last executing test programs: 1m17.6008979s ago: executing program 0 (id=6): creat(&(0x7f0000000340)='./file0\x00', 0x101) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000005700)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000005680), &(0x7f00000056c0)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x1b, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000004}, 0x94) r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="28000000070605000000000000000000000000020500010007000000090002007379783200000000"], 0x28}, 0x1, 0x0, 0x0, 0x4000811}, 0x8010) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0) flock(0xffffffffffffffff, 0x2) r8 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x54, r8, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x14, 0x2, @in={0x2, 0x0, @multicast2}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x0) sendmsg$TIPC_NL_KEY_SET(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={0x58, r8, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_NODE={0x44, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x3c, 0x4, {'gcm(aes)\x00', 0x14, "e3de3d7b4cd07ec3ee777de774fc7987cca41989"}}, @TIPC_NLA_NODE_KEY_MASTER={0x4}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x4}, 0x4000004) syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000005979e08d21001000000000000010902120001000000000904"], 0x0) 1m14.199464459s ago: executing program 0 (id=10): r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x57e, 0x2009, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x1b0, 0x0, [{{0x9, 0x4, 0x0, 0x4, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xb}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0xff, 0x8, 0xfd}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000140)={0x24, 0x0, 0x0, &(0x7f0000000180)={0x0, 0x22, 0xb, {[@local=@item_4={0x3, 0x2, 0x8, "da6c3deb"}, @local=@item_4={0x3, 0x2, 0xa, "00000010"}, @global=@item_012={0x0, 0x1, 0x4}]}}, 0x0}, 0x0) 1m14.199317352s ago: executing program 4 (id=5): syz_usb_connect(0x5, 0x34, &(0x7f0000000e80)=ANY=[@ANYBLOB="12011001b1fb66101e090300bb35010203010902220001080540040904ce0109000000000705f71f22890b09050c02"], 0x0) 1m10.830875885s ago: executing program 0 (id=14): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1, 0x5, 0x9fd, 0x84, 0x105}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000240), 0x800, r0}, 0x38) bpf$MAP_LOOKUP_BATCH(0x19, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000680), &(0x7f0000000540), 0x6c, r0}, 0x38) 1m10.698488401s ago: executing program 4 (id=16): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1e7d, 0x2ced, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x4, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000200)={0x24, 0x0, 0x0, &(0x7f0000000180)={0x0, 0x22, 0x8, {[@local=@item_012={0x1, 0x2, 0x2, ';'}, @local=@item_012={0x0, 0x2, 0xa}, @local=@item_4={0x3, 0x2, 0x1, "2fa7f2e1"}]}}, 0x0}, &(0x7f0000000380)={0x2c, &(0x7f0000000240)={0x40, 0x15, 0x4, "1fe85c7d"}, 0x0, 0x0, 0x0, 0x0}) 1m10.360632234s ago: executing program 2 (id=18): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000007c0), 0xffffffffffffffff) sendmsg$NL802154_CMD_NEW_SEC_KEY(r0, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000bc0)={0x58, r1, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_SEC_KEY={0x38, 0x30, 0x0, 0x1, [@NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x8}, @NL802154_KEY_ATTR_BYTES={0x14, 0x4, "ffef236e61d64ac6c8f76b29d65eff18"}, @NL802154_KEY_ATTR_ID={0x18, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x8}]}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x14000005}, 0x8880) 1m10.113763207s ago: executing program 2 (id=19): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0xd, &(0x7f0000000700)=@framed={{0x18, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffe}, [@call={0x85, 0x0, 0x0, 0x87}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}]}, &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0xe, 0x0, &(0x7f0000000000)="e06921e8682d85ff9782762f86dd", 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50) 1m10.113066686s ago: executing program 3 (id=20): r0 = socket$kcm(0x2, 0x1, 0x0) sendmsg$inet(r0, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811) shutdown(r0, 0x1) 1m10.070523834s ago: executing program 0 (id=21): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000080)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) socket$inet6_udp(0xa, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) connect$unix(r3, &(0x7f00000000c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) creat(&(0x7f0000000040)='./file0\x00', 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r6 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SG_SET_FORCE_PACK_ID(r6, 0x227b, &(0x7f00000001c0)=0x2001) r7 = fcntl$dupfd(r6, 0x0, r6) read$FUSE(r7, 0x0, 0x0) write$sndseq(r7, &(0x7f0000000180)=[{0xff, 0x0, 0x0, 0x0, @tick=0x4, {}, {}, @result={0x1, 0x2}}, {0x0, 0x0, 0xff, 0x3, @tick=0xf27, {0x1}, {}, @addr={0x2a, 0x5}}], 0x38) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0xd, 0x0, &(0x7f0000000000)) mount$9p_fd(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f0000000300), 0x404, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX=r5, @ANYBLOB="2c76657273696f6e3d3970323030302e752c6e6f6465766d61702c63616f5d8e1d7c6368653d667363616368652c6d61736b3d5e4d41591f524541442c00"]) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0xfffffffffffffe01, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)) sendmsg$NFT_BATCH(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a34000000060a0b0400000000000000000200000008000b40000000020900010073797a30000000000900020073797a320000000038000000090a010100000000000000000500000821000d401a7a71d36aea029e020a593ce576b7c83c1a647de4e19d3d74112b1b6900000020000000180a05000000000000000000070000050900020073797a300000000020000000030a03000000000000000000050000040c0002400000000000000003b8000000020a010100000000000000000400000808000240000000030900010073797a31000000008d0006003106770ee0b2fb5fbd2965e7056b21cad937f47ec179a81970421e5e9bdf678f5d6c99bd8c9a2ffd75916fe0f6a8139136e3ec2ec1dfee226fad2653f72b56583c2b324d6838216a8c6e21684ec3bdaa48df5498467cb3979a1d5fd678999bb6a2c13c6b310e3ef5d0fe2473428442802c1dc24a0af0cd97c7f4e58cf7f6fdfbe1cfe88e8b3cb9ffb800000080000000140a01010000000000000000030000060900010073797a30000000000900010073797a310000000008000340000000083f000800385602b9e183447f6752a976402f98b8c0378c817049f220cb34a39476a4556513e069a9db41c7e3cab9a19633ef06368c31ddecac4dab220f9a47000c0006400000000000000004d4010000020a01080000000000000000070000039e000600479e8a1111c7a5cded9b12ef1cc7ca6b8bb137009cef5bdb8c1310aa3871c2420b272cb7ee87b17a31578a3890163377a7b50aff53925cf0a31dc181fe4bae51c1decd5553dd58eb6606653c69fe541928f533ffbba1a7203065a070391103606df09530cc22cca56300462880219c5f98f15f5e64c0b8d187fc7075ab66195fd46914934d445ead987a0276128ede56475d154bb9476e7f015a00000900010073797a30000000000900010073797a31000000008b000600f13245e8a474d520ca186b30fcfdb653d13dac14433a31f4a5ae434aac64579db01541d1ebb680817d55cf7db363579e4d589479713c946099213f478b6e1b8604518bb6865a3529520dc47653472b827cee77fc14a599923851f15438c2d7816911065a89589d8b292086794f52848958f62353c38bd0634cce5742dc472b70c44cd6e6712d33007a0006009b6160d9b9b733d2c65d7d26c1fd6f21aa94d062b1460d0fea43b45abfff22c49dfae4fee3a76e8a6a14929b9a08367e9cff5efcd44000d6ff5f752674365edb47ed75ea600fbecf4617b3569016110db22fbddde38883ec438b7ce2110109f678cf9abc8f4275f065bcebc453e22522c297aa998a6b00002c0000000e0a030000000000000000000a0000000900020073797a30000000000900020073797a320000000040000000140a05000000000000000000010000010900020073797a32000000000900010073797a310000000008000340000000000900020073797a3100000000a4000000090a05000000000000000000000000050900020073797a3000000000100011800b0001006c6f6f6b7570000074000d40abb0ee6c7ef5d2fcc841331d3d2bef2a125afa180141397aa5edfe56c5b738c536f49aed2b819311886f4ada05aaf4d32ba15a57ea5921e70a0421ca0590fff74d8eac99fc557bff8cecbed68c17abc84f321fc16bb081f775954a8e4737cfbf164c2803b64efcd7ef67b5667f7e8b1e5c010000000a05000000000000000000020000060c00044000000000000000030800024000000001b5000600bc9debd9df552ed7827820bd67cea66f8a9882aa71cbc71f6c79e0f0284f424a4876d93a7d10b99057375313365f7afb44bc0a6a625d8cd2ae86f4f1e33bc516285de9fc7b5ce47d443df27cf7c703f94bdca4bc5f525ca4983bec46712780bbd70772e106c10b7f62046e9f9df63e2166d073623070e9d3c54fb02c98d16a95bf689b4fee5ab1238081061409845b1743ef4c902ac33f39460a65d09bcc57f322f0e7d03aed8f3b4b751fccdca23417970000006d000600dcf54edf70482f833aff8cda02820e3908c3d3bcc0ba53930eb631447ff81948d9c606cc0217c658374252a97dd1576b2c4222a265c3a096df509a4434a56df39d595dc1050a40b41b3f7f33d57fb6001295a2f1af8a212fa5fc9ec1d83fcb554bb8d6fc04554391d0000000090001"], 0x734}}, 0x0) 1m8.682732067s ago: executing program 3 (id=22): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0) syz_emit_ethernet(0x46, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x38, 0x0, 0x0, 0x2, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x9, 0xc2, 0x1, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x4, 0xd}, @mss={0x2, 0x4, 0x5df4}, @sack={0x5, 0x2}]}}}}}}}, 0x0) 1m8.549750649s ago: executing program 2 (id=23): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) recvmmsg(r0, &(0x7f0000003800)=[{{0x0, 0x0, 0x0}, 0x7f3}, {{0x0, 0x0, &(0x7f0000001b00)=[{&(0x7f0000000600)=""/4096, 0x1000}, {&(0x7f00000039c0)=""/154, 0x9a}, {&(0x7f00000016c0)=""/140, 0x8c}, {&(0x7f0000001800)=""/196, 0xc4}, {&(0x7f0000001940)=""/218, 0xda}, {&(0x7f0000001a40)=""/145, 0x91}], 0x6}, 0x620}, {{0x0, 0x0, 0x0}, 0x3}, {{0x0, 0x0, 0x0}, 0x2}], 0x4, 0x0, 0x0) 1m8.250200942s ago: executing program 0 (id=24): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) r2 = userfaultfd(0x80801) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x54d}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000200)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) mremap(&(0x7f00003cd000/0x4000)=nil, 0x4000, 0x2000, 0x3, &(0x7f0000c9a000/0x2000)=nil) close_range(r2, 0xffffffffffffffff, 0x0) sendmsg$NFT_MSG_GETSET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4040000}, 0x400c004) 1m8.143880198s ago: executing program 2 (id=26): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x0, 0x0, 0x0}, 0x94) r0 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000100), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$WG_CMD_SET_DEVICE(r1, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c020000", @ANYRES16=r0, @ANYBLOB="01000000000000000000010000001400020077673100000000000000000000000000f40108807000008048000980282000f8060001000a00000014000200fe8000000000000000000000000000aa05000300000000001c000080060001000200000908000200e0000001050003000000000024000100000000000000000000000000000000000000000000000000000000000000000080010080200004000a004e2000000005200100000000000000000000000000000800000006000500b01f00000800030006000000060005000500000008000a000100000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff200004000a034e200000040100000000000000000000ffffac14142a06000000240001000000000000000000000000000000000000000000000000000000000000000000d4000980"], 0x21c}, 0x1, 0x0, 0x0, 0x20040010}, 0x4008804) 1m7.016728214s ago: executing program 3 (id=27): mkdir(&(0x7f0000000300)='./file0\x00', 0xfffffffffffffffe) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0xffffffffffffffff}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48) socket$inet(0x2, 0x3, 0x2) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setstatus(r4, 0x4, 0x6000) vmsplice(r4, &(0x7f0000000240)=[{&(0x7f0000001340)="e6", 0xfffffeff}], 0x1, 0x0) sendmsg$AUDIT_SET(r4, &(0x7f00000000c0)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000380)={&(0x7f0000000480)={0x3c, 0x3e9, 0x1, 0x70bd26, 0x25dfdbff, {0x66, 0x0, 0x0, r0, 0x8000, 0xc, 0x10000000, 0xda, 0x0, 0xb, 0xfffffff7}, ["", "", "", "", "", "", "", "", "", ""]}, 0x3c}, 0x1, 0x0, 0x0, 0x44004}, 0x448c4) r5 = socket$inet(0x2, 0x3, 0x2) bind$inet(r5, &(0x7f0000000000)={0x2, 0x4e24, @multicast1}, 0x10) syz_emit_ethernet(0x0, 0x0, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x18) openat$tun(0xffffffffffffff9c, 0x0, 0x60242, 0x0) r7 = open$dir(&(0x7f00000001c0)='./file0\x00', 0x271082, 0x10) mknodat$null(r7, &(0x7f0000000340)='./bus\x00', 0x2, 0x103) r8 = getpid() r9 = syz_pidfd_open(r8, 0x0) setns(r9, 0x24020000) umount2(&(0x7f0000000040)='.\x00', 0x2) syz_emit_ethernet(0x9b, &(0x7f0000000180)={@link_local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty=0x18, @multicast1}, {0x0, 0x4e22, 0x18, 0x0, @wg=@data}}}}}, 0x0) 1m4.413974921s ago: executing program 0 (id=28): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x0, 0x0, 0xffffffff}, 0x1c) syz_emit_ethernet(0x82, &(0x7f0000000000)={@local, @empty, @val, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "5f1060", 0x44, 0x2f, 0x0, @private0, @mcast2, {[], {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x6558}, {0x0, 0x0, 0x0, 0x0, 0x100}, {}, {0x8, 0x88be, 0x86ddffff}, {0x8, 0x22eb, 0x0, {{}, 0x2, {0x0, 0x4}}}}}}}}}, 0x0) 1m0.807494618s ago: executing program 4 (id=33): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, 0x0}) rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x42, 0x0) fchmodat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x1ff) 1m0.806758829s ago: executing program 4 (id=35): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000080)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) socket$inet6_udp(0xa, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) connect$unix(r3, &(0x7f00000000c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) creat(&(0x7f0000000040)='./file0\x00', 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r6 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SG_SET_FORCE_PACK_ID(r6, 0x227b, &(0x7f00000001c0)=0x2001) r7 = fcntl$dupfd(r6, 0x0, r6) read$FUSE(r7, 0x0, 0x0) write$sndseq(r7, &(0x7f0000000180)=[{0xff, 0x0, 0x0, 0x0, @tick=0x4, {}, {}, @result={0x1, 0x2}}, {0x0, 0x0, 0xff, 0x3, @tick=0xf27, {0x1}, {}, @addr={0x2a, 0x5}}], 0x38) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0xd, 0x0, &(0x7f0000000000)) mount$9p_fd(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f0000000300), 0x404, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX=r5, @ANYBLOB="2c76657273696f6e3d3970323030302e752c6e6f6465766d61702c63616f5d8e1d7c6368653d667363616368652c6d61736b3d5e4d41591f524541442c00"]) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0xfffffffffffffe01, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)) sendmsg$NFT_BATCH(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a34000000060a0b0400000000000000000200000008000b40000000020900010073797a30000000000900020073797a320000000038000000090a010100000000000000000500000821000d401a7a71d36aea029e020a593ce576b7c83c1a647de4e19d3d74112b1b6900000020000000180a05000000000000000000070000050900020073797a300000000020000000030a03000000000000000000050000040c0002400000000000000003b8000000020a010100000000000000000400000808000240000000030900010073797a31000000008d0006003106770ee0b2fb5fbd2965e7056b21cad937f47ec179a81970421e5e9bdf678f5d6c99bd8c9a2ffd75916fe0f6a8139136e3ec2ec1dfee226fad2653f72b56583c2b324d6838216a8c6e21684ec3bdaa48df5498467cb3979a1d5fd678999bb6a2c13c6b310e3ef5d0fe2473428442802c1dc24a0af0cd97c7f4e58cf7f6fdfbe1cfe88e8b3cb9ffb800000080000000140a01010000000000000000030000060900010073797a30000000000900010073797a310000000008000340000000083f000800385602b9e183447f6752a976402f98b8c0378c817049f220cb34a39476a4556513e069a9db41c7e3cab9a19633ef06368c31ddecac4dab220f9a47000c0006400000000000000004d4010000020a01080000000000000000070000039e000600479e8a1111c7a5cded9b12ef1cc7ca6b8bb137009cef5bdb8c1310aa3871c2420b272cb7ee87b17a31578a3890163377a7b50aff53925cf0a31dc181fe4bae51c1decd5553dd58eb6606653c69fe541928f533ffbba1a7203065a070391103606df09530cc22cca56300462880219c5f98f15f5e64c0b8d187fc7075ab66195fd46914934d445ead987a0276128ede56475d154bb9476e7f015a00000900010073797a30000000000900010073797a31000000008b000600f13245e8a474d520ca186b30fcfdb653d13dac14433a31f4a5ae434aac64579db01541d1ebb680817d55cf7db363579e4d589479713c946099213f478b6e1b8604518bb6865a3529520dc47653472b827cee77fc14a599923851f15438c2d7816911065a89589d8b292086794f52848958f62353c38bd0634cce5742dc472b70c44cd6e6712d33007a0006009b6160d9b9b733d2c65d7d26c1fd6f21aa94d062b1460d0fea43b45abfff22c49dfae4fee3a76e8a6a14929b9a08367e9cff5efcd44000d6ff5f752674365edb47ed75ea600fbecf4617b3569016110db22fbddde38883ec438b7ce2110109f678cf9abc8f4275f065bcebc453e22522c297aa998a6b00002c0000000e0a030000000000000000000a0000000900020073797a30000000000900020073797a320000000040000000140a05000000000000000000010000010900020073797a32000000000900010073797a310000000008000340000000000900020073797a3100000000a4000000090a05000000000000000000000000050900020073797a3000000000100011800b0001006c6f6f6b7570000074000d40abb0ee6c7ef5d2fcc841331d3d2bef2a125afa180141397aa5edfe56c5b738c536f49aed2b819311886f4ada05aaf4d32ba15a57ea5921e70a0421ca0590fff74d8eac99fc557bff8cecbed68c17abc84f321fc16bb081f775954a8e4737cfbf164c2803b64efcd7ef67b5667f7e8b1e5c010000000a05000000000000000000020000060c00044000000000000000030800024000000001b5000600bc9debd9df552ed7827820bd67cea66f8a9882aa71cbc71f6c79e0f0284f424a4876d93a7d10b99057375313365f7afb44bc0a6a625d8cd2ae86f4f1e33bc516285de9fc7b5ce47d443df27cf7c703f94bdca4bc5f525ca4983bec46712780bbd70772e106c10b7f62046e9f9df63e2166d073623070e9d3c54fb02c98d16a95bf689b4fee5ab1238081061409845b1743ef4c902ac33f39460a65d09bcc57f322f0e7d03aed8f3b4b751fccdca23417970000006d000600dcf54edf70482f833aff8cda02820e3908c3d3bcc0ba53930eb631447ff81948d9c606cc0217c658374252a97dd1576b2c4222a265c3a096df509a4434a56df39d595dc1050a40b41b3f7f33d57fb6001295a2f1af8a212fa5fc9ec1d83fcb554bb8d6fc04554391d0000000090001"], 0x734}}, 0x0) 58.843601382s ago: executing program 2 (id=38): mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x0, &(0x7f0000000180)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}]}}) statfs(&(0x7f0000000100)='./file0\x00', 0x0) 58.84324062s ago: executing program 2 (id=40): creat(&(0x7f0000000340)='./file0\x00', 0x101) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000005700)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000005680), &(0x7f00000056c0)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x1b, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000004}, 0x94) r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="28000000070605000000000000000000000000020500010007000000090002007379783200000000"], 0x28}, 0x1, 0x0, 0x0, 0x4000811}, 0x8010) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0) flock(0xffffffffffffffff, 0x2) r8 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x54, r8, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x14, 0x2, @in={0x2, 0x0, @multicast2}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x0) sendmsg$TIPC_NL_KEY_SET(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={0x58, r8, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_NODE={0x44, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x3c, 0x4, {'gcm(aes)\x00', 0x14, "e3de3d7b4cd07ec3ee777de774fc7987cca41989"}}, @TIPC_NLA_NODE_KEY_MASTER={0x4}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x4}, 0x4000004) syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000005979e08d21001000000000000010902120001000000000904"], 0x0) 56.103357146s ago: executing program 3 (id=41): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000040)={0x0, 0x7, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r0, &(0x7f0000000080)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e24, 0x5, @empty, 0x6}, r2}}, 0x30) 56.102754173s ago: executing program 3 (id=42): r0 = openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0) fchdir(r0) exit(0x0) fchmodat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x16f) 56.006470166s ago: executing program 3 (id=44): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'veth1_to_bond\x00'}) socket$key(0xf, 0x3, 0x2) socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0b0000000800000002009b154ebd9e2902c81cd6bb7d58091100000400000005000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r5, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000300)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000f14c01000000000000eeff0018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000020000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10) r8 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r8, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r8, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10) connect$inet(r8, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r8, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}, @window], 0x20000000000000e4) setsockopt$inet_tcp_TCP_REPAIR(r8, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendto$inet(r8, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0) recvfrom$inet(r8, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25) gettid() 47.89615106s ago: executing program 32 (id=28): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x0, 0x0, 0xffffffff}, 0x1c) syz_emit_ethernet(0x82, &(0x7f0000000000)={@local, @empty, @val, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "5f1060", 0x44, 0x2f, 0x0, @private0, @mcast2, {[], {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x6558}, {0x0, 0x0, 0x0, 0x0, 0x100}, {}, {0x8, 0x88be, 0x86ddffff}, {0x8, 0x22eb, 0x0, {{}, 0x2, {0x0, 0x4}}}}}}}}}, 0x0) 39.86407306s ago: executing program 33 (id=35): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000080)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) socket$inet6_udp(0xa, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) connect$unix(r3, &(0x7f00000000c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) creat(&(0x7f0000000040)='./file0\x00', 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r6 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SG_SET_FORCE_PACK_ID(r6, 0x227b, &(0x7f00000001c0)=0x2001) r7 = fcntl$dupfd(r6, 0x0, r6) read$FUSE(r7, 0x0, 0x0) write$sndseq(r7, &(0x7f0000000180)=[{0xff, 0x0, 0x0, 0x0, @tick=0x4, {}, {}, @result={0x1, 0x2}}, {0x0, 0x0, 0xff, 0x3, @tick=0xf27, {0x1}, {}, @addr={0x2a, 0x5}}], 0x38) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0xd, 0x0, &(0x7f0000000000)) mount$9p_fd(0x0, &(0x7f0000000500)='./file0\x00', &(0x7f0000000300), 0x404, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX=r5, @ANYBLOB="2c76657273696f6e3d3970323030302e752c6e6f6465766d61702c63616f5d8e1d7c6368653d667363616368652c6d61736b3d5e4d41591f524541442c00"]) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0xfffffffffffffe01, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)) sendmsg$NFT_BATCH(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a34000000060a0b0400000000000000000200000008000b40000000020900010073797a30000000000900020073797a320000000038000000090a010100000000000000000500000821000d401a7a71d36aea029e020a593ce576b7c83c1a647de4e19d3d74112b1b6900000020000000180a05000000000000000000070000050900020073797a300000000020000000030a03000000000000000000050000040c0002400000000000000003b8000000020a010100000000000000000400000808000240000000030900010073797a31000000008d0006003106770ee0b2fb5fbd2965e7056b21cad937f47ec179a81970421e5e9bdf678f5d6c99bd8c9a2ffd75916fe0f6a8139136e3ec2ec1dfee226fad2653f72b56583c2b324d6838216a8c6e21684ec3bdaa48df5498467cb3979a1d5fd678999bb6a2c13c6b310e3ef5d0fe2473428442802c1dc24a0af0cd97c7f4e58cf7f6fdfbe1cfe88e8b3cb9ffb800000080000000140a01010000000000000000030000060900010073797a30000000000900010073797a310000000008000340000000083f000800385602b9e183447f6752a976402f98b8c0378c817049f220cb34a39476a4556513e069a9db41c7e3cab9a19633ef06368c31ddecac4dab220f9a47000c0006400000000000000004d4010000020a01080000000000000000070000039e000600479e8a1111c7a5cded9b12ef1cc7ca6b8bb137009cef5bdb8c1310aa3871c2420b272cb7ee87b17a31578a3890163377a7b50aff53925cf0a31dc181fe4bae51c1decd5553dd58eb6606653c69fe541928f533ffbba1a7203065a070391103606df09530cc22cca56300462880219c5f98f15f5e64c0b8d187fc7075ab66195fd46914934d445ead987a0276128ede56475d154bb9476e7f015a00000900010073797a30000000000900010073797a31000000008b000600f13245e8a474d520ca186b30fcfdb653d13dac14433a31f4a5ae434aac64579db01541d1ebb680817d55cf7db363579e4d589479713c946099213f478b6e1b8604518bb6865a3529520dc47653472b827cee77fc14a599923851f15438c2d7816911065a89589d8b292086794f52848958f62353c38bd0634cce5742dc472b70c44cd6e6712d33007a0006009b6160d9b9b733d2c65d7d26c1fd6f21aa94d062b1460d0fea43b45abfff22c49dfae4fee3a76e8a6a14929b9a08367e9cff5efcd44000d6ff5f752674365edb47ed75ea600fbecf4617b3569016110db22fbddde38883ec438b7ce2110109f678cf9abc8f4275f065bcebc453e22522c297aa998a6b00002c0000000e0a030000000000000000000a0000000900020073797a30000000000900020073797a320000000040000000140a05000000000000000000010000010900020073797a32000000000900010073797a310000000008000340000000000900020073797a3100000000a4000000090a05000000000000000000000000050900020073797a3000000000100011800b0001006c6f6f6b7570000074000d40abb0ee6c7ef5d2fcc841331d3d2bef2a125afa180141397aa5edfe56c5b738c536f49aed2b819311886f4ada05aaf4d32ba15a57ea5921e70a0421ca0590fff74d8eac99fc557bff8cecbed68c17abc84f321fc16bb081f775954a8e4737cfbf164c2803b64efcd7ef67b5667f7e8b1e5c010000000a05000000000000000000020000060c00044000000000000000030800024000000001b5000600bc9debd9df552ed7827820bd67cea66f8a9882aa71cbc71f6c79e0f0284f424a4876d93a7d10b99057375313365f7afb44bc0a6a625d8cd2ae86f4f1e33bc516285de9fc7b5ce47d443df27cf7c703f94bdca4bc5f525ca4983bec46712780bbd70772e106c10b7f62046e9f9df63e2166d073623070e9d3c54fb02c98d16a95bf689b4fee5ab1238081061409845b1743ef4c902ac33f39460a65d09bcc57f322f0e7d03aed8f3b4b751fccdca23417970000006d000600dcf54edf70482f833aff8cda02820e3908c3d3bcc0ba53930eb631447ff81948d9c606cc0217c658374252a97dd1576b2c4222a265c3a096df509a4434a56df39d595dc1050a40b41b3f7f33d57fb6001295a2f1af8a212fa5fc9ec1d83fcb554bb8d6fc04554391d0000000090001"], 0x734}}, 0x0) 39.8011991s ago: executing program 34 (id=40): creat(&(0x7f0000000340)='./file0\x00', 0x101) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000005700)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000005680), &(0x7f00000056c0)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x1b, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000004}, 0x94) r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="28000000070605000000000000000000000000020500010007000000090002007379783200000000"], 0x28}, 0x1, 0x0, 0x0, 0x4000811}, 0x8010) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0) flock(0xffffffffffffffff, 0x2) r8 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x54, r8, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @loopback}}, {0x14, 0x2, @in={0x2, 0x0, @multicast2}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x0) sendmsg$TIPC_NL_KEY_SET(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={0x58, r8, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_NODE={0x44, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x3c, 0x4, {'gcm(aes)\x00', 0x14, "e3de3d7b4cd07ec3ee777de774fc7987cca41989"}}, @TIPC_NLA_NODE_KEY_MASTER={0x4}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x4}, 0x4000004) syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000005979e08d21001000000000000010902120001000000000904"], 0x0) 39.737420913s ago: executing program 35 (id=44): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'veth1_to_bond\x00'}) socket$key(0xf, 0x3, 0x2) socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0b0000000800000002009b154ebd9e2902c81cd6bb7d58091100000400000005000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r5, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000300)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000f14c01000000000000eeff0018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000020000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10) r8 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r8, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r8, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10) connect$inet(r8, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r8, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}, @window], 0x20000000000000e4) setsockopt$inet_tcp_TCP_REPAIR(r8, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendto$inet(r8, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0) recvfrom$inet(r8, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25) gettid() 23.987238182s ago: executing program 1 (id=61): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r0, 0x0, 0xb, &(0x7f0000000040)=0x3, 0x4) setsockopt$inet_int(r0, 0x0, 0x3, &(0x7f0000000340)=0xc, 0x4) syz_emit_ethernet(0xbe, &(0x7f00000000c0)={@multicast, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x3, 0x24, 0x0, {0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x35}, {[@cipso={0x86, 0x71, 0x0, [{0x5, 0xc, "e256b28c04000000fb52"}, {0x0, 0x9, "789607671442eb"}, {0x0, 0xe, "7434954373561de584b703c8"}, {0x0, 0x9, "e706d30bd224f8"}, {0x6, 0x7, "cfa11cab1a"}, {0x0, 0x10, "c600"/14}, {0x0, 0xa, "6580a5e97612fe86"}, {0x0, 0x12, "73bc2300ad9d19a30000000000000000"}, {0x0, 0xc, "c8f46976e79e56c7a95e"}]}, @cipso={0x86, 0xc, 0x0, [{0x1, 0x6, "7f36c525"}]}]}}}}}}}, 0x0) 23.987020301s ago: executing program 1 (id=62): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="cf0000000100000000000040"]) 23.750677351s ago: executing program 1 (id=63): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1, 0x0, 0xffffffffffffffff}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) madvise(&(0x7f0000519000/0x1000)=nil, 0x1000, 0x66) syz_open_procfs(0x0, 0x0) r5 = add_key$keyring(&(0x7f0000000a40), &(0x7f0000000a80)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) getgroups(0x2, &(0x7f0000001080)=[0xee01, 0xffffffffffffffff]) munlockall() keyctl$chown(0x4, r5, 0xee01, r6) keyctl$KEYCTL_MOVE(0x3, r5, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4) ptrace$pokeuser(0x6, r2, 0x81fc, 0x80000000) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) sendto$inet(r0, &(0x7f0000001480)="3b5250dd8df768c581177cc96346a125c5baecd7e46618851e723e8ef1628f8e5c9fff1954ad6617c17fd0658b4c494ab4b9c82de21662a0d7c3cafc01b397ad6c398c755561984e8ba92704585396a2101125bb2a4d000000611bc84796c8015747ffc90dcf9341cd76", 0x6a, 0x20000080, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000340)=[@timestamp, @window={0x3, 0x6, 0x7}, @mss={0x2, 0x7}, @window={0x3, 0x0, 0x4}, @window={0x3, 0x8, 0x6}, @timestamp, @window={0x3, 0xfffe}, @sack_perm], 0x2000000000000061) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4) 17.648480947s ago: executing program 1 (id=64): ioctl$IOCTL_VMCI_DATAGRAM_SEND(0xffffffffffffffff, 0x7ab, &(0x7f00000000c0)={&(0x7f0000000780)={{@local}, {@my=0x0, 0x800000}, 0x400, "884fbe2726aa0a32f3e65f909acda971a093228292456e0332e6c11577b514f0bb8db731789d860e9589c4cbdd60b7a851a8a3c55ada2f90c51a69bf4a5c3e32296535dc838ef00dc18a32a79118dc858628f741f107552021e5a81d38e4374a8a717a7ca9015083cfff5d16156ef9cabf4f60c0da46870a10bf520cc5abcf9e3a437761ea75776763139fadd55c46daf5338870951822f6a803ccfbab9c3f507672d7c39ea9ccf81d9bc2b4649e7b44ed9fd7cb9bd389240cd41c415113d1caac4536f05c07e596d6addad2a4d27ba21a3b655753c508caedcc812ca235a7cd1686426b208bdecf8a4265ba8f6824aa60306e2d623481eed301b6dc21041fa8b6592be00bb74de1989a45a5aa32c189e9f5a5bb878281d0129afcfb8410cd1fa5acd080993d2d084213130a9b8d517d13251e6605a03d9b8faf507e820205a1f471af7b261419e79e09c547f7c10fd3f1ad876f59fdcc5e07d0ff4dee6ea2e3856616a352d648b9b5261b6263020fc3ae8eb404bc25703b3d3b83172d07ff22907d6631d226c8247c92c1826ff814590dfe8c7fc54dfb265e906f756846546316b20e0105e2a5355a210b2b7f5db61d8f90bb783b41ce368233bd08044e9283531fffe49e3d305ecfb16075a047557f57bb7baf8babfc02975ad0d60ed8de9cb8adc9f667bc6826cbea8e260e4bff28a5ec19d38d1fc019db3cfaf310e764d78619cb27fb17af05a0e8ae831ce8413721e71138e62cc4ad8e7974d1506b4fb581c549a3dd7b7ef44ac37201aa3bce6f37f648d781bcb4f329fd45ffa640f1b04efb38a36e0ed0e2abcb07e4ad88ae3edfb6d840d75340204243d0e1c1c3139823b0d5ad196430bf4566619a1a97df4376a7e9a9e9c1d97b9f773c921778f2cb5165c02da1423305c502076177e4af50cb3343c10b01b78e3fe5520bdfae2b3dbe42db0f0eb55bbcb19038018d45ccdb8b0df400085a02c61b033f430fb6a7408e090c65798bc49d35e049d276fd1952d2b3dfd92a2548411e21be26216fe68fc3cf1c6625031260153708a53255b3d3d0411d5f0e8ab2102a97e539c34e9c769a7dafb87c5918deb59ef05e928c2c52775de467fa843cbcdabc290097eeb2ee7c58d86e3fccc39a5b694c18a4cc0d6af1e61d9c69e6466bc0cbef15365109e4f67a6268625f8c3f358fb7d567cbea52e1bc289bd8effda4e362a729e8cd3064970b97e3f72535d9ba88e97a14834cfd8dc86b5d2f9b35425a4162e6abe8b785ef462883e716c91b8eb281d81f68f606f16fcbc5cddfdec3b515818a647d86a4c17bae6ad525e95598052c49cdee821ceb45b2350dda13628db0dd266f30285241a2b147d65113b8ed3665a3451f7a56cf430ec98aeac702d9b9f776d97520a9d039e5b2fff34ac4d4e0a32e1f35c8f38e4f4fe1b3212a70f185ad71ec86b8c9"}, 0x418}) r0 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582eb1000000001020009050276"], 0x0) syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000140)={0x14, 0x0, &(0x7f0000000100)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc38, &(0x7f0000000080)=ANY=[]) 17.030990002s ago: executing program 1 (id=65): socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f0000000040), 0x0, 0xffffffffffffffff, 0x4}, 0x38) close(0xffffffffffffffff) syz_usb_connect(0x3, 0x114, &(0x7f0000000f80)={{0x12, 0x1, 0x110, 0xb3, 0x16, 0xc9, 0x10, 0x1ace, 0xe9b2, 0x5c3d, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x102, 0x2, 0x0, 0x2a, 0x10, 0x0, [{{0x9, 0x4, 0xec, 0x6, 0x4, 0xfe, 0x2, 0x0, 0x3, [], [{{0x9, 0x5, 0x2, 0x4, 0x40, 0xbf, 0xe, 0x7}}, {{0x9, 0x5, 0xf, 0x0, 0x3ff, 0x5, 0x9, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x7f, 0x5}]}}, {{0x9, 0x5, 0xd, 0x10, 0x0, 0xd, 0x81, 0xff}}, {{0x9, 0x5, 0x9, 0x4, 0x8, 0x9, 0x8, 0x10}}]}}, {{0x9, 0x4, 0x81, 0x4, 0x0, 0xe, 0x1, 0x0, 0xa8, [@uac_as={[@as_header={0x7, 0x24, 0x1, 0x26, 0x2, 0x4}]}, @generic={0xb5, 0xd, "eb90a94aef33e509c09a395d4f850474c3824fecfb7c2c8d30495d0ae163d6f1cae5091c6b69cea856fda0e3ce57ea845012ffb3806bdad245133ce43f0ebd94447100db2c42634ffca01050c55f18c94d7636bfbb107f6073c2e7cfcfbc8da5e0f6d35458068c849c873db135f3d0e3a4e15c38e8bb18507cf4be2346fae5811c1114f4917c4b835b0abfedee690d65a859e412d65580820a85fe210789168319faec26cf2f613af43c4dbebd36f9b1ac47bc"}]}}]}}]}}, 0x0) 16.239697347s ago: executing program 1 (id=66): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'veth0_virt_wifi\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xffe0}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x10, 0x2, [@TCA_CAKE_BASE_RATE64={0xc, 0x2, 0x3b9aca00}]}}]}, 0x40}}, 0x0) 0s ago: executing program 36 (id=66): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'veth0_virt_wifi\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xffe0}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x10, 0x2, [@TCA_CAKE_BASE_RATE64={0xc, 0x2, 0x3b9aca00}]}}]}, 0x40}}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.228' (ED25519) to the list of known hosts. [ 81.274991][ T5802] cgroup: Unknown subsys name 'net' [ 81.515885][ T5802] cgroup: Unknown subsys name 'cpuset' [ 81.551683][ T5802] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 83.290572][ T5802] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 85.914792][ T5817] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 85.918246][ T5817] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 85.930026][ T5821] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 85.931528][ T5821] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 85.932978][ T5821] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 85.933749][ T5821] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 86.027764][ T5821] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 86.029507][ T5821] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 86.034402][ T5131] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 86.035706][ T5821] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 86.037033][ T5821] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 86.038268][ T5821] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 86.039065][ T5821] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 86.042215][ T5821] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 86.047824][ T5821] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 86.152767][ T5821] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 86.156631][ T5821] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 86.175754][ T5821] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 86.179957][ T5131] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 86.191822][ T5131] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 86.203495][ T5131] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 86.216004][ T5131] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 86.216820][ T5131] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 86.217862][ T5131] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 86.218557][ T5131] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 86.886758][ T1781] cfg80211: failed to load regulatory.db [ 86.908114][ T5813] chnl_net:caif_netlink_parms(): no params data found [ 87.166943][ T5823] chnl_net:caif_netlink_parms(): no params data found [ 87.172157][ T5815] chnl_net:caif_netlink_parms(): no params data found [ 87.648724][ T5813] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.649729][ T5813] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.650074][ T5813] bridge_slave_0: entered allmulticast mode [ 87.659451][ T5813] bridge_slave_0: entered promiscuous mode [ 87.684531][ T5820] chnl_net:caif_netlink_parms(): no params data found [ 87.693302][ T5826] chnl_net:caif_netlink_parms(): no params data found [ 87.706396][ T5813] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.706534][ T5813] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.706732][ T5813] bridge_slave_1: entered allmulticast mode [ 87.709170][ T5813] bridge_slave_1: entered promiscuous mode [ 88.004305][ T59] Bluetooth: hci0: command tx timeout [ 88.081295][ T59] Bluetooth: hci2: command tx timeout [ 88.172033][ T59] Bluetooth: hci1: command tx timeout [ 88.241431][ T59] Bluetooth: hci3: command tx timeout [ 88.241568][ T59] Bluetooth: hci4: command tx timeout [ 88.418273][ T5813] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.418515][ T5823] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.418646][ T5823] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.419181][ T5823] bridge_slave_0: entered allmulticast mode [ 88.423881][ T5823] bridge_slave_0: entered promiscuous mode [ 88.427062][ T5815] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.427240][ T5815] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.427717][ T5815] bridge_slave_0: entered allmulticast mode [ 88.430367][ T5815] bridge_slave_0: entered promiscuous mode [ 88.460244][ T5823] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.460422][ T5823] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.460923][ T5823] bridge_slave_1: entered allmulticast mode [ 88.464475][ T5823] bridge_slave_1: entered promiscuous mode [ 88.470176][ T5813] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.470422][ T5815] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.470548][ T5815] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.471009][ T5815] bridge_slave_1: entered allmulticast mode [ 88.475026][ T5815] bridge_slave_1: entered promiscuous mode [ 89.216265][ T5823] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.218239][ T5813] team0: Port device team_slave_0 added [ 89.357158][ T5815] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.527967][ T5823] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.530485][ T5813] team0: Port device team_slave_1 added [ 89.538156][ T5815] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.538481][ T5826] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.538646][ T5826] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.538805][ T5826] bridge_slave_0: entered allmulticast mode [ 89.549956][ T5826] bridge_slave_0: entered promiscuous mode [ 89.559411][ T5820] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.559538][ T5820] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.570238][ T5820] bridge_slave_0: entered allmulticast mode [ 89.573087][ T5820] bridge_slave_0: entered promiscuous mode [ 89.802751][ T5826] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.802886][ T5826] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.803064][ T5826] bridge_slave_1: entered allmulticast mode [ 89.805801][ T5826] bridge_slave_1: entered promiscuous mode [ 89.808301][ T5820] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.808434][ T5820] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.808602][ T5820] bridge_slave_1: entered allmulticast mode [ 89.812956][ T5820] bridge_slave_1: entered promiscuous mode [ 90.081234][ T5131] Bluetooth: hci0: command tx timeout [ 90.161271][ T5131] Bluetooth: hci2: command tx timeout [ 90.204948][ T5823] team0: Port device team_slave_0 added [ 90.207727][ T5813] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.207741][ T5813] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.207766][ T5813] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.212812][ T5815] team0: Port device team_slave_0 added [ 90.241303][ T5131] Bluetooth: hci1: command tx timeout [ 90.321165][ T5131] Bluetooth: hci4: command tx timeout [ 90.331335][ T5131] Bluetooth: hci3: command tx timeout [ 90.385346][ T5823] team0: Port device team_slave_1 added [ 90.387080][ T5815] team0: Port device team_slave_1 added [ 90.387922][ T5813] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.387931][ T5813] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.387945][ T5813] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.525877][ T5826] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.542843][ T5820] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.697873][ T5826] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.700049][ T5820] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.983586][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.983602][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.983627][ T5823] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.984958][ T5815] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.984970][ T5815] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.984994][ T5815] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.204317][ T5815] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.204333][ T5815] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.204359][ T5815] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.206065][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.206084][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.206109][ T5823] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.291191][ T5826] team0: Port device team_slave_0 added [ 91.304904][ T5820] team0: Port device team_slave_0 added [ 91.395781][ T5826] team0: Port device team_slave_1 added [ 91.397514][ T5820] team0: Port device team_slave_1 added [ 91.409785][ T5813] hsr_slave_0: entered promiscuous mode [ 91.411901][ T5813] hsr_slave_1: entered promiscuous mode [ 91.983272][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.983284][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.983299][ T5826] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.984416][ T5820] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.984430][ T5820] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.984453][ T5820] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.161304][ T5131] Bluetooth: hci0: command tx timeout [ 92.242548][ T5131] Bluetooth: hci2: command tx timeout [ 92.286816][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.286830][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.286844][ T5826] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.287725][ T5820] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.287734][ T5820] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.287748][ T5820] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.303044][ T5815] hsr_slave_0: entered promiscuous mode [ 92.304252][ T5815] hsr_slave_1: entered promiscuous mode [ 92.305568][ T5815] debugfs: 'hsr0' already exists in 'hsr' [ 92.305678][ T5815] Cannot create hsr debugfs directory [ 92.330730][ T5823] hsr_slave_0: entered promiscuous mode [ 92.331079][ T5131] Bluetooth: hci1: command tx timeout [ 92.342881][ T5823] hsr_slave_1: entered promiscuous mode [ 92.343752][ T5823] debugfs: 'hsr0' already exists in 'hsr' [ 92.343775][ T5823] Cannot create hsr debugfs directory [ 92.401219][ T5131] Bluetooth: hci3: command tx timeout [ 92.401248][ T5131] Bluetooth: hci4: command tx timeout [ 93.230523][ T5826] hsr_slave_0: entered promiscuous mode [ 93.231999][ T5826] hsr_slave_1: entered promiscuous mode [ 93.232793][ T5826] debugfs: 'hsr0' already exists in 'hsr' [ 93.232816][ T5826] Cannot create hsr debugfs directory [ 93.265635][ T5820] hsr_slave_0: entered promiscuous mode [ 93.266898][ T5820] hsr_slave_1: entered promiscuous mode [ 93.267470][ T5820] debugfs: 'hsr0' already exists in 'hsr' [ 93.267492][ T5820] Cannot create hsr debugfs directory [ 94.241519][ T59] Bluetooth: hci0: command tx timeout [ 94.321347][ T59] Bluetooth: hci2: command tx timeout [ 94.411482][ T59] Bluetooth: hci1: command tx timeout [ 94.481348][ T5131] Bluetooth: hci3: command tx timeout [ 94.481392][ T59] Bluetooth: hci4: command tx timeout [ 94.527902][ T5813] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 94.591991][ T5813] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 94.630396][ T5813] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 94.683158][ T5813] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 94.794585][ T5815] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 94.836164][ T5815] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 94.877775][ T5815] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 94.934454][ T5815] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 95.083287][ T5823] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 95.137405][ T5823] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 95.215282][ T5823] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 95.244719][ T5823] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 95.389714][ T5826] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 95.440566][ T5826] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 95.498829][ T5826] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 95.554165][ T5826] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 95.730241][ T5820] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 95.768251][ T5820] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 95.814406][ T5820] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 95.863214][ T5820] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 95.900535][ T5813] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.025612][ T5813] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.041780][ T5815] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.085140][ T138] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.085785][ T138] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.131310][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.131448][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.198578][ T5815] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.223693][ T5823] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.236325][ T138] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.236545][ T138] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.291674][ T1179] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.291774][ T1179] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.358819][ T5826] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.370111][ T5823] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.424596][ T1179] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.424803][ T1179] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.475799][ T1179] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.475896][ T1179] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.520166][ T5826] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.580282][ T5820] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.604169][ T3101] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.604316][ T3101] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.670372][ T3101] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.671214][ T3101] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.779789][ T5820] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.865548][ T57] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.865991][ T57] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.897891][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.898058][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.064919][ T5813] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.357690][ T5815] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.396397][ T5813] veth0_vlan: entered promiscuous mode [ 97.470678][ T5813] veth1_vlan: entered promiscuous mode [ 97.708564][ T5823] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.723068][ T5815] veth0_vlan: entered promiscuous mode [ 97.730181][ T5813] veth0_macvtap: entered promiscuous mode [ 97.784242][ T5813] veth1_macvtap: entered promiscuous mode [ 97.799643][ T5826] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.826075][ T5815] veth1_vlan: entered promiscuous mode [ 97.949487][ T5820] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.967152][ T5813] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.029768][ T5813] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.090218][ T67] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.110087][ T67] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.134286][ T67] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.137293][ T5815] veth0_macvtap: entered promiscuous mode [ 98.148802][ T67] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.208213][ T5815] veth1_macvtap: entered promiscuous mode [ 98.248876][ T5826] veth0_vlan: entered promiscuous mode [ 98.413768][ T5826] veth1_vlan: entered promiscuous mode [ 98.498669][ T5815] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.531643][ T5820] veth0_vlan: entered promiscuous mode [ 98.549447][ T5815] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.582991][ T138] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.583016][ T138] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.636327][ T138] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.639700][ T5820] veth1_vlan: entered promiscuous mode [ 98.649005][ T138] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.658787][ T138] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.667100][ T138] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.683375][ T5823] veth0_vlan: entered promiscuous mode [ 98.754856][ T5826] veth0_macvtap: entered promiscuous mode [ 98.825609][ T5823] veth1_vlan: entered promiscuous mode [ 98.827238][ T67] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.827256][ T67] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.829849][ T5826] veth1_macvtap: entered promiscuous mode [ 99.030309][ T3101] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.030327][ T3101] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.067575][ T5820] veth0_macvtap: entered promiscuous mode [ 99.076391][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.124769][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.149668][ T5820] veth1_macvtap: entered promiscuous mode [ 99.267660][ T57] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.308628][ T57] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.323373][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.323399][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.326720][ T57] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.339051][ T57] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.340601][ T5823] veth0_macvtap: entered promiscuous mode [ 99.410962][ T5823] veth1_macvtap: entered promiscuous mode [ 99.453174][ T5820] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.775285][ T5820] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.628664][ T5937] tipc: Started in network mode [ 100.628694][ T5937] tipc: Node identity 7f000001, cluster identity 4711 [ 100.634621][ T5937] tipc: Enabled bearer , priority 10 [ 100.718799][ T43] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.736253][ T43] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.753114][ T43] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.754384][ T43] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.796090][ T5944] netlink: 'syz.2.3': attribute type 10 has an invalid length. [ 100.799765][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.943943][ T5944] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 100.954912][ T5941] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 100.969695][ T5807] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 101.039438][ T3657] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.039456][ T3657] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.045226][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.136561][ T5940] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.156475][ T5807] usb 1-1: Using ep0 maxpacket: 8 [ 101.169970][ T5807] usb 1-1: New USB device found, idVendor=10d2, idProduct=0001, bcdDevice= 0.00 [ 101.170000][ T5807] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 101.184824][ T5807] usb 1-1: config 0 descriptor?? [ 101.206318][ T5940] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.250585][ T5807] usblcd 1-1:0.0: Could not find both bulk-in and bulk-out endpoints [ 101.278711][ T5940] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.302895][ T5940] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.341315][ T1179] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.341334][ T1179] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.566913][ T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.566934][ T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.752325][ T5807] tipc: Node number set to 2130706433 [ 101.863872][ T43] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.863892][ T43] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.941875][ T3657] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.941892][ T3657] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.051215][ T49] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 102.118422][ T67] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.118440][ T67] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.239024][ T49] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 102.239054][ T49] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 102.239074][ T49] usb 3-1: Product: syz [ 102.239089][ T49] usb 3-1: Manufacturer: syz [ 102.239103][ T49] usb 3-1: SerialNumber: syz [ 102.330781][ T49] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 102.451770][ T5827] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 102.704004][ T5904] usb 1-1: USB disconnect, device number 2 [ 103.974709][ T5827] usb 3-1: Service connection timeout for: 256 [ 103.974731][ T5827] ath9k_htc 3-1:1.0: ath9k_htc: Unable to initialize HTC services [ 104.261387][ T9] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 104.411608][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 104.441288][ T9] usb 5-1: config 8 has an invalid interface number: 206 but max is 0 [ 104.441317][ T9] usb 5-1: config 8 has no interface number 0 [ 104.441365][ T9] usb 5-1: config 8 interface 206 altsetting 1 has an endpoint descriptor with address 0xF7, changing to 0x87 [ 104.441391][ T9] usb 5-1: config 8 interface 206 altsetting 1 endpoint 0x87 has invalid maxpacket 33058, setting to 1024 [ 104.441418][ T9] usb 5-1: config 8 interface 206 altsetting 1 endpoint 0xC has invalid wMaxPacketSize 0 [ 104.441440][ T9] usb 5-1: config 8 interface 206 altsetting 1 bulk endpoint 0xC has invalid maxpacket 0 [ 104.441464][ T9] usb 5-1: config 8 interface 206 altsetting 1 has 2 endpoint descriptors, different from the interface descriptor's value: 9 [ 104.441491][ T9] usb 5-1: config 8 interface 206 has no altsetting 0 [ 104.471138][ T10] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 104.511247][ T9] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=35.bb [ 104.511278][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 104.511298][ T9] usb 5-1: Product: syz [ 104.511313][ T9] usb 5-1: Manufacturer: syz [ 104.511327][ T9] usb 5-1: SerialNumber: syz [ 104.687448][ T10] usb 1-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 104.687537][ T10] usb 1-1: config 0 interface 0 has no altsetting 0 [ 104.687573][ T10] usb 1-1: New USB device found, idVendor=057e, idProduct=2009, bcdDevice= 0.00 [ 104.687596][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.872901][ T10] usb 1-1: config 0 descriptor?? [ 104.985873][ T49] usb 3-1: USB disconnect, device number 2 [ 105.043804][ T5827] ath9k_htc: Failed to initialize the device [ 105.049396][ C1] dummy_hcd dummy_hcd.2: timer fired with no URBs pending? [ 105.962819][ T49] usb 3-1: ath9k_htc: USB layer deinitialized [ 106.073684][ T10] usbhid 1-1:0.0: can't add hid device: -71 [ 106.078338][ T10] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 106.198173][ T9] garmin_gps 5-1:8.206: Garmin GPS usb/tty converter detected [ 106.224299][ T10] usb 1-1: USB disconnect, device number 3 [ 106.230547][ T9] garmin_gps ttyUSB0: garmin_write_bulk - usb_submit_urb(write bulk) failed with status = -90 [ 106.230946][ T9] garmin_gps ttyUSB0: probe with driver garmin_gps failed with error -90 [ 106.274763][ T9] usb 5-1: USB disconnect, device number 2 [ 106.413281][ T9] garmin_gps 5-1:8.206: device disconnected [ 106.941184][ T9] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 107.091211][ T9] usb 5-1: Using ep0 maxpacket: 32 [ 107.365756][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 107.365798][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 107.365838][ T9] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00 [ 107.365862][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 108.272898][ T9] usb 5-1: config 0 descriptor?? [ 109.569031][ T6011] tipc: Started in network mode [ 109.569137][ T6011] tipc: Node identity 7f000001, cluster identity 4711 [ 109.892588][ T9] kone 0003:1E7D:2CED.0001: bogus close delimiter [ 109.892608][ T9] kone 0003:1E7D:2CED.0001: item 0 0 2 10 parsing failed [ 109.894953][ T9] kone 0003:1E7D:2CED.0001: parse failed [ 109.896079][ T9] kone 0003:1E7D:2CED.0001: probe with driver kone failed with error -22 [ 110.193276][ T6011] tipc: Enabled bearer , priority 10 [ 110.900450][ T9] usb 5-1: USB disconnect, device number 3 [ 112.071218][ T6011] syz.1.25 (6011) used greatest stack depth: 18648 bytes left [ 114.074261][ C0] sched: DL replenish lagged too much [ 117.093637][ T6050] netlink: 'syz.1.36': attribute type 2 has an invalid length. [ 117.093838][ T6050] netlink: 130144 bytes leftover after parsing attributes in process `syz.1.36'. [ 117.093875][ T6050] netlink: 'syz.1.36': attribute type 2 has an invalid length. [ 117.606716][ T5807] tipc: Node number set to 2130706433 [ 133.702375][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.702479][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.620485][ T5131] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 134.636740][ T5131] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 134.638011][ T5131] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 134.639324][ T5131] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 134.640187][ T5131] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 135.333056][ T6110] chnl_net:caif_netlink_parms(): no params data found [ 136.428187][ T6120] netlink: 4 bytes leftover after parsing attributes in process `syz.1.55'. [ 136.428211][ T6120] netlink: 130152 bytes leftover after parsing attributes in process `syz.1.55'. [ 136.428227][ T6120] netlink: 4 bytes leftover after parsing attributes in process `syz.1.55'. [ 136.731124][ T5131] Bluetooth: hci5: command tx timeout [ 137.865752][ T59] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 137.879268][ T59] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 137.890311][ T59] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 137.899121][ T59] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 137.899985][ T59] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 138.025351][ T5131] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 138.027335][ T5131] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 138.028314][ T5131] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 138.029442][ T5131] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 138.030593][ T5131] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 138.251852][ T59] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 138.279363][ T59] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 138.280477][ T59] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 138.299334][ T59] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 138.300177][ T59] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 138.801148][ T5131] Bluetooth: hci5: command tx timeout [ 140.003732][ T5131] Bluetooth: hci6: command tx timeout [ 140.161273][ T5131] Bluetooth: hci7: command tx timeout [ 140.401238][ T5131] Bluetooth: hci8: command tx timeout [ 140.881161][ T5131] Bluetooth: hci5: command tx timeout [ 142.081293][ T5131] Bluetooth: hci6: command tx timeout [ 142.242726][ T5131] Bluetooth: hci7: command tx timeout [ 142.481205][ T5131] Bluetooth: hci8: command tx timeout [ 142.961293][ T5131] Bluetooth: hci5: command tx timeout [ 144.161373][ T5131] Bluetooth: hci6: command tx timeout [ 144.321283][ T5131] Bluetooth: hci7: command tx timeout [ 144.561148][ T5131] Bluetooth: hci8: command tx timeout [ 146.241378][ T5131] Bluetooth: hci6: command tx timeout [ 146.412500][ T5131] Bluetooth: hci7: command tx timeout [ 146.641189][ T5131] Bluetooth: hci8: command tx timeout [ 177.074288][ T59] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 177.079946][ T59] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 177.097143][ T59] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 177.098607][ T59] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 177.099747][ T59] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 190.176669][ T5818] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 190.193704][ T5818] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 190.194888][ T5818] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 190.199418][ T5818] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 190.200584][ T5818] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 194.411874][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.411949][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 198.575288][ T5821] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 198.585177][ T5821] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 198.587425][ T5821] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 198.667812][ T5821] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 198.685744][ T5821] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 198.686806][ T5821] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 198.734291][ T5821] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 198.736052][ T5821] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 198.736832][ T5821] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 198.737578][ T5821] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 199.109650][ T5817] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 199.141362][ T5817] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 199.143162][ T5817] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 199.144372][ T5817] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 199.145155][ T5817] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 207.441304][ T5817] Bluetooth: hci9: command tx timeout [ 209.521238][ T5817] Bluetooth: hci9: command tx timeout [ 211.601337][ T59] Bluetooth: hci9: command tx timeout [ 211.848506][ T59] Bluetooth: hci2: command 0x0406 tx timeout [ 213.681306][ T59] Bluetooth: hci9: command tx timeout [ 224.321352][ T5824] Bluetooth: hci4: command tx timeout [ 224.401385][ T5824] Bluetooth: hci12: command tx timeout [ 224.401693][ T5824] Bluetooth: hci11: command tx timeout [ 224.401812][ T5824] Bluetooth: hci10: command tx timeout [ 226.411295][ T6195] Bluetooth: hci4: command tx timeout [ 226.481368][ T5131] Bluetooth: hci12: command tx timeout [ 226.484968][ T5824] Bluetooth: hci11: command tx timeout [ 226.485057][ T6195] Bluetooth: hci10: command tx timeout [ 228.481187][ T6195] Bluetooth: hci4: command tx timeout [ 228.561239][ T5131] Bluetooth: hci12: command tx timeout [ 228.564903][ T5824] Bluetooth: hci11: command tx timeout [ 228.566786][ T6195] Bluetooth: hci10: command tx timeout [ 230.571314][ T6195] Bluetooth: hci4: command tx timeout [ 230.641272][ T5131] Bluetooth: hci12: command tx timeout [ 230.641318][ T5824] Bluetooth: hci11: command tx timeout [ 230.641352][ T6195] Bluetooth: hci10: command tx timeout [ 237.229718][ T5824] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 237.240951][ T5824] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 237.256823][ T5824] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 237.269773][ T5824] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 237.278820][ T5824] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 245.539254][ T5824] Bluetooth: hci0: command tx timeout [ 247.601284][ T5824] Bluetooth: hci0: command tx timeout [ 249.681343][ T5824] Bluetooth: hci0: command tx timeout [ 250.553470][ T5817] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 250.556419][ T5817] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 250.557402][ T5817] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 250.558600][ T5817] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 250.559382][ T5817] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 251.771753][ T5817] Bluetooth: hci0: command tx timeout [ 252.641470][ T5817] Bluetooth: hci1: command tx timeout [ 254.721330][ T5817] Bluetooth: hci1: command tx timeout [ 256.801261][ T5817] Bluetooth: hci1: command tx timeout [ 257.884858][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 257.884933][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 258.282199][ T5824] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 258.290733][ T5824] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 258.312667][ T5824] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 258.343814][ T5824] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 258.344647][ T5824] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 258.529395][ T5817] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 258.546512][ T5817] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 258.551298][ T5817] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 258.552563][ T5817] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 258.553854][ T5817] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 258.881270][ T5824] Bluetooth: hci1: command tx timeout [ 259.192006][ T5817] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 259.200172][ T5817] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 259.217461][ T5817] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 259.219041][ T5817] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 259.220150][ T5817] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 260.401480][ T5817] Bluetooth: hci3: command tx timeout [ 260.641387][ T5817] Bluetooth: hci5: command tx timeout [ 261.291348][ T5817] Bluetooth: hci13: command tx timeout [ 262.481283][ T5817] Bluetooth: hci3: command tx timeout [ 262.736879][ T5817] Bluetooth: hci5: command tx timeout [ 263.042730][ T5817] Bluetooth: hci8: command 0x0406 tx timeout [ 263.042948][ T5817] Bluetooth: hci6: command 0x0406 tx timeout [ 263.043056][ T5817] Bluetooth: hci7: command 0x0406 tx timeout [ 263.377287][ T5131] Bluetooth: hci13: command tx timeout [ 264.561384][ T5131] Bluetooth: hci3: command tx timeout [ 264.801461][ T5131] Bluetooth: hci5: command tx timeout [ 265.441321][ T5131] Bluetooth: hci13: command tx timeout [ 265.443323][ T38] INFO: task kworker/u8:10:3101 blocked for more than 143 seconds. [ 265.443362][ T38] Not tainted syzkaller #0 [ 265.443372][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 265.443384][ T38] task:kworker/u8:10 state:D stack:20264 pid:3101 tgid:3101 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 265.443441][ T38] Workqueue: events_unbound bpf_map_free_deferred [ 265.443484][ T38] Call Trace: [ 265.443495][ T38] [ 265.443508][ T38] __schedule+0x16f3/0x4c20 [ 265.443563][ T38] ? __pfx___schedule+0x10/0x10 [ 265.443613][ T38] rt_mutex_schedule+0x77/0xf0 [ 265.443633][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 265.443670][ T38] ? rt_mutex_slowlock_block+0x351/0x6d0 [ 265.443697][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 265.443724][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 265.443748][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 265.443769][ T38] ? __lock_acquire+0xab9/0xd20 [ 265.443805][ T38] ? rcu_barrier+0x4c/0x570 [ 265.443828][ T38] ? __lock_acquire+0xab9/0xd20 [ 265.443861][ T38] ? rcu_barrier+0x4c/0x570 [ 265.443879][ T38] mutex_lock_nested+0x16a/0x1d0 [ 265.443908][ T38] ? synchronize_rcu+0x11a/0x310 [ 265.443931][ T38] rcu_barrier+0x4c/0x570 [ 265.443962][ T38] dev_map_free+0x11f/0x6a0 [ 265.443989][ T38] bpf_map_free_deferred+0x110/0x140 [ 265.444010][ T38] ? process_scheduled_works+0x9ef/0x17b0 [ 265.444036][ T38] process_scheduled_works+0xae1/0x17b0 [ 265.444088][ T38] ? __pfx_process_scheduled_works+0x10/0x10 [ 265.444129][ T38] worker_thread+0x8a0/0xda0 [ 265.444155][ T38] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 265.444182][ T38] ? __kthread_parkme+0x7b/0x200 [ 265.444182][ T38] ? __kthread_parkme+0x7b/0x200 [ 265.444217][ T38] kthread+0x711/0x8a0 [ 265.444238][ T38] ? __pfx_worker_thread+0x10/0x10 [ 265.444260][ T38] ? __pfx_kthread+0x10/0x10 [ 265.444283][ T38] ? __pfx_kthread+0x10/0x10 [ 265.444302][ T38] ret_from_fork+0x436/0x7d0 [ 265.444330][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 265.444361][ T38] ? __switch_to_asm+0x39/0x70 [ 265.444379][ T38] ? __switch_to_asm+0x33/0x70 [ 265.444397][ T38] ? __pfx_kthread+0x10/0x10 [ 265.444416][ T38] ret_from_fork_asm+0x1a/0x30 [ 265.444451][ T38] [ 265.444501][ T38] INFO: task syz.4.35:6047 blocked for more than 143 seconds. [ 265.444514][ T38] Not tainted syzkaller #0 [ 265.444523][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 265.444532][ T38] task:syz.4.35 state:D stack:26664 pid:6047 tgid:6042 ppid:5823 task_flags:0x400140 flags:0x00004006 [ 265.444583][ T38] Call Trace: [ 265.444590][ T38] [ 265.444602][ T38] __schedule+0x16f3/0x4c20 [ 265.444650][ T38] ? __lock_acquire+0xab9/0xd20 [ 265.444675][ T38] ? __pfx___schedule+0x10/0x10 [ 265.444718][ T38] ? schedule+0x91/0x360 [ 265.444747][ T38] schedule+0x165/0x360 [ 265.444775][ T38] schedule_timeout+0x9a/0x270 [ 265.444800][ T38] ? __pfx_schedule_timeout+0x10/0x10 [ 265.444838][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 265.444856][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 265.444872][ T38] ? wait_for_completion+0x267/0x5d0 [ 265.444907][ T38] wait_for_completion+0x2bf/0x5d0 [ 265.444947][ T38] ? __pfx_wait_for_completion+0x10/0x10 [ 265.444975][ T38] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 265.444994][ T38] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 265.445015][ T38] ? __init_swait_queue_head+0xa9/0x150 [ 265.445043][ T38] rcu_barrier+0x463/0x570 [ 265.445074][ T38] flush_rcu_work+0x84/0xb0 [ 265.445101][ T38] kvfree_rcu_barrier+0xab/0x160 [ 265.445122][ T38] ? p9_client_destroy+0x4a7/0x4f0 [ 265.445145][ T38] kmem_cache_destroy+0x2e/0x160 [ 265.445165][ T38] p9_client_destroy+0x4a7/0x4f0 [ 265.445192][ T38] ? __pfx_p9_client_destroy+0x10/0x10 [ 265.445228][ T38] v9fs_session_close+0x4f/0x200 [ 265.445257][ T38] v9fs_kill_super+0x5c/0x90 [ 265.445278][ T38] deactivate_locked_super+0xbc/0x130 [ 265.445304][ T38] v9fs_mount+0x805/0xa50 [ 265.445328][ T38] ? __pfx_v9fs_mount+0x10/0x10 [ 265.445348][ T38] ? rcu_is_watching+0x15/0xb0 [ 265.445367][ T38] ? cap_capable+0x11f/0x460 [ 265.445391][ T38] legacy_get_tree+0xfd/0x1a0 [ 265.445409][ T38] ? __pfx_v9fs_mount+0x10/0x10 [ 265.445430][ T38] vfs_get_tree+0x92/0x2b0 [ 265.445457][ T38] do_new_mount+0x2a2/0xa30 [ 265.445488][ T38] ? ns_capable+0x8a/0xf0 [ 265.445511][ T38] ? __pfx_do_new_mount+0x10/0x10 [ 265.445535][ T38] ? path_mount+0x61c/0xfe0 [ 265.445572][ T38] __se_sys_mount+0x317/0x410 [ 265.445604][ T38] ? __pfx___se_sys_mount+0x10/0x10 [ 265.445628][ T38] ? rcu_is_watching+0x15/0xb0 [ 265.445652][ T38] ? do_syscall_64+0xbe/0x3b0 [ 265.445669][ T38] ? __x64_sys_mount+0x20/0xc0 [ 265.445698][ T38] do_syscall_64+0xfa/0x3b0 [ 265.445715][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 265.445733][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 265.445751][ T38] ? clear_bhb_loop+0x60/0xb0 [ 265.445774][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 265.445792][ T38] RIP: 0033:0x7fdbe225eec9 [ 265.445813][ T38] RSP: 002b:00007fdbe0059038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 265.445832][ T38] RAX: ffffffffffffffda RBX: 00007fdbe24b6270 RCX: 00007fdbe225eec9 [ 265.445846][ T38] RDX: 0000200000000300 RSI: 0000200000000500 RDI: 0000000000000000 [ 265.445859][ T38] RBP: 00007fdbe22e1f91 R08: 0000200000000280 R09: 0000000000000000 [ 265.445872][ T38] R10: 0000000000000404 R11: 0000000000000246 R12: 0000000000000000 [ 265.445883][ T38] R13: 00007fdbe24b6308 R14: 00007fdbe24b6270 R15: 00007ffce38afa08 [ 265.445919][ T38] [ 265.445948][ T38] [ 265.445948][ T38] Showing all locks held in the system: [ 265.445958][ T38] 7 locks held by ktimers/0/16: [ 265.445970][ T38] 2 locks held by rcuc/0/20: [ 265.445982][ T38] 2 locks held by kworker/1:0/31: [ 265.445992][ T38] #0: ffff888019498538 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 265.446046][ T38] #1: ffffc90000a5fbc0 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 265.446094][ T38] 1 lock held by khungtaskd/38: [ 265.446104][ T38] #0: ffffffff8d3a9d40 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 265.446151][ T38] 5 locks held by kworker/u9:0/59: [ 265.446162][ T38] #0: ffff888037d63138 ((wq_completion)hci6){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 265.446209][ T38] #1: ffffc9000125fbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 265.446258][ T38] #2: ffff888060b40e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 265.446304][ T38] #3: ffff888060b400a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 265.446346][ T38] #4: ffffffff8e7cdd98 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 [ 265.446406][ T38] 3 locks held by kworker/u8:10/3101: [ 265.446417][ T38] #0: ffff888019481138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 265.446465][ T38] #1: ffffc9000d08fbc0 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 265.446513][ T38] #2: ffffffff8d3af6f0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 265.446559][ T38] 3 locks held by kworker/u8:11/3557: [ 265.446570][ T38] #0: ffff888019481138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 265.446618][ T38] #1: ffffc9000d6dfbc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 265.446665][ T38] #2: ffffffff8e6662f8 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 265.446712][ T38] 2 locks held by getty/5574: [ 265.446723][ T38] #0: ffff88823bf3e8a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 265.446778][ T38] #1: ffffc90003e832e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1410 [ 265.446827][ T38] 1 lock held by syz-executor/5815: [ 265.446838][ T38] #0: ffffffff8e6662f8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 265.446881][ T38] 6 locks held by kworker/u9:5/5824: [ 265.446897][ T38] #0: ffff88803b9a5938 ((wq_completion)hci8){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 265.446945][ T38] #1: ffffc90004e17bc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 265.446993][ T38] #2: ffff888061168e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 265.447038][ T38] #3: ffff8880611680a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 265.447080][ T38] #4: ffffffff8e7cdd98 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 [ 265.447122][ T38] #5: ffff88803b9a2b58 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680 [ 265.447169][ T38] 3 locks held by kworker/1:3/5827: [ 265.447180][ T38] #0: ffff888019498538 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 265.447228][ T38] #1: ffffc90004e47bc0 ((fqdir_free_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 265.447274][ T38] #2: ffffffff8d3af6f0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 265.447323][ T38] 3 locks held by kworker/0:7/5972: [ 265.447334][ T38] #0: ffff888019498538 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 265.447381][ T38] #1: ffffc90005c77bc0 (reg_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 265.447428][ T38] #2: ffffffff8e6662f8 (rtnl_mutex){+.+.}-{4:4}, at: reg_todo+0x1c/0x8c0 [ 265.447472][ T38] 3 locks held by kworker/u8:15/6022: [ 265.447483][ T38] #0: ffff88802fe66938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 265.447531][ T38] #1: ffffc90005d9fbc0 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 265.447579][ T38] #2: ffffffff8e6662f8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30 [ 265.447628][ T38] 1 lock held by syz.0.28/6024: [ 265.447639][ T38] #0: ffffffff8d3af6f0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 265.447683][ T38] 1 lock held by syz.4.35/6047: [ 265.447693][ T38] #0: ffffffff8d3af6f0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 265.447738][ T38] 1 lock held by syz.3.44/6068: [ 265.447748][ T38] #0: ffffffff8d3af6f0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 265.447792][ T38] 4 locks held by kworker/0:12/6089: [ 265.447803][ T38] #0: ffff88805c5f7938 ((wq_completion)wg-crypt-wg0#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 265.447855][ T38] #1: ffffc90005f3fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 265.447924][ T38] #2: ffffffff8d24a6a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 265.447971][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 265.448019][ T38] 1 lock held by syz-executor/6110: [ 265.448030][ T38] #0: ffffffff8e6662f8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 265.448077][ T38] 2 locks held by syz-executor/6127: [ 265.448087][ T38] #0: ffffffff8e6593a0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x337/0x4e0 [ 265.448136][ T38] #1: ffffffff8e6662f8 (rtnl_mutex){+.+.}-{4:4}, at: ipmr_net_exit_batch+0x20/0x90 [ 265.448182][ T38] 2 locks held by syz-executor/6129: [ 265.448192][ T38] #0: ffffffff8e6593a0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x337/0x4e0 [ 265.448241][ T38] #1: ffffffff8e6662f8 (rtnl_mutex){+.+.}-{4:4}, at: ops_undo_list+0x2a4/0x990 [ 265.448282][ T38] 2 locks held by kworker/0:18/6133: [ 265.448293][ T38] 5 locks held by kworker/0:19/6134: [ 265.448304][ T38] #0: ffff88805c0ce538 ((wq_completion)wg-kex-wg0#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 265.448356][ T38] #1: ffffc900060bfbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 265.448416][ T38] #2: ffff88803c6a15f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x150/0x900 [ 265.448466][ T38] #3: ffffffff8d24a6a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 265.448512][ T38] #4: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 265.448560][ T38] 4 locks held by kworker/0:20/6135: [ 265.448571][ T38] #0: ffff88805c2d1538 ((wq_completion)wg-crypt-wg1){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 265.448618][ T38] #1: ffffc900060cfbc0 ((work_completion)(&peer->transmit_packet_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 265.448666][ T38] #2: ffffffff8d24a6a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 265.448713][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 265.448760][ T38] 2 locks held by kworker/0:22/6137: [ 265.448775][ T38] 2 locks held by syz-executor/6139: [ 265.448785][ T38] #0: ffffffff8e6593a0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x337/0x4e0 [ 265.448834][ T38] #1: ffffffff8e6662f8 (rtnl_mutex){+.+.}-{4:4}, at: ops_undo_list+0x2a4/0x990 [ 265.448876][ T38] 1 lock held by syz.1.66/6164: [ 265.448887][ T38] #0: ffffffff8e6662f8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 265.448933][ T38] 3 locks held by syz-executor/6167: [ 265.448944][ T38] #0: ffff88803cce0e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 [ 265.448992][ T38] #1: ffff88803cce00a8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 [ 265.449042][ T38] #2: ffffffff8e7cdd98 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 [ 265.449088][ T38] 3 locks held by syz-executor/6183: [ 265.449098][ T38] #0: ffff88802f104e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 [ 265.449145][ T38] #1: ffff88802f1040a8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 [ 265.449196][ T38] #2: ffffffff8e7cdd98 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 [ 265.449241][ T38] 1 lock held by syz-executor/6190: [ 265.449251][ T38] #0: ffffffff8e6662f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 265.449297][ T38] 1 lock held by syz-executor/6191: [ 265.449307][ T38] #0: ffffffff8e6662f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 265.449352][ T38] 5 locks held by kworker/u9:6/6195: [ 265.449363][ T38] #0: ffff888026e33138 ((wq_completion)hci7){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 265.449409][ T38] #1: ffffc90005e3fbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 265.449456][ T38] #2: ffff88806dfbce80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 265.449502][ T38] #3: ffff88806dfbc0a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 265.449543][ T38] #4: ffffffff8e7cdd98 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 [ 265.449585][ T38] 1 lock held by syz-executor/6196: [ 265.449595][ T38] #0: ffffffff8e6662f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 265.449640][ T38] 1 lock held by syz-executor/6206: [ 265.449651][ T38] #0: ffffffff8e6662f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 265.449696][ T38] 1 lock held by syz-executor/6217: [ 265.449706][ T38] #0: ffffffff8e6662f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 265.449751][ T38] 1 lock held by syz-executor/6225: [ 265.449762][ T38] #0: ffffffff8e6662f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 265.449807][ T38] 1 lock held by syz-executor/6228: [ 265.449817][ T38] #0: ffffffff8e6662f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 265.449861][ T38] 1 lock held by syz-executor/6232: [ 265.449871][ T38] #0: ffffffff8e6662f8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 265.449922][ T38] [ 265.449927][ T38] ============================================= [ 265.449927][ T38] [ 265.449949][ T38] NMI backtrace for cpu 1 [ 265.449972][ T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 265.449996][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 265.450006][ T38] Call Trace: [ 265.450014][ T38] [ 265.450021][ T38] dump_stack_lvl+0x189/0x250 [ 265.450050][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 265.450077][ T38] ? __pfx__printk+0x10/0x10 [ 265.450110][ T38] nmi_cpu_backtrace+0x39e/0x3d0 [ 265.450137][ T38] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 265.450163][ T38] ? __pfx__printk+0x10/0x10 [ 265.450189][ T38] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 265.450214][ T38] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 265.450241][ T38] watchdog+0xf93/0xfe0 [ 265.450270][ T38] ? watchdog+0x1de/0xfe0 [ 265.450298][ T38] kthread+0x711/0x8a0 [ 265.450318][ T38] ? __pfx_watchdog+0x10/0x10 [ 265.450341][ T38] ? __pfx_kthread+0x10/0x10 [ 265.450362][ T38] ? __pfx_kthread+0x10/0x10 [ 265.450380][ T38] ret_from_fork+0x436/0x7d0 [ 265.450407][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 265.450441][ T38] ? __switch_to_asm+0x39/0x70 [ 265.450458][ T38] ? __switch_to_asm+0x33/0x70 [ 265.450476][ T38] ? __pfx_kthread+0x10/0x10 [ 265.450494][ T38] ret_from_fork_asm+0x1a/0x30 [ 265.450527][ T38] [ 265.450534][ T38] Sending NMI from CPU 1 to CPUs 0: [ 265.450559][ C0] NMI backtrace for cpu 0 [ 265.450573][ C0] CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 265.450591][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 265.450601][ C0] RIP: 0010:check_preemption_disabled+0x6/0x120 [ 265.450620][ C0] Code: c7 c6 c0 48 1d 8b eb 1c 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 55 41 57 41 56 53 <48> 83 ec 10 65 48 8b 05 9e 57 cd 06 48 89 44 24 08 65 8b 05 a6 57 [ 265.450633][ C0] RSP: 0018:ffffc90000156510 EFLAGS: 00000046 [ 265.450647][ C0] RAX: 0000000000000001 RBX: 0000000000000001 RCX: a3c8430fa3c76200 [ 265.450658][ C0] RDX: dffffc0000000000 RSI: ffffffff8cd898f6 RDI: ffffffff8b1d48e0 [ 265.450670][ C0] RBP: 00000000ffffffff R08: 0000000000000003 R09: 0000000000000004 [ 265.450680][ C0] R10: dffffc0000000000 R11: fffff5200002ace8 R12: 0000000000000046 [ 265.450691][ C0] R13: ffff88801bec5940 R14: ffffe8ffffc02058 R15: 0000000000000008 [ 265.450702][ C0] FS: 0000000000000000(0000) GS:ffff888127025000(0000) knlGS:0000000000000000 [ 265.450716][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 265.450727][ C0] CR2: 000055868cae5140 CR3: 000000000d1a6000 CR4: 00000000003526f0 [ 265.450741][ C0] Call Trace: [ 265.450747][ C0] [ 265.450755][ C0] lock_is_held_type+0xfe/0x190 [ 265.450772][ C0] try_to_take_rt_mutex+0x4f/0xb00 [ 265.450796][ C0] rtlock_slowlock_locked+0xd8/0x4010 [ 265.450817][ C0] ? reacquire_held_locks+0x127/0x1d0 [ 265.450836][ C0] ? __lock_acquire+0xab9/0xd20 [ 265.450858][ C0] ? do_raw_spin_lock+0x121/0x290 [ 265.450878][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 265.450895][ C0] ? __pfx_rtlock_slowlock_locked+0x10/0x10 [ 265.450918][ C0] ? _raw_spin_lock_irqsave+0xb3/0xf0 [ 265.450933][ C0] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 265.450959][ C0] rt_spin_lock+0x152/0x2c0 [ 265.450979][ C0] ? __pfx_rt_spin_lock+0x10/0x10 [ 265.450998][ C0] ? unwind_next_frame+0xa5/0x2390 [ 265.451024][ C0] ___slab_alloc+0x25f/0xdc0 [ 265.451040][ C0] ? dst_alloc+0x105/0x170 [ 265.451057][ C0] ? dst_alloc+0x105/0x170 [ 265.451072][ C0] kmem_cache_alloc_noprof+0xe6/0x310 [ 265.451100][ C0] dst_alloc+0x105/0x170 [ 265.451118][ C0] ip_route_output_key_hash_rcu+0x1560/0x23e0 [ 265.451156][ C0] ? ip_route_output_key_hash+0xde/0x2e0 [ 265.451175][ C0] ip_route_output_key_hash+0x1b9/0x2e0 [ 265.451192][ C0] ? __lock_acquire+0xab9/0xd20 [ 265.451212][ C0] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 265.451232][ C0] ? ip_route_me_harder+0x4ad/0x1030 [ 265.451254][ C0] ip_route_output_flow+0x2a/0x150 [ 265.451270][ C0] ? ip_route_me_harder+0x6c0/0x1030 [ 265.451289][ C0] ip_route_me_harder+0x6d2/0x1030 [ 265.451312][ C0] ? __pfx_ip_route_me_harder+0x10/0x10 [ 265.451341][ C0] synproxy_send_tcp+0x359/0x6c0 [ 265.451359][ C0] synproxy_send_client_synack+0x8bb/0xe20 [ 265.451379][ C0] ? __pfx_synproxy_send_client_synack+0x10/0x10 [ 265.451394][ C0] ? nft_fib_netdev_eval+0x68/0x250 [ 265.451410][ C0] ? synproxy_pernet+0x45/0x270 [ 265.451430][ C0] nft_synproxy_eval_v4+0x36e/0x560 [ 265.451449][ C0] ? __pfx_nft_synproxy_eval_v4+0x10/0x10 [ 265.451468][ C0] ? nf_ip_checksum+0x13c/0x510 [ 265.451487][ C0] nft_synproxy_do_eval+0x345/0x570 [ 265.451507][ C0] ? __pfx_nft_synproxy_do_eval+0x10/0x10 [ 265.451531][ C0] nft_do_chain+0x409/0x1920 [ 265.451554][ C0] ? __pfx_nft_do_chain+0x10/0x10 [ 265.451569][ C0] ? __schedule+0x1709/0x4c20 [ 265.451599][ C0] ? try_to_take_rt_mutex+0x840/0xb00 [ 265.451622][ C0] nft_do_chain_inet+0x25d/0x340 [ 265.451639][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 265.451656][ C0] ? __lock_acquire+0xab9/0xd20 [ 265.451679][ C0] ? NF_HOOK+0x9a/0x3a0 [ 265.451700][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 265.451717][ C0] nf_hook_slow+0xc2/0x220 [ 265.451741][ C0] NF_HOOK+0x206/0x3a0 [ 265.451761][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 265.451782][ C0] ? NF_HOOK+0x9a/0x3a0 [ 265.451802][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 265.451821][ C0] ? ip_rcv_finish_core+0xda3/0x1c00 [ 265.451843][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 265.451865][ C0] ? skb_dst+0x4f/0xd0 [ 265.451886][ C0] ? ip_local_deliver+0x12a/0x1b0 [ 265.451907][ C0] NF_HOOK+0x30c/0x3a0 [ 265.451928][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 265.451949][ C0] ? NF_HOOK+0x9a/0x3a0 [ 265.451968][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 265.451989][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 265.452014][ C0] ? __pfx_ip_rcv+0x10/0x10 [ 265.452034][ C0] __netif_receive_skb+0x143/0x380 [ 265.452053][ C0] ? rt_spin_unlock+0x65/0x80 [ 265.452073][ C0] ? process_backlog+0x27b/0x900 [ 265.452093][ C0] process_backlog+0x31e/0x900 [ 265.452118][ C0] __napi_poll+0xb6/0x540 [ 265.452138][ C0] net_rx_action+0x707/0xe00 [ 265.452162][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 265.452183][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 265.452217][ C0] handle_softirqs+0x22f/0x710 [ 265.452240][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 265.452262][ C0] run_ktimerd+0xcf/0x190 [ 265.452283][ C0] ? __pfx_run_ktimerd+0x10/0x10 [ 265.452304][ C0] ? preempt_schedule_thunk+0x16/0x30 [ 265.452323][ C0] ? smpboot_thread_fn+0x5f4/0xa60 [ 265.452342][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 265.452361][ C0] smpboot_thread_fn+0x542/0xa60 [ 265.452380][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 265.452401][ C0] kthread+0x711/0x8a0 [ 265.452417][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 265.452436][ C0] ? __pfx_kthread+0x10/0x10 [ 265.452451][ C0] ? __pfx_kthread+0x10/0x10 [ 265.452465][ C0] ret_from_fork+0x436/0x7d0 [ 265.452486][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 265.452508][ C0] ? __switch_to_asm+0x39/0x70 [ 265.452523][ C0] ? __switch_to_asm+0x33/0x70 [ 265.452537][ C0] ? __pfx_kthread+0x10/0x10 [ 265.452552][ C0] ret_from_fork_asm+0x1a/0x30 [ 265.452573][ C0] [ 265.671190][ T38] Kernel panic - not syncing: hung_task: blocked tasks [ 265.671226][ T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 265.671249][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 265.671260][ T38] Call Trace: [ 265.671268][ T38] [ 265.671276][ T38] dump_stack_lvl+0x99/0x250 [ 265.671308][ T38] ? __asan_memcpy+0x40/0x70 [ 265.671328][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 265.671355][ T38] ? __pfx__printk+0x10/0x10 [ 265.671388][ T38] vpanic+0x281/0x750 [ 265.671410][ T38] ? __pfx_vpanic+0x10/0x10 [ 265.671427][ T38] ? preempt_schedule+0xae/0xc0 [ 265.671456][ T38] ? preempt_schedule_common+0x83/0xd0 [ 265.671488][ T38] panic+0xb9/0xc0 [ 265.671505][ T38] ? __pfx_panic+0x10/0x10 [ 265.671524][ T38] ? preempt_schedule_thunk+0x16/0x30 [ 265.671551][ T38] ? nmi_trigger_cpumask_backtrace+0x2bb/0x300 [ 265.671578][ T38] watchdog+0xfd2/0xfe0 [ 265.671606][ T38] ? watchdog+0x1de/0xfe0 [ 265.671635][ T38] kthread+0x711/0x8a0 [ 265.671656][ T38] ? __pfx_watchdog+0x10/0x10 [ 265.671678][ T38] ? __pfx_kthread+0x10/0x10 [ 265.671700][ T38] ? __pfx_kthread+0x10/0x10 [ 265.671718][ T38] ret_from_fork+0x436/0x7d0 [ 265.671745][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 265.671774][ T38] ? __switch_to_asm+0x39/0x70 [ 265.671792][ T38] ? __switch_to_asm+0x33/0x70 [ 265.671809][ T38] ? __pfx_kthread+0x10/0x10 [ 265.671827][ T38] ret_from_fork_asm+0x1a/0x30 [ 265.671859][ T38] [ 265.672006][ T38] Kernel Offset: disabled