last executing test programs: 17.115186469s ago: executing program 4 (id=168): ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) r0 = socket$kcm(0xa, 0x2, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, 0x0, 0x0) sendmsg$sock(r0, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, 0x0, 0x0) socket$kcm(0xa, 0x2, 0x0) openat(0xffffffffffffff9c, 0x0, 0x187100, 0x60) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94) r2 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) setsockopt$llc_int(r2, 0x10c, 0x3, &(0x7f00000001c0)=0x5, 0x4) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000000)={0x5c, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xa00}]}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}]}, 0x5c}, 0x1, 0x0, 0x0, 0xc040}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000000c0)='neigh_create\x00', r1}, 0x18) r5 = socket(0x8000000010, 0x2, 0x0) r6 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0xfbc6, 0x10100, 0x8000003}, &(0x7f0000000080)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r7, r8, &(0x7f0000000240)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r6, 0x2ded, 0x4000, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) write(r5, &(0x7f00000002c0)="fc0000001c000704ab5b2509b86803000aab087a0400000001481193210001c0f0030584050060100000000000039815fa2c53c28648000000b9d95662537a00bc000c00f0ff7f0000b400600033d44000040560916a0033f436313012dafd5a32e273fc83ab82d710f74cec184406f90d435ef8b29d3ef3d92c94170e5bba2e177312e081bea05d3a021e8ca062914a46ccfc510bb73c9455cdc8363ae4f5df77bc4cfd6239ec2a0f0d1bcae5fa0f5f9dcdd51af51af8502943283f4bb102b2b8f5566791cf190201ded815b2ccd243f395ed94e0ad91bd6433802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4796f0000090548de", 0xfc) r9 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_RECVNXTINFO(r9, 0x84, 0x21, &(0x7f0000000180), &(0x7f00000001c0)=0x4) read$FUSE(0xffffffffffffffff, &(0x7f00000083c0)={0x2020}, 0x2020) setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000000)={{0x84, @rand_addr=0x64010100, 0x4e24, 0x3, 'lc\x00', 0x8, 0x323b, 0x55}, {@rand_addr=0x64010100, 0x4e23, 0x10000, 0x44, 0x12d5c, 0x12d5c}}, 0x44) 15.968759296s ago: executing program 4 (id=176): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xc8) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000440)=ANY=[@ANYBLOB="b0000000000000ab284dc9a94095f54e34f11a5a480d2115805745f8a24d"], 0xb0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) 15.612718216s ago: executing program 4 (id=183): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x20, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0) 14.849374492s ago: executing program 4 (id=193): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={0x18, r1, 0x1, 0x0, 0xffffffff, {}, [@TIPC_NLA_LINK={0x4}]}, 0x18}}, 0x0) 14.691347296s ago: executing program 4 (id=196): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x4a301, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8d11}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) r2 = socket$alg(0x26, 0x5, 0x0) ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0105500, &(0x7f0000000000)={0x80, 0x6, 0x301, 0x0, 0xe0, 0x101, 0x0}) r3 = accept4(r2, 0x0, 0x0, 0x0) sendmsg$sock(r3, 0x0, 0x10) mmap(&(0x7f0000ffb000/0x1000)=nil, 0x1000, 0x0, 0x2031, 0xffffffffffffffff, 0x0) syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) close(0x3) 13.277055439s ago: executing program 3 (id=209): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, &(0x7f0000000240)='GPL\x00', 0x80040005, 0x0, 0x0, 0x41100, 0x18}, 0x94) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_FLUSH(r0, 0x0, 0xd1, &(0x7f0000000000)=0x3, 0x4) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000000080)={0x1, 0x4, 0x3f, 0x3202, @vifc_lcl_addr=@private=0xa010102, @remote}, 0x10) 2.760599147s ago: executing program 4 (id=217): r0 = syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000030020f003176c400000000001090224725100000000090400001207010300090501020000000000090582020002"], 0x0) syz_usb_disconnect(r0) r1 = syz_usb_connect(0x0, 0x4d, &(0x7f0000000440)={{0x12, 0x1, 0x300, 0x41, 0xd1, 0xe0, 0x70, 0x403, 0xb810, 0x5a2e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xc1, 0xc3, 0x2, 0x53, 0x7e, 0xbc, 0x10, [@cdc_ecm={{0x5}, {0x5, 0x24, 0x0, 0x67}, {0xd, 0x24, 0xf, 0x1, 0xbbc355f, 0x7fff, 0xfff, 0x2}}], [{{0x9, 0x5, 0xe, 0x4, 0x8, 0x4, 0x8c, 0x2}}, {{0x9, 0x5, 0xf, 0x2, 0x20, 0x40, 0x7, 0x5}}]}}]}}]}}, 0x0) syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0) syz_usb_ep_write$ath9k_ep1(r1, 0x82, 0x44, &(0x7f00000001c0)=ANY=[]) syz_usb_disconnect(r1) r2 = syz_usb_connect(0x0, 0x24, 0x0, 0x0) syz_usb_connect$cdc_ecm(0x5, 0x0, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_ep_write$ath9k_ep1(r2, 0x82, 0x0, 0x0) read$char_usb(r3, 0x0, 0x0) syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x62403) syz_usb_disconnect(r1) 2.737762169s ago: executing program 3 (id=218): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850) sendmsg$nl_route_sched(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000940)=@newtfilter={0x2c, 0x2c, 0xd27, 0x70bd27, 0xfffff000, {0x0, 0x0, 0x0, r3, {0xf000, 0xffff}, {}, {0x7, 0xd}}, [@TCA_CHAIN={0x8, 0xb, 0xfffffff7}]}, 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0x20000800) 1.898554759s ago: executing program 1 (id=225): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x110e22fff1) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) ioctl$TUNSETOFFLOAD(r1, 0x4004743d, 0x110e22fff6) 1.712768724s ago: executing program 2 (id=226): socketpair$unix(0x1, 0x2, 0x0, 0x0) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_STATION(r2, &(0x7f0000007380)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x34, r0, 0xe096044a3fc9e6f1, 0x3, 0x4000, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_FLAGS={0x4}]}, 0x34}}, 0x8050) 1.712264989s ago: executing program 0 (id=227): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x84, &(0x7f00000004c0)={0x0, @in={{0x2, 0x20, @multicast2}}, 0x0, 0xbd}, 0x90) 1.643704516s ago: executing program 0 (id=228): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x101000, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) close_range(r0, 0xffffffffffffffff, 0x2) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 1.530173588s ago: executing program 3 (id=229): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x2, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x1000000) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "87ee8ac6c46dad33", "2607080d7f4fcf00fd4ef2dece6c7c58", '\x00', '#\x00'}, 0x28) writev(r0, &(0x7f0000000180)=[{&(0x7f0000000280)="581a17919cc77431510e7fc4ed9fb860505f1495ff92f16a44f8a13d48751d926def1f80b315bdc726cdd8b5d1a91f485854af8fc854b0da7a02522fe7b2c21db7a46c79afc0d444e6c78b0216d2201b128df9d4ed5b4dbe676fe56a6354f819d997a6acb8595633cff6f77473b2b3abcc65b51cb3d3a30bf9b0b2ce59d568d3a89b4933190432c3ac74e4bde1a62c560cb63836552f881c8a8305d2a13d838a5160a6c06c63decc865a92e9539f3513af3a1e6f78608890f912f087214dac06387a94", 0xc3}], 0x1) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000680)=@gcm_128={{0x303}, "000037d7009400", "c0b6c5b29ca2b838d41ac2fc7ddf972d", "e9be1eae", "bb10000000000001"}, 0x28) readv(r0, &(0x7f0000000e40)=[{&(0x7f0000000f40)=""/250, 0xff1}], 0x1) 1.479912406s ago: executing program 2 (id=230): r0 = socket$inet(0x2, 0x2, 0x1) sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x0, @broadcast}, 0x10, &(0x7f0000000600)=[{&(0x7f0000000400)='\b\x00', 0x2}, {&(0x7f00000001c0)="96bced8af9c8", 0x6}], 0x2, &(0x7f0000000140)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x21}, @dev={0xac, 0x14, 0x14, 0x1d}}}}], 0x20}, 0x42090) 1.37196224s ago: executing program 2 (id=231): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_SET(r0, 0x0, 0x0) 1.340249969s ago: executing program 2 (id=232): listen(0xffffffffffffffff, 0x8) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = socket$igmp(0x2, 0x3, 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000200)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000240)=ANY=[@ANYBLOB="94000000", @ANYRES16=r2, @ANYBLOB="010027bd7000ffdbdf252100000008000300", @ANYRES32=r3, @ANYBLOB="08007700ff01000054002d801e0000"], 0x94}, 0x1, 0x0, 0x0, 0x24008010}, 0x4000004) 1.300449123s ago: executing program 1 (id=233): r0 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f0000000340)=[r1], 0x0, 0x0, 0x0}) 1.299973412s ago: executing program 3 (id=234): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e24, @multicast2}, 0x10) sendmmsg$inet(r0, &(0x7f0000000480)=[{{&(0x7f0000000000)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x36}}, 0x10, 0x0}}], 0x1, 0x24040890) getsockopt$inet_mptcp_buf(r0, 0x11c, 0x1, 0x0, 0x0) 1.104819403s ago: executing program 0 (id=235): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000380)='xprt_reserve\x00', 0xffffffffffffffff, 0x0, 0xfb2}, 0x18) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x20, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0) 1.004698922s ago: executing program 2 (id=236): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4) syz_emit_ethernet(0xfdef, &(0x7f0000000000)={@multicast, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0xfffd, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x18, 0x0, @wg=@data={0x4, 0x1, 0x9}}}}}}, 0x0) 988.495578ms ago: executing program 3 (id=237): semget(0x1, 0x3, 0x30c) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000003f40)) socket$inet_udp(0x2, 0x2, 0x0) syz_emit_vhci(&(0x7f0000003f80)=@HCI_EVENT_PKT={0x4, @hci_ev_key_refresh_complete={{0x30, 0x3}, {0xc7, 0xac}}}, 0x6) 900.794833ms ago: executing program 1 (id=238): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'cbcmac(des3_ede-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) 864.772206ms ago: executing program 2 (id=239): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r2, 0xae9a) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x11, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='mmap_lock_acquire_returned\x00', r3, 0x0, 0x1}, 0x18) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) ioctl$KVM_RUN(r2, 0xae80, 0x0) 747.915846ms ago: executing program 3 (id=240): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x101400) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r1, 0xab00, r2) ioctl$NBD_DO_IT(r1, 0xab03) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) 714.292369ms ago: executing program 0 (id=241): socketpair$unix(0x1, 0x2, 0x0, 0x0) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_STATION(r2, &(0x7f0000007380)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x34, r0, 0xe096044a3fc9e6f1, 0x3, 0x4000, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_FLAGS={0x4}]}, 0x34}}, 0x8050) 421.649062ms ago: executing program 0 (id=242): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_SET(r0, 0x0, 0x0) 348.796424ms ago: executing program 1 (id=243): r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r0, {0x2, 0x0, @dev}, 0x2}}, 0x2e) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c93010000c0005001a0508"], 0x15) 253.805174ms ago: executing program 0 (id=244): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = userfaultfd(0x80001) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000140)) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1}) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) r4 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000000)=""/59, 0x312000, 0x800, 0x0, 0x5}, 0x20) ioctl$UFFDIO_COPY(r3, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 167.378185ms ago: executing program 1 (id=245): r0 = socket$nl_generic(0x10, 0x3, 0x10) write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x15) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000c40)={0x5c, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_BSS_SELECT={0x28, 0xe3, 0x0, 0x1, {0x24, 0x0, [@NL80211_BSS_SELECT_ATTR_RSSI={0x4}, @NL80211_BSS_SELECT_ATTR_BAND_PREF={0x8, 0x2, 0x5}, @NL80211_BSS_SELECT_ATTR_RSSI_ADJUST={0x6, 0x3, {0x8, 0x8f}}, @NL80211_BSS_SELECT_ATTR_RSSI_ADJUST={0x6, 0x3, {0x1, 0x8}}, @NL80211_BSS_SELECT_ATTR_RSSI={0x4}]}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 0s ago: executing program 1 (id=246): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x2}, 0x94) close(r0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x18, 0x6, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80ffffff}, [@jmp={0x5, 0x0, 0x849aee721dcc84be, 0x0, 0x0, 0x2}, @jmp={0x5, 0x0, 0xc, 0x0, 0x0, 0xfffffffffffffffc}, @jmp={0x5, 0x0, 0x8, 0x0, 0x0, 0xfffffffffffffffe, 0xd1}]}, &(0x7f00000000c0)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='virtio_transport_alloc_pkt\x00', r0}, 0x18) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.161' (ED25519) to the list of known hosts. [ 91.936539][ T1826] cfg80211: failed to load regulatory.db [ 92.340148][ T5788] cgroup: Unknown subsys name 'net' [ 92.581487][ T5788] cgroup: Unknown subsys name 'cpuset' [ 92.656389][ T5788] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 94.542698][ T5788] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 98.979917][ T5809] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 98.987744][ T5809] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 98.988756][ T5809] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 98.989819][ T5809] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 98.991258][ T5809] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 98.992983][ T5809] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 98.994589][ T5809] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 99.006212][ T5823] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 99.007363][ T5823] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 99.026158][ T61] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 99.027778][ T61] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 99.029236][ T61] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 99.030174][ T61] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 99.032319][ T5814] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 99.034574][ T5814] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 99.158290][ T61] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 99.166135][ T5821] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 99.179594][ T5821] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 99.182260][ T5821] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 99.208872][ T5814] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 99.208932][ T5821] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 99.210641][ T5814] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 99.235258][ T5823] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 99.274189][ T5823] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 99.283854][ T5823] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 100.245225][ T5811] chnl_net:caif_netlink_parms(): no params data found [ 100.314533][ T5806] chnl_net:caif_netlink_parms(): no params data found [ 100.344970][ T5807] chnl_net:caif_netlink_parms(): no params data found [ 100.557106][ T5805] chnl_net:caif_netlink_parms(): no params data found [ 100.563277][ T5808] chnl_net:caif_netlink_parms(): no params data found [ 101.057074][ T5823] Bluetooth: hci0: command tx timeout [ 101.143601][ T5811] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.144323][ T5811] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.144778][ T5811] bridge_slave_0: entered allmulticast mode [ 101.148343][ T5811] bridge_slave_0: entered promiscuous mode [ 101.286864][ T5823] Bluetooth: hci1: command tx timeout [ 101.286980][ T5823] Bluetooth: hci2: command tx timeout [ 101.287052][ T5823] Bluetooth: hci3: command tx timeout [ 101.343693][ T5811] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.343814][ T5811] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.344145][ T5811] bridge_slave_1: entered allmulticast mode [ 101.346562][ T5811] bridge_slave_1: entered promiscuous mode [ 101.366339][ T5823] Bluetooth: hci4: command tx timeout [ 101.436786][ T5806] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.436914][ T5806] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.437085][ T5806] bridge_slave_0: entered allmulticast mode [ 101.439205][ T5806] bridge_slave_0: entered promiscuous mode [ 101.587181][ T5807] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.587310][ T5807] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.587471][ T5807] bridge_slave_0: entered allmulticast mode [ 101.589438][ T5807] bridge_slave_0: entered promiscuous mode [ 101.592135][ T5806] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.592317][ T5806] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.592511][ T5806] bridge_slave_1: entered allmulticast mode [ 101.594733][ T5806] bridge_slave_1: entered promiscuous mode [ 101.857048][ T5807] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.857239][ T5807] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.857428][ T5807] bridge_slave_1: entered allmulticast mode [ 101.859512][ T5807] bridge_slave_1: entered promiscuous mode [ 102.094574][ T5811] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 102.236773][ T5805] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.236910][ T5805] bridge0: port 1(bridge_slave_0) entered disabled state [ 102.237111][ T5805] bridge_slave_0: entered allmulticast mode [ 102.239328][ T5805] bridge_slave_0: entered promiscuous mode [ 102.242372][ T5808] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.242494][ T5808] bridge0: port 1(bridge_slave_0) entered disabled state [ 102.242839][ T5808] bridge_slave_0: entered allmulticast mode [ 102.244618][ T5808] bridge_slave_0: entered promiscuous mode [ 102.301520][ T5811] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 102.420113][ T5806] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 102.420879][ T5805] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.420988][ T5805] bridge0: port 2(bridge_slave_1) entered disabled state [ 102.421121][ T5805] bridge_slave_1: entered allmulticast mode [ 102.423213][ T5805] bridge_slave_1: entered promiscuous mode [ 102.424854][ T5808] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.424996][ T5808] bridge0: port 2(bridge_slave_1) entered disabled state [ 102.425126][ T5808] bridge_slave_1: entered allmulticast mode [ 102.429942][ T5808] bridge_slave_1: entered promiscuous mode [ 102.520505][ T5807] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 102.523577][ T5806] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 102.770348][ T5807] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 102.999030][ T5811] team0: Port device team_slave_0 added [ 103.120389][ T5805] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 103.123696][ T5808] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 103.125967][ T5823] Bluetooth: hci0: command tx timeout [ 103.128125][ T5811] team0: Port device team_slave_1 added [ 103.198918][ T5806] team0: Port device team_slave_0 added [ 103.201952][ T5805] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 103.204855][ T5808] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 103.288725][ T5807] team0: Port device team_slave_0 added [ 103.291143][ T5806] team0: Port device team_slave_1 added [ 103.365959][ T5822] Bluetooth: hci3: command tx timeout [ 103.365992][ T5822] Bluetooth: hci1: command tx timeout [ 103.366116][ T5823] Bluetooth: hci2: command tx timeout [ 103.446372][ T5823] Bluetooth: hci4: command tx timeout [ 103.490000][ T5807] team0: Port device team_slave_1 added [ 104.078070][ T5811] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 104.078084][ T5811] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 104.078103][ T5811] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 104.218919][ T5805] team0: Port device team_slave_0 added [ 104.221197][ T5808] team0: Port device team_slave_0 added [ 104.222435][ T5811] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 104.222449][ T5811] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 104.222478][ T5811] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 104.308889][ T5806] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 104.308907][ T5806] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 104.308935][ T5806] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 104.312671][ T5805] team0: Port device team_slave_1 added [ 104.314675][ T5808] team0: Port device team_slave_1 added [ 104.332171][ T5807] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 104.332189][ T5807] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 104.332219][ T5807] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 104.335071][ T5806] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 104.335087][ T5806] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 104.335116][ T5806] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 104.519224][ T5807] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 104.519238][ T5807] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 104.519257][ T5807] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 104.740033][ T5805] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 104.740052][ T5805] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 104.740077][ T5805] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 104.741331][ T5808] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 104.741346][ T5808] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 104.741373][ T5808] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 104.828863][ T5805] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 104.828883][ T5805] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 104.828915][ T5805] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 104.831406][ T5808] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 104.831421][ T5808] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 104.831452][ T5808] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 105.008368][ T5811] hsr_slave_0: entered promiscuous mode [ 105.009706][ T5811] hsr_slave_1: entered promiscuous mode [ 105.205979][ T5823] Bluetooth: hci0: command tx timeout [ 105.275157][ T5806] hsr_slave_0: entered promiscuous mode [ 105.278804][ T5806] hsr_slave_1: entered promiscuous mode [ 105.279958][ T5806] debugfs: 'hsr0' already exists in 'hsr' [ 105.280093][ T5806] Cannot create hsr debugfs directory [ 105.303308][ T5807] hsr_slave_0: entered promiscuous mode [ 105.304370][ T5807] hsr_slave_1: entered promiscuous mode [ 105.305089][ T5807] debugfs: 'hsr0' already exists in 'hsr' [ 105.305115][ T5807] Cannot create hsr debugfs directory [ 105.445985][ T5818] Bluetooth: hci1: command tx timeout [ 105.446017][ T5818] Bluetooth: hci3: command tx timeout [ 105.447414][ T5823] Bluetooth: hci2: command tx timeout [ 105.525941][ T5823] Bluetooth: hci4: command tx timeout [ 105.774150][ T5808] hsr_slave_0: entered promiscuous mode [ 105.775192][ T5808] hsr_slave_1: entered promiscuous mode [ 105.776862][ T5808] debugfs: 'hsr0' already exists in 'hsr' [ 105.776892][ T5808] Cannot create hsr debugfs directory [ 105.788325][ T5805] hsr_slave_0: entered promiscuous mode [ 105.789993][ T5805] hsr_slave_1: entered promiscuous mode [ 105.791103][ T5805] debugfs: 'hsr0' already exists in 'hsr' [ 105.791131][ T5805] Cannot create hsr debugfs directory [ 107.286881][ T5823] Bluetooth: hci0: command tx timeout [ 107.378945][ T5811] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 107.414194][ T5811] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 107.431561][ T5811] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 107.483797][ T5811] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 107.526574][ T5823] Bluetooth: hci2: command tx timeout [ 107.526612][ T5822] Bluetooth: hci3: command tx timeout [ 107.526618][ T5823] Bluetooth: hci1: command tx timeout [ 107.593539][ T5806] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 107.607385][ T5818] Bluetooth: hci4: command tx timeout [ 107.613395][ T5806] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 107.661542][ T5806] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 107.697512][ T5806] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 107.830289][ T5807] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 107.888600][ T5807] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 107.921346][ T5807] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 107.979323][ T5807] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 108.128747][ T5808] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 108.170392][ T5808] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 108.204990][ T5808] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 108.260463][ T5808] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 108.400595][ T5811] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.401706][ T5805] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 108.463900][ T5805] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 108.497818][ T5805] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 108.533949][ T5805] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 108.618678][ T5811] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.667129][ T3559] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.667654][ T3559] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.678278][ T5806] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.719703][ T3559] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.719847][ T3559] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.788368][ T5806] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.838002][ T5807] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.844469][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.844621][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.875058][ T1182] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.875204][ T1182] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.949496][ T5807] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.976258][ T5808] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.996724][ T3542] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.996896][ T3542] bridge0: port 1(bridge_slave_0) entered forwarding state [ 109.048679][ T1182] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.048898][ T1182] bridge0: port 2(bridge_slave_1) entered forwarding state [ 109.102783][ T5808] 8021q: adding VLAN 0 to HW filter on device team0 [ 109.155012][ T1182] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.155136][ T1182] bridge0: port 1(bridge_slave_0) entered forwarding state [ 109.164847][ T5805] 8021q: adding VLAN 0 to HW filter on device bond0 [ 109.213416][ T1182] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.213551][ T1182] bridge0: port 2(bridge_slave_1) entered forwarding state [ 109.311717][ T5805] 8021q: adding VLAN 0 to HW filter on device team0 [ 109.358387][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.358537][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 109.391946][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.392158][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 109.503296][ T5811] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.798851][ T5806] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.803104][ T5811] veth0_vlan: entered promiscuous mode [ 109.847872][ T5811] veth1_vlan: entered promiscuous mode [ 109.922003][ T5807] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 110.034609][ T5811] veth0_macvtap: entered promiscuous mode [ 110.067577][ T5811] veth1_macvtap: entered promiscuous mode [ 110.167930][ T5811] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 110.169021][ T5807] veth0_vlan: entered promiscuous mode [ 110.194516][ T5811] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 110.216140][ T5808] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 110.238701][ T5807] veth1_vlan: entered promiscuous mode [ 110.250479][ T1157] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.268423][ T1157] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.271876][ T1157] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.283655][ T1157] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.597984][ T5805] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 110.598778][ T5807] veth0_macvtap: entered promiscuous mode [ 110.660169][ T5807] veth1_macvtap: entered promiscuous mode [ 110.664335][ T5808] veth0_vlan: entered promiscuous mode [ 110.665577][ T1157] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.665601][ T1157] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.729549][ T5808] veth1_vlan: entered promiscuous mode [ 110.773726][ T5807] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 110.783460][ T1182] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.783483][ T1182] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.830347][ T5806] veth0_vlan: entered promiscuous mode [ 110.835168][ T5807] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 110.881250][ T3542] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.884575][ T5806] veth1_vlan: entered promiscuous mode [ 110.891811][ T3542] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.902131][ T3542] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.909968][ T3542] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.995200][ T5805] veth0_vlan: entered promiscuous mode [ 111.010346][ T5808] veth0_macvtap: entered promiscuous mode [ 111.094590][ T5808] veth1_macvtap: entered promiscuous mode [ 111.198722][ T5805] veth1_vlan: entered promiscuous mode [ 111.308219][ T5808] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 111.310227][ T5806] veth0_macvtap: entered promiscuous mode [ 111.341470][ T992] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.341492][ T992] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.354380][ T5808] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 111.355431][ T5806] veth1_macvtap: entered promiscuous mode [ 111.412880][ T992] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.433359][ T992] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.450606][ T992] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.473960][ T992] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.508921][ T5805] veth0_macvtap: entered promiscuous mode [ 111.515613][ T3542] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.515633][ T3542] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.626259][ T5806] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 111.643859][ T5805] veth1_macvtap: entered promiscuous mode [ 111.727203][ T5806] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 111.830847][ T5926] 8021q: adding VLAN 0 to HW filter on device bond0 [ 111.858385][ T5926] bond0: (slave rose0): Enslaving as an active interface with an up link [ 111.895204][ T13] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.919864][ T5805] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 111.920039][ T13] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.943604][ T13] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.969422][ T13] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.014530][ T5805] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 112.308956][ T1182] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.308979][ T1182] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.313109][ T3559] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.348609][ T3559] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.356274][ T3559] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.479510][ T3559] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.633267][ T3559] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.633288][ T3559] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.929204][ T1157] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.929226][ T1157] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.271889][ T3606] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.271910][ T3606] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.406129][ T1182] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.406152][ T1182] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.529362][ T5964] netlink: 48 bytes leftover after parsing attributes in process `syz.2.12'. [ 113.702832][ T5968] netlink: 'syz.3.13': attribute type 1 has an invalid length. [ 113.702854][ T5968] netlink: 208 bytes leftover after parsing attributes in process `syz.3.13'. [ 113.790103][ T1182] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.790125][ T1182] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.155752][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 116.215765][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 116.436267][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 116.495758][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 116.675758][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 116.915815][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 116.915861][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 116.915898][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 116.915934][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 116.915970][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 122.106253][ T6047] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 122.494885][ T6052] netlink: 'syz.0.28': attribute type 1 has an invalid length. [ 122.494903][ T6052] netlink: 128 bytes leftover after parsing attributes in process `syz.0.28'. [ 122.494916][ T6052] netlink: 'syz.0.28': attribute type 2 has an invalid length. [ 122.494925][ T6052] netlink: 'syz.0.28': attribute type 1 has an invalid length. [ 124.366369][ T6070] tipc: Started in network mode [ 124.366405][ T6070] tipc: Node identity d617446d2f03, cluster identity 4711 [ 124.367271][ T6070] tipc: Enabled bearer , priority 0 [ 124.420758][ T6070] syzkaller0: entered promiscuous mode [ 124.420778][ T6070] syzkaller0: entered allmulticast mode [ 124.609713][ T6072] tipc: Resetting bearer [ 124.685675][ T6069] tipc: Resetting bearer [ 125.232553][ T6086] netlink: 28 bytes leftover after parsing attributes in process `syz.3.38'. [ 125.387637][ T1826] tipc: Node number set to 4178855021 [ 125.889665][ T6069] tipc: Disabling bearer [ 126.091001][ T6087] tipc: Started in network mode [ 126.091036][ T6087] tipc: Node identity 5e915d8274d1, cluster identity 4711 [ 126.091238][ T6087] tipc: Enabled bearer , priority 0 [ 126.110554][ T6089] tipc: Resetting bearer [ 126.209393][ T6085] tipc: Disabling bearer [ 126.683987][ T6103] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 126.686682][ T6103] netlink: 12 bytes leftover after parsing attributes in process `syz.3.41'. [ 127.162225][ T6120] tipc: Enabled bearer , priority 0 [ 127.165384][ T6120] syzkaller0: entered promiscuous mode [ 127.165408][ T6120] syzkaller0: entered allmulticast mode [ 127.216553][ T6120] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 127.604772][ T6134] netlink: 28 bytes leftover after parsing attributes in process `syz.4.54'. [ 128.238416][ T6130] tipc: Resetting bearer [ 128.319387][ T6119] tipc: Resetting bearer [ 128.548529][ T6119] tipc: Disabling bearer [ 128.563487][ T6140] ieee802154 phy1 wpan1: encryption failed: -22 [ 128.689162][ T6143] netlink: 20 bytes leftover after parsing attributes in process `syz.4.58'. [ 129.030615][ T6162] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 129.217114][ T6150] netlink: 156 bytes leftover after parsing attributes in process `syz.3.59'. [ 130.129535][ T6192] netlink: 28 bytes leftover after parsing attributes in process `syz.4.69'. [ 130.259397][ T6196] kvm: kvm [6195]: vcpu3, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010002) = 0xffffff [ 130.354862][ T6199] kvm: kvm [6195]: vcpu3, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010002) = 0xffffffff [ 132.003413][ T6248] netlink: 28 bytes leftover after parsing attributes in process `syz.0.85'. [ 133.066654][ T6290] netlink: 28 bytes leftover after parsing attributes in process `syz.3.99'. [ 134.087333][ T6333] netlink: 28 bytes leftover after parsing attributes in process `syz.2.113'. [ 135.217168][ T976] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 135.224343][ T6374] netlink: 28 bytes leftover after parsing attributes in process `syz.4.127'. [ 135.441851][ T6373] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 135.462668][ T976] usb 4-1: config 1 interface 0 has no altsetting 0 [ 135.468367][ T976] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 135.468402][ T976] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 135.468425][ T976] usb 4-1: Product: syz [ 135.468442][ T976] usb 4-1: Manufacturer: syz [ 135.468459][ T976] usb 4-1: SerialNumber: syz [ 136.042660][ T976] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 2 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 136.221048][ T6394] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 136.249500][ T6394] kvm: requested 13409 ns i8254 timer period limited to 200000 ns [ 136.249646][ T6394] kvm: requested 53638 ns i8254 timer period limited to 200000 ns [ 136.249735][ T6394] kvm: requested 41904 ns i8254 timer period limited to 200000 ns [ 136.250083][ T6394] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 136.250749][ T6394] kvm: requested 2514 ns i8254 timer period limited to 200000 ns [ 136.269608][ T6394] kvm: requested 3352 ns i8254 timer period limited to 200000 ns [ 136.269909][ T6394] kvm: requested 100571 ns i8254 timer period limited to 200000 ns [ 136.271113][ T6394] kvm: requested 53638 ns i8254 timer period limited to 200000 ns [ 136.271218][ T6394] kvm: requested 170133 ns i8254 timer period limited to 200000 ns [ 137.297933][ T6427] netlink: 28 bytes leftover after parsing attributes in process `syz.2.142'. [ 137.454301][ T6430] Bluetooth: MGMT ver 1.23 [ 137.879650][ C0] usblp0: nonzero write bulk status received: -71 [ 137.909858][ T5919] usb 4-1: USB disconnect, device number 2 [ 138.031170][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.093528][ T6363] usblp0: removed [ 138.520909][ T6463] dvmrp0: entered allmulticast mode [ 138.625325][ T44] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 138.785840][ T44] usb 3-1: Using ep0 maxpacket: 8 [ 138.798124][ T44] usb 3-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 138.798165][ T44] usb 3-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 138.798189][ T44] usb 3-1: config 0 interface 0 has no altsetting 0 [ 138.798223][ T44] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 138.798248][ T44] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 138.860467][ T44] usb 3-1: config 0 descriptor?? [ 139.329343][ T44] mcp2221 0003:04D8:00DD.0001: unknown main item tag 0x0 [ 139.329384][ T44] mcp2221 0003:04D8:00DD.0001: unknown main item tag 0x0 [ 139.329413][ T44] mcp2221 0003:04D8:00DD.0001: unknown main item tag 0x0 [ 139.329442][ T44] mcp2221 0003:04D8:00DD.0001: unknown main item tag 0x0 [ 139.329470][ T44] mcp2221 0003:04D8:00DD.0001: unknown main item tag 0x0 [ 139.331083][ T44] mcp2221 0003:04D8:00DD.0001: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.2-1/input0 [ 139.412939][ T6486] warning: `syz.3.164' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 139.715544][ T44] usb 3-1: USB disconnect, device number 2 [ 139.848275][ T6500] bridge_slave_0: left allmulticast mode [ 139.848305][ T6500] bridge_slave_0: left promiscuous mode [ 139.854240][ T6500] bridge0: port 1(bridge_slave_0) entered disabled state [ 140.018220][ T6500] bridge_slave_1: left allmulticast mode [ 140.018251][ T6500] bridge_slave_1: left promiscuous mode [ 140.018520][ T6500] bridge0: port 2(bridge_slave_1) entered disabled state [ 140.194424][ T6500] bond0: (slave bond_slave_0): Releasing backup interface [ 140.307608][ T6500] bond0: (slave bond_slave_1): Releasing backup interface [ 140.398492][ T6509] input: syz1 as /devices/virtual/input/input5 [ 140.511573][ T6500] team0: Port device team_slave_0 removed [ 140.572066][ T6500] team0: Port device team_slave_1 removed [ 140.573611][ T6500] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 140.573639][ T6500] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 140.610154][ T6500] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 140.610185][ T6500] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 140.666448][ T6500] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 140.669183][ T6495] netlink: 'syz.4.168': attribute type 12 has an invalid length. [ 140.673267][ T6502] vlan0: entered promiscuous mode [ 140.705286][ T6502] team0: Port device vlan0 added [ 141.510762][ T6538] kvm: kvm [6537]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010058) = 0xe170306 [ 142.035993][ T44] usb 2-1: new low-speed USB device number 2 using dummy_hcd [ 142.198851][ T44] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 142.198881][ T44] usb 2-1: config 0 has no interface number 0 [ 142.198930][ T44] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 142.198957][ T44] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 142.198997][ T44] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 142.199020][ T44] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 142.279888][ T44] usb 2-1: config 0 descriptor?? [ 142.322087][ T44] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 142.364942][ T6564] syz.4.196 uses obsolete (PF_INET,SOCK_PACKET) [ 142.500045][ T6547] iowarrior 2-1:0.1: Error -90 while submitting URB [ 142.520744][ T44] usb 2-1: USB disconnect, device number 2 [ 142.558498][ T6568] netlink: 28 bytes leftover after parsing attributes in process `syz.0.199'. [ 142.674985][ T6059] IPVS: starting estimator thread 0... [ 142.758880][ T6572] IPVS: using max 7 ests per chain, 16800 per kthread [ 143.634036][ T6594] process 'syz.2.210' launched './file1' with NULL argv: empty string added [ 144.024336][ T6602] netlink: 28 bytes leftover after parsing attributes in process `syz.2.214'. [ 153.811531][ T6591] netlink: 'syz.0.208': attribute type 3 has an invalid length. [ 153.910717][ T6592] pimreg3: entered allmulticast mode [ 154.138880][ T6606] vlan2: entered promiscuous mode [ 154.138904][ T6606] bridge0: entered promiscuous mode [ 154.316053][ T10] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 154.465837][ T10] usb 5-1: Using ep0 maxpacket: 32 [ 154.485625][ T10] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 154.485653][ T10] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 154.489050][ T10] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 154.489124][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 154.489150][ T10] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 154.489179][ T10] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 154.489231][ T10] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 154.489258][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 154.513425][ T10] usb 5-1: config 0 descriptor?? [ 154.753885][ T10] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 2 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 154.770835][ T10] usb 5-1: USB disconnect, device number 2 [ 154.820280][ T10] usblp0: removed [ 155.176596][ T6641] KVM: debugfs: duplicate directory 6641-4 [ 155.277689][ T10] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 155.456252][ T10] usb 5-1: Using ep0 maxpacket: 32 [ 155.460224][ T10] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 155.460251][ T10] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 155.460273][ T10] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 155.460329][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 155.460353][ T10] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 155.460379][ T10] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 155.460424][ T10] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 155.460448][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 155.471924][ T10] usb 5-1: config 0 descriptor?? [ 155.689741][ T6652] netlink: 28 bytes leftover after parsing attributes in process `syz.2.232'. [ 155.757701][ T10] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 3 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 156.276393][ T5883] usb 5-1: USB disconnect, device number 3 [ 156.365444][ T5883] usblp0: removed [ 157.064935][ T6685] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 [ 157.064965][ T6685] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 6685, name: syz.1.246 [ 157.064978][ T6685] preempt_count: 1, expected: 0 [ 157.064985][ T6685] RCU nest depth: 2, expected: 2 [ 157.064997][ T6685] 5 locks held by syz.1.246/6685: [ 157.065006][ T6685] #0: ffff88805bef8350 (sk_lock-AF_VSOCK){+.+.}-{0:0}, at: vsock_connect+0x152/0xe20 [ 157.065058][ T6685] #1: ffffffff8d7aa500 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run9+0x1ec/0x500 [ 157.065104][ T6685] #2: ffff8880b8832c88 ((stream_local_lock)){+.+.}-{3:3}, at: __bpf_stream_push_str+0x211/0xbe0 [ 157.065139][ T6685] #3: ffffffff8d7aa500 (rcu_read_lock){....}-{1:3}, at: rt_spin_trylock+0x10d/0x2b0 [ 157.065182][ T6685] #4: ffff8880b883f6e8 (&s->lock_key#5){+.+.}-{3:3}, at: ___slab_alloc+0x12f/0x1470 [ 157.065238][ T6685] Preemption disabled at: [ 157.065242][ T6685] [<0000000000000000>] 0x0 [ 157.065287][ T6685] CPU: 0 UID: 0 PID: 6685 Comm: syz.1.246 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 157.065303][ T6685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 157.065318][ T6685] Call Trace: [ 157.065326][ T6685] [ 157.065333][ T6685] dump_stack_lvl+0x189/0x250 [ 157.065355][ T6685] ? __pfx_dump_stack_lvl+0x10/0x10 [ 157.065373][ T6685] ? __pfx__printk+0x10/0x10 [ 157.065400][ T6685] ? print_lock_name+0xde/0x100 [ 157.065431][ T6685] __might_resched+0x44b/0x5d0 [ 157.065464][ T6685] ? __pfx___might_resched+0x10/0x10 [ 157.065489][ T6685] ? ___slab_alloc+0x12f/0x1470 [ 157.065513][ T6685] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 157.065537][ T6685] ? lockdep_hardirqs_on+0x9c/0x150 [ 157.065557][ T6685] rt_spin_lock+0xc7/0x3e0 [ 157.065582][ T6685] ? __pfx_rt_spin_lock+0x10/0x10 [ 157.065604][ T6685] ? __lock_acquire+0xab9/0xd20 [ 157.065632][ T6685] ___slab_alloc+0x12f/0x1470 [ 157.065650][ T6685] ? __set_page_owner+0x25c/0x490 [ 157.065683][ T6685] __slab_alloc+0xc6/0x1f0 [ 157.065715][ T6685] ? __set_page_owner+0x25c/0x490 [ 157.065744][ T6685] __kmalloc_cache_noprof+0xec/0x6c0 [ 157.065767][ T6685] ? __set_page_owner+0x25c/0x490 [ 157.065789][ T6685] __set_page_owner+0x25c/0x490 [ 157.065810][ T6685] ? __pfx___set_page_owner+0x10/0x10 [ 157.065833][ T6685] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 157.065866][ T6685] post_alloc_hook+0x240/0x2a0 [ 157.065890][ T6685] get_page_from_freelist+0x28c0/0x2960 [ 157.065926][ T6685] ? lockdep_unlock+0x89/0x120 [ 157.065949][ T6685] ? __lock_acquire+0xab9/0xd20 [ 157.065984][ T6685] alloc_frozen_pages_nolock_noprof+0xbc/0x150 [ 157.066008][ T6685] alloc_pages_nolock_noprof+0xa/0x30 [ 157.066024][ T6685] bpf_stream_page_replace+0x19/0x1e0 [ 157.066041][ T6685] __bpf_stream_push_str+0x35c/0xbe0 [ 157.066068][ T6685] ? __pfx___bpf_stream_push_str+0x10/0x10 [ 157.066093][ T6685] bpf_stream_stage_printk+0x14e/0x1c0 [ 157.066107][ T6685] ? __pfx_find_from_stack_cb+0x10/0x10 [ 157.066129][ T6685] ? arch_bpf_stack_walk+0x112/0x170 [ 157.066145][ T6685] ? __pfx_bpf_stream_stage_printk+0x10/0x10 [ 157.066166][ T6685] ? lockdep_hardirqs_on+0x9c/0x150 [ 157.066189][ T6685] bpf_prog_report_may_goto_violation+0xc4/0x190 [ 157.066208][ T6685] ? __pfx_bpf_prog_report_may_goto_violation+0x10/0x10 [ 157.066227][ T6685] ? irqentry_exit+0x74/0x90 [ 157.066245][ T6685] ? read_tsc+0x9/0x20 [ 157.066264][ T6685] bpf_check_timed_may_goto+0xaa/0xb0 [ 157.066283][ T6685] arch_bpf_timed_may_goto+0x21/0x40 [ 157.066302][ T6685] bpf_prog_6fd842a53d323cc5+0x53/0x5f [ 157.066317][ T6685] bpf_trace_run9+0x2db/0x500 [ 157.066339][ T6685] ? bpf_trace_run9+0x1ec/0x500 [ 157.066359][ T6685] ? __pfx_bpf_trace_run9+0x10/0x10 [ 157.066397][ T6685] __bpf_trace_virtio_transport_alloc_pkt+0x2d7/0x340 [ 157.066428][ T6685] ? __pfx___bpf_trace_virtio_transport_alloc_pkt+0x10/0x10 [ 157.066449][ T6685] ? kmem_cache_alloc_node_noprof+0x291/0x6e0 [ 157.066467][ T6685] ? __alloc_skb+0x112/0x2d0 [ 157.066493][ T6685] ? __alloc_skb+0x1bc/0x2d0 [ 157.066515][ T6685] ? __local_bh_enable+0x28c/0x410 [ 157.066540][ T6685] virtio_transport_alloc_skb+0x10cc/0x1130 [ 157.066584][ T6685] ? __pfx_virtio_transport_alloc_skb+0x10/0x10 [ 157.066612][ T6685] ? rt_spin_unlock+0x150/0x200 [ 157.066647][ T6685] virtio_transport_send_pkt_info+0x6be/0x1100 [ 157.066698][ T6685] virtio_transport_connect+0xa7/0x100 [ 157.066722][ T6685] ? __pfx_virtio_transport_connect+0x10/0x10 [ 157.066748][ T6685] ? __pfx_vsock_auto_bind+0x10/0x10 [ 157.066766][ T6685] ? vsock_assign_transport+0x5ed/0x770 [ 157.066794][ T6685] vsock_connect+0xb8b/0xe20 [ 157.066820][ T6685] ? __might_fault+0xb0/0x130 [ 157.066841][ T6685] ? __pfx_vsock_connect+0x10/0x10 [ 157.066859][ T6685] ? __pfx_autoremove_wake_function+0x10/0x10 [ 157.066885][ T6685] ? bpf_lsm_socket_connect+0x9/0x20 [ 157.066909][ T6685] __sys_connect+0x323/0x450 [ 157.066926][ T6685] ? __pfx___sys_connect+0x10/0x10 [ 157.066950][ T6685] ? rcu_is_watching+0x15/0xb0 [ 157.066981][ T6685] __x64_sys_connect+0x7a/0x90 [ 157.066996][ T6685] do_syscall_64+0xfa/0xfa0 [ 157.067012][ T6685] ? lockdep_hardirqs_on+0x9c/0x150 [ 157.067028][ T6685] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.067043][ T6685] ? clear_bhb_loop+0x60/0xb0 [ 157.067061][ T6685] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.067081][ T6685] RIP: 0033:0x7f58502ceec9 [ 157.067096][ T6685] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 157.067108][ T6685] RSP: 002b:00007f584e52e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 157.067124][ T6685] RAX: ffffffffffffffda RBX: 00007f5850525fa0 RCX: 00007f58502ceec9 [ 157.067135][ T6685] RDX: 0000000000000010 RSI: 0000200000000100 RDI: 0000000000000005 [ 157.067144][ T6685] RBP: 00007f5850351f91 R08: 0000000000000000 R09: 0000000000000000 [ 157.067154][ T6685] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 157.067162][ T6685] R13: 00007f5850526038 R14: 00007f5850525fa0 R15: 00007ffcf70863b8 [ 157.067189][ T6685] [ 157.069765][ C0] vkms_vblank_simulate: vblank timer overrun [ 157.077614][ T6673] block nbd3: shutting down sockets [ 157.720860][ C0] vkms_vblank_simulate: vblank timer overrun