last executing test programs: 27.547343774s ago: executing program 1 (id=745): r0 = fsopen(&(0x7f0000000000)='sysfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) capset(&(0x7f0000000040)={0x19980330}, &(0x7f0000000080)) fsconfig$FSCONFIG_SET_PATH(r0, 0x2, &(0x7f00000000c0)='\x00', &(0x7f0000000100)='./file0\x00', r1) llistxattr(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)=""/114, 0x72) 27.365471339s ago: executing program 1 (id=746): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x5, &(0x7f0000000300)="e2f35f5fbcad9020a5015f306acc92dd3dc0a437b8f5cec746fd00e80df50db15920987baeb054d60b7daef6", 0x2c) sched_setaffinity(0x0, 0xffffffffffffffca, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000dc0)=@raw={'raw\x00', 0xc01, 0x3, 0x2a8, 0x0, 0x5002004a, 0x6, 0x110, 0x3, 0x210, 0x3c8, 0x3c8, 0x210, 0x3c8, 0x7fffffe, 0x0, {[{{@ip={@dev, @broadcast=0xfeffffff, 0x0, 0xff, 'ipvlan0\x00', 'bridge0\x00', {0xff}, {}, 0x0, 0x0, 0x50}, 0x0, 0xb0, 0x110, 0x0, {0x0, 0x3fa}, [@common=@set={{0x40}, {{0x3, [0x6, 0x0, 0x2, 0x0, 0x1, 0x2], 0x4, 0x3}}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @random="ea8a29346af5", 0x462, 0x7, [0x2c, 0x30, 0x30, 0x1, 0x1, 0x9, 0xc, 0x2c, 0x1d, 0x1a, 0x38, 0xe, 0x35, 0x6, 0x1f, 0x2b], 0x0, 0x1, 0x2}}}, {{@ip={@dev={0xac, 0x14, 0x14, 0xc}, @private=0xa010100, 0x0, 0xff000000, 'batadv_slave_1\x00', 'macvlan1\x00', {0xff}, {}, 0x21, 0x0, 0xe}, 0x0, 0xa0, 0x100, 0x0, {}, [@common=@inet=@udp={{0x30}, {[0x4e20]}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @link_local, 0xfffd, 0xc, [0x40, 0x10, 0x0, 0x3, 0x0, 0xe, 0x3, 0x4, 0x0, 0xffff], 0x0, 0x0, 0x1}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x308) openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) r3 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_int(r3, 0x29, 0x19, &(0x7f0000000000)=0x84, 0xfde1) sendto$inet6(r3, 0x0, 0x0, 0x200c8004, &(0x7f0000000280)={0xa, 0x4e22, 0x0, @mcast2}, 0x1c) sendto$inet6(r3, &(0x7f00000009c0)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a47190db88690e6fedc3040ab5809ae02a54cd429cc3338c5afa0c9dce3f91950d1f567f358ac21154159130e88cbb6c43197813b2f23f3e442f80877490b393408142ebcfea6821f543e5ee9e27032e2b75d78f1b79f5a6bb6f0645e267770ef7e8f3a92148091217450ce8581e54223eeb6486205a209bf1fe854d211c03f8c3140fc3979d824082990d119473d20e94f253c9621fac339560ae46cb24b88bf2d01559bb658e343257b90f233b81bc5c398be3bbddb23a1e", 0xffd6, 0xc001, 0x0, 0xffffffffffffff0c) sendto$inet6(r3, &(0x7f0000000100)="2501f71d330b7e73d6b1d1b8a473ff7487b4b43ce086388e5de7714fa228ee1f6848", 0x22, 0xc840, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, &(0x7f0000000180)='syzkaller\x00'}, 0x90) r4 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r4, &(0x7f00000017c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000400)=[{&(0x7f0000000180)="a5", 0x1}], 0x1, &(0x7f0000000680)=ANY=[@ANYBLOB="180000000000009200840000000000000000000023000000005192efe326235f20d28ac056a27a07bdf57748418d8d98c1908a60ae6084971afa49d7014f60bf280e5a665f843b0439465e5f0aa708cb26e948e120a87c58cb572e4fb68d5dd0165251d8ba035ad091f98da3ec8f163ef8b19f619453e65d5678d3f14fa661fb12a572c3faddedb89eca00191d8af1460c03e5c1bebeec3ac08dab082ccffcfcb7c6faa9468c90f42b97aa912bbcc5b8077b2246005021186e3a843a6401b527a1e393ddc5d6dfd0d8e1d80bb3ce4810101a0ecc685048"], 0x18}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) socket(0xa, 0x6, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) gettid() mprotect(&(0x7f0000444000/0x3000)=nil, 0x3000, 0x0) socket$tipc(0x1e, 0x0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000500)=ANY=[@ANYBLOB="000000000004aaaaaaaaaa0d86dd6000000000143c0020010000000000000000000000000002fe8000000000000000000000000000aa4e220000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000090780000"], 0x0) bind$tipc(0xffffffffffffffff, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x3, {0x40, 0x2}}, 0x10) 27.307966823s ago: executing program 2 (id=747): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000002009040000fd0301000009210000000122010009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="002281"], 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0) ioctl$HIDIOCSREPORT(r1, 0x81044804, &(0x7f0000000400)={0x1}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000002c0)={0x24, 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0003"], 0x0, 0x0}, 0x0) 26.521189204s ago: executing program 0 (id=751): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000000)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r0, 0x3ba0, &(0x7f00000000c0)={0x48, 0x1, r1, 0x0, 0xfffffffffffffffe}) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r0, 0x3ba0, &(0x7f0000000280)={0x48, 0x1, r1, 0x0, 0xb}) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000140)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, r3}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000140)={0x28, 0x0, r1, 0x0, &(0x7f0000ffb000/0x4000)=nil, 0x4000}) (fail_nth: 15) 26.401602598s ago: executing program 1 (id=752): syz_emit_ethernet(0x8e, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaa1acd1f78800d8906608a37f200587300fe2800000000000000000000000000bbfe8000000000000000000000000000aa"], 0x0) 26.198163704s ago: executing program 1 (id=754): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x1, &(0x7f0000000300), 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r1) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000002c0)={'wlan0\x00'}) sendto(0xffffffffffffffff, &(0x7f00000003c0)="ce4b3261f0a17bd615ccf514abe0203f552470ad7ce7ff8dfe238ddedb3fb8acc81f1d2f451a09e14177e4d3a9bdf1c7bcabc473a85006de892156ce86c7202b", 0x40, 0x0, &(0x7f0000000680)=@tipc=@name={0x1e, 0x2, 0x3, {{0x0, 0x4}, 0x3}}, 0x80) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r5, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x0) preadv(r5, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x0, 0x1c, &(0x7f0000000040)=ANY=[@ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000b7020000000000007b2af0ff000000003609080000000000c39af0ffa0"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$KVM_RUN(r6, 0xae80, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) 25.551191411s ago: executing program 0 (id=755): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000140)={0x0, 0x0, 0x0, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r1, 0x40605346, &(0x7f00000000c0)={0x0, 0x0, {0x2}}) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r1, 0x40186366, &(0x7f0000000200)) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(0xffffffffffffffff, 0x4040534e, 0x0) 25.217255451s ago: executing program 0 (id=756): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000080a0504000073797a30000000000900020073797a3200000000140000001100010000000000000000000000000a0000"], 0x54}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x1, &(0x7f0000000300)={0x0, 0x4000000}, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r1) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendto(0xffffffffffffffff, &(0x7f00000003c0)="ce4b3261f0a17bd615ccf514abe0203f552470ad7ce7ff8dfe238ddedb3fb8acc81f1d2f451a09e14177e4d3a9bdf1c7bcabc473a85006de892156ce86c7202b450a13e141780575d0f025", 0x4b, 0x94, &(0x7f0000000680)=@tipc=@name={0x1e, 0x2, 0x3, {{0x0, 0x4}, 0x3}}, 0x80) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000480)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r3, @ANYBLOB="4900330080000000ffffffffffff08021100000050505050505000000000000000000000000000000100040600000000000025030000002a01003c040000"], 0x68}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r7, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r7, 0x0) preadv(r7, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x0, 0x1c, &(0x7f0000000040)=ANY=[@ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000b702000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$KVM_RUN(r8, 0xae80, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x0, 0x3, &(0x7f00000039c0)=ANY=[@ANYBLOB="180000000300000000000000a012544f95002b000000000093adffa82255f674412d020000000000005ab527ee3697f1ed4436dd1164b1b3f427f6ba6b34f98125f30e631d273683626e00dc254d570d4a6b78a5833488cfe410090000004aa900003d3cd62f00158e6eee8501000000520a0000151d016e6cafbe9309aba218812868a51d129e78f6ae170bf5a52001a3cd000041f0db74596fd72c002a60c1bc7dc8c38b000024b9dd1145d03ff45f70685c6bd9ff41c69b7de4758c1096a1dc52f29e8b701d2d17ebc406e89dcbb7677e6528b0856e31eb9474c0106fc48e1f8c1a5f6945ac24cf609068f6ff21e88b3cfc22df01d51e242443618c02e0a428da651366e4bac9d97328fa2a82b5e8741e02056d933bedf59ff232cebc68b91af50479387467824262852c7939db5672d07cdbe8e148bf56497e5d56d06c7551b870b2851c3f0a1aab7158edeeccd92e3a88dc0f432187ce92d7b17a21c8f1b3369ebfcb4cb2946601b0f04edb256c604f068773f6db9d661bd7f0e2536f00000000000000005521458b7d1e341c6f864f983d745f5865aad41d29158ae7602a2d6cd415e8351ebc283df54d6bec664709ff03f1aa3dc7f1580ace9bf2afd28d7157e67fb98d121a96eb373845255012e028cb2654d493afb4b35faae176f99b745eda2967199cc93685bb444f9bc50713061385537e8e4871d4acf3e3dc10e13ef227f627a40000ad1fa253d33fa74f172d0007ae4e1e347c0cff28235a6bb7aa3804b907a8f2880c5cb1cb385e6add14652003c7cdd3324f07d1ff07000000000000000009dd872ec64fa6c718bbd1aa591140cff0be4c6f8df084c5e9734ae30aa9afdc7125f01ab03a9b1074407136b4506000f0916aada035df2e0452a9b39e73aeeb6eaf14652dda689e2051d9b7eb85f3f2d5ab2c51944da8d7391d5b6b97419a3b76600cd1aa0afe5f8f46df4c5124ca425d374b371867a79b31f3f514573f1e30d1fd2d763f3ee9210b15c1d60be2168fffcd599a2cb77f124e22f87673675805494db821f39b50d5fd8c6b2a3a324c257bc97def5f07f2b77f05a4f81a9cf8110971b749ccd74089ed6b86f81ca3d247d8f71d290ed1b1a11f7a67125170c88c3b6a50696332226401b110da9c4407eca22debc99335583b00013c3130978fa069af8223b38ced735c2d90c6d84c30a0d87d42647489b39601be5c27696c"], 0x0}, 0x90) 24.337692111s ago: executing program 1 (id=759): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) landlock_create_ruleset(&(0x7f0000000000)={0x4008, 0x2}, 0x10, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000000000810000402aa690f10000000000000000"]) 22.94415176s ago: executing program 0 (id=761): r0 = socket(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x28}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route_sched(r1, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=@newqdisc={0x34, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_codel={{0xa}, {0x4}}]}, 0x34}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x500, &(0x7f0000000380)={&(0x7f00000012c0)=@newqdisc={0x24, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xa}, {0xffff, 0xffff}}}, 0x24}}, 0x0) 22.940260023s ago: executing program 2 (id=762): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x5, &(0x7f0000000300)="e2f35f5fbcad9020a5015f306acc92dd3dc0a437b8f5cec746fd00e80df50db15920987baeb054d60b7daef6", 0x2c) sched_setaffinity(0x0, 0xffffffffffffffca, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000dc0)=@raw={'raw\x00', 0xc01, 0x3, 0x2a8, 0x0, 0x5002004a, 0x6, 0x110, 0x3, 0x210, 0x3c8, 0x3c8, 0x210, 0x3c8, 0x7fffffe, 0x0, {[{{@ip={@dev, @broadcast=0xfeffffff, 0x0, 0xff, 'ipvlan0\x00', 'bridge0\x00', {0xff}, {}, 0x0, 0x0, 0x50}, 0x0, 0xb0, 0x110, 0x0, {0x0, 0x3fa}, [@common=@set={{0x40}, {{0x3, [0x6, 0x0, 0x2, 0x0, 0x1, 0x2], 0x4, 0x3}}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @random="ea8a29346af5", 0x462, 0x7, [0x2c, 0x30, 0x30, 0x1, 0x1, 0x9, 0xc, 0x2c, 0x1d, 0x1a, 0x38, 0xe, 0x35, 0x6, 0x1f, 0x2b], 0x0, 0x1, 0x2}}}, {{@ip={@dev={0xac, 0x14, 0x14, 0xc}, @private=0xa010100, 0x0, 0xff000000, 'batadv_slave_1\x00', 'macvlan1\x00', {0xff}, {}, 0x21, 0x0, 0xe}, 0x0, 0xa0, 0x100, 0x0, {}, [@common=@inet=@udp={{0x30}, {[0x4e20]}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @link_local, 0xfffd, 0xc, [0x40, 0x10, 0x0, 0x3, 0x0, 0xe, 0x3, 0x4, 0x0, 0xffff], 0x0, 0x0, 0x1}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x308) openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) r3 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_int(r3, 0x29, 0x19, &(0x7f0000000000)=0x84, 0xfde1) sendto$inet6(r3, 0x0, 0x0, 0x200c8004, &(0x7f0000000280)={0xa, 0x4e22, 0x0, @mcast2}, 0x1c) sendto$inet6(r3, &(0x7f00000009c0)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a47190db88690e6fedc3040ab5809ae02a54cd429cc3338c5afa0c9dce3f91950d1f567f358ac21154159130e88cbb6c43197813b2f23f3e442f80877490b393408142ebcfea6821f543e5ee9e27032e2b75d78f1b79f5a6bb6f0645e267770ef7e8f3a92148091217450ce8581e54223eeb6486205a209bf1fe854d211c03f8c3140fc3979d824082990d119473d20e94f253c9621fac339560ae46cb24b88bf2d01559bb658e343257b90f233b81bc5c398be3bbddb23a1e", 0xffd6, 0xc001, 0x0, 0xffffffffffffff0c) sendto$inet6(r3, &(0x7f0000000100)="2501f71d330b7e73d6b1d1b8a473ff7487b4b43ce086388e5de7714fa228ee1f6848", 0x22, 0xc840, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, &(0x7f0000000180)='syzkaller\x00'}, 0x90) r4 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r4, &(0x7f00000017c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000000400)=[{&(0x7f0000000180)="a5", 0x1}], 0x1, &(0x7f0000000680)=ANY=[@ANYBLOB="180000000000009200840000000000000000000023000000005192efe326235f20d28ac056a27a07bdf57748418d8d98c1908a60ae6084971afa49d7014f60bf280e5a665f843b0439465e5f0aa708cb26e948e120a87c58cb572e4fb68d5dd0165251d8ba035ad091f98da3ec8f163ef8b19f619453e65d5678d3f14fa661fb12a572c3faddedb89eca00191d8af1460c03e5c1bebeec3ac08dab082ccffcfcb7c6faa9468c90f42b97aa912bbcc5b8077b2246005021186e3a843a6401b527a1e393ddc5d6dfd0d8e1d80bb3ce4810101a0ecc685048"], 0x18}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) socket(0xa, 0x6, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) gettid() mprotect(&(0x7f0000444000/0x3000)=nil, 0x3000, 0x0) socket$tipc(0x1e, 0x0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000500)=ANY=[@ANYBLOB="000000000004aaaaaaaaaa0d86dd6000000000143c0020010000000000000000000000000002fe8000000000000000000000000000aa4e220000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000090780000"], 0x0) bind$tipc(0xffffffffffffffff, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x3, {0x40, 0x2}}, 0x10) 22.428231033s ago: executing program 4 (id=763): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x32, &(0x7f0000001500)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x10, 0x0, @gue={{0x2}}}}}}}, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) mmap(&(0x7f00009ff000/0x600000)=nil, 0x600000, 0x0, 0x11, r3, 0x0) sendto$inet6(r3, 0x0, 0x0, 0xfffffeffffff7ffe, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r3, &(0x7f0000000300)="c20f0d278934358545ad914303ca8e5623f4e94f7757310aeb9be547737e99f4d69e56a1b04760ce19b9c49cf49899da97f06ed548da74c59c3b2b4accc8ab42b6692fd338754fa39cf2b1b3023087f14795eb9428d6b88dbcad93e31f408f29794fdd045cb7d20b50c90faf7c88f2d810cdf1f8a844ce26c88d35ffe1db7a32ed6414244405f5554171e7d8641ade39454166936a84fa7f36e277ce1c53f4078dfe0bde514650611ce4c369ecc034f452eff839a6d4ed0e75c47fbb9a865eaf3d464c10fb5ec0873cda96608db92b5cb5691303f236e4200628056c30a501276567fb2ea522967d39c4b463622152dd8b6ca76c9192998eaeafd36fb07caeee73a4a311f9b24a1004ec9d3625b0b79060199c9b4849e912b7c63fcb85f3ecd752425fc8afb417394ed9cecc4cd51eefb1f6304aecb16fd328d1cc98223b2a34a8392383ec2781d766e674333bdb08dcfbada438217fbd1a133bd484cc8690f197784a09937b2b14e2d5472c7e6ce53745768bf229d3049d79ba2df079f57223773abe9d54c27c6464b59a0936b03b3c01b388d47fdf657357cca707d72a4c679c33d8b8edadecbbd72a9baa6f146c84e924db435186cc135a9c1343d248132e38c6ee52909bd989f8116bebbc271f0513af53e4354c719380625dbd5e89264dc9716fa64db17807f2f72d6fa8b58360c372f3a6e8d22c18b4b1c5de94ea4917ba8dae90a8b0c72d3629cb72bd96748803a61b66f4064c9090354352b054e29a97342704393033429211d51c491cc1d8e34b27a3d526f31dd3d4fd21e782698efcbd0e2e8c55e28ed06e1064d0170a33587aacf8effd7d36ae9451caa541a9cbeb08d52d6d560403c7a57ed74f5bdcb3e580c7c261c58517afc81cbbab1861bcd69c183b398aa11d573e57218912d00914e50f0777c887199f90ff67d1e1f3f1a63086c14acf830165097faa385e1b94fd87c8018fa53ba8696b0ebaebfe3ee6d4c62937fa24921ddc6a4c8fcbc42023fb29bf96975fc1a2172e114dc7365a0d6a27d497ea2ba1b304673ac2d83dc26c8e3005da2b4730afea6ac54ac29cbd115fce5144ed383348fd781ab19ec9de9c07b2c6556596be3df2b5e465f91c46b2cf50b717c5b58d886b2695d10cdbb09803ab381a3a1d513a6a977d05c24a44263fde79cd466ca32ce2883760433a5ff4faa329a0c126e4903ea3dec1e07e057dd8fb8ba5ab390e81234bca767a5dd209e588a41d765668bcca077003cb3b332ef54549777678fed3f17d946990ca0812b207e704eda95dcaee23d6795db34779433869fb2ef9a0eeff13c43a42dabeee9f4a69a74008ea973c3a8e4c30c850b30d48915b7cbbba1e7db1988d27d036845c5fb8520bfec10bd70a5bc5853ee8985db9c7135813c32657b13747fd02735bc0f3fc54774f9ef97fac6f12ec24a55fa066e8f387170208da8615355e2e21a7363b11a3cab94b8ee411bbecf9b1f71662f50557f03e1fb64e5da0a18c18225a612235ed6337480debc9e4f45a32297a09735285cbb3254431980626bb46ab07993284629ff28558dea766cc4a8c511982a934d25088531aba09169c5855070924f36180abf8ca9fb6669e7bca5df76a3e0d8ddd4eaa99fbce9f24b91f8d1316791de91f9d6a96d2a8ee9f7bebf95804d0c136745acf372e38ff88a69167e79ff3ef3058f9ab2f4e8250de697ceca6a9f67477d6fe450bb23cba11dda80c7b3634d50bf22002d269e69a6c43a6888d0d20759bf2dcac1c18492f2ce4d85547fd7e6dc03fdbe02c63b656190929f1f4198b46b44623fa500402ff56a87107b9a3e668687899c3c06b73e94000349c14f56d5f730cc75cd628f931a187b11ad4f240218c9cb6b1e036e560aa68d8e7258d8236ba1f1805ea4d75258bbc321c9eb7aa0f4d7eccfb630faff7e3c8c278570bd5ea77719bd33b83d1f8580496282859cc48fe99680ec546cf9f6e10b89f08d659dc0b2636398135c64c37aa567bf5fb157627c8fa9fe404924ba4e60363b353f4f3eaaf8b4197785ae04ee3b64aee53a8f961f79a3e6076d217c1692596e5bf9a7f94dc92072c53994dc658c74ff68c329a92ee2d6602d6b9acbedd19db3b717b7d4c816b1fd6c3e77a03fd0eae9a40140779899b3a770b3c20a889971fce8b35e768ef387cce2c777b915ce4e7df9463f5eef54e0e918d3e904c8770c1bbc6eb77c3e43353e13d1c0b7667d06b20715526b17e0b8968ae3254f626c59ab232ac0835e5b07ad838e81ca7a86a4b42e5807e8a316eb7fe6afae53877e1d87b3e1e9302d595cf033e95c42d42f7e31f8d46e78d412be66120948ce552b68d3f8b4fd1a0eed888c514a37040fb28dbf96af88ec96e5d7e476cfeaa4092dd80f5fe6f67fbf27c20e3169d9971602caf6a4d8679558aa2119a751fc1ad9870086370fcdcccb280ee591a7fe8b319be2d9f0ab3fb0040d45ca6e3b938c991b5beb93499bf77e098c662d075dd66dd6a2df2b48f649ce9ec01f17eb287f6eef766b26b014a7cd459d368b00bc4c73af17fbec17b663f619b68ca517d55e50e498b91d609dbcbec3a5ac0cd47506ef493ecf7ef9bf66ae3e706bcc7d8894f1cf05e7841e6f1198e2b27a1b2dd5e39cf7b0d97319f6d4711c6ddde8f8e0226d19a5f65ce2c35c5ae2bbfbb016a518ea97f9a7b62a7860b9c98563b7727d6c462df0cd98dedb9f3559e020f5b513513976c8a8080addb6e57a0b9beaa744ed818e24e687ca0b3aee27448ccbd918a6773ae7c37a00ebce5c8eee030930e806234d884ba4038feebf05ddd946b6d78c543c198612fb9fa7634c1463428b9eef86cb9c703f9e6be22367a55926c2ff1e31f0caabaceaac08872807dcbf41c1ac46a411e80e7a87a14282b837a4c5e016aac38e5ba5a6463421612ba493ac7cd2decd0d63e58410f43d169c8bb649f44aeac5d3f17c3709bc9f9533d307a7a062d87d0ce5e726de778d502bdcaa441db875dcb8a9e8c49607ab5c8a233ded286e8d1ee4a98cd18085c808d9409560a205f0bb979f3c9c31b2a13bcbd4cfa91b6d8fe6a3a6167da6a6b3eef799358829e3e95cd007d2eb49e38fede07b042b0485bd9311fbd2c89e3c11ed179f1a7c71cf743642533e9fa2ae41d9972b2c6a3ca01484c2abb563311927b97f21ec6573bc25918f8110028c63f16d7bffd29f753cb7bd00124b00159e94ebd875ad899f9e92148b331fc88b02d80b5c1c290177083c0a002a92936a6b304936393688e8e7af019ac6b0760fd04b63ac5f89a0d0b99dab49c56b6373116c2056bd4c9227be7ec1970e1f2544150172d10ab759c68d5646b1673b083e87b62c0b60da658e0e397b4c283edd70ad164d7f43c7c2b38ca7ec47df6a0d7c534d48931523fa29ac0d950ac0c13335769f8e957e686abf02fa8974a4ffca48f08656e7d8a944affab6beb622afc5e444e5345ac416ce1d2ba2ef34641641fcd2d632680b98ea1e917d7e6c9505c99d0f487fcb00880a9eeee91a2c9f3601fbfd810dc55731d17317381e3c78c62dc3fad2ad1d269469c1b9da265f185feba1c1bde19e71a4e5e0bea38065081d28c6fb189087c32cf277212cc6fb12fd1af3692a1c9817f531b7ee4323cd7a3b8e61c6ea2e4c3f6a1e8f0c35374d3eda3054bee6293ce306613d24f5b7316cc10b1ae66d70839948eb71be7a0b31d69c7b07777cb6dc07ddb667f88e20f25e51e710c5bfbdf8baa2ac11c4a25b635a92b68eb32fce851409b7d96e403647ed85a0419db468ed36b1a0cd08691b08f054d237629d3c1a4bb85ca5a9c8ce7ae0ec0976e885ca29ff7049a77867b3a49d597e4d71a50110f508247682f85b992d38bc49982f6065a5e8c1589bb05227f966964f651811c050613a109faa70b9593b77c4ad395cd294f05d3ef30debb452f67cc487e9da4652aebe4dbb06ba2e320399df21bfae5c929ca97bae41b58c37d0ab54d8e8303f923faec1eb576f2a39b29fc94532c147c48221e1cc7305df72ed7c97897059403894eddab4adc4b86d415694562c62191f827b9de4e1f5c98c7cd6a9afc235e63112e88a13c2f53e419f277def82d8d2f51944bea4028e5b84f1cc42510ee5f73f339b83b0d64d1213c0a296da16dc1e0ec4ea71770999fba35108b1adce0b2639c8e95f3bca00191815a8e748e57e36d1958eda0be07a35b5f92a913d04812b0454fe57e0f3b3ebd37aca1b53cf2454d8c7cbb12e7f303af33aa50f96e0c2758990126d6630bb22e93cac0ceef3ad9028cb203d0b191f25a92384684b0421258be9a057f5b1b40e6418dac1b9bc349e5d20cbe9e0aa4b1e4483f07cb55417b9f58cbb4ae92cbe5a81f17dba9d48a330b7acde8dab0583fe603bae9d5a5308287996053919eabf8ea5a0a1677a269d8fd4926697a4eb0ced0858e3185247bad3be05733a4165470de6a533d1b24059f913339a09a6eace182b6c9280a7fc1af0c836c132f1d7dff8871353832c7f5b25614dc2a7c8e8237bec5425618cf353cf146ff21f672e4b06ccbe6bef2f2e51a47f153a97c9370be6b5832d2063ffc17614880d87682cd2d897ad19e040eb0d3bddb066c30a3c670e8e9a097d4b2244485e90912a0154b72db0a37c42c3ffcdf9272a5d2ad68139bb87cb641eaa1b0df9588570ca05c9840011b29a6cfe053e1095d59128bfb9665157d2665c66cacd39a681975ed24c336856f0cd98ac15c9cda2b6e556fb4b54b7b11840e2d2bf190391f1bd6e381bbeed39d8005bd6b725ad18c6d50836f5af027512753941447cf02e92d011ae6f094ee0a23804c800945d706771218bf6e18eee81fa1cb9e27fec38b1f575610604f7cacb35d7c37933df72fa189db607a752d5f3badd0385bf93ca4f2887458da090cd42f87b8def0c6341900dd6f16cf7c77393581ba1551482c757af4e6ace754d75dd010ca34cc2b68f6946b189e67867ca53ef6aff36e23c7f694427a9475e8acf2130d3841730530d49021833ab506a7eb9652a10df25f7b2007998e4e6aa41d130b2bcf41851df9ed76f8cba800f4a093c43c7717f204275942d822c739539dc11fdca1b9b1fa5f17232c5ce12873692fbf054796e9b435db5145b87b67e3de45d252fd6805f31dec22eb88757316800be404b5ff7dcb196c92ecab9fb04032b5fd42ef585e2ca10f109ddabf0941017747d39cdc65717f4ca7cc0bbe98d5dc2d11eed68efba99ea2ba26a4e3a5173805c4c97656d233799174f908ae50465337968903adb91bd658833327865865cf3875b2503a105942620e6dd62526aa8e9a05b5ab348b2ca68b4ca4f4c487ade7ca7650a6bfb4e27b65161462928d6a0ba186db908be3d8afd409c489969ef0f8b1dd71bea5a5c438a32010d1fccc34adee482bdc6d7d654b2ff5879467ea22d18da9884486273a51ceca842cfe0cd6fd50e5116acb58e7657ac6ec7b99d58a6e7232c84b28ebafdf2ec5737ce837223d3d59f48ec5fd37e36929c342a853047ea1f4eb4543757b27dbadfeadcc16205f9486bcf4ad479a7c75f8c34820b57431aab2b4e509e18728727e1de74104c5be581ac4ae9b2bf894bb8495f1cff51d44e9079cb0332ad5d40df729da592e2029bc13f1f467e70c529467577ac39c24e4d33c53f476078ba843a807a281767fb6f68c0ac79709134270642853c7b914b5b21b5235b57a63331e9d646463dc7595066c42efcebe786d9abd6c25c3e10a16beff021223c9db08505de524040bcc4f335faeaa199fe1692a2c9568ab06d908dd76", 0x1000, 0x0, 0x0, 0x0) dup3(r3, r2, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000280)=0x40) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) sendmsg$TIPC_CMD_SET_LINK_TOL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r6, 0x0) preadv(r6, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r7 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_CAP_X86_USER_SPACE_MSR(r5, 0x4068aea3, &(0x7f0000000240)={0xbc, 0x0, 0x5}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x56, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) 20.891967217s ago: executing program 0 (id=765): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = syz_open_dev$sndctrl(&(0x7f0000000e00), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000000)=0x7fff) poll(&(0x7f0000000100)=[{r0, 0x0, 0x300}], 0x1, 0x0) 20.833289641s ago: executing program 0 (id=766): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000040)={0x1, 0x3000000, [{0x40000081}]}) 19.751917103s ago: executing program 2 (id=767): r0 = inotify_init() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000080)='pids.max\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000200)=0x2000000000002, 0x12) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000180)={{0x1, 0x1, 0x18, r0, {0x2f}}, './file0\x00'}) clock_adjtime(0x0, &(0x7f0000000000)={0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000001, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7a2, 0x0, 0x1}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, r3, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x4}, 0x48) r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x8, 0x1c, &(0x7f00000009c0)=ANY=[@ANYBLOB="18080000100000000000000000000000181100004afbd5be92d7a59136cf17be51250053760580ca871dd761377b929a5b5ed0a1ea5dddb6772b1823ec56cc8922dd76ac65ffb71830309283d4234a1f4e5ce8b3d66e827837378fdea0e6254f03e6deeaadabeacbdd1997bfe267625bed8e3eecb459d4a319a69eada4205206041a87ddc24318786454b3c6e1fca1dca57b36bb18c013d59e1a6908130b3f4ee2acd84a176785703cb353d3535e7c04aabbc9cf0fe4a3c090ff3e", @ANYRES32=r7, @ANYRES8, @ANYRES32=r6, @ANYBLOB="0000000000000000b7050000080000001500000076000000bf9800000000000056080000000000008500000007000000020000000000000095000000000000003ec2309c11a6156f7887ebdeb494732eb76e95a954485eaf52f864d37a36dbb83661c87159ffeafd66fdf254bf8b715fdfe791a47caf1973d7477b8840d54991265b314b26280b8824c868c264a88f64a7a14372d305c8ab30407f7f32405e6ad3ef63fbe9600578d4539cf2b260d83e933185cf6d8fed851a84968406e340af602f46c345f6a8620d48c486ceec66db5f9d23c5689ec093866529ead2e19edec958cc6f7629d5430befb3b8f80f718e88b90000001f2b63bc952c5d1ffe1d3dbc5b50708cade671ae65bf05d0fc44461b9efd0e45a9fd87e6476b385c957963434713cc313c7a4432693a518f4d4a9d20af1d94b252b867ac66e20e871756bcd39f4b77181e83233efbccfdab75f2795c2de4ca076d4bf19322a61357a21b4bc4ad32553e6de9cdde40c3"], &(0x7f00000002c0)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) mknodat$null(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x103) r8 = inotify_init1(0x0) r9 = inotify_init1(0x0) r10 = syz_open_dev$evdev(&(0x7f0000000480), 0x100000003, 0x0) syz_usb_disconnect(r10) syz_usb_connect(0x0, 0x24, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000dc7a2240c80a2103c9a101020301090212000100000000090468200044741100"], 0x0) ioctl$EVIOCRMFF(r10, 0xc0085508, &(0x7f00000000c0)=0x18) inotify_add_watch(r9, &(0x7f0000000040)='./file0\x00', 0x2000540) inotify_add_watch(r8, &(0x7f0000000100)='./file0\x00', 0x44000000) inotify_add_watch(r8, &(0x7f00000001c0)='./file0\x00', 0x400) sendmsg$DEVLINK_CMD_RATE_GET(r4, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x7c, r5, 0x1, 0x70bd26, 0x25dfdbfd, {}, [@handle=@pci={{0x8}, {0x11}}, @handle=@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_RATE_NODE_NAME={0xf, 0xa8, @name2}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x7c}, 0x1, 0x0, 0x0, 0x4400}, 0x0) r11 = socket$inet6(0xa, 0x6, 0x0) listen(r11, 0x80080400) getsockopt$inet_int(0xffffffffffffffff, 0x10d, 0xc0, &(0x7f0000000000), &(0x7f0000000240)=0x4) sendmsg$NL80211_CMD_GET_FTM_RESPONDER_STATS(0xffffffffffffffff, 0x0, 0x0) r12 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000100)={'ipvlan0\x00'}) 18.587120455s ago: executing program 1 (id=768): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x1, &(0x7f0000000300), 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r1) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000002c0)={'wlan0\x00'}) sendto(0xffffffffffffffff, &(0x7f00000003c0)="ce4b3261f0a17bd615ccf514abe0203f552470ad7ce7ff8dfe238ddedb3fb8acc81f1d2f451a09e14177e4d3a9bdf1c7bcabc473a85006de892156ce86c7202b", 0x40, 0x0, &(0x7f0000000680)=@tipc=@name={0x1e, 0x2, 0x3, {{0x0, 0x4}, 0x3}}, 0x80) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r5, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x0) preadv(r5, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x0, 0x1c, &(0x7f0000000040)=ANY=[@ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000b7020000000000007b2af0ff000000003609080000000000c39af0ffa0"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$KVM_RUN(r6, 0xae80, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x0, 0x3, 0x0, 0x0}, 0x90) 18.537130347s ago: executing program 3 (id=769): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)) ioctl$KVM_SET_IRQCHIP(r1, 0x400448c9, &(0x7f0000000180)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x8}]}}) 14.604687555s ago: executing program 2 (id=770): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000740)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f0000000900)={'#! ', '', [], 0xa, "bc1dff29cb00d51ff5996ef11dc3a5d8c877ee1e0b8010d33b6a8600ccafa11456cc9ad70446eabd28ac5da555559377fb8c3635a28ab58c196009a32cf392722f5dc0e72c0e6e4e29655a880a455a4eee1dd4ce47de65353defe1326549a56261ff54006046fd7f4b36a7e6f89a0b0b016668d573ffb77f45072f5bacc83eb5b0b77f939db6cb2b525e7875a21282b37de805dd04b10e622fd39fb3d409e20f34b07c57c79a43df977300eb6fa6080f2c0eb809c2d139031b171c06ea8f815a36fa5e4c37"}, 0xc9) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) 14.187703338s ago: executing program 4 (id=771): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000080a0504000073797a30000000000900020073797a3200000000140000001100010000000000000000000000000a0000"], 0x54}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x1, &(0x7f0000000300)={0x0, 0x4000000}, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r1) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendto(0xffffffffffffffff, &(0x7f00000003c0)="ce4b3261f0a17bd615ccf514abe0203f552470ad7ce7ff8dfe238ddedb3fb8acc81f1d2f451a09e14177e4d3a9bdf1c7bcabc473a85006de892156ce86c7202b450a13e141780575d0f025", 0x4b, 0x94, &(0x7f0000000680)=@tipc=@name={0x1e, 0x2, 0x3, {{0x0, 0x4}, 0x3}}, 0x80) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000480)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r3, @ANYBLOB="4900330080000000ffffffffffff08021100000050505050505000000000000000000000000000000100040600000000000025030000002a01003c040000"], 0x68}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r7, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r7, 0x0) preadv(r7, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x0, 0x1c, &(0x7f0000000040)=ANY=[@ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000b702000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$KVM_RUN(r8, 0xae80, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x0, 0x3, &(0x7f00000039c0)=ANY=[@ANYBLOB="180000000300000000000000a012544f95002b000000000093adffa82255f674412d020000000000005ab527ee3697f1ed4436dd1164b1b3f427f6ba6b34f98125f30e631d273683626e00dc254d570d4a6b78a5833488cfe410090000004aa900003d3cd62f00158e6eee8501000000520a0000151d016e6cafbe9309aba218812868a51d129e78f6ae170bf5a52001a3cd000041f0db74596fd72c002a60c1bc7dc8c38b000024b9dd1145d03ff45f70685c6bd9ff41c69b7de4758c1096a1dc52f29e8b701d2d17ebc406e89dcbb7677e6528b0856e31eb9474c0106fc48e1f8c1a5f6945ac24cf609068f6ff21e88b3cfc22df01d51e242443618c02e0a428da651366e4bac9d97328fa2a82b5e8741e02056d933bedf59ff232cebc68b91af50479387467824262852c7939db5672d07cdbe8e148bf56497e5d56d06c7551b870b2851c3f0a1aab7158edeeccd92e3a88dc0f432187ce92d7b17a21c8f1b3369ebfcb4cb2946601b0f04edb256c604f068773f6db9d661bd7f0e2536f00000000000000005521458b7d1e341c6f864f983d745f5865aad41d29158ae7602a2d6cd415e8351ebc283df54d6bec664709ff03f1aa3dc7f1580ace9bf2afd28d7157e67fb98d121a96eb373845255012e028cb2654d493afb4b35faae176f99b745eda2967199cc93685bb444f9bc50713061385537e8e4871d4acf3e3dc10e13ef227f627a40000ad1fa253d33fa74f172d0007ae4e1e347c0cff28235a6bb7aa3804b907a8f2880c5cb1cb385e6add14652003c7cdd3324f07d1ff07000000000000000009dd872ec64fa6c718bbd1aa591140cff0be4c6f8df084c5e9734ae30aa9afdc7125f01ab03a9b1074407136b4506000f0916aada035df2e0452a9b39e73aeeb6eaf14652dda689e2051d9b7eb85f3f2d5ab2c51944da8d7391d5b6b97419a3b76600cd1aa0afe5f8f46df4c5124ca425d374b371867a79b31f3f514573f1e30d1fd2d763f3ee9210b15c1d60be2168fffcd599a2cb77f124e22f87673675805494db821f39b50d5fd8c6b2a3a324c257bc97def5f07f2b77f05a4f81a9cf8110971b749ccd74089ed6b86f81ca3d247d8f71d290ed1b1a11f7a67125170c88c3b6a50696332226401b110da9c4407eca22debc99335583b00013c3130978fa069af8223b38ced735c2d90c6d84c30a0d87d42647489b39601be5c27696c"], 0x0}, 0x90) 11.221496785s ago: executing program 2 (id=772): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000002009040000fd0301000009210000000122010009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="002281"], 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0) ioctl$HIDIOCSREPORT(r1, 0x81044804, &(0x7f0000000400)={0x1}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000002c0)={0x24, 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0003"], 0x0, 0x0}, 0x0) 11.220970734s ago: executing program 4 (id=773): r0 = socket$igmp6(0xa, 0x3, 0x2) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x7}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4008040) sendto(r0, 0x0, 0x4, 0x700, 0x0, 0x0) 11.154314946s ago: executing program 4 (id=774): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a34000000000a4f1c00000000000000000200000009000100859584b15cc0b28108000240000000020900010073797a310000000014000000110001"], 0x5c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETRULE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x7, 0xa, 0x301, 0x0, 0x0, {0x3}}, 0x14}}, 0x0) pipe(0x0) socket$kcm(0x10, 0x3, 0x10) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) r5 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r5, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r5, &(0x7f0000000480), 0x2e9, 0x36) r6 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r6, &(0x7f0000000240)={0x0, 0xffffffffffffff4a, &(0x7f0000000200)={&(0x7f0000000080)={0x18, 0x16, 0xa01}, 0x78}}, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x288, 0x0, 0x178, 0xc, 0x0, 0x178, 0x2c8, 0x258, 0x258, 0x2c8, 0x258, 0x3, 0x0, {[{{@ipv6={@loopback={0x1f0}, @mcast2, [], [], 'team_slave_0\x00', 'netpci0\x00'}, 0x0, 0xa8, 0xd8}, @common=@inet=@SET2={0x30}}, {{@ipv6={@private1, @mcast1, [], [], 'wg2\x00', 'hsr0\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x2e8) r7 = socket$inet(0x2, 0x6, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f00000004c0)={@in={{0x2, 0x0, @loopback}}, 0x0, 0x0, 0x0, 0x0, "98d3340600c7aa11897ecaab876eab79576839c5656be8410f2802e944af80373be2666b665770173fbd1883303b6ac4749393ad08f139a68f00"}, 0xd8) setsockopt$SO_TIMESTAMP(r7, 0x1, 0x3f, &(0x7f0000000080)=0x1, 0x4) bind$inet(0xffffffffffffffff, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r7, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10) recvmmsg(r7, &(0x7f0000001840), 0x0, 0x0, 0x0) write$binfmt_elf64(r7, &(0x7f00000000c0)=ANY=[], 0xc63b9e35) syz_genetlink_get_family_id$batadv(&(0x7f0000000140), r6) 8.754301992s ago: executing program 3 (id=776): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) sendmsg$key(r0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x8800) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r3 = socket(0xa, 0x3, 0x4) io_setup(0x6, 0x0) io_submit(0x0, 0x0, 0x0) sendmsg$ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000019640)={&(0x7f0000000280)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB="02002abd7000fbdbdf25160000"], 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x0) r4 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000040)='source', &(0x7f0000000080)='//', 0x0) socket$nl_generic(0x10, 0x3, 0x10) io_setup(0xff, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b40)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_INGRESS={0x8, 0xf, 0x1}, @TCA_CAKE_ACK_FILTER={0x8}]}}]}, 0x44}}, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) io_submit(0x0, 0x0, &(0x7f0000003ec0)) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000340)={0x0, 0x100, 0x1, 'queue1\x00', 0x7fff}) setsockopt$inet6_group_source_req(r3, 0x29, 0x0, 0xffffffffffffffff, 0x1) r8 = socket(0x80000000000000a, 0x0, 0x0) setsockopt$inet6_group_source_req(r8, 0x29, 0x0, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x5}}, {{0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @private=0xa010101}}}}, 0x108) sendmsg$inet(r1, &(0x7f0000000040)={&(0x7f00000000c0)={0x2, 0x4001, @loopback}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x2000488c) 4.981631094s ago: executing program 2 (id=778): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f00000003c0)=0x2) ioctl$SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f0000000000)) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000500)={0xa00, 0x18, 0xfa00, {0x0, 0x0, 0x0, 0x9}}, 0x20) openat$nullb(0xffffffffffffff9c, &(0x7f0000000400), 0x40000000c4b02, 0x0) openat$nullb(0xffffffffffffff9c, 0x0, 0x20080, 0x0) r2 = dup(0xffffffffffffffff) mmap(&(0x7f000074a000/0x4000)=nil, 0x4000, 0x1000004, 0x12, r2, 0x0) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x65) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000001c0)={'team0\x00'}) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x24040140, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0xff}, 0x14) r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0xfffffffffffffd12, &(0x7f0000000340)='P') prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0x4000, &(0x7f0000000000)='(/\x00') ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f0000000380)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r5, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, r6, 0x0, 0x0, 0x0, 0x0}) syz_open_procfs(0x0, &(0x7f0000000440)='net/xfrm_stat\x00') ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f0000000140)={0xc, 0x0, 0x0}) ioctl$IOMMU_HWPT_ALLOC$TEST(r5, 0x3b89, &(0x7f00000002c0)={0x18, 0x3, r7, r8, 0x0, 0x0, 0xdead, 0x4, &(0x7f0000000280)}) ioctl$IOMMU_HWPT_SET_DIRTY_TRACKING(r5, 0x3b8b, &(0x7f0000000080)={0x10, 0x0, r9}) ioctl$IOMMU_DESTROY$hwpt(r0, 0x3b80, &(0x7f00000000c0)={0xfffffffffffffe7a, r9}) 4.526851056s ago: executing program 3 (id=779): r0 = syz_io_uring_setup(0x7ea9, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r3}}) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r4, 0x0, 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_MKDIRAT={0x25, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r0, 0x2d7e, 0x0, 0x0, 0x0, 0x0) 3.371178141s ago: executing program 4 (id=780): r0 = inotify_init() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000080)='pids.max\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000200)=0x2000000000002, 0x12) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000180)={{0x1, 0x1, 0x18, r0, {0x2f}}, './file0\x00'}) clock_adjtime(0x0, &(0x7f0000000000)={0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000001, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7a2, 0x0, 0x1}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, r3, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x4}, 0x48) r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x8, 0x1c, &(0x7f00000009c0)=ANY=[@ANYBLOB="18080000100000000000000000000000181100004afbd5be92d7a59136cf17be51250053760580ca871dd761377b929a5b5ed0a1ea5dddb6772b1823ec56cc8922dd76ac65ffb71830309283d4234a1f4e5ce8b3d66e827837378fdea0e6254f03e6deeaadabeacbdd1997bfe267625bed8e3eecb459d4a319a69eada4205206041a87ddc24318786454b3c6e1fca1dca57b36bb18c013d59e1a6908130b3f4ee2acd84a176785703cb353d3535e7c04aabbc9cf0fe4a3c090ff3e", @ANYRES32=r7, @ANYRES8, @ANYRES32=r6, @ANYBLOB="0000000000000000b7050000080000001500000076000000bf9800000000000056080000000000008500000007000000020000000000000095000000000000003ec2309c11a6156f7887ebdeb494732eb76e95a954485eaf52f864d37a36dbb83661c87159ffeafd66fdf254bf8b715fdfe791a47caf1973d7477b8840d54991265b314b26280b8824c868c264a88f64a7a14372d305c8ab30407f7f32405e6ad3ef63fbe9600578d4539cf2b260d83e933185cf6d8fed851a84968406e340af602f46c345f6a8620d48c486ceec66db5f9d23c5689ec093866529ead2e19edec958cc6f7629d5430befb3b8f80f718e88b90000001f2b63bc952c5d1ffe1d3dbc5b50708cade671ae65bf05d0fc44461b9efd0e45a9fd87e6476b385c957963434713cc313c7a4432693a518f4d4a9d20af1d94b252b867ac66e20e871756bcd39f4b77181e83233efbccfdab75f2795c2de4ca076d4bf19322a61357a21b4bc4ad32553e6de9cdde40c3"], &(0x7f00000002c0)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) mknodat$null(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x103) r8 = inotify_init1(0x0) r9 = inotify_init1(0x0) r10 = syz_open_dev$evdev(&(0x7f0000000480), 0x100000003, 0x0) syz_usb_disconnect(r10) syz_usb_connect(0x0, 0x24, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000dc7a2240c80a2103c9a101020301090212000100000000090468200044741100"], 0x0) ioctl$EVIOCRMFF(r10, 0xc0085508, &(0x7f00000000c0)=0x18) inotify_add_watch(r9, &(0x7f0000000040)='./file0\x00', 0x2000540) inotify_add_watch(r8, &(0x7f0000000100)='./file0\x00', 0x44000000) inotify_add_watch(r8, &(0x7f00000001c0)='./file0\x00', 0x400) sendmsg$DEVLINK_CMD_RATE_GET(r4, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x7c, r5, 0x1, 0x70bd26, 0x25dfdbfd, {}, [@handle=@pci={{0x8}, {0x11}}, @handle=@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_RATE_NODE_NAME={0xf, 0xa8, @name2}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x7c}, 0x1, 0x0, 0x0, 0x4400}, 0x0) r11 = socket$inet6(0xa, 0x6, 0x0) listen(r11, 0x80080400) getsockopt$inet_int(0xffffffffffffffff, 0x10d, 0xc0, &(0x7f0000000000), &(0x7f0000000240)=0x4) r12 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000100)={'ipvlan0\x00'}) 1.547408402s ago: executing program 3 (id=781): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x8920, &(0x7f0000000200)={'ip6_vti0\x00', &(0x7f0000000100)={'syztnl2\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @loopback={0xfec0ffff00000000, 0xffff8881114a4aa8}}}) 1.479926479s ago: executing program 3 (id=782): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000740)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) write$binfmt_script(r1, &(0x7f0000000900)={'#! ', '', [], 0xa, "bc1dff29cb00d51ff5996ef11dc3a5d8c877ee1e0b8010d33b6a8600ccafa11456cc9ad70446eabd28ac5da555559377fb8c3635a28ab58c196009a32cf392722f5dc0e72c0e6e4e29655a880a455a4eee1dd4ce47de65353defe1326549a56261ff54006046fd7f4b36a7e6f89a0b0b016668d573ffb77f45072f5bacc83eb5b0b77f939db6cb2b525e7875a21282b37de805dd04b10e622fd39fb3d409e20f34b07c57c79a43df977300eb6fa6080f2c0eb809c2d139031b171c06ea8f815a36fa5e4c37"}, 0xc9) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) 626.25445ms ago: executing program 3 (id=783): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000080a0504000073797a30000000000900020073797a3200000000140000001100010000000000000000000000000a0000"], 0x54}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) syz_io_uring_setup(0x1, &(0x7f0000000300)={0x0, 0x4000000}, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r1) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendto(0xffffffffffffffff, &(0x7f00000003c0)="ce4b3261f0a17bd615ccf514abe0203f552470ad7ce7ff8dfe238ddedb3fb8acc81f1d2f451a09e14177e4d3a9bdf1c7bcabc473a85006de892156ce86c7202b450a13e141780575d0f025", 0x4b, 0x94, &(0x7f0000000680)=@tipc=@name={0x1e, 0x2, 0x3, {{0x0, 0x4}, 0x3}}, 0x80) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000480)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r3, @ANYBLOB="4900330080000000ffffffffffff08021100000050505050505000000000000000000000000000000100040600000000000025030000002a01003c040000"], 0x68}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000100)) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r7, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r7, 0x0) preadv(r7, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x0, 0x1c, &(0x7f0000000040)=ANY=[@ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000b702000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$KVM_RUN(r8, 0xae80, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x0, 0x3, &(0x7f00000039c0)=ANY=[@ANYBLOB="180000000300000000000000a012544f95002b000000000093adffa82255f674412d020000000000005ab527ee3697f1ed4436dd1164b1b3f427f6ba6b34f98125f30e631d273683626e00dc254d570d4a6b78a5833488cfe410090000004aa900003d3cd62f00158e6eee8501000000520a0000151d016e6cafbe9309aba218812868a51d129e78f6ae170bf5a52001a3cd000041f0db74596fd72c002a60c1bc7dc8c38b000024b9dd1145d03ff45f70685c6bd9ff41c69b7de4758c1096a1dc52f29e8b701d2d17ebc406e89dcbb7677e6528b0856e31eb9474c0106fc48e1f8c1a5f6945ac24cf609068f6ff21e88b3cfc22df01d51e242443618c02e0a428da651366e4bac9d97328fa2a82b5e8741e02056d933bedf59ff232cebc68b91af50479387467824262852c7939db5672d07cdbe8e148bf56497e5d56d06c7551b870b2851c3f0a1aab7158edeeccd92e3a88dc0f432187ce92d7b17a21c8f1b3369ebfcb4cb2946601b0f04edb256c604f068773f6db9d661bd7f0e2536f00000000000000005521458b7d1e341c6f864f983d745f5865aad41d29158ae7602a2d6cd415e8351ebc283df54d6bec664709ff03f1aa3dc7f1580ace9bf2afd28d7157e67fb98d121a96eb373845255012e028cb2654d493afb4b35faae176f99b745eda2967199cc93685bb444f9bc50713061385537e8e4871d4acf3e3dc10e13ef227f627a40000ad1fa253d33fa74f172d0007ae4e1e347c0cff28235a6bb7aa3804b907a8f2880c5cb1cb385e6add14652003c7cdd3324f07d1ff07000000000000000009dd872ec64fa6c718bbd1aa591140cff0be4c6f8df084c5e9734ae30aa9afdc7125f01ab03a9b1074407136b4506000f0916aada035df2e0452a9b39e73aeeb6eaf14652dda689e2051d9b7eb85f3f2d5ab2c51944da8d7391d5b6b97419a3b76600cd1aa0afe5f8f46df4c5124ca425d374b371867a79b31f3f514573f1e30d1fd2d763f3ee9210b15c1d60be2168fffcd599a2cb77f124e22f87673675805494db821f39b50d5fd8c6b2a3a324c257bc97def5f07f2b77f05a4f81a9cf8110971b749ccd74089ed6b86f81ca3d247d8f71d290ed1b1a11f7a67125170c88c3b6a50696332226401b110da9c4407eca22debc99335583b00013c3130978fa069af8223b38ced735c2d90c6d84c30a0d87d42647489b39601be5c27696c"], 0x0}, 0x90) 0s ago: executing program 4 (id=784): epoll_create(0x0) r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x802) write$evdev(r0, &(0x7f0000000000), 0x100000008) ioctl$F2FS_IOC_GARBAGE_COLLECT(r0, 0x80084503, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x2a, 0x0, 0x0) fsopen(0x0, 0x0) openat$uhid(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) socket$alg(0x26, 0x5, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r2 = socket$inet6(0xa, 0x0, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e23}, 0x1c) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$USBDEVFS_SUBMITURB(r4, 0xc0185500, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0}) listen(r2, 0x3) r5 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r5, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) syz_open_dev$vcsu(&(0x7f00000000c0), 0xfffffffffffffffd, 0x100) kernel console output (not intermixed with test programs): [ 204.251684][ T7735] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 204.293419][ T7735] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.354421][ T7735] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 204.380412][ T7735] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.404689][ T7735] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 204.419802][ T7735] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.431086][ T7735] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 204.444848][ T7735] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.458984][ T7735] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 204.504653][ T7735] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 204.525365][ T7735] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.535324][ T5145] pwc: Failed to set LED on/off time (-71) [ 204.535862][ T5145] pwc: send_video_command error -71 [ 204.542489][ T7735] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 204.579712][ T5145] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 204.581610][ T7735] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.598003][ T5145] Philips webcam 5-1:0.0: probe with driver Philips webcam failed with error -71 [ 204.619534][ T5145] usb 5-1: USB disconnect, device number 10 [ 204.621654][ T7735] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 204.640134][ T7735] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.651695][ T7735] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 204.674004][ T7735] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.689748][ T7735] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 204.698038][ T7947] netlink: 'syz.2.542': attribute type 2 has an invalid length. [ 204.715111][ T7735] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.732088][ T7735] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.745807][ T7735] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.765293][ T7735] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.996669][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 205.010529][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 205.058850][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 205.068088][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 205.204171][ T5145] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 205.249182][ T7966] FAULT_INJECTION: forcing a failure. [ 205.249182][ T7966] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 205.316044][ T7966] CPU: 1 PID: 7966 Comm: syz.1.524 Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0 [ 205.326087][ T7966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 205.336170][ T7966] Call Trace: [ 205.339496][ T7966] [ 205.339508][ T7966] dump_stack_lvl+0x241/0x360 [ 205.347133][ T7966] ? __pfx_dump_stack_lvl+0x10/0x10 [ 205.347172][ T7966] ? __pfx__printk+0x10/0x10 [ 205.347213][ T7966] ? __pfx_lock_release+0x10/0x10 [ 205.347239][ T7966] should_fail_ex+0x3b0/0x4e0 [ 205.347267][ T7966] _copy_from_user+0x2f/0xe0 [ 205.371739][ T7966] copy_msghdr_from_user+0xae/0x680 [ 205.376992][ T7966] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 205.382841][ T7966] __sys_sendmsg+0x23d/0x3a0 [ 205.387563][ T7966] ? __pfx___sys_sendmsg+0x10/0x10 [ 205.392738][ T7966] ? vfs_write+0x7c4/0xc90 [ 205.397360][ T7966] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 205.403692][ T7966] ? do_syscall_64+0x100/0x230 [ 205.408551][ T7966] ? do_syscall_64+0xb6/0x230 [ 205.413240][ T7966] do_syscall_64+0xf3/0x230 [ 205.417776][ T7966] ? clear_bhb_loop+0x35/0x90 [ 205.422469][ T7966] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 205.428397][ T7966] RIP: 0033:0x7f1ffb975bd9 [ 205.432820][ T7966] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 205.452527][ T7966] RSP: 002b:00007f1ffc709048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 205.461031][ T7966] RAX: ffffffffffffffda RBX: 00007f1ffbb03f60 RCX: 00007f1ffb975bd9 [ 205.469179][ T7966] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000004 [ 205.477170][ T7966] RBP: 00007f1ffc7090a0 R08: 0000000000000000 R09: 0000000000000000 [ 205.485148][ T7966] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 205.493485][ T7966] R13: 000000000000000b R14: 00007f1ffbb03f60 R15: 00007f1ffbc2fa68 [ 205.501586][ T7966] [ 205.531526][ T7965] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 205.549634][ T7974] IPVS: sync thread started: state = BACKUP, mcast_ifn = dummy0, syncid = 0, id = 0 [ 205.563002][ T7965] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 205.605110][ T5145] usb 3-1: Using ep0 maxpacket: 8 [ 205.627537][ T5145] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 205.657889][ T5145] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 205.657927][ T5145] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 205.657951][ T5145] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 205.657997][ T5145] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 205.658022][ T5145] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 205.879608][ T7977] fuse: Bad value for 'group_id' [ 205.886083][ T5145] usb 3-1: GET_CAPABILITIES returned 0 [ 205.895399][ T5145] usbtmc 3-1:16.0: can't read capabilities [ 206.161403][ T5099] Bluetooth: hci1: ACL packet for unknown connection handle 1 [ 206.197389][ T5143] usb 3-1: USB disconnect, device number 24 [ 206.565338][ T7988] syz_tun: entered promiscuous mode [ 206.585368][ T7988] macvtap1: entered promiscuous mode [ 206.590945][ T7988] macvtap1: entered allmulticast mode [ 206.624120][ T7988] syz_tun: entered allmulticast mode [ 206.642841][ T7988] syz_tun: left allmulticast mode [ 206.660667][ T7988] syz_tun: left promiscuous mode [ 207.455945][ T8015] sctp: [Deprecated]: syz.4.559 (pid 8015) Use of int in maxseg socket option. [ 207.455945][ T8015] Use struct sctp_assoc_value instead [ 208.233247][ T8013] delete_channel: no stack [ 208.328951][ T8024] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 208.362750][ T8029] IPVS: sync thread started: state = BACKUP, mcast_ifn = dummy0, syncid = 0, id = 0 [ 208.381681][ T8024] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 208.478518][ T8032] netlink: 8 bytes leftover after parsing attributes in process `syz.4.566'. [ 208.512560][ T8032] syz_tun: entered promiscuous mode [ 210.137069][ T3207] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 210.423840][ T3207] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 210.559511][ T3207] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 210.687065][ T3207] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 211.034315][ T5144] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 211.076535][ T5090] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 211.086794][ T5090] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 211.097739][ T5090] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 211.108361][ T5090] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 211.121365][ T5090] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 211.129440][ T5090] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 211.305892][ T3207] bridge_slave_1: left allmulticast mode [ 211.328640][ T3207] bridge_slave_1: left promiscuous mode [ 211.370385][ T3207] bridge0: port 2(bridge_slave_1) entered disabled state [ 211.468733][ T3207] bridge_slave_0: left allmulticast mode [ 211.494207][ T3207] bridge_slave_0: left promiscuous mode [ 211.541009][ T3207] bridge0: port 1(bridge_slave_0) entered disabled state [ 212.034345][ T5142] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 212.256031][ T5142] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 212.280087][ T5142] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 212.290571][ T3207] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 212.293269][ T5142] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 212.309133][ T5142] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 212.317675][ T5142] usb 3-1: Product: syz [ 212.322022][ T5142] usb 3-1: Manufacturer: syz [ 212.322500][ T3207] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 212.331558][ T5142] usb 3-1: SerialNumber: syz [ 212.343749][ T3207] bond0 (unregistering): Released all slaves [ 212.366356][ T8116] netlink: 4 bytes leftover after parsing attributes in process `syz.2.589'. [ 212.503517][ T3207] ɶƣ0G0w: left promiscuous mode [ 212.745744][ T3207] IPVS: stopping backup sync thread 6322 ... [ 213.072502][ T8146] netlink: 20 bytes leftover after parsing attributes in process `syz.4.595'. [ 213.204523][ T5099] Bluetooth: hci3: command tx timeout [ 213.468417][ T5142] cdc_ncm 3-1:1.0: bind() failure [ 213.500043][ T5142] cdc_ncm 3-1:1.1: probe with driver cdc_ncm failed with error -71 [ 213.508770][ T8159] binder: 8156:8159 ioctl 400c620e 200001c0 returned -22 [ 213.513789][ T5142] cdc_mbim 3-1:1.1: probe with driver cdc_mbim failed with error -71 [ 213.535106][ T3207] hsr_slave_0: left promiscuous mode [ 213.544009][ T5142] usbtest 3-1:1.1: probe with driver usbtest failed with error -71 [ 213.558714][ T3207] hsr_slave_1: left promiscuous mode [ 213.575847][ T3207] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 213.592899][ T5142] usb 3-1: USB disconnect, device number 25 [ 213.624235][ T3207] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 213.670092][ T3207] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 213.694221][ T3207] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 213.771657][ T3207] veth1_macvtap: left promiscuous mode [ 213.785129][ T3207] veth0_macvtap: left promiscuous mode [ 213.791710][ T3207] veth1_vlan: left promiscuous mode [ 213.798094][ T3207] veth0_vlan: left promiscuous mode [ 214.225967][ T8186] fuse: Bad value for 'group_id' [ 214.552224][ T5143] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 214.691491][ T3207] team0 (unregistering): Port device team_slave_1 removed [ 214.737228][ T5143] usb 3-1: Using ep0 maxpacket: 32 [ 214.754987][ T3207] team0 (unregistering): Port device team_slave_0 removed [ 214.776291][ T5143] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 214.802435][ T5143] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 214.814869][ T5143] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 214.858764][ T5143] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 214.871447][ T5143] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 214.882360][ T5143] usb 3-1: Product: syz [ 214.892600][ T5143] usb 3-1: Manufacturer: syz [ 214.898380][ T5143] usb 3-1: SerialNumber: syz [ 214.917778][ T5143] cdc_ncm 3-1:1.0: skipping garbage [ 214.935719][ T5143] cdc_ncm 3-1:1.0: CDC Union missing and no IAD found [ 214.953227][ T5143] cdc_ncm 3-1:1.0: bind() failure [ 215.276461][ T5099] Bluetooth: hci3: command tx timeout [ 215.352998][ T8193] netlink: 20 bytes leftover after parsing attributes in process `syz.1.608'. [ 215.563438][ T8171] netlink: 28 bytes leftover after parsing attributes in process `syz.0.600'. [ 215.591426][ T8171] netlink: 28 bytes leftover after parsing attributes in process `syz.0.600'. [ 215.609728][ T8171] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 215.621143][ T8171] syz_tun: entered promiscuous mode [ 215.655517][ T8107] chnl_net:caif_netlink_parms(): no params data found [ 215.686624][ T8198] fuse: Bad value for 'fd' [ 216.038814][ T8107] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.060615][ T8107] bridge0: port 1(bridge_slave_0) entered disabled state [ 216.070294][ T8107] bridge_slave_0: entered allmulticast mode [ 216.081025][ T8107] bridge_slave_0: entered promiscuous mode [ 216.098490][ T8107] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.114861][ T8107] bridge0: port 2(bridge_slave_1) entered disabled state [ 216.122574][ T8107] bridge_slave_1: entered allmulticast mode [ 216.133971][ T8107] bridge_slave_1: entered promiscuous mode [ 216.199841][ T7472] syz_tun (unregistering): left promiscuous mode [ 216.308553][ T8107] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 216.323161][ T8107] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 216.422680][ T8107] team0: Port device team_slave_0 added [ 216.450982][ T8107] team0: Port device team_slave_1 added [ 216.500337][ T2834] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 216.613795][ T8107] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 216.635460][ T8107] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 216.678747][ T8107] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 216.808811][ T2834] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 216.843933][ T8107] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 216.860633][ T8107] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 216.909506][ T8107] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 216.923882][ T8224] netlink: 4 bytes leftover after parsing attributes in process `syz.4.615'. [ 216.962172][ T2834] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 216.978377][ T5090] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 216.989781][ T5090] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 216.999008][ T5090] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 217.010061][ T5090] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 217.018103][ T5090] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 217.028327][ T5090] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 217.095950][ T2834] netdevsim netdevsim0 netdevsim0 (unregistering): left promiscuous mode [ 217.107255][ T5143] usb 3-1: USB disconnect, device number 26 [ 217.173293][ T2834] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.214590][ T5145] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 217.219196][ T8107] hsr_slave_0: entered promiscuous mode [ 217.238329][ T8107] hsr_slave_1: entered promiscuous mode [ 217.246122][ T8107] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 217.253685][ T8107] Cannot create hsr debugfs directory [ 217.267421][ T8229] Cannot find set identified by id 3 to match [ 217.364420][ T5090] Bluetooth: hci3: command tx timeout [ 217.442983][ T5145] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 217.505283][ T5145] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 217.535228][ T5145] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 217.560064][ T5145] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 217.629734][ T5145] usb 5-1: Product: syz [ 217.648843][ T5145] usb 5-1: Manufacturer: syz [ 217.654797][ T2834] bridge_slave_1: left allmulticast mode [ 217.667715][ T5145] usb 5-1: SerialNumber: syz [ 217.675518][ T2834] bridge_slave_1: left promiscuous mode [ 217.698032][ T2834] bridge0: port 2(bridge_slave_1) entered disabled state [ 217.736493][ T2834] bridge_slave_0: left allmulticast mode [ 217.747237][ T2834] bridge_slave_0: left promiscuous mode [ 217.766759][ T2834] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.493559][ T2834] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 218.511189][ T2834] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 218.522831][ T2834] bond0 (unregistering): Released all slaves [ 218.904269][ T8224] 8021q: VLANs not supported on ipvlan1 [ 218.919160][ T5145] cdc_ncm 5-1:1.0: bind() failure [ 218.956292][ T5145] cdc_ncm 5-1:1.1: probe with driver cdc_ncm failed with error -71 [ 218.974872][ T5145] cdc_mbim 5-1:1.1: probe with driver cdc_mbim failed with error -71 [ 218.992292][ T5145] usbtest 5-1:1.1: probe with driver usbtest failed with error -71 [ 219.016002][ T5145] usb 5-1: USB disconnect, device number 11 [ 219.116859][ T5090] Bluetooth: hci1: command tx timeout [ 219.426731][ T2834] hsr_slave_0: left promiscuous mode [ 219.434456][ T5090] Bluetooth: hci3: command tx timeout [ 219.458020][ T2834] hsr_slave_1: left promiscuous mode [ 219.488503][ T2834] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 219.513938][ T2834] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 219.536916][ T2834] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 219.548212][ T5099] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 219.559731][ T5099] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 219.569240][ T2834] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 219.579506][ T5099] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 219.589786][ T5099] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 219.600546][ T5099] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 219.608571][ T5099] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 219.638506][ T2834] veth1_macvtap: left promiscuous mode [ 219.648163][ T2834] veth0_macvtap: left promiscuous mode [ 219.656708][ T2834] veth1_vlan: left promiscuous mode [ 219.662600][ T2834] veth0_vlan: left promiscuous mode [ 220.024328][ T5145] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 220.151046][ T2834] team0 (unregistering): Port device team_slave_1 removed [ 220.198134][ T2834] team0 (unregistering): Port device team_slave_0 removed [ 220.236771][ T5145] usb 5-1: config 0 has an invalid interface number: 104 but max is 0 [ 220.251900][ T5145] usb 5-1: config 0 has no interface number 0 [ 220.258766][ T5145] usb 5-1: config 0 interface 104 has no altsetting 0 [ 220.268892][ T5145] usb 5-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=a1.c9 [ 220.279112][ T5145] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 220.287600][ T5145] usb 5-1: Product: syz [ 220.292230][ T5145] usb 5-1: Manufacturer: syz [ 220.297521][ T5145] usb 5-1: SerialNumber: syz [ 220.312527][ T5145] usb 5-1: config 0 descriptor?? [ 220.321837][ T5145] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 220.544963][ T5145] gspca_vc032x: reg_r err -71 [ 220.549739][ T5145] gspca_vc032x: I2c Bus Busy Wait 00 [ 220.560094][ T5145] gspca_vc032x: I2c Bus Busy Wait 00 [ 220.568774][ T5145] gspca_vc032x: I2c Bus Busy Wait 00 [ 220.576196][ T5145] gspca_vc032x: I2c Bus Busy Wait 00 [ 220.581804][ T5145] gspca_vc032x: I2c Bus Busy Wait 00 [ 220.588776][ T5145] gspca_vc032x: I2c Bus Busy Wait 00 [ 220.594878][ T5145] gspca_vc032x: I2c Bus Busy Wait 00 [ 220.600220][ T5145] gspca_vc032x: I2c Bus Busy Wait 00 [ 220.605849][ T5145] gspca_vc032x: I2c Bus Busy Wait 00 [ 220.611174][ T5145] gspca_vc032x: I2c Bus Busy Wait 00 [ 220.616849][ T5145] gspca_vc032x: I2c Bus Busy Wait 00 [ 220.622285][ T5145] gspca_vc032x: I2c Bus Busy Wait 00 [ 220.628009][ T5145] gspca_vc032x: I2c Bus Busy Wait 00 [ 220.633361][ T5145] gspca_vc032x: I2c Bus Busy Wait 00 [ 220.639020][ T5145] gspca_vc032x: I2c Bus Busy Wait 00 [ 220.644879][ T5145] gspca_vc032x: I2c Bus Busy Wait 00 [ 220.650206][ T5145] gspca_vc032x: I2c Bus Busy Wait 00 [ 220.664170][ T5145] gspca_vc032x: I2c Bus Busy Wait 00 [ 220.669883][ T5145] gspca_vc032x: Unknown sensor... [ 220.678088][ T5145] vc032x 5-1:0.104: probe with driver vc032x failed with error -22 [ 220.694591][ T5145] usb 5-1: USB disconnect, device number 12 [ 220.801072][ T8226] chnl_net:caif_netlink_parms(): no params data found [ 221.059648][ T8226] bridge0: port 1(bridge_slave_0) entered blocking state [ 221.070956][ T8226] bridge0: port 1(bridge_slave_0) entered disabled state [ 221.081663][ T8226] bridge_slave_0: entered allmulticast mode [ 221.092978][ T8226] bridge_slave_0: entered promiscuous mode [ 221.117428][ T8226] bridge0: port 2(bridge_slave_1) entered blocking state [ 221.134514][ T8226] bridge0: port 2(bridge_slave_1) entered disabled state [ 221.142010][ T8226] bridge_slave_1: entered allmulticast mode [ 221.155937][ T8226] bridge_slave_1: entered promiscuous mode [ 221.194217][ T5099] Bluetooth: hci1: command tx timeout [ 221.212097][ T8226] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 221.226532][ T8107] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 221.242207][ T8226] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 221.298848][ T8107] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 221.331645][ T8226] team0: Port device team_slave_0 added [ 221.351184][ T8226] team0: Port device team_slave_1 added [ 221.405121][ T8107] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 221.485983][ T8226] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 221.492984][ T8226] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 221.530712][ T8226] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 221.548681][ T8107] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 221.589827][ T8226] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 221.600138][ T8226] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 221.633819][ T8226] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 221.674534][ T5099] Bluetooth: hci0: command tx timeout [ 221.818646][ T8226] hsr_slave_0: entered promiscuous mode [ 221.867791][ T8226] hsr_slave_1: entered promiscuous mode [ 221.889621][ T8274] Cannot find set identified by id 3 to match [ 221.899431][ T8226] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 221.910830][ T8226] Cannot create hsr debugfs directory [ 222.061216][ T2834] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 222.098504][ T8259] chnl_net:caif_netlink_parms(): no params data found [ 222.269096][ T2834] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 222.476313][ T2834] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 222.605170][ T2834] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 222.865516][ T8259] bridge0: port 1(bridge_slave_0) entered blocking state [ 222.889604][ T8259] bridge0: port 1(bridge_slave_0) entered disabled state [ 222.908249][ T8259] bridge_slave_0: entered allmulticast mode [ 222.935564][ T8259] bridge_slave_0: entered promiscuous mode [ 222.946759][ T8259] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.954024][ T8259] bridge0: port 2(bridge_slave_1) entered disabled state [ 222.972305][ T8259] bridge_slave_1: entered allmulticast mode [ 222.995346][ T8284] fuse: Bad value for 'fd' [ 223.006824][ T8259] bridge_slave_1: entered promiscuous mode [ 223.170057][ T8259] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 223.187918][ T8259] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 223.284633][ T5099] Bluetooth: hci1: command tx timeout [ 223.369860][ T8259] team0: Port device team_slave_0 added [ 223.405580][ T8259] team0: Port device team_slave_1 added [ 223.627391][ T8259] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 223.638999][ T8259] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 223.666998][ T8259] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 223.736380][ T2834] bridge_slave_1: left allmulticast mode [ 223.742188][ T2834] bridge_slave_1: left promiscuous mode [ 223.754239][ T5099] Bluetooth: hci0: command tx timeout [ 223.756493][ T2834] bridge0: port 2(bridge_slave_1) entered disabled state [ 223.792971][ T2834] bridge_slave_0: left allmulticast mode [ 223.812354][ T2834] bridge_slave_0: left promiscuous mode [ 223.820614][ T2834] bridge0: port 1(bridge_slave_0) entered disabled state [ 224.197123][ T2834] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 224.208436][ T2834] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 224.220141][ T2834] bond0 (unregistering): Released all slaves [ 224.245460][ T8259] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 224.257666][ T8259] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 224.318220][ T8259] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 224.385103][ T2834] IPVS: stopping backup sync thread 8029 ... [ 224.511163][ T8259] hsr_slave_0: entered promiscuous mode [ 224.520106][ T8259] hsr_slave_1: entered promiscuous mode [ 224.527585][ T8259] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 224.539678][ T8259] Cannot create hsr debugfs directory [ 224.592564][ T8107] 8021q: adding VLAN 0 to HW filter on device bond0 [ 224.729202][ T2834] hsr_slave_0: left promiscuous mode [ 224.742498][ T2834] hsr_slave_1: left promiscuous mode [ 224.748767][ T2834] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 224.760896][ T2834] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 224.769397][ T2834] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 224.777798][ T2834] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 224.797472][ T2834] veth1_macvtap: left promiscuous mode [ 224.803100][ T2834] veth0_macvtap: left promiscuous mode [ 224.809066][ T2834] veth1_vlan: left promiscuous mode [ 224.814483][ T2834] veth0_vlan: left promiscuous mode [ 225.224247][ T5142] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 225.292141][ T2834] team0 (unregistering): Port device team_slave_1 removed [ 225.334123][ T2834] team0 (unregistering): Port device team_slave_0 removed [ 225.354736][ T5099] Bluetooth: hci1: command tx timeout [ 225.436905][ T5142] usb 5-1: config 0 has an invalid interface number: 104 but max is 0 [ 225.445865][ T5142] usb 5-1: config 0 has no interface number 0 [ 225.460543][ T5142] usb 5-1: config 0 interface 104 has no altsetting 0 [ 225.472431][ T5142] usb 5-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=a1.c9 [ 225.495375][ T5142] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 225.503440][ T5142] usb 5-1: Product: syz [ 225.514125][ T5142] usb 5-1: Manufacturer: syz [ 225.518957][ T5142] usb 5-1: SerialNumber: syz [ 225.533456][ T5142] usb 5-1: config 0 descriptor?? [ 225.548364][ T5142] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 225.780559][ T5142] gspca_vc032x: reg_r err -71 [ 225.799343][ T5142] gspca_vc032x: I2c Bus Busy Wait 00 [ 225.810388][ T5142] gspca_vc032x: I2c Bus Busy Wait 00 [ 225.817643][ T5142] gspca_vc032x: I2c Bus Busy Wait 00 [ 225.823170][ T5142] gspca_vc032x: I2c Bus Busy Wait 00 [ 225.834601][ T5142] gspca_vc032x: I2c Bus Busy Wait 00 [ 225.835987][ T5099] Bluetooth: hci0: command tx timeout [ 225.840439][ T5142] gspca_vc032x: I2c Bus Busy Wait 00 [ 225.840454][ T5142] gspca_vc032x: I2c Bus Busy Wait 00 [ 225.840464][ T5142] gspca_vc032x: I2c Bus Busy Wait 00 [ 225.840473][ T5142] gspca_vc032x: I2c Bus Busy Wait 00 [ 225.840482][ T5142] gspca_vc032x: I2c Bus Busy Wait 00 [ 225.877000][ T5142] gspca_vc032x: I2c Bus Busy Wait 00 [ 225.882987][ T5142] gspca_vc032x: I2c Bus Busy Wait 00 [ 225.889112][ T5142] gspca_vc032x: I2c Bus Busy Wait 00 [ 225.899614][ T5142] gspca_vc032x: I2c Bus Busy Wait 00 [ 225.905451][ T5142] gspca_vc032x: I2c Bus Busy Wait 00 [ 225.911139][ T5142] gspca_vc032x: I2c Bus Busy Wait 00 [ 225.917449][ T5142] gspca_vc032x: I2c Bus Busy Wait 00 [ 225.923613][ T5142] gspca_vc032x: I2c Bus Busy Wait 00 [ 225.933511][ T5142] gspca_vc032x: Unknown sensor... [ 225.940678][ T5142] vc032x 5-1:0.104: probe with driver vc032x failed with error -22 [ 225.961001][ T5142] usb 5-1: USB disconnect, device number 13 [ 226.159294][ T8107] 8021q: adding VLAN 0 to HW filter on device team0 [ 226.254997][ T5142] bridge0: port 1(bridge_slave_0) entered blocking state [ 226.262268][ T5142] bridge0: port 1(bridge_slave_0) entered forwarding state [ 226.328810][ T8226] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 226.348872][ T8226] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 226.386990][ T8226] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 226.432741][ T5142] bridge0: port 2(bridge_slave_1) entered blocking state [ 226.440009][ T5142] bridge0: port 2(bridge_slave_1) entered forwarding state [ 226.460978][ T8226] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 226.753555][ T8107] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 227.050756][ T5090] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 227.053751][ T2834] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 227.071092][ T8327] kvm: emulating exchange as write [ 227.078682][ T5090] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 227.088130][ T5090] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 227.102547][ T5090] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 227.112376][ T5090] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 227.122181][ T5090] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 227.293624][ T2834] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 227.396513][ T8107] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 227.446671][ T2834] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 227.612677][ T2834] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 227.807854][ T8226] 8021q: adding VLAN 0 to HW filter on device bond0 [ 227.859818][ T8107] veth0_vlan: entered promiscuous mode [ 227.914522][ T5099] Bluetooth: hci0: command tx timeout [ 227.989530][ T8259] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 228.009362][ T8259] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 228.028329][ T8259] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 228.130643][ T8107] veth1_vlan: entered promiscuous mode [ 228.147223][ T8259] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 228.165226][ T8226] 8021q: adding VLAN 0 to HW filter on device team0 [ 228.332296][ T5145] bridge0: port 1(bridge_slave_0) entered blocking state [ 228.339550][ T5145] bridge0: port 1(bridge_slave_0) entered forwarding state [ 228.411785][ T2834] bridge_slave_1: left allmulticast mode [ 228.422674][ T2834] bridge_slave_1: left promiscuous mode [ 228.430234][ T2834] bridge0: port 2(bridge_slave_1) entered disabled state [ 228.445899][ T2834] bridge_slave_0: left allmulticast mode [ 228.451613][ T2834] bridge_slave_0: left promiscuous mode [ 228.458988][ T2834] bridge0: port 1(bridge_slave_0) entered disabled state [ 228.611856][ T5143] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 228.824206][ T5143] usb 5-1: Using ep0 maxpacket: 32 [ 228.835621][ T5143] usb 5-1: config index 0 descriptor too short (expected 156, got 27) [ 228.844364][ T5143] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 228.867404][ T5143] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 228.883503][ T5143] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 228.899877][ T5143] usb 5-1: Product: syz [ 228.911768][ T5143] usb 5-1: Manufacturer: syz [ 228.916908][ T5143] usb 5-1: SerialNumber: syz [ 228.939925][ T5143] usb 5-1: config 0 descriptor?? [ 228.960273][ T5143] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 228.990938][ T5143] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 229.073160][ T2834] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 229.087512][ T2834] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 229.106241][ T2834] bond0 (unregistering): Released all slaves [ 229.132109][ T5145] bridge0: port 2(bridge_slave_1) entered blocking state [ 229.139370][ T5145] bridge0: port 2(bridge_slave_1) entered forwarding state [ 229.194243][ T5099] Bluetooth: hci4: command tx timeout [ 229.318375][ T8336] chnl_net:caif_netlink_parms(): no params data found [ 229.460584][ T8107] veth0_macvtap: entered promiscuous mode [ 229.604713][ T8107] veth1_macvtap: entered promiscuous mode [ 229.735662][ T2834] hsr_slave_0: left promiscuous mode [ 229.746223][ T2834] hsr_slave_1: left promiscuous mode [ 229.752585][ T2834] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 229.771112][ T2834] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 229.780777][ T2834] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 229.789811][ T2834] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 229.827507][ T2834] veth1_macvtap: left promiscuous mode [ 229.841019][ T2834] veth0_macvtap: left promiscuous mode [ 229.847225][ T2834] veth1_vlan: left promiscuous mode [ 229.852702][ T2834] veth0_vlan: left promiscuous mode [ 230.583787][ T2834] team0 (unregistering): Port device team_slave_1 removed [ 230.639471][ T2834] team0 (unregistering): Port device team_slave_0 removed [ 231.044697][ T5143] usb 5-1: USB disconnect, device number 14 [ 231.063465][ T5143] ldusb 5-1:0.0: LD USB Device #0 now disconnected [ 231.158069][ T8336] bridge0: port 1(bridge_slave_0) entered blocking state [ 231.168335][ T8336] bridge0: port 1(bridge_slave_0) entered disabled state [ 231.176405][ T8336] bridge_slave_0: entered allmulticast mode [ 231.186692][ T8336] bridge_slave_0: entered promiscuous mode [ 231.196801][ T8336] bridge0: port 2(bridge_slave_1) entered blocking state [ 231.204363][ T8336] bridge0: port 2(bridge_slave_1) entered disabled state [ 231.211593][ T8336] bridge_slave_1: entered allmulticast mode [ 231.219066][ T8336] bridge_slave_1: entered promiscuous mode [ 231.254389][ T8336] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 231.275427][ T5099] Bluetooth: hci4: command tx timeout [ 231.301671][ T8336] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 231.318085][ T8107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 231.329247][ T8107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 231.346711][ T8107] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 231.392363][ T8107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 231.405627][ T8107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 231.417491][ T8107] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 231.438863][ T8336] team0: Port device team_slave_0 added [ 231.461420][ T8336] team0: Port device team_slave_1 added [ 231.522964][ T8107] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 231.538796][ T8107] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 231.548484][ T8107] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 231.557414][ T8107] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 231.580917][ T8336] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 231.591933][ T8336] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 231.643097][ T8336] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 231.678223][ T8336] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 231.708884][ T8336] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 231.752457][ T8336] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 231.810201][ T8226] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 231.843371][ T8259] 8021q: adding VLAN 0 to HW filter on device bond0 [ 231.932776][ T8336] hsr_slave_0: entered promiscuous mode [ 231.939857][ T8336] hsr_slave_1: entered promiscuous mode [ 231.961069][ T8259] 8021q: adding VLAN 0 to HW filter on device team0 [ 232.071413][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 232.078662][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 232.122616][ T5142] bridge0: port 2(bridge_slave_1) entered blocking state [ 232.129860][ T5142] bridge0: port 2(bridge_slave_1) entered forwarding state [ 232.233534][ T2781] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 232.253888][ T2781] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 232.365718][ T3207] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 232.404865][ T3207] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 232.464190][ T8226] veth0_vlan: entered promiscuous mode [ 232.567915][ T8226] veth1_vlan: entered promiscuous mode [ 232.633833][ T8259] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 232.741496][ T8226] veth0_macvtap: entered promiscuous mode [ 232.752238][ T8445] netlink: 4 bytes leftover after parsing attributes in process `syz.3.580'. [ 232.760656][ T8226] veth1_macvtap: entered promiscuous mode [ 232.882688][ T8226] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 232.893939][ T8226] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 232.906492][ T8226] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 232.917145][ T8226] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 232.931275][ T8226] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 232.957517][ T8259] veth0_vlan: entered promiscuous mode [ 232.971403][ T8449] fuse: Bad value for 'fd' [ 232.990257][ T8226] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 233.013706][ T8226] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.025806][ T8226] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 233.037164][ T8226] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.049539][ T8226] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 233.068505][ T8259] veth1_vlan: entered promiscuous mode [ 233.102070][ T8226] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.112404][ T8226] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.123196][ T8226] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.133921][ T8226] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.201409][ T8336] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 233.229996][ T8336] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 233.273831][ T8336] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 233.299479][ T8336] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 233.339131][ T8259] veth0_macvtap: entered promiscuous mode [ 233.357716][ T5099] Bluetooth: hci4: command tx timeout [ 233.395254][ T8259] veth1_macvtap: entered promiscuous mode [ 233.511659][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 233.536602][ T8259] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 233.556615][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 233.581624][ T8259] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.600897][ T8259] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 233.612269][ T8259] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.629419][ T8259] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 233.640368][ T8259] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.653981][ T8259] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 233.727205][ T8463] Cannot find set identified by id 3 to match [ 233.750067][ T2834] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 233.758992][ T8259] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 233.759019][ T8259] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.759030][ T8259] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 233.759041][ T8259] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.759051][ T8259] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 233.759063][ T8259] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.760463][ T8259] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 233.860985][ T8259] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.877628][ T2834] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 233.888316][ T8259] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.902836][ T8259] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.932486][ T8259] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 234.328582][ T2834] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 234.350717][ T2834] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 234.375439][ T8336] 8021q: adding VLAN 0 to HW filter on device bond0 [ 234.540064][ T8336] 8021q: adding VLAN 0 to HW filter on device team0 [ 234.546106][ T3207] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 234.561106][ T3207] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 234.595337][ T5144] bridge0: port 1(bridge_slave_0) entered blocking state [ 234.602520][ T5144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 234.642837][ T5146] bridge0: port 2(bridge_slave_1) entered blocking state [ 234.650175][ T5146] bridge0: port 2(bridge_slave_1) entered forwarding state [ 234.726051][ T5143] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 234.841422][ T8336] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 234.935926][ T5143] usb 1-1: Using ep0 maxpacket: 16 [ 234.951649][ T5143] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 234.979471][ T8336] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 234.993310][ T5143] usb 1-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 235.046215][ T5143] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 235.093069][ T5143] usb 1-1: config 0 descriptor?? [ 235.170802][ T8336] veth0_vlan: entered promiscuous mode [ 235.188930][ T8336] veth1_vlan: entered promiscuous mode [ 235.279109][ T8336] veth0_macvtap: entered promiscuous mode [ 235.314075][ T8336] veth1_macvtap: entered promiscuous mode [ 235.338219][ T8478] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 235.348689][ T8336] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 235.354649][ T8478] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 235.379641][ T8336] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.390081][ T8336] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 235.401560][ T8336] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.412806][ T8336] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 235.435779][ T5099] Bluetooth: hci4: command tx timeout [ 235.455208][ T8336] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.466984][ T8336] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 235.477721][ T8336] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.490824][ T8336] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 235.520087][ T8336] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 235.537883][ T8336] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.575695][ T8336] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 235.586783][ T8336] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.597790][ T8336] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 235.609163][ T8336] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.619819][ T8336] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 235.630709][ T8336] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.642930][ T8336] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 235.682861][ T8336] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 235.703793][ T8336] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 235.724268][ T8336] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 235.749809][ T8336] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.128754][ T7461] syz_tun (unregistering): left promiscuous mode [ 236.582786][ T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 236.642349][ T8504] netlink: 'syz.3.647': attribute type 11 has an invalid length. [ 236.968944][ T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 237.066262][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 237.105527][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 237.208196][ T8512] Cannot find set identified by id 3 to match [ 237.346966][ T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 237.414765][ T8515] Cannot find set identified by id 3 to match [ 237.560862][ T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 237.590606][ T5090] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 237.600262][ T5090] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 237.611129][ T5090] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 237.622255][ T5090] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 237.631623][ T5090] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 237.639817][ T5090] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 237.718067][ T2781] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 237.772082][ T2781] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 238.089339][ T8522] netlink: 'syz.2.640': attribute type 29 has an invalid length. [ 238.311425][ T8523] vivid-007: disconnect [ 238.345437][ T8523] usb usb8: usbfs: process 8523 (syz.1.653) did not claim interface 0 before use [ 238.377560][ T8520] vivid-007: reconnect [ 238.382799][ T8522] netlink: 'syz.2.640': attribute type 29 has an invalid length. [ 238.422115][ T12] bridge_slave_1: left allmulticast mode [ 238.444315][ T12] bridge_slave_1: left promiscuous mode [ 238.476275][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 238.573862][ T12] bridge_slave_0: left allmulticast mode [ 238.591488][ T12] bridge_slave_0: left promiscuous mode [ 238.615153][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 238.689556][ T8478] syz.0.642 (8478): drop_caches: 2 [ 238.761922][ T5143] usbhid 1-1:0.0: can't add hid device: -71 [ 238.785393][ T5143] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 238.802360][ T8540] Cannot find set identified by id 3 to match [ 238.821488][ T5143] usb 1-1: USB disconnect, device number 18 [ 238.866162][ T8539] fuse: Invalid rootmode [ 239.452592][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 239.485698][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 239.518217][ T12] bond0 (unregistering): Released all slaves [ 239.675700][ T5090] Bluetooth: hci2: command tx timeout [ 239.713286][ T8551] netlink: 'syz.3.660': attribute type 6 has an invalid length. [ 239.768000][ T12] IPVS: stopping backup sync thread 7974 ... [ 239.951470][ T8563] Cannot find set identified by id 3 to match [ 240.278196][ T8517] chnl_net:caif_netlink_parms(): no params data found [ 240.369973][ T12] hsr_slave_0: left promiscuous mode [ 240.389683][ T12] hsr_slave_1: left promiscuous mode [ 240.405270][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 240.422122][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 240.469008][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 240.477044][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 240.568671][ T12] veth1_macvtap: left promiscuous mode [ 240.580217][ T12] veth0_macvtap: left promiscuous mode [ 240.608887][ T12] veth1_vlan: left promiscuous mode [ 240.618946][ T12] veth0_vlan: left promiscuous mode [ 240.844538][ T8579] netlink: 'syz.2.663': attribute type 11 has an invalid length. [ 240.961735][ T8584] Cannot find set identified by id 3 to match [ 241.739696][ T12] team0 (unregistering): Port device team_slave_1 removed [ 241.763450][ T5090] Bluetooth: hci2: command tx timeout [ 241.852928][ T12] team0 (unregistering): Port device team_slave_0 removed [ 242.124727][ T5143] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 242.309773][ T8591] Cannot find set identified by id 3 to match [ 242.327222][ T5143] usb 4-1: Using ep0 maxpacket: 16 [ 242.346090][ T5143] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 242.369139][ T5143] usb 4-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 242.401730][ T5143] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 242.431695][ T5143] usb 4-1: config 0 descriptor?? [ 242.646193][ T8588] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 242.687190][ T8588] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 242.693494][ T8593] FAULT_INJECTION: forcing a failure. [ 242.693494][ T8593] name failslab, interval 1, probability 0, space 0, times 0 [ 242.722475][ T8593] CPU: 0 PID: 8593 Comm: syz.2.669 Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0 [ 242.732508][ T8593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 242.742749][ T8593] Call Trace: [ 242.746061][ T8593] [ 242.749426][ T8593] dump_stack_lvl+0x241/0x360 [ 242.754395][ T8593] ? __pfx_dump_stack_lvl+0x10/0x10 [ 242.759648][ T8593] ? __pfx__printk+0x10/0x10 [ 242.764297][ T8593] ? __pfx___might_resched+0x10/0x10 [ 242.769781][ T8593] should_fail_ex+0x3b0/0x4e0 [ 242.774551][ T8593] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 242.780326][ T8593] should_failslab+0x9/0x20 [ 242.784872][ T8593] __kmalloc_noprof+0xd8/0x400 [ 242.789697][ T8593] ? kfree+0x4e/0x360 [ 242.793761][ T8593] tomoyo_realpath_from_path+0xcf/0x5e0 [ 242.799369][ T8593] tomoyo_path_number_perm+0x23a/0x880 [ 242.804887][ T8593] ? tomoyo_path_number_perm+0x208/0x880 [ 242.810756][ T8593] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 242.816874][ T8593] ? __fget_files+0x29/0x470 [ 242.821487][ T8593] ? __fget_files+0x3f6/0x470 [ 242.826209][ T8593] ? __fget_files+0x29/0x470 [ 242.830879][ T8593] security_file_ioctl+0x75/0xb0 [ 242.836122][ T8593] __se_sys_ioctl+0x47/0x170 [ 242.840759][ T8593] do_syscall_64+0xf3/0x230 [ 242.845354][ T8593] ? clear_bhb_loop+0x35/0x90 [ 242.850103][ T8593] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 242.856028][ T8593] RIP: 0033:0x7f7737575bd9 [ 242.860505][ T8593] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 242.882510][ T8593] RSP: 002b:00007f7738419048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 242.891246][ T8593] RAX: ffffffffffffffda RBX: 00007f7737703f60 RCX: 00007f7737575bd9 [ 242.899425][ T8593] RDX: 0000000020000200 RSI: 0000000080045519 RDI: 0000000000000003 [ 242.907507][ T8593] RBP: 00007f77384190a0 R08: 0000000000000000 R09: 0000000000000000 [ 242.916724][ T8593] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 242.924819][ T8593] R13: 000000000000000b R14: 00007f7737703f60 R15: 00007f773782fa68 [ 242.933016][ T8593] [ 243.064311][ T8593] ERROR: Out of memory at tomoyo_realpath_from_path. [ 243.363196][ T8517] bridge0: port 1(bridge_slave_0) entered blocking state [ 243.392172][ T8517] bridge0: port 1(bridge_slave_0) entered disabled state [ 243.443631][ T8517] bridge_slave_0: entered allmulticast mode [ 243.470223][ T8517] bridge_slave_0: entered promiscuous mode [ 243.531455][ T8517] bridge0: port 2(bridge_slave_1) entered blocking state [ 243.564727][ T8517] bridge0: port 2(bridge_slave_1) entered disabled state [ 243.606008][ T8517] bridge_slave_1: entered allmulticast mode [ 243.648126][ T8517] bridge_slave_1: entered promiscuous mode [ 243.828952][ T8517] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 243.838319][ T5090] Bluetooth: hci2: command tx timeout [ 243.862653][ T8588] syz.3.667 (8588): drop_caches: 2 [ 243.888554][ T5143] usbhid 4-1:0.0: can't add hid device: -71 [ 243.914477][ T5143] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 243.933366][ T8517] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 243.948769][ T5143] usb 4-1: USB disconnect, device number 15 [ 244.067673][ T5099] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 244.083224][ T8517] team0: Port device team_slave_0 added [ 244.108477][ T5099] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 244.117499][ T5099] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 244.126079][ T5099] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 244.133938][ T5099] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 244.143045][ T5099] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 244.246592][ T8517] team0: Port device team_slave_1 added [ 244.498464][ T8517] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 244.535788][ T8517] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 244.590755][ T8517] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 244.693652][ T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 244.724289][ T58] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 244.765573][ T8517] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 244.780590][ T8517] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 244.816837][ T8517] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 244.865889][ T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 244.910436][ T58] usb 3-1: too many configurations: 205, using maximum allowed: 8 [ 244.923071][ T5090] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 244.935889][ T5090] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 244.945356][ T5090] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 244.955055][ T5090] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 244.963951][ T5090] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 244.973404][ T5090] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 244.974493][ T5145] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 244.986340][ T58] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 244.997066][ T58] usb 3-1: can't read configurations, error -61 [ 245.039705][ T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 245.060457][ T8517] hsr_slave_0: entered promiscuous mode [ 245.066980][ T8517] hsr_slave_1: entered promiscuous mode [ 245.073436][ T8517] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 245.082082][ T8517] Cannot create hsr debugfs directory [ 245.107540][ T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 245.164522][ T58] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 245.199410][ T5145] usb 4-1: Using ep0 maxpacket: 8 [ 245.223097][ T5145] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 245.249832][ T5145] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint descriptor of length 6, skipping [ 245.278416][ T5145] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 245.317920][ T5145] usb 4-1: New USB device found, idVendor=0471, idProduct=0311, bcdDevice=81.d5 [ 245.365242][ T58] usb 3-1: too many configurations: 205, using maximum allowed: 8 [ 245.372295][ T5145] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 245.383122][ T5145] usb 4-1: Product: syz [ 245.396049][ T58] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 245.401914][ T5145] usb 4-1: Manufacturer: syz [ 245.403675][ T58] usb 3-1: can't read configurations, error -61 [ 245.408883][ T5145] usb 4-1: SerialNumber: syz [ 245.434328][ T58] usb usb3-port1: attempt power cycle [ 245.460591][ T5145] usb 4-1: config 0 descriptor?? [ 245.469312][ T5145] pwc: Philips PCVC740K (ToUCam Pro)/PCVC840 (ToUCam II) USB webcam detected. [ 245.771616][ T12] bridge_slave_1: left allmulticast mode [ 245.781941][ T12] bridge_slave_1: left promiscuous mode [ 245.808553][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 245.828310][ T12] bridge_slave_0: left allmulticast mode [ 245.835407][ T12] bridge_slave_0: left promiscuous mode [ 245.841815][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 245.864300][ T58] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 245.912683][ T58] usb 3-1: too many configurations: 205, using maximum allowed: 8 [ 245.921691][ T5090] Bluetooth: hci2: command tx timeout [ 245.936118][ T8626] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 245.954323][ T58] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 245.962529][ T58] usb 3-1: can't read configurations, error -61 [ 245.965369][ T8626] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 246.117325][ T58] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 246.169698][ T58] usb 3-1: too many configurations: 205, using maximum allowed: 8 [ 246.180370][ T58] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 246.200874][ T58] usb 3-1: can't read configurations, error -61 [ 246.210166][ T58] usb usb3-port1: unable to enumerate USB device [ 246.234771][ T5090] Bluetooth: hci0: command tx timeout [ 246.371364][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 246.383984][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 246.395777][ T12] bond0 (unregistering): Released all slaves [ 246.445679][ T8648] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.678'. [ 246.492744][ T8647] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.678'. [ 246.603705][ T8615] chnl_net:caif_netlink_parms(): no params data found [ 246.623283][ T5145] pwc: Failed to set LED on/off time (-71) [ 246.629901][ T5145] pwc: send_video_command error -71 [ 246.644218][ T5145] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 246.660774][ T5145] Philips webcam 4-1:0.0: probe with driver Philips webcam failed with error -71 [ 246.682953][ T5145] usb 4-1: USB disconnect, device number 16 [ 246.991487][ T8628] chnl_net:caif_netlink_parms(): no params data found [ 247.019600][ T8615] bridge0: port 1(bridge_slave_0) entered blocking state [ 247.027135][ T8615] bridge0: port 1(bridge_slave_0) entered disabled state [ 247.035115][ T5090] Bluetooth: hci1: command tx timeout [ 247.035924][ T8615] bridge_slave_0: entered allmulticast mode [ 247.048427][ T8615] bridge_slave_0: entered promiscuous mode [ 247.062329][ T12] hsr_slave_0: left promiscuous mode [ 247.069034][ T12] hsr_slave_1: left promiscuous mode [ 247.075278][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 247.085141][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 247.093102][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 247.101467][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 247.122781][ T12] veth1_macvtap: left promiscuous mode [ 247.128526][ T12] veth0_macvtap: left promiscuous mode [ 247.134588][ T12] veth1_vlan: left promiscuous mode [ 247.139940][ T12] veth0_vlan: left promiscuous mode [ 247.301751][ T8658] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 247.308337][ T8658] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 247.319572][ T8658] vhci_hcd vhci_hcd.0: Device attached [ 247.341066][ T29] audit: type=1326 audit(1720216789.248:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8656 comm="syz.3.679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23fd975bd9 code=0x7ffc0000 [ 247.364231][ T8659] vhci_hcd: cannot find the pending unlink 2147483648 [ 247.372440][ T29] audit: type=1326 audit(1720216789.248:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8656 comm="syz.3.679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23fd975bd9 code=0x7ffc0000 [ 247.398065][ T29] audit: type=1326 audit(1720216789.248:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8656 comm="syz.3.679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f23fd975bd9 code=0x7ffc0000 [ 247.420814][ T29] audit: type=1326 audit(1720216789.248:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8656 comm="syz.3.679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23fd975bd9 code=0x7ffc0000 [ 247.444011][ T29] audit: type=1326 audit(1720216789.248:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8656 comm="syz.3.679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f23fd975bd9 code=0x7ffc0000 [ 247.477648][ T29] audit: type=1326 audit(1720216789.248:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8656 comm="syz.3.679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23fd975bd9 code=0x7ffc0000 [ 247.503477][ T29] audit: type=1326 audit(1720216789.248:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8656 comm="syz.3.679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23fd975bd9 code=0x7ffc0000 [ 247.526784][ T29] audit: type=1326 audit(1720216789.248:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8656 comm="syz.3.679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=74 compat=0 ip=0x7f23fd975bd9 code=0x7ffc0000 [ 247.553101][ T29] audit: type=1326 audit(1720216789.248:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8656 comm="syz.3.679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23fd975bd9 code=0x7ffc0000 [ 247.584227][ T5144] usb 15-1: new high-speed USB device number 2 using vhci_hcd [ 247.605144][ T29] audit: type=1326 audit(1720216789.248:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8656 comm="syz.3.679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f23fd975bd9 code=0x7ffc0000 [ 247.650496][ T8663] Cannot find set identified by id 3 to match [ 248.046762][ T8659] vhci_hcd: connection reset by peer [ 248.072100][ T2781] vhci_hcd: stop threads [ 248.083777][ T2781] vhci_hcd: release socket [ 248.115525][ T2781] vhci_hcd: disconnect device [ 248.117295][ T12] team0 (unregistering): Port device team_slave_1 removed [ 248.187262][ T12] team0 (unregistering): Port device team_slave_0 removed [ 248.315345][ T5090] Bluetooth: hci0: command tx timeout [ 248.821812][ T8615] bridge0: port 2(bridge_slave_1) entered blocking state [ 248.829448][ T8615] bridge0: port 2(bridge_slave_1) entered disabled state [ 248.837739][ T8615] bridge_slave_1: entered allmulticast mode [ 248.846657][ T8615] bridge_slave_1: entered promiscuous mode [ 248.951978][ T8615] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 249.008632][ T8615] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 249.114148][ T5090] Bluetooth: hci1: command tx timeout [ 249.186501][ T8517] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 249.208407][ T8517] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 249.246661][ T8628] bridge0: port 1(bridge_slave_0) entered blocking state [ 249.261494][ T8628] bridge0: port 1(bridge_slave_0) entered disabled state [ 249.269070][ T8628] bridge_slave_0: entered allmulticast mode [ 249.278111][ T8628] bridge_slave_0: entered promiscuous mode [ 249.285919][ T8517] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 249.324914][ T8615] team0: Port device team_slave_0 added [ 249.340568][ T8628] bridge0: port 2(bridge_slave_1) entered blocking state [ 249.352174][ T8628] bridge0: port 2(bridge_slave_1) entered disabled state [ 249.362188][ T8628] bridge_slave_1: entered allmulticast mode [ 249.371760][ T8628] bridge_slave_1: entered promiscuous mode [ 249.421696][ T8517] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 249.438403][ T8615] team0: Port device team_slave_1 added [ 249.579273][ T8615] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 249.586591][ T8615] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 249.618212][ T8615] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 249.633318][ T8615] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 249.643807][ T8615] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 249.671654][ T8615] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 249.692103][ T8628] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 249.779870][ T8628] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 249.905829][ T8615] hsr_slave_0: entered promiscuous mode [ 249.913125][ T8615] hsr_slave_1: entered promiscuous mode [ 249.923145][ T8615] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 249.944276][ T8615] Cannot create hsr debugfs directory [ 249.956385][ T8628] team0: Port device team_slave_0 added [ 250.086602][ T8628] team0: Port device team_slave_1 added [ 250.157084][ T8683] fuse: Invalid rootmode [ 250.260189][ T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 250.404571][ T5090] Bluetooth: hci0: command tx timeout [ 250.511580][ T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 250.522922][ T5099] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 250.544029][ T5099] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 250.556208][ T5099] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 250.572361][ T5099] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 250.575675][ T8628] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 250.596080][ T8628] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 250.596107][ T5099] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 250.630182][ T8628] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 250.649643][ T5099] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 250.651743][ T8628] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 250.667249][ T8628] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 250.693612][ T8628] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 250.761037][ T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 250.850566][ T8628] hsr_slave_0: entered promiscuous mode [ 250.857443][ T8628] hsr_slave_1: entered promiscuous mode [ 250.864236][ T8628] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 250.872166][ T8628] Cannot create hsr debugfs directory [ 250.913622][ T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 251.194987][ T5099] Bluetooth: hci1: command tx timeout [ 251.353742][ T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 251.454350][ T8517] 8021q: adding VLAN 0 to HW filter on device bond0 [ 251.587385][ T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 251.672295][ T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 251.693329][ T8517] 8021q: adding VLAN 0 to HW filter on device team0 [ 251.710350][ T5145] bridge0: port 1(bridge_slave_0) entered blocking state [ 251.717747][ T5145] bridge0: port 1(bridge_slave_0) entered forwarding state [ 251.755762][ T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 251.773217][ T8698] chnl_net:caif_netlink_parms(): no params data found [ 251.797044][ T7816] bridge0: port 2(bridge_slave_1) entered blocking state [ 251.804233][ T7816] bridge0: port 2(bridge_slave_1) entered forwarding state [ 252.029495][ T8698] bridge0: port 1(bridge_slave_0) entered blocking state [ 252.048158][ T8698] bridge0: port 1(bridge_slave_0) entered disabled state [ 252.056010][ T8698] bridge_slave_0: entered allmulticast mode [ 252.063437][ T8698] bridge_slave_0: entered promiscuous mode [ 252.142377][ T8698] bridge0: port 2(bridge_slave_1) entered blocking state [ 252.150564][ T8698] bridge0: port 2(bridge_slave_1) entered disabled state [ 252.168746][ T8698] bridge_slave_1: entered allmulticast mode [ 252.180956][ T8698] bridge_slave_1: entered promiscuous mode [ 252.268162][ T8698] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 252.288905][ T12] bridge_slave_1: left allmulticast mode [ 252.296359][ T12] bridge_slave_1: left promiscuous mode [ 252.307808][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 252.318707][ T12] bridge_slave_0: left allmulticast mode [ 252.333989][ T12] bridge_slave_0: left promiscuous mode [ 252.340331][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 252.360746][ T12] bridge_slave_1: left allmulticast mode [ 252.372952][ T12] bridge_slave_1: left promiscuous mode [ 252.382895][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 252.402961][ T12] bridge_slave_0: left allmulticast mode [ 252.411589][ T12] bridge_slave_0: left promiscuous mode [ 252.423626][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 252.474317][ T5099] Bluetooth: hci0: command tx timeout [ 252.714616][ T5099] Bluetooth: hci4: command tx timeout [ 252.715368][ T5144] vhci_hcd: vhci_device speed not set [ 253.279016][ T5099] Bluetooth: hci1: command tx timeout [ 253.572288][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 253.592372][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 253.615275][ T12] bond0 (unregistering): Released all slaves [ 253.764639][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 253.776660][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 253.787976][ T12] bond0 (unregistering): Released all slaves [ 253.808648][ T8698] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 254.030937][ T8698] team0: Port device team_slave_0 added [ 254.046068][ T8698] team0: Port device team_slave_1 added [ 254.202010][ T8698] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 254.211245][ T8698] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 254.247915][ T8698] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 254.355048][ T8698] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 254.362135][ T8698] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 254.397408][ T8698] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 254.531056][ T8517] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 254.536272][ T5090] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 254.548174][ T5090] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 254.572796][ T5090] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 254.594847][ T5090] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 254.604744][ T5090] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 254.613170][ T5090] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 254.655708][ T8698] hsr_slave_0: entered promiscuous mode [ 254.672469][ T8698] hsr_slave_1: entered promiscuous mode [ 254.680460][ T8698] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 254.688713][ T8698] Cannot create hsr debugfs directory [ 254.795848][ T5090] Bluetooth: hci4: command tx timeout [ 254.888066][ T12] hsr_slave_0: left promiscuous mode [ 254.897226][ T12] hsr_slave_1: left promiscuous mode [ 254.903471][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 254.912165][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 254.922933][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 254.931161][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 254.943575][ T12] hsr_slave_0: left promiscuous mode [ 254.950731][ T12] hsr_slave_1: left promiscuous mode [ 254.959660][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 254.968629][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 254.977426][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 254.985559][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 255.017166][ T12] veth1_macvtap: left promiscuous mode [ 255.023018][ T12] veth0_macvtap: left promiscuous mode [ 255.028826][ T12] veth1_vlan: left promiscuous mode [ 255.034293][ T12] veth0_vlan: left promiscuous mode [ 255.040956][ T12] veth1_macvtap: left promiscuous mode [ 255.047726][ T12] veth0_macvtap: left promiscuous mode [ 255.053406][ T12] veth1_vlan: left promiscuous mode [ 255.058891][ T12] veth0_vlan: left promiscuous mode [ 255.612004][ T12] team0 (unregistering): Port device team_slave_1 removed [ 255.659580][ T12] team0 (unregistering): Port device team_slave_0 removed [ 256.253288][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.260323][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.460407][ T12] team0 (unregistering): Port device team_slave_1 removed [ 256.503454][ T12] team0 (unregistering): Port device team_slave_0 removed [ 256.719042][ T5090] Bluetooth: hci3: command tx timeout [ 256.875928][ T5090] Bluetooth: hci4: command tx timeout [ 256.999151][ T8615] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 257.011314][ T8615] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 257.022311][ T8615] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 257.089746][ T8615] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 257.178966][ T8517] veth0_vlan: entered promiscuous mode [ 257.321562][ T8517] veth1_vlan: entered promiscuous mode [ 257.343948][ T8628] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 257.364779][ T8628] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 257.401799][ T8788] chnl_net:caif_netlink_parms(): no params data found [ 257.422231][ T8628] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 257.443347][ T8628] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 257.650367][ T8788] bridge0: port 1(bridge_slave_0) entered blocking state [ 257.658151][ T8788] bridge0: port 1(bridge_slave_0) entered disabled state [ 257.667394][ T8788] bridge_slave_0: entered allmulticast mode [ 257.674880][ T8788] bridge_slave_0: entered promiscuous mode [ 257.720678][ T8517] veth0_macvtap: entered promiscuous mode [ 257.729306][ T8788] bridge0: port 2(bridge_slave_1) entered blocking state [ 257.739036][ T8788] bridge0: port 2(bridge_slave_1) entered disabled state [ 257.746718][ T8788] bridge_slave_1: entered allmulticast mode [ 257.755182][ T8788] bridge_slave_1: entered promiscuous mode [ 257.795755][ T8788] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 257.807971][ T8788] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 257.902152][ T8788] team0: Port device team_slave_0 added [ 257.938127][ T8615] 8021q: adding VLAN 0 to HW filter on device bond0 [ 257.961359][ T8517] veth1_macvtap: entered promiscuous mode [ 257.970477][ T8788] team0: Port device team_slave_1 added [ 258.007166][ T8788] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 258.014651][ T8788] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 258.042152][ T8788] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 258.055645][ T8788] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 258.062616][ T8788] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 258.091681][ T8788] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 258.188679][ T8615] 8021q: adding VLAN 0 to HW filter on device team0 [ 258.222096][ T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 258.283241][ T8788] hsr_slave_0: entered promiscuous mode [ 258.291352][ T8788] hsr_slave_1: entered promiscuous mode [ 258.309205][ T8698] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 258.322860][ T8698] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 258.347100][ T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 258.363346][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 258.370488][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 258.389304][ T8698] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 258.402334][ T8698] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 258.421729][ T8628] 8021q: adding VLAN 0 to HW filter on device bond0 [ 258.489759][ T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 258.517932][ T5144] bridge0: port 2(bridge_slave_1) entered blocking state [ 258.525127][ T5144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 258.567271][ T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 258.601427][ T8517] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 258.612415][ T8517] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 258.629624][ T8517] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 258.642249][ T8517] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 258.653300][ T8517] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 258.667230][ T8517] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 258.681787][ T8517] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 258.691522][ T8517] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 258.700916][ T8517] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 258.710394][ T8517] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 258.759313][ T8628] 8021q: adding VLAN 0 to HW filter on device team0 [ 258.797063][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 258.804629][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 258.804829][ T5099] Bluetooth: hci3: command tx timeout [ 258.833120][ T8615] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 258.887629][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 258.895118][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 258.955265][ T5090] Bluetooth: hci4: command tx timeout [ 259.102212][ T8615] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 259.203383][ T12] bridge_slave_1: left allmulticast mode [ 259.218842][ T12] bridge_slave_1: left promiscuous mode [ 259.233011][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 259.245439][ T12] bridge_slave_0: left allmulticast mode [ 259.251321][ T12] bridge_slave_0: left promiscuous mode [ 259.267786][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 259.675960][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 259.688613][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 259.700779][ T12] bond0 (unregistering): Released all slaves [ 259.876234][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 259.896074][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 259.942414][ T8698] 8021q: adding VLAN 0 to HW filter on device bond0 [ 260.181328][ T12] hsr_slave_0: left promiscuous mode [ 260.202301][ T12] hsr_slave_1: left promiscuous mode [ 260.210116][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 260.225144][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 260.241535][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 260.250844][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 260.290339][ T12] veth1_macvtap: left promiscuous mode [ 260.298047][ T12] veth0_macvtap: left promiscuous mode [ 260.303824][ T12] veth1_vlan: left promiscuous mode [ 260.315652][ T12] veth0_vlan: left promiscuous mode [ 260.780087][ T12] team0 (unregistering): Port device team_slave_1 removed [ 260.820867][ T12] team0 (unregistering): Port device team_slave_0 removed [ 260.884616][ T5090] Bluetooth: hci3: command tx timeout [ 261.282313][ T8698] 8021q: adding VLAN 0 to HW filter on device team0 [ 261.291436][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 261.292499][ T8615] veth0_vlan: entered promiscuous mode [ 261.306711][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 261.359664][ T8615] veth1_vlan: entered promiscuous mode [ 261.413228][ T8628] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 261.496037][ T5141] bridge0: port 1(bridge_slave_0) entered blocking state [ 261.503603][ T5141] bridge0: port 1(bridge_slave_0) entered forwarding state [ 261.648456][ T7816] bridge0: port 2(bridge_slave_1) entered blocking state [ 261.655686][ T7816] bridge0: port 2(bridge_slave_1) entered forwarding state [ 261.678226][ T5090] Bluetooth: hci2: ACL packet for unknown connection handle 1 [ 261.837965][ T8615] veth0_macvtap: entered promiscuous mode [ 261.873407][ T8788] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 261.913105][ T8788] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 261.960960][ T8628] veth0_vlan: entered promiscuous mode [ 261.993551][ T8615] veth1_macvtap: entered promiscuous mode [ 262.096222][ T8788] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 262.137730][ T8788] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 262.284165][ T8615] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 262.303761][ T8615] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 262.335211][ T8615] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 262.373071][ T8628] veth1_vlan: entered promiscuous mode [ 262.410994][ T8615] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 262.423015][ T8615] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 262.437533][ T8615] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 262.486584][ T8698] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 262.510153][ T8615] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 262.532361][ T8615] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 262.554566][ T8615] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 262.564267][ T8615] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 262.788543][ T8628] veth0_macvtap: entered promiscuous mode [ 262.811885][ T8628] veth1_macvtap: entered promiscuous mode [ 262.927287][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 262.942035][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 262.965179][ T5090] Bluetooth: hci3: command tx timeout [ 262.996996][ T8698] veth0_vlan: entered promiscuous mode [ 263.023581][ T8698] veth1_vlan: entered promiscuous mode [ 263.039847][ T8628] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 263.053872][ T8628] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 263.065083][ T8628] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 263.075770][ T8628] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 263.088234][ T8628] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 263.102336][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 263.110883][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 263.142330][ T8788] 8021q: adding VLAN 0 to HW filter on device bond0 [ 263.160504][ T8698] veth0_macvtap: entered promiscuous mode [ 263.192375][ T8788] 8021q: adding VLAN 0 to HW filter on device team0 [ 263.209944][ T8628] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 263.225296][ T8628] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 263.237713][ T8628] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 263.251067][ T8628] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 263.263516][ T8628] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 263.277311][ T8698] veth1_macvtap: entered promiscuous mode [ 263.319173][ T8628] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 263.338537][ T8628] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 263.347980][ T8628] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 263.360292][ T8628] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 263.385349][ T5146] bridge0: port 1(bridge_slave_0) entered blocking state [ 263.392567][ T5146] bridge0: port 1(bridge_slave_0) entered forwarding state [ 263.412085][ T8698] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 263.427565][ T8698] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 263.439772][ T8698] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 263.444521][ T8834] Cannot find set identified by id 3 to match [ 263.452627][ T8698] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 263.469408][ T8698] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 263.494183][ T8698] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 263.512698][ T8698] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 263.549592][ T5146] bridge0: port 2(bridge_slave_1) entered blocking state [ 263.557238][ T5146] bridge0: port 2(bridge_slave_1) entered forwarding state [ 263.637536][ T8698] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 263.659776][ T8698] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 263.689493][ T8698] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 263.701067][ T8698] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 263.718514][ T8698] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 263.731152][ T8698] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 263.758323][ T8698] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 263.817053][ T8698] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 263.846948][ T8698] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 263.861579][ T8698] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 263.872060][ T8698] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 263.983108][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 264.011996][ T8788] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 264.039876][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 264.112553][ T8841] Cannot find set identified by id 3 to match [ 264.170879][ T2781] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 264.204504][ T2781] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 264.222536][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 264.248195][ T8788] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 264.276131][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 264.391183][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 264.422661][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 264.624760][ T8788] veth0_vlan: entered promiscuous mode [ 264.709285][ T8788] veth1_vlan: entered promiscuous mode [ 264.969035][ T8788] veth0_macvtap: entered promiscuous mode [ 265.022864][ T8788] veth1_macvtap: entered promiscuous mode [ 265.081336][ T5090] Bluetooth: hci2: ACL packet for unknown connection handle 1 [ 265.146323][ T8788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 265.245672][ T8788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 265.264891][ T8788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 265.287485][ T8788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 265.317556][ T8788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 265.337414][ T8788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 265.348628][ T8788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 265.422819][ T8788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 265.491184][ T8788] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 265.555207][ T8788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 265.572754][ T8788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 265.620116][ T8788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 265.649141][ T8788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 265.723283][ T8788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 265.753556][ T8788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 265.852402][ T8788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 265.882885][ T8788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 265.912673][ T8788] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 265.990518][ T8788] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 266.021686][ T8788] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 266.045135][ T8788] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 266.059174][ T8788] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 266.068708][ T5145] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 266.286662][ T5145] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 266.348516][ T3207] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 266.361886][ T3207] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 266.377016][ T5145] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 266.404447][ T9] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 266.423768][ T5145] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 266.454574][ T5145] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 266.479395][ T5145] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 266.499761][ T5145] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 266.519232][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 266.520038][ T5145] usb 2-1: Manufacturer: syz [ 266.539184][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 266.555783][ T5145] usb 2-1: config 0 descriptor?? [ 266.636463][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 266.658642][ T9] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 266.678114][ T9] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 266.716848][ T9] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 31016, setting to 1024 [ 266.759689][ T9] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 266.808113][ T9] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 266.833796][ T8877] input: syz0 as /devices/virtual/input/input12 [ 266.841799][ T8878] Cannot find set identified by id 3 to match [ 266.856074][ T9] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 266.890276][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 266.920802][ T8880] veth0_macvtap: left promiscuous mode [ 266.948066][ T8880] macvtap0: entered allmulticast mode [ 266.993103][ T8880] veth0_macvtap: entered promiscuous mode [ 266.998795][ T5145] appleir 0003:05AC:8243.0006: unknown main item tag 0x0 [ 267.014289][ T5145] appleir 0003:05AC:8243.0006: No inputs registered, leaving [ 267.035075][ T8880] veth0_macvtap: entered allmulticast mode [ 267.060069][ T5145] appleir 0003:05AC:8243.0006: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 267.125170][ T8880] team0: Device macvtap0 failed to register rx_handler [ 267.143997][ T8880] veth0_macvtap: left allmulticast mode [ 267.174011][ T8880] veth0_macvtap: left promiscuous mode [ 267.282628][ T8868] fuse: Unknown parameter ' ' [ 267.342183][ T9] usb 3-1: usb_control_msg returned -71 [ 267.376879][ T9] usbtmc 3-1:16.0: can't read capabilities [ 267.447764][ T9] usb 3-1: USB disconnect, device number 31 [ 267.573269][ T8888] Cannot find set identified by id 3 to match [ 268.004846][ T5145] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 268.206055][ T5145] usb 1-1: config 0 has an invalid interface number: 6 but max is 0 [ 268.218287][ T5145] usb 1-1: config 0 has no interface number 0 [ 268.230993][ T5145] usb 1-1: New USB device found, idVendor=05c6, idProduct=904c, bcdDevice=1b.dd [ 268.242795][ T5145] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 268.271919][ T5145] usb 1-1: config 0 descriptor?? [ 268.300260][ T5145] qmi_wwan 1-1:0.6: probe with driver qmi_wwan failed with error -22 [ 268.500456][ T5090] Bluetooth: hci3: ACL packet for unknown connection handle 1 [ 268.569818][ T58] usb 1-1: USB disconnect, device number 19 [ 268.911017][ T8910] netlink: 12 bytes leftover after parsing attributes in process `syz.4.714'. [ 268.969480][ T8910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 268.988486][ T8910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 269.012441][ T8910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 269.024895][ T8910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 269.048130][ T8910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 269.061086][ T8910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 269.071130][ T8910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 269.081923][ T8910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 269.096313][ T8910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 269.126179][ T8910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 269.129718][ T8914] xt_limit: Overflow, try lower: 0/0 [ 269.150272][ T8910] vlan2: entered promiscuous mode [ 269.156688][ T8910] batadv_slave_0: entered promiscuous mode [ 269.187257][ T5142] usb 2-1: USB disconnect, device number 15 [ 269.326352][ T8910] batadv_slave_0: left promiscuous mode [ 269.530025][ T8925] Cannot find set identified by id 3 to match [ 269.552617][ T8927] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 269.616385][ T8929] IPVS: sync thread started: state = BACKUP, mcast_ifn = dummy0, syncid = 0, id = 0 [ 269.655647][ T8916] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 269.767257][ T8934] Cannot find set identified by id 3 to match [ 269.784730][ T5143] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 270.004259][ T5143] usb 2-1: Using ep0 maxpacket: 16 [ 270.021858][ T5143] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 270.058363][ T5143] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 270.078296][ T5143] usb 2-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 270.089780][ T5143] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 270.109128][ T5143] usb 2-1: config 0 descriptor?? [ 270.494497][ T25] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 270.580637][ T5143] usbhid 2-1:0.0: can't add hid device: -71 [ 270.594929][ T5143] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 270.622710][ T5143] usb 2-1: USB disconnect, device number 16 [ 270.642058][ T8946] netlink: 184 bytes leftover after parsing attributes in process `syz.0.724'. [ 270.686210][ T25] usb 4-1: Using ep0 maxpacket: 32 [ 270.703675][ T25] usb 4-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 270.723333][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 270.763156][ T25] usb 4-1: config 0 descriptor?? [ 270.781114][ T25] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 270.954638][ T8951] netlink: 'syz.0.726': attribute type 8 has an invalid length. [ 270.969128][ T5142] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 271.187177][ T5142] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 271.244525][ T5142] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 271.255685][ T8957] can: request_module (can-proto-0) failed. [ 271.292175][ T5142] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 271.322566][ T5142] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 271.368768][ T5142] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 271.379528][ T5142] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 271.403486][ T5142] usb 5-1: Manufacturer: syz [ 271.425455][ T5142] usb 5-1: config 0 descriptor?? [ 271.813230][ T8937] QAT: failed to copy from user cfg_data. [ 271.847610][ T25] gspca_vc032x: reg_w err -71 [ 271.848905][ T5142] appleir 0003:05AC:8243.0007: unknown main item tag 0x0 [ 271.872431][ T25] gspca_vc032x: I2c Bus Busy Wait 00 [ 271.892299][ T25] gspca_vc032x: I2c Bus Busy Wait 00 [ 271.913655][ T25] gspca_vc032x: I2c Bus Busy Wait 00 [ 271.933276][ T25] gspca_vc032x: I2c Bus Busy Wait 00 [ 271.953444][ T5142] appleir 0003:05AC:8243.0007: No inputs registered, leaving [ 271.964640][ T25] gspca_vc032x: I2c Bus Busy Wait 00 [ 271.979081][ T5142] appleir 0003:05AC:8243.0007: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0 [ 271.991470][ T25] gspca_vc032x: I2c Bus Busy Wait 00 [ 272.010435][ T25] gspca_vc032x: I2c Bus Busy Wait 00 [ 272.031169][ T25] gspca_vc032x: I2c Bus Busy Wait 00 [ 272.054963][ T25] gspca_vc032x: I2c Bus Busy Wait 00 [ 272.078551][ T25] gspca_vc032x: I2c Bus Busy Wait 00 [ 272.101552][ T25] gspca_vc032x: I2c Bus Busy Wait 00 [ 272.127447][ T25] gspca_vc032x: I2c Bus Busy Wait 00 [ 272.154696][ T25] gspca_vc032x: I2c Bus Busy Wait 00 [ 272.174640][ T25] gspca_vc032x: I2c Bus Busy Wait 00 [ 272.192974][ T25] gspca_vc032x: I2c Bus Busy Wait 00 [ 272.215340][ T25] gspca_vc032x: I2c Bus Busy Wait 00 [ 272.239112][ T25] gspca_vc032x: I2c Bus Busy Wait 00 [ 272.264265][ T25] gspca_vc032x: I2c Bus Busy Wait 00 [ 272.296050][ T25] gspca_vc032x: Unknown sensor... [ 272.321571][ T25] vc032x 4-1:0.0: probe with driver vc032x failed with error -22 [ 272.379237][ T25] usb 4-1: USB disconnect, device number 17 [ 272.765097][ T8979] x_tables: duplicate underflow at hook 2 [ 272.769158][ T8980] Cannot find set identified by id 3 to match [ 272.802118][ T8976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 272.806750][ T8979] netlink: 36 bytes leftover after parsing attributes in process `syz.0.734'. [ 272.906011][ T8981] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 272.945165][ T8983] IPVS: sync thread started: state = BACKUP, mcast_ifn = dummy0, syncid = 0, id = 0 [ 273.154456][ T25] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 273.356461][ T5090] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 273.366811][ T5090] Bluetooth: hci0: Injecting HCI hardware error event [ 273.376921][ T5099] Bluetooth: hci0: hardware error 0x00 [ 273.419154][ T25] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 273.431364][ T25] usb 1-1: config 0 has no interfaces? [ 273.439106][ T25] usb 1-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 273.448671][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 273.469278][ T25] usb 1-1: config 0 descriptor?? [ 273.774185][ T25] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 273.906681][ T58] usb 5-1: USB disconnect, device number 15 [ 273.979713][ T25] usb 2-1: Using ep0 maxpacket: 32 [ 273.996438][ T25] usb 2-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 274.025303][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 274.081721][ T25] usb 2-1: config 0 descriptor?? [ 274.100666][ T25] gspca_main: sunplus-2.14.0 probing 041e:400b [ 274.531822][ T25] gspca_sunplus: reg_w_riv err -71 [ 274.547688][ T25] sunplus 2-1:0.0: probe with driver sunplus failed with error -71 [ 274.600541][ T25] usb 2-1: USB disconnect, device number 17 [ 275.231064][ T9016] netlink: 'syz.2.743': attribute type 41 has an invalid length. [ 275.344230][ T5141] usb 4-1: new low-speed USB device number 18 using dummy_hcd [ 275.388043][ T9024] Cannot find set identified by id 3 to match [ 275.446170][ T5099] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 275.548036][ T5141] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 275.568716][ T9027] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 275.600742][ T9027] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 275.634223][ T25] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 275.675915][ T5099] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 275.684787][ T5099] Bluetooth: hci4: Injecting HCI hardware error event [ 275.694966][ T5099] Bluetooth: hci4: hardware error 0x00 [ 275.838871][ T58] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 275.885233][ T25] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 275.904410][ T5143] usb 1-1: USB disconnect, device number 20 [ 275.941050][ T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 275.970846][ T25] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 275.987842][ T25] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 276.018188][ T25] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 276.037044][ T25] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 276.062820][ T25] usb 3-1: Manufacturer: syz [ 276.103329][ T25] usb 3-1: config 0 descriptor?? [ 276.268262][ T9037] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 276.316543][ T9037] FAULT_INJECTION: forcing a failure. [ 276.316543][ T9037] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 276.374120][ T9037] CPU: 0 PID: 9037 Comm: syz.0.751 Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0 [ 276.384306][ T9037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 276.394476][ T9037] Call Trace: [ 276.398336][ T9037] [ 276.401473][ T9037] dump_stack_lvl+0x241/0x360 [ 276.406195][ T9037] ? __pfx_dump_stack_lvl+0x10/0x10 [ 276.411670][ T9037] ? __pfx__printk+0x10/0x10 [ 276.416428][ T9037] should_fail_ex+0x3b0/0x4e0 [ 276.421170][ T9037] prepare_alloc_pages+0x1da/0x5d0 [ 276.426420][ T9037] __alloc_pages_noprof+0x166/0x6c0 [ 276.431843][ T9037] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 276.438224][ T9037] ? look_up_lock_class+0x77/0x160 [ 276.444010][ T9037] alloc_pages_mpol_noprof+0x3e8/0x680 [ 276.449683][ T9037] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 276.455802][ T9037] vma_alloc_folio_noprof+0xf3/0x1f0 [ 276.461482][ T9037] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 276.467515][ T9037] ? do_raw_spin_unlock+0x13c/0x8b0 [ 276.472733][ T9037] folio_prealloc+0x31/0x170 [ 276.477328][ T9037] do_wp_page+0x11cc/0x52f0 [ 276.481937][ T9037] ? __pfx_do_wp_page+0x10/0x10 [ 276.486794][ T9037] ? __pfx_lock_acquire+0x10/0x10 [ 276.491902][ T9037] ? do_raw_spin_lock+0x14f/0x370 [ 276.496946][ T9037] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 276.502336][ T9037] ? __lock_acquire+0x1346/0x1fd0 [ 276.507375][ T9037] handle_pte_fault+0x117e/0x7090 [ 276.512418][ T9037] ? __pfx_cgroup_rstat_updated+0x10/0x10 [ 276.518175][ T9037] ? __pfx_lock_acquire+0x10/0x10 [ 276.523219][ T9037] ? __pfx_handle_pte_fault+0x10/0x10 [ 276.528591][ T9037] ? do_raw_spin_lock+0x14f/0x370 [ 276.533648][ T9037] ? follow_page_pte+0xe96/0x1d90 [ 276.538673][ T9037] ? follow_page_pte+0xf17/0x1d90 [ 276.543695][ T9037] ? __pfx_lock_release+0x10/0x10 [ 276.548730][ T9037] ? count_memcg_event_mm+0x94/0x420 [ 276.554020][ T9037] ? do_raw_spin_unlock+0x13c/0x8b0 [ 276.559512][ T9037] handle_mm_fault+0x10df/0x1ba0 [ 276.564506][ T9037] ? __pfx_handle_mm_fault+0x10/0x10 [ 276.569827][ T9037] ? __pfx_find_vma+0x10/0x10 [ 276.574520][ T9037] ? vma_is_secretmem+0xd/0x50 [ 276.579512][ T9037] ? check_vma_flags+0x500/0x5a0 [ 276.584546][ T9037] __get_user_pages+0x6ef/0x1590 [ 276.589540][ T9037] ? __gup_longterm_locked+0x3a3/0x2a80 [ 276.595100][ T9037] ? __pfx___get_user_pages+0x10/0x10 [ 276.600478][ T9037] ? __lock_acquire+0x1346/0x1fd0 [ 276.605515][ T9037] __gup_longterm_locked+0x4b0/0x2a80 [ 276.611007][ T9037] ? __pfx___gup_longterm_locked+0x10/0x10 [ 276.616820][ T9037] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 276.622804][ T9037] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 276.629125][ T9037] ? sanity_check_pinned_pages+0x12c2/0x13c0 [ 276.635117][ T9037] ? gup_fast_fallback+0x220d/0x2b40 [ 276.640402][ T9037] gup_fast_fallback+0x2732/0x2b40 [ 276.645601][ T9037] ? stack_trace_save+0x118/0x1d0 [ 276.650634][ T9037] ? __pfx_stack_trace_save+0x10/0x10 [ 276.656047][ T9037] ? kasan_save_track+0x3f/0x80 [ 276.660915][ T9037] ? __kasan_kmalloc+0x98/0xb0 [ 276.665775][ T9037] ? __pfx_gup_fast_fallback+0x10/0x10 [ 276.671327][ T9037] ? pfn_reader_first+0x718/0x940 [ 276.676360][ T9037] ? iopt_area_fill_domains+0x25a/0xc00 [ 276.681902][ T9037] ? iopt_map_pages+0xd62/0x1050 [ 276.686942][ T9037] ? iopt_map_user_pages+0x365/0x5e0 [ 276.692312][ T9037] ? iommufd_ioas_map+0x386/0x580 [ 276.697346][ T9037] ? iommufd_fops_ioctl+0x4d9/0x5a0 [ 276.702551][ T9037] ? __se_sys_ioctl+0xfc/0x170 [ 276.707316][ T9037] ? do_syscall_64+0xf3/0x230 [ 276.711994][ T9037] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 276.718537][ T9037] ? is_valid_gup_args+0x124/0x200 [ 276.723703][ T9037] pin_user_pages_fast+0xcc/0x160 [ 276.728825][ T9037] ? __pfx_pin_user_pages_fast+0x10/0x10 [ 276.734499][ T9037] ? pfn_reader_user_pin+0x2ae/0x850 [ 276.739803][ T9037] ? pfn_reader_user_pin+0x2ae/0x850 [ 276.745589][ T9037] ? __kmalloc_noprof+0x217/0x400 [ 276.750803][ T9037] pfn_reader_user_pin+0x432/0x850 [ 276.755922][ T9037] pfn_reader_next+0x69b/0x1330 [ 276.760818][ T9037] ? __pfx_pfn_reader_next+0x10/0x10 [ 276.766128][ T9037] ? pfn_reader_first+0x294/0x940 [ 276.771252][ T9037] ? rcu_is_watching+0x15/0xb0 [ 276.776030][ T9037] ? pfn_reader_first+0x294/0x940 [ 276.781053][ T9037] ? interval_tree_span_iter_first+0xe7/0x580 [ 276.787216][ T9037] pfn_reader_first+0x718/0x940 [ 276.792093][ T9037] iopt_area_fill_domains+0x25a/0xc00 [ 276.797471][ T9037] ? __pfx_lock_acquire+0x10/0x10 [ 276.802511][ T9037] ? __pfx_iopt_area_fill_domains+0x10/0x10 [ 276.808782][ T9037] ? iopt_map_pages+0xcd9/0x1050 [ 276.813752][ T9037] ? __pfx_up_write+0x10/0x10 [ 276.818444][ T9037] ? iopt_insert_area+0x2d8/0x390 [ 276.823485][ T9037] iopt_map_pages+0xd62/0x1050 [ 276.828358][ T9037] ? __pfx_iopt_map_pages+0x10/0x10 [ 276.833585][ T9037] ? cap_capable+0xf7/0x250 [ 276.838102][ T9037] ? iopt_alloc_pages+0x403/0x510 [ 276.843130][ T9037] iopt_map_user_pages+0x365/0x5e0 [ 276.848343][ T9037] ? do_raw_spin_unlock+0x13c/0x8b0 [ 276.853559][ T9037] ? __pfx_iopt_map_user_pages+0x10/0x10 [ 276.859215][ T9037] iommufd_ioas_map+0x386/0x580 [ 276.864261][ T9037] ? __pfx_iommufd_ioas_map+0x10/0x10 [ 276.869669][ T9037] ? __might_fault+0xc6/0x120 [ 276.874733][ T9037] iommufd_fops_ioctl+0x4d9/0x5a0 [ 276.880139][ T9037] ? __pfx_iommufd_fops_ioctl+0x10/0x10 [ 276.885738][ T9037] ? bpf_lsm_file_ioctl+0x9/0x10 [ 276.890675][ T9037] ? security_file_ioctl+0x87/0xb0 [ 276.895808][ T9037] ? __pfx_iommufd_fops_ioctl+0x10/0x10 [ 276.901390][ T9037] __se_sys_ioctl+0xfc/0x170 [ 276.905993][ T9037] do_syscall_64+0xf3/0x230 [ 276.910508][ T9037] ? clear_bhb_loop+0x35/0x90 [ 276.915188][ T9037] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 276.921116][ T9037] RIP: 0033:0x7fd1cfd75bd9 [ 276.925546][ T9037] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 276.945778][ T9037] RSP: 002b:00007fd1d0b64048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 276.954469][ T9037] RAX: ffffffffffffffda RBX: 00007fd1cff03f60 RCX: 00007fd1cfd75bd9 [ 276.962618][ T9037] RDX: 0000000020000140 RSI: 0000000000003b85 RDI: 0000000000000003 [ 276.970586][ T9037] RBP: 00007fd1d0b640a0 R08: 0000000000000000 R09: 0000000000000000 [ 276.978666][ T9037] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 276.987023][ T9037] R13: 000000000000000b R14: 00007fd1cff03f60 R15: 00007fd1d002fa68 [ 276.995016][ T9037] [ 277.049625][ T25] appleir 0003:05AC:8243.0008: unknown main item tag 0x0 [ 277.092879][ T25] appleir 0003:05AC:8243.0008: No inputs registered, leaving [ 277.220165][ T25] appleir 0003:05AC:8243.0008: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0 [ 277.764260][ T5099] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 278.074582][ T5141] usb 4-1: New USB device found, idVendor=0421, idProduct=798f, bcdDevice=86.54 [ 278.140813][ T5141] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 278.200944][ T5141] usb 4-1: config 0 descriptor?? [ 278.230142][ T5141] usb 4-1: can't set config #0, error -71 [ 278.328940][ T9064] tipc: Started in network mode [ 278.341491][ T9064] tipc: Node identity aaaaaaaaaa3, cluster identity 4711 [ 278.349287][ T9064] tipc: Enabled bearer , priority 0 [ 278.438451][ T5141] usb 4-1: USB disconnect, device number 18 [ 279.617568][ T5143] tipc: Node number set to 10136234 [ 279.680238][ T58] usb 3-1: USB disconnect, device number 32 [ 282.810311][ T9087] netlink: 8 bytes leftover after parsing attributes in process `syz.3.764'. [ 282.844220][ T9087] netlink: 16 bytes leftover after parsing attributes in process `syz.3.764'. [ 282.869551][ T9087] macvlan0: entered allmulticast mode [ 296.582139][ T5090] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 296.591491][ T5090] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 296.600260][ T5090] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 296.607920][ T5090] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 296.616355][ T5090] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 296.623569][ T5090] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 299.282543][ T5090] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 299.293264][ T5090] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 299.314208][ T5090] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 299.323430][ T5090] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 299.331798][ T5090] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 299.340935][ T5090] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 299.694351][ T5090] Bluetooth: hci1: command tx timeout [ 301.334819][ T5142] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 301.437842][ T5090] Bluetooth: hci0: command tx timeout [ 301.465872][ T9141] trusted_key: syz.3.782 sent an empty control message without MSG_MORE. [ 301.754453][ T5090] Bluetooth: hci1: command tx timeout [ 302.588699][ T5142] usb 5-1: device descriptor read/all, error -71 [ 303.524270][ T5090] Bluetooth: hci0: command tx timeout [ 303.874336][ T5090] Bluetooth: hci1: command tx timeout [ 308.014198][ T5090] Bluetooth: hci0: command tx timeout [ 308.019665][ T5090] Bluetooth: hci1: command tx timeout [ 310.024466][ T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 310.819100][ T5090] Bluetooth: hci0: command tx timeout [ 318.325358][ T5099] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 318.350610][ T5099] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 318.454154][ T5099] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 318.507904][ T5099] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 318.516324][ T5099] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 318.523997][ T5099] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 321.069651][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 321.076122][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 321.118611][ T5090] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 321.127231][ T5099] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 321.157826][ T5089] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 321.160658][ T5089] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 321.161865][ T5089] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 321.163010][ T5089] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 321.163741][ T5089] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 321.164804][ T5089] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 324.512633][ T5101] Bluetooth: hci5: command tx timeout [ 328.524130][ T5089] Bluetooth: hci5: command tx timeout [ 332.964129][ T53] Bluetooth: hci5: command tx timeout [ 338.838383][ T5101] Bluetooth: hci5: command tx timeout [ 338.846026][ T9148] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 343.154315][ T5099] Bluetooth: hci6: command tx timeout [ 345.806874][ T5099] Bluetooth: hci6: command tx timeout [ 345.833412][ T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 345.875193][ T9130] chnl_net:caif_netlink_parms(): no params data found [ 348.967419][ T5099] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 348.975075][ T5099] Bluetooth: hci6: command tx timeout [ 348.987547][ T5090] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 348.997028][ T5090] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 349.006138][ T5090] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 349.014432][ T5090] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 349.021899][ T5090] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 352.695774][ T5090] Bluetooth: hci2: command tx timeout [ 352.702017][ T5090] Bluetooth: hci6: command tx timeout [ 354.866355][ T5101] Bluetooth: hci2: command tx timeout [ 355.731678][ T9134] chnl_net:caif_netlink_parms(): no params data found [ 358.957074][ T5101] Bluetooth: hci2: command tx timeout [ 362.744129][ T5101] Bluetooth: hci2: command tx timeout [ 362.784698][ T9134] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wg0": -EINTR [ 367.726042][ T5101] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 373.817282][ T5099] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 373.849814][ T5101] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 373.864850][ T5101] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 373.884386][ T5101] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 373.891867][ T5101] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 380.234170][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 380.240536][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 404.412203][ T5101] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 404.419726][ T5090] Bluetooth: hci7: Opcode 0x0c03 failed: -110 [ 404.426695][ T5090] Bluetooth: hci3: command tx timeout [ 404.433516][ T5090] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 415.154155][ T5099] Bluetooth: hci3: command tx timeout [ 415.204267][ T9188] Bluetooth: hci7: Opcode 0x0c03 failed: -110 [ 415.586639][ T5101] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 415.804411][ T5099] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 415.813266][ T5099] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 415.856866][ T5099] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 416.046015][ T5101] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 416.094814][ T53] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 416.102645][ T53] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 416.518675][ T5099] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 416.526100][ T5099] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 428.541889][ T5089] Bluetooth: hci3: command tx timeout [ 428.604132][ T9178] Bluetooth: hci4: Opcode 0x0c14 failed: -110 [ 428.613501][ T5099] Bluetooth: hci9: Opcode 0x0c03 failed: -110 [ 428.620943][ T5101] Bluetooth: hci8: Opcode 0x1001 failed: -110 [ 428.627932][ T5090] Bluetooth: hci7: Opcode 0x1005 failed: -110 [ 428.635505][ T53] Bluetooth: hci10: Opcode 0x0c03 failed: -110 [ 443.393378][ T9206] Bluetooth: hci3: command tx timeout [ 443.400950][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 443.407951][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 443.425952][ T5090] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 443.433877][ T5090] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 443.443030][ T5090] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 443.451557][ T5090] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 459.606606][ T9202] Bluetooth: hci9: Opcode 0x0c03 failed: -110 [ 459.613330][ T9200] Bluetooth: hci8: Opcode 0x0c03 failed: -110 [ 459.620384][ T9203] Bluetooth: hci10: Opcode 0x0c03 failed: -110 [ 459.626817][ T9192] Bluetooth: hci7: Opcode 0x0c03 failed: -110 [ 499.265788][ T53] Bluetooth: hci5: command 0x0406 tx timeout [ 549.434490][ T30] INFO: task kworker/u8:6:2781 blocked for more than 154 seconds. [ 549.442841][ T30] Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0 [ 549.464279][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 549.471244][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 549.524090][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 549.554079][ T30] task:kworker/u8:6 state:D stack:20048 pid:2781 tgid:2781 ppid:2 flags:0x00004000 [ 549.584107][ T30] Workqueue: ipv6_addrconf addrconf_dad_work [ 549.590425][ T30] Call Trace: [ 549.614224][ T30] [ 549.617409][ T30] __schedule+0x17e8/0x4a20 [ 549.622151][ T30] ? __pfx___schedule+0x10/0x10 [ 549.654085][ T30] ? __pfx_lock_release+0x10/0x10 [ 549.659378][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 549.674102][ T30] ? kthread_data+0x52/0xd0 [ 549.678673][ T30] ? schedule+0x90/0x320 [ 549.683221][ T30] ? wq_worker_sleeping+0x66/0x240 [ 549.704114][ T30] ? schedule+0x90/0x320 [ 549.708419][ T30] schedule+0x14b/0x320 [ 549.712780][ T30] schedule_preempt_disabled+0x13/0x30 [ 549.725711][ T30] __mutex_lock+0x6a4/0xd70 [ 549.730273][ T30] ? mark_lock+0x9a/0x350 [ 549.734676][ T30] ? __mutex_lock+0x527/0xd70 [ 549.739483][ T30] ? addrconf_dad_work+0xd0/0x16f0 [ 549.754089][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 549.759258][ T30] addrconf_dad_work+0xd0/0x16f0 [ 549.774105][ T30] ? __pfx_addrconf_dad_work+0x10/0x10 [ 549.779712][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 549.804107][ T30] ? process_scheduled_works+0x945/0x1830 [ 549.811022][ T30] process_scheduled_works+0xa2c/0x1830 [ 549.835243][ T30] ? __pfx_process_scheduled_works+0x10/0x10 [ 549.841400][ T30] ? assign_work+0x364/0x3d0 [ 549.852210][ T30] worker_thread+0x86d/0xd50 [ 549.858256][ T30] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 549.865674][ T30] ? __kthread_parkme+0x169/0x1d0 [ 549.870808][ T30] ? __pfx_worker_thread+0x10/0x10 [ 549.876704][ T30] kthread+0x2f0/0x390 [ 549.880804][ T30] ? __pfx_worker_thread+0x10/0x10 [ 549.886372][ T30] ? __pfx_kthread+0x10/0x10 [ 549.891002][ T30] ret_from_fork+0x4b/0x80 [ 549.895559][ T30] ? __pfx_kthread+0x10/0x10 [ 549.900163][ T30] ret_from_fork_asm+0x1a/0x30 [ 549.905001][ T30] [ 549.908049][ T30] INFO: task kworker/0:6:5145 blocked for more than 155 seconds. [ 549.916453][ T30] Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0 [ 549.924124][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 549.932813][ T30] task:kworker/0:6 state:D stack:21080 pid:5145 tgid:5145 ppid:2 flags:0x00004000 [ 549.979228][ T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 549.994847][ T30] Workqueue: events linkwatch_event [ 550.000110][ T30] Call Trace: [ 550.003404][ T30] [ 550.017644][ T30] __schedule+0x17e8/0x4a20 [ 550.022317][ T30] ? __pfx___schedule+0x10/0x10 [ 550.027248][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 550.033250][ T30] ? __pfx_lock_release+0x10/0x10 [ 550.038940][ T30] ? kick_pool+0x1bd/0x620 [ 550.043397][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 550.048702][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 550.053940][ T30] ? schedule+0x90/0x320 [ 550.058238][ T30] schedule+0x14b/0x320 [ 550.062432][ T30] schedule_preempt_disabled+0x13/0x30 [ 550.068105][ T30] __mutex_lock+0x6a4/0xd70 [ 550.072840][ T30] ? __mutex_lock+0x527/0xd70 [ 550.078341][ T30] ? linkwatch_event+0xe/0x60 [ 550.083136][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 550.088822][ T30] ? process_scheduled_works+0x945/0x1830 [ 550.094615][ T30] linkwatch_event+0xe/0x60 [ 550.099326][ T30] process_scheduled_works+0xa2c/0x1830 [ 550.105298][ T30] ? __pfx_process_scheduled_works+0x10/0x10 [ 550.111481][ T30] ? assign_work+0x364/0x3d0 [ 550.116205][ T30] worker_thread+0x86d/0xd50 [ 550.121015][ T30] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 550.127205][ T30] ? __kthread_parkme+0x169/0x1d0 [ 550.132533][ T30] ? __pfx_worker_thread+0x10/0x10 [ 550.137776][ T30] kthread+0x2f0/0x390 [ 550.141901][ T30] ? __pfx_worker_thread+0x10/0x10 [ 550.147801][ T30] ? __pfx_kthread+0x10/0x10 [ 550.152697][ T30] ret_from_fork+0x4b/0x80 [ 550.157209][ T30] ? __pfx_kthread+0x10/0x10 [ 550.161833][ T30] ret_from_fork_asm+0x1a/0x30 [ 550.167050][ T30] [ 550.170235][ T30] INFO: task syz-executor:9160 blocked for more than 182 seconds. [ 550.178652][ T30] Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0 [ 550.187084][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 550.196374][ T30] task:syz-executor state:D stack:21024 pid:9160 tgid:9160 ppid:1 flags:0x00000004 [ 550.207144][ T30] Call Trace: [ 550.210459][ T30] [ 550.213428][ T30] __schedule+0x17e8/0x4a20 [ 550.220457][ T30] ? __pfx___schedule+0x10/0x10 [ 550.225555][ T30] ? __pfx_lock_release+0x10/0x10 [ 550.230629][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 550.236251][ T30] ? schedule+0x90/0x320 [ 550.240511][ T30] schedule+0x14b/0x320 [ 550.245043][ T30] schedule_preempt_disabled+0x13/0x30 [ 550.250550][ T30] __mutex_lock+0x6a4/0xd70 [ 550.255287][ T30] ? __mutex_lock+0x527/0xd70 [ 550.259996][ T30] ? rtnetlink_rcv_msg+0x842/0x1180 [ 550.265517][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 550.270682][ T30] rtnetlink_rcv_msg+0x842/0x1180 [ 550.275927][ T30] ? rtnetlink_rcv_msg+0x208/0x1180 [ 550.281179][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 550.287511][ T30] ? is_bpf_text_address+0x285/0x2a0 [ 550.292875][ T30] ? __pfx_validate_chain+0x10/0x10 [ 550.298694][ T30] ? __pfx_validate_chain+0x10/0x10 [ 550.303982][ T30] ? arch_stack_walk+0x16d/0x1b0 [ 550.309293][ T30] ? mark_lock+0x9a/0x350 [ 550.313642][ T30] ? __pfx_validate_chain+0x10/0x10 [ 550.319097][ T30] ? __lock_acquire+0x1346/0x1fd0 [ 550.324183][ T30] ? mark_lock+0x9a/0x350 [ 550.328536][ T30] ? __lock_acquire+0x1346/0x1fd0 [ 550.333715][ T30] netlink_rcv_skb+0x1e3/0x430 [ 550.338538][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 550.344116][ T30] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 550.349485][ T30] ? netlink_deliver_tap+0x2e/0x1b0 [ 550.354788][ T30] netlink_unicast+0x7ea/0x980 [ 550.359705][ T30] ? __pfx_netlink_unicast+0x10/0x10 [ 550.365174][ T30] ? __virt_addr_valid+0x183/0x520 [ 550.370311][ T30] ? __check_object_size+0x49c/0x900 [ 550.375660][ T30] ? bpf_lsm_netlink_send+0x9/0x10 [ 550.380993][ T30] netlink_sendmsg+0x8db/0xcb0 [ 550.386641][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 550.392014][ T30] ? aa_sock_msg_perm+0x91/0x160 [ 550.397495][ T30] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 550.402831][ T30] ? security_socket_sendmsg+0x87/0xb0 [ 550.408386][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 550.414476][ T30] __sock_sendmsg+0x221/0x270 [ 550.419212][ T30] __sys_sendto+0x3a4/0x4f0 [ 550.423771][ T30] ? __pfx___sys_sendto+0x10/0x10 [ 550.428933][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 550.434195][ T30] ? blkcg_maybe_throttle_current+0x1ab/0xb80 [ 550.440400][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 550.446477][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 550.452850][ T30] __x64_sys_sendto+0xde/0x100 [ 550.457830][ T30] do_syscall_64+0xf3/0x230 [ 550.462366][ T30] ? clear_bhb_loop+0x35/0x90 [ 550.467254][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 550.473196][ T30] RIP: 0033:0x7f89f817796c [ 550.477798][ T30] RSP: 002b:00007f89f842f6b0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 550.486839][ T30] RAX: ffffffffffffffda RBX: 00007f89f8e34620 RCX: 00007f89f817796c [ 550.496346][ T30] RDX: 0000000000000038 RSI: 00007f89f8e34670 RDI: 0000000000000003 [ 550.505071][ T30] RBP: 0000000000000000 R08: 00007f89f842f704 R09: 000000000000000c [ 550.513070][ T30] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 550.521296][ T30] R13: 0000000000000000 R14: 00007f89f8e34670 R15: 0000000000000000 [ 550.529337][ T30] [ 550.532377][ T30] INFO: task syz-executor:9171 blocked for more than 155 seconds. [ 550.540362][ T30] Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0 [ 550.548038][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 550.556833][ T30] task:syz-executor state:D stack:21024 pid:9171 tgid:9171 ppid:1 flags:0x00000004 [ 550.567603][ T30] Call Trace: [ 550.570905][ T30] [ 550.573851][ T30] __schedule+0x17e8/0x4a20 [ 550.578532][ T30] ? __pfx___schedule+0x10/0x10 [ 550.583401][ T30] ? __pfx_lock_release+0x10/0x10 [ 550.588485][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 550.604093][ T30] ? schedule+0x90/0x320 [ 550.608557][ T30] schedule+0x14b/0x320 [ 550.612898][ T30] schedule_preempt_disabled+0x13/0x30 [ 550.634101][ T30] __mutex_lock+0x6a4/0xd70 [ 550.638710][ T30] ? __mutex_lock+0x527/0xd70 [ 550.643426][ T30] ? rtnetlink_rcv_msg+0x842/0x1180 [ 550.662869][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 550.679775][ T30] rtnetlink_rcv_msg+0x842/0x1180 [ 550.685974][ T30] ? rtnetlink_rcv_msg+0x208/0x1180 [ 550.691485][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 550.698146][ T30] ? is_bpf_text_address+0x285/0x2a0 [ 550.703664][ T30] ? __pfx_validate_chain+0x10/0x10 [ 550.709704][ T30] ? __pfx_validate_chain+0x10/0x10 [ 550.717792][ T30] ? arch_stack_walk+0x16d/0x1b0 [ 550.722891][ T30] ? mark_lock+0x9a/0x350 [ 550.727310][ T30] ? __pfx_validate_chain+0x10/0x10 [ 550.732528][ T30] ? __lock_acquire+0x1346/0x1fd0 [ 550.737805][ T30] ? mark_lock+0x9a/0x350 [ 550.742174][ T30] ? __lock_acquire+0x1346/0x1fd0 [ 550.747276][ T30] netlink_rcv_skb+0x1e3/0x430 [ 550.752067][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 550.757590][ T30] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 550.762927][ T30] ? netlink_deliver_tap+0x2e/0x1b0 [ 550.768357][ T30] netlink_unicast+0x7ea/0x980 [ 550.773153][ T30] ? __pfx_netlink_unicast+0x10/0x10 [ 550.778811][ T30] ? __virt_addr_valid+0x183/0x520 [ 550.783959][ T30] ? __check_object_size+0x49c/0x900 [ 550.789354][ T30] ? bpf_lsm_netlink_send+0x9/0x10 [ 550.795216][ T30] netlink_sendmsg+0x8db/0xcb0 [ 550.800015][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 550.805748][ T30] ? aa_sock_msg_perm+0x91/0x160 [ 550.810803][ T30] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 550.816267][ T30] ? security_socket_sendmsg+0x87/0xb0 [ 550.822352][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 550.827690][ T30] __sock_sendmsg+0x221/0x270 [ 550.832400][ T30] __sys_sendto+0x3a4/0x4f0 [ 550.837096][ T30] ? __pfx___sys_sendto+0x10/0x10 [ 550.842185][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 550.848305][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 550.854931][ T30] __x64_sys_sendto+0xde/0x100 [ 550.859748][ T30] do_syscall_64+0xf3/0x230 [ 550.864449][ T30] ? clear_bhb_loop+0x35/0x90 [ 550.869328][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 550.875618][ T30] RIP: 0033:0x7fdda597796c [ 550.880066][ T30] RSP: 002b:00007fdda5c2f6b0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 550.888586][ T30] RAX: ffffffffffffffda RBX: 00007fdda6634620 RCX: 00007fdda597796c [ 550.897353][ T30] RDX: 000000000000003c RSI: 00007fdda6634670 RDI: 0000000000000003 [ 550.905873][ T30] RBP: 0000000000000000 R08: 00007fdda5c2f704 R09: 000000000000000c [ 550.913868][ T30] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 550.922178][ T30] R13: 0000000000000000 R14: 00007fdda6634670 R15: 0000000000000000 [ 550.930627][ T30] [ 550.933777][ T30] [ 550.933777][ T30] Showing all locks held in the system: [ 550.945219][ T30] 2 locks held by kworker/0:1/9: [ 550.950290][ T30] 6 locks held by kworker/u8:0/11: [ 550.955645][ T30] #0: ffff888015ed5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 550.966837][ T30] #1: ffffc90000107d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 550.977674][ T30] #2: ffffffff8f5da690 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 [ 550.987635][ T30] #3: ffff88801a3a50e8 (&dev->mutex){....}-{3:3}, at: devlink_pernet_pre_exit+0x13b/0x440 [ 550.997913][ T30] #4: ffff88807e15e250 (&devlink->lock_key#25){+.+.}-{3:3}, at: devlink_pernet_pre_exit+0x14d/0x440 [ 551.009721][ T30] #5: ffffffff8f5e6ec8 (rtnl_mutex){+.+.}-{3:3}, at: nsim_destroy+0x71/0x5c0 [ 551.019298][ T30] 1 lock held by khungtaskd/30: [ 551.024206][ T30] #0: ffffffff8e333f20 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 551.034118][ T30] 5 locks held by kworker/u9:0/53: [ 551.039231][ T30] #0: ffff88807e25a948 ((wq_completion)hci2){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 551.050233][ T30] #1: ffffc90000bd7d00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 551.063031][ T30] #2: ffff888027294d88 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x1ec/0x400 [ 551.073173][ T30] #3: ffff888027294078 (&hdev->lock){+.+.}-{3:3}, at: hci_abort_conn_sync+0x1ea/0xde0 [ 551.083129][ T30] #4: ffffffff8f7515c8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_failed+0x185/0x340 [ 551.093065][ T30] 3 locks held by kworker/u8:6/2781: [ 551.098427][ T30] #0: ffff88802a005148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 551.110774][ T30] #1: ffffc9000985fd00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 551.124226][ T30] #2: ffffffff8f5e6ec8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xd0/0x16f0 [ 551.133682][ T30] 5 locks held by kworker/u8:8/3207: [ 551.139023][ T30] 4 locks held by udevd/4544: [ 551.143710][ T30] #0: ffffffff8e3dfbd0 (dup_mmap_sem){.+.+}-{0:0}, at: copy_mm+0x274/0x2020 [ 551.152583][ T30] #1: ffff88807d1a3a98 (&mm->mmap_lock){++++}-{3:3}, at: copy_mm+0x29c/0x2020 [ 551.161762][ T30] #2: ffff88807db12798 (&mm->mmap_lock/1){+.+.}-{3:3}, at: copy_mm+0x3e0/0x2020 [ 551.171321][ T30] #3: ffff8880294445c8 (&anon_vma->rwsem){++++}-{3:3}, at: anon_vma_clone+0x105/0x4e0 [ 551.181128][ T30] 3 locks held by dhcpcd/4758: [ 551.186025][ T30] 2 locks held by getty/4842: [ 551.190708][ T30] #0: ffff88802ac870a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 551.200662][ T30] #1: ffffc90002f0e2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 551.249693][ T30] 3 locks held by kworker/u9:4/5090: [ 551.262633][ T30] #0: ffff88807a91b148 ((wq_completion)hci3){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 551.291047][ T30] #1: ffffc90003e7fd00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 551.303729][ T30] #2: ffff8880650ccd88 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x1ec/0x400 [ 551.314448][ T30] 3 locks held by kworker/0:3/5097: [ 551.319655][ T30] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 551.331452][ T30] #1: ffffc90003f2fd00 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 551.342679][ T30] #2: ffffffff8f5e6ec8 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xe/0x20 [ 551.353117][ T30] 3 locks held by kworker/0:4/5141: [ 551.358360][ T30] 3 locks held by kworker/0:6/5145: [ 551.363565][ T30] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 551.375051][ T30] #1: ffffc9000462fd00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 551.386157][ T30] #2: ffffffff8f5e6ec8 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 551.395310][ T30] 1 lock held by syz-executor/9130: [ 551.400519][ T30] #0: ffffffff8f5e6ec8 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 [ 551.410247][ T30] 1 lock held by syz-executor/9134: [ 551.415894][ T30] #0: ffffffff8f5e6ec8 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0 [ 551.425031][ T30] 1 lock held by syz.4.784/9146: [ 551.429973][ T30] #0: ffffffff8f5e6ec8 (rtnl_mutex){+.+.}-{3:3}, at: netdev_run_todo+0x7b2/0x1000 [ 551.439513][ T30] 1 lock held by syz-executor/9160: [ 551.444986][ T30] #0: ffffffff8f5e6ec8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x842/0x1180 [ 551.454701][ T30] 3 locks held by syz-executor/9164: [ 551.460108][ T30] #0: ffff8880707fcd88 (&hdev->req_lock){+.+.}-{3:3}, at: hci_unregister_dev+0x203/0x510 [ 551.470324][ T30] #1: ffff8880707fc078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x494/0xf60 [ 551.480214][ T30] #2: ffffffff8e3392f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830 [ 551.491311][ T30] 1 lock held by syz-executor/9171: [ 551.496613][ T30] #0: ffffffff8f5e6ec8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x842/0x1180 [ 551.506241][ T30] 2 locks held by syz-executor/9189: [ 551.512616][ T30] #0: ffffffff8f5da690 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c6/0x7b0 [ 551.522123][ T30] #1: ffffffff8f5e6ec8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 551.532350][ T30] 6 locks held by kworker/u9:1/9206: [ 551.537691][ T30] #0: ffff88802b680148 ((wq_completion)hci5){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 551.548557][ T30] #1: ffffc9000427fd00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 551.561413][ T30] #2: ffff888021e5cd88 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x1ec/0x400 [ 551.571565][ T30] #3: ffff888021e5c078 (&hdev->lock){+.+.}-{3:3}, at: hci_abort_conn_sync+0x1ea/0xde0 [ 551.581398][ T30] #4: ffffffff8f7515c8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_failed+0x185/0x340 [ 551.591363][ T30] #5: ffffffff8e3392f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830 [ 551.602477][ T30] 2 locks held by udevd/9207: [ 551.607210][ T30] #0: ffff88807db10b18 (&mm->mmap_lock){++++}-{3:3}, at: exit_mmap+0x2a9/0xc80 [ 551.617028][ T30] #1: ffff8880294445c8 (&anon_vma->rwsem){++++}-{3:3}, at: unlink_anon_vmas+0xd5/0x5f0 [ 551.627311][ T30] 2 locks held by udevd/9212: [ 551.631995][ T30] #0: ffff88807db13118 (&mm->mmap_lock){++++}-{3:3}, at: exit_mmap+0x2a9/0xc80 [ 551.641125][ T30] #1: ffff8880294445c8 (&anon_vma->rwsem){++++}-{3:3}, at: unlink_anon_vmas+0xd5/0x5f0 [ 551.650940][ T30] 1 lock held by dhcpcd/9213: [ 551.655648][ T30] #0: ffff88806f02c258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcb0 [ 551.665462][ T30] 1 lock held by dhcpcd/9214: [ 551.670141][ T30] #0: ffff88806f02e258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcb0 [ 551.680233][ T30] 1 lock held by dhcpcd/9215: [ 551.684952][ T30] #0: ffff88806f02a258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcb0 [ 551.694790][ T30] [ 551.697119][ T30] ============================================= [ 551.697119][ T30] [ 551.705582][ T30] NMI backtrace for cpu 0 [ 551.710187][ T30] CPU: 0 PID: 30 Comm: khungtaskd Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0 [ 551.720095][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 551.730168][ T30] Call Trace: [ 551.733457][ T30] [ 551.736396][ T30] dump_stack_lvl+0x241/0x360 [ 551.741098][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 551.746338][ T30] ? __pfx__printk+0x10/0x10 [ 551.750960][ T30] ? vprintk_emit+0x631/0x770 [ 551.755666][ T30] ? __pfx_vprintk_emit+0x10/0x10 [ 551.760899][ T30] nmi_cpu_backtrace+0x49c/0x4d0 [ 551.765877][ T30] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 551.771348][ T30] ? _printk+0xd5/0x120 [ 551.775532][ T30] ? __pfx__printk+0x10/0x10 [ 551.780135][ T30] ? __wake_up_klogd+0xcc/0x110 [ 551.785001][ T30] ? __pfx__printk+0x10/0x10 [ 551.789702][ T30] ? __rcu_read_unlock+0xa1/0x110 [ 551.794742][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 551.800995][ T30] nmi_trigger_cpumask_backtrace+0x198/0x320 [ 551.807195][ T30] watchdog+0xfde/0x1020 [ 551.811544][ T30] ? watchdog+0x1ea/0x1020 [ 551.816086][ T30] ? __pfx_watchdog+0x10/0x10 [ 551.820783][ T30] kthread+0x2f0/0x390 [ 551.824885][ T30] ? __pfx_watchdog+0x10/0x10 [ 551.829571][ T30] ? __pfx_kthread+0x10/0x10 [ 551.834196][ T30] ret_from_fork+0x4b/0x80 [ 551.838647][ T30] ? __pfx_kthread+0x10/0x10 [ 551.843357][ T30] ret_from_fork_asm+0x1a/0x30 [ 551.848258][ T30] [ 551.852370][ T30] Sending NMI from CPU 0 to CPUs 1: [ 551.858631][ C1] NMI backtrace for cpu 1 [ 551.858644][ C1] CPU: 1 PID: 4758 Comm: dhcpcd Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0 [ 551.858663][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 551.858673][ C1] RIP: 0010:validate_chain+0x93/0x5900 [ 551.858698][ C1] Code: 81 48 8d 8c 24 00 01 00 00 48 c1 e9 03 48 b8 f1 f1 f1 f1 00 f2 f2 f2 4a 89 04 21 48 b8 f2 f2 f2 00 f2 f2 f2 00 4a 89 44 21 09 <4a> 89 44 21 11 48 b8 f2 f2 f2 f2 f2 00 00 00 4a 89 44 21 1f 48 b8 [ 551.858712][ C1] RSP: 0018:ffffc90000a18720 EFLAGS: 00000802 [ 551.858727][ C1] RAX: 00f2f2f200f2f2f2 RBX: ffffffff92c8ee88 RCX: 1ffff92000143104 [ 551.858740][ C1] RDX: 0000000000000001 RSI: ffff888028c0a958 RDI: ffff888028c09e00 [ 551.858751][ C1] RBP: ffffc90000a18a20 R08: ffffffff92fa7587 R09: 1ffffffff25f4eb0 [ 551.858764][ C1] R10: dffffc0000000000 R11: fffffbfff25f4eb1 R12: dffffc0000000000 [ 551.858776][ C1] R13: ffff888028c09e00 R14: 58cce5e7c8d5ebdc R15: ffff888028c09e00 [ 551.858789][ C1] FS: 00007febcd0b5740(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 551.858803][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 551.858814][ C1] CR2: 00007ffc76bf0438 CR3: 000000001f384000 CR4: 00000000003506f0 [ 551.858829][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 551.858839][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 551.858849][ C1] Call Trace: [ 551.858856][ C1] [ 551.858863][ C1] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 551.858881][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 551.858898][ C1] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 551.858921][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 551.858938][ C1] ? nmi_handle+0x14f/0x5a0 [ 551.858959][ C1] ? nmi_handle+0x2a/0x5a0 [ 551.858979][ C1] ? validate_chain+0x93/0x5900 [ 551.858996][ C1] ? default_do_nmi+0x63/0x160 [ 551.859013][ C1] ? exc_nmi+0x123/0x1f0 [ 551.859028][ C1] ? end_repeat_nmi+0xf/0x53 [ 551.859053][ C1] ? validate_chain+0x93/0x5900 [ 551.859071][ C1] ? validate_chain+0x93/0x5900 [ 551.859089][ C1] ? validate_chain+0x93/0x5900 [ 551.859107][ C1] [ 551.859112][ C1] [ 551.859119][ C1] ? __pfx_validate_chain+0x10/0x10 [ 551.859136][ C1] ? validate_chain+0x11e/0x5900 [ 551.859158][ C1] ? __lock_acquire+0x1346/0x1fd0 [ 551.859175][ C1] ? __pfx_validate_chain+0x10/0x10 [ 551.859197][ C1] ? mark_lock+0x9a/0x350 [ 551.859214][ C1] ? mark_lock+0x9a/0x350 [ 551.859232][ C1] ? __lock_acquire+0x1346/0x1fd0 [ 551.859253][ C1] ? mark_lock+0x9a/0x350 [ 551.859270][ C1] __lock_acquire+0x1346/0x1fd0 [ 551.859293][ C1] lock_acquire+0x1ed/0x550 [ 551.859308][ C1] ? advance_sched+0xa02/0xca0 [ 551.859332][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 551.859348][ C1] ? advance_sched+0x9b4/0xca0 [ 551.859366][ C1] ? do_raw_spin_lock+0x14f/0x370 [ 551.859385][ C1] ? __pfx_lock_release+0x10/0x10 [ 551.859404][ C1] ? do_raw_spin_unlock+0x13c/0x8b0 [ 551.859422][ C1] ? taprio_set_budgets+0x32c/0x370 [ 551.859443][ C1] ? advance_sched+0xa02/0xca0 [ 551.859462][ C1] advance_sched+0xa1e/0xca0 [ 551.859481][ C1] ? advance_sched+0xa02/0xca0 [ 551.859505][ C1] ? __pfx_advance_sched+0x10/0x10 [ 551.859524][ C1] __hrtimer_run_queues+0x59b/0xd50 [ 551.859544][ C1] ? ktime_get_update_offsets_now+0x3c/0x250 [ 551.859567][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 551.859590][ C1] hrtimer_interrupt+0x396/0x990 [ 551.859623][ C1] __sysvec_apic_timer_interrupt+0x110/0x3f0 [ 551.859645][ C1] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 551.859664][ C1] [ 551.859669][ C1] [ 551.859675][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 551.859695][ C1] RIP: 0010:__mutex_lock+0xc57/0xd70 [ 551.859713][ C1] Code: 8b 48 c7 c6 a0 a5 ca 8b e8 e6 b7 c8 f5 90 0f 0b 90 90 90 e9 c3 f4 ff ff 90 0f 0b 90 e9 d2 f8 ff ff 90 0f 0b 90 e9 4c f5 ff ff <48> c7 c1 e0 f6 79 94 80 e1 07 80 c1 03 38 c1 0f 8c 72 f4 ff ff 48 [ 551.859726][ C1] RSP: 0018:ffffc90002ed7600 EFLAGS: 00000202 [ 551.859739][ C1] RAX: 0000000000000004 RBX: 0000000000000000 RCX: ffff888028c09e00 [ 551.859750][ C1] RDX: dffffc0000000000 RSI: ffff888028c09e00 RDI: ffffc90002ed7580 [ 551.859762][ C1] RBP: ffffc90002ed7750 R08: ffffc90002ed76c7 R09: 0000000000000000 [ 551.859774][ C1] R10: ffffc90002ed76a0 R11: fffff520005daed9 R12: dffffc0000000000 [ 551.859786][ C1] R13: ffff88802e2899d8 R14: 0000000000000000 R15: ffff888060db0980 [ 551.859808][ C1] ? ldt_dup_context+0x95/0x540 [ 551.859823][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 551.859846][ C1] ldt_dup_context+0x95/0x540 [ 551.859863][ C1] ? mas_next_slot+0xeb2/0xf90 [ 551.859880][ C1] ? __pfx_ldt_dup_context+0x10/0x10 [ 551.859900][ C1] ? mas_find+0x950/0xbb0 [ 551.859920][ C1] copy_mm+0x159d/0x2020 [ 551.859944][ C1] ? __pfx_copy_mm+0x10/0x10 [ 551.859963][ C1] ? __init_rwsem+0x122/0x160 [ 551.859982][ C1] ? copy_signal+0x549/0x670 [ 551.859998][ C1] copy_process+0x187a/0x3dc0 [ 551.860021][ C1] ? copy_process+0xa03/0x3dc0 [ 551.860039][ C1] ? __pfx_copy_process+0x10/0x10 [ 551.860058][ C1] ? aa_sk_perm+0x967/0xab0 [ 551.860079][ C1] kernel_clone+0x226/0x8f0 [ 551.860098][ C1] ? __pfx_kernel_clone+0x10/0x10 [ 551.860119][ C1] ? do_sock_setsockopt+0x3e2/0x720 [ 551.860140][ C1] __x64_sys_clone+0x258/0x2a0 [ 551.860158][ C1] ? __pfx___x64_sys_clone+0x10/0x10 [ 551.860181][ C1] ? do_syscall_64+0x100/0x230 [ 551.860202][ C1] ? do_syscall_64+0xb6/0x230 [ 551.860222][ C1] do_syscall_64+0xf3/0x230 [ 551.860240][ C1] ? clear_bhb_loop+0x35/0x90 [ 551.860261][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 551.860281][ C1] RIP: 0033:0x7febcd165a12 [ 551.860295][ C1] Code: 41 5d 41 5e 41 5f c3 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 76 10 48 8b 15 e7 43 0f 00 f7 d8 64 89 02 48 83 [ 551.860308][ C1] RSP: 002b:00007ffc76bcfb08 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 551.860323][ C1] RAX: ffffffffffffffda RBX: 0000557efa46fe01 RCX: 00007febcd165a12 [ 551.860335][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 551.860345][ C1] RBP: 00007ffc76bf0078 R08: 0000000000000000 R09: 0000557efa46fe70 [ 551.860356][ C1] R10: 00007febcd0b5a10 R11: 0000000000000246 R12: 0000000000000000 [ 551.860367][ C1] R13: 0000000000000000 R14: 0000000000000000 R15: 0000557efa46fea4 [ 551.860384][ C1] [ 551.860643][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 552.490354][ T30] CPU: 0 PID: 30 Comm: khungtaskd Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0 [ 552.500250][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 552.510313][ T30] Call Trace: [ 552.513606][ T30] [ 552.516553][ T30] dump_stack_lvl+0x241/0x360 [ 552.521338][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 552.526553][ T30] ? __pfx__printk+0x10/0x10 [ 552.531152][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 552.537150][ T30] ? vscnprintf+0x5d/0x90 [ 552.541491][ T30] panic+0x349/0x860 [ 552.545408][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 552.551576][ T30] ? __pfx_panic+0x10/0x10 [ 552.556001][ T30] ? tick_nohz_tick_stopped+0x82/0xb0 [ 552.561393][ T30] ? __irq_work_queue_local+0x137/0x410 [ 552.567011][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 552.572395][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 552.578566][ T30] ? nmi_trigger_cpumask_backtrace+0x2d4/0x320 [ 552.584736][ T30] ? nmi_trigger_cpumask_backtrace+0x2d9/0x320 [ 552.590906][ T30] watchdog+0x101d/0x1020 [ 552.595250][ T30] ? watchdog+0x1ea/0x1020 [ 552.599688][ T30] ? __pfx_watchdog+0x10/0x10 [ 552.604377][ T30] kthread+0x2f0/0x390 [ 552.608457][ T30] ? __pfx_watchdog+0x10/0x10 [ 552.613159][ T30] ? __pfx_kthread+0x10/0x10 [ 552.617765][ T30] ret_from_fork+0x4b/0x80 [ 552.622198][ T30] ? __pfx_kthread+0x10/0x10 [ 552.626808][ T30] ret_from_fork_asm+0x1a/0x30 [ 552.631601][ T30] [ 553.755412][ T30] Shutting down cpus with NMI [ 553.761025][ T30] Kernel Offset: disabled [ 553.765528][ T30] Rebooting in 86400 seconds..