last executing test programs: 14.493222656s ago: executing program 1 (id=127): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x401d031, 0xffffffffffffffff, 0x0) r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000140)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000240)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000280)={0x28, 0x7, r3, 0x0, &(0x7f0000ffb000/0x3000)=nil, 0x3000}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r2}) ioctl$IOMMU_TEST_OP_ACCESS_RW(r1, 0x3ba0, &(0x7f0000000540)={0x48, 0x8, 0xffffffffffffffff, 0x0, 0xff, 0x1, &(0x7f0000000480)="ae"}) 14.098109692s ago: executing program 1 (id=129): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x40000000000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x0, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x22, 0x2, 0x11) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x40, 0x10, 0x503, 0x0, 0x0, {0x0, 0xcf}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @gtp={{0x8}, {0x14, 0x2, 0x0, 0x1, {{0x8, 0x1, r4}, {0x8}}}}}]}, 0x40}}, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r5}, 0x10) setns(0xffffffffffffffff, 0x2000000) madvise(&(0x7f000036c000/0x1000)=nil, 0x1000, 0x16) r6 = syz_open_procfs$pagemap(0x0, &(0x7f0000000040)) mlock(&(0x7f00001e8000/0x4000)=nil, 0x4000) ioctl$PAGEMAP_SCAN(r6, 0xc0606610, &(0x7f00000004c0)={0x60, 0x0, &(0x7f0000165000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x0, &(0x7f0000000280)=[{}], 0x1, 0x4, 0x0, 0x0, 0x26}) r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) r8 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$join(0x1, &(0x7f00000003c0)={'syz', 0x1}) add_key$keyring(&(0x7f0000000340), 0x0, 0x0, 0x0, r8) r9 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r7, r9, 0x0, 0x20000023896) r10 = socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r10, &(0x7f0000000380)={0x0, 0xffffffffffffffb9, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYRES64=r6, @ANYRES16=r11, @ANYBLOB="0100000000000000000001000500050007000000000008000900000000001400200020000000000000000000e1ffe000000108000a0000000000060002000100000014001f"], 0x5c}, 0x1, 0x6c}, 0x8820) sendmsg$L2TP_CMD_SESSION_CREATE(r9, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000440)=ANY=[@ANYRESHEX=0x0, @ANYRES16=r11, @ANYBLOB="0004e18416128bcf04314bdde099ce292cbd7000fc083f721f44662276c405de6810df250500005b8c000700030000000c000f00efe400000000040008000c00020000009d629c34b0aa1900062d2b5541274cdb351a9413ef396a463359e544697d2cc8ce", @ANYRES32], 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x4000000) 7.069418412s ago: executing program 1 (id=143): r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000e5cf01406e0510401c20000000010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x7, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="85000000bf000000720a00ff000000007900580e00000000950000000000000018100000", @ANYRES32, @ANYBLOB="00000000000000c5cf000000000000009500000800000000"], &(0x7f0000000140)='GPL\x00', 0x2, 0xffa0, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x1e, 0x10, 0x0, 0x1e}, 0x2d) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000b80)={0x84, &(0x7f0000000340)=ANY=[@ANYBLOB="00000100"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, &(0x7f0000000700)={0x2c, &(0x7f0000000540)={0x40, 0x7, 0x7b, {0x7b, 0x24, "0a5097ccf6015a6932806b3275520179189617f3518a2486ed73f81bf29c017bfd0cab6c3d598396c6c693dd1175f69c50a90e990648322bae846e079c63d0fd350b5de8c544d16b56414b0047641f22aab27a73dfdb14c547dc3a6d86eade33020563da0fc605a5533ac0b8f30d905c3c3bb8515cea778599"}}, &(0x7f0000000600)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x2809}}, &(0x7f0000000640)={0x0, 0xf, 0x5, {0x5, 0xf, 0x5}}, &(0x7f0000000680)={0x20, 0x29, 0xf, {0xf, 0x29, 0x3f, 0x80, 0x40, 0x3, "1387a668", "a45caed7"}}, &(0x7f00000006c0)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0xff, 0x8, 0x21, 0x6, 0x1, 0x6, 0x9}}}, &(0x7f0000000c80)={0x84, &(0x7f0000000740)={0x0, 0x5, 0x9f, "9db73eecaade449a1bdb471bf177c5b1b9bd728f20ceb96c3c04e5d4c48dbe439fe1aba0f57a75f0833f51a81d0fdc637346fd5de966134ec14ef81e28091bbfae64c4541958bdd2f93948e3316c74c704c992599785b117956372ebe845512d090d2c391b497d1f64871cd1e3f5cd7bcb9477fc373f0a2ba73ac2a2225b7eb905ccaacc83725140e677a4561459e949ee0d3a347e94f6c6ac3ac54a9176dd"}, &(0x7f0000000800)={0x0, 0xa, 0x1, 0x4}, &(0x7f0000000d40)={0x0, 0x8, 0x1, 0xa1}, &(0x7f0000000880)={0x20, 0x0, 0x4, {0x0, 0x1}}, &(0x7f00000008c0)={0x20, 0x0, 0x4, {0x1c00, 0x20}}, &(0x7f0000000900)={0x40, 0x7, 0x2, 0x8}, &(0x7f0000000940)={0x40, 0x9, 0x1}, &(0x7f0000000980)={0x40, 0xb, 0x2, "f319"}, &(0x7f0000000840)={0x40, 0xf, 0x2, 0x80}, &(0x7f0000000a00)={0x40, 0x13, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}}, &(0x7f0000000a40)={0x40, 0x17, 0x6, @random="b1c865b2f5df"}, &(0x7f0000000a80)={0x40, 0x19, 0x2, "e384"}, &(0x7f0000000ac0)={0x40, 0x1a, 0x2, 0xb0e9}, &(0x7f0000000b00)={0x40, 0x1c, 0x1, 0xf9}, &(0x7f0000000b40)={0x40, 0x1e, 0x1, 0x6f}, &(0x7f0000000c40)={0x40, 0x21, 0x1, 0xb3}}) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000440)={0x44, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00+2'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, &(0x7f0000000180)={0x14, &(0x7f0000000080)={0x20, 0x7, 0xc4, {0xc4, 0x31, "abb2821e2ecea26d44acbfb2d1be7993c75270e68f5242d53aea20452a654dc07ed80e3e5b5308215526321687642b77238eb582c38a819cb523f0673519e2d5b11340c1966cccf468c4dcf5736890d1056b6c0dc535b9db3658ae539570b1d41f6ce7fcdda7a8bbbfa02dacb7b90d5ee6d3480beaa0b1f6997977ef4a9ced893566d6b36dbbc92408429b948e8e886af38c2b00fd234cc13d06f4cc78729864e97b5c6eecec61e8b1511b12a7d9f703db3ce9d640cca9889336ca7e8b85a2c94dcb"}}, &(0x7f0000000000)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x44a}}}, &(0x7f0000000500)={0x34, &(0x7f00000001c0)={0x40, 0x13, 0xb7, "f2db70d613de9615bda844a7865b121964443143e8e6e36bd07f21b1cc3d1beaa37edc1e607b9215161a66653f7c08f8aa734766a63e380728c73672c349ef8448a0e6f38d2fa2a75baa05b64539953ae799756980822bed20c4cdf1dba07a0d3529c55ef9100e0be77937bfe7b76716413b657dba7c3f228e63e78329045d0c172a5bdcb1fe3fbb789695545e4119146b1016271ef5bc5df1fb9bd09db8713fbae54654d457cfd78e404b5944421bd29d0b9402a65a42"}, &(0x7f0000000280)={0x0, 0xa, 0x1, 0x6}, &(0x7f0000000300)={0x0, 0x8, 0x1, 0x7f}, &(0x7f0000000380)={0x20, 0x0, 0x6d, {0x6b, "acde4b23d263a0f66e4f8efcf45d127d7c070e538f3e63e85e57c7063baa1ecd96fec8045fc044a6ee115542b1e76d31a6d789eb55acc4a4fbe22107fd24441b3404beb7a4743717b80fc511d96e94dffe5fb1999d826b073ccf8d9b8ecc9dc123d86cde07a185e50f35df"}}, &(0x7f0000000400)={0x20, 0x1, 0x1, 0xd8}, &(0x7f00000004c0)={0x20, 0x0, 0x1, 0x2}}) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0xd, 0xb, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020752500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000006b00000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_usb_control_io$hid(r0, &(0x7f0000000140)={0x24, &(0x7f0000000000)={0x20, 0x21, 0xc, {0xc, 0xc, "bf69bbb898a2d9cdf9ee"}}, &(0x7f0000000d80)=ANY=[@ANYBLOB="ffff0f00000004a573c06594e295b85067926c1049609103200875ed5527d54189fb73348873de464328c7f39d41fdbb9345af6e3e44efb251ee9ae2f23de7122937dc042a75715f1df808762435b7c20ff10df7f258ee4a58a3227449cf24187544b78c25e27d4bb6b92fe99ec553a680777b78729f7bed6db2b574820857da59bca29bc80cfd"], &(0x7f00000000c0)={0x0, 0x22, 0x5, {[@local=@item_4={0x3, 0x2, 0x2, "bbf88004"}]}}, &(0x7f0000000100)={0x0, 0x21, 0x9, {0x9, 0x21, 0x8, 0x7, 0x1, {0x22, 0xc39}}}}, &(0x7f00000003c0)={0x2c, &(0x7f00000001c0)={0x40, 0xf, 0x13, "e00325852dad1f871b42983f0426f9fe7ab276"}, &(0x7f0000000240)={0x0, 0xa, 0x1, 0xca}, &(0x7f0000000280)={0x0, 0x8, 0x1, 0x5}, &(0x7f00000002c0)={0x20, 0x1, 0x8c, "0a36f4e5e41c6f276ce9764703201b67eb7a3f8122ffcc386f713f99801b123796bfbe317b611b5f44a5c4368581ea7fa184d7abb1eafe81f68d5dd7cf5d874dbbe914fccce6b4f437f88117f60775d6a608420c3750067ef5084559312fa68874f6de4dd45817a01d9183cb75f0cb095e41b32229f7e58b09b5396c5d2d6ede69d77d07577d57657b0f47df"}, &(0x7f0000000380)={0x20, 0x3, 0x1, 0x8}}) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_opts(r1, 0x0, 0x80000000000008, 0x0, 0x0) getsockopt$inet_opts(r1, 0x0, 0x9, &(0x7f0000000200)=""/49, &(0x7f0000000080)=0x31) 3.684748165s ago: executing program 1 (id=153): r0 = memfd_secret(0x0) close_range(r0, 0xffffffffffffffff, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) write$FUSE_NOTIFY_DELETE(r0, &(0x7f0000000140)=ANY=[], 0x53) 3.478280805s ago: executing program 1 (id=155): r0 = syz_open_dev$vcsu(&(0x7f0000000080), 0x0, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) close(0xffffffffffffffff) setsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) close(r0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000003c0)={'vxcan0\x00'}) 3.270402985s ago: executing program 1 (id=158): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz0\x00'}, 0x45c) ioctl$UI_SET_PROPBIT(r0, 0x5501, 0x0) write$input_event(r0, &(0x7f00000005c0), 0x200005d8) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11}, &(0x7f0000000700)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) ioctl$UI_DEV_CREATE(r0, 0x5501) 2.646646763s ago: executing program 0 (id=167): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="4c0000001000210400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800e00010069703665727370616e0000001800028008000c000000000006000200f7"], 0x4c}}, 0x0) 2.446039428s ago: executing program 3 (id=169): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)) socket$kcm(0x2b, 0x1, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) ppoll(&(0x7f0000000500)=[{r0}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0) 2.265977406s ago: executing program 0 (id=171): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) 2.082987945s ago: executing program 0 (id=174): socket(0x0, 0x0, 0x0) sendmmsg$inet_sctp(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040)) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f0000000040)=0x2800, 0x4) socket$inet_sctp(0x2, 0x0, 0x84) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7654}]}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0) getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000380), &(0x7f00000003c0)=0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000300)='hybla\x00', 0x6) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1c}}, 0x10) sendmsg$inet(r0, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0xffffff1f}], 0x1}, 0x0) recvmsg(r0, &(0x7f0000000580)={0x0, 0x2, &(0x7f0000000500)=[{&(0x7f0000000740)=""/4096, 0xa15b0}], 0x1, 0x0, 0x2000000000000}, 0x700) 1.537708693s ago: executing program 2 (id=177): r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$sock_buf(r0, 0x1, 0x48, 0x0, &(0x7f00000003c0)) 1.485998956s ago: executing program 3 (id=178): socket$nl_rdma(0x10, 0x3, 0x14) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000008200000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10) sendto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_KEY_SET(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000000000000000005"], 0x54}}, 0x0) 1.325028776s ago: executing program 2 (id=179): r0 = gettid() r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, "7f12ddc1517600"}) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000200)=0x2) read(r2, 0x0, 0x2006) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)) r3 = dup(r2) ioctl$DRM_IOCTL_MODE_SETGAMMA(r3, 0xc02064a5, 0x0) tkill(r0, 0x7) 1.198474264s ago: executing program 3 (id=180): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x14, 0x35, 0x107, 0x0, 0x0, {0xe, 0x7c}}, 0x14}}, 0x0) 1.179220056s ago: executing program 4 (id=181): syz_extract_tcp_res$synack(0x0, 0x1, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x6, 0x4, &(0x7f0000000040)=@framed={{0x18, 0x2, 0x0, 0x0, 0xffffffff}, [@call={0x85, 0x0, 0x0, 0x36}]}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x48) 1.080014149s ago: executing program 3 (id=182): r0 = socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$inet_int(r0, 0x10d, 0xfd, &(0x7f0000000040), &(0x7f0000000080)=0x4) 1.041375428s ago: executing program 2 (id=183): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x24, r0, 0x1, 0x0, 0x0, {{0x6c}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x24}}, 0x0) 918.387079ms ago: executing program 4 (id=184): r0 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r0, &(0x7f0000000040)=[{&(0x7f0000000200)="580000001400192340834b80040d8c560a0677bc45ff810500000000000058000b480400945f64009400050028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010002081000418e00000004fcff", 0x58}], 0x1) 875.509086ms ago: executing program 3 (id=185): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'erspan0\x00', &(0x7f0000000140)=@ethtool_pauseparam={0x13, 0x0, 0xfffffffd}}) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x41071, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0xf, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003940)=[{{0x0, 0x0, 0x0}, 0x5}], 0x1, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) socket$packet(0x11, 0x0, 0x300) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r3 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r2, &(0x7f0000003040)={@val={0x8, 0x800}, @val, @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x89, 0x0, @rand_addr, @multicast2=0xe0000001}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}, 0x36) 819.646409ms ago: executing program 0 (id=186): socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000b40)=ANY=[@ANYBLOB="b7020000910c0000bfa30000000000000703000000feffff7a0af0ff0000000079a4f0ff00000000b7060000ffffffff2d640500000000006504040001000101040400000d000000b7030000010000006a0a00fe000000008500000032000000b700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000cb4500639100002000000000000000f77f0000b52f17789b0cce7ae45d49787651fb0000000000cb2897096d4504fcbb0b9bafe3ba431351a58a885ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000000000008062d7cef4a2ab938f65aac33c4d620de2c9b7dc00000000f9f57606b83b994fb484510bef2e4872f5c2fe6faaf75e5cc4051af712f41deff6df6a936b4ec382f11cc2afb53611cc32a790bc0b80e80eae8f5e64be2c9d2d29db3d36dd015c7bd3f15aa6aadbeab2a01685108e61aa000000000000000000000000008b798b4f7458d18692e01505672e93a14b8dd8ddd63cc67c4c6a06e828e5216f601b19db1af1b5d356d0f062137d866d11be4ba3f0151fdbbd4e97d62ecc645e143a60f1c6edc76609073909826151e2b42bf0ed0c8cef3ba2a730a00c87c493db845b10e93e8bda6f82881eb8c9cfa72b08eecc952a3fd2c4bfea3b8d188df2eff8d56aaae7d32a2e183722537395019f02ec4b85f6aad7faca088de9b26700a8446b16c28d85f225992dbdd5bb01ba51508951c7a3d6ca0916c3a12912715649c2b1c7192a4251b59d378d0616a48c7957e122665c8b7e89eddfc3783f6c9129a7c5f8ee5f50579e2f638f7eb12f63be72a3d817b324d6e417b1c2cbfdcada0a16e31790e26cf19588a7e0496ee2782224cf30f810da86cf1a3204f4c90000000021a4fefc4d1c9139ca4b65b944ada8a0523c9909950000006b420600040000cb2717e21f8f187b1866108b6e8c71e26032176066599783568628f0309c3a01716d3706e1fa89917e131f4034a8383e99c3568fd04201b37cd92ca6ebf94a2d8310f7032775cfd75652f87b039d5430b3c6645ec53e9146d2478ce313dd7cee65effae25b397a6ab95efb96cfe187d9ae7f865be41943adaf4913db6f3859ba435a3a18c08a7feff1960a7176ed5c097e9f21244114700e3f543ec45050c72f48958dd0c9b417726276b9b37586cf9816c4a4994dca4b27ab6700001f5ec52551a74c3598ce8dc385372eb963279993ddf7bc82540334d434877a841523d676c844e72466208dd0c55fcadb69e09459e106d86a57c78e3352b948168444ff1d84bb55855dd574aa32ebbbfea7271c42c314e807d526550ae2479174b18855e33c747b3ba1781d35485b9121fbaa640156562fa3cf3b498283c5100b006b177985431546ff0602660c7ff32696b1f01f27a0e914769cbdedbaf23367d57742"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000100), 0x10}, 0x14) unshare(0x20040600) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000005580)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0ebe097fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822a0269a660e717a04becff0f7191070000000000002ea37e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7ae22e16c6c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85ecb29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bba3d005585bf07d70e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225c380fac12f8205d182f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05fea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800000000000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351ba332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d96ee1b84bb64b14aebc6b5194c55dd6890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56bd86acb7654a195bc3e98df3a5dffd5b07838a3ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a139d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fcc49a729f11ab377f7132c543d29646a9378eea0761b7ed9d2172e33ed87c6513c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828bf209d0ed9829dec16ab67a4f59a504e09f55ab82bbd405087a17a229a149c53ee9145500db213cb36489a10957739e481a756e65bde579bbbfb404213f661eeaaffacbcfbf"], &(0x7f0000000100)='GPL\x00'}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000000)={@map=r0, r1, 0x2f, 0x4, 0x4, @prog_fd}, 0x20) 749.140811ms ago: executing program 4 (id=187): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) getsockname(r0, &(0x7f00000002c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private2}}}, &(0x7f00000000c0)=0x80) ioctl$FS_IOC_GETFSLABEL(r1, 0x5450, 0x0) 674.324867ms ago: executing program 2 (id=188): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x989680}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) write$binfmt_script(r1, &(0x7f0000000200)={'#! ', '', [{0x20, '#!2'}, {0x20, '#! '}, {0x20, '/proc/sys/net/ipv4/tcp_congestion_control\x00'}, {}], 0xa, "8855d1bef46f70e481dbdabbfc3bcc3f005c1079e7344e4392717247b88b05708cd1663511237737ac00004c03fa9d00005380"}, 0xfffffe59) sendmsg$unix(r1, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000002c0)='c', 0x1}], 0x1}, 0x0) close(r1) rt_sigreturn() clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) r3 = gettid() clock_nanosleep(0x0, 0x0, &(0x7f0000000000)={0x77359400}, 0x0) tkill(r3, 0x7) timer_settime(0x0, 0x1, &(0x7f0000000080)={{0x77359400}, {0x0, r2+60000000}}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write$P9_RREADDIR(r4, &(0x7f0000000080), 0x1001f) 462.134508ms ago: executing program 4 (id=189): r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$sock_buf(r0, 0x1, 0x48, 0x0, &(0x7f00000003c0)) 447.909817ms ago: executing program 2 (id=190): r0 = socket$inet(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @broadcast}, 0x10) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) futex(&(0x7f0000000700)=0x2, 0x0, 0x2, &(0x7f0000000740)={0x0, 0x3938700}, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000280)=@file={0x1, './file0/file0\x00'}, 0x6e) r2 = socket$inet6(0xa, 0x1, 0x0) connect$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote}, 0x1c) sendmsg$inet(r2, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001300)={0x0, 0x1e, &(0x7f0000000080)=[{&(0x7f0000000280)=ANY=[], 0x10}], 0x1}, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) clock_gettime(0x0, &(0x7f00000001c0)={0x0, 0x0}) rt_sigreturn() timer_settime(0x0, 0x1, &(0x7f0000000100)={{}, {r3, r4+60000000}}, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff}) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) tee(r5, r6, 0x100000af5, 0x0) sendmmsg$inet(r0, &(0x7f0000001a80), 0x1, 0x0) 326.260614ms ago: executing program 0 (id=191): r0 = gettid() timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) poll(0x0, 0x0, 0x401) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) rt_sigreturn() poll(0x0, 0x0, 0x64) rt_sigreturn() rt_sigtimedwait(&(0x7f0000000180), 0x0, &(0x7f00000002c0)={0x0, 0x3938700}, 0x8) r1 = memfd_create(&(0x7f00000003c0)='\xc0\x87:*\x18\xc1k\xa9\x87[\xa0o8\xaaK\xa5\xd3\v\x86\xca<\x7f\xfd6\x8d}\xd8\xf2G\xb8\xeae)\x90\x86\xe3\x96\b\xe0\xfa\xb1\xd8N\xb2W\xcb\x8d}3lm8\xa57\xc9\x00HOA\xc8\x80kR\xfc\xcb%u3\xec\xde%\x00]\xd8\xebD\x00\x00\x00\x00\x00\x00\x00\x80\xb1\x9aF\xe2\xba[\xc7%\x88 \xeeQR\x9f\x81\x8b\xdc\xc7\xdc\xdem\xbe\x7f2\x11)\b6\x86\xc8\xe9/\x19w4\x9f\xc5*T\x1e^\xf7o\xff\xff\xff\xffwI\x02\xf3\xe7\x8d.\xd1=\xcf\xbf\x81\xb5\x8d%K\x1d\xe7_\xde\x87\xdd\xc1\x15\x0e\x00\x00\x9c\xd3\v\xc9\x95d\xe3*\xa9\xfa\x99\x9d\xb8\x89>\xc9\xf2/\x13{\x1a\x7f\x00\x00\x00\x00+$\xedX\xb7KV\x90\xc3D\x82`\xea\x16\xc6\xce\x83\xab\x05\x19-\xf3\x8c\x9a\x15\x9c\xf5\xb4O\x17@d\x81+\xf6\xe6+\xed\r\xd2\xb3\xaa\x9b\x7fC\'\xa2\xf6\x12\xa1\x15Punfo\x7f\x92G\x0e.\xce\xd8h\xb9p2\xccC\xbaH\xc4\xdc\xe2\xa1%)\x85\xc7O]\'9\x92\xad\xfbJ\x02\b\x91-\xc99\t&\xbdq\x06`T\xc8\x92\xaf\xad\x06\xdd\xaf\x84\xf4\"\x13\xcf\xe5\x93D\xad~F\xe5\x19\xaa\xaa\xb2\xb1\x03m\x82+\x06\x1bF^\xd3n\xc4F\xc1\xc08\x94\xe6\xe5\x1f\xa7\xf6\xcaA\x90T\xc7\x10\xe6\xb9\xe7\xff\xc5H\x04\x8d\xca\xad\x17UlY\x9a}\r4\xac\x93\xac\v2\xc6\xf9\xbe\xfeI\x8b\xd4/`\xabh~\xcb\xb9E\x10W\xed\xed51[\xc5\xeb\xb1ux\x94', 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x5, 0x11, r1, 0x0) fallocate(r1, 0x0, 0x0, 0x800000a) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$BINDER_FREEZE(r2, 0x5452, &(0x7f00000000c0)) 246.447108ms ago: executing program 4 (id=192): r0 = syz_open_procfs$userns(0xffffffffffffffff, 0x0) ioctl$TIOCL_BLANKSCREEN(0xffffffffffffffff, 0x5452, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x0) close(0xffffffffffffffff) ioctl$FIONCLEX(r0, 0x5450) recvfrom$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = mq_open(&(0x7f0000001100)='\\%\x00', 0x40, 0x0, 0x0) listen(0xffffffffffffffff, 0x0) fcntl$F_SET_FILE_RW_HINT(r1, 0x3, 0x0) 123.920532ms ago: executing program 3 (id=193): r0 = gettid() r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, "7f12ddc1517600"}) r2 = syz_open_pts(r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000200)=0x2) read(r2, 0x0, 0x2006) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)) r3 = dup(r2) ioctl$DRM_IOCTL_MODE_SETGAMMA(r3, 0xc02064a5, 0x0) tkill(r0, 0x7) 70.32304ms ago: executing program 2 (id=194): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) inotify_init1(0x0) setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000000000)={0x0, {{0x2, 0x0, @multicast1}}}, 0x88) r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6410, 0x0, 0x48, 0x0, &(0x7f0000000000)='\x00', 0x0}, 0x48) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETPRL(0xffffffffffffffff, 0x89f4, 0x0) 47.249352ms ago: executing program 0 (id=195): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000200000000000000006b79009500000000000000"], &(0x7f00000001c0)='syzkaller\x00'}, 0x80) r1 = socket$packet(0x11, 0x2, 0x300) bpf$ENABLE_STATS(0x20, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000002c0)={r0, r2, 0x25, 0x2, @val=@iter={0x0}}, 0x40) syz_emit_ethernet(0x36, &(0x7f0000000240)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5}}}}}}, 0x0) 0s ago: executing program 4 (id=196): socket(0x0, 0x0, 0x0) sendmmsg$inet_sctp(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040)) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f0000000040)=0x2800, 0x4) socket$inet_sctp(0x2, 0x0, 0x84) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7654}]}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0) getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000380), &(0x7f00000003c0)=0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000300)='hybla\x00', 0x6) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1c}}, 0x10) sendmsg$inet(r0, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0xffffff1f}], 0x1}, 0x0) recvmsg(r0, &(0x7f0000000580)={0x0, 0x2, &(0x7f0000000500)=[{&(0x7f0000000740)=""/4096, 0xa15b0}], 0x1, 0x0, 0x2000000000000}, 0x700) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.201' (ED25519) to the list of known hosts. [ 67.820308][ T5071] cgroup: Unknown subsys name 'net' [ 67.963856][ T5071] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 69.607973][ T5071] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 71.437633][ T1244] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.447862][ T1244] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.892555][ T5087] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 71.940092][ T5096] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 71.947506][ T5096] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 71.955694][ T5096] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 71.963619][ T5096] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 71.971747][ T5096] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 71.975048][ T5099] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 71.980015][ T5096] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 71.993471][ T5101] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 71.993793][ T5096] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 72.002428][ T5099] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 72.008585][ T5096] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 72.015738][ T5099] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 72.021970][ T5096] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 72.029423][ T5099] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 72.037574][ T5096] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 72.043195][ T5099] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 72.049738][ T5096] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 72.056434][ T5101] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 72.064921][ T5096] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 72.072375][ T5101] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 72.077450][ T5096] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 72.084888][ T5101] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 72.091264][ T5096] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 72.099086][ T5101] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 72.105672][ T5096] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 72.111764][ T5103] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 72.121274][ T5096] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 72.143371][ T5103] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 72.144748][ T5096] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 72.721700][ T5083] chnl_net:caif_netlink_parms(): no params data found [ 72.734875][ T5082] chnl_net:caif_netlink_parms(): no params data found [ 72.781067][ T5095] chnl_net:caif_netlink_parms(): no params data found [ 72.941068][ T5085] chnl_net:caif_netlink_parms(): no params data found [ 72.968617][ T5081] chnl_net:caif_netlink_parms(): no params data found [ 73.015714][ T5083] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.023448][ T5083] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.031014][ T5083] bridge_slave_0: entered allmulticast mode [ 73.038640][ T5083] bridge_slave_0: entered promiscuous mode [ 73.053665][ T5083] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.060993][ T5083] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.068355][ T5083] bridge_slave_1: entered allmulticast mode [ 73.075405][ T5083] bridge_slave_1: entered promiscuous mode [ 73.086705][ T5082] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.093839][ T5082] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.101174][ T5082] bridge_slave_0: entered allmulticast mode [ 73.108129][ T5082] bridge_slave_0: entered promiscuous mode [ 73.116816][ T5082] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.123963][ T5082] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.131710][ T5082] bridge_slave_1: entered allmulticast mode [ 73.140479][ T5082] bridge_slave_1: entered promiscuous mode [ 73.240063][ T5083] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.263765][ T5082] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.282115][ T5082] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 73.318320][ T5083] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 73.339790][ T5095] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.347105][ T5095] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.354710][ T5095] bridge_slave_0: entered allmulticast mode [ 73.362036][ T5095] bridge_slave_0: entered promiscuous mode [ 73.407329][ T5095] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.416707][ T5095] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.423831][ T5095] bridge_slave_1: entered allmulticast mode [ 73.431361][ T5095] bridge_slave_1: entered promiscuous mode [ 73.464317][ T5085] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.471468][ T5085] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.478753][ T5085] bridge_slave_0: entered allmulticast mode [ 73.486172][ T5085] bridge_slave_0: entered promiscuous mode [ 73.497559][ T5083] team0: Port device team_slave_0 added [ 73.517088][ T5082] team0: Port device team_slave_0 added [ 73.533176][ T5085] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.540668][ T5085] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.548457][ T5085] bridge_slave_1: entered allmulticast mode [ 73.555406][ T5085] bridge_slave_1: entered promiscuous mode [ 73.563884][ T5083] team0: Port device team_slave_1 added [ 73.583422][ T5095] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.601524][ T5082] team0: Port device team_slave_1 added [ 73.645552][ T5095] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 73.674164][ T5081] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.684413][ T5081] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.691535][ T5081] bridge_slave_0: entered allmulticast mode [ 73.699040][ T5081] bridge_slave_0: entered promiscuous mode [ 73.719365][ T5083] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 73.726522][ T5083] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.752520][ T5083] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 73.778766][ T5095] team0: Port device team_slave_0 added [ 73.797707][ T5081] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.805106][ T5081] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.812215][ T5081] bridge_slave_1: entered allmulticast mode [ 73.819765][ T5081] bridge_slave_1: entered promiscuous mode [ 73.839543][ T5085] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.861846][ T5083] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 73.868917][ T5083] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.895140][ T5083] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 73.907901][ T5095] team0: Port device team_slave_1 added [ 73.925635][ T5082] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 73.932579][ T5082] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.958550][ T5082] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 73.971105][ T5082] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 73.978087][ T5082] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.004015][ T5082] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 74.017224][ T5085] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.039301][ T5081] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 74.051480][ T5081] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.084416][ T5095] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 74.091374][ T5095] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.117370][ T5095] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 74.150074][ T5085] team0: Port device team_slave_0 added [ 74.156634][ T5100] Bluetooth: hci3: command tx timeout [ 74.164335][ T5100] Bluetooth: hci0: command tx timeout [ 74.191316][ T5095] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 74.198661][ T5095] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.224620][ T5095] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 74.235703][ T5100] Bluetooth: hci4: command tx timeout [ 74.244718][ T5100] Bluetooth: hci2: command tx timeout [ 74.244738][ T5103] Bluetooth: hci1: command tx timeout [ 74.258064][ T5085] team0: Port device team_slave_1 added [ 74.280326][ T5081] team0: Port device team_slave_0 added [ 74.289378][ T5081] team0: Port device team_slave_1 added [ 74.323402][ T5082] hsr_slave_0: entered promiscuous mode [ 74.330570][ T5082] hsr_slave_1: entered promiscuous mode [ 74.407080][ T5083] hsr_slave_0: entered promiscuous mode [ 74.413932][ T5083] hsr_slave_1: entered promiscuous mode [ 74.420443][ T5083] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 74.428617][ T5083] Cannot create hsr debugfs directory [ 74.464012][ T5095] hsr_slave_0: entered promiscuous mode [ 74.473208][ T5095] hsr_slave_1: entered promiscuous mode [ 74.479564][ T5095] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 74.487825][ T5095] Cannot create hsr debugfs directory [ 74.493999][ T5085] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 74.501370][ T5085] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.527780][ T5085] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 74.540364][ T5085] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 74.547341][ T5085] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.573265][ T5085] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 74.597437][ T5081] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 74.604687][ T5081] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.630683][ T5081] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 74.647486][ T5081] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 74.654707][ T5081] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 74.680626][ T5081] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 74.769697][ T5081] hsr_slave_0: entered promiscuous mode [ 74.779526][ T5081] hsr_slave_1: entered promiscuous mode [ 74.785886][ T5081] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 74.793439][ T5081] Cannot create hsr debugfs directory [ 74.851986][ T5085] hsr_slave_0: entered promiscuous mode [ 74.858936][ T5085] hsr_slave_1: entered promiscuous mode [ 74.868590][ T5085] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 74.876699][ T5085] Cannot create hsr debugfs directory [ 75.286016][ T5095] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 75.310634][ T5095] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 75.321582][ T5095] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 75.344062][ T5095] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 75.362642][ T5083] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 75.395862][ T5083] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 75.405933][ T5083] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 75.417716][ T5083] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 75.505822][ T5085] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 75.541680][ T5085] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 75.554059][ T5085] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 75.579341][ T5085] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 75.641988][ T5082] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 75.652079][ T5082] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 75.692276][ T5082] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 75.714752][ T5095] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.721612][ T5082] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 75.783728][ T5081] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 75.799502][ T5081] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 75.810497][ T5081] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 75.840923][ T5095] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.850420][ T5081] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 75.889161][ T5139] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.896556][ T5139] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.931374][ T5092] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.938522][ T5092] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.972720][ T5083] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.053261][ T5083] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.079587][ T5085] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.108327][ T5140] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.115475][ T5140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.176625][ T5092] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.183886][ T5092] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.244881][ T5103] Bluetooth: hci3: command tx timeout [ 76.250375][ T5100] Bluetooth: hci0: command tx timeout [ 76.260439][ T5085] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.282798][ T5081] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.297035][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.304151][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.315950][ T5100] Bluetooth: hci2: command tx timeout [ 76.321382][ T5100] Bluetooth: hci4: command tx timeout [ 76.327046][ T5103] Bluetooth: hci1: command tx timeout [ 76.340423][ T5082] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.365539][ T5140] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.372717][ T5140] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.426857][ T5082] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.445424][ T5081] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.485500][ T5140] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.492629][ T5140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.506572][ T5140] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.513690][ T5140] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.540735][ T5140] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.547885][ T5140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.594837][ T5140] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.602023][ T5140] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.639131][ T5095] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.972218][ T5095] veth0_vlan: entered promiscuous mode [ 77.073598][ T5095] veth1_vlan: entered promiscuous mode [ 77.090517][ T5083] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 77.205796][ T5085] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 77.261073][ T5095] veth0_macvtap: entered promiscuous mode [ 77.320487][ T5081] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 77.346281][ T5095] veth1_macvtap: entered promiscuous mode [ 77.372998][ T5082] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 77.390314][ T5083] veth0_vlan: entered promiscuous mode [ 77.442696][ T5095] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 77.469369][ T5095] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.517869][ T5083] veth1_vlan: entered promiscuous mode [ 77.540018][ T5095] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.553447][ T5095] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.569514][ T5095] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.578776][ T5095] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.638716][ T5085] veth0_vlan: entered promiscuous mode [ 77.681980][ T5085] veth1_vlan: entered promiscuous mode [ 77.713383][ T5083] veth0_macvtap: entered promiscuous mode [ 77.731296][ T5081] veth0_vlan: entered promiscuous mode [ 77.772160][ T5083] veth1_macvtap: entered promiscuous mode [ 77.809086][ T5081] veth1_vlan: entered promiscuous mode [ 77.861516][ T5085] veth0_macvtap: entered promiscuous mode [ 77.912082][ T5085] veth1_macvtap: entered promiscuous mode [ 77.938193][ T5083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 77.949057][ T5083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.960573][ T5083] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 77.981080][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.989180][ T5085] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 77.989218][ T5085] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.989230][ T5085] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 77.989244][ T5085] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.990702][ T5085] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 78.045060][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.057934][ T5083] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.068511][ T5083] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.080714][ T5083] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 78.117543][ T5083] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.127376][ T5083] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.136782][ T5083] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.148240][ T5083] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.184986][ T5081] veth0_macvtap: entered promiscuous mode [ 78.191838][ T5085] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.202313][ T5085] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.213044][ T5085] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.224467][ T5085] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.236595][ T5085] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 78.261964][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.272592][ T5081] veth1_macvtap: entered promiscuous mode [ 78.278906][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.290867][ T5082] veth0_vlan: entered promiscuous mode [ 78.309590][ T5085] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.319490][ T5096] Bluetooth: hci3: command tx timeout [ 78.325061][ T5100] Bluetooth: hci0: command tx timeout [ 78.331819][ T5085] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.340587][ T5085] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.349766][ T5085] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.378271][ T5082] veth1_vlan: entered promiscuous mode [ 78.395064][ T5100] Bluetooth: hci4: command tx timeout [ 78.400493][ T5100] Bluetooth: hci1: command tx timeout [ 78.406829][ T5096] Bluetooth: hci2: command tx timeout [ 78.466393][ T5081] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 78.479499][ T5081] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.492355][ T5081] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 78.502961][ T5081] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.513464][ T5081] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 78.524042][ T5081] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.535968][ T5081] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 78.547729][ T5081] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.558855][ T5081] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.568713][ T5081] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.579259][ T5081] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.589376][ T5081] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 78.601711][ T5081] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 78.613547][ T5081] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 78.696119][ T5170] cgroup: noprefix used incorrectly [ 78.731254][ T5081] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.750219][ T5081] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.771842][ T5081] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.784961][ T5081] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.803011][ T5082] veth0_macvtap: entered promiscuous mode [ 78.812839][ T5100] Bluetooth: hci4: ISO packet for unknown connection handle 0 [ 78.863313][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.877501][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.929016][ T5082] veth1_macvtap: entered promiscuous mode [ 79.023465][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.053183][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.077162][ T5082] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 79.089019][ T5082] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.102531][ T5082] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 79.121297][ T5082] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.141224][ T5082] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 79.165031][ T5082] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.197609][ T5082] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 79.227414][ T5082] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.258282][ T5082] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 79.309759][ T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.325389][ T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.337424][ T2467] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.337770][ T5082] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 79.354241][ T2467] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.363828][ T5082] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.373779][ T5082] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 79.386917][ T5082] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.396802][ T5082] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 79.407462][ T5082] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.417317][ T5082] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 79.427865][ T5082] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.444790][ T5082] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 79.473555][ T5082] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.483311][ T5082] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.492869][ T5082] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.507499][ T5082] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.574172][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.582240][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.691705][ T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.712700][ T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.878720][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.904541][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.919427][ T5174] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 80.395032][ T5100] Bluetooth: hci0: command tx timeout [ 80.401353][ T5103] Bluetooth: hci3: command tx timeout [ 80.714505][ T5087] Bluetooth: hci2: command tx timeout [ 80.721607][ T5100] Bluetooth: hci1: command tx timeout [ 84.548799][ T5103] Bluetooth: hci4: command 0x0406 tx timeout [ 84.931642][ T25] cfg80211: failed to load regulatory.db [ 85.058280][ T2417] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.116659][ T2417] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.532539][ T5203] cgroup: noprefix used incorrectly [ 85.561824][ T5096] Bluetooth: hci2: ISO packet for unknown connection handle 0 [ 85.596606][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 85.825000][ T51] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 85.864496][ T5141] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 85.952187][ T5213] capability: warning: `syz.0.14' uses deprecated v2 capabilities in a way that may be insecure [ 85.973187][ T5213] program syz.0.14 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 86.024872][ T51] usb 4-1: Using ep0 maxpacket: 16 [ 86.039217][ T51] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 86.066493][ T5141] usb 5-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 86.068802][ T51] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 86.082812][ T5141] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 86.107784][ T51] usb 4-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 86.123020][ T51] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 86.124125][ T5141] usb 5-1: config 0 descriptor?? [ 86.136396][ T25] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 86.152353][ T51] usb 4-1: config 0 descriptor?? [ 86.188631][ T5096] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 86.188751][ T5096] CPU: 0 PID: 5096 Comm: kworker/u9:4 Not tainted 6.10.0-syzkaller-05505-gb1bc554e009e #0 [ 86.188774][ T5096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 86.188790][ T5096] Workqueue: hci0 hci_rx_work [ 86.188833][ T5096] Call Trace: [ 86.188843][ T5096] [ 86.188852][ T5096] dump_stack_lvl+0x241/0x360 [ 86.188889][ T5096] ? __pfx_dump_stack_lvl+0x10/0x10 [ 86.188919][ T5096] ? __pfx__printk+0x10/0x10 [ 86.188949][ T5096] ? sysfs_create_dir_ns+0x28a/0x3a0 [ 86.188980][ T5096] ? kmalloc_trace_noprof+0x19c/0x2c0 [ 86.189013][ T5096] sysfs_create_dir_ns+0x2ce/0x3a0 [ 86.189048][ T5096] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 86.189087][ T5096] kobject_add_internal+0x435/0x8d0 [ 86.189127][ T5096] kobject_add+0x152/0x220 [ 86.189155][ T5096] ? do_raw_spin_unlock+0x13c/0x8b0 [ 86.189177][ T5096] ? device_add+0x3e7/0xbf0 [ 86.189206][ T5096] ? __pfx_kobject_add+0x10/0x10 [ 86.189235][ T5096] ? _raw_spin_unlock+0x28/0x50 [ 86.189269][ T5096] ? get_device_parent+0x165/0x410 [ 86.189303][ T5096] device_add+0x4e5/0xbf0 [ 86.189341][ T5096] hci_conn_add_sysfs+0xe8/0x200 [ 86.189376][ T5096] le_conn_complete_evt+0xc9f/0x12e0 [ 86.189411][ T5096] ? trace_contention_end+0x3c/0x120 [ 86.189445][ T5096] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 86.189473][ T5096] ? __mutex_unlock_slowpath+0x21d/0x750 [ 86.189499][ T5096] ? __copy_skb_header+0x437/0x5b0 [ 86.189526][ T5096] ? skb_pull_data+0x112/0x230 [ 86.189558][ T5096] hci_le_enh_conn_complete_evt+0x185/0x420 [ 86.189593][ T5096] hci_event_packet+0xa55/0x1540 [ 86.189619][ T5096] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 86.189650][ T5096] ? __pfx_hci_event_packet+0x10/0x10 [ 86.189679][ T5096] ? hci_send_to_monitor+0xd8/0x7f0 [ 86.189713][ T5096] ? kcov_remote_start+0x9e/0x7e0 [ 86.189742][ T5096] hci_rx_work+0x3e8/0xca0 [ 86.189774][ T5096] ? process_scheduled_works+0x945/0x1830 [ 86.189796][ T5096] process_scheduled_works+0xa2c/0x1830 [ 86.189849][ T5096] ? __pfx_process_scheduled_works+0x10/0x10 [ 86.189883][ T5096] ? assign_work+0x364/0x3d0 [ 86.189912][ T5096] worker_thread+0x86d/0xd40 [ 86.189952][ T5096] ? __kthread_parkme+0x169/0x1d0 [ 86.189981][ T5096] ? __pfx_worker_thread+0x10/0x10 [ 86.190005][ T5096] kthread+0x2f0/0x390 [ 86.190032][ T5096] ? __pfx_worker_thread+0x10/0x10 [ 86.190055][ T5096] ? __pfx_kthread+0x10/0x10 [ 86.190083][ T5096] ret_from_fork+0x4b/0x80 [ 86.190110][ T5096] ? __pfx_kthread+0x10/0x10 [ 86.190138][ T5096] ret_from_fork_asm+0x1a/0x30 [ 86.190183][ T5096] [ 86.191767][ T5096] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 86.191804][ T5096] Bluetooth: hci0: failed to register connection device [ 86.335482][ T25] usb 3-1: config 1 interface 0 altsetting 129 bulk endpoint 0x82 has invalid maxpacket 1023 [ 86.382160][ T59] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 86.387621][ T25] usb 3-1: config 1 interface 0 altsetting 129 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 86.544559][ T25] usb 3-1: config 1 interface 0 has no altsetting 0 [ 86.547730][ T25] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 86.547758][ T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 86.547779][ T25] usb 3-1: Product: 㟂볲㤺ぱ旋绾妼᷃훝ꕥ䍌햺㤁硛셒旷ਧ校ꢮ䏱痑崨꟎葉궜퓅祙磻瀇➸ࡨ끮⠁둺≒骽齑총絞謵鍬 [ 86.547823][ T25] usb 3-1: Manufacturer: Ц [ 86.547839][ T25] usb 3-1: SerialNumber: syz [ 86.552816][ T5211] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 86.553065][ T5211] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 86.590085][ T5201] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 86.607278][ T59] usb 2-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 86.625147][ T5201] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 86.635906][ T59] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 86.685566][ T51] hid (null): bogus close delimiter [ 86.694898][ T51] hid-generic 0003:0158:0100.0001: unknown main item tag 0x0 [ 86.694960][ T51] hid-generic 0003:0158:0100.0001: unknown main item tag 0x0 [ 86.695014][ T51] hid-generic 0003:0158:0100.0001: bogus close delimiter [ 86.695030][ T51] hid-generic 0003:0158:0100.0001: item 0 0 2 10 parsing failed [ 86.696005][ T51] hid-generic 0003:0158:0100.0001: probe with driver hid-generic failed with error -22 [ 86.781800][ T25] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22 [ 86.792516][ T25] usb 3-1: USB disconnect, device number 2 [ 86.826507][ T59] usb 2-1: config 0 descriptor?? [ 86.920911][ T5172] usb 4-1: USB disconnect, device number 2 [ 87.560991][ T5229] warning: `syz.0.18' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 87.692286][ T5103] Bluetooth: hci2: command 0x0406 tx timeout [ 87.713804][ T5231] binder: 5230:5231 ioctl 4018620d 0 returned -22 [ 88.234777][ T5103] Bluetooth: hci0: command tx timeout [ 92.836022][ T59] pegasus 2-1:0.0: can't reset MAC [ 92.841650][ T59] pegasus 2-1:0.0: probe with driver pegasus failed with error -5 [ 92.850665][ T5141] pegasus 5-1:0.0: setup Pegasus II specific registers [ 93.014968][ T5138] usb 2-1: USB disconnect, device number 2 [ 93.031729][ T5141] pegasus 5-1:0.0: can't locate MII phy, using default [ 93.118033][ T5141] pegasus 5-1:0.0: eth1, ELECOM USB Ethernet LD-USB20, fa:b9:e8:14:44:0f [ 93.123252][ T5240] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 93.175883][ T5141] usb 5-1: USB disconnect, device number 2 [ 94.484743][ T0] NOHZ tick-stop error: local softirq work is pending, handler #342!!! [ 96.040022][ T5254] sched: RT throttling activated [ 98.198928][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.224361][ T5138] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 98.438141][ T0] NOHZ tick-stop error: local softirq work is pending, handler #41!!! [ 98.546935][ T5138] usb 5-1: config 1 interface 0 altsetting 129 bulk endpoint 0x82 has invalid maxpacket 1023 [ 98.563712][ T5138] usb 5-1: config 1 interface 0 altsetting 129 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 98.613203][ T5138] usb 5-1: config 1 interface 0 has no altsetting 0 [ 98.638195][ T5140] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 98.888132][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 99.092943][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 99.297832][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 99.394257][ T5140] usb 1-1: Using ep0 maxpacket: 32 [ 99.414904][ T5140] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 99.442052][ T5140] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 99.481464][ T5138] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 99.488379][ T5140] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 99.493639][ T5138] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 99.544051][ T5140] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 99.555633][ T5138] usb 5-1: Product: 㟂볲㤺ぱ旋绾妼᷃훝ꕥ䍌햺㤁硛셒旷ਧ校ꢮ䏱痑崨꟎葉궜퓅祙磻瀇➸ࡨ끮⠁둺≒骽齑총絞謵鍬 [ 99.572647][ T5138] usb 5-1: Manufacturer: Ц [ 99.589070][ T5282] binder: 5281:5282 ioctl 4018620d 0 returned -22 [ 99.604762][ T0] NOHZ tick-stop error: local softirq work is pending, handler #342!!! [ 99.610180][ T5138] usb 5-1: can't set config #1, error -71 [ 99.662089][ T5138] usb 5-1: USB disconnect, device number 3 [ 99.680719][ T5140] usb 1-1: config 0 descriptor?? [ 99.729452][ T5140] hub 1-1:0.0: USB hub found [ 99.835519][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 100.014461][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 100.365130][ T5140] hub 1-1:0.0: config failed, can't read hub descriptor (err -90) [ 100.571549][ T5140] usbhid 1-1:0.0: can't add hid device: -71 [ 100.577837][ T5140] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 100.660424][ T5140] usb 1-1: USB disconnect, device number 2 [ 100.724280][ T5141] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 100.970010][ T5290] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 101.666345][ T5141] usb 4-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 101.719896][ T5141] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 101.815330][ T5141] usb 4-1: config 0 descriptor?? [ 105.054959][ T5141] pegasus 4-1:0.0: probe with driver pegasus failed with error -32 [ 105.120140][ T5141] usb 4-1: USB disconnect, device number 3 [ 105.905910][ T5096] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 105.915429][ T5096] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 105.923647][ T5096] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 105.936188][ T5096] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 105.944834][ T5096] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 105.952180][ T5096] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 106.127099][ T2417] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.286253][ T2417] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.522268][ T5327] binder: 5326:5327 ioctl 4018620d 0 returned -22 [ 107.517695][ T2417] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.664449][ T5092] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 107.761200][ T2417] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.861012][ T5092] usb 4-1: config 1 interface 0 altsetting 129 bulk endpoint 0x82 has invalid maxpacket 1023 [ 107.880015][ T5318] chnl_net:caif_netlink_parms(): no params data found [ 107.893551][ T5342] FAULT_INJECTION: forcing a failure. [ 107.893551][ T5342] name failslab, interval 1, probability 0, space 0, times 1 [ 107.928540][ T5092] usb 4-1: config 1 interface 0 altsetting 129 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 107.929926][ T5342] CPU: 0 PID: 5342 Comm: syz.2.46 Not tainted 6.10.0-syzkaller-05505-gb1bc554e009e #0 [ 107.951151][ T5342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 107.961198][ T5342] Call Trace: [ 107.964468][ T5342] [ 107.967388][ T5342] dump_stack_lvl+0x241/0x360 [ 107.972085][ T5342] ? __pfx_dump_stack_lvl+0x10/0x10 [ 107.977282][ T5342] ? __pfx__printk+0x10/0x10 [ 107.981864][ T5342] ? __pfx___might_resched+0x10/0x10 [ 107.987147][ T5342] should_fail_ex+0x3b0/0x4e0 [ 107.991821][ T5342] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 107.997548][ T5342] should_failslab+0x9/0x20 [ 108.002062][ T5342] __kmalloc_noprof+0xd8/0x400 [ 108.006847][ T5342] ? kfree+0x4e/0x360 [ 108.010823][ T5342] tomoyo_realpath_from_path+0xcf/0x5e0 [ 108.016375][ T5342] tomoyo_path_number_perm+0x23a/0x880 [ 108.021842][ T5342] ? tomoyo_path_number_perm+0x208/0x880 [ 108.027492][ T5342] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 108.033494][ T5342] ? __fget_files+0x29/0x470 [ 108.038084][ T5342] ? __fget_files+0x3f6/0x470 [ 108.042761][ T5342] ? __fget_files+0x29/0x470 [ 108.047351][ T5342] security_file_ioctl+0x75/0xb0 [ 108.052278][ T5342] __se_sys_ioctl+0x47/0x170 [ 108.056879][ T5342] do_syscall_64+0xf3/0x230 [ 108.061381][ T5342] ? clear_bhb_loop+0x35/0x90 [ 108.066069][ T5342] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.071986][ T5342] RIP: 0033:0x7f77c4f75b59 [ 108.076403][ T5342] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 108.096007][ T5342] RSP: 002b:00007f77c5d1f048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 108.104426][ T5342] RAX: ffffffffffffffda RBX: 00007f77c5103f60 RCX: 00007f77c4f75b59 [ 108.112403][ T5342] RDX: 0000000020000140 RSI: 000000008208ae63 RDI: 0000000000000004 [ 108.120365][ T5342] RBP: 00007f77c5d1f0a0 R08: 0000000000000000 R09: 0000000000000000 [ 108.128327][ T5342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 108.136290][ T5342] R13: 000000000000000b R14: 00007f77c5103f60 R15: 00007ffdd1225918 [ 108.144268][ T5342] [ 108.151369][ T5092] usb 4-1: config 1 interface 0 has no altsetting 0 [ 108.155056][ T5103] Bluetooth: hci4: command tx timeout [ 108.158981][ T5342] ERROR: Out of memory at tomoyo_realpath_from_path. [ 108.227900][ T5092] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 108.287717][ T5092] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 108.301057][ T5092] usb 4-1: Product: 㟂볲㤺ぱ旋绾妼᷃훝ꕥ䍌햺㤁硛셒旷ਧ校ꢮ䏱痑崨꟎葉궜퓅祙磻瀇➸ࡨ끮⠁둺≒骽齑총絞謵鍬 [ 108.374824][ T5092] usb 4-1: Manufacturer: Ц [ 108.379489][ T5092] usb 4-1: SerialNumber: syz [ 108.434099][ T5332] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 108.443259][ T5332] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 108.662465][ T5092] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22 [ 108.671437][ T2417] bridge_slave_1: left allmulticast mode [ 108.677858][ T2417] bridge_slave_1: left promiscuous mode [ 108.697316][ T2417] bridge0: port 2(bridge_slave_1) entered disabled state [ 108.742042][ T2417] bridge_slave_0: left allmulticast mode [ 108.763795][ T2417] bridge_slave_0: left promiscuous mode [ 108.788055][ T5092] usb 4-1: USB disconnect, device number 4 [ 108.798496][ T2417] bridge0: port 1(bridge_slave_0) entered disabled state [ 108.974526][ T1837] usb 3-1: new full-speed USB device number 3 using dummy_hcd [ 109.177410][ T1837] usb 3-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 109.199266][ T1837] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 109.296575][ T1837] usb 3-1: config 0 descriptor?? [ 112.747726][ T1837] pegasus 3-1:0.0: probe with driver pegasus failed with error -110 [ 112.748066][ T5103] Bluetooth: hci4: command tx timeout [ 112.858806][ T59] usb 3-1: USB disconnect, device number 3 [ 113.083304][ T2417] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 113.111222][ T2417] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 113.138034][ T2417] bond0 (unregistering): Released all slaves [ 113.152812][ T5318] bridge0: port 1(bridge_slave_0) entered blocking state [ 113.161021][ T5318] bridge0: port 1(bridge_slave_0) entered disabled state [ 113.168747][ T5318] bridge_slave_0: entered allmulticast mode [ 113.179197][ T5318] bridge_slave_0: entered promiscuous mode [ 113.201760][ T5318] bridge0: port 2(bridge_slave_1) entered blocking state [ 113.212192][ T5318] bridge0: port 2(bridge_slave_1) entered disabled state [ 113.221969][ T5318] bridge_slave_1: entered allmulticast mode [ 113.245065][ T5318] bridge_slave_1: entered promiscuous mode [ 113.562695][ T5318] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 113.638510][ T5318] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 113.849711][ T5318] team0: Port device team_slave_0 added [ 113.889703][ T5318] team0: Port device team_slave_1 added [ 113.935502][ T2417] hsr_slave_0: left promiscuous mode [ 113.995633][ T5390] binder: 5388:5390 ioctl 4018620d 0 returned -22 [ 114.008960][ T2417] hsr_slave_1: left promiscuous mode [ 114.072656][ T2417] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 114.651722][ T2417] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 114.814813][ T5096] Bluetooth: hci4: command tx timeout [ 114.835154][ T2417] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 114.842537][ T2417] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 115.046496][ T5401] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 115.054227][ T5401] vhci_hcd: invalid port number 9 [ 115.059368][ T5401] vhci_hcd: invalid port number 9 [ 115.752365][ T2417] veth1_macvtap: left promiscuous mode [ 115.768613][ T2417] veth0_macvtap: left promiscuous mode [ 115.790869][ T2417] veth1_vlan: left promiscuous mode [ 115.821289][ T2417] veth0_vlan: left promiscuous mode [ 115.947813][ T5414] FAULT_INJECTION: forcing a failure. [ 115.947813][ T5414] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 115.971360][ T5414] CPU: 1 PID: 5414 Comm: syz.3.58 Not tainted 6.10.0-syzkaller-05505-gb1bc554e009e #0 [ 115.980948][ T5414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 115.991002][ T5414] Call Trace: [ 115.994277][ T5414] [ 115.997198][ T5414] dump_stack_lvl+0x241/0x360 [ 116.001883][ T5414] ? __pfx_dump_stack_lvl+0x10/0x10 [ 116.007082][ T5414] ? __pfx__printk+0x10/0x10 [ 116.011664][ T5414] ? __pfx_lock_release+0x10/0x10 [ 116.016685][ T5414] should_fail_ex+0x3b0/0x4e0 [ 116.021368][ T5414] _copy_from_user+0x2f/0xe0 [ 116.025963][ T5414] copy_msghdr_from_user+0xae/0x680 [ 116.031194][ T5414] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 116.037039][ T5414] __sys_sendmsg+0x23d/0x3a0 [ 116.041651][ T5414] ? __pfx___sys_sendmsg+0x10/0x10 [ 116.046793][ T5414] ? vfs_write+0x7c4/0xc90 [ 116.051268][ T5414] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 116.057598][ T5414] ? do_syscall_64+0x100/0x230 [ 116.062358][ T5414] ? do_syscall_64+0xb6/0x230 [ 116.067028][ T5414] do_syscall_64+0xf3/0x230 [ 116.071525][ T5414] ? clear_bhb_loop+0x35/0x90 [ 116.076215][ T5414] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.082109][ T5414] RIP: 0033:0x7fe4d5175b59 [ 116.086513][ T5414] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 116.106127][ T5414] RSP: 002b:00007fe4d5fe5048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 116.114561][ T5414] RAX: ffffffffffffffda RBX: 00007fe4d5304038 RCX: 00007fe4d5175b59 [ 116.122526][ T5414] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003 [ 116.130492][ T5414] RBP: 00007fe4d5fe50a0 R08: 0000000000000000 R09: 0000000000000000 [ 116.138457][ T5414] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 116.146422][ T5414] R13: 000000000000006e R14: 00007fe4d5304038 R15: 00007ffc51c33378 [ 116.154485][ T5414] [ 116.885175][ T5096] Bluetooth: hci4: command tx timeout [ 117.075487][ T2417] team0 (unregistering): Port device team_slave_1 removed [ 119.973514][ T5140] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 120.009588][ T2417] team0 (unregistering): Port device team_slave_0 removed [ 120.567241][ T5318] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 120.600419][ T5318] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 120.637208][ T5318] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 120.653838][ T5318] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 120.663165][ T5318] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 120.692907][ T5318] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 120.896315][ T5318] hsr_slave_0: entered promiscuous mode [ 120.921105][ T5318] hsr_slave_1: entered promiscuous mode [ 120.933678][ T5318] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 120.949396][ T5318] Cannot create hsr debugfs directory [ 121.590559][ T5454] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 121.598431][ T5454] vhci_hcd: invalid port number 9 [ 121.603532][ T5454] vhci_hcd: invalid port number 9 [ 122.564707][ T5452] netlink: 44 bytes leftover after parsing attributes in process `syz.0.67'. [ 123.277349][ T5318] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 123.321601][ T5318] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 123.427024][ T5318] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 123.488751][ T5318] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 123.653412][ T5486] binder: 5485:5486 ioctl 4018620d 0 returned -22 [ 124.582100][ T5092] usb 4-1: new full-speed USB device number 5 using dummy_hcd [ 124.826460][ T5318] 8021q: adding VLAN 0 to HW filter on device bond0 [ 124.867099][ T5092] usb 4-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 124.885951][ T5092] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 124.887740][ T5318] 8021q: adding VLAN 0 to HW filter on device team0 [ 125.051005][ T5092] usb 4-1: config 0 descriptor?? [ 125.070223][ T5501] FAULT_INJECTION: forcing a failure. [ 125.070223][ T5501] name failslab, interval 1, probability 0, space 0, times 0 [ 125.091205][ T5501] CPU: 1 PID: 5501 Comm: syz.2.77 Not tainted 6.10.0-syzkaller-05505-gb1bc554e009e #0 [ 125.100782][ T5501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 125.110841][ T5501] Call Trace: [ 125.114108][ T5501] [ 125.117053][ T5501] dump_stack_lvl+0x241/0x360 [ 125.121728][ T5501] ? __pfx_dump_stack_lvl+0x10/0x10 [ 125.126920][ T5501] ? __pfx__printk+0x10/0x10 [ 125.131502][ T5501] ? __pfx___might_resched+0x10/0x10 [ 125.136786][ T5501] should_fail_ex+0x3b0/0x4e0 [ 125.141471][ T5501] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 125.147192][ T5501] should_failslab+0x9/0x20 [ 125.151718][ T5501] __kmalloc_noprof+0xd8/0x400 [ 125.156482][ T5501] ? kfree+0x4e/0x360 [ 125.160469][ T5501] tomoyo_realpath_from_path+0xcf/0x5e0 [ 125.166027][ T5501] tomoyo_path_number_perm+0x23a/0x880 [ 125.171490][ T5501] ? tomoyo_path_number_perm+0x208/0x880 [ 125.177131][ T5501] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 125.183150][ T5501] ? __fget_files+0x29/0x470 [ 125.187731][ T5501] ? __fget_files+0x3f6/0x470 [ 125.192398][ T5501] ? __fget_files+0x29/0x470 [ 125.196987][ T5501] security_file_ioctl+0x75/0xb0 [ 125.201920][ T5501] __se_sys_ioctl+0x47/0x170 [ 125.206506][ T5501] do_syscall_64+0xf3/0x230 [ 125.211009][ T5501] ? clear_bhb_loop+0x35/0x90 [ 125.215677][ T5501] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.221566][ T5501] RIP: 0033:0x7f77c4f75b59 [ 125.225971][ T5501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 125.245569][ T5501] RSP: 002b:00007f77c5d1f048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 125.253999][ T5501] RAX: ffffffffffffffda RBX: 00007f77c5103f60 RCX: 00007f77c4f75b59 [ 125.261961][ T5501] RDX: 0000000020000180 RSI: 0000000040047438 RDI: 0000000000000005 [ 125.269920][ T5501] RBP: 00007f77c5d1f0a0 R08: 0000000000000000 R09: 0000000000000000 [ 125.277876][ T5501] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 125.285835][ T5501] R13: 000000000000000b R14: 00007f77c5103f60 R15: 00007ffdd1225918 [ 125.293805][ T5501] [ 125.310711][ T5501] ERROR: Out of memory at tomoyo_realpath_from_path. [ 125.318670][ T5140] bridge0: port 1(bridge_slave_0) entered blocking state [ 125.325847][ T5140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 125.393714][ T5172] bridge0: port 2(bridge_slave_1) entered blocking state [ 125.400934][ T5172] bridge0: port 2(bridge_slave_1) entered forwarding state [ 126.141667][ T5318] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 126.299763][ T5318] veth0_vlan: entered promiscuous mode [ 126.335073][ T51] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 126.353193][ T5318] veth1_vlan: entered promiscuous mode [ 126.451288][ T5318] veth0_macvtap: entered promiscuous mode [ 126.492732][ T5318] veth1_macvtap: entered promiscuous mode [ 126.541505][ T5318] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 126.570384][ T51] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 126.605222][ T5318] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 126.615342][ T51] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 126.654383][ T5318] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 126.675246][ T51] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 126.685629][ T51] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 126.693693][ T5318] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 126.720128][ T5092] pegasus 4-1:0.0: can't reset MAC [ 126.743013][ T5092] pegasus 4-1:0.0: probe with driver pegasus failed with error -5 [ 126.756353][ T51] usb 5-1: config 0 descriptor?? [ 126.766212][ T5318] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 126.800341][ T5092] usb 4-1: USB disconnect, device number 5 [ 126.812829][ T5318] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 126.866470][ T5318] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 126.904254][ T5318] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 126.948929][ T5318] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 127.019749][ T5318] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 127.062942][ T5318] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 127.084476][ T5318] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 127.104445][ T5318] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 127.139806][ T5318] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 127.200573][ T5318] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 127.207180][ T51] cm6533_jd 0003:0D8C:0022.0002: unknown main item tag 0x0 [ 127.218991][ T5318] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 127.232181][ T5318] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 127.236946][ T51] cm6533_jd 0003:0D8C:0022.0002: unknown main item tag 0x0 [ 127.261364][ T5318] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 127.264537][ T51] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0D8C:0022.0002/input/input5 [ 127.311720][ T5318] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 127.364302][ T5318] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 127.379225][ T51] cm6533_jd 0003:0D8C:0022.0002: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.4-1/input0 [ 127.411913][ T5518] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 127.423822][ T5318] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 127.441940][ T5518] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 127.458456][ T5318] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 127.533646][ T51] usb 5-1: USB disconnect, device number 5 [ 127.979186][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.013696][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 128.036933][ T5562] binder: 5561:5562 ioctl 4018620d 0 returned -22 [ 128.103768][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.275627][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 130.541469][ T5568] delete_channel: no stack [ 130.704414][ T51] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 130.714315][ T5138] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 130.904322][ T5138] usb 5-1: Using ep0 maxpacket: 16 [ 130.910924][ T51] usb 2-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 130.930386][ T51] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.945873][ T5138] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 131.015617][ T51] usb 2-1: config 0 descriptor?? [ 131.028209][ T5138] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 131.068186][ T5138] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 131.117409][ T5138] usb 5-1: config 0 descriptor?? [ 131.155999][ T5600] cgroup: noprefix used incorrectly [ 131.241619][ T5096] Bluetooth: hci3: ISO packet for unknown connection handle 0 [ 131.444178][ C1] hrtimer: interrupt took 46718 ns [ 131.516157][ T5096] Bluetooth: hci2: command 0x0406 tx timeout [ 131.642816][ T5610] cgroup: noprefix used incorrectly [ 131.894933][ T5579] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 131.952701][ T5579] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 131.966220][ T5096] Bluetooth: hci3: ISO packet for unknown connection handle 0 [ 131.985531][ T5096] Bluetooth: hci3: unexpected event for opcode 0x2016 [ 132.137523][ T5138] hid (null): report_id 0 is invalid [ 132.200566][ T5138] hid-generic 0003:0158:0100.0003: unknown main item tag 0x1 [ 132.302461][ T5138] hid-generic 0003:0158:0100.0003: unexpected long global item [ 132.399279][ T5138] hid-generic 0003:0158:0100.0003: probe with driver hid-generic failed with error -22 [ 132.535453][ T5140] usb 5-1: USB disconnect, device number 6 [ 132.886605][ T1244] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.893215][ T5632] binder: 5630:5632 ioctl 4018620d 0 returned -22 [ 132.893787][ T1244] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.981597][ T51] pegasus 2-1:0.0: setup Pegasus II specific registers [ 133.184033][ T51] pegasus 2-1:0.0: can't locate MII phy, using default [ 133.985472][ T5138] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 134.003566][ T51] pegasus 2-1:0.0: eth1, ELECOM USB Ethernet LD-USB20, a6:cc:f5:92:f1:f9 [ 134.085860][ T51] usb 2-1: USB disconnect, device number 3 [ 134.247587][ T5138] usb 1-1: config 1 interface 0 altsetting 129 bulk endpoint 0x82 has invalid maxpacket 1023 [ 134.299209][ T5138] usb 1-1: config 1 interface 0 altsetting 129 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 134.341578][ T5138] usb 1-1: config 1 interface 0 has no altsetting 0 [ 134.363465][ T5138] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 134.405245][ T5138] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 134.437379][ T5138] usb 1-1: Product: 㟂볲㤺ぱ旋绾妼᷃훝ꕥ䍌햺㤁硛셒旷ਧ校ꢮ䏱痑崨꟎葉궜퓅祙磻瀇➸ࡨ끮⠁둺≒骽齑총絞謵鍬 [ 134.495859][ T5138] usb 1-1: Manufacturer: Ц [ 134.514305][ T5138] usb 1-1: SerialNumber: syz [ 134.554113][ T5631] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 134.584025][ T5631] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 134.651741][ T5656] cgroup: noprefix used incorrectly [ 134.685386][ T5096] Bluetooth: hci1: ISO packet for unknown connection handle 0 [ 134.884854][ T5138] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22 [ 135.114036][ T5138] usb 1-1: USB disconnect, device number 3 [ 135.798131][ T5660] delete_channel: no stack [ 135.914657][ T5100] Bluetooth: hci3: command 0x0406 tx timeout [ 136.014531][ T5681] cgroup: noprefix used incorrectly [ 136.068042][ T5682] cgroup: noprefix used incorrectly [ 136.115371][ T5103] Bluetooth: hci3: ISO packet for unknown connection handle 0 [ 136.166777][ T5103] Bluetooth: hci3: unexpected event for opcode 0x2016 [ 136.259911][ T5103] Bluetooth: hci0: ISO packet for unknown connection handle 0 [ 136.885451][ T5103] Bluetooth: hci1: command 0x0406 tx timeout [ 139.652305][ T5096] Bluetooth: hci0: command 0x0406 tx timeout [ 139.659789][ T5103] Bluetooth: hci1: command 0x0406 tx timeout [ 141.020219][ T51] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 141.406884][ T51] usb 4-1: config 1 interface 0 altsetting 129 bulk endpoint 0x82 has invalid maxpacket 1023 [ 141.451874][ T51] usb 4-1: config 1 interface 0 altsetting 129 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 141.548153][ T51] usb 4-1: config 1 interface 0 has no altsetting 0 [ 141.567533][ T51] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 141.583435][ T51] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 141.642925][ T51] usb 4-1: Product: 㟂볲㤺ぱ旋绾妼᷃훝ꕥ䍌햺㤁硛셒旷ਧ校ꢮ䏱痑崨꟎葉궜퓅祙磻瀇➸ࡨ끮⠁둺≒骽齑총絞謵鍬 [ 141.764267][ T51] usb 4-1: Manufacturer: Ц [ 141.784106][ T51] usb 4-1: SerialNumber: syz [ 141.802275][ T5715] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 141.823108][ T5715] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 141.914347][ T5103] Bluetooth: hci0: command 0x0406 tx timeout [ 142.270051][ T51] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22 [ 142.479863][ T51] usb 4-1: USB disconnect, device number 6 [ 145.529921][ T5753] cgroup: noprefix used incorrectly [ 145.613685][ T5755] cgroup: noprefix used incorrectly [ 145.828615][ T5100] Bluetooth: hci3: ISO packet for unknown connection handle 0 [ 145.869653][ T5736] delete_channel: no stack [ 145.917537][ T5100] Bluetooth: hci0: ISO packet for unknown connection handle 0 [ 145.968693][ T5100] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 145.976754][ T5100] Bluetooth: hci0: unexpected event for opcode 0x2016 [ 147.081350][ T5769] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 147.088797][ T5769] vhci_hcd: invalid port number 9 [ 147.093946][ T5769] vhci_hcd: invalid port number 9 [ 148.054491][ T5100] Bluetooth: hci3: command 0x0406 tx timeout [ 149.224888][ T5797] cgroup: noprefix used incorrectly [ 149.284468][ T8] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 149.292097][ T5141] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 149.319717][ T5103] Bluetooth: hci2: ISO packet for unknown connection handle 0 [ 149.343231][ T5103] Bluetooth: hci2: unexpected event for opcode 0x2016 [ 149.488447][ T5141] usb 2-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 149.505417][ T8] usb 5-1: config 1 interface 0 altsetting 129 bulk endpoint 0x82 has invalid maxpacket 1023 [ 149.520182][ T5141] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 149.538497][ T8] usb 5-1: config 1 interface 0 altsetting 129 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 149.557740][ T5141] usb 2-1: config 0 descriptor?? [ 149.563670][ T8] usb 5-1: config 1 interface 0 has no altsetting 0 [ 149.580835][ T8] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 149.604451][ T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 149.613279][ T8] usb 5-1: Product: 㟂볲㤺ぱ旋绾妼᷃훝ꕥ䍌햺㤁硛셒旷ਧ校ꢮ䏱痑崨꟎葉궜퓅祙磻瀇➸ࡨ끮⠁둺≒骽齑총絞謵鍬 [ 149.630190][ T8] usb 5-1: Manufacturer: Ц [ 149.635071][ T8] usb 5-1: SerialNumber: syz [ 149.648658][ T5787] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 149.657579][ T5787] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 149.930850][ T8] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -22 [ 149.993360][ T8] usb 5-1: USB disconnect, device number 7 [ 150.018587][ T5803] cgroup: noprefix used incorrectly [ 150.204336][ T5103] Bluetooth: hci3: ISO packet for unknown connection handle 0 [ 150.562228][ T5808] binder: 5805:5808 ioctl 4018620d 0 returned -22 [ 152.034263][ T5141] pegasus 2-1:0.0: probe with driver pegasus failed with error -110 [ 152.162985][ T51] usb 2-1: USB disconnect, device number 4 [ 152.316553][ T5103] Bluetooth: hci3: command 0x0406 tx timeout [ 152.657702][ T5835] input: syz0 as /devices/virtual/input/input6 [ 152.964865][ T5842] serio: Serial port pts0 [ 153.382614][ T5862] syz.4.168 uses obsolete (PF_INET,SOCK_PACKET) [ 153.408663][ T5861] netlink: 4 bytes leftover after parsing attributes in process `syz.0.167'. [ 154.234879][ T5100] Bluetooth: hci1: command 0x0406 tx timeout [ 154.262174][ T5885] Illegal XDP return value 4294967262 on prog (id 14) dev N/A, expect packet loss! [ 154.502689][ T5891] netlink: 64 bytes leftover after parsing attributes in process `syz.3.178'. [ 155.454760][ T5906] syzkaller1: entered promiscuous mode [ 155.460255][ T5906] syzkaller1: entered allmulticast mode [ 155.975748][ C0] Oops: general protection fault, probably for non-canonical address 0xe3fffb2400281fc8: 0000 [#1] PREEMPT SMP KASAN PTI [ 155.988344][ C0] KASAN: maybe wild-memory-access in range [0x1ffff9200140fe40-0x1ffff9200140fe47] [ 155.997601][ C0] CPU: 0 PID: 5932 Comm: syz.0.195 Not tainted 6.10.0-syzkaller-05505-gb1bc554e009e #0 [ 156.007207][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 156.017244][ C0] RIP: 0010:__cpu_map_flush+0x42/0xd0 [ 156.022602][ C0] Code: e8 e3 d9 d6 ff 4c 89 f0 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 f7 e8 8d c7 39 00 49 8b 1e 4c 39 f3 74 77 48 89 d8 48 c1 e8 03 <42> 80 3c 38 00 74 08 48 89 df e8 6f c7 39 00 4c 8b 23 48 8d 7b c0 [ 156.042210][ C0] RSP: 0018:ffffc90000007bb0 EFLAGS: 00010203 [ 156.048285][ C0] RAX: 03ffff2400281fc8 RBX: 1ffff9200140fe44 RCX: ffff888021bcbc00 [ 156.056252][ C0] RDX: 0000000080000101 RSI: 0000000000000000 RDI: ffffc9000a07f1a0 [ 156.064213][ C0] RBP: dffffc0000000000 R08: ffffffff895d4e8a R09: 1ffffffff1f5a8c5 [ 156.072169][ C0] R10: dffffc0000000000 R11: fffffbfff1f5a8c6 R12: ffffc9000a07f1a0 [ 156.080135][ C0] R13: ffffc9000a07f160 R14: ffffc9000a07f1a0 R15: dffffc0000000000 [ 156.088098][ C0] FS: 00007f95bc5706c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 156.097012][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 156.103580][ C0] CR2: 000055ba3e640008 CR3: 00000000286b2000 CR4: 00000000003506f0 [ 156.111539][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 156.119493][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 156.127448][ C0] Call Trace: [ 156.130712][ C0] [ 156.133537][ C0] ? __die_body+0x88/0xe0 [ 156.137857][ C0] ? die_addr+0x108/0x140 [ 156.142176][ C0] ? exc_general_protection+0x3dd/0x5d0 [ 156.147710][ C0] ? _raw_spin_unlock_irq+0x2e/0x50 [ 156.152895][ C0] ? asm_exc_general_protection+0x26/0x30 [ 156.158603][ C0] ? xdp_do_check_flushed+0x10a/0x240 [ 156.163960][ C0] ? __cpu_map_flush+0x42/0xd0 [ 156.168704][ C0] xdp_do_check_flushed+0x136/0x240 [ 156.173889][ C0] __napi_poll+0xe4/0x490 [ 156.178205][ C0] net_rx_action+0x89b/0x1240 [ 156.182879][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 156.187979][ C0] ? sched_clock+0x4a/0x70 [ 156.192388][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 156.198704][ C0] handle_softirqs+0x2c4/0x970 [ 156.203453][ C0] ? do_softirq+0x11b/0x1e0 [ 156.207942][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 156.213212][ C0] do_softirq+0x11b/0x1e0 [ 156.217525][ C0] [ 156.220440][ C0] [ 156.223360][ C0] ? __pfx_do_softirq+0x10/0x10 [ 156.228198][ C0] ? __pfx_lockdep_softirqs_on+0x10/0x10 [ 156.233831][ C0] ? rcu_is_watching+0x15/0xb0 [ 156.238596][ C0] __local_bh_enable_ip+0x1bb/0x200 [ 156.243784][ C0] ? __pfx_netif_receive_skb+0x10/0x10 [ 156.249230][ C0] ? tun_rx_batched+0x160/0x8f0 [ 156.254068][ C0] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 156.259774][ C0] ? tun_rx_batched+0x160/0x8f0 [ 156.264613][ C0] tun_rx_batched+0x732/0x8f0 [ 156.269280][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 156.275598][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 156.280632][ C0] ? __pfx_tun_rx_batched+0x10/0x10 [ 156.285834][ C0] tun_get_user+0x2f84/0x4720 [ 156.290506][ C0] ? tun_get_user+0x2a78/0x4720 [ 156.295351][ C0] ? __lock_acquire+0x1346/0x1fd0 [ 156.300360][ C0] ? __pfx_tun_get_user+0x10/0x10 [ 156.305379][ C0] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 156.310823][ C0] ? tun_get+0x1e/0x2f0 [ 156.314966][ C0] ? __pfx_lock_release+0x10/0x10 [ 156.319979][ C0] ? tun_get+0x1e/0x2f0 [ 156.324118][ C0] ? tun_get+0x27d/0x2f0 [ 156.328348][ C0] tun_chr_write_iter+0x113/0x1f0 [ 156.333358][ C0] vfs_write+0xa72/0xc90 [ 156.337589][ C0] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 156.343122][ C0] ? __pfx_vfs_write+0x10/0x10 [ 156.347867][ C0] ? do_futex+0x392/0x560 [ 156.352188][ C0] ksys_write+0x1a0/0x2c0 [ 156.356507][ C0] ? __pfx_ksys_write+0x10/0x10 [ 156.361345][ C0] ? do_syscall_64+0x100/0x230 [ 156.366099][ C0] ? do_syscall_64+0xb6/0x230 [ 156.370766][ C0] do_syscall_64+0xf3/0x230 [ 156.375257][ C0] ? clear_bhb_loop+0x35/0x90 [ 156.379915][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 156.385798][ C0] RIP: 0033:0x7f95bb7746df [ 156.390201][ C0] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 8c 02 00 48 [ 156.409785][ C0] RSP: 002b:00007f95bc570010 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 156.418181][ C0] RAX: ffffffffffffffda RBX: 00007f95bb903f60 RCX: 00007f95bb7746df [ 156.426136][ C0] RDX: 0000000000000036 RSI: 0000000020000240 RDI: 00000000000000c8 [ 156.434092][ C0] RBP: 00007f95bb7e4e5d R08: 0000000000000000 R09: 0000000000000000 [ 156.442044][ C0] R10: 0000000000000036 R11: 0000000000000293 R12: 0000000000000000 [ 156.449998][ C0] R13: 000000000000000b R14: 00007f95bb903f60 R15: 00007ffd9350fc38 [ 156.457961][ C0] [ 156.460960][ C0] Modules linked in: [ 156.464949][ C0] ---[ end trace 0000000000000000 ]--- [ 156.470398][ C0] RIP: 0010:__cpu_map_flush+0x42/0xd0 [ 156.475776][ C0] Code: e8 e3 d9 d6 ff 4c 89 f0 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 f7 e8 8d c7 39 00 49 8b 1e 4c 39 f3 74 77 48 89 d8 48 c1 e8 03 <42> 80 3c 38 00 74 08 48 89 df e8 6f c7 39 00 4c 8b 23 48 8d 7b c0 [ 156.495388][ C0] RSP: 0018:ffffc90000007bb0 EFLAGS: 00010203 [ 156.501438][ C0] RAX: 03ffff2400281fc8 RBX: 1ffff9200140fe44 RCX: ffff888021bcbc00 [ 156.509427][ C0] RDX: 0000000080000101 RSI: 0000000000000000 RDI: ffffc9000a07f1a0 [ 156.517402][ C0] RBP: dffffc0000000000 R08: ffffffff895d4e8a R09: 1ffffffff1f5a8c5 [ 156.525367][ C0] R10: dffffc0000000000 R11: fffffbfff1f5a8c6 R12: ffffc9000a07f1a0 [ 156.533331][ C0] R13: ffffc9000a07f160 R14: ffffc9000a07f1a0 R15: dffffc0000000000 [ 156.541315][ C0] FS: 00007f95bc5706c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 156.550254][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 156.556853][ C0] CR2: 000055ba3e640008 CR3: 00000000286b2000 CR4: 00000000003506f0 [ 156.564839][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 156.572810][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 156.580795][ C0] Kernel panic - not syncing: Fatal exception in interrupt [ 156.588331][ C0] Kernel Offset: disabled [ 156.592647][ C0] Rebooting in 86400 seconds..