] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 794.035478][ T51] usb 5-1: too many configurations: 21, using maximum allowed: 8 [ 794.088375][ T51] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 794.106906][T16387] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 794.106906][ T51] usb 5-1: can't read configurations, error -61 [ 794.193096][ T51] usb usb5-port1: attempt power cycle [ 794.275821][T16387] hsr_slave_0: entered promiscuous mode [ 794.300880][T16387] hsr_slave_1: entered promiscuous mode [ 794.319145][T16387] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 794.358994][T16387] Cannot create hsr debugfs directory [ 794.554028][ T51] usb 5-1: new low-speed USB device number 71 using dummy_hcd [ 794.615244][ T51] usb 5-1: too many configurations: 21, using maximum allowed: 8 [ 794.643696][ T51] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 794.658175][ T51] usb 5-1: can't read configurations, error -61 [ 794.802845][ T29] audit: type=1326 audit(1727505016.859:5849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16495 comm="syz.1.1732" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7023d7dff9 code=0x0 [ 794.813915][ T51] usb 5-1: new low-speed USB device number 72 using dummy_hcd [ 794.873913][ T51] usb 5-1: too many configurations: 21, using maximum allowed: 8 [ 794.892855][ T51] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 794.912772][ T51] usb 5-1: can't read configurations, error -61 [ 794.931313][ T51] usb usb5-port1: unable to enumerate USB device [ 795.454351][T16387] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 795.486474][T16387] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 795.513524][T16387] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 795.524973][ T29] audit: type=1326 audit(1727505017.579:5850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16506 comm="syz.2.1734" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6bd137dff9 code=0x0 [ 795.587896][T16387] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 795.616564][ T51] usb 1-1: USB disconnect, device number 81 [ 795.627637][ T5236] Bluetooth: hci0: command 0x0406 tx timeout [ 795.705081][ T5240] Bluetooth: hci2: command tx timeout [ 795.740287][T16519] dns_resolver: Unsupported content type (156) [ 795.984923][T16387] 8021q: adding VLAN 0 to HW filter on device bond0 [ 796.072227][T16387] 8021q: adding VLAN 0 to HW filter on device team0 [ 796.144497][ T51] usb 1-1: new high-speed USB device number 82 using dummy_hcd [ 796.209543][ T61] bridge0: port 1(bridge_slave_0) entered blocking state [ 796.216669][ T61] bridge0: port 1(bridge_slave_0) entered forwarding state [ 796.257565][ T61] bridge0: port 2(bridge_slave_1) entered blocking state [ 796.264826][ T61] bridge0: port 2(bridge_slave_1) entered forwarding state [ 796.278289][T16506] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 796.322834][T16387] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 796.336801][T16387] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 796.352095][T16533] IPVS: stopping backup sync thread 16534 ... [ 796.364080][ T51] usb 1-1: Using ep0 maxpacket: 8 [ 796.369312][T16534] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth1_macvtap, syncid = 0, id = 0 [ 796.385258][ T51] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 796.403690][ T51] usb 1-1: config 0 has no interface number 0 [ 796.412801][ T51] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 796.432958][T16387] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 796.456627][ T51] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 796.476997][ T51] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 796.521919][ T51] usb 1-1: config 0 descriptor?? [ 796.541036][T16387] veth0_vlan: entered promiscuous mode [ 796.550486][ T51] iowarrior 1-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 796.586271][T16387] veth1_vlan: entered promiscuous mode [ 796.636852][T16387] veth0_macvtap: entered promiscuous mode [ 796.644317][ T8] usb 5-1: new high-speed USB device number 73 using dummy_hcd [ 796.672612][T16387] veth1_macvtap: entered promiscuous mode [ 796.705768][T16387] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 796.745598][T16387] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 796.763916][T16387] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 796.793857][T16387] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 796.806463][ T8] usb 5-1: config index 0 descriptor too short (expected 27271, got 36) [ 796.811239][T16387] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 796.836638][ T8] usb 5-1: config 18 has too many interfaces: 94, using maximum allowed: 32 [ 796.863816][T16387] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 796.886920][ T8] usb 5-1: config 18 has an invalid descriptor of length 61, skipping remainder of the config [ 796.904393][T16387] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 796.943524][ T8] usb 5-1: config 18 has 0 interfaces, different from the descriptor's value: 94 [ 796.970739][T16387] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 796.976655][ T8] usb 5-1: New USB device found, idVendor=056a, idProduct=0094, bcdDevice= 0.00 [ 797.010579][T16387] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 797.024793][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 797.036610][T16550] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1737'. [ 797.053898][T16387] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 797.062977][T16549] netlink: 64138 bytes leftover after parsing attributes in process `syz.2.1739'. [ 797.099811][T16387] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 797.115459][T16549] xt_hashlimit: invalid rate [ 797.131342][T16387] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 797.156656][T16387] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 797.179719][T16387] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 797.212083][T16387] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 797.223132][T16387] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 797.234768][T16387] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 797.245024][T16387] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 797.255851][T16387] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 797.265970][T16387] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 797.277030][T16387] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 797.287178][T16387] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 797.297936][T16387] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 797.308455][T16387] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 797.319133][T16387] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 797.334050][T16387] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 797.575768][T16387] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 797.585092][T16387] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 797.615444][T16387] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 797.693973][T16387] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 798.103383][ T1058] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 798.145912][ T1058] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 798.390648][ T2565] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 798.434037][ T2565] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 798.852685][T16578] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1708'. [ 798.935500][ T5235] usb 1-1: USB disconnect, device number 82 [ 798.942948][ T5235] iowarrior 1-1:0.1: I/O-Warror #0 now disconnected [ 799.042562][ T5240] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 799.042633][ T5240] CPU: 1 UID: 0 PID: 5240 Comm: kworker/u9:4 Not tainted 6.11.0-syzkaller-11728-gad46e8f95e93 #0 [ 799.042665][ T5240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 799.042684][ T5240] Workqueue: hci2 hci_rx_work [ 799.042715][ T5240] Call Trace: [ 799.042728][ T5240] [ 799.042739][ T5240] dump_stack_lvl+0x241/0x360 [ 799.042763][ T5240] ? __pfx_dump_stack_lvl+0x10/0x10 [ 799.042780][ T5240] ? __pfx__printk+0x10/0x10 [ 799.042800][ T5240] ? sysfs_create_dir_ns+0x28a/0x3a0 [ 799.042825][ T5240] ? __kmalloc_cache_noprof+0x19c/0x2c0 [ 799.042856][ T5240] sysfs_create_dir_ns+0x2ce/0x3a0 [ 799.042884][ T5240] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 799.042910][ T5240] kobject_add_internal+0x435/0x8d0 [ 799.042925][ T5240] kobject_add+0x152/0x220 [ 799.042941][ T5240] ? do_raw_spin_unlock+0x13c/0x8b0 [ 799.042957][ T5240] ? device_add+0x3e7/0xbf0 [ 799.042984][ T5240] ? __pfx_kobject_add+0x10/0x10 [ 799.043011][ T5240] ? _raw_spin_unlock+0x28/0x50 [ 799.043038][ T5240] ? get_device_parent+0x165/0x410 [ 799.043064][ T5240] device_add+0x4e5/0xbf0 [ 799.043083][ T5240] hci_conn_add_sysfs+0xe8/0x200 [ 799.043101][ T5240] le_conn_complete_evt+0xc9f/0x12e0 [ 799.043126][ T5240] ? trace_contention_end+0x3c/0x120 [ 799.043152][ T5240] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 799.043186][ T5240] ? __mutex_unlock_slowpath+0x21d/0x750 [ 799.043215][ T5240] ? __copy_skb_header+0x437/0x5b0 [ 799.043230][ T5240] ? skb_pull_data+0x112/0x230 [ 799.043247][ T5240] hci_le_enh_conn_complete_evt+0x185/0x420 [ 799.043265][ T5240] hci_event_packet+0xa55/0x1540 [ 799.043291][ T5240] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 799.043321][ T5240] ? __pfx_hci_event_packet+0x10/0x10 [ 799.043342][ T5240] ? do_raw_spin_unlock+0x13c/0x8b0 [ 799.043371][ T5240] ? hci_send_to_monitor+0xd8/0x7f0 [ 799.043385][ T5240] ? kcov_remote_start+0x97/0x7d0 [ 799.043402][ T5240] hci_rx_work+0x3e8/0xca0 [ 799.043421][ T5240] ? process_scheduled_works+0x976/0x1850 [ 799.043445][ T5240] process_scheduled_works+0xa63/0x1850 [ 799.043498][ T5240] ? __pfx_process_scheduled_works+0x10/0x10 [ 799.043529][ T5240] ? assign_work+0x364/0x3d0 [ 799.043547][ T5240] worker_thread+0x870/0xd30 [ 799.043569][ T5240] ? __kthread_parkme+0x169/0x1d0 [ 799.043590][ T5240] ? __pfx_worker_thread+0x10/0x10 [ 799.043615][ T5240] kthread+0x2f0/0x390 [ 799.043634][ T5240] ? __pfx_worker_thread+0x10/0x10 [ 799.043658][ T5240] ? __pfx_kthread+0x10/0x10 [ 799.043678][ T5240] ret_from_fork+0x4b/0x80 [ 799.043692][ T5240] ? __pfx_kthread+0x10/0x10 [ 799.043704][ T5240] ret_from_fork_asm+0x1a/0x30 [ 799.043735][ T5240] [ 799.045426][ T5240] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 799.045466][ T5240] Bluetooth: hci2: failed to register connection device [ 799.059605][T16582] bridge0: port 1(bridge_slave_0) entered blocking state [ 799.059670][T16582] bridge0: port 1(bridge_slave_0) entered forwarding state [ 799.202717][ T8] usb 5-1: string descriptor 0 read error: -71 [ 799.204193][ T8] usb 5-1: USB disconnect, device number 73 [ 799.460009][ T5235] IPVS: starting estimator thread 0... [ 799.564155][T16594] IPVS: using max 24 ests per chain, 57600 per kthread [ 799.907139][ T5236] Bluetooth: hci0: unexpected event for opcode 0x0403 [ 800.243857][T16603] netlink: 'syz.1.1744': attribute type 29 has an invalid length. [ 800.254255][T16609] netlink: 'syz.1.1744': attribute type 29 has an invalid length. [ 800.263618][T16603] netlink: 'syz.1.1744': attribute type 29 has an invalid length. [ 800.264938][T16603] netlink: 'syz.1.1744': attribute type 29 has an invalid length. [ 800.454029][ T29] audit: type=1326 audit(1727505022.499:5851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16612 comm="syz.4.1745" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f931fb7dff9 code=0x0 [ 800.513856][ T25] usb 2-1: new high-speed USB device number 67 using dummy_hcd [ 800.693826][ T25] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 800.693858][ T25] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 800.693879][ T25] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 800.693931][ T25] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 800.696375][ T25] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 800.696407][ T25] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 800.696474][ T25] usb 2-1: Product: syz [ 800.696491][ T25] usb 2-1: Manufacturer: syz [ 800.700313][ T25] cdc_wdm 2-1:1.0: probe with driver cdc_wdm failed with error -22 [ 801.098182][ T5236] Bluetooth: hci2: command tx timeout [ 801.293058][T16626] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1747'. [ 801.355712][ T8] hid-generic 0000:400A0008:0000.001C: unknown main item tag 0x0 [ 801.388806][ T8] hid-generic 0000:400A0008:0000.001C: hidraw0: HID v200.09 Device [syz0] on syz0 [ 801.591485][T16636] tipc: Invalid UDP bearer configuration [ 801.591527][T16636] tipc: Enabling of bearer rejected, failed to enable media [ 801.652021][T16637] bridge0: port 3(dummy0) entered blocking state [ 801.672574][T16637] bridge0: port 3(dummy0) entered disabled state [ 801.679685][T16637] dummy0: entered allmulticast mode [ 801.704353][T16637] dummy0: entered promiscuous mode [ 801.711599][T16637] bridge0: port 3(dummy0) entered blocking state [ 801.718281][T16637] bridge0: port 3(dummy0) entered forwarding state [ 801.779829][T16637] binder: 16630:16637 ioctl c0306201 0 returned -14 [ 802.814153][ T8] usb 5-1: new high-speed USB device number 74 using dummy_hcd [ 802.830636][T16654] IPVS: stopping backup sync thread 16655 ... [ 802.836999][T16655] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth1_macvtap, syncid = 0, id = 0 [ 802.911677][ T5301] usb 2-1: USB disconnect, device number 67 [ 802.994664][ T8] usb 5-1: Using ep0 maxpacket: 8 [ 803.030982][ T8] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 803.061916][ T8] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 803.104674][ T8] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 803.137264][ T8] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 803.175273][ T8] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 803.184161][ T51] usb 3-1: new high-speed USB device number 96 using dummy_hcd [ 803.202775][ T8] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 803.243188][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 803.281014][T16662] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1756'. [ 803.327581][ T29] audit: type=1326 audit(1727505025.389:5852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16661 comm="syz.3.1756" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3bff17dff9 code=0x0 [ 803.354073][ T5301] usb 2-1: new high-speed USB device number 68 using dummy_hcd [ 803.377304][ T51] usb 3-1: config index 0 descriptor too short (expected 27271, got 36) [ 803.464847][ T51] usb 3-1: config 18 has too many interfaces: 94, using maximum allowed: 32 [ 803.508159][ T8] usb 5-1: usb_control_msg returned -32 [ 803.518408][ T51] usb 3-1: config 18 has an invalid descriptor of length 61, skipping remainder of the config [ 803.532790][ T51] usb 3-1: config 18 has 0 interfaces, different from the descriptor's value: 94 [ 803.545342][ T51] usb 3-1: New USB device found, idVendor=056a, idProduct=0094, bcdDevice= 0.00 [ 803.545476][ T5301] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 803.564166][ T51] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 803.572888][ T5301] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 803.597076][ T8] usbtmc 5-1:16.0: can't read capabilities [ 803.604177][ T5301] usb 2-1: config 0 descriptor?? [ 803.615899][ T5301] cp210x 2-1:0.0: cp210x converter detected [ 803.873024][T16667] netlink: 'syz.1.1755': attribute type 21 has an invalid length. [ 803.921880][T16667] netlink: 'syz.1.1755': attribute type 1 has an invalid length. [ 803.984648][T16667] fuse: Bad value for 'user_id' [ 803.989809][T16667] fuse: Bad value for 'user_id' [ 804.233304][ T5301] cp210x 2-1:0.0: failed to get vendor val 0x0010 size 3: -32 [ 804.241570][T16658] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 804.354355][T16658] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 804.883196][ T5301] cp210x 2-1:0.0: failed to get vendor val 0x000e size 678: -71 [ 804.928687][ T5301] cp210x 2-1:0.0: GPIO initialisation failed: -71 [ 804.986716][ T5301] usb 2-1: cp210x converter now attached to ttyUSB0 [ 805.021515][ T5301] usb 2-1: USB disconnect, device number 68 [ 805.059562][ T5301] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 805.079474][ T5301] cp210x 2-1:0.0: device disconnected [ 805.580743][ T5301] usb 5-1: USB disconnect, device number 74 [ 805.757547][T16686] tipc: Invalid UDP bearer configuration [ 805.757592][T16686] tipc: Enabling of bearer rejected, failed to enable media [ 805.841099][ T51] usb 3-1: string descriptor 0 read error: -71 [ 805.882609][ T51] usb 3-1: USB disconnect, device number 96 [ 805.899418][T16687] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1761'. [ 805.998643][T16687] bridge0: port 4(erspan0) entered blocking state [ 806.038481][T16687] bridge0: port 4(erspan0) entered disabled state [ 806.054041][T16687] erspan0: entered allmulticast mode [ 806.083305][T16687] erspan0: entered promiscuous mode [ 806.113484][T16687] bridge0: port 4(erspan0) entered blocking state [ 806.120124][T16687] bridge0: port 4(erspan0) entered forwarding state [ 806.370352][T16698] netlink: 'syz.2.1765': attribute type 29 has an invalid length. [ 806.405902][T16698] netlink: 'syz.2.1765': attribute type 29 has an invalid length. [ 806.419751][T16698] netlink: 'syz.2.1765': attribute type 29 has an invalid length. [ 806.439721][T16698] netlink: 'syz.2.1765': attribute type 29 has an invalid length. [ 806.724652][ T51] usb 3-1: new high-speed USB device number 97 using dummy_hcd [ 807.223531][T16706] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 807.232758][T16706] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 807.241574][T16706] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 807.250291][T16706] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 807.314212][ T5236] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 807.323587][ T5236] Bluetooth: hci2: Injecting HCI hardware error event [ 807.333990][ T5236] Bluetooth: hci2: hardware error 0x00 [ 807.739253][ T51] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 807.748217][ T51] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 807.758461][ T51] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 807.768203][ T51] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 807.815067][ T51] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 807.824250][ T51] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 807.832290][ T51] usb 3-1: Product: syz [ 807.836877][ T51] usb 3-1: Manufacturer: syz [ 807.845509][ T51] cdc_wdm 3-1:1.0: probe with driver cdc_wdm failed with error -22 [ 807.981866][ T5240] Bluetooth: hci4: Malformed MSFT vendor event: 0x02 [ 807.991767][ T5240] Bluetooth: hci4: SCO packet for unknown connection handle 14 [ 808.064552][ T29] audit: type=1326 audit(1727505030.129:5853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16718 comm="syz.4.1771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f931fb7dff9 code=0x7ffc0000 [ 808.097394][ T29] audit: type=1326 audit(1727505030.139:5854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16718 comm="syz.4.1771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=301 compat=0 ip=0x7f931fb7dff9 code=0x7ffc0000 [ 808.163374][ T29] audit: type=1326 audit(1727505030.139:5855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16718 comm="syz.4.1771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f931fb7dff9 code=0x7ffc0000 [ 808.222797][ T51] usb 3-1: USB disconnect, device number 97 [ 808.269491][ T29] audit: type=1326 audit(1727505030.139:5856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16718 comm="syz.4.1771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f931fb7dff9 code=0x7ffc0000 [ 808.323390][ T29] audit: type=1326 audit(1727505030.139:5857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16718 comm="syz.4.1771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f931fb7dff9 code=0x7ffc0000 [ 808.382418][ T29] audit: type=1326 audit(1727505030.139:5858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16718 comm="syz.4.1771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f931fb7dff9 code=0x7ffc0000 [ 808.472888][ T29] audit: type=1326 audit(1727505030.159:5859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16718 comm="syz.4.1771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f931fb7dff9 code=0x7ffc0000 [ 808.582934][ T29] audit: type=1326 audit(1727505030.159:5860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16718 comm="syz.4.1771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f931fb7dff9 code=0x7ffc0000 [ 808.634056][ T29] audit: type=1326 audit(1727505030.159:5861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16718 comm="syz.4.1771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f931fb7dff9 code=0x7ffc0000 [ 808.677862][ T29] audit: type=1326 audit(1727505030.159:5862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16718 comm="syz.4.1771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=270 compat=0 ip=0x7f931fb7dff9 code=0x7ffc0000 [ 808.847445][T16734] IPVS: stopping backup sync thread 16735 ... [ 808.848011][T16735] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth1_macvtap, syncid = 0, id = 0 [ 808.877722][T16727] fuse: Unknown parameter 'ro`tmode' [ 808.909382][ T1269] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.915903][ T1269] ieee802154 phy1 wpan1: encryption failed: -22 [ 809.127010][T16742] xt_hashlimit: overflow, try lower: 3/0 [ 809.363948][ T25] usb 5-1: new high-speed USB device number 75 using dummy_hcd [ 809.523993][ T25] usb 5-1: Using ep0 maxpacket: 32 [ 809.535924][ T25] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 809.554811][ T51] usb 3-1: new low-speed USB device number 98 using dummy_hcd [ 809.581417][ T25] usb 5-1: config 1 has 0 interfaces, different from the descriptor's value: 2 [ 809.620013][ T25] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 809.631337][ T5314] usb 1-1: new high-speed USB device number 83 using dummy_hcd [ 809.649813][ T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 809.678471][ T25] usb 5-1: Product: syz [ 809.695353][ T25] usb 5-1: Manufacturer: syz [ 809.702946][ T25] usb 5-1: SerialNumber: syz [ 809.716713][ T51] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 809.744458][ T51] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 809.795904][ T51] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 809.834484][ T51] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 809.865431][ T5236] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 809.893076][ T51] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 809.947784][ T51] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 809.958475][ T51] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 809.984144][ T51] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 810.010826][ T51] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 810.042620][ T51] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 810.073469][ T51] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 810.100449][ T51] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 810.195423][ T51] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 810.229598][ T51] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 810.248633][ T51] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 810.262682][ T5314] usb 1-1: config index 0 descriptor too short (expected 27271, got 36) [ 810.271498][ T51] usb 3-1: string descriptor 0 read error: -22 [ 810.271707][ T51] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 810.301922][ T51] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 810.333613][ T51] adutux 3-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 810.371558][ T5314] usb 1-1: config 18 has too many interfaces: 94, using maximum allowed: 32 [ 810.409699][ T5314] usb 1-1: config 18 has an invalid descriptor of length 61, skipping remainder of the config [ 810.548894][ T5314] usb 1-1: config 18 has 0 interfaces, different from the descriptor's value: 94 [ 810.579134][ T5314] usb 1-1: New USB device found, idVendor=056a, idProduct=0094, bcdDevice= 0.00 [ 810.622872][ T5314] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 810.636215][ T5301] usb 3-1: USB disconnect, device number 98 [ 810.740180][ T5236] Bluetooth: hci0: unexpected event for opcode 0x2039 [ 811.732078][T16762] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1782'. [ 812.025329][ T5301] usb 5-1: USB disconnect, device number 75 [ 812.104978][ T51] usb 2-1: new high-speed USB device number 69 using dummy_hcd [ 812.123463][ T5314] usb 1-1: string descriptor 0 read error: -71 [ 812.154135][ T5314] usb 1-1: USB disconnect, device number 83 [ 812.300360][ T51] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 812.317373][ T51] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 812.329783][ T51] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 812.339339][ T25] usb 3-1: new high-speed USB device number 99 using dummy_hcd [ 812.355197][ T51] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 812.363362][ T51] usb 2-1: SerialNumber: syz [ 812.387364][T16770] netlink: 'syz.4.1785': attribute type 29 has an invalid length. [ 812.404791][T16770] netlink: 'syz.4.1785': attribute type 29 has an invalid length. [ 812.427792][T16770] netlink: 'syz.4.1785': attribute type 29 has an invalid length. [ 812.447167][T16770] netlink: 'syz.4.1785': attribute type 29 has an invalid length. [ 812.536082][ T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 812.662558][ T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 812.699310][ T25] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 812.723063][ T5301] usb 5-1: new high-speed USB device number 76 using dummy_hcd [ 812.743370][ T25] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 812.772848][ T51] usb 2-1: 0:2 : does not exist [ 812.796561][ T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 812.804185][ T5314] usb 1-1: new high-speed USB device number 84 using dummy_hcd [ 812.814212][ T5286] usb 4-1: new high-speed USB device number 72 using dummy_hcd [ 812.826604][ T51] usb 2-1: unit 5 not found! [ 812.854819][ T25] usb 3-1: config 0 descriptor?? [ 812.872536][ T51] usb 2-1: USB disconnect, device number 69 [ 812.904225][T15915] udevd[15915]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 812.944099][ T5301] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 812.952874][ T5301] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 812.966375][ T5301] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 812.985229][ T5301] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 813.004065][ T5286] usb 4-1: Using ep0 maxpacket: 32 [ 813.025620][ T5314] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 813.027087][ T5301] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 813.047202][ T5301] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 813.059848][ T5286] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 813.069363][ T5314] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 813.070432][ T5301] usb 5-1: Product: syz [ 813.087569][ T5314] usb 1-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00 [ 813.092453][ T5301] usb 5-1: Manufacturer: syz [ 813.097420][ T5314] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 813.122741][ T5314] usb 1-1: config 0 descriptor?? [ 813.125685][ T5301] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22 [ 813.180193][ T5286] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 813.196891][ T5286] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 813.205443][ T5286] usb 4-1: Product: syz [ 813.214851][ T5286] usb 4-1: Manufacturer: syz [ 813.219978][ T5286] usb 4-1: SerialNumber: syz [ 813.227547][ T5286] usb 4-1: config 0 descriptor?? [ 813.233629][T16774] raw-gadget.4 gadget.3: fail, usb_ep_enable returned -22 [ 813.313496][ T25] plantronics 0003:047F:FFFF.001D: No inputs registered, leaving [ 813.323482][ T25] plantronics 0003:047F:FFFF.001D: hiddev1,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 813.499311][ T25] usb 5-1: USB disconnect, device number 76 [ 813.728578][ T5290] usb 4-1: USB disconnect, device number 72 [ 813.753711][T16778] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1783'. [ 813.900154][T16771] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 813.932129][T16771] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 813.952479][T16778] netlink: 'syz.2.1783': attribute type 11 has an invalid length. [ 813.979423][T16778] netlink: 'syz.2.1783': attribute type 11 has an invalid length. [ 814.017148][T16778] debugfs: Directory 'netdev:' with parent 'phy163' already present! [ 814.273970][ T51] usb 4-1: new high-speed USB device number 73 using dummy_hcd [ 814.354277][ T25] usb 2-1: new high-speed USB device number 70 using dummy_hcd [ 814.434134][ T51] usb 4-1: Using ep0 maxpacket: 32 [ 814.452602][ T51] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 814.491452][ T51] usb 4-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16 [ 814.528099][ T25] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 814.538934][ T51] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 814.564767][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 814.579995][ T51] usb 4-1: Product: syz [ 814.593617][ T51] usb 4-1: Manufacturer: syz [ 814.621065][ T51] usb 4-1: SerialNumber: syz [ 814.623037][ T25] usb 2-1: config 0 descriptor?? [ 814.648141][ T51] usb 4-1: config 0 descriptor?? [ 814.689107][ T25] cp210x 2-1:0.0: cp210x converter detected [ 814.745960][ T5236] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 814.756103][ T5236] Bluetooth: hci0: Injecting HCI hardware error event [ 814.767162][ T5236] Bluetooth: hci0: hardware error 0x00 [ 814.776891][ T51] usb 4-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 814.890815][ T25] cp210x 2-1:0.0: failed to get vendor val 0x370b size 1: -32 [ 814.898869][ T25] cp210x 2-1:0.0: querying part number failed [ 814.907197][ T25] usb 2-1: cp210x converter now attached to ttyUSB0 [ 815.072316][T16793] program syz.4.1791 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 815.212401][ T5314] usbhid 1-1:0.0: can't add hid device: -71 [ 815.219136][ T5314] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 815.275297][ T5314] usb 1-1: USB disconnect, device number 84 [ 815.394872][ T25] usb 3-1: USB disconnect, device number 99 [ 815.645922][T16801] binder: 16798:16801 ioctl c0306201 0 returned -14 [ 815.680421][T16801] binder: 16798:16801 ioctl 4018620d 0 returned -22 [ 815.770304][T16803] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1793'. [ 815.784374][ T1119] usb 4-1: Failed to submit usb control message: -110 [ 815.792025][ T1119] usb 4-1: unable to send the bmi data to the device: -110 [ 815.805352][ T1119] usb 4-1: unable to get target info from device [ 815.853466][ T1119] usb 4-1: could not get target info (-110) [ 815.868276][ T1119] usb 4-1: could not probe fw (-110) [ 815.979730][T16807] IPVS: stopping backup sync thread 16809 ... [ 815.986010][T16809] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth1_macvtap, syncid = 0, id = 0 [ 816.091285][ T25] usb 4-1: USB disconnect, device number 73 [ 816.303985][ T5321] usb 5-1: new high-speed USB device number 77 using dummy_hcd [ 816.441597][T16816] netlink: 'syz.3.1795': attribute type 4 has an invalid length. [ 816.517903][ T5321] usb 5-1: config index 0 descriptor too short (expected 27271, got 36) [ 816.546902][ T5321] usb 5-1: config 18 has too many interfaces: 94, using maximum allowed: 32 [ 816.611982][ T5321] usb 5-1: config 18 has an invalid descriptor of length 61, skipping remainder of the config [ 816.648724][ T5321] usb 5-1: config 18 has 0 interfaces, different from the descriptor's value: 94 [ 816.673876][ T5321] usb 5-1: New USB device found, idVendor=056a, idProduct=0094, bcdDevice= 0.00 [ 816.694017][ T5321] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 816.914080][ T5236] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 817.208924][ T5290] usb 2-1: USB disconnect, device number 70 [ 817.235155][ T5290] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 817.253996][ T5290] cp210x 2-1:0.0: device disconnected [ 817.570269][T16828] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1798'. [ 817.935186][T16830] netlink: 'syz.0.1799': attribute type 29 has an invalid length. [ 817.967601][T16830] netlink: 'syz.0.1799': attribute type 29 has an invalid length. [ 818.041553][T16832] netlink: 'syz.0.1799': attribute type 29 has an invalid length. [ 818.134416][T16830] netlink: 'syz.0.1799': attribute type 29 has an invalid length. [ 818.363870][ T25] usb 1-1: new high-speed USB device number 85 using dummy_hcd [ 818.531125][ T25] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 818.559921][ T25] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 818.600634][ T25] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 818.631574][ T25] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 818.683367][ T25] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 818.705760][ T25] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 818.718627][ T25] usb 1-1: Product: syz [ 818.722964][ T25] usb 1-1: Manufacturer: syz [ 818.747303][ T29] kauditd_printk_skb: 1 callbacks suppressed [ 818.747347][ T29] audit: type=1326 audit(1727505040.789:5864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16837 comm="syz.1.1801" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7023d7dff9 code=0x0 [ 818.781564][ T25] cdc_wdm 1-1:1.0: probe with driver cdc_wdm failed with error -22 [ 818.943938][ T5321] usb 5-1: string descriptor 0 read error: -71 [ 818.951744][ T5321] usb 5-1: USB disconnect, device number 77 [ 819.046426][ T25] usb 1-1: USB disconnect, device number 85 [ 819.103284][ T5236] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:200' [ 819.113976][ T5236] CPU: 0 UID: 0 PID: 5236 Comm: kworker/u9:2 Not tainted 6.11.0-syzkaller-11728-gad46e8f95e93 #0 [ 819.124617][ T5236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 819.134719][ T5236] Workqueue: hci4 hci_rx_work [ 819.139445][ T5236] Call Trace: [ 819.142751][ T5236] [ 819.145713][ T5236] dump_stack_lvl+0x241/0x360 [ 819.150440][ T5236] ? __pfx_dump_stack_lvl+0x10/0x10 [ 819.155677][ T5236] ? __pfx__printk+0x10/0x10 [ 819.160306][ T5236] ? sysfs_create_dir_ns+0x28a/0x3a0 [ 819.165595][ T5236] ? __kmalloc_cache_noprof+0x19c/0x2c0 [ 819.171161][ T5236] sysfs_create_dir_ns+0x2ce/0x3a0 [ 819.176316][ T5236] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 819.181986][ T5236] kobject_add_internal+0x435/0x8d0 [ 819.187188][ T5236] kobject_add+0x152/0x220 [ 819.191608][ T5236] ? do_raw_spin_unlock+0x13c/0x8b0 [ 819.196818][ T5236] ? device_add+0x3e7/0xbf0 [ 819.201343][ T5236] ? __pfx_kobject_add+0x10/0x10 [ 819.206287][ T5236] ? _raw_spin_unlock+0x28/0x50 [ 819.211234][ T5236] ? get_device_parent+0x165/0x410 [ 819.216354][ T5236] device_add+0x4e5/0xbf0 [ 819.220694][ T5236] hci_conn_add_sysfs+0xe8/0x200 [ 819.225637][ T5236] hci_sync_conn_complete_evt+0x789/0xaa0 [ 819.231357][ T5236] hci_event_packet+0xac2/0x1540 [ 819.236333][ T5236] ? __pfx_hci_sync_conn_complete_evt+0x10/0x10 [ 819.242592][ T5236] ? __pfx_hci_event_packet+0x10/0x10 [ 819.247964][ T5236] ? do_raw_spin_unlock+0x13c/0x8b0 [ 819.253170][ T5236] ? hci_send_to_monitor+0xd8/0x7f0 [ 819.258500][ T5236] ? kcov_remote_start+0x97/0x7d0 [ 819.263615][ T5236] hci_rx_work+0x3e8/0xca0 [ 819.268035][ T5236] ? process_scheduled_works+0x976/0x1850 [ 819.273770][ T5236] process_scheduled_works+0xa63/0x1850 [ 819.279376][ T5236] ? __pfx_process_scheduled_works+0x10/0x10 [ 819.285454][ T5236] ? assign_work+0x364/0x3d0 [ 819.290043][ T5236] worker_thread+0x870/0xd30 [ 819.294639][ T5236] ? __kthread_parkme+0x169/0x1d0 [ 819.299664][ T5236] ? __pfx_worker_thread+0x10/0x10 [ 819.304774][ T5236] kthread+0x2f0/0x390 [ 819.309026][ T5236] ? __pfx_worker_thread+0x10/0x10 [ 819.314152][ T5236] ? __pfx_kthread+0x10/0x10 [ 819.318777][ T5236] ret_from_fork+0x4b/0x80 [ 819.323194][ T5236] ? __pfx_kthread+0x10/0x10 [ 819.327863][ T5236] ret_from_fork_asm+0x1a/0x30 [ 819.332645][ T5236] [ 819.335726][ C0] vkms_vblank_simulate: vblank timer overrun [ 819.345316][ T5236] kobject: kobject_add_internal failed for hci4:200 with -EEXIST, don't try to register things with the same name in the same directory. [ 819.359648][ T5236] Bluetooth: hci4: failed to register connection device [ 819.711126][ T5290] usb 2-1: new high-speed USB device number 71 using dummy_hcd [ 820.093972][ T5301] usb 1-1: new high-speed USB device number 86 using dummy_hcd [ 820.136319][ T5290] usb 2-1: config 17 has an invalid descriptor of length 255, skipping remainder of the config [ 820.146553][ T5236] Bluetooth: hci4: ACL packet for unknown connection handle 2207 [ 820.146817][ T5290] usb 2-1: config 17 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 820.168583][ T5290] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 820.178313][ T5290] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 820.255354][ T5301] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 820.273914][ T5301] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 820.322976][ T5301] usb 1-1: config 0 descriptor?? [ 820.396333][ T5301] cp210x 1-1:0.0: cp210x converter detected [ 820.461679][T16848] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1804'. [ 820.511198][T16848] openvswitch: netlink: Tunnel attr 0 has unexpected len 2 expected 8 [ 820.539882][ T5236] Bluetooth: hci1: unexpected event for opcode 0x0c46 [ 820.679452][ T5301] cp210x 1-1:0.0: failed to get vendor val 0x370b size 1: -71 [ 820.697154][ T5301] cp210x 1-1:0.0: querying part number failed [ 820.716673][ T5301] usb 1-1: cp210x converter now attached to ttyUSB0 [ 820.756109][ T5301] usb 1-1: USB disconnect, device number 86 [ 820.798447][ T5301] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 820.900826][ T5301] cp210x 1-1:0.0: device disconnected [ 821.196585][ T5240] Bluetooth: hci1: Opcode 0x206a failed: -110 [ 821.399078][ T5240] Bluetooth: hci4: command tx timeout [ 821.620258][ T5290] usb 2-1: string descriptor 0 read error: -71 [ 821.677074][ T5290] aiptek 2-1:17.0: interface has no int in endpoints, but must have minimum 1 [ 822.026285][ T5290] usb 2-1: USB disconnect, device number 71 [ 822.917977][T16882] vxcan1: tx address claim with dlc 1 [ 825.668552][T16904] input: syz0 as /devices/virtual/input/input67 [ 826.504253][ T5236] Bluetooth: hci1: command 0x206a tx timeout [ 831.583895][ T29] audit: type=1326 audit(1727505053.629:5865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16946 comm="syz.2.1816" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6bd137dff9 code=0x7ffc0000 [ 831.663948][ T29] audit: type=1326 audit(1727505053.629:5866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16946 comm="syz.2.1816" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f6bd137dff9 code=0x7ffc0000 [ 831.729573][ T29] audit: type=1326 audit(1727505053.629:5867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16946 comm="syz.2.1816" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6bd137dff9 code=0x7ffc0000 [ 831.803880][ T29] audit: type=1326 audit(1727505053.629:5868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16946 comm="syz.2.1816" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6bd137dff9 code=0x7ffc0000 [ 831.879993][ T29] audit: type=1326 audit(1727505053.629:5869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16946 comm="syz.2.1816" exe="/root/syz-executor" sig=0 arch=c000003e syscall=29 compat=0 ip=0x7f6bd137dff9 code=0x7ffc0000 [ 831.913420][ T25] usb 3-1: new high-speed USB device number 100 using dummy_hcd [ 831.959554][ T29] audit: type=1326 audit(1727505053.629:5870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16946 comm="syz.2.1816" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6bd137dff9 code=0x7ffc0000 [ 832.033574][ T29] audit: type=1326 audit(1727505053.629:5871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16946 comm="syz.2.1816" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6bd137dff9 code=0x7ffc0000 [ 832.085117][ T25] usb 3-1: Using ep0 maxpacket: 16 [ 832.104753][ T25] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 832.126092][ T29] audit: type=1326 audit(1727505053.639:5872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16946 comm="syz.2.1816" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f6bd137dff9 code=0x7ffc0000 [ 832.153831][ T25] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 576 [ 832.180558][ T25] usb 3-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 832.210124][ T29] audit: type=1326 audit(1727505053.639:5873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16946 comm="syz.2.1816" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6bd137dff9 code=0x7ffc0000 [ 832.242816][ T25] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 832.253024][ T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 832.269722][ T25] usb 3-1: SerialNumber: syz [ 832.278120][ T29] audit: type=1326 audit(1727505053.639:5874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16946 comm="syz.2.1816" exe="/root/syz-executor" sig=0 arch=c000003e syscall=238 compat=0 ip=0x7f6bd137dff9 code=0x7ffc0000 [ 832.313574][T16948] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 832.338121][ T25] cdc_acm 3-1:1.0: skipping garbage [ 837.431890][ T25] cdc_acm 3-1:1.0: ttyACM0: USB ACM device [ 852.157813][T16992] tun0: tun_chr_ioctl cmd 3226476800 [ 852.392261][ T52] bridge_slave_1: left allmulticast mode [ 852.410590][ T52] bridge_slave_1: left promiscuous mode [ 852.420737][ T52] bridge0: port 2(bridge_slave_1) entered disabled state [ 852.458605][ T52] bridge_slave_0: left allmulticast mode [ 852.468285][ T52] bridge_slave_0: left promiscuous mode [ 852.481053][ T52] bridge0: port 1(bridge_slave_0) entered disabled state [ 852.885705][ T5314] usb 3-1: USB disconnect, device number 100 [ 854.990401][ T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 855.072662][ T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 855.111479][ T52] bond0 (unregistering): Released all slaves [ 859.783858][T15592] sched: DL replenish lagged too much [ 860.662339][ T5240] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 860.685270][ T5240] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 860.703357][ T5240] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 860.725243][ T5240] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 860.732943][ T5240] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 860.854331][T17004] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 860.873391][T17005] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 860.885247][T17005] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 860.898417][T17005] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 860.909304][T17005] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 860.924735][T17005] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 860.933547][T17005] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 860.948654][ T5236] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 860.956157][ T5236] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 860.966637][T17005] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 860.993462][T17005] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 861.003811][T17007] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 861.012953][ T5236] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 861.025587][T17007] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 861.036636][T17005] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 861.043677][ T5236] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 861.051820][T17007] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 861.060333][T17005] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 861.068011][ T5236] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3 [ 861.080024][ T5236] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3 [ 861.087913][T17005] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 861.095166][T17007] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 861.102648][T17005] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 861.140832][T17005] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 861.150224][T17005] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 861.158352][T17005] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 861.249612][T17005] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 861.298211][T17005] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 861.306368][T17005] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 861.324471][T17005] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 861.331914][T17005] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 863.143992][T17005] Bluetooth: hci9: command tx timeout [ 863.223909][T17005] Bluetooth: hci7: command tx timeout [ 863.304451][T14793] Bluetooth: hci5: command tx timeout [ 863.312884][T17005] Bluetooth: hci8: command tx timeout [ 863.384057][T17005] Bluetooth: hci6: command tx timeout [ 865.224820][T17005] Bluetooth: hci9: command tx timeout [ 865.303923][T17005] Bluetooth: hci7: command tx timeout [ 865.384023][T14793] Bluetooth: hci5: command tx timeout [ 865.390007][T17005] Bluetooth: hci8: command tx timeout [ 865.464032][T17005] Bluetooth: hci6: command tx timeout [ 867.303917][T17005] Bluetooth: hci9: command tx timeout [ 867.383892][T17005] Bluetooth: hci7: command tx timeout [ 867.463935][T14793] Bluetooth: hci5: command tx timeout [ 867.470860][T17005] Bluetooth: hci8: command tx timeout [ 867.544392][T17005] Bluetooth: hci6: command tx timeout [ 869.383883][T17005] Bluetooth: hci9: command tx timeout [ 869.463970][T17005] Bluetooth: hci7: command tx timeout [ 869.543992][T17005] Bluetooth: hci8: command tx timeout [ 869.549447][T17005] Bluetooth: hci5: command tx timeout [ 869.623829][T17005] Bluetooth: hci6: command tx timeout [ 870.349914][ T1269] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.363835][ T1269] ieee802154 phy1 wpan1: encryption failed: -22 [ 892.122621][T14793] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 892.149374][T14793] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 892.160742][T14793] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 892.174340][T14793] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 892.182170][T14793] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 892.190072][T14793] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 892.644439][T14793] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 892.654883][T14793] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 892.664768][T14793] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 892.675026][T14793] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 892.686469][T14793] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 892.697762][T14793] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 895.633835][T14793] Bluetooth: hci0: command tx timeout [ 895.640642][T14793] Bluetooth: hci1: command tx timeout [ 896.201391][T14793] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 896.222419][T14793] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 896.234694][T14793] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 896.245373][T14793] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 896.253129][T14793] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 896.262660][T14793] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 897.704188][T14793] Bluetooth: hci0: command tx timeout [ 897.711264][T17005] Bluetooth: hci1: command tx timeout [ 898.344042][T17005] Bluetooth: hci2: command tx timeout [ 899.784309][T17005] Bluetooth: hci1: command tx timeout [ 899.789775][T17005] Bluetooth: hci0: command tx timeout [ 900.424130][T17005] Bluetooth: hci2: command tx timeout [ 901.864183][T14793] Bluetooth: hci1: command tx timeout [ 901.869697][T17005] Bluetooth: hci0: command tx timeout [ 902.503922][T17005] Bluetooth: hci2: command tx timeout [ 904.591790][T17005] Bluetooth: hci2: command tx timeout [ 904.950914][T14793] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 904.962696][T14793] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 904.971998][T14793] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 904.984153][T14793] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 904.992605][T14793] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 905.000500][T14793] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 907.064103][T14793] Bluetooth: hci3: command tx timeout [ 909.143920][T14793] Bluetooth: hci3: command tx timeout [ 911.223938][T14793] Bluetooth: hci3: command tx timeout [ 913.304178][T14793] Bluetooth: hci3: command tx timeout [ 920.601827][T17005] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 920.614312][T17005] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 920.626906][T17005] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 920.636774][T17005] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 920.644688][T17005] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 920.656377][T17005] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 922.744061][T17005] Bluetooth: hci4: command tx timeout [ 924.824011][T17005] Bluetooth: hci4: command tx timeout [ 926.903984][T17005] Bluetooth: hci4: command tx timeout [ 928.984019][T17005] Bluetooth: hci4: command tx timeout [ 931.790769][ T1269] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.803825][ T1269] ieee802154 phy1 wpan1: encryption failed: -22 [ 953.241077][T14793] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 953.253411][T14793] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 953.266630][T14793] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 953.276532][T14793] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 953.284515][T14793] Bluetooth: hci10: unexpected cc 0x0c25 length: 249 > 3 [ 953.295018][T14793] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 953.547598][T17005] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 953.558745][T17005] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 953.570420][T17005] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 953.578565][T17005] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 953.588830][T17005] Bluetooth: hci11: unexpected cc 0x0c25 length: 249 > 3 [ 953.597697][T17005] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 955.383911][T17005] Bluetooth: hci10: command tx timeout [ 955.623868][T17005] Bluetooth: hci11: command tx timeout [ 956.424633][T14793] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 956.437466][T14793] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 956.446099][T14793] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 956.455482][T14793] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 956.467419][T14793] Bluetooth: hci12: unexpected cc 0x0c25 length: 249 > 3 [ 956.475098][T14793] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 957.463789][T14793] Bluetooth: hci10: command tx timeout [ 957.703892][T14793] Bluetooth: hci11: command tx timeout [ 958.504031][T14793] Bluetooth: hci12: command tx timeout [ 959.553903][T14793] Bluetooth: hci10: command tx timeout [ 959.784094][T14793] Bluetooth: hci11: command tx timeout [ 960.583953][T14793] Bluetooth: hci12: command tx timeout [ 961.623970][T14793] Bluetooth: hci10: command tx timeout [ 961.865511][T17005] Bluetooth: hci11: command tx timeout [ 962.663897][T17005] Bluetooth: hci12: command tx timeout [ 964.743860][T17005] Bluetooth: hci12: command tx timeout [ 965.511352][T14793] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 965.522392][T14793] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 965.531308][T14793] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 965.542564][T14793] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 965.551421][T14793] Bluetooth: hci13: unexpected cc 0x0c25 length: 249 > 3 [ 965.559474][T14793] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 967.624395][T14793] Bluetooth: hci13: command tx timeout [ 969.703873][T14793] Bluetooth: hci13: command tx timeout [ 971.783894][T14793] Bluetooth: hci13: command tx timeout [ 973.863921][T14793] Bluetooth: hci13: command tx timeout [ 981.112979][T17005] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1 [ 981.137068][T17005] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9 [ 981.151594][T17005] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9 [ 981.162536][T17005] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4 [ 981.172481][T17005] Bluetooth: hci14: unexpected cc 0x0c25 length: 249 > 3 [ 981.180016][T17005] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2 [ 983.223986][T14793] Bluetooth: hci14: command tx timeout [ 985.088477][T14793] Bluetooth: hci6: command 0x0406 tx timeout [ 985.096327][T17007] Bluetooth: hci8: command 0x0406 tx timeout [ 985.107524][T17009] Bluetooth: hci9: command 0x0406 tx timeout [ 985.113587][T17009] Bluetooth: hci7: command 0x0406 tx timeout [ 985.143286][T14793] Bluetooth: hci5: command 0x0406 tx timeout [ 985.303872][T17069] Bluetooth: hci14: command tx timeout [ 987.383996][T17069] Bluetooth: hci14: command tx timeout [ 989.464096][T17069] Bluetooth: hci14: command tx timeout [ 993.226644][ T1269] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.243734][ T1269] ieee802154 phy1 wpan1: encryption failed: -22 [ 1014.557887][ T30] INFO: task kworker/u8:3:52 blocked for more than 144 seconds. [ 1015.466648][ T30] Not tainted 6.11.0-syzkaller-11728-gad46e8f95e93 #0 [ 1015.483703][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1015.492455][ T30] task:kworker/u8:3 state:D stack:19128 pid:52 tgid:52 ppid:2 flags:0x00004000 [ 1015.633769][ T30] Workqueue: netns cleanup_net [ 1015.638614][ T30] Call Trace: [ 1015.641914][ T30] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1015.753833][ T30] __schedule+0x1895/0x4b30 [ 1015.758697][ T30] ? __pfx___schedule+0x10/0x10 [ 1015.763593][ T30] ? __pfx_lock_release+0x10/0x10 [ 1015.830799][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 1015.861937][ T30] ? kthread_data+0x52/0xd0 [ 1015.873835][ T30] ? schedule+0x90/0x320 [ 1015.878168][ T30] ? wq_worker_sleeping+0x66/0x240 [ 1015.883311][ T30] ? schedule+0x90/0x320 [ 1015.913894][ T30] schedule+0x14b/0x320 [ 1015.918321][ T30] schedule_preempt_disabled+0x13/0x30 [ 1015.943940][ T30] __mutex_lock+0x6a7/0xd70 [ 1015.948518][ T30] ? __mutex_lock+0x52a/0xd70 [ 1015.953224][ T30] ? wiphy_unregister+0x236/0xb00 [ 1015.983811][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1015.988903][ T30] ? __up_read+0x2c2/0x6b0 [ 1015.993360][ T30] ? __pfx___up_read+0x10/0x10 [ 1016.022416][ T30] wiphy_unregister+0x236/0xb00 [ 1016.041426][ T30] ? __pfx_skb_queue_purge_reason+0x10/0x10 [ 1016.065268][ T30] ? __pfx_wiphy_unregister+0x10/0x10 [ 1016.070709][ T30] ? ieee80211_unregister_hw+0x144/0x2c0 [ 1016.104223][ T30] ? ieee80211_unregister_hw+0x144/0x2c0 [ 1016.109923][ T30] ieee80211_unregister_hw+0x1e2/0x2c0 [ 1016.134672][ T30] mac80211_hwsim_del_radio+0x2c4/0x4c0 [ 1016.140314][ T30] ? __pfx_mac80211_hwsim_del_radio+0x10/0x10 [ 1016.170976][ T30] hwsim_exit_net+0x5c1/0x670 [ 1016.184031][ T30] ? __pfx_hwsim_exit_net+0x10/0x10 [ 1016.189305][ T30] ? __ip_vs_dev_cleanup_batch+0x239/0x260 [ 1016.213891][ T30] cleanup_net+0x802/0xcc0 [ 1016.218396][ T30] ? __pfx_cleanup_net+0x10/0x10 [ 1016.223372][ T30] ? process_scheduled_works+0x976/0x1850 [ 1016.265486][ T30] process_scheduled_works+0xa63/0x1850 [ 1016.271132][ T30] ? __pfx_process_scheduled_works+0x10/0x10 [ 1016.300349][ T30] ? assign_work+0x364/0x3d0 [ 1016.309907][ T30] worker_thread+0x870/0xd30 [ 1016.331591][ T30] ? __kthread_parkme+0x169/0x1d0 [ 1016.336795][ T30] ? __pfx_worker_thread+0x10/0x10 [ 1016.341941][ T30] kthread+0x2f0/0x390 [ 1016.381556][ T30] ? __pfx_worker_thread+0x10/0x10 [ 1016.387267][ T30] ? __pfx_kthread+0x10/0x10 [ 1016.404574][ T30] ret_from_fork+0x4b/0x80 [ 1016.409084][ T30] ? __pfx_kthread+0x10/0x10 [ 1016.439255][ T5236] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1 [ 1016.452071][ T5236] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9 [ 1016.461040][ T5236] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9 [ 1016.470569][ T5236] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4 [ 1016.479839][ T5236] Bluetooth: hci15: unexpected cc 0x0c25 length: 249 > 3 [ 1016.487523][ T5236] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2 [ 1016.531901][ T30] ret_from_fork_asm+0x1a/0x30 [ 1016.536826][ T30] [ 1016.544817][ T30] INFO: task kworker/u8:9:2565 blocked for more than 146 seconds. [ 1016.565784][ T30] Not tainted 6.11.0-syzkaller-11728-gad46e8f95e93 #0 [ 1016.573119][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1016.614937][ T30] task:kworker/u8:9 state:D stack:20056 pid:2565 tgid:2565 ppid:2 flags:0x00004000 [ 1016.653688][ T30] Workqueue: events_unbound linkwatch_event [ 1016.659662][ T30] Call Trace: [ 1016.662972][ T30] [ 1016.683777][ T30] __schedule+0x1895/0x4b30 [ 1016.688375][ T30] ? __pfx___schedule+0x10/0x10 [ 1016.693257][ T30] ? __pfx_lock_release+0x10/0x10 [ 1016.706300][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 1016.711817][ T30] ? kthread_data+0x52/0xd0 [ 1016.722555][ T30] ? schedule+0x90/0x320 [ 1016.731804][ T30] ? wq_worker_sleeping+0x66/0x240 [ 1016.742031][ T30] ? schedule+0x90/0x320 [ 1016.753751][ T30] schedule+0x14b/0x320 [ 1016.757969][ T30] schedule_preempt_disabled+0x13/0x30 [ 1016.763460][ T30] __mutex_lock+0x6a7/0xd70 [ 1016.778414][ T30] ? __mutex_lock+0x52a/0xd70 [ 1016.783185][ T30] ? linkwatch_event+0xe/0x60 [ 1016.792932][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1016.801693][ T30] ? process_scheduled_works+0x976/0x1850 [ 1016.812646][ T30] linkwatch_event+0xe/0x60 [ 1016.822873][ T30] process_scheduled_works+0xa63/0x1850 [ 1016.835077][ T30] ? __pfx_process_scheduled_works+0x10/0x10 [ 1016.841202][ T30] ? assign_work+0x364/0x3d0 [ 1016.862026][ T30] worker_thread+0x870/0xd30 [ 1016.867170][ T30] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 1016.873206][ T30] ? __kthread_parkme+0x169/0x1d0 [ 1016.887426][ T30] ? __pfx_worker_thread+0x10/0x10 [ 1016.892625][ T30] kthread+0x2f0/0x390 [ 1016.902761][ T30] ? __pfx_worker_thread+0x10/0x10 [ 1016.911082][ T30] ? __pfx_kthread+0x10/0x10 [ 1016.921970][ T30] ret_from_fork+0x4b/0x80 [ 1016.929722][ T30] ? __pfx_kthread+0x10/0x10 [ 1016.940287][ T30] ret_from_fork_asm+0x1a/0x30 [ 1016.949443][ T30] [ 1016.966807][ T30] INFO: task syz-executor:14597 blocked for more than 146 seconds. [ 1016.976969][ T30] Not tainted 6.11.0-syzkaller-11728-gad46e8f95e93 #0 [ 1016.992948][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1017.003214][ T30] task:syz-executor state:D stack:20992 pid:14597 tgid:14597 ppid:1 flags:0x00004006 [ 1017.021880][ T30] Call Trace: [ 1017.025667][ T30] [ 1017.028648][ T30] __schedule+0x1895/0x4b30 [ 1017.033207][ T30] ? __pfx___schedule+0x10/0x10 [ 1017.048153][ T30] ? __pfx_lock_release+0x10/0x10 [ 1017.053243][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 1017.064933][ T30] ? schedule+0x90/0x320 [ 1017.069235][ T30] schedule+0x14b/0x320 [ 1017.073422][ T30] schedule_preempt_disabled+0x13/0x30 [ 1017.084251][ T30] __mutex_lock+0x6a7/0xd70 [ 1017.088804][ T30] ? __mutex_lock+0x52a/0xd70 [ 1017.093594][ T30] ? tun_chr_close+0x3b/0x1b0 [ 1017.108036][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1017.113119][ T30] ? __pfx_call_rcu+0x10/0x10 [ 1017.123736][ T30] tun_chr_close+0x3b/0x1b0 [ 1017.128281][ T30] ? __pfx_tun_chr_close+0x10/0x10 [ 1017.133417][ T30] __fput+0x23f/0x880 [ 1017.145661][ T30] task_work_run+0x24f/0x310 [ 1017.150302][ T30] ? kasan_quarantine_put+0xdc/0x230 [ 1017.166221][ T30] ? __pfx_task_work_run+0x10/0x10 [ 1017.171389][ T30] ? do_exit+0xa2a/0x28e0 [ 1017.186099][ T30] ? kmem_cache_free+0x1a2/0x420 [ 1017.191094][ T30] ? do_exit+0xa2a/0x28e0 [ 1017.201551][ T30] do_exit+0xa2f/0x28e0 [ 1017.209503][ T30] ? __pfx_do_exit+0x10/0x10 [ 1017.219951][ T30] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1017.228038][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1017.239916][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1017.248921][ T30] ? _raw_spin_lock_irq+0xdf/0x120 [ 1017.261672][ T30] do_group_exit+0x207/0x2c0 [ 1017.266826][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 1017.272071][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 1017.286920][ T30] get_signal+0x16a3/0x1740 [ 1017.291504][ T30] ? __pfx_get_signal+0x10/0x10 [ 1017.302338][ T30] arch_do_signal_or_restart+0x96/0x860 [ 1017.312010][ T30] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1017.324076][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1017.330128][ T30] ? syscall_exit_to_user_mode+0xa3/0x370 [ 1017.343155][ T30] syscall_exit_to_user_mode+0xc9/0x370 [ 1017.349275][ T30] do_syscall_64+0x100/0x230 [ 1017.363310][ T30] ? clear_bhb_loop+0x35/0x90 [ 1017.368489][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1017.382956][ T30] RIP: 0033:0x7f7023d74257 [ 1017.387875][ T30] RSP: 002b:00007f702405fd90 EFLAGS: 00000293 ORIG_RAX: 000000000000003d [ 1017.404046][ T30] RAX: fffffffffffffe00 RBX: 0000000000000177 RCX: 00007f7023d74257 [ 1017.412155][ T30] RDX: 0000000040000000 RSI: 00007f702405fdec RDI: 00000000ffffffff [ 1017.429684][ T30] RBP: 00007f702405fdec R08: 0000000000000000 R09: 7fffffffffffffff [ 1017.441470][ T30] R10: 0000000000000000 R11: 0000000000000293 R12: 00005555608785eb [ 1017.453967][ T30] R13: 0000555560878590 R14: 00000000000cf498 R15: 00007f702405fe40 [ 1017.462008][ T30] [ 1017.470302][T10188] Bluetooth: hci1: command 0x0406 tx timeout [ 1017.476387][T17004] Bluetooth: hci0: command 0x0406 tx timeout [ 1017.491303][ T30] INFO: task syz-executor:15692 blocked for more than 147 seconds. [ 1017.499843][ T30] Not tainted 6.11.0-syzkaller-11728-gad46e8f95e93 #0 [ 1017.509638][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1017.518686][ T30] task:syz-executor state:D stack:20432 pid:15692 tgid:15692 ppid:1 flags:0x00004006 [ 1017.531235][ T30] Call Trace: [ 1017.534860][ T30] [ 1017.537819][ T30] __schedule+0x1895/0x4b30 [ 1017.542368][ T30] ? __pfx___schedule+0x10/0x10 [ 1017.548492][ T30] ? __pfx_lock_release+0x10/0x10 [ 1017.553558][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 1017.570546][ T30] ? schedule+0x90/0x320 [ 1017.578048][ T30] schedule+0x14b/0x320 [ 1017.582253][ T30] schedule_preempt_disabled+0x13/0x30 [ 1017.594046][ T30] __mutex_lock+0x6a7/0xd70 [ 1017.598824][ T30] ? __mutex_lock+0x52a/0xd70 [ 1017.603618][ T30] ? tun_chr_close+0x3b/0x1b0 [ 1017.617309][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1017.622380][ T30] ? __pfx_call_rcu+0x10/0x10 [ 1017.633737][ T30] tun_chr_close+0x3b/0x1b0 [ 1017.638297][ T30] ? __pfx_tun_chr_close+0x10/0x10 [ 1017.643428][ T30] __fput+0x23f/0x880 [ 1017.656875][ T30] task_work_run+0x24f/0x310 [ 1017.661514][ T30] ? kasan_quarantine_put+0xdc/0x230 [ 1017.673374][ T30] ? __pfx_task_work_run+0x10/0x10 [ 1017.681128][ T30] ? do_exit+0xa2a/0x28e0 [ 1017.692543][ T30] ? kmem_cache_free+0x1a2/0x420 [ 1017.700158][ T30] ? do_exit+0xa2a/0x28e0 [ 1017.713839][ T30] do_exit+0xa2f/0x28e0 [ 1017.718055][ T30] ? __pfx_do_exit+0x10/0x10 [ 1017.722668][ T30] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1017.740756][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1017.751501][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1017.763718][ T30] ? _raw_spin_lock_irq+0xdf/0x120 [ 1017.768889][ T30] do_group_exit+0x207/0x2c0 [ 1017.773510][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 1017.787816][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 1017.793084][ T30] get_signal+0x16a3/0x1740 [ 1017.803811][ T30] ? __pfx_get_signal+0x10/0x10 [ 1017.808738][ T30] arch_do_signal_or_restart+0x96/0x860 [ 1017.823269][ T30] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1017.829970][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1017.844997][ T30] ? syscall_exit_to_user_mode+0xa3/0x370 [ 1017.850791][ T30] syscall_exit_to_user_mode+0xc9/0x370 [ 1017.867917][ T30] do_syscall_64+0x100/0x230 [ 1017.872580][ T30] ? clear_bhb_loop+0x35/0x90 [ 1017.884538][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1017.890494][ T30] RIP: 0033:0x7f931fb74257 [ 1017.902554][ T30] RSP: 002b:00007f931fe5fd90 EFLAGS: 00000293 ORIG_RAX: 000000000000003d [ 1017.912768][ T30] RAX: fffffffffffffe00 RBX: 0000000000000098 RCX: 00007f931fb74257 [ 1017.923975][ T30] RDX: 0000000040000000 RSI: 00007f931fe5fdec RDI: 00000000ffffffff [ 1017.931988][ T30] RBP: 00007f931fe5fdec R08: 0000000000000000 R09: 7fffffffffffffff [ 1017.949689][ T30] R10: 0000000000000000 R11: 0000000000000293 R12: 000055558ffd55eb [ 1017.962550][ T30] R13: 000055558ffd5590 R14: 00000000000c958d R15: 00007f931fe5fe40 [ 1017.973853][ T30] [ 1017.982077][ T30] INFO: task syz-executor:16120 blocked for more than 147 seconds. [ 1018.009658][ T30] Not tainted 6.11.0-syzkaller-11728-gad46e8f95e93 #0 [ 1018.018595][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1018.035998][ T30] task:syz-executor state:D stack:20992 pid:16120 tgid:16120 ppid:1 flags:0x00004006 [ 1018.051494][ T30] Call Trace: [ 1018.059074][ T30] [ 1018.062062][ T30] __schedule+0x1895/0x4b30 [ 1018.072826][ T30] ? __pfx___schedule+0x10/0x10 [ 1018.081464][ T30] ? __pfx_lock_release+0x10/0x10 [ 1018.091293][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 1018.100590][ T30] ? schedule+0x90/0x320 [ 1018.110129][ T30] schedule+0x14b/0x320 [ 1018.119332][ T30] schedule_preempt_disabled+0x13/0x30 [ 1018.129676][ T30] __mutex_lock+0x6a7/0xd70 [ 1018.137858][ T30] ? __mutex_lock+0x52a/0xd70 [ 1018.142589][ T30] ? tun_chr_close+0x3b/0x1b0 [ 1018.152297][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1018.161473][ T30] ? __pfx_call_rcu+0x10/0x10 [ 1018.172987][ T30] tun_chr_close+0x3b/0x1b0 [ 1018.184627][ T30] ? __pfx_tun_chr_close+0x10/0x10 [ 1018.189885][ T30] __fput+0x23f/0x880 [ 1018.203456][ T30] task_work_run+0x24f/0x310 [ 1018.208545][ T30] ? kasan_quarantine_put+0xdc/0x230 [ 1018.221881][ T30] ? __pfx_task_work_run+0x10/0x10 [ 1018.228947][ T30] ? do_exit+0xa2a/0x28e0 [ 1018.233321][ T30] ? kmem_cache_free+0x1a2/0x420 [ 1018.243769][ T30] ? do_exit+0xa2a/0x28e0 [ 1018.248161][ T30] do_exit+0xa2f/0x28e0 [ 1018.252350][ T30] ? __pfx_do_exit+0x10/0x10 [ 1018.266077][ T30] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1018.271517][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1018.286288][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1018.292758][ T30] ? _raw_spin_lock_irq+0xdf/0x120 [ 1018.306279][ T30] do_group_exit+0x207/0x2c0 [ 1018.310916][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 1018.321241][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 1018.330140][ T30] get_signal+0x16a3/0x1740 [ 1018.340738][ T30] ? __pfx_get_signal+0x10/0x10 [ 1018.349872][ T30] arch_do_signal_or_restart+0x96/0x860 [ 1018.360246][ T30] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1018.370099][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1018.378708][ T30] ? syscall_exit_to_user_mode+0xa3/0x370 [ 1018.391939][ T30] syscall_exit_to_user_mode+0xc9/0x370 [ 1018.400331][ T30] do_syscall_64+0x100/0x230 [ 1018.411890][ T30] ? clear_bhb_loop+0x35/0x90 [ 1018.417048][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1018.423000][ T30] RIP: 0033:0x7f6bd1374257 [ 1018.435771][ T30] RSP: 002b:00007f6bd165fd90 EFLAGS: 00000293 ORIG_RAX: 000000000000003d [ 1018.451518][ T30] RAX: fffffffffffffe00 RBX: 0000000000000052 RCX: 00007f6bd1374257 [ 1018.462270][ T30] RDX: 0000000040000000 RSI: 00007f6bd165fdec RDI: 00000000ffffffff [ 1018.478601][ T30] RBP: 00007f6bd165fdec R08: 0000000000000000 R09: 7fffffffffffffff [ 1018.489782][ T30] R10: 0000000000000000 R11: 0000000000000293 R12: 00005555629725eb [ 1018.505756][ T30] R13: 0000555562972590 R14: 00000000000cb00b R15: 00007f6bd165fe40 [ 1018.522017][ T30] [ 1018.525464][ T30] INFO: task syz.3.1808:16863 blocked for more than 148 seconds. [ 1018.533211][ T30] Not tainted 6.11.0-syzkaller-11728-gad46e8f95e93 #0 [ 1018.543827][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1018.552628][ T30] task:syz.3.1808 state:D stack:23584 pid:16863 tgid:16861 ppid:16387 flags:0x00004006 [ 1018.571724][ T30] Call Trace: [ 1018.576601][ T30] [ 1018.579578][ T30] __schedule+0x1895/0x4b30 [ 1018.591671][T17005] Bluetooth: hci15: command tx timeout [ 1018.602441][ T30] ? __pfx___schedule+0x10/0x10 [ 1018.615063][ T30] ? __pfx_lock_release+0x10/0x10 [ 1018.620176][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 1018.633479][ T30] ? schedule+0x90/0x320 [ 1018.638290][ T30] schedule+0x14b/0x320 [ 1018.642505][ T30] schedule_preempt_disabled+0x13/0x30 [ 1018.653784][ T30] __mutex_lock+0x6a7/0xd70 [ 1018.658351][ T30] ? __mutex_lock+0x52a/0xd70 [ 1018.663054][ T30] ? tun_chr_close+0x3b/0x1b0 [ 1018.677291][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1018.682383][ T30] ? __pfx_call_rcu+0x10/0x10 [ 1018.693234][ T30] tun_chr_close+0x3b/0x1b0 [ 1018.700379][ T30] ? __pfx_tun_chr_close+0x10/0x10 [ 1018.713808][ T30] __fput+0x23f/0x880 [ 1018.717950][ T30] task_work_run+0x24f/0x310 [ 1018.722566][ T30] ? kasan_quarantine_put+0xdc/0x230 [ 1018.737658][ T30] ? __pfx_task_work_run+0x10/0x10 [ 1018.742826][ T30] ? do_exit+0xa2a/0x28e0 [ 1018.754255][ T30] ? kmem_cache_free+0x1a2/0x420 [ 1018.759250][ T30] ? do_exit+0xa2a/0x28e0 [ 1018.763617][ T30] do_exit+0xa2f/0x28e0 [ 1018.780129][ T30] ? __pfx_do_exit+0x10/0x10 [ 1018.792098][ T30] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1018.797920][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1018.811962][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1018.821050][ T30] ? _raw_spin_lock_irq+0xdf/0x120 [ 1018.852085][ T30] do_group_exit+0x207/0x2c0 [ 1018.863894][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 1018.869157][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 1018.883960][ T30] get_signal+0x16a3/0x1740 [ 1018.888539][ T30] ? __pfx_get_signal+0x10/0x10 [ 1018.893430][ T30] arch_do_signal_or_restart+0x96/0x860 [ 1018.903799][ T30] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1018.910008][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1018.925919][ T30] ? syscall_exit_to_user_mode+0xa3/0x370 [ 1018.931703][ T30] syscall_exit_to_user_mode+0xc9/0x370 [ 1018.945780][ T30] do_syscall_64+0x100/0x230 [ 1018.950431][ T30] ? clear_bhb_loop+0x35/0x90 [ 1018.963010][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1018.969340][ T30] RIP: 0033:0x7f3bff17dff9 [ 1018.981884][ T30] RSP: 002b:00007f3bfff4c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1018.992136][ T30] RAX: 0000000000000008 RBX: 00007f3bff336058 RCX: 00007f3bff17dff9 [ 1019.003714][ T30] RDX: 0000000000000008 RSI: 0000000020000080 RDI: 0000000000000006 [ 1019.011742][ T30] RBP: 00007f3bff1f0296 R08: 0000000000000000 R09: 0000000000000000 [ 1019.027518][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1019.041748][ T30] R13: 0000000000000000 R14: 00007f3bff336058 R15: 00007f3bff45fa28 [ 1019.053555][ T30] [ 1019.062795][ T30] INFO: task syz-executor:17010 blocked for more than 148 seconds. [ 1019.074698][ T30] Not tainted 6.11.0-syzkaller-11728-gad46e8f95e93 #0 [ 1019.082129][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1019.098929][ T30] task:syz-executor state:D stack:25248 pid:17010 tgid:17010 ppid:1 flags:0x00004004 [ 1019.113119][ T30] Call Trace: [ 1019.121238][ T30] [ 1019.128291][ T30] __schedule+0x1895/0x4b30 [ 1019.132876][ T30] ? __pfx___schedule+0x10/0x10 [ 1019.142812][ T30] ? __pfx_lock_release+0x10/0x10 [ 1019.152500][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 1019.162960][ T30] ? schedule+0x90/0x320 [ 1019.173854][ T30] schedule+0x14b/0x320 [ 1019.178072][ T30] schedule_preempt_disabled+0x13/0x30 [ 1019.183560][ T30] __mutex_lock+0x6a7/0xd70 [ 1019.197247][ T30] ? __mutex_lock+0x52a/0xd70 [ 1019.202066][ T30] ? register_nexthop_notifier+0x84/0x290 [ 1019.214111][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1019.219197][ T30] ? __asan_memset+0x23/0x50 [ 1019.232369][ T30] register_nexthop_notifier+0x84/0x290 [ 1019.238547][ T30] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 1019.253603][ T30] ? __pfx_debug_check_no_locks_freed+0x10/0x10 [ 1019.260030][ T30] ? __pfx_register_nexthop_notifier+0x10/0x10 [ 1019.275023][ T30] ? __asan_memset+0x23/0x50 [ 1019.279711][ T30] ops_init+0x31e/0x590 [ 1019.291613][ T30] ? lockdep_init_map_type+0xa1/0x910 [ 1019.299132][ T30] setup_net+0x287/0x9e0 [ 1019.303423][ T30] ? __pfx_down_read_killable+0x10/0x10 [ 1019.317761][ T30] ? __pfx_setup_net+0x10/0x10 [ 1019.322599][ T30] copy_net_ns+0x33f/0x570 [ 1019.330861][ T30] create_new_namespaces+0x425/0x7b0 [ 1019.341074][ T30] unshare_nsproxy_namespaces+0x124/0x180 [ 1019.350655][ T30] ksys_unshare+0x619/0xc10 [ 1019.362035][ T30] ? __pfx_ksys_unshare+0x10/0x10 [ 1019.370876][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1019.381833][ T30] ? do_syscall_64+0x100/0x230 [ 1019.391732][ T30] __x64_sys_unshare+0x38/0x40 [ 1019.401313][ T30] do_syscall_64+0xf3/0x230 [ 1019.411431][ T30] ? clear_bhb_loop+0x35/0x90 [ 1019.420928][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1019.430635][ T30] RIP: 0033:0x7f9e5e37f7f7 [ 1019.439809][ T30] RSP: 002b:00007f9e5e65ffa8 EFLAGS: 00000206 ORIG_RAX: 0000000000000110 [ 1019.452080][ T30] RAX: ffffffffffffffda RBX: 00007f9e5e3f1a85 RCX: 00007f9e5e37f7f7 [ 1019.467154][ T30] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 [ 1019.480987][ T30] RBP: 0000000000000000 R08: 00007f9e5f067d60 R09: 0000000000000000 [ 1019.492647][ T30] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000000000c [ 1019.512078][ T30] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 1019.522508][ T30] [ 1019.533904][ T30] INFO: task syz-executor:17012 blocked for more than 149 seconds. [ 1019.541833][ T30] Not tainted 6.11.0-syzkaller-11728-gad46e8f95e93 #0 [ 1019.557623][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1019.571503][ T30] task:syz-executor state:D stack:26288 pid:17012 tgid:17012 ppid:1 flags:0x00004006 [ 1019.586785][ T30] Call Trace: [ 1019.590101][ T30] [ 1019.593050][ T30] __schedule+0x1895/0x4b30 [ 1019.602771][ T30] ? __pfx___schedule+0x10/0x10 [ 1019.612695][ T30] ? __pfx_lock_release+0x10/0x10 [ 1019.624705][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 1019.630225][ T30] ? schedule+0x90/0x320 [ 1019.641626][ T30] schedule+0x14b/0x320 [ 1019.646220][ T30] schedule_preempt_disabled+0x13/0x30 [ 1019.651722][ T30] __mutex_lock+0x6a7/0xd70 [ 1019.663797][ T30] ? __mutex_lock+0x52a/0xd70 [ 1019.668616][ T30] ? register_nexthop_notifier+0x84/0x290 [ 1019.683289][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1019.688705][ T30] ? __asan_memset+0x23/0x50 [ 1019.693338][ T30] register_nexthop_notifier+0x84/0x290 [ 1019.703946][ T30] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 1019.709807][ T30] ? __pfx_debug_check_no_locks_freed+0x10/0x10 [ 1019.724930][ T30] ? __pfx_register_nexthop_notifier+0x10/0x10 [ 1019.731153][ T30] ? __asan_memset+0x23/0x50 [ 1019.745442][ T30] ops_init+0x31e/0x590 [ 1019.749663][ T30] ? lockdep_init_map_type+0xa1/0x910 [ 1019.763720][ T30] setup_net+0x287/0x9e0 [ 1019.768029][ T30] ? __pfx_down_read_killable+0x10/0x10 [ 1019.782520][ T30] ? __pfx_setup_net+0x10/0x10 [ 1019.793883][ T30] copy_net_ns+0x33f/0x570 [ 1019.798370][ T30] create_new_namespaces+0x425/0x7b0 [ 1019.814256][ T30] unshare_nsproxy_namespaces+0x124/0x180 [ 1019.820045][ T30] ksys_unshare+0x619/0xc10 [ 1019.837206][ T30] ? __pfx_ksys_unshare+0x10/0x10 [ 1019.842381][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1019.854245][ T30] ? do_syscall_64+0x100/0x230 [ 1019.859066][ T30] __x64_sys_unshare+0x38/0x40 [ 1019.874109][ T30] do_syscall_64+0xf3/0x230 [ 1019.878671][ T30] ? clear_bhb_loop+0x35/0x90 [ 1019.883378][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1019.898103][ T30] RIP: 0033:0x7f2fafb7f7f7 [ 1019.902653][ T30] RSP: 002b:00007f2fafe5ffa8 EFLAGS: 00000206 ORIG_RAX: 0000000000000110 [ 1019.919501][ T30] RAX: ffffffffffffffda RBX: 00007f2fafbf1a85 RCX: 00007f2fafb7f7f7 [ 1019.930197][ T30] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 [ 1019.949842][ T30] RBP: 0000000000000000 R08: 00007f2fb0867d60 R09: 0000000000000000 [ 1019.960051][ T30] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000000000c [ 1019.976390][ T30] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 1019.989241][ T30] [ 1019.992403][ T30] INFO: task syz-executor:17013 blocked for more than 149 seconds. [ 1020.009980][ T30] Not tainted 6.11.0-syzkaller-11728-gad46e8f95e93 #0 [ 1020.018970][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1020.036567][ T30] task:syz-executor state:D stack:26816 pid:17013 tgid:17013 ppid:1 flags:0x00004004 [ 1020.057609][ T30] Call Trace: [ 1020.060941][ T30] [ 1020.068205][ T30] __schedule+0x1895/0x4b30 [ 1020.072787][ T30] ? __pfx___schedule+0x10/0x10 [ 1020.082708][ T30] ? __pfx_lock_release+0x10/0x10 [ 1020.091606][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 1020.101898][ T30] ? schedule+0x90/0x320 [ 1020.112570][ T30] schedule+0x14b/0x320 [ 1020.121639][ T30] schedule_preempt_disabled+0x13/0x30 [ 1020.130816][ T30] __mutex_lock+0x6a7/0xd70 [ 1020.140091][ T30] ? __mutex_lock+0x52a/0xd70 [ 1020.148535][ T30] ? register_nexthop_notifier+0x84/0x290 [ 1020.161168][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1020.169981][ T30] ? __asan_memset+0x23/0x50 [ 1020.177046][ T30] register_nexthop_notifier+0x84/0x290 [ 1020.182638][ T30] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 1020.196564][ T30] ? __pfx_debug_check_no_locks_freed+0x10/0x10 [ 1020.202860][ T30] ? __pfx_register_nexthop_notifier+0x10/0x10 [ 1020.216018][ T30] ? __asan_memset+0x23/0x50 [ 1020.220707][ T30] ops_init+0x31e/0x590 [ 1020.235167][ T30] ? lockdep_init_map_type+0xa1/0x910 [ 1020.240602][ T30] setup_net+0x287/0x9e0 [ 1020.253798][ T30] ? __pfx_down_read_killable+0x10/0x10 [ 1020.259403][ T30] ? __pfx_setup_net+0x10/0x10 [ 1020.275295][ T30] copy_net_ns+0x33f/0x570 [ 1020.279778][ T30] create_new_namespaces+0x425/0x7b0 [ 1020.293766][ T30] unshare_nsproxy_namespaces+0x124/0x180 [ 1020.299555][ T30] ksys_unshare+0x619/0xc10 [ 1020.312570][ T30] ? __pfx_ksys_unshare+0x10/0x10 [ 1020.318123][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1020.333604][ T30] ? do_syscall_64+0x100/0x230 [ 1020.338534][ T30] __x64_sys_unshare+0x38/0x40 [ 1020.343333][ T30] do_syscall_64+0xf3/0x230 [ 1020.356606][ T30] ? clear_bhb_loop+0x35/0x90 [ 1020.361433][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1020.372297][ T30] RIP: 0033:0x7fe954b7f7f7 [ 1020.382928][ T30] RSP: 002b:00007fe954e5ffa8 EFLAGS: 00000206 ORIG_RAX: 0000000000000110 [ 1020.400113][ T30] RAX: ffffffffffffffda RBX: 00007fe954bf1a85 RCX: 00007fe954b7f7f7 [ 1020.409701][ T30] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 [ 1020.424315][ T30] RBP: 0000000000000000 R08: 00007fe955867d60 R09: 0000000000000000 [ 1020.432334][ T30] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000000000c [ 1020.449566][ T30] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 1020.461474][ T30] [ 1020.469506][ T30] INFO: task syz-executor:17014 blocked for more than 150 seconds. [ 1020.481106][ T30] Not tainted 6.11.0-syzkaller-11728-gad46e8f95e93 #0 [ 1020.499318][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1020.511081][ T30] task:syz-executor state:D stack:26816 pid:17014 tgid:17014 ppid:1 flags:0x00004004 [ 1020.525413][ T30] Call Trace: [ 1020.528730][ T30] [ 1020.531720][ T30] __schedule+0x1895/0x4b30 [ 1020.545785][ T30] ? __pfx___schedule+0x10/0x10 [ 1020.550697][ T30] ? __pfx_lock_release+0x10/0x10 [ 1020.563765][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 1020.569283][ T30] ? schedule+0x90/0x320 [ 1020.573553][ T30] schedule+0x14b/0x320 [ 1020.586219][ T30] schedule_preempt_disabled+0x13/0x30 [ 1020.591735][ T30] __mutex_lock+0x6a7/0xd70 [ 1020.605766][ T30] ? __mutex_lock+0x52a/0xd70 [ 1020.610497][ T30] ? register_nexthop_notifier+0x84/0x290 [ 1020.624654][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1020.629753][ T30] ? __asan_memset+0x23/0x50 [ 1020.641522][ T30] register_nexthop_notifier+0x84/0x290 [ 1020.649999][ T30] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 1020.662828][ T30] ? __pfx_debug_check_no_locks_freed+0x10/0x10 [ 1020.669911][ T5240] Bluetooth: hci15: command tx timeout [ 1020.683783][ T30] ? __pfx_register_nexthop_notifier+0x10/0x10 [ 1020.690012][ T30] ? __asan_memset+0x23/0x50 [ 1020.702891][ T30] ops_init+0x31e/0x590 [ 1020.708781][ T30] ? lockdep_init_map_type+0xa1/0x910 [ 1020.722174][ T30] setup_net+0x287/0x9e0 [ 1020.726626][ T30] ? __pfx_down_read_killable+0x10/0x10 [ 1020.732213][ T30] ? __pfx_setup_net+0x10/0x10 [ 1020.747423][ T30] copy_net_ns+0x33f/0x570 [ 1020.751916][ T30] create_new_namespaces+0x425/0x7b0 [ 1020.763833][ T30] unshare_nsproxy_namespaces+0x124/0x180 [ 1020.769626][ T30] ksys_unshare+0x619/0xc10 [ 1020.781735][ T30] ? __pfx_ksys_unshare+0x10/0x10 [ 1020.787264][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1020.793299][ T30] ? do_syscall_64+0x100/0x230 [ 1020.803763][ T30] __x64_sys_unshare+0x38/0x40 [ 1020.808588][ T30] do_syscall_64+0xf3/0x230 [ 1020.813139][ T30] ? clear_bhb_loop+0x35/0x90 [ 1020.835128][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1020.841086][ T30] RIP: 0033:0x7fbe1b17f7f7 [ 1020.855585][ T30] RSP: 002b:00007fbe1b45ffa8 EFLAGS: 00000206 ORIG_RAX: 0000000000000110 [ 1020.872270][ T30] RAX: ffffffffffffffda RBX: 00007fbe1b1f1a85 RCX: 00007fbe1b17f7f7 [ 1020.880694][ T30] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 [ 1020.893698][ T30] RBP: 0000000000000000 R08: 00007fbe1be67d60 R09: 0000000000000000 [ 1020.901717][ T30] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000000000c [ 1020.917537][ T5240] Bluetooth: hci2: command 0x0406 tx timeout [ 1020.940153][ T30] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 1020.951981][ T30] [ 1020.961307][ T30] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings [ 1020.980912][ T30] INFO: task syz-executor:17016 blocked for more than 150 seconds. [ 1021.003934][ T30] Not tainted 6.11.0-syzkaller-11728-gad46e8f95e93 #0 [ 1021.011273][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1021.028514][ T30] task:syz-executor state:D stack:26816 pid:17016 tgid:17016 ppid:1 flags:0x00004006 [ 1021.041600][ T30] Call Trace: [ 1021.053813][ T30] [ 1021.056806][ T30] __schedule+0x1895/0x4b30 [ 1021.061360][ T30] ? __pfx___schedule+0x10/0x10 [ 1021.075247][ T30] ? __pfx_lock_release+0x10/0x10 [ 1021.080334][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 1021.092903][ T30] ? schedule+0x90/0x320 [ 1021.099402][ T30] schedule+0x14b/0x320 [ 1021.103611][ T30] schedule_preempt_disabled+0x13/0x30 [ 1021.117612][ T30] __mutex_lock+0x6a7/0xd70 [ 1021.122246][ T30] ? __mutex_lock+0x52a/0xd70 [ 1021.133806][ T30] ? register_nexthop_notifier+0x84/0x290 [ 1021.139585][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1021.155460][ T30] ? __asan_memset+0x23/0x50 [ 1021.160127][ T30] register_nexthop_notifier+0x84/0x290 [ 1021.174136][ T30] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 1021.180015][ T30] ? __pfx_debug_check_no_locks_freed+0x10/0x10 [ 1021.193762][ T30] ? __pfx_register_nexthop_notifier+0x10/0x10 [ 1021.200229][ T30] ? __asan_memset+0x23/0x50 [ 1021.213302][ T30] ops_init+0x31e/0x590 [ 1021.217708][ T30] ? lockdep_init_map_type+0xa1/0x910 [ 1021.223124][ T30] setup_net+0x287/0x9e0 [ 1021.233751][ T30] ? __pfx_down_read_killable+0x10/0x10 [ 1021.239355][ T30] ? __pfx_setup_net+0x10/0x10 [ 1021.252115][ T30] copy_net_ns+0x33f/0x570 [ 1021.257852][ T30] create_new_namespaces+0x425/0x7b0 [ 1021.263198][ T30] unshare_nsproxy_namespaces+0x124/0x180 [ 1021.278655][ T30] ksys_unshare+0x619/0xc10 [ 1021.283230][ T30] ? __pfx_ksys_unshare+0x10/0x10 [ 1021.291799][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1021.303824][ T30] ? do_syscall_64+0x100/0x230 [ 1021.308658][ T30] __x64_sys_unshare+0x38/0x40 [ 1021.313465][ T30] do_syscall_64+0xf3/0x230 [ 1021.326918][ T30] ? clear_bhb_loop+0x35/0x90 [ 1021.331641][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1021.343547][ T30] RIP: 0033:0x7fd058b7f7f7 [ 1021.350822][ T30] RSP: 002b:00007fd058e5ffa8 EFLAGS: 00000206 ORIG_RAX: 0000000000000110 [ 1021.368665][ T30] RAX: ffffffffffffffda RBX: 00007fd058bf1a85 RCX: 00007fd058b7f7f7 [ 1021.380635][ T30] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 [ 1021.398423][ T30] RBP: 0000000000000000 R08: 00007fd059867d60 R09: 0000000000000000 [ 1021.411238][ T30] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000000000c [ 1021.423834][ T30] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 1021.431869][ T30] [ 1021.442250][ T30] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings [ 1021.451742][ T30] [ 1021.451742][ T30] Showing all locks held in the system: [ 1021.463824][ T30] 3 locks held by kworker/0:0/8: [ 1021.468887][ T30] #0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 1021.489409][ T30] #1: ffffc900000d7d00 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 1021.509583][ T30] #2: ffffffff8fcd1408 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xe/0x20 [ 1021.522649][ T30] 1 lock held by khungtaskd/30: [ 1021.533475][ T30] #0: ffffffff8e937da0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 1021.552416][ T30] 4 locks held by kworker/u8:3/52: [ 1021.558721][ T30] #0: ffff88801baed948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 1021.573779][ T30] #1: ffffc90000bd7d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 1021.592360][ T30] #2: ffffffff8fcc4910 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 [ 1021.603572][ T30] #3: ffffffff8fcd1408 (rtnl_mutex){+.+.}-{3:3}, at: wiphy_unregister+0x236/0xb00 [ 1021.622297][ T30] 3 locks held by kworker/u8:8/2547: [ 1021.634004][ T30] #0: ffff88802de14948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 1021.653359][ T30] #1: ffffc90008ec7d00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 1021.674652][ T30] #2: ffffffff8fcd1408 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x19/0x30 [ 1021.691688][ T30] 3 locks held by kworker/u8:9/2565: [ 1021.697358][ T30] #0: ffff88801ac89148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 1021.719915][ T30] #1: ffffc900092c7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 1021.739539][ T30] #2: ffffffff8fcd1408 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 1021.750309][ T30] 2 locks held by getty/4983: [ 1021.762728][ T30] #0: ffff88802e7060a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 1021.781049][ T30] #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6a6/0x1e00 [ 1021.803775][ T30] 4 locks held by kworker/0:8/5314: [ 1021.809029][ T30] 1 lock held by syz-executor/14597: [ 1021.823870][ T30] #0: ffffffff8fcd1408 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3b/0x1b0 [ 1021.832945][ T30] 3 locks held by kworker/0:6/15592: [ 1021.846328][ T30] 1 lock held by syz-executor/15692: [ 1021.851661][ T30] #0: ffffffff8fcd1408 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3b/0x1b0 [ 1021.868861][ T30] 1 lock held by syz-executor/16120: [ 1021.883775][ T30] #0: ffffffff8fcd1408 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3b/0x1b0 [ 1021.892843][ T30] 1 lock held by syz.0.1805/16850: [ 1021.913765][ T30] 1 lock held by syz.3.1808/16863: [ 1021.918932][ T30] #0: ffffffff8fcd1408 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3b/0x1b0 [ 1021.938458][ T30] 2 locks held by syz-executor/17010: [ 1021.954248][ T30] #0: ffffffff8fcc4910 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 1021.972678][ T30] #1: ffffffff8fcd1408 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 1021.983321][ T30] 2 locks held by syz-executor/17012: [ 1021.993696][ T30] #0: ffffffff8fcc4910 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 1022.003188][ T30] #1: ffffffff8fcd1408 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 1022.021925][ T30] 2 locks held by syz-executor/17013: [ 1022.043436][ T30] #0: ffffffff8fcc4910 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 1022.053397][ T30] #1: ffffffff8fcd1408 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 1022.073419][ T30] 2 locks held by syz-executor/17014: [ 1022.079197][ T30] #0: ffffffff8fcc4910 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 1022.093700][ T30] #1: ffffffff8fcd1408 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 1022.113200][ T30] 2 locks held by syz-executor/17016: [ 1022.119099][ T30] #0: ffffffff8fcc4910 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 1022.133697][ T30] #1: ffffffff8fcd1408 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 1022.154479][ T30] 2 locks held by syz-executor/17025: [ 1022.159895][ T30] #0: ffffffff8fcc4910 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 1022.179368][ T30] #1: ffffffff8fcd1408 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 1022.192247][ T30] 2 locks held by syz-executor/17029: [ 1022.203581][ T30] #0: ffffffff8fcc4910 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 1022.213288][ T30] #1: ffffffff8fcd1408 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 1022.232865][ T30] 2 locks held by syz-executor/17034: [ 1022.238739][ T30] #0: ffffffff8fcc4910 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 1022.255362][ T30] #1: ffffffff8fcd1408 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 1022.274873][ T30] 2 locks held by syz-executor/17038: [ 1022.280284][ T30] #0: ffffffff8fcc4910 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 1022.298694][ T30] #1: ffffffff8fcd1408 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 1022.312568][ T30] 2 locks held by syz-executor/17045: [ 1022.323791][ T30] #0: ffffffff8fcc4910 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 1022.333272][ T30] #1: ffffffff8fcd1408 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 1022.350943][ T30] 2 locks held by syz-executor/17051: [ 1022.358414][ T30] #0: ffffffff8fcc4910 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 1022.377491][ T30] #1: ffffffff8fcd1408 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 1022.391303][ T30] 2 locks held by syz-executor/17054: [ 1022.401996][ T30] #0: ffffffff8fcc4910 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 1022.420850][ T30] #1: ffffffff8fcd1408 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 1022.431380][ T30] 2 locks held by syz-executor/17057: [ 1022.443731][ T30] #0: ffffffff8fcc4910 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 1022.453306][ T30] #1: ffffffff8fcd1408 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 1022.472121][ T30] 2 locks held by syz-executor/17060: [ 1022.479228][ T30] #0: ffffffff8fcc4910 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 1022.493973][ T30] #1: ffffffff8fcd1408 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 1022.513537][ T30] 2 locks held by syz-executor/17066: [ 1022.519331][ T30] #0: ffffffff8fcc4910 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 1022.536937][ T30] #1: ffffffff8fcd1408 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 1022.551942][ T30] 2 locks held by syz-executor/17079: [ 1022.562229][ T30] #0: ffffffff8fcc4910 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 1022.580035][ T30] #1: ffffffff8fcd1408 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 1022.601605][ T30] [ 1022.605586][ T30] ============================================= [ 1022.605586][ T30] [ 1022.622668][ T30] NMI backtrace for cpu 1 [ 1022.627054][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-syzkaller-11728-gad46e8f95e93 #0 [ 1022.637231][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1022.647325][ T30] Call Trace: [ 1022.650623][ T30] [ 1022.653570][ T30] dump_stack_lvl+0x241/0x360 [ 1022.658367][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1022.663595][ T30] ? __pfx__printk+0x10/0x10 [ 1022.668221][ T30] nmi_cpu_backtrace+0x49c/0x4d0 [ 1022.673194][ T30] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 1022.678675][ T30] ? _printk+0xd5/0x120 [ 1022.682859][ T30] ? __pfx__printk+0x10/0x10 [ 1022.687564][ T30] ? __wake_up_klogd+0xcc/0x110 [ 1022.692610][ T30] ? __pfx__printk+0x10/0x10 [ 1022.697236][ T30] ? __rcu_read_unlock+0xa1/0x110 [ 1022.702375][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1022.708401][ T30] nmi_trigger_cpumask_backtrace+0x198/0x320 [ 1022.714422][ T30] watchdog+0xff4/0x1040 [ 1022.718877][ T30] ? watchdog+0x1ea/0x1040 [ 1022.723329][ T30] ? __pfx_watchdog+0x10/0x10 [ 1022.728037][ T30] kthread+0x2f0/0x390 [ 1022.732127][ T30] ? __pfx_watchdog+0x10/0x10 [ 1022.736828][ T30] ? __pfx_kthread+0x10/0x10 [ 1022.741616][ T30] ret_from_fork+0x4b/0x80 [ 1022.746061][ T30] ? __pfx_kthread+0x10/0x10 [ 1022.750674][ T30] ret_from_fork_asm+0x1a/0x30 [ 1022.755479][ T30] [ 1022.759417][ T30] Sending NMI from CPU 1 to CPUs 0: [ 1022.764741][ C0] NMI backtrace for cpu 0 [ 1022.764755][ C0] CPU: 0 UID: 0 PID: 5314 Comm: kworker/0:8 Not tainted 6.11.0-syzkaller-11728-gad46e8f95e93 #0 [ 1022.764776][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1022.764788][ C0] Workqueue: events nsim_dev_trap_report_work [ 1022.764811][ C0] RIP: 0010:stack_depot_save_flags+0x9d/0x830 [ 1022.764836][ C0] Code: 08 44 89 f7 c1 c7 04 44 29 f0 31 c7 41 01 de 29 fb 89 fd c1 c5 06 31 dd 44 01 f7 89 e9 c1 c1 08 41 29 ee 44 31 f1 01 fd 29 cf <89> c8 c1 c0 10 31 f8 01 e9 89 c3 c1 c3 13 29 c5 31 eb 01 c8 29 d9 [ 1022.764851][ C0] RSP: 0018:ffffc90000006d40 EFLAGS: 00000a83 [ 1022.764866][ C0] RAX: 000000003b223479 RBX: 000000003314939c RCX: 0000000098a1dd51 [ 1022.764878][ C0] RDX: ffffc90000006e00 RSI: 000000000000001a RDI: 00000000a640d7a2 [ 1022.764890][ C0] RBP: 00000000ace68044 R08: ffffc90000006da0 R09: 0000000000000019 [ 1022.764902][ C0] R10: ffffc90000006c70 R11: ffffffff81806700 R12: ffffffff8995af70 [ 1022.764915][ C0] R13: 1ffff92000000e0c R14: 000000009b6a8c3f R15: 0000000000000000 [ 1022.764927][ C0] FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 1022.764942][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1022.764954][ C0] CR2: 00007ffd9f831cd8 CR3: 000000000e734000 CR4: 00000000003506f0 [ 1022.764969][ C0] Call Trace: [ 1022.764975][ C0] [ 1022.764983][ C0] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 1022.765002][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 1022.765027][ C0] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 1022.765046][ C0] ? nmi_handle+0x2a/0x5a0 [ 1022.765069][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 1022.765089][ C0] ? nmi_handle+0x14f/0x5a0 [ 1022.765105][ C0] ? nmi_handle+0x2a/0x5a0 [ 1022.765121][ C0] ? stack_depot_save_flags+0x9d/0x830 [ 1022.765143][ C0] ? default_do_nmi+0x63/0x160 [ 1022.765163][ C0] ? exc_nmi+0x123/0x1f0 [ 1022.765181][ C0] ? end_repeat_nmi+0xf/0x53 [ 1022.765205][ C0] ? __pfx_dst_destroy_rcu+0x10/0x10 [ 1022.765229][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1022.765251][ C0] ? stack_depot_save_flags+0x9d/0x830 [ 1022.765273][ C0] ? stack_depot_save_flags+0x9d/0x830 [ 1022.765296][ C0] ? stack_depot_save_flags+0x9d/0x830 [ 1022.765318][ C0] [ 1022.765324][ C0] [ 1022.765332][ C0] ? __pfx_dst_destroy_rcu+0x10/0x10 [ 1022.765356][ C0] kasan_save_stack+0x4f/0x60 [ 1022.765371][ C0] ? kasan_save_stack+0x3f/0x60 [ 1022.765385][ C0] ? __kasan_record_aux_stack+0xac/0xc0 [ 1022.765406][ C0] ? call_rcu+0x167/0xa70 [ 1022.765422][ C0] ? skb_release_head_state+0x73/0x250 [ 1022.765438][ C0] ? consume_skb+0x60/0xf0 [ 1022.765452][ C0] ? nft_synproxy_eval_v4+0x3d2/0x610 [ 1022.765480][ C0] ? nft_synproxy_do_eval+0x362/0xa60 [ 1022.765501][ C0] ? nft_do_chain+0x4ad/0x1da0 [ 1022.765522][ C0] ? nft_do_chain_inet+0x418/0x6b0 [ 1022.765544][ C0] ? nf_hook_slow+0xc3/0x220 [ 1022.765562][ C0] ? NF_HOOK+0x29e/0x450 [ 1022.765578][ C0] ? NF_HOOK+0x3a4/0x450 [ 1022.765593][ C0] ? __netif_receive_skb+0x2bf/0x650 [ 1022.765611][ C0] ? process_backlog+0x662/0x15b0 [ 1022.765630][ C0] ? __napi_poll+0xcb/0x490 [ 1022.765647][ C0] ? net_rx_action+0x89b/0x1240 [ 1022.765666][ C0] ? handle_softirqs+0x2c5/0x980 [ 1022.765685][ C0] ? do_softirq+0x11b/0x1e0 [ 1022.765703][ C0] ? __local_bh_enable_ip+0x1bb/0x200 [ 1022.765722][ C0] ? nsim_dev_trap_report_work+0x75d/0xaa0 [ 1022.765739][ C0] ? process_scheduled_works+0xa63/0x1850 [ 1022.765759][ C0] ? worker_thread+0x870/0xd30 [ 1022.765780][ C0] ? kthread+0x2f0/0x390 [ 1022.765793][ C0] ? ret_from_fork+0x4b/0x80 [ 1022.765815][ C0] ? ret_from_fork_asm+0x1a/0x30 [ 1022.765850][ C0] ? __phys_addr+0xba/0x170 [ 1022.765867][ C0] __kasan_record_aux_stack+0xac/0xc0 [ 1022.765889][ C0] call_rcu+0x167/0xa70 [ 1022.765910][ C0] ? __pfx_call_rcu+0x10/0x10 [ 1022.765926][ C0] ? rcuref_put+0x1e3/0x240 [ 1022.765949][ C0] ? __pfx_rcuref_put+0x10/0x10 [ 1022.765976][ C0] skb_release_head_state+0x73/0x250 [ 1022.765993][ C0] consume_skb+0x60/0xf0 [ 1022.766008][ C0] nft_synproxy_eval_v4+0x3d2/0x610 [ 1022.766033][ C0] ? __pfx_nft_synproxy_eval_v4+0x10/0x10 [ 1022.766056][ C0] ? nf_ip_checksum+0x13a/0x500 [ 1022.766080][ C0] nft_synproxy_do_eval+0x362/0xa60 [ 1022.766104][ C0] ? __pfx_nft_synproxy_do_eval+0x10/0x10 [ 1022.766126][ C0] ? ip_vs_conn_hashkey_param+0x3ad/0x6b0 [ 1022.766151][ C0] ? ip_vs_conn_out_get+0xba6/0xc00 [ 1022.766177][ C0] nft_do_chain+0x4ad/0x1da0 [ 1022.766201][ C0] ? tcp_conn_schedule+0x45e/0x880 [ 1022.766224][ C0] ? __pfx_nft_do_chain+0x10/0x10 [ 1022.766258][ C0] ? __pfx_nf_nat_inet_fn+0x10/0x10 [ 1022.766281][ C0] ? __pfx_ip_vs_in_hook+0x10/0x10 [ 1022.766300][ C0] nft_do_chain_inet+0x418/0x6b0 [ 1022.766322][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 1022.766352][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 1022.766373][ C0] nf_hook_slow+0xc3/0x220 [ 1022.766392][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 1022.766410][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 1022.766427][ C0] NF_HOOK+0x29e/0x450 [ 1022.766445][ C0] ? NF_HOOK+0x9a/0x450 [ 1022.766461][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 1022.766483][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 1022.766504][ C0] ? ip_rcv_finish+0x406/0x560 [ 1022.766522][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 1022.766539][ C0] NF_HOOK+0x3a4/0x450 [ 1022.766555][ C0] ? __lock_acquire+0x1384/0x2050 [ 1022.766577][ C0] ? NF_HOOK+0x9a/0x450 [ 1022.766594][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 1022.766609][ C0] ? ip_rcv_core+0x801/0xd10 [ 1022.766627][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 1022.766647][ C0] ? __pfx_ip_rcv+0x10/0x10 [ 1022.766664][ C0] __netif_receive_skb+0x2bf/0x650 [ 1022.766684][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 1022.766705][ C0] ? __pfx___netif_receive_skb+0x10/0x10 [ 1022.766724][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1022.766746][ C0] ? __pfx_lock_release+0x10/0x10 [ 1022.766768][ C0] ? _raw_spin_lock_irq+0xdf/0x120 [ 1022.766794][ C0] process_backlog+0x662/0x15b0 [ 1022.766816][ C0] ? process_backlog+0x33b/0x15b0 [ 1022.766840][ C0] ? __pfx_process_backlog+0x10/0x10 [ 1022.766859][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1022.766883][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1022.766907][ C0] __napi_poll+0xcb/0x490 [ 1022.766927][ C0] net_rx_action+0x89b/0x1240 [ 1022.766955][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 1022.766975][ C0] ? __pfx_tmigr_handle_remote+0x10/0x10 [ 1022.767012][ C0] handle_softirqs+0x2c5/0x980 [ 1022.767034][ C0] ? do_softirq+0x11b/0x1e0 [ 1022.767054][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 1022.767075][ C0] ? rcu_is_watching+0x15/0xb0 [ 1022.767094][ C0] do_softirq+0x11b/0x1e0 [ 1022.767113][ C0] [ 1022.767118][ C0] [ 1022.767125][ C0] ? __pfx_do_softirq+0x10/0x10 [ 1022.767162][ C0] ? __pfx_lockdep_softirqs_on+0x10/0x10 [ 1022.767186][ C0] ? rcu_is_watching+0x15/0xb0 [ 1022.767204][ C0] __local_bh_enable_ip+0x1bb/0x200 [ 1022.767224][ C0] ? nsim_dev_trap_report_work+0x75d/0xaa0 [ 1022.767242][ C0] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 1022.767263][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 1022.767283][ C0] ? nsim_dev_trap_report_work+0x6a7/0xaa0 [ 1022.767303][ C0] nsim_dev_trap_report_work+0x75d/0xaa0 [ 1022.767327][ C0] ? process_scheduled_works+0x976/0x1850 [ 1022.767348][ C0] process_scheduled_works+0xa63/0x1850 [ 1022.767381][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 1022.767407][ C0] ? assign_work+0x364/0x3d0 [ 1022.767429][ C0] worker_thread+0x870/0xd30 [ 1022.767453][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 1022.767480][ C0] ? __kthread_parkme+0x169/0x1d0 [ 1022.767504][ C0] ? __pfx_worker_thread+0x10/0x10 [ 1022.767525][ C0] kthread+0x2f0/0x390 [ 1022.767540][ C0] ? __pfx_worker_thread+0x10/0x10 [ 1022.767560][ C0] ? __pfx_kthread+0x10/0x10 [ 1022.767576][ C0] ret_from_fork+0x4b/0x80 [ 1022.767596][ C0] ? __pfx_kthread+0x10/0x10 [ 1022.767611][ C0] ret_from_fork_asm+0x1a/0x30 [ 1022.767639][ C0] [ 1023.628559][T17005] Bluetooth: hci15: command tx timeout [ 1023.641861][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 1023.648742][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-syzkaller-11728-gad46e8f95e93 #0 [ 1023.658919][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1023.668995][ T30] Call Trace: [ 1023.672289][ T30] [ 1023.675231][ T30] dump_stack_lvl+0x241/0x360 [ 1023.679937][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1023.685159][ T30] ? __pfx__printk+0x10/0x10 [ 1023.689770][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1023.695867][ T30] ? vscnprintf+0x5d/0x90 [ 1023.700217][ T30] panic+0x349/0x880 [ 1023.704136][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 1023.710311][ T30] ? __pfx_panic+0x10/0x10 [ 1023.714745][ T30] ? tick_nohz_tick_stopped+0x82/0xb0 [ 1023.720131][ T30] ? __irq_work_queue_local+0x137/0x410 [ 1023.725698][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 1023.731085][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 1023.737261][ T30] ? nmi_trigger_cpumask_backtrace+0x2d4/0x320 [ 1023.743433][ T30] ? nmi_trigger_cpumask_backtrace+0x2d9/0x320 [ 1023.749612][ T30] watchdog+0x1033/0x1040 [ 1023.753970][ T30] ? watchdog+0x1ea/0x1040 [ 1023.758431][ T30] ? __pfx_watchdog+0x10/0x10 [ 1023.763127][ T30] kthread+0x2f0/0x390 [ 1023.767210][ T30] ? __pfx_watchdog+0x10/0x10 [ 1023.771905][ T30] ? __pfx_kthread+0x10/0x10 [ 1023.776514][ T30] ret_from_fork+0x4b/0x80 [ 1023.780950][ T30] ? __pfx_kthread+0x10/0x10 [ 1023.785555][ T30] ret_from_fork_asm+0x1a/0x30 [ 1023.790354][ T30] [ 1023.793731][ T30] Kernel Offset: disabled [ 1023.798050][ T30] Rebooting in 86400 seconds..