last executing test programs: 45.549744731s ago: executing program 1 (id=51): ioctl$KVM_GET_NESTED_STATE(0xffffffffffffffff, 0xc080aebe, &(0x7f0000000000)={{0x0, 0x0, 0x80}}) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000002080)={0x1b, 0x0, 0x0, 0x1, 0x0, 0x1, 0x2ed69828, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x4}, 0x48) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000002180)={0xffffffffffffffff, 0x58, &(0x7f0000002100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000021c0)=@base={0x10, 0x5e, 0x6, 0x9, 0x100, r0, 0xff, '\x00', r1, 0xffffffffffffffff, 0x1, 0x2, 0x1}, 0x48) r3 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_buf(r3, 0x6, 0x1c, &(0x7f0000002240)=""/135, &(0x7f0000002300)=0x87) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000001, 0x4000010, r0, 0x64628000) r4 = open(&(0x7f0000002340)='./file0\x00', 0x80000, 0x5e) ioctl$SNAPSHOT_ATOMIC_RESTORE(r4, 0x3304) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000023c0), r4) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000002400)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_PMK(r4, &(0x7f0000002540)={&(0x7f0000002380), 0xc, &(0x7f0000002500)={&(0x7f0000002440)={0x8c, r5, 0x100, 0x70bd25, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_PMK={0x14, 0xfe, "02b5e124bdc13f7d0dde78b3147c15f5"}, @NL80211_ATTR_PMKR0_NAME={0x14, 0x102, "54fed2fc75d9134b0be7eb2e68b94fce"}, @NL80211_ATTR_PMKR0_NAME={0x14, 0x102, "de851d6406ecd99d5e621c0c0cb8b3d7"}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_PMK={0x14, 0xfe, "92b605f6b53744b67500ca51b69f5d20"}, @NL80211_ATTR_PMKR0_NAME={0x14, 0x102, "ac18892d8b854ee654333517e1c9845e"}]}, 0x8c}, 0x1, 0x0, 0x0, 0x810}, 0x881) write$binfmt_misc(r3, &(0x7f0000002580)={'syz1', "45de957e44e1d0dba757c76e612b325b835acc7cc76853e709989aadada702e4fab173004f5e620aa85fc3bad0112dedb572b4fb4ac71bbc3681c142693cebf442f98720c01b4780c4858710060380a0b671c8792cd0f321922f7669a25ab1aee80258ebd19806e99b4109de64cb3e2de57f1f819fc52993f1c7c41b05e3a199db20ec132e1f41512a533c34c4652955935a5c56ed959821e062c386158827037eb74145aa1c8c4b621a4101ccd8d8953c024b69c69b671a0432fd5bca273c67bc63517c393783c33da3fb510595bc3f1d2a1597b95116"}, 0xdb) readv(r2, &(0x7f0000002b80)=[{&(0x7f0000002680)=""/210, 0xd2}, {&(0x7f0000002780)=""/83, 0x53}, {&(0x7f0000002800)=""/5, 0x5}, {&(0x7f0000002840)=""/2, 0x2}, {&(0x7f0000002880)=""/224, 0xe0}, {&(0x7f0000002980)=""/142, 0x8e}, {&(0x7f0000002a40)=""/242, 0xf2}, {&(0x7f0000002b40)=""/7, 0x7}], 0x8) ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000002c00)) setsockopt$inet_MCAST_MSFILTER(r3, 0x0, 0x30, &(0x7f0000002c40)={0x4, {{0x2, 0x4e20, @local}}, 0x1, 0x4, [{{0x2, 0x4e23, @remote}}, {{0x2, 0x4e20, @private=0xa010100}}, {{0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}}, {{0x2, 0x4e24, @local}}]}, 0x290) sendmsg$L2TP_CMD_TUNNEL_DELETE(r4, &(0x7f0000003040)={&(0x7f0000002f00)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000003000)={&(0x7f0000002f80)={0x60, 0x0, 0x12, 0x70bd25, 0x25dfdbfd, {}, [@L2TP_ATTR_MRU={0x6, 0x1d, 0x1ff}, @L2TP_ATTR_VLAN_ID={0x6, 0xe, 0x6}, @L2TP_ATTR_L2SPEC_TYPE={0x5}, @L2TP_ATTR_PEER_COOKIE={0xc, 0x10, 0x3}, @L2TP_ATTR_PEER_COOKIE={0xc, 0x10, 0xd}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'batadv0\x00'}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0xf3}]}, 0x60}, 0x1, 0x0, 0x0, 0x40011}, 0x0) syz_usb_connect$cdc_ecm(0x3, 0x8b, &(0x7f0000003080)={{0x12, 0x1, 0xcebf7a7f12fb1e8f, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x79, 0x1, 0x1, 0x3, 0x40, 0xd7, [{{0x9, 0x4, 0x0, 0x81, 0x2, 0x2, 0x6, 0x0, 0x4, {{0xa, 0x24, 0x6, 0x0, 0x0, "8067d226dc"}, {0x5, 0x24, 0x0, 0x8}, {0xd, 0x24, 0xf, 0x1, 0x4, 0x6bb7, 0xfbc9, 0x1}, [@mdlm={0x15, 0x24, 0x12, 0xfc00}, @obex={0x5, 0x24, 0x15, 0x25}, @mbim_extended={0x8, 0x24, 0x1c, 0x6, 0x82, 0x7}, @country_functional={0xe, 0x24, 0x7, 0x4, 0x8, [0x4, 0x2, 0xc, 0x61]}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x8, 0x6, 0x25, 0x10}}], {{0x9, 0x5, 0x82, 0x2, 0x3ff, 0x80, 0x7, 0x9}}, {{0x9, 0x5, 0x3, 0x2, 0x8, 0x4, 0x8, 0x3}}}}}]}}]}}, &(0x7f0000003340)={0xa, &(0x7f0000003140)={0xa, 0x6, 0x300, 0x5, 0x91, 0xe, 0x10, 0x8}, 0x43, &(0x7f0000003180)={0x5, 0xf, 0x43, 0x4, [@ssp_cap={0x1c, 0x10, 0xa, 0x8, 0x4, 0x9, 0x1ef00, 0x5, [0x0, 0x0, 0x0, 0x0]}, @wireless={0xb, 0x10, 0x1, 0x4, 0x12, 0xfd, 0x8, 0x9, 0xba}, @ssp_cap={0x14, 0x10, 0xa, 0x7, 0x2, 0xa, 0xf00f, 0x7ff, [0xc030, 0xff00f0]}, @ptm_cap={0x3}]}, 0x3, [{0x56, &(0x7f0000003200)=@string={0x56, 0x3, "9bf9a732c5c359ba33d381e7d6b051358bcd163acfd2ff7b624c8aedfdbb41140502c90066ba997aed0bd72aa302678dca412d42446abd62f8cbe52a11f0c8318b12e83ce82700bd89c767e22a589f76c5243145"}}, {0x4, &(0x7f0000003280)=@lang_id={0x4, 0x3, 0x426}}, {0x5c, &(0x7f00000032c0)=@string={0x5c, 0x3, "c237f2bc3a397130cb65fe7ebc59c31dddd665a54c43bad5013931f75b7852c1f765270a2168aea8f143d175285dcea749849cadc5d45979ebe7fb780770b8276808d3f06eb001287ab45222bd9a519f1dcd5e7d358bb0e26c93"}}]}) preadv(r0, &(0x7f0000004440)=[{&(0x7f0000003380)=""/66, 0x42}, {&(0x7f0000003400)=""/57, 0x39}, {&(0x7f0000003440)=""/4096, 0x1000}], 0x3, 0x7fffffff, 0x136e7c20) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r4, 0x84, 0x76, &(0x7f0000004480)={0x0}, &(0x7f00000044c0)=0x8) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r4, 0x84, 0x78, &(0x7f0000004500)=r7, 0x4) ioctl$DRM_IOCTL_MODE_GET_LEASE(r4, 0xc01064c8, &(0x7f0000004580)={0x3, 0x0, &(0x7f0000004540)=[0x0, 0x0, 0x0]}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r4, 0xc05064a7, &(0x7f0000004700)={&(0x7f00000045c0)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000004600)=[{}], &(0x7f0000004680)=[0x0, 0x0, 0x0], &(0x7f00000046c0)=[0x0, 0x0, 0x0, 0x0], 0x1, 0x3, 0x5}) ioctl$DRM_IOCTL_MODE_OBJ_SETPROPERTY(r4, 0xc01864ba, &(0x7f0000004780)={0x0, r8, r9, 0xcccccccc}) sendmsg$DEVLINK_CMD_TRAP_SET(r4, &(0x7f0000004980)={&(0x7f00000047c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000004940)={&(0x7f0000004800)={0x118, 0x0, 0x2, 0x70bd2a, 0x25dfdbfe, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5, 0x83, 0x1}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5, 0x83, 0x1}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5, 0x83, 0x1}}]}, 0x118}, 0x1, 0x0, 0x0, 0x6f3eee6156f2b94b}, 0x8000) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r4, 0xc00864bf, &(0x7f00000049c0)) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000004a00)={'wlan1\x00'}) syz_usb_connect$uac1(0x6, 0xb2, &(0x7f0000004a40)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xa0, 0x3, 0x1, 0x6, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0xfdb, 0x2}, [@extension_unit={0x9, 0x24, 0x8, 0x4, 0x10, 0x5, '\f@'}, @extension_unit={0x9, 0x24, 0x8, 0x3, 0x40, 0xf, "a64d"}, @extension_unit={0xd, 0x24, 0x8, 0x4, 0x100, 0x1, "2a7a301dbefb"}, @extension_unit={0x9, 0x24, 0x8, 0x5, 0x51, 0x6, "fec3"}, @input_terminal={0xc, 0x24, 0x2, 0x1, 0x205, 0x3, 0x7, 0x0, 0x40, 0xff}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x3ff, 0x7, 0x9, 0x7, {0x7, 0x25, 0x1, 0x80, 0x3, 0x2}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xd, 0x24, 0x2, 0x1, 0x57, 0x2, 0x7, 0x9, "de8366a5d6"}]}, {{0x9, 0x5, 0x82, 0x9, 0x3ff, 0x9, 0xd, 0x9, {0x7, 0x25, 0x1, 0x80, 0xf, 0x6}}}}}}}]}}, &(0x7f0000004d80)={0xa, &(0x7f0000004b00)={0xa, 0x6, 0x250, 0x5, 0x3, 0x6b, 0x10, 0xf8}, 0x38, &(0x7f0000004b40)={0x5, 0xf, 0x38, 0x3, [@ss_container_id={0x14, 0x10, 0x4, 0x6, "bc67134611dda6fb197af053a3660e5a"}, @ss_container_id={0x14, 0x10, 0x4, 0x7, "f0bc906e3af7181823b86ecaaf32b485"}, @wireless={0xb, 0x10, 0x1, 0xc942493ff42d1a36, 0x10, 0x7, 0x1, 0x0, 0x7f}]}, 0x8, [{0x4, &(0x7f0000004b80)=@lang_id={0x4, 0x3, 0x44a}}, {0x4, &(0x7f0000004bc0)=@lang_id={0x4, 0x3, 0x414}}, {0x4, &(0x7f0000004c00)=@lang_id={0x4, 0x3, 0xb3f18ecfa4a46a7d}}, {0x4, &(0x7f0000004c40)=@lang_id={0x4, 0x3, 0x1404}}, {0x4, &(0x7f0000004c80)=@lang_id={0x4, 0x3, 0x4001}}, {0x4, &(0x7f0000004cc0)=@lang_id={0x4, 0x3, 0x861}}, {0x29, &(0x7f0000004d00)=@string={0x29, 0x3, "1b2f58e0210771dc288ea4a81136afc47d18733e8930e74e01a7e879743a1e6ff6b784d91b91db"}}, {0x2f, &(0x7f0000004d40)=@string={0x2f, 0x3, "9336c70aa6dcfda2f26eb9d036ed45192557980f407d036288f2a4499fad3dd26989c09dbe9af2cc631497a00c"}}]}) ioctl$SNAPSHOT_S2RAM(r4, 0x330b) 44.345265276s ago: executing program 4 (id=56): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) write$sndseq(0xffffffffffffffff, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}], 0x38) ioctl$SG_GET_REQUEST_TABLE(0xffffffffffffffff, 0x2286, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001840)=@newtaction={0xe68, 0x30, 0x25, 0x0, 0x0, {}, [{0xe54, 0x1, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{}, 0x3}, [{0x0, 0x80000000}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0xfffffffc}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe68}}, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@gettaction={0x28, 0x32, 0x6dd711a25f4cb68b, 0x0, 0x0, {}, [@action_gd=@TCA_ACT_TAB={0x14, 0x1, [{0x10, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0xa, 0x1, 'pedit\x00'}}]}]}, 0x28}}, 0x0) r6 = getpid() sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x4) r7 = syz_open_procfs(r6, &(0x7f00000020c0)='autogroup\x00') read$FUSE(r7, &(0x7f0000000080)={0x2020}, 0x2020) write$FUSE_NOTIFY_DELETE(r7, &(0x7f0000000000)={0x2a, 0x6, 0x0, {0x6, 0x5, 0x1, 0x0, '.'}}, 0x2a) 43.681988053s ago: executing program 1 (id=57): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=@newlink={0x48, 0x10, 0xc3b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_FLAGS={0x6}, @IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ENCAP_DPORT={0x6}]}}}]}, 0x48}}, 0x0) (async) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x34, 0x34, 0x6, [@typedef={0x4, 0x0, 0x0, 0x7}, @int={0x0, 0x0, 0x0, 0x1, 0x5, 0x10}, @union={0x0, 0x1, 0x0, 0x5, 0x1, 0x0, [{0x0, 0x2, 0x81000000}]}]}, {0x0, [0x0, 0x0, 0x0, 0xda]}}, 0x0, 0x52}, 0x20) 43.388776052s ago: executing program 1 (id=58): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x90) openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket$inet6(0xa, 0x3, 0x3a) setsockopt$inet6_int(r1, 0x29, 0x4e, &(0x7f0000000040)=0x9, 0x4) bind$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @private0}, 0x1c) setsockopt$inet6_mreq(r1, 0x29, 0x14, &(0x7f0000000200)={@mcast1}, 0x14) socket$inet(0x2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r6}, 0x10) connect$inet6(0xffffffffffffffff, &(0x7f0000000340)={0xa, 0x0, 0xfffffffe, @ipv4={'\x00', '\xff\xff', @multicast1}}, 0x1c) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r7, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) sendto$inet6(r7, 0x0, 0x1e, 0x2200c851, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) sendto$inet6(r7, &(0x7f0000000080)='D', 0x1, 0x1, 0x0, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x7ffffffff000) 42.255276521s ago: executing program 1 (id=60): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000540)={0x24, &(0x7f0000000180)={0x0, 0x0, 0xe, {0xe, 0x0, "349b1058a90765ea01c4ed96"}}, 0x0, 0x0, &(0x7f00000004c0)={0x0, 0x21, 0x9, {0x9, 0x21, 0x4, 0x9, 0x1, {0x22, 0xfeb}}}}, &(0x7f0000000740)={0x2c, &(0x7f0000000580)={0x40, 0x16, 0x48, "5e61ba09ae4df5d2eeba7efe722da1dc6e78bc9993e99aaaeb753a3425079cfb5ffa0a7781834c506988bded3ece6f589a300750839458161b41f5500441587f63201c5f6ad6551e"}, &(0x7f0000000600)={0x0, 0xa, 0x1, 0x4}, &(0x7f0000000640)={0x0, 0x8, 0x1, 0x5}, &(0x7f0000000680)={0x20, 0x1, 0x62, "fd3b130c8301449f13a3f33d22c448a1073d965964dfd1e59839759ddd39e25c4a57f970c05512c6d89d593e7c7b2075747a1d51680f6fc924bcbc261c253b2bdfadc0fcf03c75adf173d727ed6fffa614e04d836d3803713f1e4ad27362001da258"}, &(0x7f0000000700)={0x20, 0x3, 0x1, 0x9}}) mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x4000, 0x3, &(0x7f00009be000/0x4000)=nil) 41.102068995s ago: executing program 4 (id=62): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = openat$cachefiles(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = accept4$unix(0xffffffffffffffff, &(0x7f00000006c0), &(0x7f0000000400)=0x6e, 0x80000) sendmmsg(r2, &(0x7f00000026c0)=[{{&(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x0, r1, {0x2, 0x4e21, @multicast1}, 0x1, 0x3, 0x2}}, 0x80, &(0x7f0000000800)=[{&(0x7f00000007c0)="428b530ef29f9bf41822c8dbc57d876e67b8b7b88548fd", 0x17}], 0x1}}, {{&(0x7f0000000840)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x3, 0x0, 0x2, 0x0, {0xa, 0x4e24, 0x9, @private1={0xfc, 0x1, '\x00', 0x1}}}}, 0x80, &(0x7f0000000e00)=[{&(0x7f00000008c0)="282a114e69b4fa6be4b7c97f9c94d9c7d73dcf3b0c61bf728a31fb1ee313239cf9e0ea66318e07818e40ab7dad1796181da68f7c0fbd28e7651687ebccfcb374f54eaabbf160", 0x46}, {&(0x7f0000000cc0)="234399ba203a788c7228ad8d4d74ab2ee21d1b7662f2072db851211026cb5ca235e7d8ae4fbc90815c43b8729f729892729d7178ce72", 0x36}, {&(0x7f0000000d40)}], 0x3, &(0x7f0000001f40)=ANY=[@ANYBLOB="8000000000000000110100000300000058e282abb165449feb45f14c9e1745075ed3f116a75a66c54615573a73a01d33d8fdc378ae12739c5d86ee2fef53fcf77a7e13c6fd974edcaf27c54ae78e2a041dcb37a6a311ae43c121ab62bc11524be5319b0ee1f5db65924f2071adfa4a399a3c5cdbca9928a8907c5fd54ccf000068000000000000001501000000000000fce12a0ea9c19f77151f7c52eca0ddddbb030851ed59e33ca5993f161bbc4574ac51e5bd5fbd0bf619635f1aef316bed8d28ed0dff8aeac94d8639a5138e03f35f2ee1e7fdf55da8b308686cde6d57ec000000000000b8000000000000003a000000060000009e068aba45eb92749da9524cfa3ddb6efe1ae23a687a2064c1bff4d3d2068ec36f1e08a590fb21456c7f57c76819b75c23ee911fb6696864e71ffa44fffbbf3768669a136fa0c7129b52569ff8c05fe77b014cc823050db8166612417672b8e4b2279ee6c50b143ca49a82de1596f476b905c4072ed138ec16433060ecf67a866333920b8679944ad455a4c4e957a96a81ffcc8282a2d67ed5ab893c163c4fb2b5f63a00000000009800000000000000ff000000f8ffffffdda41ac0adbf33056ca82b54ac027c2ea92591977c5acef4809e0ebe52e196fde4926836124023cdb3ec3f4f40b9eb7e0958287b7558982a9aa2a8019e95b031b2480948a6d03ab553e956d15cfbba3ac59cd11ec2ff60c5cf43be32c400255ead0b1eb276f1fbe6cb9957d1f44bad704513e033eaa63e9eedcb9bf1db7dfb00000000000000c80000000000000011000000100000008cfbc5047622fa2d60232c36fc72066d56fe1caef9c47037905739827f054fa3aa8834cf8aa49fd97225c2fca6d72f3eee148a4ca9fef333aa9b3ebb4b3e7f91e74800c1528d8f4d881519a32b8000b188426fa12ceba8d27d5077c63262195c0298da6e51c5e7c51297dadc491ef2de613ad9b4fdc428939743736c59f6402d1c205547db3c689d5de7f84f54365659c9ceb4c16940576852b927bc8b05d3eaf3f0eef077f3c0f7fa8633b2d1c7fd25d900000000000000000100000000000012010000758400003c678e510a76d2489b0629d1dee377f3616cf1d94da7dba2798c22cb514d1eb27f64cc0416411af27fca045cae5aa4d78f713553669ca2b1016d5cd8b43d28d894e87715220fc6b7323f6d87748fda71b4654f70cd6ce30167844dcc307f9e3e4da217cec04c004f2b7d7beaae1f29589c9ee863a2cda587da42ec4626bd66cc0211f4a24dbbc70799c3a6bc8427ca9646fa01005ce5401fae03f27e7e8a4b7a44b18401a60a9285bb421e188a6285b8b954c3f7c1e95311b0e818a593f2b0303354d3f3be6724620e58a357af11f3781f42b314cb01e0006fcb2e1fe46597664763d3c391d922fca1d17d88b146b646bf493a259dd262efcc4d00000000d0000000000000000d010000ff010000427a9c5cb1877c503a3b15db4f4aad52ee85f56277731a9b8e7de96cf525377f07ce0b96790a3823f5de87b708f7cc6d39f5e6f0bfd2ec2d71d2466201fbd38329920b27296147e426d02b21d26ff5ca2d76c6f4034edfd0d9337e2846d558d0ffd90fa73dc779314311610aab9209b41f2a83ad91ffc35d7012a33d2d6d581f02a26e77d07ab9802990ea96d4e8e185bbc5e82ae4148901bdde8ef0da01fba8453f5039a198347c2342bf06777fdf6e80d10000"], 0x4d0}}, {{&(0x7f0000000e40)=@alg={0x26, 'skcipher\x00', 0x0, 0x0, 'xts-aes-neon\x00'}, 0x80, 0x0, 0x0, &(0x7f0000002480)=[{0x20, 0x112, 0xff, "824141f5d5fbb0b243c13c17ba7e"}, {0x68, 0x11, 0x8, "8147f2cd9e60a8192fde5be8128d7ffbbba74892fc29c1c0e84ec74ca52c6027ed646e6f1cd1d2b236240013ea2ddb64c4f41cb3661b876d84d77f62689f59a8793f317b03635c97dfaafa73fa5c6b08ac89b16fcbf2f505"}, {0xe0, 0x101, 0x7, "7fe76b5700aeb08668d432fd7681998e89a773afe7d38a6bc39e322732fda00b0eabc0821617d8ab0dcd6fbe1bb1258c408e345b6f3ea96bfb1aa751b4fe451a0c7646764299a8d48dbc0b853c8f7a7887c268f499c99a21d47aaed79925c2e1c024f9c3d7afb925ecf2a67ef46f782731b4a7e7dd2415079e19b552cb896af52e287f195978191d80b7c02840c759b90ca1eb47dec651685d39865771b807f759058c42ac4df9437d5d1f7c0fa072767b30606b76a0f1ff253ffbd71abd49b709cda37a4112dfb2e2791541ada929"}], 0x168}}], 0x3, 0x40000) ioctl$VIDIOC_G_PARM(r1, 0xc0cc5615, &(0x7f0000000180)={0x9, @capture={0x0, 0x1, {0x9, 0xc7cb}, 0xfffffff0, 0x7fffffff}}) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x90, 0x30, 0x1, 0x0, 0x0, {}, [{0x7c, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc}, {0xc}}}, @m_ife={0x4c, 0x1, 0x0, 0x0, {{0x8}, {0x24, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}, @TCA_IFE_METALST={0x4}]}, {0x4}, {0xc}, {0xc, 0x8, {0x4547de0ec70f3a97}}}}]}]}, 0x90}}, 0x0) 40.838050191s ago: executing program 4 (id=64): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000380)=ANY=[@ANYRES8=r2], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8) syz_pidfd_open(0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) ioctl$USBDEVFS_FREE_STREAMS(r3, 0x802c550a, &(0x7f0000000000)=ANY=[@ANYBLOB="02002303020309006000000002000020d3"]) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000002c0)={0x6, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="180000005c1cfecdcdee00000000000000000000000085100000fdffffff9500"], &(0x7f0000000040)='syzkaller\x00', 0x4}, 0x90) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000035ae52700009500000000000000"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) r4 = openat$rdma_cm(0xffffff9c, &(0x7f00000006c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_GET_EVENT(r4, &(0x7f00000000c0)={0xc, 0x8, 0xfa00, {&(0x7f0000002200)}}, 0x10) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000d00)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000cc0)={0xffffffffffffffff}, 0x106}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000d40)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @local}, r5}}, 0x48) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r6 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r6, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) 39.339335902s ago: executing program 4 (id=66): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48) close(r0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback}], 0x2c) sendto$inet6(r1, &(0x7f0000847fff)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f0000000040)=0x2, 0x4) read(r0, &(0x7f0000000440)=""/15, 0xf) 38.955033205s ago: executing program 1 (id=68): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000e07351e475a7c2454c5566b9f5fc083d8e1a76a74f9a5f1fd4855fd9d99911325e0a6cc52cdbcd1bdf2c7e260f29"], &(0x7f00000000c0)='syzkaller\x00', 0x2, 0xc6, &(0x7f0000000300)=""/198}, 0x90) socket$inet6_udplite(0xa, 0x2, 0x88) sendmsg$tipc(0xffffffffffffffff, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="fb6bba8839fe8bc048c0cdafd1f8a9918b", 0x11}], 0x1}, 0x0) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r2 = dup(r1) connect$inet(r2, &(0x7f0000000040)={0x27, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x60) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC(0xffffffffffffffff, 0x29, 0xd1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) setrlimit(0x0, &(0x7f00000002c0)={0x0, 0x3}) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r6 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0) prlimit64(r3, 0x0, &(0x7f0000000100)={0x7}, &(0x7f0000000280)) r7 = epoll_create(0x6) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r6, 0x0) kcmp$KCMP_EPOLL_TFD(r3, r3, 0x7, r4, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff, 0x2}) close(r0) r8 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r8, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback}], 0x2c) r9 = fcntl$getown(r7, 0x9) ioprio_get$pid(0x3, r9) 38.833330992s ago: executing program 4 (id=70): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x90) openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = socket$inet6(0xa, 0x3, 0x3a) setsockopt$inet6_int(r1, 0x29, 0x4e, &(0x7f0000000040)=0x9, 0x4) bind$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @private0}, 0x1c) setsockopt$inet6_mreq(r1, 0x29, 0x14, &(0x7f0000000200)={@mcast1}, 0x14) socket$inet(0x2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r6}, 0x10) connect$inet6(0xffffffffffffffff, &(0x7f0000000340)={0xa, 0x0, 0xfffffffe, @ipv4={'\x00', '\xff\xff', @multicast1}}, 0x1c) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r7, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) sendto$inet6(r7, 0x0, 0x1e, 0x2200c851, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) sendto$inet6(r7, &(0x7f0000000080)='D', 0x1, 0x1, 0x0, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x7ffffffff000) 37.557801679s ago: executing program 1 (id=71): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) write$UHID_INPUT(r1, &(0x7f0000001040)={0x9b, {"a2e3ad09ed0d09f91a5e070987f70e06d038e7ff7fc6e5539b0d3e0e8b089b3f363063030890e0879b0af8c6e70a9b334a959b669a240d0a0af3988f7ef319520100ffe8d178708c526db51b1b5b31070d0773090acd3b78130daa61d8e8040001000000b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f6709000000a141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7af1d0e54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c01008e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e1a63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0d8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0xfffffffffffffebd}}, 0x1006) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_emit_vhci(&(0x7f00000003c0)=ANY=[@ANYBLOB="043e1f0a00c9000001aaaaaa"], 0x22) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000fc0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="3800000010000300"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000100140012800b00010067656e65766500000400028004001a80"], 0x38}, 0x1, 0x2}, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f0000000180)={'sit0\x00', 0x0}) getsockopt$inet_mreqn(r1, 0x0, 0x23, &(0x7f00000001c0)={@local, @multicast2}, &(0x7f0000000200)=0x4055) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000280)={0x0, @local, @multicast1}, &(0x7f0000000300)=0xc) r7 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYRES8, @ANYRES32=r8, @ANYRESOCT=r3], 0x6c}}, 0x4000) r9 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendto$packet(r9, &(0x7f0000000000)="4dcdc7c6223e00000000ffff8137", 0xe, 0x0, &(0x7f0000000080)={0x11, 0x0, r10, 0x1, 0x0, 0x6, @dev}, 0x14) sendmsg$ETHTOOL_MSG_PAUSE_GET(r1, &(0x7f0000000580)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000340)={&(0x7f00000005c0)=ANY=[@ANYBLOB="30020000", @ANYRES16=0x0, @ANYRES32, @ANYRES32=0x0, @ANYBLOB="140002006261746164765f736c6176655f30000008000100", @ANYRES32=0x0, @ANYRES32=r5, @ANYRES32=0x0, @ANYBLOB="080003000200000008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="7000018014000200766c616e31000000000000000000000014000200726f736530000000000000000000000008000100", @ANYRES32, @ANYBLOB="1400020064766d7270300000000000000000000014000200766c616e300000000000000000000000140002006e696376663000000000000000000000500001801400020070696d367265670000000000000000001400020064766d7270310000000000000000000008000300010000001400020070696d367265673000000000", @ANYRES32=r2, @ANYBLOB="200001801400020076657468305f766c616e00000000000008000100", @ANYRES32=r6, @ANYBLOB="440001801400020069703665727370616e3000000000000008000100", @ANYRES32=0x0, @ANYRESDEC=0x0, @ANYRES32=r8, @ANYBLOB="0800030000000000140002006d6163766c616e3100000000000000", @ANYRES32=r10, @ANYBLOB="4f3e91f6bdc4b24e1ff106f10fbff5f45ba5e7d3f6276d7ec3c708c9b28ba4f474afadf0bdf6d611e4a73be8a4540458981edebbc0651e4bdb9a43a6c36c88a665674b4c1947fa1f30a9c7f19a4abd177939"], 0x230}, 0x1, 0x0, 0x0, 0x4040800}, 0x4044044) sched_setaffinity(0x0, 0x0, 0x0) r11 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r4, &(0x7f0000000240), 0x0, 0x3, 0x0) mlock(&(0x7f0000bff000/0x400000)=nil, 0x400000) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) madvise(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x16) r12 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002100)='numa_maps\x00') read$FUSE(r12, &(0x7f0000002140)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) read$FUSE(r11, &(0x7f0000004180)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_LK(r11, &(0x7f0000000000)={0x28, 0x0, r14, {{0x5, 0xbccf, 0x0, r13}}}, 0x28) 34.895434607s ago: executing program 4 (id=78): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) write$sndseq(0xffffffffffffffff, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}], 0x38) ioctl$SG_GET_REQUEST_TABLE(0xffffffffffffffff, 0x2286, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001840)=@newtaction={0xe68, 0x30, 0x25, 0x0, 0x0, {}, [{0xe54, 0x1, [@m_pedit={0xe50, 0x1, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{}, 0x3}, [{0x0, 0x80000000}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0xfffffffc}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe68}}, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@gettaction={0x28, 0x32, 0x6dd711a25f4cb68b, 0x0, 0x0, {}, [@action_gd=@TCA_ACT_TAB={0x14, 0x1, [{0x10, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0xa, 0x1, 'pedit\x00'}}]}]}, 0x28}}, 0x0) r6 = getpid() sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x4) r7 = syz_open_procfs(r6, &(0x7f00000020c0)='autogroup\x00') read$FUSE(r7, &(0x7f0000000080)={0x2020}, 0x2020) write$FUSE_NOTIFY_DELETE(r7, &(0x7f0000000000)={0x2a, 0x6, 0x0, {0x6, 0x5, 0x1, 0x0, '.'}}, 0x2a) 7.403813251s ago: executing program 3 (id=136): socket$nl_netfilter(0x10, 0x3, 0xc) unshare(0x2a060400) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$int_in(r0, 0x0, 0x0) 7.224399316s ago: executing program 3 (id=138): openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0) syz_emit_vhci(&(0x7f00000005c0)=ANY=[@ANYBLOB="04040a00000000000054679202ce9eaa48b326b038d97544c8b681bab247412afab3663029531077c8c4fa2f7501610d4eae6214096ae92430cd63486f07b04d9c519ab15a6e842e1352398f95ff35f5115a2c6c50f63336179b5e6b1f774a71a2bcf7dd5691833ac53a02f3614eae3afb9549df1b77ce0baebc9f630664223626d9bf962cb3975dd53fee8e32f516b6aaae582289f00b08f9"], 0xd) syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="042c1103c8000000000000000000000000000002d9e2ed8bf6077c57412763e8aa05000000000000000359242051549df872a70a9e5c3e25e810c5f1581c03"], 0x14) pipe2(0x0, 0x80000) write$evdev(0xffffffffffffffff, &(0x7f00000003c0)=[{{0x77359400}, 0x14, 0x9, 0x6}, {{0x0, 0x2710}, 0x0, 0x0, 0x42dbad0d}], 0x30) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) syz_open_pts(0xffffffffffffffff, 0x408b03) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001680)={0x2, 0x0, [{0x4, 0x1b, &(0x7f0000000000)=""/27}, {0x115001, 0xa3, &(0x7f0000001500)=""/163}]}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x0, 0x1, 0x0, &(0x7f0000000340)=""/185, 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000240)=ANY=[], 0x1c}}, 0x1) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000040)={@my=0x1}) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, 0x0, 0xfffffd5c) write$rfkill(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x1, 0x1, 0x0, 0x1}, 0x8) socket$key(0xf, 0x3, 0x2) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043ef50d"], 0xf8) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000001c0)={0x1, 0xfffffffb, &(0x7f0000000080)=""/31, 0x0, &(0x7f0000000500)=""/4085, 0x2}) setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x29, &(0x7f0000000080)=ANY=[], 0x14) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000004c0)={{}, &(0x7f0000000440), 0x0}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000500), 0x4) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0) sync() ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, 0x0) 5.867522454s ago: executing program 3 (id=141): r0 = socket$inet_smc(0x2b, 0x1, 0x0) r1 = socket$inet_smc(0x2b, 0x1, 0x0) bind$inet(r1, &(0x7f0000000140)={0x2, 0x4e22, @multicast2}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f00000000c0)='veth0_to_bridge\x00', 0x10) bind$inet(r0, &(0x7f0000000140)={0x2, 0x4e22, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) close(r0) 5.339986928s ago: executing program 3 (id=144): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005938d74010973077339600000001090212000100001e000904"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f00000010c0)={0x84, &(0x7f0000000080)=ANY=[@ANYBLOB="1f769a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000800)={0x84, &(0x7f0000000300)={0x0, 0x0, 0x2, "9c45"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000740)={0x34, &(0x7f0000000540)={0x0, 0x0, 0x2, "c44a"}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000fc0)={0x84, &(0x7f0000000b40)={0x0, 0x0, 0x2, "aa4c"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) pread64(0xffffffffffffffff, 0x0, 0x0, 0x0) 2.410161857s ago: executing program 0 (id=149): sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x40084) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r2, @ANYBLOB="08000500020000007c10fb68dc8b2cd2c4d2bcf4a1440f9500b536f4e7f9e399"], 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x28, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x28}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="913b3901000000fc2e3920"], 0x64}}, 0x0) 1.983782232s ago: executing program 2 (id=150): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f00000000c0)={0x0, 0x0, 0x30}, 0xc) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @empty}, 0x1c) connect$pppoe(0xffffffffffffffff, 0x0, 0x0) connect$pppoe(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000000180)="1a", 0x1, 0x0, &(0x7f00000004c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) write$binfmt_elf64(r0, &(0x7f0000000380)=ANY=[], 0x2df) sendto$inet6(r0, &(0x7f0000000c80)="7cffa9061b2f8b082b6f69ae50430c8a8b6aa3162ba083c4a52e1ab0ac50ed4a19b1a69988000d5bed4433daaa4932dbb1cb3550dee8b23579d76ce37d574b43fca1eed8ebd38d1303240ed0d84517692128dd5aef5c4d60a6659952a1437c6f0ac3ed75806011ccbaa504f41a7e0abcf8823bc4a71ef8c52c2b297b539eaf752c56ebfe9b0542543069257dafcbf76c958d4cbf4eaaa67c5c2bd9e6518be34b56add7613ab83d389724b664e62c154e1a5aac073a53a0e8cadcf51ef495ebbcc77d5e36ff24c3f282289cc077374b714e08fbfecbdc8f14ef3fd409af4caf6fcb7d663beab335f239a1e93b399c93d7c036e1b39a7c477945f82b6dde53b1c21b590a58ba688ac4fb530d2c5b1195a127d2eaec840ab59f090d7047c278611e080cebe7b28588c11a44be99fe6f88c73441bf625b70565669997f4c3cda5afe1d6429908a69a459d35ba8c2f28076d8711f2667de749a783fac94ebd02680f20fb723c35c287a1f45064846385750665ffa74579083fbb1b1d6b7c90168252b1c5313544569203e7adb8e271a94f7413e5cfd6aa3157c4fc29bddba3683fcd032aecb513b2f27530fbefa0000000000000003c058e812d8db87de5e3eceae268b91f7d59daf77646fa4df99877dd5a9540934c7af91b96486eea62897be6acbe1bae8e46b112f1385e7cea9e4daccc6f1b98ce3b4322af8299a45ddcb5be8d3e469fdde9896ca324a2f3c88c616a7dccde331698ce2d39f96220251011b4dfbec953b5c30e94adb5586cec0af234859805bb7df1101ae80318ff127e913178d79cfa918d54585b6184255e872e2dc33a5c7c30a756bbd63c32a3e6a22863781747d185acb64583976c4289394d642b07d18e2932d0a78bd2ccf92b3e94e82f1e9239fa272402f4c9efcf068709a44d6f652a4f23df89f9a15e6bf0c7e65d8f3e32c35e83d30298074d16cb5ff4ded1df81009bbae888fceb9a8109ba319605e1776e52d2069b5cd7de07cf8dc488ba6a9c7559ff49674a490991f323736f302004007d0ccf2e5eaceac6b56f48f2b00592d7a378f118d8b3e5ecd2035c8252374c91bc79cf26ac11ddffe2c09e1aa032da0713732387f950e3f4e301eb1d26e5a2b19318e50d555c832e279894d8c9b03e8940738c0fe391b29907d0d5f9214d6e697a19247f4e8221aca2ac47debd7c45b8344941cbecbaf44af343b24a4f88caf207d72002fb8b7d156997cb7275f535e6a9d6480046246e60bea0cf6f54abc69ff9418b6cb9301eb6890227215b633a886fb13c89698e51e482c42ca99613b20e22e5ce15272f5bda8b18cf53d49130a94135dd8a9692c", 0x34000, 0x0, 0x0, 0x0) 1.868442137s ago: executing program 0 (id=151): socket$inet6(0xa, 0x0, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@local, @in6=@private2}}, {{@in6=@ipv4={'\x00', '\xff\xff', @multicast2}, 0x0, 0x2b}, 0x0, @in=@empty}}, 0xe8) r0 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00000001c0), 0x4) socket(0x1, 0x803, 0x0) sendmsg$key(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000300)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0) 1.2098035s ago: executing program 0 (id=152): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$smc(&(0x7f0000000080), 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$SMC_PNETID_GET(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f0000000940)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=@newlink={0x44, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, r3, 0x54583}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x8, 0x3, @dev}]}}}, @IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0x4}]}, 0x44}}, 0x0) sendmmsg$inet(r0, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r3, @empty}}}], 0x20}}], 0x1, 0x0) 1.200708389s ago: executing program 3 (id=153): getpeername(0xffffffffffffffff, 0x0, 0x0) socket$packet(0x11, 0x0, 0x300) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000380)={0xffffffffffffffff, 0x0, 0x0}, 0x10) r0 = socket(0x0, 0x803, 0x0) r1 = socket$inet6_dccp(0xa, 0x6, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x550, 0x1c0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x480, 0xffffffff, 0xffffffff, 0x480, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0x1a0, 0x1c0, 0x60030000, {0x0, 0xff000000}, [@common=@inet=@recent0={{0xf8}, {0x81, 0x0, 0x24, 0x0, 'syz1\x00'}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x298, 0x2c0, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x1, 0x0, 'syz0\x00'}}, @common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x4, 0x0, 'syz0\x00'}}]}, @common=@inet=@SET1={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5b0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, 0x0, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r2 = io_uring_setup(0x4238, &(0x7f0000000000)={0x0, 0x0, 0x40}) r3 = socket$inet_sctp(0x2, 0x1, 0x84) r4 = socket(0x2, 0x80805, 0x0) r5 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000100)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) dup2(r4, r3) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r3, 0x84, 0x6c, &(0x7f0000000140)={r6}, &(0x7f0000000000)=0x8) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000018c0)={r6, @in6={{0xa, 0x4e23, 0x3, @loopback, 0x7f}}, 0x5, 0x6, 0x27, 0x4, 0xc, 0x3, 0x7}, &(0x7f0000001980)=0x9c) r7 = syz_open_procfs(0x0, &(0x7f0000000300)='net/dev_mcast\x00') pread64(r7, &(0x7f0000000880)=""/4096, 0x1000, 0x400000000000004) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r8 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) ioctl$USBDEVFS_CLEAR_HALT(r8, 0xc0105502, &(0x7f0000000340)={0x1, 0x1}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000100)={0x3, &(0x7f00000005c0)=[{0x35, 0x0, 0x0, 0x9}, {0x34, 0x0, 0xfc, 0xe12b}, {0x16}]}) socket$nl_generic(0x10, 0x3, 0x10) io_uring_register$IORING_REGISTER_RESTRICTIONS(r2, 0xb, &(0x7f00000004c0)=[@ioring_restriction_register_op={0x0, 0x13}], 0x1) io_uring_register$IORING_REGISTER_ENABLE_RINGS(r2, 0xc, 0x0, 0x0) io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r2, 0x13, 0x0, 0x2) 910.226649ms ago: executing program 0 (id=154): bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x0, 0x0, 0x8, 0xffffffffffffffff, 0x8}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x2, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000004440)=@base={0x10, 0x4, 0x4, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x13, &(0x7f0000000340)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0) socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000000780)="5c00000013006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af3653c001ac00800020004000200060000000464bc24eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000000e4509c5bbcd72c6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40012183, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x1000, 0x0) mkdir(&(0x7f0000000540)='./file0\x00', 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) epoll_create(0x7ff) syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) 858.99877ms ago: executing program 2 (id=155): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)={0x24, r2, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r1}, @BATADV_ATTR_GW_MODE={0x5}]}, 0x24}}, 0x0) 691.827993ms ago: executing program 3 (id=156): r0 = socket$inet_smc(0x2b, 0x1, 0x0) ioctl$int_in(0xffffffffffffffff, 0x0, &(0x7f00000000c0)) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000030020f003176c400000000001090224725100000000090400001207010300090501020000000000090582020002"], 0x0) syz_usb_control_io(r2, 0x0, &(0x7f0000000840)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) sync_file_range(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x8, 0x7, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x8, 0x73, 0xa, 0xff00}, [@call={0x1d, 0xa}, @map_fd={0x18, 0x0, 0x1, 0x0, 0xffffffffffffffff, 0x10, 0x0, 0x0, 0x25000000}, @generic]}, &(0x7f0000000140)='GPL\x00', 0xa, 0x95, &(0x7f0000000180)=""/149}, 0x90) syz_open_dev$char_usb(0xc, 0xb4, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) connect$inet(r0, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000100)) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400), 0x0, 0x0, 0x0}) dup3(r4, 0xffffffffffffffff, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r3, 0x0, 0x60, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) ioctl$AUTOFS_IOC_FAIL(0xffffffffffffffff, 0x9361, 0xffffffffffffffff) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) 611.166387ms ago: executing program 2 (id=157): syz_emit_ethernet(0x1c6, &(0x7f00000004c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000086dd60922ff50190210000000000000000000000ffeffffffffffe8000000000000000000000000000aa000000006402000011"], 0x0) 610.439278ms ago: executing program 0 (id=158): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.stat\x00', 0x26e1, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[], 0x7c}}, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000180)={'vcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000240)={0x1d, r2, 0x2}, 0x18) connect$can_j1939(r1, &(0x7f0000000280)={0x1d, r2}, 0x18) sendmmsg(r1, &(0x7f00000038c0)=[{{0x0, 0x0, 0x0}}], 0x3ffffffffffff06, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='kfree_skb\x00', r3}, 0x10) r4 = socket$kcm(0x2, 0x1000000000000002, 0x0) sendmsg$inet(r4, &(0x7f0000007940)={&(0x7f0000000100)={0x2, 0x4e24, @rand_addr=0x20}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000380), 0xb80b}], 0x1}, 0x0) 471.950897ms ago: executing program 2 (id=159): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) unlink(0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000500)=ANY=[@ANYBLOB="85000000080000001f0000000000000085000000080000009500000000000000e135dee43f5d62cdaf5bb32c301264de232ce03ca49ba60071b592758143664bf8505b4845e336472821027a89dba77c8ea9b6ee1398ae73749be1537086ae214b648801a3f00174709ddccbce9ffab959b9042fc0dfcd37b7baa14007c92d4cf2d339bf000000000000000957476eac9cdac23d9c280569e2dbfa62118132000000000000c0dadcbdbfba95ec64e00d93bfada6b71d91340a4508bcd72d77eba909bd6a9d45359cf11ad81000fb0f5548ced9733ca0fe9d8ca129b42fea3551e5ca8cdad72f668dbfa9a21d9e8c4afb7203e71a4dcefc7a45ea63c8899caca26b63ddd0ddf5b45ad90b19879853bac503661a3069ba143e01ccbef34bdce3099f80a5ae740c01ffa4f0a207fa54f5112a341a195af0662cfbaa80fce27ae5abd0dfbd0fcdcf8b8c362667a67813555101d3f6abaaea73dcf70445c52f0a0354dab0acdc6955a5f2dae85280f9f5a66b411fafe99d8a79d24cc9cf88e456cc5cdda94eeda37b147d64d97abf7f34490200b00ed338864d7d9855f9ee3a194294c73491ec"], &(0x7f0000000140)='GPL\x00', 0x0, 0xa0, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x44, 0x10, 0x0, 0x41}, 0x15) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r0, 0x0, 0xe, 0x0, &(0x7f00000000c0)="61df712bc884fed5722780b6c2a7", 0x0, 0x8000, 0x0, 0x0, 0x0, &(0x7f0000000000), 0x0}, 0x50) 329.460125ms ago: executing program 0 (id=160): pipe(&(0x7f0000000140)) socket$nl_netfilter(0x10, 0x3, 0xc) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cpuacct.usage_percpu\x00', 0x275a, 0x0) socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x80002, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="2000000001010103000000000000008008000100000000000edf276886ba0f189ad6a38fafb8166c09f33a98dde6c76aa794983f77515a3f22c9e8fe9e55d42cf4c7e1986bf13ba292799069c5924beaffb58de1ec408dfcbb6c1d8887a5ef1793fd5699a2b89cd1c53b386ac3fd08"], 0x20}}, 0x0) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000000000000000000100000009500000000000000b6a1e05efa71fe532a7136c4ff27742e6139f2f1c301833b1cd7547f9f6ed77e29b5117c2554f258b5edc9b6e404f99c3de86522f113757eda211440b5b25a788640b6023b25459362f6"], 0x0}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x0, 0x0, @empty}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x400452c8, &(0x7f0000000100)) syz_emit_ethernet(0x32, 0x0, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b24, &(0x7f0000000000)={'wlan0\x00'}) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000001c0)='jbd2_handle_stats\x00', r3}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="1802000000000000000000000000000085000000170000009500000000000000ae3279d900fcffffffffffff18ff1bc6e82237bbbc038c201fab497a326633e6f4b1022cadd4496345884c0042"], &(0x7f0000000080)='GPL\x00'}, 0x90) 258.372795ms ago: executing program 2 (id=161): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)={0x44, 0x0, 0x8, 0x401, 0x0, 0x0, {}, [@CTA_TIMEOUT_L3PROTO={0x6}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x6}, @CTA_TIMEOUT_DATA={0x14, 0x4, 0x0, 0x1, @fccp=[@CTA_TIMEOUT_DCCP_TIMEWAIT={0x8}, @CTA_TIMEOUT_DCCP_PARTOPEN={0x8}]}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x44}}, 0x0) 0s ago: executing program 2 (id=162): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000200000000000000006b79009500000000000000"], &(0x7f00000001c0)='syzkaller\x00'}, 0x80) r1 = socket$packet(0x11, 0x2, 0x300) bpf$ENABLE_STATS(0x20, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000002c0)={r0, r2, 0x25, 0x2, @val=@iter={0x0}}, 0x40) syz_emit_ethernet(0x36, &(0x7f0000000240)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5}}}}}}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.157' (ED25519) to the list of known hosts. syzkaller login: [ 69.238546][ T5076] cgroup: Unknown subsys name 'net' [ 69.406265][ T5076] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 71.101399][ T5076] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 71.691792][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.700278][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 73.552729][ T5091] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 73.562911][ T5095] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 73.586960][ T5102] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 73.597665][ T5102] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 73.604436][ T5103] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 73.606040][ T5102] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 73.612431][ T5103] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 73.628310][ T5103] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 73.628520][ T5102] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 73.635656][ T5103] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 73.649800][ T5103] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 73.657265][ T5106] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 73.659221][ T5107] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 73.665929][ T5105] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 73.672759][ T5107] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 73.678600][ T5106] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 73.686460][ T5107] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 73.696181][ T5106] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 73.708812][ T5107] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 73.716298][ T5107] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 73.726050][ T5106] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 73.733711][ T5107] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 73.733816][ T5105] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 73.750617][ T5102] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 73.758248][ T5106] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 73.759850][ T5102] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 73.766973][ T5105] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 73.774585][ T5102] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 73.780040][ T5105] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 73.786959][ T5102] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 74.371152][ T5089] chnl_net:caif_netlink_parms(): no params data found [ 74.497565][ T5086] chnl_net:caif_netlink_parms(): no params data found [ 74.567695][ T5093] chnl_net:caif_netlink_parms(): no params data found [ 74.661171][ T5096] chnl_net:caif_netlink_parms(): no params data found [ 74.696633][ T5087] chnl_net:caif_netlink_parms(): no params data found [ 74.727893][ T5089] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.735233][ T5089] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.744061][ T5089] bridge_slave_0: entered allmulticast mode [ 74.751538][ T5089] bridge_slave_0: entered promiscuous mode [ 74.792457][ T5089] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.799866][ T5089] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.807475][ T5089] bridge_slave_1: entered allmulticast mode [ 74.814506][ T5089] bridge_slave_1: entered promiscuous mode [ 74.842839][ T5086] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.850194][ T5086] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.857576][ T5086] bridge_slave_0: entered allmulticast mode [ 74.864662][ T5086] bridge_slave_0: entered promiscuous mode [ 74.926537][ T5086] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.934375][ T5086] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.942615][ T5086] bridge_slave_1: entered allmulticast mode [ 74.950770][ T5086] bridge_slave_1: entered promiscuous mode [ 74.992770][ T5089] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 75.079893][ T5089] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 75.106524][ T5093] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.113994][ T5093] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.121701][ T5093] bridge_slave_0: entered allmulticast mode [ 75.130717][ T5093] bridge_slave_0: entered promiscuous mode [ 75.140505][ T5093] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.147718][ T5093] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.154967][ T5093] bridge_slave_1: entered allmulticast mode [ 75.162541][ T5093] bridge_slave_1: entered promiscuous mode [ 75.172138][ T5086] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 75.185212][ T5086] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 75.224873][ T5089] team0: Port device team_slave_0 added [ 75.279053][ T5096] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.286299][ T5096] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.294357][ T5096] bridge_slave_0: entered allmulticast mode [ 75.302023][ T5096] bridge_slave_0: entered promiscuous mode [ 75.310405][ T5096] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.317692][ T5096] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.324870][ T5096] bridge_slave_1: entered allmulticast mode [ 75.332240][ T5096] bridge_slave_1: entered promiscuous mode [ 75.341494][ T5089] team0: Port device team_slave_1 added [ 75.361232][ T5087] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.368447][ T5087] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.375648][ T5087] bridge_slave_0: entered allmulticast mode [ 75.383852][ T5087] bridge_slave_0: entered promiscuous mode [ 75.409086][ T5086] team0: Port device team_slave_0 added [ 75.418158][ T5093] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 75.471099][ T5087] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.478728][ T5087] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.486145][ T5087] bridge_slave_1: entered allmulticast mode [ 75.493645][ T5087] bridge_slave_1: entered promiscuous mode [ 75.514001][ T5086] team0: Port device team_slave_1 added [ 75.534209][ T5093] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 75.574289][ T5089] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 75.581788][ T5089] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.608481][ T5089] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 75.660183][ T5096] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 75.674226][ T5096] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 75.684187][ T5089] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 75.692304][ T5089] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.718537][ T5089] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 75.739689][ T5087] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 75.752608][ T5087] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 75.762465][ T5086] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 75.770586][ T5091] Bluetooth: hci0: command tx timeout [ 75.771823][ T5086] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.802706][ T5086] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 75.818384][ T5093] team0: Port device team_slave_0 added [ 75.847059][ T54] Bluetooth: hci1: command tx timeout [ 75.847418][ T5091] Bluetooth: hci4: command tx timeout [ 75.852822][ T54] Bluetooth: hci2: command tx timeout [ 75.858477][ T5097] Bluetooth: hci3: command tx timeout [ 75.876500][ T5096] team0: Port device team_slave_0 added [ 75.896493][ T5086] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 75.903966][ T5086] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.930165][ T5086] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 75.943524][ T5093] team0: Port device team_slave_1 added [ 75.968741][ T5096] team0: Port device team_slave_1 added [ 75.994141][ T5087] team0: Port device team_slave_0 added [ 76.073360][ T5087] team0: Port device team_slave_1 added [ 76.092607][ T5093] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 76.100222][ T5093] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.126953][ T5093] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 76.143156][ T5089] hsr_slave_0: entered promiscuous mode [ 76.149766][ T5089] hsr_slave_1: entered promiscuous mode [ 76.171989][ T5096] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 76.179792][ T5096] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.206567][ T5096] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 76.220615][ T5096] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 76.227709][ T5096] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.253720][ T5096] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 76.283707][ T5093] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 76.291572][ T5093] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.318851][ T5093] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 76.365592][ T5087] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 76.372721][ T5087] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.399597][ T5087] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 76.412756][ T5087] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 76.419790][ T5087] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.445847][ T5087] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 76.500300][ T5086] hsr_slave_0: entered promiscuous mode [ 76.507320][ T5086] hsr_slave_1: entered promiscuous mode [ 76.513750][ T5086] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 76.521938][ T5086] Cannot create hsr debugfs directory [ 76.628453][ T5093] hsr_slave_0: entered promiscuous mode [ 76.635087][ T5093] hsr_slave_1: entered promiscuous mode [ 76.642767][ T5093] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 76.650461][ T5093] Cannot create hsr debugfs directory [ 76.670148][ T5096] hsr_slave_0: entered promiscuous mode [ 76.676717][ T5096] hsr_slave_1: entered promiscuous mode [ 76.683220][ T5096] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 76.691056][ T5096] Cannot create hsr debugfs directory [ 76.734780][ T5087] hsr_slave_0: entered promiscuous mode [ 76.741542][ T5087] hsr_slave_1: entered promiscuous mode [ 76.748719][ T5087] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 76.756565][ T5087] Cannot create hsr debugfs directory [ 77.258912][ T5089] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 77.287417][ T5089] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 77.302176][ T5089] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 77.312861][ T5089] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 77.394923][ T5096] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 77.414190][ T5096] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 77.437979][ T5096] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 77.450272][ T5096] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 77.539250][ T5086] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 77.553406][ T5086] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 77.572823][ T5086] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 77.585415][ T5086] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 77.721091][ T5093] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 77.733949][ T5093] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 77.759509][ T5093] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 77.772906][ T5093] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 77.793044][ T5089] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.847899][ T54] Bluetooth: hci0: command tx timeout [ 77.884474][ T5089] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.925668][ T5144] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.933286][ T5144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.937448][ T54] Bluetooth: hci4: command tx timeout [ 77.944952][ T5091] Bluetooth: hci3: command tx timeout [ 77.945894][ T5102] Bluetooth: hci1: command tx timeout [ 77.951890][ T5091] Bluetooth: hci2: command tx timeout [ 77.982201][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.989396][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.002119][ T5087] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 78.042270][ T5087] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 78.058967][ T5087] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 78.081397][ T5087] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 78.112787][ T5086] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.138408][ T5096] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.208345][ T5096] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.274188][ T5086] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.293198][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.300413][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.311651][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.318877][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.329487][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.336812][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.422126][ T5143] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.429341][ T5143] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.560723][ T5087] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.594916][ T5086] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 78.605963][ T5086] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 78.649979][ T5093] 8021q: adding VLAN 0 to HW filter on device bond0 [ 78.665814][ T5096] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 78.709022][ T5087] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.771651][ T5093] 8021q: adding VLAN 0 to HW filter on device team0 [ 78.790639][ T58] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.797979][ T58] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.833020][ T5089] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.872995][ T5146] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.880296][ T5146] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.892485][ T5146] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.899736][ T5146] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.914114][ T5146] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.921368][ T5146] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.151374][ T5089] veth0_vlan: entered promiscuous mode [ 79.202456][ T5089] veth1_vlan: entered promiscuous mode [ 79.236384][ T5086] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.421306][ T5096] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.465525][ T5089] veth0_macvtap: entered promiscuous mode [ 79.493719][ T5089] veth1_macvtap: entered promiscuous mode [ 79.504580][ T5086] veth0_vlan: entered promiscuous mode [ 79.542094][ T5086] veth1_vlan: entered promiscuous mode [ 79.558516][ T5089] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 79.582659][ T5093] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.602663][ T5089] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 79.638422][ T5089] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.653929][ T5089] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.663268][ T5089] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.674804][ T5089] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.715644][ T5087] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.772387][ T5096] veth0_vlan: entered promiscuous mode [ 79.839213][ T5093] veth0_vlan: entered promiscuous mode [ 79.912855][ T5093] veth1_vlan: entered promiscuous mode [ 79.922020][ T5086] veth0_macvtap: entered promiscuous mode [ 79.928269][ T5102] Bluetooth: hci0: command tx timeout [ 79.943598][ T5096] veth1_vlan: entered promiscuous mode [ 79.970010][ T5086] veth1_macvtap: entered promiscuous mode [ 80.010138][ T5102] Bluetooth: hci2: command tx timeout [ 80.010158][ T5091] Bluetooth: hci1: command tx timeout [ 80.010201][ T5091] Bluetooth: hci4: command tx timeout [ 80.015603][ T5102] Bluetooth: hci3: command tx timeout [ 80.096351][ T5093] veth0_macvtap: entered promiscuous mode [ 80.123931][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.135302][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.138177][ T5086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.171798][ T5086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.184711][ T5086] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.195917][ T5093] veth1_macvtap: entered promiscuous mode [ 80.232688][ T5086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.243245][ T5086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.258789][ T5086] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 80.284333][ T5086] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.293664][ T5086] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.302972][ T5086] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.311900][ T5086] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.329995][ T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.338888][ T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.346102][ T5093] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.366617][ T5093] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.378194][ T5093] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.388770][ T5093] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.400395][ T5093] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.415160][ T5096] veth0_macvtap: entered promiscuous mode [ 80.439268][ T5093] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.451299][ T5093] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.461268][ T5093] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.472319][ T5093] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.485257][ T5093] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 80.494108][ T5096] veth1_macvtap: entered promiscuous mode [ 80.522219][ T5093] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.532386][ T5093] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.541609][ T5093] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.550460][ T5093] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.611450][ T5096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.634549][ T5096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.645396][ T5096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.656553][ T5096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.666537][ T5096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.677721][ T5096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.689941][ T5096] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.720415][ T5096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.743029][ T5096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.753005][ T5096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.765259][ T5096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.778543][ T5096] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.789548][ T5096] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.802363][ T5096] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 80.832003][ T5096] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.850482][ T5096] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.859984][ T5096] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.869098][ T5096] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.918965][ T2493] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.941502][ T2493] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.021004][ T5087] veth0_vlan: entered promiscuous mode [ 81.086197][ T5087] veth1_vlan: entered promiscuous mode [ 81.129757][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.143371][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.155372][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.201417][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.304529][ T5087] veth0_macvtap: entered promiscuous mode [ 81.370267][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.383583][ T5087] veth1_macvtap: entered promiscuous mode [ 81.397473][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.460227][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.482810][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.585091][ T5087] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 81.637201][ T5087] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.664971][ T5087] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 81.695704][ T5087] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.741150][ T5087] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 81.783482][ T5087] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.796043][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 81.800014][ T5194] ptm ptm3: ldisc open failed (-12), clearing slot 3 [ 81.833672][ T5087] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 81.853264][ T5087] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.882682][ T5087] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 81.926222][ T5196] warning: `syz.0.1' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 81.949536][ T5142] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 81.978094][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.997700][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.013766][ T5087] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.016821][ T5102] Bluetooth: hci0: command tx timeout [ 82.046604][ T5087] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.060433][ T5087] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.076683][ T5087] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.089315][ T5102] Bluetooth: hci4: command tx timeout [ 82.095430][ T54] Bluetooth: hci2: command tx timeout [ 82.104716][ T54] Bluetooth: hci1: command tx timeout [ 82.110740][ T54] Bluetooth: hci3: command tx timeout [ 82.138330][ T5087] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.156822][ T5087] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.173159][ T5087] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.217173][ T5087] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.234508][ T5087] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.236518][ T5211] FAULT_INJECTION: forcing a failure. [ 82.236518][ T5211] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 82.290303][ T5211] CPU: 0 PID: 5211 Comm: syz.3.10 Not tainted 6.10.0-syzkaller-05505-gb1bc554e009e #0 [ 82.299912][ T5211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 82.309993][ T5211] Call Trace: [ 82.313299][ T5211] [ 82.316250][ T5211] dump_stack_lvl+0x241/0x360 [ 82.320987][ T5211] ? __pfx_dump_stack_lvl+0x10/0x10 [ 82.326235][ T5211] ? __pfx__printk+0x10/0x10 [ 82.330860][ T5211] ? __pfx_lock_release+0x10/0x10 [ 82.335941][ T5211] should_fail_ex+0x3b0/0x4e0 [ 82.340652][ T5211] _copy_from_user+0x2f/0xe0 [ 82.345352][ T5211] copy_msghdr_from_user+0xae/0x680 [ 82.350615][ T5211] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 82.356455][ T5211] __sys_sendmsg+0x23d/0x3a0 [ 82.361063][ T5211] ? __pfx___sys_sendmsg+0x10/0x10 [ 82.366186][ T5211] ? vfs_write+0x7c4/0xc90 [ 82.370647][ T5211] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 82.376989][ T5211] ? do_syscall_64+0x100/0x230 [ 82.381803][ T5211] ? do_syscall_64+0xb6/0x230 [ 82.386501][ T5211] do_syscall_64+0xf3/0x230 [ 82.391021][ T5211] ? clear_bhb_loop+0x35/0x90 [ 82.395716][ T5211] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 82.401635][ T5211] RIP: 0033:0x7f7831175b59 [ 82.406277][ T5211] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 82.425916][ T5211] RSP: 002b:00007f7831fea048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 82.434352][ T5211] RAX: ffffffffffffffda RBX: 00007f7831303f60 RCX: 00007f7831175b59 [ 82.442350][ T5211] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 [ 82.450346][ T5211] RBP: 00007f7831fea0a0 R08: 0000000000000000 R09: 0000000000000000 [ 82.458332][ T5211] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 82.466315][ T5211] R13: 000000000000000b R14: 00007f7831303f60 R15: 00007fff0a1a6ef8 [ 82.474314][ T5211] [ 82.485366][ T5087] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.504623][ T5087] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.521186][ T5087] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.561688][ T5087] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.994032][ T5091] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 82.994148][ T5091] CPU: 0 PID: 5091 Comm: kworker/u9:2 Not tainted 6.10.0-syzkaller-05505-gb1bc554e009e #0 [ 82.994177][ T5091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 82.994193][ T5091] Workqueue: hci1 hci_rx_work [ 82.994228][ T5091] Call Trace: [ 82.994239][ T5091] [ 82.994251][ T5091] dump_stack_lvl+0x241/0x360 [ 82.994295][ T5091] ? __pfx_dump_stack_lvl+0x10/0x10 [ 82.994331][ T5091] ? __pfx__printk+0x10/0x10 [ 82.994367][ T5091] ? sysfs_create_dir_ns+0x28a/0x3a0 [ 82.994404][ T5091] ? kmalloc_trace_noprof+0x19c/0x2c0 [ 82.994448][ T5091] sysfs_create_dir_ns+0x2ce/0x3a0 [ 82.994489][ T5091] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 82.994536][ T5091] kobject_add_internal+0x435/0x8d0 [ 82.994582][ T5091] kobject_add+0x152/0x220 [ 82.994616][ T5091] ? do_raw_spin_unlock+0x13c/0x8b0 [ 82.994640][ T5091] ? device_add+0x3e7/0xbf0 [ 82.994675][ T5091] ? __pfx_kobject_add+0x10/0x10 [ 82.994709][ T5091] ? _raw_spin_unlock+0x28/0x50 [ 82.994750][ T5091] ? get_device_parent+0x165/0x410 [ 82.994790][ T5091] device_add+0x4e5/0xbf0 [ 82.994833][ T5091] hci_conn_add_sysfs+0xe8/0x200 [ 82.994873][ T5091] le_conn_complete_evt+0xc9f/0x12e0 [ 82.994914][ T5091] ? trace_contention_end+0x3c/0x120 [ 82.994952][ T5091] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 82.994986][ T5091] ? __mutex_unlock_slowpath+0x21d/0x750 [ 82.995016][ T5091] ? __copy_skb_header+0x437/0x5b0 [ 82.995047][ T5091] ? skb_pull_data+0x112/0x230 [ 82.995093][ T5091] hci_le_enh_conn_complete_evt+0x185/0x420 [ 82.995134][ T5091] hci_event_packet+0xa55/0x1540 [ 82.995166][ T5091] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 82.995203][ T5091] ? __pfx_hci_event_packet+0x10/0x10 [ 82.995227][ T5091] ? do_raw_spin_unlock+0x13c/0x8b0 [ 82.995260][ T5091] ? hci_send_to_monitor+0xd8/0x7f0 [ 82.995292][ T5091] ? kcov_remote_start+0x9e/0x7e0 [ 82.995326][ T5091] hci_rx_work+0x3e8/0xca0 [ 82.995364][ T5091] ? process_scheduled_works+0x945/0x1830 [ 82.995391][ T5091] process_scheduled_works+0xa2c/0x1830 [ 82.995454][ T5091] ? __pfx_process_scheduled_works+0x10/0x10 [ 82.995493][ T5091] ? assign_work+0x364/0x3d0 [ 82.995527][ T5091] worker_thread+0x86d/0xd40 [ 82.995574][ T5091] ? __kthread_parkme+0x169/0x1d0 [ 82.995608][ T5091] ? __pfx_worker_thread+0x10/0x10 [ 82.995636][ T5091] kthread+0x2f0/0x390 [ 82.995667][ T5091] ? __pfx_worker_thread+0x10/0x10 [ 82.995694][ T5091] ? __pfx_kthread+0x10/0x10 [ 82.995727][ T5091] ret_from_fork+0x4b/0x80 [ 82.995758][ T5091] ? __pfx_kthread+0x10/0x10 [ 82.995790][ T5091] ret_from_fork_asm+0x1a/0x30 [ 82.995844][ T5091] [ 82.995878][ T5091] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 82.995922][ T5091] Bluetooth: hci1: failed to register connection device [ 83.107176][ T5216] netlink: 'syz.2.3': attribute type 10 has an invalid length. [ 83.164732][ T5216] batman_adv: batadv0: Adding interface: team0 [ 83.164749][ T5216] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.164770][ T5216] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 83.195192][ T0] NOHZ tick-stop error: local softirq work is pending, handler #01!!! [ 83.267105][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 83.268025][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 83.268155][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 83.946069][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 84.151019][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 84.151766][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 84.215124][ T2493] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.215176][ T2493] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.452849][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.452870][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.929988][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 84.937203][ T0] NOHZ tick-stop error: local softirq work is pending, handler #282!!! [ 85.048164][ T5102] Bluetooth: hci1: command tx timeout [ 85.107104][ T5144] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 85.148782][ T5239] FAULT_INJECTION: forcing a failure. [ 85.148782][ T5239] name failslab, interval 1, probability 0, space 0, times 1 [ 85.148816][ T5239] CPU: 1 PID: 5239 Comm: syz.4.5 Not tainted 6.10.0-syzkaller-05505-gb1bc554e009e #0 [ 85.148841][ T5239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 85.148855][ T5239] Call Trace: [ 85.148865][ T5239] [ 85.148875][ T5239] dump_stack_lvl+0x241/0x360 [ 85.148916][ T5239] ? __pfx_dump_stack_lvl+0x10/0x10 [ 85.148950][ T5239] ? __pfx__printk+0x10/0x10 [ 85.148983][ T5239] ? __pfx___might_resched+0x10/0x10 [ 85.149018][ T5239] should_fail_ex+0x3b0/0x4e0 [ 85.149053][ T5239] ? alloc_pipe_info+0xeb/0x4d0 [ 85.149083][ T5239] should_failslab+0x9/0x20 [ 85.149113][ T5239] kmalloc_trace_noprof+0x6c/0x2c0 [ 85.149160][ T5239] alloc_pipe_info+0xeb/0x4d0 [ 85.149194][ T5239] splice_direct_to_actor+0xaac/0xc90 [ 85.149240][ T5239] ? __pfx_direct_splice_actor+0x10/0x10 [ 85.149268][ T5239] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 85.149296][ T5239] ? __fget_files+0x29/0x470 [ 85.149326][ T5239] ? __pfx_lock_release+0x10/0x10 [ 85.149358][ T5239] do_splice_direct+0x28c/0x3e0 [ 85.149389][ T5239] ? __pfx_do_splice_direct+0x10/0x10 [ 85.149414][ T5239] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 85.149448][ T5239] ? rw_verify_area+0x1d2/0x6b0 [ 85.149479][ T5239] do_sendfile+0x56d/0xe20 [ 85.149525][ T5239] ? __pfx_do_sendfile+0x10/0x10 [ 85.149572][ T5239] __se_sys_sendfile64+0x17c/0x1e0 [ 85.149609][ T5239] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 85.149643][ T5239] ? do_syscall_64+0x100/0x230 [ 85.149677][ T5239] ? do_syscall_64+0xb6/0x230 [ 85.149711][ T5239] do_syscall_64+0xf3/0x230 [ 85.149743][ T5239] ? clear_bhb_loop+0x35/0x90 [ 85.149768][ T5239] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.149801][ T5239] RIP: 0033:0x7fc9ad775b59 [ 85.149822][ T5239] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.149841][ T5239] RSP: 002b:00007fc9ae53d048 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 85.149867][ T5239] RAX: ffffffffffffffda RBX: 00007fc9ad903f60 RCX: 00007fc9ad775b59 [ 85.149884][ T5239] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 85.149898][ T5239] RBP: 00007fc9ae53d0a0 R08: 0000000000000000 R09: 0000000000000000 [ 85.149913][ T5239] R10: 000000000000003a R11: 0000000000000246 R12: 0000000000000001 [ 85.149928][ T5239] R13: 000000000000000b R14: 00007fc9ad903f60 R15: 00007ffcc6cd54e8 [ 85.149962][ T5239] [ 85.257667][ T5144] usb 3-1: device descriptor read/64, error -71 [ 85.269983][ T5241] fuse: Bad value for 'user_id' [ 85.792220][ T5241] fuse: Bad value for 'user_id' [ 85.966868][ T5144] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 86.116972][ T5144] usb 3-1: device descriptor read/64, error -71 [ 86.241002][ T5144] usb usb3-port1: attempt power cycle [ 87.423041][ T5144] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 87.439822][ T9] cfg80211: failed to load regulatory.db [ 87.506459][ T5144] usb 3-1: device descriptor read/8, error -71 [ 88.000936][ T5261] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 92.927725][ T5274] autofs: Bad value for 'fd' [ 92.999448][ T5275] autofs: Bad value for 'fd' [ 93.444152][ T5287] cgroup: noprefix used incorrectly [ 93.881219][ T5295] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 94.675538][ T5102] Bluetooth: hci1: ISO packet for unknown connection handle 0 [ 95.547302][ T5144] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 95.814016][ T5144] usb 5-1: config 1 interface 0 altsetting 129 bulk endpoint 0x82 has invalid maxpacket 1023 [ 95.848374][ T5144] usb 5-1: config 1 interface 0 altsetting 129 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 95.872498][ T5144] usb 5-1: config 1 interface 0 has no altsetting 0 [ 95.885710][ T5144] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 95.916350][ T5144] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 95.934530][ T5144] usb 5-1: Product: 㟂볲㤺ぱ旋绾妼᷃훝ꕥ䍌햺㤁硛셒旷ਧ校ꢮ䏱痑崨꟎葉궜퓅祙磻瀇➸ࡨ끮⠁둺≒骽齑총絞謵鍬 [ 95.959976][ T5144] usb 5-1: Manufacturer: Ц [ 95.964800][ T5144] usb 5-1: SerialNumber: syz [ 96.020672][ T5307] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 96.046958][ T5307] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 96.097071][ T5320] capability: warning: `syz.2.36' uses deprecated v2 capabilities in a way that may be insecure [ 96.307136][ T5144] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -22 [ 96.332859][ T5144] usb 5-1: USB disconnect, device number 2 [ 96.898396][ T5102] Bluetooth: hci1: command 0x0406 tx timeout [ 98.187101][ T5147] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 98.215807][ T5102] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 98.367042][ T5147] usb 5-1: Using ep0 maxpacket: 16 [ 98.374890][ T5147] usb 5-1: config 1 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 116, changing to 10 [ 98.374956][ T5147] usb 5-1: config 1 interface 0 has no altsetting 0 [ 98.378019][ T5147] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 98.378045][ T5147] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 98.378061][ T5147] usb 5-1: Product: syz [ 98.378073][ T5147] usb 5-1: Manufacturer: syz [ 98.378085][ T5147] usb 5-1: SerialNumber: syz [ 98.488677][ T928] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 98.686984][ T928] usb 3-1: Using ep0 maxpacket: 32 [ 98.689597][ T928] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 98.689624][ T928] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 98.689689][ T928] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 98.689708][ T928] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 98.694292][ T928] usb 3-1: config 0 descriptor?? [ 98.700506][ T928] hub 3-1:0.0: USB hub found [ 98.954265][ T928] hub 3-1:0.0: config failed, hub has too many ports! (err -19) [ 99.057419][ T5102] Bluetooth: hci1: command 0x0406 tx timeout [ 99.171228][ T928] usbhid 3-1:0.0: can't add hid device: -71 [ 99.193916][ T928] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 99.270758][ T928] usb 3-1: USB disconnect, device number 6 [ 99.692768][ T5359] FAULT_INJECTION: forcing a failure. [ 99.692768][ T5359] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 99.724295][ T5359] CPU: 0 PID: 5359 Comm: syz.0.47 Not tainted 6.10.0-syzkaller-05505-gb1bc554e009e #0 [ 99.733915][ T5359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 99.744000][ T5359] Call Trace: [ 99.747312][ T5359] [ 99.750264][ T5359] dump_stack_lvl+0x241/0x360 [ 99.754960][ T5359] ? __pfx_dump_stack_lvl+0x10/0x10 [ 99.760173][ T5359] ? __pfx__printk+0x10/0x10 [ 99.764874][ T5359] ? snprintf+0xda/0x120 [ 99.769143][ T5359] should_fail_ex+0x3b0/0x4e0 [ 99.773861][ T5359] _copy_to_user+0x2f/0xb0 [ 99.778290][ T5359] simple_read_from_buffer+0xca/0x150 [ 99.783693][ T5359] proc_fail_nth_read+0x1e9/0x250 [ 99.788748][ T5359] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 99.794388][ T5359] ? rw_verify_area+0x520/0x6b0 [ 99.799244][ T5359] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 99.804794][ T5359] vfs_read+0x204/0xbc0 [ 99.808982][ T5359] ? __pfx_lock_release+0x10/0x10 [ 99.814019][ T5359] ? __pfx_vfs_read+0x10/0x10 [ 99.818726][ T5359] ? __fget_files+0x29/0x470 [ 99.823354][ T5359] ? __fget_files+0x3f6/0x470 [ 99.828066][ T5359] ksys_read+0x1a0/0x2c0 [ 99.832344][ T5359] ? __pfx_ksys_read+0x10/0x10 [ 99.837126][ T5359] ? do_syscall_64+0x100/0x230 [ 99.841930][ T5359] ? do_syscall_64+0xb6/0x230 [ 99.846622][ T5359] do_syscall_64+0xf3/0x230 [ 99.851152][ T5359] ? clear_bhb_loop+0x35/0x90 [ 99.855857][ T5359] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.861768][ T5359] RIP: 0033:0x7f2306f7463c [ 99.866184][ T5359] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 99.885812][ T5359] RSP: 002b:00007f2307dbc040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 99.894255][ T5359] RAX: ffffffffffffffda RBX: 00007f2307104038 RCX: 00007f2306f7463c [ 99.902433][ T5359] RDX: 000000000000000f RSI: 00007f2307dbc0b0 RDI: 0000000000000005 [ 99.910418][ T5359] RBP: 00007f2307dbc0a0 R08: 0000000000000000 R09: 0000000000000000 [ 99.918405][ T5359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 99.926382][ T5359] R13: 000000000000006e R14: 00007f2307104038 R15: 00007ffd3a1cc068 [ 99.934370][ T5359] [ 100.326430][ T5147] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -71 [ 100.391615][ T5147] usb 5-1: USB disconnect, device number 3 [ 100.786886][ T9] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 100.950319][ T5360] delete_channel: no stack [ 101.005250][ T9] usb 2-1: config 1 interface 0 altsetting 129 bulk endpoint 0x82 has invalid maxpacket 1023 [ 101.036324][ T9] usb 2-1: config 1 interface 0 altsetting 129 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 101.096281][ T9] usb 2-1: config 1 interface 0 has no altsetting 0 [ 101.096437][ T5376] bridge1: entered promiscuous mode [ 101.120873][ T9] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 101.134635][ T5376] bridge1: entered allmulticast mode [ 101.159793][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 101.189372][ T9] usb 2-1: Product: 㟂볲㤺ぱ旋绾妼᷃훝ꕥ䍌햺㤁硛셒旷ਧ校ꢮ䏱痑崨꟎葉궜퓅祙磻瀇➸ࡨ끮⠁둺≒骽齑총絞謵鍬 [ 101.231606][ T9] usb 2-1: Manufacturer: Ц [ 101.246382][ T9] usb 2-1: SerialNumber: syz [ 101.281132][ T5368] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 101.302840][ T5368] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 101.536168][ T9] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -22 [ 101.597762][ T9] usb 2-1: USB disconnect, device number 2 [ 102.279668][ T5391] netlink: 8 bytes leftover after parsing attributes in process `syz.1.57'. [ 103.751020][ T5400] cgroup: noprefix used incorrectly [ 103.786426][ T5091] Bluetooth: hci1: ISO packet for unknown connection handle 0 [ 104.060952][ T5092] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 104.319122][ T5092] usb 2-1: Using ep0 maxpacket: 32 [ 104.364029][ T5092] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 104.462899][ T5092] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 104.501851][ T5092] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 104.523793][ T5092] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.549431][ T5092] usb 2-1: config 0 descriptor?? [ 104.573453][ T5092] hub 2-1:0.0: USB hub found [ 104.786579][ T5092] hub 2-1:0.0: config failed, hub has too many ports! (err -19) [ 104.990419][ T5092] usbhid 2-1:0.0: can't add hid device: -71 [ 105.026701][ T5092] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 105.144890][ T5092] usb 2-1: USB disconnect, device number 3 [ 105.388178][ T5410] FAULT_INJECTION: forcing a failure. [ 105.388178][ T5410] name failslab, interval 1, probability 0, space 0, times 0 [ 105.479037][ T5414] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 105.486537][ T5414] vhci_hcd: invalid port number 9 [ 105.491720][ T5414] vhci_hcd: invalid port number 9 [ 106.397902][ T5102] Bluetooth: hci1: command tx timeout [ 106.424707][ T5410] CPU: 0 PID: 5410 Comm: syz.2.63 Not tainted 6.10.0-syzkaller-05505-gb1bc554e009e #0 [ 106.434296][ T5410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 106.444375][ T5410] Call Trace: [ 106.447659][ T5410] [ 106.450586][ T5410] dump_stack_lvl+0x241/0x360 [ 106.455305][ T5410] ? __pfx_dump_stack_lvl+0x10/0x10 [ 106.460525][ T5410] ? __pfx__printk+0x10/0x10 [ 106.465127][ T5410] should_fail_ex+0x3b0/0x4e0 [ 106.469829][ T5410] ? __alloc_skb+0x1c3/0x440 [ 106.474432][ T5410] should_failslab+0x9/0x20 [ 106.478962][ T5410] kmem_cache_alloc_node_noprof+0x71/0x320 [ 106.484783][ T5410] __alloc_skb+0x1c3/0x440 [ 106.489203][ T5410] ? __pfx___alloc_skb+0x10/0x10 [ 106.494139][ T5410] ? bpf_lsm_file_permission+0x9/0x10 [ 106.499510][ T5410] ? security_file_permission+0x7f/0xa0 [ 106.505082][ T5410] ppp_write+0xb4/0x3f0 [ 106.509257][ T5410] ? vfs_write+0x288/0xc90 [ 106.513671][ T5410] ? __pfx_ppp_write+0x10/0x10 [ 106.518455][ T5410] vfs_write+0x2a2/0xc90 [ 106.522748][ T5410] ? __pfx_vfs_write+0x10/0x10 [ 106.527556][ T5410] ? __fget_files+0x29/0x470 [ 106.532190][ T5410] ? __fget_files+0x3f6/0x470 [ 106.536909][ T5410] ? __fget_files+0x29/0x470 [ 106.541516][ T5410] ksys_write+0x1a0/0x2c0 [ 106.545847][ T5410] ? __pfx_ksys_write+0x10/0x10 [ 106.550716][ T5410] ? do_syscall_64+0x100/0x230 [ 106.555514][ T5410] ? do_syscall_64+0xb6/0x230 [ 106.560210][ T5410] do_syscall_64+0xf3/0x230 [ 106.564736][ T5410] ? clear_bhb_loop+0x35/0x90 [ 106.569446][ T5410] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.575350][ T5410] RIP: 0033:0x7feb6e975b59 [ 106.579773][ T5410] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 106.599381][ T5410] RSP: 002b:00007feb6f791048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 106.607801][ T5410] RAX: ffffffffffffffda RBX: 00007feb6eb03f60 RCX: 00007feb6e975b59 [ 106.615796][ T5410] RDX: 000000000000000b RSI: 0000000020000180 RDI: 0000000000000003 [ 106.623769][ T5410] RBP: 00007feb6f7910a0 R08: 0000000000000000 R09: 0000000000000000 [ 106.631738][ T5410] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 106.639716][ T5410] R13: 000000000000000b R14: 00007feb6eb03f60 R15: 00007ffcc6c5e298 [ 106.647743][ T5410] [ 107.128468][ T5424] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 108.499012][ T5434] (syz.2.69,5434,1):ocfs2_fill_super:990 ERROR: superblock probe failed! [ 108.507908][ T5434] (syz.2.69,5434,1):ocfs2_fill_super:1178 ERROR: status = -22 [ 108.539233][ T5091] Bluetooth: hci1: command 0x0406 tx timeout [ 109.409451][ T5091] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201' [ 109.409625][ T5091] CPU: 1 PID: 5091 Comm: kworker/u9:2 Not tainted 6.10.0-syzkaller-05505-gb1bc554e009e #0 [ 109.409653][ T5091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 109.409668][ T5091] Workqueue: hci4 hci_rx_work [ 109.409699][ T5091] Call Trace: [ 109.409710][ T5091] [ 109.409720][ T5091] dump_stack_lvl+0x241/0x360 [ 109.409761][ T5091] ? __pfx_dump_stack_lvl+0x10/0x10 [ 109.409794][ T5091] ? __pfx__printk+0x10/0x10 [ 109.409841][ T5091] ? sysfs_create_dir_ns+0x28a/0x3a0 [ 109.409877][ T5091] ? kmalloc_trace_noprof+0x19c/0x2c0 [ 109.409918][ T5091] sysfs_create_dir_ns+0x2ce/0x3a0 [ 109.409956][ T5091] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 109.410003][ T5091] kobject_add_internal+0x435/0x8d0 [ 109.410047][ T5091] kobject_add+0x152/0x220 [ 109.410079][ T5091] ? do_raw_spin_unlock+0x13c/0x8b0 [ 109.410103][ T5091] ? device_add+0x3e7/0xbf0 [ 109.410137][ T5091] ? __pfx_kobject_add+0x10/0x10 [ 109.410170][ T5091] ? _raw_spin_unlock+0x28/0x50 [ 109.410208][ T5091] ? get_device_parent+0x165/0x410 [ 109.410245][ T5091] device_add+0x4e5/0xbf0 [ 109.410284][ T5091] hci_conn_add_sysfs+0xe8/0x200 [ 109.410321][ T5091] le_conn_complete_evt+0xc9f/0x12e0 [ 109.410359][ T5091] ? trace_contention_end+0x3c/0x120 [ 109.410395][ T5091] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 109.410426][ T5091] ? __mutex_unlock_slowpath+0x21d/0x750 [ 109.410455][ T5091] ? __copy_skb_header+0x437/0x5b0 [ 109.410486][ T5091] ? skb_pull_data+0x112/0x230 [ 109.410522][ T5091] hci_le_enh_conn_complete_evt+0x185/0x420 [ 109.410563][ T5091] hci_event_packet+0xa55/0x1540 [ 109.410594][ T5091] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 109.410629][ T5091] ? __pfx_hci_event_packet+0x10/0x10 [ 109.410652][ T5091] ? do_raw_spin_unlock+0x13c/0x8b0 [ 109.410683][ T5091] ? hci_send_to_monitor+0xd8/0x7f0 [ 109.410714][ T5091] ? kcov_remote_start+0x9e/0x7e0 [ 109.410748][ T5091] hci_rx_work+0x3e8/0xca0 [ 109.410784][ T5091] ? process_scheduled_works+0x945/0x1830 [ 109.410816][ T5091] process_scheduled_works+0xa2c/0x1830 [ 109.410878][ T5091] ? __pfx_process_scheduled_works+0x10/0x10 [ 109.410915][ T5091] ? assign_work+0x364/0x3d0 [ 109.410946][ T5091] worker_thread+0x86d/0xd40 [ 109.410989][ T5091] ? __kthread_parkme+0x169/0x1d0 [ 109.411023][ T5091] ? __pfx_worker_thread+0x10/0x10 [ 109.411050][ T5091] kthread+0x2f0/0x390 [ 109.411081][ T5091] ? __pfx_worker_thread+0x10/0x10 [ 109.411107][ T5091] ? __pfx_kthread+0x10/0x10 [ 109.411138][ T5091] ret_from_fork+0x4b/0x80 [ 109.411168][ T5091] ? __pfx_kthread+0x10/0x10 [ 109.411196][ T5091] ret_from_fork_asm+0x1a/0x30 [ 109.411246][ T5091] [ 109.411277][ T5091] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 109.411318][ T5091] Bluetooth: hci4: failed to register connection device [ 109.593162][ T5443] cgroup: noprefix used incorrectly [ 109.642907][ T5445] FAULT_INJECTION: forcing a failure. [ 109.642907][ T5445] name failslab, interval 1, probability 0, space 0, times 0 [ 109.642965][ T5445] CPU: 0 PID: 5445 Comm: syz.2.74 Not tainted 6.10.0-syzkaller-05505-gb1bc554e009e #0 [ 109.642989][ T5445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 109.643003][ T5445] Call Trace: [ 109.643012][ T5445] [ 109.643023][ T5445] dump_stack_lvl+0x241/0x360 [ 109.643065][ T5445] ? __pfx_dump_stack_lvl+0x10/0x10 [ 109.643098][ T5445] ? __pfx__printk+0x10/0x10 [ 109.643132][ T5445] ? __pfx___might_resched+0x10/0x10 [ 109.643168][ T5445] should_fail_ex+0x3b0/0x4e0 [ 109.643204][ T5445] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 109.643232][ T5445] should_failslab+0x9/0x20 [ 109.643264][ T5445] __kmalloc_noprof+0xd8/0x400 [ 109.643296][ T5445] ? kfree+0x4e/0x360 [ 109.643332][ T5445] tomoyo_realpath_from_path+0xcf/0x5e0 [ 109.643374][ T5445] tomoyo_path_number_perm+0x23a/0x880 [ 109.643417][ T5445] ? tomoyo_path_number_perm+0x208/0x880 [ 109.643453][ T5445] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 109.643533][ T5445] ? __fget_files+0x29/0x470 [ 109.643566][ T5445] ? __fget_files+0x3f6/0x470 [ 109.643595][ T5445] ? __fget_files+0x29/0x470 [ 109.643632][ T5445] security_file_ioctl+0x75/0xb0 [ 109.643662][ T5445] __se_sys_ioctl+0x47/0x170 [ 109.643692][ T5445] do_syscall_64+0xf3/0x230 [ 109.643724][ T5445] ? clear_bhb_loop+0x35/0x90 [ 109.643828][ T5445] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.643868][ T5445] RIP: 0033:0x7feb6e975b59 [ 109.643892][ T5445] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 109.643913][ T5445] RSP: 002b:00007feb6f791048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 109.643942][ T5445] RAX: ffffffffffffffda RBX: 00007feb6eb03f60 RCX: 00007feb6e975b59 [ 109.643962][ T5445] RDX: 0000000020000d80 RSI: 00000000c0109207 RDI: 0000000000000004 [ 109.643979][ T5445] RBP: 00007feb6f7910a0 R08: 0000000000000000 R09: 0000000000000000 [ 109.643995][ T5445] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 109.644010][ T5445] R13: 000000000000000b R14: 00007feb6eb03f60 R15: 00007ffcc6c5e298 [ 109.644045][ T5445] [ 109.644056][ T5445] ERROR: Out of memory at tomoyo_realpath_from_path. [ 109.795823][ T5447] cgroup: noprefix used incorrectly [ 109.832342][ T5102] Bluetooth: hci3: unexpected event for opcode 0x0016 [ 109.973754][ T5102] Bluetooth: hci0: ISO packet for unknown connection handle 0 [ 111.446855][ T54] Bluetooth: hci4: command tx timeout [ 111.802028][ C0] vkms_vblank_simulate: vblank timer overrun [ 112.010309][ T54] Bluetooth: hci0: command 0x0406 tx timeout [ 115.946617][ T5478] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 115.954524][ T5478] vhci_hcd: invalid port number 9 [ 115.972439][ T5478] vhci_hcd: invalid port number 9 [ 118.273047][ T5474] sched: RT throttling activated [ 118.757567][ T5091] Bluetooth: hci0: command 0x0406 tx timeout [ 119.408227][ T5487] binder: 5486:5487 ioctl 4018620d 0 returned -22 [ 120.676921][ T5147] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 121.565779][ T5147] usb 1-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 121.592265][ T5147] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 121.611493][ T5091] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 121.621373][ T5091] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 121.622398][ T5147] usb 1-1: config 0 descriptor?? [ 121.645407][ T5091] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 121.661911][ T5091] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 121.673276][ T5091] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 121.680906][ T5091] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 122.570936][ T5494] chnl_net:caif_netlink_parms(): no params data found [ 123.640566][ T5147] pegasus 1-1:0.0: probe with driver pegasus failed with error -110 [ 123.767023][ T5091] Bluetooth: hci5: command tx timeout [ 123.787003][ T58] usb 1-1: USB disconnect, device number 2 [ 123.884913][ T5102] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 123.911363][ T5102] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 123.928762][ T5102] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 123.944878][ T5102] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 123.964283][ T5102] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 123.972563][ T5102] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 124.602694][ T63] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.919974][ T63] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.443945][ T5535] (syz.3.97,5535,0):ocfs2_fill_super:990 ERROR: superblock probe failed! [ 125.452633][ T5535] (syz.3.97,5535,0):ocfs2_fill_super:1178 ERROR: status = -22 [ 125.860105][ T5091] Bluetooth: hci5: command tx timeout [ 126.093491][ T5091] Bluetooth: hci4: command tx timeout [ 126.120456][ T63] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 126.181026][ T5494] bridge0: port 1(bridge_slave_0) entered blocking state [ 126.189696][ T5494] bridge0: port 1(bridge_slave_0) entered disabled state [ 126.197183][ T5494] bridge_slave_0: entered allmulticast mode [ 126.208161][ T5494] bridge_slave_0: entered promiscuous mode [ 126.300695][ T5494] bridge0: port 2(bridge_slave_1) entered blocking state [ 126.317062][ T5494] bridge0: port 2(bridge_slave_1) entered disabled state [ 126.328357][ T5494] bridge_slave_1: entered allmulticast mode [ 126.348534][ T5494] bridge_slave_1: entered promiscuous mode [ 126.534320][ T63] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 126.689252][ T5494] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 126.745603][ T5494] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 127.933355][ T5091] Bluetooth: hci5: command tx timeout [ 128.043671][ T5494] team0: Port device team_slave_0 added [ 128.092335][ T5494] team0: Port device team_slave_1 added [ 128.167963][ T5091] Bluetooth: hci4: command tx timeout [ 128.594877][ T5494] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 128.605590][ T5145] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 128.638010][ T5494] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 128.884598][ T5494] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 128.901079][ T5494] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 128.912180][ T5494] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 129.080967][ T5571] (syz.0.107,5571,1):ocfs2_fill_super:990 ERROR: superblock probe failed! [ 129.089723][ T5571] (syz.0.107,5571,1):ocfs2_fill_super:1178 ERROR: status = -22 [ 129.715480][ T5145] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 129.728507][ T5145] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 129.740888][ T5145] usb 3-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00 [ 129.752333][ T5145] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.765491][ T5145] usb 3-1: config 0 descriptor?? [ 129.816520][ T5494] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 130.007063][ T5091] Bluetooth: hci5: command tx timeout [ 130.146400][ T63] bridge_slave_1: left allmulticast mode [ 130.168174][ T63] bridge_slave_1: left promiscuous mode [ 130.178825][ T63] bridge0: port 2(bridge_slave_1) entered disabled state [ 130.245996][ T63] bridge_slave_0: left allmulticast mode [ 130.251991][ T5091] Bluetooth: hci4: command tx timeout [ 130.268279][ T63] bridge_slave_0: left promiscuous mode [ 130.284139][ T5563] vhci_hcd: invalid port number 0 [ 130.284298][ T63] bridge0: port 1(bridge_slave_0) entered disabled state [ 130.425154][ T5563] netlink: 4 bytes leftover after parsing attributes in process `syz.2.105'. [ 130.755687][ T5145] hid-led 0003:1D34:000A.0001: unknown main item tag 0x0 [ 130.789013][ T5145] hid-led 0003:1D34:000A.0001: unknown main item tag 0x0 [ 130.812206][ T5145] hid-led 0003:1D34:000A.0001: unknown main item tag 0x0 [ 130.837266][ T5145] hid-led 0003:1D34:000A.0001: unknown main item tag 0x0 [ 130.866909][ T5145] hid-led 0003:1D34:000A.0001: unknown main item tag 0x0 [ 131.534553][ T63] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 131.566193][ T63] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 131.598479][ T63] bond0 (unregistering): Released all slaves [ 131.859995][ T5494] hsr_slave_0: entered promiscuous mode [ 131.920739][ T5494] hsr_slave_1: entered promiscuous mode [ 131.966820][ T5494] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 132.010963][ T5494] Cannot create hsr debugfs directory [ 132.032260][ T5514] chnl_net:caif_netlink_parms(): no params data found [ 132.326887][ T5091] Bluetooth: hci4: command tx timeout [ 132.992670][ T5145] hid-led 0003:1D34:000A.0001: probe with driver hid-led failed with error -71 [ 133.047401][ T5145] usb 3-1: USB disconnect, device number 7 [ 133.131158][ T1248] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.137915][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.690502][ T5514] bridge0: port 1(bridge_slave_0) entered blocking state [ 133.724373][ T5514] bridge0: port 1(bridge_slave_0) entered disabled state [ 133.744382][ T5514] bridge_slave_0: entered allmulticast mode [ 133.756142][ T5514] bridge_slave_0: entered promiscuous mode [ 133.797430][ T5514] bridge0: port 2(bridge_slave_1) entered blocking state [ 133.810129][ T5514] bridge0: port 2(bridge_slave_1) entered disabled state [ 133.835605][ T5514] bridge_slave_1: entered allmulticast mode [ 133.856434][ T5514] bridge_slave_1: entered promiscuous mode [ 133.892138][ T5627] Zero length message leads to an empty skb [ 134.041968][ T63] hsr_slave_0: left promiscuous mode [ 134.059260][ T63] hsr_slave_1: left promiscuous mode [ 134.076451][ T63] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 134.085502][ T63] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 134.098097][ T63] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 134.111080][ T63] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 134.154489][ T63] veth1_macvtap: left promiscuous mode [ 134.163826][ T63] veth0_macvtap: left promiscuous mode [ 134.174188][ T63] veth1_vlan: left promiscuous mode [ 134.184898][ T63] veth0_vlan: left promiscuous mode [ 134.487846][ T928] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 134.666838][ T928] usb 3-1: Using ep0 maxpacket: 32 [ 134.682700][ T928] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32 [ 134.695626][ T928] usb 3-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= 5.f5 [ 134.706904][ T928] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 134.714959][ T928] usb 3-1: Product: syz [ 134.722682][ T928] usb 3-1: Manufacturer: syz [ 134.727911][ T928] usb 3-1: SerialNumber: syz [ 134.735553][ T928] usb 3-1: config 0 descriptor?? [ 134.745476][ T5639] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 134.917856][ T63] team0 (unregistering): Port device team_slave_1 removed [ 135.045360][ T5147] usb 3-1: USB disconnect, device number 8 [ 135.092915][ T63] team0 (unregistering): Port device team_slave_0 removed [ 135.176844][ T928] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 135.383641][ T928] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 135.397931][ T928] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.415047][ T928] usb 4-1: config 0 descriptor?? [ 135.527353][ T5147] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 135.637784][ T5207] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 135.729076][ T5147] usb 3-1: config 0 has no interfaces? [ 135.730860][ T5514] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 135.747011][ T5147] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 135.757080][ T5147] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.759691][ T5514] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 135.813283][ T5147] usb 3-1: config 0 descriptor?? [ 135.827444][ T5207] usb 1-1: Using ep0 maxpacket: 32 [ 135.844983][ T5207] usb 1-1: config index 0 descriptor too short (expected 29220, got 36) [ 135.854405][ T5207] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 135.882606][ T5207] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 135.924442][ T5514] team0: Port device team_slave_0 added [ 135.947029][ T5207] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 135.971295][ T5207] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 135.990280][ T5207] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 136.023177][ T5207] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 136.043373][ T5207] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.044946][ T5514] team0: Port device team_slave_1 added [ 136.072108][ T5207] usb 1-1: config 0 descriptor?? [ 136.201075][ T5092] usb 3-1: USB disconnect, device number 9 [ 136.233473][ T5514] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 136.263592][ T5514] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 136.320351][ T5514] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 136.335377][ T5207] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 3 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 136.382756][ T5514] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 136.396856][ T5514] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 136.438570][ T5514] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 136.535746][ T5207] usb 1-1: USB disconnect, device number 3 [ 136.596152][ T5207] usblp0: removed [ 136.842846][ T5514] hsr_slave_0: entered promiscuous mode [ 136.864993][ T5514] hsr_slave_1: entered promiscuous mode [ 136.900870][ T5514] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 136.918711][ T5514] Cannot create hsr debugfs directory [ 136.943412][ T5666] netlink: 'syz.2.131': attribute type 1 has an invalid length. [ 136.963607][ T5666] netlink: 8 bytes leftover after parsing attributes in process `syz.2.131'. [ 137.348509][ T5494] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 137.481632][ T63] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.557416][ T5494] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 137.586538][ T5494] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 137.615792][ T5091] Bluetooth: hci3: adv larger than maximum supported [ 137.677473][ T63] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.709156][ T5494] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 137.783795][ T63] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.869539][ T928] usb 4-1: Cannot set autoneg [ 137.894775][ T928] MOSCHIP usb-ethernet driver 4-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 137.931444][ T63] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.935577][ T928] usb 4-1: USB disconnect, device number 3 [ 138.197536][ T5494] 8021q: adding VLAN 0 to HW filter on device bond0 [ 138.353424][ T63] bridge_slave_1: left allmulticast mode [ 138.364047][ T63] bridge_slave_1: left promiscuous mode [ 138.371646][ T63] bridge0: port 2(bridge_slave_1) entered disabled state [ 138.400044][ T63] bridge_slave_0: left allmulticast mode [ 138.412103][ T63] bridge_slave_0: left promiscuous mode [ 138.428195][ T63] bridge0: port 1(bridge_slave_0) entered disabled state [ 139.897094][ T5091] Bluetooth: hci3: command 0x2016 tx timeout [ 140.325107][ T63] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 140.345703][ T63] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 140.363579][ T63] bond0 (unregistering): Released all slaves [ 140.466983][ T5144] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 140.473917][ T5494] 8021q: adding VLAN 0 to HW filter on device team0 [ 140.557426][ T5727] syz.2.143 uses obsolete (PF_INET,SOCK_PACKET) [ 140.639737][ T5147] bridge0: port 1(bridge_slave_0) entered blocking state [ 140.647012][ T5147] bridge0: port 1(bridge_slave_0) entered forwarding state [ 140.663709][ T5147] bridge0: port 2(bridge_slave_1) entered blocking state [ 140.671023][ T5147] bridge0: port 2(bridge_slave_1) entered forwarding state [ 140.716885][ T5144] usb 1-1: Using ep0 maxpacket: 32 [ 140.726267][ T5144] usb 1-1: config index 0 descriptor too short (expected 29220, got 36) [ 140.743308][ T5144] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 140.754766][ T5144] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 140.764322][ T5144] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 140.795557][ T5144] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 140.807711][ T5091] Bluetooth: hci1: command 0x0406 tx timeout [ 140.820572][ T5144] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 140.850813][ T5144] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 140.874351][ T5144] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 140.927180][ T5145] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 140.945657][ T5144] usb 1-1: config 0 descriptor?? [ 141.149777][ T5145] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 141.186003][ T5145] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 141.203435][ T5144] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 4 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 141.244909][ T5145] usb 4-1: config 0 descriptor?? [ 141.334992][ T5744] ======================================================= [ 141.334992][ T5744] WARNING: The mand mount option has been deprecated and [ 141.334992][ T5744] and is ignored by this kernel. Remove the mand [ 141.334992][ T5744] option from the mount to silence this warning. [ 141.334992][ T5744] ======================================================= [ 141.397488][ T63] hsr_slave_0: left promiscuous mode [ 141.428637][ T63] hsr_slave_1: left promiscuous mode [ 141.454577][ T63] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 141.468999][ T63] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 141.492391][ T63] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 141.523539][ T63] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 141.606300][ T63] veth1_macvtap: left promiscuous mode [ 141.615375][ T63] veth0_macvtap: left promiscuous mode [ 141.632555][ T5750] netlink: 'syz.2.147': attribute type 1 has an invalid length. [ 141.637083][ T63] veth1_vlan: left promiscuous mode [ 141.655969][ T5750] netlink: 8 bytes leftover after parsing attributes in process `syz.2.147'. [ 141.656651][ T5144] usb 1-1: USB disconnect, device number 4 [ 141.665513][ T63] veth0_vlan: left promiscuous mode [ 141.742263][ T5144] usblp0: removed [ 141.927000][ T5091] Bluetooth: hci3: command 0x2016 tx timeout [ 143.004140][ T63] team0 (unregistering): Port device team_slave_1 removed [ 143.071913][ T63] team0 (unregistering): Port device team_slave_0 removed [ 143.700310][ T5776] netlink: 60 bytes leftover after parsing attributes in process `syz.0.149'. [ 143.749281][ T5145] usb 4-1: Cannot set autoneg [ 143.754166][ T5145] MOSCHIP usb-ethernet driver 4-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 143.786904][ T5145] usb 4-1: USB disconnect, device number 4 [ 144.128331][ T5514] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 144.213584][ T5514] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 144.330418][ T5514] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 144.409488][ T5786] netlink: 'syz.0.151': attribute type 10 has an invalid length. [ 144.505592][ T5786] team0: Port device netdevsim0 added [ 144.557619][ T5514] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 144.824811][ T5791] ipip0: entered promiscuous mode [ 144.900550][ T5796] Cannot find add_set index 0 as target [ 144.938134][ T5494] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 144.985824][ T5796] usb usb8: usbfs: process 5796 (syz.3.153) did not claim interface 0 before use [ 145.062555][ T29] audit: type=1326 audit(1721338222.359:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5792 comm="syz.3.153" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7831175b59 code=0x0 [ 145.338830][ T5514] 8021q: adding VLAN 0 to HW filter on device bond0 [ 145.351284][ T5805] dccp_invalid_packet: P.CsCov 2 exceeds packet length 400 [ 145.439360][ T5494] veth0_vlan: entered promiscuous mode [ 145.451133][ T5514] 8021q: adding VLAN 0 to HW filter on device team0 [ 145.461189][ T5807] vcan0: tx drop: invalid sa for name 0x0000000000000002 [ 145.509972][ T5494] veth1_vlan: entered promiscuous mode [ 145.533287][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 145.540610][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 145.616963][ T5147] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 145.648988][ T5143] bridge0: port 2(bridge_slave_1) entered blocking state [ 145.656171][ T5143] bridge0: port 2(bridge_slave_1) entered forwarding state [ 145.695215][ T5814] netlink: 12 bytes leftover after parsing attributes in process `syz.0.160'. [ 145.969395][ C0] Oops: general protection fault, probably for non-canonical address 0xe3fffb240028e7c8: 0000 [#1] PREEMPT SMP KASAN PTI [ 145.982048][ C0] KASAN: maybe wild-memory-access in range [0x1ffff92001473e40-0x1ffff92001473e47] [ 145.991368][ C0] CPU: 0 PID: 5818 Comm: syz.2.162 Not tainted 6.10.0-syzkaller-05505-gb1bc554e009e #0 [ 145.992409][ T5494] veth0_macvtap: entered promiscuous mode [ 146.001007][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 146.001023][ C0] RIP: 0010:__cpu_map_flush+0x42/0xd0 [ 146.001051][ C0] Code: e8 e3 d9 d6 ff 4c 89 f0 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 f7 e8 8d c7 39 00 49 8b 1e 4c 39 f3 74 77 48 89 d8 48 c1 e8 03 <42> 80 3c 38 00 74 08 48 89 df e8 6f c7 39 00 4c 8b 23 48 8d 7b c0 [ 146.001068][ C0] RSP: 0018:ffffc90000007bb0 EFLAGS: 00010203 [ 146.048042][ C0] RAX: 03ffff240028e7c8 RBX: 1ffff92001473e44 RCX: ffff888027121e00 [ 146.048601][ T5494] veth1_macvtap: entered promiscuous mode [ 146.056025][ C0] RDX: 0000000080000101 RSI: 0000000000000000 RDI: ffffc9000a39f1a0 [ 146.069805][ C0] RBP: dffffc0000000000 R08: ffffffff895d4e8a R09: 1ffffffff1f5a8c5 [ 146.077787][ C0] R10: dffffc0000000000 R11: fffffbfff1f5a8c6 R12: ffffc9000a39f1a0 [ 146.085771][ C0] R13: ffffc9000a39f160 R14: ffffc9000a39f1a0 R15: dffffc0000000000 [ 146.093751][ C0] FS: 00007feb6f7916c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 146.102691][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 146.109291][ C0] CR2: 000000110c343cd0 CR3: 000000001ec24000 CR4: 00000000003506f0 [ 146.117271][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 146.125241][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 146.133214][ C0] Call Trace: [ 146.136492][ C0] [ 146.139340][ C0] ? __die_body+0x88/0xe0 [ 146.143686][ C0] ? die_addr+0x108/0x140 [ 146.148032][ C0] ? exc_general_protection+0x3dd/0x5d0 [ 146.153592][ C0] ? _raw_spin_unlock_irq+0x2e/0x50 [ 146.158809][ C0] ? asm_exc_general_protection+0x26/0x30 [ 146.164543][ C0] ? xdp_do_check_flushed+0x10a/0x240 [ 146.169924][ C0] ? __cpu_map_flush+0x42/0xd0 [ 146.174691][ C0] xdp_do_check_flushed+0x136/0x240 [ 146.179898][ C0] __napi_poll+0xe4/0x490 [ 146.184323][ C0] net_rx_action+0x89b/0x1240 [ 146.189017][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 146.194139][ C0] ? sched_clock+0x4a/0x70 [ 146.198579][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 146.204915][ C0] ? sched_clock+0x4a/0x70 [ 146.209355][ C0] handle_softirqs+0x2c4/0x970 [ 146.214127][ C0] ? do_softirq+0x11b/0x1e0 [ 146.218638][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 146.223932][ C0] do_softirq+0x11b/0x1e0 [ 146.228263][ C0] [ 146.231192][ C0] [ 146.234124][ C0] ? __pfx_do_softirq+0x10/0x10 [ 146.238975][ C0] ? __pfx_lockdep_softirqs_on+0x10/0x10 [ 146.244610][ C0] ? rcu_is_watching+0x15/0xb0 [ 146.249379][ C0] __local_bh_enable_ip+0x1bb/0x200 [ 146.254671][ C0] ? __pfx_netif_receive_skb+0x10/0x10 [ 146.260135][ C0] ? tun_rx_batched+0x160/0x8f0 [ 146.264995][ C0] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 146.270729][ C0] ? tun_rx_batched+0x160/0x8f0 [ 146.275596][ C0] tun_rx_batched+0x732/0x8f0 [ 146.280287][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 146.286621][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 146.291650][ C0] ? __pfx_tun_rx_batched+0x10/0x10 [ 146.296898][ C0] tun_get_user+0x2f84/0x4720 [ 146.301588][ C0] ? tun_get_user+0x2a78/0x4720 [ 146.306451][ C0] ? __lock_acquire+0x1346/0x1fd0 [ 146.311488][ C0] ? __pfx_tun_get_user+0x10/0x10 [ 146.316533][ C0] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 146.322003][ C0] ? tun_get+0x1e/0x2f0 [ 146.326168][ C0] ? __pfx_lock_release+0x10/0x10 [ 146.331207][ C0] ? tun_get+0x1e/0x2f0 [ 146.335367][ C0] ? tun_get+0x27d/0x2f0 [ 146.339616][ C0] tun_chr_write_iter+0x113/0x1f0 [ 146.344650][ C0] vfs_write+0xa72/0xc90 [ 146.348901][ C0] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 146.354456][ C0] ? __pfx_vfs_write+0x10/0x10 [ 146.359221][ C0] ? do_futex+0x392/0x560 [ 146.363582][ C0] ksys_write+0x1a0/0x2c0 [ 146.367920][ C0] ? __pfx_ksys_write+0x10/0x10 [ 146.372780][ C0] ? do_syscall_64+0x100/0x230 [ 146.377559][ C0] ? do_syscall_64+0xb6/0x230 [ 146.382253][ C0] do_syscall_64+0xf3/0x230 [ 146.386766][ C0] ? clear_bhb_loop+0x35/0x90 [ 146.391453][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 146.397357][ C0] RIP: 0033:0x7feb6e9746df [ 146.401779][ C0] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 8c 02 00 48 [ 146.421393][ C0] RSP: 002b:00007feb6f791010 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 146.429820][ C0] RAX: ffffffffffffffda RBX: 00007feb6eb03f60 RCX: 00007feb6e9746df [ 146.437794][ C0] RDX: 0000000000000036 RSI: 0000000020000240 RDI: 00000000000000c8 [ 146.445767][ C0] RBP: 00007feb6e9e4e5d R08: 0000000000000000 R09: 0000000000000000 [ 146.453740][ C0] R10: 0000000000000036 R11: 0000000000000293 R12: 0000000000000000 [ 146.461735][ C0] R13: 000000000000000b R14: 00007feb6eb03f60 R15: 00007ffcc6c5e298 [ 146.469743][ C0] [ 146.472770][ C0] Modules linked in: [ 146.476808][ C0] ---[ end trace 0000000000000000 ]--- [ 146.482303][ C0] RIP: 0010:__cpu_map_flush+0x42/0xd0 [ 146.487755][ C0] Code: e8 e3 d9 d6 ff 4c 89 f0 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 f7 e8 8d c7 39 00 49 8b 1e 4c 39 f3 74 77 48 89 d8 48 c1 e8 03 <42> 80 3c 38 00 74 08 48 89 df e8 6f c7 39 00 4c 8b 23 48 8d 7b c0 [ 146.507437][ C0] RSP: 0018:ffffc90000007bb0 EFLAGS: 00010203 [ 146.513545][ C0] RAX: 03ffff240028e7c8 RBX: 1ffff92001473e44 RCX: ffff888027121e00 [ 146.521606][ C0] RDX: 0000000080000101 RSI: 0000000000000000 RDI: ffffc9000a39f1a0 [ 146.528164][ T5494] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 146.529637][ C0] RBP: dffffc0000000000 R08: ffffffff895d4e8a R09: 1ffffffff1f5a8c5 [ 146.540426][ T5494] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 146.548012][ C0] R10: dffffc0000000000 R11: fffffbfff1f5a8c6 R12: ffffc9000a39f1a0 [ 146.548033][ C0] R13: ffffc9000a39f160 R14: ffffc9000a39f1a0 R15: dffffc0000000000 [ 146.548050][ C0] FS: 00007feb6f7916c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 146.548070][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 146.548087][ C0] CR2: 000000110c343cd0 CR3: 000000001ec24000 CR4: 00000000003506f0 [ 146.548105][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 146.548120][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 146.558004][ T5494] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 146.565887][ C0] Kernel panic - not syncing: Fatal exception in interrupt [ 146.574165][ C0] Kernel Offset: disabled