last executing test programs: 45.011944537s ago: executing program 2 (id=141): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, &(0x7f0000000a80)="bba5683c14d793", 0x7, 0x1, 0x0, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x208, 0x4) sendmmsg$inet(r0, &(0x7f0000000dc0)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000400)="93bffce623851797a8dc7901f004f7498678cd35ef833c350900f95a94770a6845b091e69f243dea0d601c54e9c93ee3568b89a3427c84262ff67b679ccac305b5cea1dcd151d7d235b9a069c41dd52d8041bdc61529260e6c4046d55927c96dcce1609b9c4f8424b9da760270a470f95b99ebb600"/136, 0x88}, {&(0x7f0000000780)="029993440c7a1d95d3bb8cf353fd63c588ffa39f0ff0fced20927ea4b2a247d082247558bef6b2b2cd6a0dffece1b36526e9388c344fb7ac429e430bcb", 0x3d}], 0x2}}, {{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000003c0)="b1", 0x1}], 0x1}}], 0x2, 0xc0) sendto$inet(r0, &(0x7f0000000580)="17", 0x501, 0x10008095, 0x0, 0x0) 44.687228742s ago: executing program 2 (id=144): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0x4002}) ioctl$TUNSETFILTEREBPF(0xffffffffffffffff, 0x800454e1, &(0x7f00000001c0)) 44.269620508s ago: executing program 2 (id=147): r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000001c0)=0xbf) ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000540)={0xfffffff7, 0x200401, 0xe, 0xc6cf, 0x91, "0000080100000200800200000000000300", 0x0, 0x1fd}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000140)=0x8) 43.988817365s ago: executing program 2 (id=152): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0xb500a, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000140)='./file0/file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2145499, 0x0) umount2(&(0x7f00000001c0)='./file0\x00', 0x8) 43.632538298s ago: executing program 2 (id=156): r0 = fsopen(&(0x7f00000002c0)='sysfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fchdir(r1) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r2, 0x0, 0x9}, 0x18) r3 = open(&(0x7f0000000040)='.\x00', 0xc00, 0x48) getdents(r3, &(0x7f0000001fc0)=""/184, 0xb8) 42.48865627s ago: executing program 3 (id=168): openat$uhid(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff0000/0xd000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000fe9000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r0 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1}) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x17, 0x3, &(0x7f0000000180)=@framed, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 42.487243782s ago: executing program 0 (id=169): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$afs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f00000002c0), 0x5, &(0x7f0000000200)=ANY=[]) chdir(&(0x7f0000000340)='./file0\x00') r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x10004, 0x0) getdents64(r0, &(0x7f0000000240)=""/70, 0x46) 42.281539799s ago: executing program 3 (id=171): r0 = syz_io_uring_setup(0x82e, &(0x7f0000000300)={0x0, 0x0, 0x400, 0x2}, &(0x7f0000000100), &(0x7f0000000080)) io_uring_register$IORING_REGISTER_PBUF_RING(r0, 0x16, &(0x7f0000000380)={&(0x7f0000001000)={[{0x0}, {0x0}, {0x0}, {0x0}]}, 0x4}, 0x1) io_uring_register$IORING_REGISTER_PBUF_STATUS(r0, 0x1a, &(0x7f0000000140), 0x1) 42.208504174s ago: executing program 0 (id=172): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000440)=ANY=[@ANYBLOB="b0000000000000ab284dc9a94095f54e34f11a5a480d2115805745f8a24d"], 0xb0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) creat(&(0x7f0000000440)='./file0/file0\x00', 0x188) 41.970843005s ago: executing program 3 (id=174): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fbb7c75150926b00000000", @ANYRES32=r2, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c000200"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="200000001000250800170000000000000a000000", @ANYRES32=r7, @ANYBLOB="01"], 0x20}}, 0x0) 41.894704687s ago: executing program 2 (id=175): fanotify_init(0x200, 0x0) fsopen(&(0x7f0000000180)='hugetlbfs\x00', 0x0) socket(0x10, 0x2, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0xc0, 0x49, 0x7fff0000}]}) socket$inet6(0xa, 0x2, 0x3a) socket$nl_xfrm(0x10, 0x3, 0x6) socket$inet6(0xa, 0x80003, 0x6) socket$nl_generic(0x10, 0x3, 0x10) socket$key(0xf, 0x3, 0x2) socket$netlink(0x10, 0x3, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r1 = fsopen(&(0x7f0000001340)='cgroup2\x00', 0x0) r2 = fsmount(r1, 0x0, 0x0) r3 = openat$cgroup_procs(r2, &(0x7f0000000180)='cgroup.procs\x00', 0x2, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000080)={r3, 0x6, 0x4010003, 0x9}) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080), 0xfffffebe}], 0x1) 41.867233863s ago: executing program 0 (id=176): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x5c, 0x4}]}, 0x10) syz_emit_ethernet(0x11, &(0x7f0000000140)={@local, @link_local, @void, {@mpls_mc={0x8848, {[], @llc={@llc={0x80, 0x0, '\a'}}}}}}, 0x0) 41.840377622s ago: executing program 4 (id=177): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x3, &(0x7f0000000280)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60}, 0x50) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c2", 0x17) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r2, 0x800448f0, 0x0) ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) syz_genetlink_get_family_id$fou(0x0, 0xffffffffffffffff) sendmsg$FOU_CMD_ADD(r1, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x12180, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000740)={r0, 0x0, 0x0}, 0x10) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000780)={@cgroup, 0xffffffffffffffff, 0x2f, 0x2028, 0x4}, 0x20) syz_usb_connect(0x0, 0x0, 0x0, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x0}) 41.462864264s ago: executing program 32 (id=175): fanotify_init(0x200, 0x0) fsopen(&(0x7f0000000180)='hugetlbfs\x00', 0x0) socket(0x10, 0x2, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0xc0, 0x49, 0x7fff0000}]}) socket$inet6(0xa, 0x2, 0x3a) socket$nl_xfrm(0x10, 0x3, 0x6) socket$inet6(0xa, 0x80003, 0x6) socket$nl_generic(0x10, 0x3, 0x10) socket$key(0xf, 0x3, 0x2) socket$netlink(0x10, 0x3, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r1 = fsopen(&(0x7f0000001340)='cgroup2\x00', 0x0) r2 = fsmount(r1, 0x0, 0x0) r3 = openat$cgroup_procs(r2, &(0x7f0000000180)='cgroup.procs\x00', 0x2, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000080)={r3, 0x6, 0x4010003, 0x9}) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080), 0xfffffebe}], 0x1) 41.407892702s ago: executing program 0 (id=179): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x5, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x22}, [@btf_id={0x18, 0xb, 0x3, 0x0, 0x1}]}, &(0x7f0000000000)='GPL\x00', 0x4, 0x6, &(0x7f0000000040)=""/6, 0x41000, 0x42, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10}, 0x94) 41.359878275s ago: executing program 3 (id=180): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000040)={0x38, 0x2, 0x6, 0x3, 0x0, 0x0, {0xd}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x38}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0xc) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10040057}, 0x240008c4) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x30, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x10, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x10048047}, 0x4000050) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) sendmsg$IPSET_CMD_LIST(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)={0x1c, 0x7, 0x6, 0x401, 0x0, 0x0, {0x5, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20004055}, 0x48000) openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) r5 = syz_io_uring_setup(0x9e, &(0x7f0000000000)={0x0, 0xec25, 0x0, 0x2, 0x40000333}, &(0x7f0000000240)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)={0xa0, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x44, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x4}]}, 0xa0}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)={0xac, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x400}, @CTA_NAT_SRC={0x18, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}]}, 0xac}}, 0x0) io_uring_enter(r5, 0x47ba, 0x0, 0x0, 0x0, 0x0) sendmsg$inet6(r4, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043) r9 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r9, &(0x7f0000000440)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000500)={0xa0, 0x41, 0x800, 0x70bd26, 0x25dfdbfb, {0xb}, [@generic="548d357b492b129e118473643790aa383a055dbcaf963953ff3d4ffc533e32ba00604770afd40e909d8f14a69f0147ea0510f02780def0ca43072561a1af4ffa343f821d3368573d443aea3ac9a862571913e3cb3afc7a4b7eaf922684c24e955f3fd15e7b5a98d00eb076f6152a04258402d97425ed1001f1e79e09ac7d565a4a", @typed={0x8, 0x17, 0x0, 0x0, @ipv4=@dev={0xac, 0x14, 0x14, 0x3a}}]}, 0xa0}, 0x1, 0x0, 0x0, 0x4008000}, 0xc040) r10 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000100), 0x802, 0x0) write$uinput_user_dev(r10, &(0x7f0000000140)={'syz0\x00', {0x3ff, 0x8, 0x2, 0x5}, 0x2b, [0x5, 0x7ff, 0x0, 0x4, 0x280, 0x8, 0x7, 0x8, 0x5, 0xf, 0x5, 0xffff, 0x0, 0x3b4, 0x12000, 0x7, 0x844, 0x80000000, 0x70, 0x5, 0x0, 0x1, 0x1, 0x7, 0xf, 0x5, 0x8, 0x342, 0x6, 0xfffffe00, 0x7, 0x2, 0x4d523959, 0x6, 0x7fffffff, 0x2, 0x6, 0xfffffffe, 0x5, 0x1ff, 0x4, 0x3, 0x8, 0xfff, 0x1, 0x40, 0x6, 0x9, 0x0, 0x2, 0x4, 0x200, 0x25, 0xd40d, 0x0, 0x6, 0x3d1, 0x9, 0x800, 0x400, 0x5, 0x1, 0x2000, 0x8], [0x0, 0x0, 0x5, 0x9, 0x5, 0x4, 0x91e2, 0x7, 0x470d, 0x6, 0x3bd, 0x4, 0x6, 0x170000, 0x1, 0x7, 0x2, 0xfff, 0x10, 0x9, 0x0, 0xc, 0x2, 0xde, 0x7ff, 0x380000, 0x7fffffff, 0xffffffff, 0x200, 0x9fc2, 0x84, 0x9b1, 0xfff, 0x2, 0xffffffff, 0xfffffff7, 0x5, 0x8, 0xb57a, 0x2, 0xffffffff, 0x1, 0x3, 0x0, 0xfffffc54, 0x0, 0x0, 0x4, 0x40, 0xb, 0x2, 0x9, 0xe, 0x42800000, 0xd, 0x4, 0x3, 0x1, 0x1000, 0x9, 0x0, 0xdd5, 0x3, 0xf9], [0x5, 0x7, 0x8, 0x6, 0x10001, 0xd530, 0xfffffffb, 0xfffffff1, 0x4824, 0xc51, 0x0, 0xb69f, 0x7, 0x6a2a, 0x6, 0x80000000, 0x1dd2, 0x773, 0x1, 0x81, 0x4, 0x2, 0x5, 0x80, 0x1ff, 0x4, 0x0, 0xbb, 0x6, 0x6, 0x4, 0xe8d2, 0x1a40d419, 0xc8c2, 0x72cab614, 0x9, 0x4, 0x0, 0x7ffd, 0x80000001, 0x200, 0x7, 0xffffd134, 0x6, 0x97f3, 0x9, 0xfffffff8, 0x5, 0x9, 0x2, 0x1, 0x5, 0xfff, 0x7, 0x3, 0x69c, 0x7, 0x5, 0x6, 0x7, 0xdaa0, 0x8, 0x0, 0x9], [0x4, 0xba8, 0x8, 0x3, 0xfdf, 0x1, 0x200, 0x7, 0x80000000, 0xffff, 0x1, 0x9, 0x401, 0xc, 0x80000001, 0xffffffff, 0x3, 0x2, 0x1, 0xc20, 0x3, 0xc1, 0x18b7bb5e, 0x9, 0x0, 0x81, 0xa606, 0x8, 0x0, 0xb6e4, 0x1, 0x0, 0xffac, 0x5539, 0x0, 0x8001, 0xfa, 0x3, 0x100, 0x6, 0x1e96f813, 0x4, 0x7, 0x0, 0x800, 0x80000000, 0x7f, 0x0, 0x7, 0x80, 0x5, 0x4, 0x3c, 0x0, 0xfffffff8, 0x6, 0x1, 0x0, 0x7ff, 0xa304, 0x7ff, 0xf2, 0x2, 0x1]}, 0x45c) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000640)=ANY=[@ANYRES32=r3, @ANYRESHEX=r7, @ANYBLOB="403457499297a8c5844c7a9dc2e198623133d267108974a4e2ffdf7f6daee93c5f6d8e8c1f3b2ba614628dfb45427b2cbe90dd4ffe2a867e07747afcbfeb1c55e776f3b046eaa322d66d65c4ac0239cef21d29c6988a75e4f2", @ANYRESDEC=r1, @ANYRESOCT=r10, @ANYBLOB="593a5b622f60bf1465f5186474f777eac453f2f617efce326ae06fa78af9c320229c061540cb37949db6a138790fce62c8dc8e7dba40b96d947ea62fc358f14e0a667b", @ANYRES16=r8], 0x20}}, 0x0) 41.196816516s ago: executing program 4 (id=181): openat$uhid(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff0000/0xd000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000fe9000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r0 = io_uring_setup(0x7, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x17, 0x3, &(0x7f0000000180)=@framed, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 41.06151678s ago: executing program 0 (id=182): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r1, 0x1, 0x2f, &(0x7f0000000600)=0xdfc, 0x10) sendmmsg$inet(r1, &(0x7f0000000f40)=[{{0x0, 0x0, &(0x7f0000000ac0)=[{&(0x7f0000000380)="cebdd21fe03e57c125bd9c3965b579407c9962373117b122c45bf84c98a973ecb6b9ad663b6a07bdfb5c17a5a2cd48dc09da2f20c69872e6399874332704872ec2a432d22928522671038af0783ef06a2f8ef5bf4c1852cc25f1ab39b7c146d2cb25084504d5606202f98d0b03dc", 0x6e}, {&(0x7f0000000040)="dcf6c7a8594cbefed4f7b6af317a47ee47be6e2d4a61e5cc0a2a79081670698a39", 0x21}, {&(0x7f0000000580)="43b6624bcf70a4c826371a24e33c4d2bae5d7babbfb1ba2c6ecf970f9def87320ccb4fbbb31e12d8fd21d656ef864f17c24210eac6248dd40efb9b0ac8da179915840a5c9d2f213d47a7367669a3870626413286b92bd7b51f2b4f99eec1b6ff81751fb805f86ea434a7531f3c9878bdc2cadebaba4621", 0x77}, {&(0x7f00000002c0)="518d090c62a0a9a11ff26593bd52165b011c0e9f6c2c05550d880894aea3fd3718de3675e1f30ffff0ff511d8b6a90c94d442c509c6a01f65cad16374ea2e62749579d", 0x43}, {&(0x7f00000001c0)="9f189b8d5e6ee068cce816de05698d4fe01cdb8e875eefe3db5e153722b1745423f726b35f80b980f8a7e6cab9983bc947924f6d30813d0899d80c2cb6a3cb80a16f14c194157b98c823780ea180f5f304f5694e0b90569c14c118c5896396f9c79d867b5026d66ae9eda462f1233702f941cf239ec1bfe8c9ca3c5faa4c0efa368def9717a2da7e0cde5146db635972858964020d656353a476e01071bc9367c8ab8ee6b5ff6cd25be88a2326b81df502c8b117250afb4a1b9f205eac48359e3c4323", 0xc3}, {&(0x7f00000008c0)="aa27de4a8cfe6fc7fd36ac634de0b7dce04f6ce3e3d452f1c75502b2cbb29fa999d2a372e83819556e792a18e17c128a1ee3a593fbac892cbb42575f483fe523c9abe644830816977ccba1f493bdfa33d63b1dbfd5dde8b03dfa6162f0849ad9823f4e302f12d77cefff93dae1d25662ce8cfe9cdf57", 0x76}, {&(0x7f00000009c0)="d650774632b71a34a88292fcf26ad63f611e11baa9b64a99773dd6fbfe12178987d7b005129705e9d23da9376d714ea8cadc0d1b4f2d7fc2e73242b432015e5e298fd6e2161beacaa75ecb41f6aa8cca9a50239a518873cc1eef5ffcc67226fd8e2386d070a8fadf0e4573f3141917bf0fed3e6d0ba5e600840121a0df8deb37ca310ee1d23869f142d3ac1eda8027bd68f94969e492b24718ba715958516ef3b07f7d52465d66f705e80f816ac9a0a3ab08e8a6f1fa6fae5c12fe1526de3f51f545d49892b6fa2042a163e76a", 0xcd}], 0x7}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000f00)='2', 0x1}], 0x1}}], 0x2, 0x40) close_range(r0, 0xffffffffffffffff, 0x0) 40.918590918s ago: executing program 4 (id=184): ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000540)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(0xffffffffffffffff, 0x3ba0, &(0x7f0000000fc0)={0x48, 0x2, r0, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_REPLACE(0xffffffffffffffff, 0x3ba0, &(0x7f0000000000)={0x48, 0xa, r1, 0x0, r0}) 40.868820269s ago: executing program 3 (id=186): r0 = openat(0xffffffffffffff9c, 0x0, 0x101142, 0xeaff) ioctl$FICLONERANGE(r0, 0x4020940d, 0x0) syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff) sendmsg$TIPC_CMD_GET_LINKS(r0, 0x0, 0x21) socket$xdp(0x2c, 0x3, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x702, 0x1, 0x0, &(0x7f0000000380)="e4", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) r1 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) write$P9_RVERSION(r1, &(0x7f0000000c40)=ANY=[], 0x13) mlock(&(0x7f0000ffd000/0x1000)=nil, 0x1000) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r3, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000280)='./file0\x00', &(0x7f0000000300)=[0x7], &(0x7f0000000380), 0x0, 0x1}}, 0x40) creat(&(0x7f0000000440)='./file1\x00', 0x80) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000003, 0x50032, 0xffffffffffffffff, 0x0) 40.5251811s ago: executing program 0 (id=187): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)=@newlink={0x38, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x50483}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gtp={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GTP_FD1={0x8}]}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40804}, 0x0) 40.305573649s ago: executing program 4 (id=188): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x5c, 0x4}]}, 0x10) syz_emit_ethernet(0x11, &(0x7f0000000140)={@local, @link_local, @void, {@mpls_mc={0x8848, {[], @llc={@llc={0x80, 0x0, '\a'}}}}}}, 0x0) 40.305208083s ago: executing program 3 (id=189): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fbb7c75150926b00000000", @ANYRES32=r2, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c000200"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="200000001000250800170000000000000a000000", @ANYRES32=r7, @ANYBLOB="01"], 0x20}}, 0x0) 29.045395488s ago: executing program 4 (id=191): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0xb500a, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) umount2(&(0x7f00000001c0)='./file0\x00', 0x8) 28.759588252s ago: executing program 4 (id=192): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000002c0)=ANY=[@ANYBLOB="020000000000000cd0040000"]) 24.516722129s ago: executing program 33 (id=187): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)=@newlink={0x38, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x50483}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gtp={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GTP_FD1={0x8}]}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40804}, 0x0) 24.266122418s ago: executing program 34 (id=189): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fbb7c75150926b00000000", @ANYRES32=r2, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c000200"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="200000001000250800170000000000000a000000", @ANYRES32=r7, @ANYBLOB="01"], 0x20}}, 0x0) 16.405557142s ago: executing program 1 (id=195): r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040), 0x55af) ioctl$VIDIOC_S_PARM(r0, 0xc0cc5616, &(0x7f0000000280)={0xc, @capture={0x0, 0x0, {0x0, 0xc}, 0x3, 0x1}}) 16.225897182s ago: executing program 1 (id=196): r0 = syz_io_uring_setup(0x82e, &(0x7f0000000300)={0x0, 0x0, 0x400, 0x2}, &(0x7f0000000100), &(0x7f0000000080)) io_uring_register$IORING_REGISTER_PBUF_RING(r0, 0x16, &(0x7f0000000380)={&(0x7f0000001000)={[{0x0}, {0x0}, {0x0}, {0x0}]}, 0x4}, 0x1) io_uring_register$IORING_REGISTER_PBUF_STATUS(r0, 0x1a, &(0x7f0000000140), 0x1) 16.028714418s ago: executing program 1 (id=197): ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000540)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(0xffffffffffffffff, 0x3ba0, &(0x7f0000000fc0)={0x48, 0x2, r0, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_REPLACE(0xffffffffffffffff, 0x3ba0, &(0x7f0000000000)={0x48, 0xa, r1, 0x0, r0}) 15.817652073s ago: executing program 1 (id=198): r0 = syz_open_dev$tty1(0xc, 0x4, 0x4) ioctl$KDDELIO(r0, 0x4b34, 0x3bf) 15.538992818s ago: executing program 1 (id=199): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000004c0), 0x101080, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000540)={0xc}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, 0x0) 15.357873139s ago: executing program 1 (id=200): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x6, 0x37, 0x2, 0x7}]}, 0x10) syz_emit_ethernet(0x11, &(0x7f0000000140)={@local, @link_local, @void, {@mpls_mc={0x8848, {[], @llc={@llc={0x80, 0x0, '\a'}}}}}}, 0x0) 11.283538232s ago: executing program 35 (id=192): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000002c0)=ANY=[@ANYBLOB="020000000000000cd0040000"]) 0s ago: executing program 36 (id=200): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x6, 0x37, 0x2, 0x7}]}, 0x10) syz_emit_ethernet(0x11, &(0x7f0000000140)={@local, @link_local, @void, {@mpls_mc={0x8848, {[], @llc={@llc={0x80, 0x0, '\a'}}}}}}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.61' (ED25519) to the list of known hosts. [ 90.670844][ T5825] cgroup: Unknown subsys name 'net' [ 90.932396][ T5825] cgroup: Unknown subsys name 'cpuset' [ 90.987101][ T5825] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 92.184255][ T45] cfg80211: failed to load regulatory.db [ 93.002295][ T5825] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 97.365256][ T5154] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 97.382974][ T5843] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 97.385204][ T5843] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 97.386218][ T5843] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 97.391173][ T5843] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 97.392185][ T5843] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 97.392703][ T5843] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 97.393712][ T5843] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 97.394213][ T5843] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 97.398191][ T5843] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 97.398698][ T5843] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 97.400674][ T5843] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 97.401225][ T5843] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 97.401991][ T5843] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 97.403897][ T5843] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 97.478338][ T5154] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 97.480092][ T5154] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 97.481014][ T5154] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 97.482597][ T5154] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 97.483742][ T5154] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 97.547397][ T5840] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 97.548765][ T5840] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 97.552138][ T5840] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 97.578338][ T5840] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 97.580525][ T5840] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 98.592249][ T5839] chnl_net:caif_netlink_parms(): no params data found [ 98.673278][ T5850] chnl_net:caif_netlink_parms(): no params data found [ 98.688959][ T5837] chnl_net:caif_netlink_parms(): no params data found [ 98.888909][ T5841] chnl_net:caif_netlink_parms(): no params data found [ 98.894817][ T5847] chnl_net:caif_netlink_parms(): no params data found [ 99.458333][ T5840] Bluetooth: hci0: command tx timeout [ 99.536681][ T5154] Bluetooth: hci1: command tx timeout [ 99.536885][ T5154] Bluetooth: hci3: command tx timeout [ 99.537093][ T5840] Bluetooth: hci2: command tx timeout [ 99.616544][ T5840] Bluetooth: hci4: command tx timeout [ 99.633174][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.634544][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.635207][ T5839] bridge_slave_0: entered allmulticast mode [ 99.648410][ T5839] bridge_slave_0: entered promiscuous mode [ 99.867403][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.867527][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.868093][ T5839] bridge_slave_1: entered allmulticast mode [ 99.870046][ T5839] bridge_slave_1: entered promiscuous mode [ 99.913146][ T5850] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.913257][ T5850] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.913398][ T5850] bridge_slave_0: entered allmulticast mode [ 99.915602][ T5850] bridge_slave_0: entered promiscuous mode [ 99.945170][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.945315][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.945874][ T5837] bridge_slave_0: entered allmulticast mode [ 99.968946][ T5837] bridge_slave_0: entered promiscuous mode [ 100.210089][ T5850] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.210252][ T5850] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.210481][ T5850] bridge_slave_1: entered allmulticast mode [ 100.213430][ T5850] bridge_slave_1: entered promiscuous mode [ 100.215165][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.215278][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.215408][ T5837] bridge_slave_1: entered allmulticast mode [ 100.223952][ T5837] bridge_slave_1: entered promiscuous mode [ 100.592508][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 100.592774][ T5841] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.592915][ T5841] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.593088][ T5841] bridge_slave_0: entered allmulticast mode [ 100.595521][ T5841] bridge_slave_0: entered promiscuous mode [ 100.600414][ T5847] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.600573][ T5847] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.601165][ T5847] bridge_slave_0: entered allmulticast mode [ 100.604445][ T5847] bridge_slave_0: entered promiscuous mode [ 100.820390][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 100.821174][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.821317][ T5841] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.821497][ T5841] bridge_slave_1: entered allmulticast mode [ 100.823412][ T5841] bridge_slave_1: entered promiscuous mode [ 100.825559][ T5847] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.825667][ T5847] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.825798][ T5847] bridge_slave_1: entered allmulticast mode [ 100.828856][ T5847] bridge_slave_1: entered promiscuous mode [ 100.865737][ T5850] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 100.888924][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 101.123887][ T5850] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 101.127488][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 101.477967][ T5839] team0: Port device team_slave_0 added [ 101.482005][ T5841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 101.485566][ T5847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 101.536942][ T5840] Bluetooth: hci0: command tx timeout [ 101.616794][ T59] Bluetooth: hci3: command tx timeout [ 101.616832][ T59] Bluetooth: hci1: command tx timeout [ 101.616982][ T5840] Bluetooth: hci2: command tx timeout [ 101.684955][ T5839] team0: Port device team_slave_1 added [ 101.695903][ T5841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 101.697957][ T5840] Bluetooth: hci4: command tx timeout [ 101.702397][ T5847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 101.705337][ T5850] team0: Port device team_slave_0 added [ 101.981234][ T5837] team0: Port device team_slave_0 added [ 102.192201][ T5850] team0: Port device team_slave_1 added [ 102.194232][ T5837] team0: Port device team_slave_1 added [ 102.519319][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 102.519338][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 102.519366][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 102.524075][ T5841] team0: Port device team_slave_0 added [ 102.529548][ T5847] team0: Port device team_slave_0 added [ 102.681544][ T5847] team0: Port device team_slave_1 added [ 102.682724][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 102.682736][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 102.682756][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 102.685027][ T5841] team0: Port device team_slave_1 added [ 102.686054][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 102.686064][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 102.686083][ T5850] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 102.691500][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 102.691518][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 102.691549][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 102.908203][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 102.908217][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 102.908236][ T5850] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 102.909317][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 102.909329][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 102.909356][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 103.251558][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 103.251577][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 103.251605][ T5847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 103.255430][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 103.255447][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 103.255470][ T5841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 103.266926][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 103.266949][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 103.266980][ T5847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 103.383957][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 103.383978][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 103.384011][ T5841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 103.616507][ T5840] Bluetooth: hci0: command tx timeout [ 103.669331][ T5839] hsr_slave_0: entered promiscuous mode [ 103.670464][ T5839] hsr_slave_1: entered promiscuous mode [ 103.697070][ T5154] Bluetooth: hci1: command tx timeout [ 103.697128][ T5154] Bluetooth: hci3: command tx timeout [ 103.697288][ T5840] Bluetooth: hci2: command tx timeout [ 103.778005][ T5840] Bluetooth: hci4: command tx timeout [ 103.848584][ T5850] hsr_slave_0: entered promiscuous mode [ 103.849579][ T5850] hsr_slave_1: entered promiscuous mode [ 103.850273][ T5850] debugfs: 'hsr0' already exists in 'hsr' [ 103.850362][ T5850] Cannot create hsr debugfs directory [ 103.880096][ T5837] hsr_slave_0: entered promiscuous mode [ 103.881626][ T5837] hsr_slave_1: entered promiscuous mode [ 103.882594][ T5837] debugfs: 'hsr0' already exists in 'hsr' [ 103.882619][ T5837] Cannot create hsr debugfs directory [ 104.379085][ T5847] hsr_slave_0: entered promiscuous mode [ 104.380478][ T5847] hsr_slave_1: entered promiscuous mode [ 104.381807][ T5847] debugfs: 'hsr0' already exists in 'hsr' [ 104.381828][ T5847] Cannot create hsr debugfs directory [ 104.419463][ T5841] hsr_slave_0: entered promiscuous mode [ 104.420870][ T5841] hsr_slave_1: entered promiscuous mode [ 104.421933][ T5841] debugfs: 'hsr0' already exists in 'hsr' [ 104.421958][ T5841] Cannot create hsr debugfs directory [ 105.697846][ T5840] Bluetooth: hci0: command tx timeout [ 105.776654][ T59] Bluetooth: hci3: command tx timeout [ 105.776691][ T59] Bluetooth: hci1: command tx timeout [ 105.776747][ T5840] Bluetooth: hci2: command tx timeout [ 105.856739][ T5840] Bluetooth: hci4: command tx timeout [ 106.213898][ T5839] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 106.249973][ T5839] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 106.299801][ T5839] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 106.351452][ T5839] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 106.520932][ T5850] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 106.556221][ T5850] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 106.592928][ T5850] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 106.651491][ T5850] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 106.813412][ T5837] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 106.866006][ T5837] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 106.897631][ T5837] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 106.940962][ T5837] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 107.149902][ T5847] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 107.186948][ T5847] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 107.255247][ T5847] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 107.327903][ T5847] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 107.432452][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 107.508895][ T5841] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 107.544065][ T5841] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 107.570018][ T5841] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 107.631036][ T5841] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 107.703106][ T5839] 8021q: adding VLAN 0 to HW filter on device team0 [ 107.754010][ T1131] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.754148][ T1131] bridge0: port 1(bridge_slave_0) entered forwarding state [ 107.830265][ T974] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.830422][ T974] bridge0: port 2(bridge_slave_1) entered forwarding state [ 107.860907][ T5850] 8021q: adding VLAN 0 to HW filter on device bond0 [ 107.981488][ T5850] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.024707][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.052507][ T974] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.053438][ T974] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.107483][ T68] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.107635][ T68] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.188658][ T5837] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.254499][ T974] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.255640][ T974] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.289933][ T5847] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.372342][ T974] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.372499][ T974] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.483286][ T5847] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.513282][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.572426][ T3483] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.572648][ T3483] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.644897][ T986] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.645061][ T986] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.707528][ T5841] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.774647][ T986] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.774921][ T986] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.839303][ T986] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.840712][ T986] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.912846][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.289504][ T5850] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.392474][ T5839] veth0_vlan: entered promiscuous mode [ 109.436112][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.459204][ T5839] veth1_vlan: entered promiscuous mode [ 109.712799][ T5850] veth0_vlan: entered promiscuous mode [ 109.765063][ T5839] veth0_macvtap: entered promiscuous mode [ 109.785872][ T5850] veth1_vlan: entered promiscuous mode [ 109.812319][ T5839] veth1_macvtap: entered promiscuous mode [ 109.840095][ T5837] veth0_vlan: entered promiscuous mode [ 109.875816][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.895637][ T5847] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.917864][ T5837] veth1_vlan: entered promiscuous mode [ 109.935896][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 110.004914][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 110.079388][ T986] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.082975][ T5850] veth0_macvtap: entered promiscuous mode [ 110.091291][ T986] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.118980][ T986] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.139592][ T986] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.145540][ T5850] veth1_macvtap: entered promiscuous mode [ 110.390056][ T5837] veth0_macvtap: entered promiscuous mode [ 110.460483][ T5837] veth1_macvtap: entered promiscuous mode [ 110.518587][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 110.519371][ T5841] veth0_vlan: entered promiscuous mode [ 110.583103][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 110.644448][ T5841] veth1_vlan: entered promiscuous mode [ 110.693975][ T986] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.705934][ T3483] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.705961][ T3483] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.730575][ T986] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.755925][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 110.756023][ T986] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.794361][ T986] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.835649][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 110.901554][ T986] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.901575][ T986] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.962341][ T1131] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.970898][ T1131] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.993538][ T1131] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.023801][ T1131] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.115767][ T5847] veth0_vlan: entered promiscuous mode [ 111.210679][ T5841] veth0_macvtap: entered promiscuous mode [ 111.274048][ T1131] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.274070][ T1131] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.303877][ T5847] veth1_vlan: entered promiscuous mode [ 111.343722][ T5841] veth1_macvtap: entered promiscuous mode [ 111.560340][ T1131] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.560360][ T1131] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.629749][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 111.741441][ T986] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.741463][ T986] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.745375][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 111.824269][ T3483] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.886496][ T3483] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.889930][ T3483] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.919032][ T3483] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.019788][ T5847] veth0_macvtap: entered promiscuous mode [ 112.031994][ T974] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.032018][ T974] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.117987][ T5847] veth1_macvtap: entered promiscuous mode [ 112.365562][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 112.499353][ T5970] mmap: syz.0.1 (5970) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 112.523057][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 112.552520][ T68] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.552542][ T68] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.629135][ T68] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.630300][ T68] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.683571][ T68] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.687422][ T68] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.918255][ T986] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.918276][ T986] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.629087][ T5988] random: crng reseeded on system resumption [ 113.660981][ T68] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.661003][ T68] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.698913][ T5990] Zero length message leads to an empty skb [ 114.022595][ T5990] syz.2.17 (5990) used greatest stack depth: 18296 bytes left [ 114.235459][ T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 114.235482][ T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.180001][ T6019] input: syz0 as /devices/virtual/input/input6 [ 115.376648][ T6026] vlan2: entered promiscuous mode [ 115.376673][ T6026] macvtap0: entered promiscuous mode [ 117.245750][ T6052] netlink: 'syz.3.40': attribute type 39 has an invalid length. [ 118.089296][ T31] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 118.277350][ T31] usb 2-1: Using ep0 maxpacket: 32 [ 118.300213][ T31] usb 2-1: config 0 has no interfaces? [ 118.341789][ T31] usb 2-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 118.341823][ T31] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 118.341844][ T31] usb 2-1: Product: syz [ 118.341860][ T31] usb 2-1: Manufacturer: syz [ 118.341876][ T31] usb 2-1: SerialNumber: syz [ 118.403335][ T31] usb 2-1: config 0 descriptor?? [ 118.973239][ T5912] usb 2-1: USB disconnect, device number 2 [ 120.136654][ T5912] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 120.287697][ T5912] usb 4-1: Using ep0 maxpacket: 8 [ 120.302642][ T5912] usb 4-1: unable to get BOS descriptor or descriptor too short [ 120.304598][ T5912] usb 4-1: config 4 has an invalid interface number: 30 but max is 0 [ 120.304625][ T5912] usb 4-1: config 4 has no interface number 0 [ 120.304755][ T5912] usb 4-1: config 4 interface 30 has no altsetting 0 [ 120.318167][ T5912] usb 4-1: string descriptor 0 read error: -22 [ 120.318347][ T5912] usb 4-1: New USB device found, idVendor=9022, idProduct=d484, bcdDevice=ff.88 [ 120.320827][ T5912] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 120.512545][ T5912] dvb-usb: found a 'TeVii S482 (tuner 2)' in warm state. [ 120.512599][ T5912] dw2102: su3000_power_ctrl: 1, initialized 0 [ 120.513047][ T5912] dvb-usb: bulk message failed: -22 (2/0) [ 120.587824][ T5912] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 120.608041][ T5912] dvbdev: DVB: registering new adapter (TeVii S482 (tuner 2)) [ 120.608131][ T5912] usb 4-1: media controller created [ 120.627675][ T5912] dvb-usb: bulk message failed: -22 (6/0) [ 120.627702][ T5912] dw2102: i2c transfer failed. [ 120.627741][ T5912] dvb-usb: bulk message failed: -22 (6/0) [ 120.627758][ T5912] dw2102: i2c transfer failed. [ 120.627778][ T5912] dvb-usb: bulk message failed: -22 (6/0) [ 120.627794][ T5912] dw2102: i2c transfer failed. [ 120.627814][ T5912] dvb-usb: bulk message failed: -22 (6/0) [ 120.627830][ T5912] dw2102: i2c transfer failed. [ 120.627850][ T5912] dvb-usb: bulk message failed: -22 (6/0) [ 120.627866][ T5912] dw2102: i2c transfer failed. [ 120.627885][ T5912] dvb-usb: bulk message failed: -22 (6/0) [ 120.627900][ T5912] dw2102: i2c transfer failed. [ 120.627912][ T5912] dvb-usb: MAC address: 02:02:02:02:02:02 [ 120.741263][ T6113] dw2102: i2c wr: len=66 is too big! [ 120.741263][ T6113] [ 120.881763][ T5912] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 121.031144][ T5912] dvb-usb: bulk message failed: -22 (3/0) [ 121.031167][ T5912] dw2102: command 0x0e transfer failed. [ 121.031178][ T5912] dvb-usb: bulk message failed: -22 (3/0) [ 121.031192][ T5912] dw2102: command 0x0e transfer failed. [ 121.253311][ T6140] netlink: 152 bytes leftover after parsing attributes in process `syz.0.73'. [ 121.348801][ T5912] dvb-usb: bulk message failed: -22 (3/0) [ 121.348823][ T5912] dw2102: command 0x0e transfer failed. [ 121.348833][ T5912] dvb-usb: bulk message failed: -22 (3/0) [ 121.348846][ T5912] dw2102: command 0x0e transfer failed. [ 121.348855][ T5912] dvb-usb: bulk message failed: -22 (1/0) [ 121.348869][ T5912] dw2102: command 0x51 transfer failed. [ 121.348878][ T5912] dvb-usb: bulk message failed: -22 (5/0) [ 121.348892][ T5912] dw2102: i2c probe for address 0x68 failed. [ 121.348904][ T5912] dvb-usb: bulk message failed: -22 (5/0) [ 121.348917][ T5912] dw2102: i2c probe for address 0x69 failed. [ 121.348928][ T5912] dvb-usb: bulk message failed: -22 (5/0) [ 121.348942][ T5912] dw2102: i2c probe for address 0x6a failed. [ 121.348953][ T5912] dw2102: probing for demodulator failed. Is the external power switched on? [ 121.348964][ T5912] dvb-usb: no frontend was attached by 'TeVii S482 (tuner 2)' [ 121.812009][ T5912] rc_core: IR keymap rc-tt-1500 not found [ 121.812033][ T5912] Registered IR keymap rc-empty [ 121.815376][ T5912] rc rc0: TeVii S482 (tuner 2) as /devices/platform/dummy_hcd.3/usb4/4-1/rc/rc0 [ 121.837701][ T5912] input: TeVii S482 (tuner 2) as /devices/platform/dummy_hcd.3/usb4/4-1/rc/rc0/input8 [ 121.843163][ T6152] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 121.875123][ T5912] dvb-usb: schedule remote query interval to 250 msecs. [ 121.875154][ T5912] dw2102: su3000_power_ctrl: 0, initialized 1 [ 121.875168][ T5912] dvb-usb: TeVii S482 (tuner 2) successfully initialized and connected. [ 121.926519][ T5912] usb 4-1: USB disconnect, device number 2 [ 122.112534][ T6158] ======================================================= [ 122.112534][ T6158] WARNING: The mand mount option has been deprecated and [ 122.112534][ T6158] and is ignored by this kernel. Remove the mand [ 122.112534][ T6158] option from the mount to silence this warning. [ 122.112534][ T6158] ======================================================= [ 122.726923][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 123.006378][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 123.386565][ T5912] dvb-usb: TeVii S482 (tuner 2) successfully deinitialized and disconnected. [ 123.822889][ T6190] netlink: 24 bytes leftover after parsing attributes in process `syz.1.93'. [ 123.986760][ T6196] syz_tun: entered allmulticast mode [ 124.033726][ T6193] syz_tun: left allmulticast mode [ 124.153867][ T6202] netlink: 4 bytes leftover after parsing attributes in process `syz.4.97'. [ 124.352107][ T6210] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 124.522434][ T6201] syz.2.95 (6201) used greatest stack depth: 18216 bytes left [ 124.708754][ T6220] netlink: 8 bytes leftover after parsing attributes in process `syz.2.102'. [ 125.257391][ T6233] netlink: 24 bytes leftover after parsing attributes in process `syz.1.108'. [ 125.278558][ T6235] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 126.376734][ T6259] netlink: 24 bytes leftover after parsing attributes in process `syz.1.120'. [ 126.636709][ T6265] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 127.498505][ T6293] netlink: 'syz.4.135': attribute type 10 has an invalid length. [ 127.633098][ T6293] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 127.821128][ T6294] 8021q: adding VLAN 0 to HW filter on device bond1 [ 127.869794][ T6293] bond_slave_0: entered promiscuous mode [ 127.869873][ T6293] bond_slave_1: entered promiscuous mode [ 127.869964][ T6293] syz_tun: entered promiscuous mode [ 127.871271][ T6293] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 127.872948][ T6293] bond1: (slave macvlan2): unknown ethtool speed (30000) for port 1 (set it to 0) [ 127.872974][ T6293] bond1: (slave macvlan2): speed changed to 0 on port 1 [ 127.890107][ T6293] bond1: (slave macvlan2): Enslaving as a backup interface with an up link [ 128.342630][ T6317] netlink: 'syz.0.142': attribute type 16 has an invalid length. [ 128.342652][ T6317] netlink: 'syz.0.142': attribute type 17 has an invalid length. [ 128.404781][ T6312] bridge0: port 1(bridge_slave_0) entered disabled state [ 128.429158][ T6312] bridge0: port 2(bridge_slave_1) entered disabled state [ 128.654464][ T6317] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 129.041295][ T6332] No control pipe specified [ 129.217793][ T6337] syzkaller1: entered promiscuous mode [ 129.217824][ T6337] syzkaller1: entered allmulticast mode [ 129.455036][ T6343] kAFS: No cell specified [ 129.540326][ T6345] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 129.657443][ T6347] netlink: 8 bytes leftover after parsing attributes in process `syz.0.160'. [ 129.813692][ T6351] 8021q: adding VLAN 0 to HW filter on device bond1 [ 130.348167][ T6362] syz.0.164 (6362) used greatest stack depth: 17832 bytes left [ 130.610149][ T6371] kAFS: No cell specified [ 130.653752][ T6373] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 131.084339][ T6384] netlink: 8 bytes leftover after parsing attributes in process `syz.3.174'. [ 131.769928][ T3186] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.759276][ T6410] netlink: 8 bytes leftover after parsing attributes in process `syz.3.189'. [ 133.191926][ T5154] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 133.195548][ T5154] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 133.213439][ T5154] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 133.224726][ T5154] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 133.225752][ T5154] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 135.296561][ T5154] Bluetooth: hci1: command tx timeout [ 137.378381][ T5154] Bluetooth: hci1: command tx timeout [ 138.887123][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.887360][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 139.456567][ T5154] Bluetooth: hci1: command tx timeout [ 139.847793][ C0] sched: DL replenish lagged too much [ 141.536656][ T5154] Bluetooth: hci1: command tx timeout [ 149.344981][ T5840] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 149.356115][ T5840] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 149.370663][ T5840] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 149.371980][ T5840] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 149.373417][ T5840] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 149.579782][ T5154] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 149.597836][ T5154] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 149.599245][ T5154] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 149.600910][ T5154] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 149.602537][ T5154] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 151.456543][ T5154] Bluetooth: hci5: command tx timeout [ 151.696698][ T5154] Bluetooth: hci6: command tx timeout [ 153.536633][ T5154] Bluetooth: hci5: command tx timeout [ 153.776721][ T5154] Bluetooth: hci6: command tx timeout [ 155.616658][ T5154] Bluetooth: hci5: command tx timeout [ 155.858030][ T5154] Bluetooth: hci6: command tx timeout [ 157.696564][ T5154] Bluetooth: hci5: command tx timeout [ 157.936643][ T5154] Bluetooth: hci6: command tx timeout [ 162.445988][ T5840] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 162.458388][ T5840] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 162.462542][ T5840] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 162.463877][ T5840] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 162.464740][ T5840] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 164.576766][ T5154] Bluetooth: hci7: command tx timeout [ 166.656566][ T5154] Bluetooth: hci7: command tx timeout [ 168.736592][ T5154] Bluetooth: hci7: command tx timeout [ 170.816593][ T5154] Bluetooth: hci7: command tx timeout [ 173.775896][ T5840] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 173.792911][ T5840] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 173.809249][ T5840] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 173.813751][ T5840] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 173.814576][ T5840] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 174.138597][ T3186] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 176.096771][ T5840] Bluetooth: hci8: command tx timeout [ 178.176774][ T5840] Bluetooth: hci8: command tx timeout [ 180.256686][ T5840] Bluetooth: hci8: command tx timeout [ 182.336673][ T5840] Bluetooth: hci8: command tx timeout [ 189.376929][ T6415] chnl_net:caif_netlink_parms(): no params data found [ 189.440954][ T6467] chnl_net:caif_netlink_parms(): no params data found [ 193.394348][ T5154] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 193.404840][ T5154] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 193.419871][ T5154] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 193.421498][ T5154] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 193.429400][ T5154] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 196.336516][ T5840] Bluetooth: hci9: command tx timeout [ 198.416461][ T5840] Bluetooth: hci9: command tx timeout [ 200.159411][ T6434] chnl_net:caif_netlink_parms(): no params data found [ 200.227179][ T6462] chnl_net:caif_netlink_parms(): no params data found [ 200.293676][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 200.293761][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 200.496591][ T5840] Bluetooth: hci9: command tx timeout [ 202.576939][ T5840] Bluetooth: hci9: command tx timeout [ 210.345553][ T5154] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 210.380697][ T5154] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 210.384023][ T5154] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 210.387087][ T5154] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 210.387955][ T5154] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 210.406984][ T5154] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 210.410691][ T5154] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 210.421237][ T5154] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 210.431027][ T5154] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 210.431904][ T5154] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 212.782611][ T5840] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 212.797070][ T5840] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 212.797993][ T5840] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 212.799256][ T5840] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 212.800120][ T5840] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 223.030630][ T5843] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 223.036714][ T5843] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 223.037867][ T5843] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 223.039423][ T5843] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 223.040296][ T5843] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 223.391568][ T5154] Bluetooth: hci3: command tx timeout [ 225.136702][ T5843] Bluetooth: hci0: command tx timeout [ 225.456435][ T5843] Bluetooth: hci10: command tx timeout [ 225.456779][ T5843] Bluetooth: hci3: command tx timeout [ 227.217043][ T59] Bluetooth: hci0: command tx timeout [ 227.536531][ T59] Bluetooth: hci3: command tx timeout [ 227.536565][ T59] Bluetooth: hci10: command tx timeout [ 229.296573][ T5843] Bluetooth: hci0: command tx timeout [ 229.616650][ T5843] Bluetooth: hci10: command tx timeout [ 229.616685][ T5843] Bluetooth: hci3: command tx timeout [ 231.386671][ T59] Bluetooth: hci0: command tx timeout [ 231.697086][ T59] Bluetooth: hci10: command tx timeout [ 234.468592][ T5843] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 234.471983][ T5843] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 234.473093][ T5843] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 234.474420][ T5843] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 234.475646][ T5843] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 234.532232][ T5847] bond0: (slave syz_tun): Releasing backup interface [ 236.584238][ T59] Bluetooth: hci2: command tx timeout [ 238.656536][ T59] Bluetooth: hci2: command tx timeout [ 240.736619][ T59] Bluetooth: hci2: command tx timeout [ 242.816660][ T59] Bluetooth: hci2: command tx timeout [ 253.482409][ T6438] chnl_net:caif_netlink_parms(): no params data found [ 254.110951][ T5843] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 254.130382][ T5843] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 254.133237][ T5843] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 254.152427][ T5843] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 254.153913][ T5843] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 256.266510][ T59] Bluetooth: hci1: command tx timeout [ 258.346536][ T59] Bluetooth: hci1: command tx timeout [ 260.416491][ T59] Bluetooth: hci1: command tx timeout [ 262.507364][ T59] Bluetooth: hci1: command tx timeout [ 262.909099][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 262.909182][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 270.499079][ T5843] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 270.502572][ T5843] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 270.503681][ T5843] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 270.531067][ T5843] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 270.531993][ T5843] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 270.727063][ T5840] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 270.746432][ T5840] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 270.765851][ T5840] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 270.811454][ T5840] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 270.827056][ T5840] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 283.025853][ T5840] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 283.060778][ T5840] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 283.064451][ T5840] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 283.065757][ T5840] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 283.090725][ T5840] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 294.703368][ T5848] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 294.720110][ T5848] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 294.721231][ T5848] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 294.741389][ T5848] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 294.762763][ T5848] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 314.653955][ T5846] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1 [ 314.684266][ T5846] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9 [ 314.685464][ T5846] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9 [ 314.701415][ T5846] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4 [ 314.702377][ T5846] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2 [ 320.336574][ T5840] Bluetooth: hci4: command tx timeout [ 320.338600][ T5843] Bluetooth: hci11: command tx timeout [ 322.426751][ T5843] Bluetooth: hci11: command tx timeout [ 322.426788][ T5843] Bluetooth: hci4: command tx timeout [ 324.506791][ T5840] Bluetooth: hci4: command tx timeout [ 324.506826][ T5840] Bluetooth: hci11: command tx timeout [ 326.576630][ T5843] Bluetooth: hci11: command tx timeout [ 326.576666][ T5843] Bluetooth: hci4: command tx timeout [ 327.712412][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 327.712523][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 328.184575][ T5846] Bluetooth: hci14: command tx timeout [ 330.187234][ T5848] Bluetooth: hci12: command tx timeout [ 330.267064][ T5848] Bluetooth: hci14: command tx timeout [ 330.267374][ T5848] Bluetooth: hci13: command tx timeout [ 330.912697][ T5848] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 330.923591][ T5848] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 330.941413][ T5848] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 330.942741][ T5848] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 330.943970][ T5848] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 331.104289][ T5846] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 331.121904][ T5846] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 331.138305][ T5846] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 331.140172][ T5846] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 331.143195][ T5846] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 332.266684][ T5846] Bluetooth: hci12: command tx timeout [ 332.336680][ T5848] Bluetooth: hci14: command tx timeout [ 332.339290][ T5846] Bluetooth: hci13: command tx timeout [ 333.056693][ T5846] Bluetooth: hci5: command tx timeout [ 333.226729][ T5846] Bluetooth: hci6: command tx timeout [ 334.336758][ T5846] Bluetooth: hci12: command tx timeout [ 334.416676][ T5848] Bluetooth: hci14: command tx timeout [ 334.416727][ T5846] Bluetooth: hci13: command tx timeout [ 335.136855][ T5846] Bluetooth: hci5: command tx timeout [ 335.296674][ T5846] Bluetooth: hci6: command tx timeout [ 336.028125][ T39] INFO: task kworker/u8:9:3186 blocked for more than 143 seconds. [ 336.028165][ T39] Not tainted syzkaller #0 [ 336.028185][ T39] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 336.028195][ T39] task:kworker/u8:9 state:D stack:20200 pid:3186 tgid:3186 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 336.028265][ T39] Workqueue: netns cleanup_net [ 336.028314][ T39] Call Trace: [ 336.028322][ T39] [ 336.028337][ T39] __schedule+0x16f3/0x4c20 [ 336.028397][ T39] ? __lock[ 336.028397][ T39] ? __lock_acquire+0xab9/0xd20 [ 336.028429][ T39] ? __pfx___schedule+0x10/0x10 [ 336.028480][ T39] ? schedule+0x91/0x360 [ 336.028516][ T39] schedule+0x165/0x360 [ 336.028551][ T39] schedule_timeout+0x9a/0x270 [ 336.028582][ T39] ? __pfx_schedule_timeout+0x10/0x10 [ 336.028627][ T39] ? _raw_spin_unlock_irq+0x23/0x50 [ 336.028662][ T39] ? lockdep_hardirqs_on+0x9c/0x150 [ 336.028694][ T39] ? wait_for_completion+0x267/0x5d0 [ 336.028730][ T39] wait_for_completion+0x2bf/0x5d0 [ 336.028778][ T39] ? __pfx_wait_for_completion+0x10/0x10 [ 336.028820][ T39] ? __init_swait_queue_head+0xa9/0x150 [ 336.028852][ T39] rcu_barrier+0x463/0x570 [ 336.028888][ T39] netdev_run_todo+0x327/0xea0 [ 336.028920][ T39] ? __pfx_netdev_run_todo+0x10/0x10 [ 336.028942][ T39] ? kasan_quarantine_put+0xdd/0x220 [ 336.028969][ T39] ? lockdep_hardirqs_on+0x9c/0x150 [ 336.029009][ T39] ? kfree+0x195/0x550 [ 336.029043][ T39] nsim_destroy+0x3a6/0x670 [ 336.029078][ T39] __nsim_dev_port_del+0x14d/0x1b0 [ 336.029113][ T39] nsim_dev_reload_destroy+0x288/0x490 [ 336.029149][ T39] nsim_dev_reload_down+0x8a/0xc0 [ 336.029189][ T39] devlink_reload+0x1b6/0x8d0 [ 336.029221][ T39] ? xa_get_mark+0x67/0x7b0 [ 336.029250][ T39] ? __pfx_devlink_reload+0x10/0x10 [ 336.029274][ T39] ? xa_get_mark+0x70f/0x7b0 [ 336.029313][ T39] devlink_pernet_pre_exit+0x1d9/0x3d0 [ 336.029341][ T39] ? __pfx_devlink_pernet_pre_exit+0x10/0x10 [ 336.029375][ T39] ? class_remove_file_ns+0x124/0x160 [ 336.029408][ T39] ops_undo_list+0x187/0x990 [ 336.029448][ T39] ? __pfx_ops_undo_list+0x10/0x10 [ 336.029493][ T39] cleanup_net+0x4cb/0x800 [ 336.029529][ T39] ? __pfx_cleanup_net+0x10/0x10 [ 336.029564][ T39] ? _raw_spin_unlock_irq+0x23/0x50 [ 336.029597][ T39] ? process_scheduled_works+0x9ef/0x17b0 [ 336.029625][ T39] ? process_scheduled_works+0x9ef/0x17b0 [ 336.029656][ T39] process_scheduled_works+0xae1/0x17b0 [ 336.029717][ T39] ? __pfx_process_scheduled_works+0x10/0x10 [ 336.029765][ T39] worker_thread+0x8a0/0xda0 [ 336.029798][ T39] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 336.029842][ T39] ? __kthread_parkme+0x7b/0x200 [ 336.029883][ T39] kthread+0x711/0x8a0 [ 336.029921][ T39] ? __pfx_worker_thread+0x10/0x10 [ 336.029949][ T39] ? __pfx_kthread+0x10/0x10 [ 336.029988][ T39] ? __pfx_kthread+0x10/0x10 [ 336.030023][ T39] ret_from_fork+0x436/0x7d0 [ 336.030056][ T39] ? __pfx_ret_from_fork+0x10/0x10 [ 336.030092][ T39] ? __switch_to_asm+0x39/0x70 [ 336.030113][ T39] ? __switch_to_asm+0x33/0x70 [ 336.030133][ T39] ? __pfx_kthread+0x10/0x10 [ 336.030174][ T39] ret_from_fork_asm+0x1a/0x30 [ 336.030214][ T39] [ 336.030296][ T39] [ 336.030296][ T39] Showing all locks held in the system: [ 336.030306][ T39] 3 locks held by kworker/u8:1/13: [ 336.030319][ T39] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 336.030378][ T39] #1: ffffc90000127bc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 336.030436][ T39] #2: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 336.030489][ T39] 2 locks held by ksoftirqd/0/15: [ 336.030502][ T39] 5 locks held by rcuc/0/20: [ 336.030515][ T39] 2 locks held by kworker/1:0/31: [ 336.030527][ T39] #0: ffff888019898538 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 336.030584][ T39] #1: ffffc90000a5fbc0 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 336.030640][ T39] 1 lock held by khungtaskd/39: [ 336.030652][ T39] #0: ffffffff8d9a8dc0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 336.030706][ T39] 3 locks held by kworker/u8:4/68: [ 336.030719][ T39] #0: ffff8880303cd138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 336.030775][ T39] #1: ffffc9000153fbc0 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 336.030833][ T39] #2: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30 [ 336.030907][ T39] 6 locks held by kworker/u8:9/3186: [ 336.030920][ T39] #0: ffff88801a6f4138 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 336.030977][ T39] #1: ffffc9000d037bc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 336.031033][ T39] #2: ffffffff8ecc69a0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x800 [ 336.031093][ T39] #3: ffff88805b7fc0d8 (&dev->mutex){....}-{4:4}, at: devlink_pernet_pre_exit+0x10a/0x3d0 [ 336.031146][ T39] #4: ffff88805b7fd300 (&devlink->lock_key){+.+.}-{4:4}, at: devlink_pernet_pre_exit+0x11c/0x3d0 [ 336.031205][ T39] #5: ffffffff8d9ae770 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 336.031259][ T39] 2 locks held by getty/5599: [ 336.031271][ T39] #0: ffff88814e19f0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 336.031320][ T39] #1: ffffc90003e832e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1410 [ 336.031378][ T39] 1 lock held by syz-executor/5847: [ 336.031390][ T39] #0: ffffffff8d9ae770 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 336.031448][ T39] 1 lock held by syz.0.187/6408: [ 336.031459][ T39] #0: ffffffff8d9ae770 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 336.031506][ T39] 1 lock held by syz.3.189/6412: [ 336.031518][ T39] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 336.031579][ T39] 1 lock held by syz-executor/6415: [ 336.031591][ T39] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 336.031653][ T39] 2 locks held by kworker/0:11/6422: [ 336.031665][ T39] 1 lock held by syz-executor/6434: [ 336.031677][ T39] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 336.031738][ T39] 1 lock held by syz-executor/6438: [ 336.031750][ T39] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 336.031811][ T39] 1 lock held by syz.1.200/6459: [ 336.031823][ T39] #0: ffffffff8d9ae770 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 336.031874][ T39] 1 lock held by syz-executor/6462: [ 336.031886][ T39] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 336.031947][ T39] 1 lock held by syz-executor/6467: [ 336.031959][ T39] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 336.032020][ T39] 1 lock held by syz-executor/6503: [ 336.032032][ T39] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 [ 336.032092][ T39] 1 lock held by syz-executor/6505: [ 336.032104][ T39] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 [ 336.032162][ T39] 4 locks held by syz-executor/6510: [ 336.032181][ T39] #0: ffff88805f02ce80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 [ 336.032239][ T39] #1: ffff88805f02c0a8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 [ 336.032300][ T39] #2: ffffffff8ee3b358 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 [ 336.032352][ T39] #3: ffff888070285358 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680 [ 336.032406][ T39] 1 lock held by syz-executor/6515: [ 336.032417][ T39] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 336.032471][ T39] 1 lock held by syz-executor/6522: [ 336.032483][ T39] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 336.032536][ T39] 1 lock held by syz-executor/6535: [ 336.032548][ T39] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 336.032600][ T39] 1 lock held by syz-executor/6539: [ 336.032612][ T39] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 336.032665][ T39] 1 lock held by syz-executor/6543: [ 336.032677][ T39] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 336.032729][ T39] 1 lock held by syz-executor/6547: [ 336.032742][ T39] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 336.032794][ T39] 1 lock held by syz-executor/6557: [ 336.032806][ T39] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 336.032859][ T39] 1 lock held by syz-executor/6573: [ 336.032872][ T39] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 336.032924][ T39] 1 lock held by syz-executor/6575: [ 336.032936][ T39] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 336.032988][ T39] [ 336.032994][ T39] ============================================= [ 336.032994][ T39] [ 336.033015][ T39] NMI backtrace for cpu 1 [ 336.033045][ T39] CPU: 1 UID: 0 PID: 39 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 336.033090][ T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 336.033114][ T39] Call Trace: [ 336.033128][ T39] [ 336.033143][ T39] dump_stack_lvl+0x189/0x250 [ 336.033195][ T39] ? __pfx_dump_stack_lvl+0x10/0x10 [ 336.033228][ T39] ? __pfx__printk+0x10/0x10 [ 336.033265][ T39] nmi_cpu_backtrace+0x39e/0x3d0 [ 336.033298][ T39] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 336.033330][ T39] ? __pfx__printk+0x10/0x10 [ 336.033358][ T39] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 336.033388][ T39] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 336.033421][ T39] watchdog+0xf93/0xfe0 [ 336.033454][ T39] ? watchdog+0x1de/0xfe0 [ 336.033488][ T39] kthread+0x711/0x8a0 [ 336.033524][ T39] ? __pfx_watchdog+0x10/0x10 [ 336.033551][ T39] ? __pfx_kthread+0x10/0x10 [ 336.033589][ T39] ? __pfx_kthread+0x10/0x10 [ 336.033623][ T39] ret_from_fork+0x436/0x7d0 [ 336.033654][ T39] ? __pfx_ret_from_fork+0x10/0x10 [ 336.033689][ T39] ? __switch_to_asm+0x39/0x70 [ 336.033709][ T39] ? __switch_to_asm+0x33/0x70 [ 336.033728][ T39] ? __pfx_kthread+0x10/0x10 [ 336.033762][ T39] ret_from_fork_asm+0x1a/0x30 [ 336.033799][ T39] [ 336.033807][ T39] Sending NMI from CPU 1 to CPUs 0: [ 336.033836][ C0] NMI backtrace for cpu 0 [ 336.033852][ C0] CPU: 0 UID: 0 PID: 20 Comm: rcuc/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 336.033885][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 336.033900][ C0] RIP: 0010:__sanitizer_cov_trace_pc+0x37/0x80 [ 336.033925][ C0] Code: 08 40 f6 91 65 8b 35 58 d4 37 10 81 e6 00 00 ff 00 ba 00 01 00 00 23 91 0c 0b 00 00 89 d7 09 f7 74 11 85 f6 75 39 85 d2 74 35 <83> b9 d4 15 00 00 00 74 2c 8b 91 b0 15 00 00 83 fa 02 75 21 48 8b [ 336.033940][ C0] RSP: 0018:ffffc90000196918 EFLAGS: 00000206 [ 336.033955][ C0] RAX: ffffffff89921ae9 RBX: 0000000000000000 RCX: ffff88801c2b5940 [ 336.033970][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100 [ 336.033981][ C0] RBP: ffffc90000196af0 R08: 0000000000000000 R09: 0000000000000100 [ 336.033992][ C0] R10: ffffc90000196a20 R11: fffff52000032d4e R12: 0000000000000000 [ 336.034005][ C0] R13: 0000000000000000 R14: 00000000aa1414ac R15: ffff8880647b7bc0 [ 336.034017][ C0] FS: 0000000000000000(0000) GS:ffff8881268bc000(0000) knlGS:0000000000000000 [ 336.034032][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 336.034044][ C0] CR2: 00007fff59b34128 CR3: 000000000d7a6000 CR4: 00000000003526f0 [ 336.034062][ C0] Call Trace: [ 336.034068][ C0] [ 336.034074][ C0] ip_route_me_harder+0x3c9/0x1030 [ 336.034105][ C0] ? __pfx_ip_route_me_harder+0x10/0x10 [ 336.034142][ C0] synproxy_send_tcp+0x359/0x6c0 [ 336.034186][ C0] synproxy_send_client_synack+0x8bb/0xe20 [ 336.034220][ C0] ? __pfx_synproxy_send_client_synack+0x10/0x10 [ 336.034247][ C0] ? nft_synproxy_do_eval+0x1d8/0x570 [ 336.034266][ C0] ? synproxy_pernet+0x45/0x270 [ 336.034307][ C0] nft_synproxy_eval_v4+0x36e/0x560 [ 336.034329][ C0] ? __pfx_nft_synproxy_eval_v4+0x10/0x10 [ 336.034350][ C0] ? nf_ip_checksum+0x13c/0x510 [ 336.034371][ C0] nft_synproxy_do_eval+0x345/0x570 [ 336.034390][ C0] ? __dequeue_entity+0x4e/0xc60 [ 336.034423][ C0] ? __pfx_nft_synproxy_do_eval+0x10/0x10 [ 336.034453][ C0] nft_do_chain+0x40c/0x1920 [ 336.034479][ C0] ? __pfx_nft_do_chain+0x10/0x10 [ 336.034509][ C0] ? pick_task_fair+0x2b2/0x520 [ 336.034534][ C0] nft_do_chain_inet+0x25d/0x340 [ 336.034553][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 336.034572][ C0] ? __lock_acquire+0xab9/0xd20 [ 336.034601][ C0] ? NF_HOOK+0x9a/0x3a0 [ 336.034626][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 336.034646][ C0] nf_hook_slow+0xc2/0x220 [ 336.034675][ C0] NF_HOOK+0x206/0x3a0 [ 336.034700][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 336.034726][ C0] ? NF_HOOK+0x9a/0x3a0 [ 336.034749][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 336.034772][ C0] ? ip_rcv_finish_core+0xda3/0x1c00 [ 336.034800][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 336.034827][ C0] ? skb_dst+0x4f/0xd0 [ 336.034852][ C0] ? ip_local_deliver+0x12a/0x1b0 [ 336.034879][ C0] NF_HOOK+0x30c/0x3a0 [ 336.034904][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 336.034929][ C0] ? NF_HOOK+0x9a/0x3a0 [ 336.034953][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 336.034979][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 336.035010][ C0] ? __pfx_ip_rcv+0x10/0x10 [ 336.035033][ C0] __netif_receive_skb+0x143/0x380 [ 336.035056][ C0] ? rt_spin_unlock+0x65/0x80 [ 336.035081][ C0] ? process_backlog+0x27b/0x900 [ 336.035105][ C0] process_backlog+0x31e/0x900 [ 336.035135][ C0] __napi_poll+0xb3/0x540 [ 336.035160][ C0] net_rx_action+0x707/0xe00 [ 336.035185][ C0] ? arch_stack_walk+0x11c/0x150 [ 336.035214][ C0] ? ret_from_fork_asm+0x1a/0x30 [ 336.035238][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 336.035264][ C0] ? kvm_sched_clock_read+0x11/0x20 [ 336.035296][ C0] ? __pfx_sched_clock_cpu+0x10/0x10 [ 336.035320][ C0] handle_softirqs+0x22c/0x710 [ 336.035348][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 336.035376][ C0] __local_bh_enable_ip+0x179/0x270 [ 336.035399][ C0] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 336.035441][ C0] ? rcu_cpu_kthread+0x23e/0x1b50 [ 336.035467][ C0] ? rcu_cpu_kthread+0x23e/0x1b50 [ 336.035493][ C0] rcu_cpu_kthread+0xc3d/0x1b50 [ 336.035522][ C0] ? rcu_cpu_kthread+0x23e/0x1b50 [ 336.035554][ C0] ? __pfx_rcu_cpu_kthread+0x10/0x10 [ 336.035581][ C0] ? __lock_acquire+0xab9/0xd20 [ 336.035604][ C0] ? __pfx___schedule+0x10/0x10 [ 336.035639][ C0] ? schedule+0x91/0x360 [ 336.035668][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 336.035690][ C0] smpboot_thread_fn+0x542/0xa60 [ 336.035712][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 336.035739][ C0] kthread+0x711/0x8a0 [ 336.035768][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 336.035790][ C0] ? __pfx_kthread+0x10/0x10 [ 336.035820][ C0] ? __pfx_kthread+0x10/0x10 [ 336.035848][ C0] ret_from_fork+0x436/0x7d0 [ 336.035871][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 336.035897][ C0] ? __switch_to_asm+0x39/0x70 [ 336.035913][ C0] ? __switch_to_asm+0x33/0x70 [ 336.035929][ C0] ? __pfx_kthread+0x10/0x10 [ 336.035956][ C0] ret_from_fork_asm+0x1a/0x30 [ 336.035982][ C0] [ 336.171504][ T39] Kernel panic - not syncing: hung_task: blocked tasks [ 336.171530][ T39] CPU: 0 UID: 0 PID: 39 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 336.171559][ T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 336.171575][ T39] Call Trace: [ 336.171584][ T39] [ 336.171596][ T39] dump_stack_lvl+0x99/0x250 [ 336.171637][ T39] ? __asan_memcpy+0x40/0x70 [ 336.171664][ T39] ? __pfx_dump_stack_lvl+0x10/0x10 [ 336.171699][ T39] ? __pfx__printk+0x10/0x10 [ 336.171742][ T39] vpanic+0x281/0x750 [ 336.171780][ T39] ? __pfx_vpanic+0x10/0x10 [ 336.171813][ T39] ? preempt_schedule+0xae/0xc0 [ 336.171851][ T39] ? preempt_schedule_common+0x83/0xd0 [ 336.171901][ T39] panic+0xb9/0xc0 [ 336.171934][ T39] ? __pfx_panic+0x10/0x10 [ 336.171970][ T39] ? preempt_schedule_thunk+0x16/0x30 [ 336.172006][ T39] ? nmi_trigger_cpumask_backtrace+0x2bb/0x300 [ 336.172042][ T39] watchdog+0xfd2/0xfe0 [ 336.172079][ T39] ? watchdog+0x1de/0xfe0 [ 336.172117][ T39] kthread+0x711/0x8a0 [ 336.172159][ T39] ? __pfx_watchdog+0x10/0x10 [ 336.172189][ T39] ? __pfx_kthread+0x10/0x10 [ 336.172231][ T39] ? __pfx_kthread+0x10/0x10 [ 336.172268][ T39] ret_from_fork+0x436/0x7d0 [ 336.172301][ T39] ? __pfx_ret_from_fork+0x10/0x10 [ 336.172339][ T39] ? __switch_to_asm+0x39/0x70 [ 336.172362][ T39] ? __switch_to_asm+0x33/0x70 [ 336.172382][ T39] ? __pfx_kthread+0x10/0x10 [ 336.172427][ T39] ret_from_fork_asm+0x1a/0x30 [ 336.172467][ T39] [ 336.172752][ T39] Kernel Offset: disabled