last executing test programs: 16.336514889s ago: executing program 0 (id=82): r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket(0x10, 0x803, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) r3 = dup2(r2, r1) getsockopt$SO_BINDTODEVICE(r3, 0x6, 0x18, &(0x7f0000000000), 0x20a15508) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'veth0_to_bridge\x00', 0x0}) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newlink={0x20, 0x10, 0x1, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x0, r4}}, 0x20}}, 0x0) sendto$packet(r0, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x11, 0x8100, r4, 0x1, 0x0, 0x6, @broadcast}, 0x14) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x7, 0x13, r8, 0x0) ioctl$KVM_SET_REGS(r8, 0x4090ae82, &(0x7f00000001c0)={[0xfffffffffffffffd, 0x0, 0x0, 0x1, 0x80000001, 0x6, 0x0, 0x800, 0x20000000000000, 0x1, 0x8, 0x8, 0x3, 0x8006, 0x2, 0x2000000], 0xeeef0000, 0x400}) ioctl$KVM_RUN(r8, 0xae80, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0x0) r9 = socket$inet6(0xa, 0x800000000000002, 0x0) r10 = socket$inet6(0xa, 0x3, 0x7) sendmmsg$alg(r10, &(0x7f0000000d40)=[{0x20000000, 0xff00, 0x0, 0x0, &(0x7f0000000040)=[@assoc={0x18, 0x29, 0x39, 0xfffffffc}], 0x18, 0x44810}], 0x1, 0x0) connect$inet6(r9, &(0x7f0000000040)={0xa, 0x0, 0x3, @empty, 0xd}, 0x1c) ioctl$KVM_CAP_HYPERV_DIRECT_TLBFLUSH(r8, 0x4068aea3, &(0x7f0000000100)) setsockopt$sock_linger(r9, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8) r11 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000340)='oom_score_adj\x00') seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000200)) ioctl$F2FS_IOC_GET_PIN_FILE(0xffffffffffffffff, 0x8004f50e, 0x0) pread64(r11, 0x0, 0x0, 0x0) connect$inet6(r9, &(0x7f0000000000)={0xa, 0x4e21, 0x2000, @ipv4={'\x00', '\xff\xff', @empty}, 0xffffffff}, 0x1c) sendmmsg$inet6(r9, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171, 0x0, 0x0, 0x20000000}, 0xa}], 0x400000000000172, 0x4000300) 14.701772879s ago: executing program 0 (id=84): r0 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000080), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$WG_CMD_SET_DEVICE(r1, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000580)=ANY=[@ANYBLOB="1c020000", @ANYRES16=r0, @ANYBLOB="01000000000000000000010000211400020077673100000000000000000000000000f40108807000008048000980280000f8060001000a00000014000200fe8000000000000000000000000000aa05000300000000001c000080060001000200000908000200e0000001050003000000000024000100000000000000000000000000000000000000000000000000000000000000000080010080200004000a004e2000000005200100000000000000000000000000000800000006000500b01f00000800030006000000060005000500000008000a000100000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff200004000a034e200000040100000000000000000000ffffac14142a06000000240001000000000000000000000000000000000000000000000000000000000000000000d4000980"], 0x21c}}, 0x0) setitimer(0x0, 0x0, 0x0) syz_usb_connect(0x2, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000994bd740f60d5600b5a0000000010902120001000000000904"], 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x2, 0x11, 0xffffffffffffffff, 0x3000) write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYRES64], 0x118) utimensat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x100) 13.471919408s ago: executing program 3 (id=90): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000080)=0x0) timer_create(0x6, &(0x7f0000000180)={0x0, 0x1d, 0x0, @tid=r0}, &(0x7f00000001c0)) timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = syz_io_uring_setup(0x24fa, &(0x7f0000000380)={0x0, 0x0, 0x108, 0x1}, 0x0, 0x0) r2 = getpgid(0xffffffffffffffff) r3 = openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) kcmp(r0, r2, 0x6, r3, r1) r4 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) writev(r4, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1) 13.024126594s ago: executing program 0 (id=91): r0 = socket$qrtr(0x2a, 0x2, 0x0) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) r2 = eventfd(0x0) ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000300)={0x0, r2}) close_range(r0, 0xffffffffffffffff, 0x0) r3 = memfd_create(&(0x7f0000000140)='}\xa4-}{\x00\xaa\x81\xde\xac\xc0\xe8\xf1v\xbd\xd2\xd4\x03[t\xe8\x92\x9d\xc2\xdep\x11y\xf7\xb0\x90\v\xb9\x9f\x12\xfc\x8c\x19\xf7v\xdb\r\xf4\xce\xdb\xf8Cw\xe6c\xd1\xe9\xe1\x8e\x1bKn\x9c{[\xbe|\x13\x97{\x12z\xea(\xb8\xc7\xca\x9a\x17)\xfcl\xe9\x87\xe7\xf5U\xc9@\xeb\x02\x90\'\x8d\xccd\x05\xf7zJ\x8f+\\\x16\x9e\x10t^\xb7\x90\xa7\x8f \xc0#\xeb&s\xc6\x11\xfb\xc3\x1fp\xeb^\x82\x8a\x1d\xe3\x93\xfdt\x86-\b*c2\xe6\xd4\xc6\xf9\x172\xf7', 0x2) r4 = dup(r3) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e24, 0x5e, @local, 0x1c5acf88}, 0x1c) fallocate(r4, 0x0, 0x0, 0x8000006) ftruncate(r4, 0x6) ioctl$USBDEVFS_CONNECTINFO(r4, 0x40085511, &(0x7f0000000000)) 12.666265668s ago: executing program 0 (id=93): rseq(&(0x7f0000000080)={0x0, 0x0, 0x0, 0x5}, 0x20, 0x0, 0x0) r0 = open_tree(0xffffffffffffffff, 0x0, 0x2) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB="2c00000020000100000000000000000002000000000000020000000008000400fbffffff0500130001"], 0x2c}}, 0x0) setxattr(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)=@known='security.selinux\x00', 0x0, 0x8c, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000140)={&(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000100)=[0x0, 0x0], &(0x7f0000000140), &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x8, 0x2, 0x0, 0x8}) ioctl$DRM_IOCTL_GEM_OPEN(r0, 0xc010640b, &(0x7f0000000200)={0x0, 0x0}) ioctl$DRM_IOCTL_GEM_OPEN(r0, 0xc010640b, &(0x7f0000000240)={0x0, 0x0}) r5 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000180)={0x40, 0x4, 0x2d7}) r6 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) socket$l2tp6(0xa, 0x2, 0x73) ioctl$DRM_IOCTL_MODE_GETCRTC(r6, 0xc06864a1, &(0x7f00000003c0)={0x0, 0xfffffffffffffd6b, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r6, 0xc06864ce, &(0x7f0000000440)={r7, 0x0, 0x0, 0xf, 0x0, [0x0], [0x0, 0x0, 0x0, 0x4000], [0x0, 0x0, 0x1], [0x0, 0x0, 0x2800000000]}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r5, 0xc00c642d, &(0x7f0000000200)={r8}) ioctl$DRM_IOCTL_MODE_ADDFB2(r0, 0xc06864b8, &(0x7f0000000300)={r2, 0x2, 0x15c, 0x5, 0x0, [r3, r4, r8, r8], [0x10, 0x0, 0xa, 0x1], [0x6, 0x5b, 0x7], [0x80000000, 0x3, 0xfffffffffffffffd, 0xfffffffffffffffd]}) 12.498486073s ago: executing program 3 (id=95): bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x15, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x1, 0x803, 0x0) getsockname$packet(r0, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) r1 = socket$alg(0x26, 0x5, 0x0) socket$l2tp(0x2, 0x2, 0x73) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r2 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newqdisc={0x148, 0x24, 0x4, 0x0, 0x4, {0x0, 0x0, 0x0, 0x0, {0xfff2}, {0xffff}, {0x3, 0xe}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x6, 0xa18}}}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x2}, @TCA_STAB={0x100, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x6, 0x4, 0x7, 0x100, 0x2, 0xf, 0x3, 0x3}}, {0xa, 0x2, [0x65bc, 0x9, 0x9]}}, {{0x1c, 0x1, {0x6, 0x7, 0x4c, 0x8, 0x2, 0xcd4, 0x6, 0x5}}, {0xe, 0x2, [0x5, 0x3, 0xf, 0x367d, 0x5]}}, {{0x1c, 0x1, {0x6, 0x8, 0x3, 0x80e, 0x0, 0xff, 0x9, 0x2}}, {0x8, 0x2, [0x9, 0x0]}}, {{0x1c, 0x1, {0xfc, 0x4, 0x80, 0x2287, 0x2, 0x8, 0x0, 0x9}}, {0x16, 0x2, [0x2, 0x3, 0xfff, 0x9, 0x7ba7, 0x6, 0x2, 0x10, 0xfff9]}}, {{0x1c, 0x1, {0x6, 0x1c, 0x792, 0x3ff, 0x1, 0xa51e, 0x7, 0x2}}, {0x8, 0x2, [0x6, 0x9c96]}}, {{0x1c, 0x1, {0x1, 0x9, 0x1, 0x2, 0x0, 0xfffffffd, 0x1, 0x6}}, {0x10, 0x2, [0xfff9, 0x401, 0x3, 0x0, 0x81, 0xa3d]}}]}, @TCA_RATE={0x6, 0x5, {0xa, 0xbb}}]}, 0x148}}, 0x0) getsockname$packet(r2, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(0xffffffffffffffff, 0x84, 0x23, &(0x7f0000000340), 0x8) syz_emit_ethernet(0x16, &(0x7f0000000040)=ANY=[], 0x0) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="02c8c02277f9ecefcbfcc02394001e0001001004ffff0000000000000400010080000780040001379b286b38c16cc0e7675a55ee3dd693e0093c578a0eb6b020899f65ea85abea035cc37fd47eb1001e16bb51ecc6fd6743479ba679fb07480b89dfac02499706600daded485fceb17a0cb305945189aaf1cd82ec18cdcbba30200e18d78cffeea98b8a800249c7f3f65632ea29e1427e23da018647fc95efe465e219b2011da9d1"], 0x27) r3 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESOCT], 0x0) write$char_usb(0xffffffffffffffff, 0x0, 0x0) r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r4, 0x0, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(0xffffffffffffffff, 0x0, 0x0) syz_usb_disconnect(r3) r5 = socket$inet6(0xa, 0x3, 0x6c) syz_emit_vhci(&(0x7f0000000500)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x1, 0x97}, @l2cap_cid_signaling={{0x93}, [@l2cap_info_rsp={{0xb, 0xe, 0x63}, {0x7, 0x90be, "d5f18dd931c8a25d467137211fa9fde4d5bc962276795e38c225a8f855676be83499fb07bc0c956d2c60fe7b7fd811eccabe3fe88f2e787e6ca3cfab64280fa1a7b43653c42f0e3966f59b938a9f285cdd6a74f53ee75f5957ee4cc13abb6e"}}, @l2cap_move_chan_cfm_rsp={{0x11, 0x0, 0x2}, {0x2}}, @l2cap_move_chan_rsp={{0xf, 0xe, 0x4}, {0x1, 0x1}}, @l2cap_info_req={{0xa, 0x4, 0x2}, {0xfff}}, @l2cap_create_chan_req={{0xc, 0x5, 0x5}, {0xcc, 0x7, 0x7}}, @l2cap_move_chan_req={{0xe, 0x1, 0x3}, {0x4, 0x7f}}, @l2cap_disconn_req={{0x6, 0x4, 0x4}, {0x10, 0x3}}]}}, 0x9c) setsockopt$inet6_int(r5, 0x29, 0x3c, &(0x7f00000005c0)=0x7fff, 0x4) sendmmsg$alg(r5, 0x0, 0x0, 0xc800) ioctl$VIDIOC_ENUMOUTPUT(0xffffffffffffffff, 0xc0485630, &(0x7f0000000140)={0x1, "2269bc0f3f4afd1efc59facf253848713e425768a46e2202f043cb1317dbd809"}) ioprio_set$uid(0x3, 0x0, 0x0) r6 = getpid() sched_setattr(r6, 0x0, 0x0) ioprio_get$uid(0x2, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) 12.224173085s ago: executing program 1 (id=96): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0xf, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000f08400000083000000870900000000000055090100000040009500000000000000bf910000000000007b020000000000008500000085000000b70000002000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 12.001949312s ago: executing program 1 (id=97): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x20, 0x10, 0xb, 0x0, 0x0, {0x3}, [@nested={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @u32=0x8000009}]}]}, 0x20}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x200000000000011, 0x2, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x200000000000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'bridge0\x00'}) r3 = socket$qrtr(0x2a, 0x2, 0x0) r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0) r5 = eventfd(0x0) ioctl$VHOST_SET_VRING_CALL(r4, 0x4008af21, &(0x7f0000000300)={0x0, r5}) close_range(r3, 0xffffffffffffffff, 0x0) r6 = openat(0xffffffffffffffff, 0x0, 0x610000, 0x1d0) ioctl$DMA_HEAP_IOCTL_ALLOC(r6, 0xc0184800, &(0x7f0000000180)={0x0, r1, 0x1}) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@dellink={0x74, 0x11, 0x1, 0x70bd26, 0x25dfdc03, {0x0, 0x0, 0x0, 0x0, 0x18005, 0x2}, [@IFLA_ADDRESS={0xa, 0x1, @link_local}, @IFLA_PHYS_PORT_ID={0xf, 0x22, "cd6faa50bbabbc22cd177f"}, @IFLA_LINKMODE={0x5, 0x11, 0x4}, @IFLA_IFALIAS={0x14, 0x14, 'veth1_to_team\x00'}, @IFLA_PHYS_SWITCH_ID={0x1b, 0x24, "af68250bb049f870662241f644372f59acd666ce3a42ca"}]}, 0x74}}, 0x1) remap_file_pages(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x4, 0x0, 0x100000) 11.849679299s ago: executing program 1 (id=98): socket$nl_route(0x10, 0x3, 0x0) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0xf, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000bc980000000000002408009a8efaf2008500000007000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = socket$netlink(0x10, 0x3, 0x0) writev(r1, &(0x7f0000000000)=[{&(0x7f0000000080)="390000001000090468fe0700000000000000ff3f02000000480100100000000019002b000a000100050000000000007200000000000a000000", 0x39}], 0x1) 11.493774308s ago: executing program 1 (id=99): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4) connect$inet(r0, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) connect$inet(r0, &(0x7f0000000240)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="9c0500000000000061104b0000000000070000ff0000e6009500000000000000"], &(0x7f00000002c0)='GPL\x00', 0x5, 0xfd90, &(0x7f0000000300)=""/188, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f3, 0x10, &(0x7f0000000080), 0xfffffffffffffc79, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x23) sendmmsg$inet(r0, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00) 11.304535787s ago: executing program 2 (id=100): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000100)) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r4 = dup3(r3, r2, 0x0) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000005c0)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r5, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x102}) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0xc, &(0x7f00000007c0)={@ptr={0x70742a85, 0x1, &(0x7f0000000900)=""/231, 0xe7, 0x1, 0x25}, @fda={0x66646185, 0x4, 0x1, 0x11}, @flat=@weak_binder={0x77622a85, 0x101, 0x2}}, &(0x7f0000000240)={0x0, 0x28, 0x48}}, 0x1000}], 0x0, 0x0, 0x0}) r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r7, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x30, r8, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x6}]}]}, 0x30}, 0x1, 0x0, 0x0, 0xaa34a4cfdf933201}, 0x10) sendmsg$MPTCP_PM_CMD_SUBFLOW_CREATE(r4, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000280)={&(0x7f0000000140)={0x44, r8, 0x0, 0x70bd28, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x7}, @MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x81}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x7}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x2807}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x4}]}, 0x44}}, 0x4000000) ioctl$KVM_SET_SREGS(r6, 0x4138ae84, 0x0) 10.843848994s ago: executing program 2 (id=101): socket(0x10, 0x803, 0x0) syz_io_uring_setup(0x3b, &(0x7f0000000080)={0x0, 0x0, 0x10100}, 0x0, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) socket$inet_tcp(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_xfrm(0x10, 0x3, 0x6) socket(0x2, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) write$UHID_INPUT(r1, &(0x7f0000001040)={0x9, {"a2e3ad21ed0d09f90e3d090987f70e06d038e7ff7fc6e5539b0d5b0e8b099b3f36006e090890e0878f0e1ac6e7f89b334d959b4a9a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d074a0936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0a6193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927eff7f3aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f05004b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee6157eb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de225727aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d78749a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8870b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae8489d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60299473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b00f1000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90d5943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1011) pipe(&(0x7f0000000100)) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="7dbf230d000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r4, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a0001"], 0x64}}, 0x0) 10.66983051s ago: executing program 1 (id=102): r0 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000e86000)="0022040000ffffebfffffffeffffff0700000000ff000207835eeb1317b208feefaf234b4ff8b4cc4c39bdc8451792b903f4b7d8c8cf2153622652328c19ef68234f905557c4070000008735e9ab2f77c62e0a5cdd2cf9984c070400000000000003ff23353d8b2fc6a3ae1ebfcb49004a3ccd3560ae01010000079c60ed7449b842f3e253be8a62b37f820fe75a9ea937ea4efbfb9b4a128f2dbe2837496d00ad7765abaac2ec0f91c88a1ea1ff6ee308c72febedcf00798d41991ac25bb6fce2220c25ea380c7e112ab358c3a6bd8a59c100000001b4e82cb03419544a3988bc226a85abe6eb60cd7cf8d103d38c31c7c86d16c4d86cbe4ab390c092d077ce70590fbbd4f8bf", 0x107) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000}}, 0x6d) r1 = socket$nl_generic(0x10, 0x3, 0x10) io_setup(0x3, &(0x7f0000000140)=0x0) io_destroy(r2) (fail_nth: 1) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000700)=ANY=[@ANYBLOB="12010000000000408c0d220000000000000109022400010000000009040000010300000009210000000122"], 0x0) syz_usb_control_io$hid(r3, 0x0, 0x0) syz_usb_control_io(r3, &(0x7f0000000740)={0x2c, &(0x7f0000000980)=ANY=[@ANYBLOB="00000001000000090090"], 0x0, 0x0, 0x0, 0x0}, 0x0) r4 = syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0) r5 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000000c0), 0x2) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)={0x24, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x80}]}, 0x24}}, 0x0) r9 = memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x3) ftruncate(r9, 0xfffc) fcntl$addseals(r9, 0x409, 0x7) r10 = ioctl$UDMABUF_CREATE(r5, 0x40187542, &(0x7f0000000100)={r9, 0x0, 0x4000, 0x1000}) ioctl$DMA_BUF_SET_NAME_A(r10, 0x40046201, &(0x7f0000000280)='/t\xd6\x02\x00\xbf ]\xc7\xf9uf\x00[\xfa,\xda\x9a\x82\xb9sRG\x05Tn\x1b\x84\x00n\xddbW\x88\f<\x13W.\xb2\xfb\x1e\xd9\xcd\xaa\x02\xca$\x01\xde\x0e|g\xec.\xacowy\xedj\xc0\xc0\xecBe\xd9\xea\a\x91\xe4;\xc1k,\x9a=AI\xb0oP\x151k`M\xff\b\xaf\x01\xd0\xec\x8aB\xf5\xab_\xc8\n1\xa3\xf3\x91\x8c\xd1\x87:8\x9f\xb9\x95\xfc\xe8g\xe1Q?\xef\xb8\x81\x8b\'\xbc\xa0A\xbd\xccU\x9bc\xa8O\x8c\x04\xea\x1f\x8b\xb7\"\'\x9284\td d{\xc7w\xd1yX\xd4G\x8f\x1d\x011e\xf17\xd81c') ioctl$EVIOCSKEYCODE(r4, 0x40084504, &(0x7f0000000040)=[0x0, 0x1ff]) sendmsg$TIPC_CMD_RESET_LINK_STATS(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x28, 0x0, 0x100, 0x70bd2d, 0x25dfdbfb, {{}, {}, {0xc, 0x14, 'syz0\x00'}}, ["", "", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x600040c4}, 0x40000c0) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, 0x0, 0x0) 10.425189172s ago: executing program 4 (id=103): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) r1 = syz_io_uring_setup(0x16d2, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x0, 0x1d}, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) keyctl$join(0x1, 0x0) syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r4}}) io_uring_enter(r1, 0x2d3e, 0x0, 0x0, 0x0, 0x0) r5 = syz_open_dev$midi(&(0x7f00000001c0), 0x2, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r5, 0xc0305710, &(0x7f0000000340)={0x1}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c00000018000100000000000000000002000000fc000009000800000600150005000000280016802400010002"], 0x4c}}, 0x0) rseq(&(0x7f0000000080)={0x0, 0x0, 0x0, 0x5}, 0x20, 0x0, 0x0) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_TLS_TX(r6, 0x6, 0x1, &(0x7f0000000000)=@ccm_128={{}, "c04d831721b66c43", "7ef59d2d9a7fe77696db761c0000b3d9", "a7844c4e", "6c25c0284645e18b"}, 0x28) setsockopt$inet_int(r6, 0x0, 0x13, &(0x7f0000000080)=0x2, 0x4) r7 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x0) rseq(&(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x2, 0x77, 0x63c2, 0x4}, 0x3}, 0x20, 0x0, 0x0) ioctl$I2C_PEC(r7, 0x708, 0x2) ioctl$I2C_SMBUS(r7, 0x720, &(0x7f0000000180)={0x1, 0x0, 0x5, &(0x7f0000000140)={0x0, "96e67ad2d32945a0324a1c270700000000b76b8afe83c910c40000000000001d00"}}) socket$nl_generic(0x10, 0x3, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendto$inet(0xffffffffffffffff, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27) preadv(r0, &(0x7f0000000200), 0x0, 0x9, 0x1) 10.272933192s ago: executing program 3 (id=104): r0 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000e86000)="0022040000ffffebfffffffeffffff0700000000ff000207835eeb1317b208feefaf234b4ff8b4cc4c39bdc8451792b903f4b7d8c8cf2153622652328c19ef68234f905557c4070000008735e9ab2f77c62e0a5cdd2cf9984c070400000000000003ff23353d8b2fc6a3ae1ebfcb49004a3ccd3560ae01010000079c60ed7449b842f3e253be8a62b37f820fe75a9ea937ea4efbfb9b4a128f2dbe2837496d00ad7765abaac2ec0f91c88a1ea1ff6ee308c72febedcf00798d41991ac25bb6fce2220c25ea380c7e112ab358c3a6bd8a59c100000001b4e82cb03419544a3988bc226a85abe6eb60cd7cf8d103d38c31c7c86d16c4d86cbe4ab390c092d077ce70590fbbd4f8bf", 0x107) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000}}, 0x6d) r1 = socket$nl_generic(0x10, 0x3, 0x10) io_setup(0x3, &(0x7f0000000140)=0x0) io_destroy(r2) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000700)=ANY=[@ANYBLOB="12010000000000408c0d220000000000000109022400010000000009040000010300000009210000000122"], 0x0) syz_usb_control_io$hid(r3, 0x0, 0x0) syz_usb_control_io(r3, &(0x7f0000000740)={0x2c, &(0x7f0000000980)=ANY=[@ANYBLOB="00000001000000090090"], 0x0, 0x0, 0x0, 0x0}, 0x0) r4 = syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0) r5 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000000c0), 0x2) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)={0x24, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x80}]}, 0x24}}, 0x0) r9 = memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x3) ftruncate(r9, 0xfffc) fcntl$addseals(r9, 0x409, 0x7) r10 = ioctl$UDMABUF_CREATE(r5, 0x40187542, &(0x7f0000000100)={r9, 0x0, 0x4000, 0x1000}) ioctl$DMA_BUF_SET_NAME_A(r10, 0x40046201, &(0x7f0000000280)='/t\xd6\x02\x00\xbf ]\xc7\xf9uf\x00[\xfa,\xda\x9a\x82\xb9sRG\x05Tn\x1b\x84\x00n\xddbW\x88\f<\x13W.\xb2\xfb\x1e\xd9\xcd\xaa\x02\xca$\x01\xde\x0e|g\xec.\xacowy\xedj\xc0\xc0\xecBe\xd9\xea\a\x91\xe4;\xc1k,\x9a=AI\xb0oP\x151k`M\xff\b\xaf\x01\xd0\xec\x8aB\xf5\xab_\xc8\n1\xa3\xf3\x91\x8c\xd1\x87:8\x9f\xb9\x95\xfc\xe8g\xe1Q?\xef\xb8\x81\x8b\'\xbc\xa0A\xbd\xccU\x9bc\xa8O\x8c\x04\xea\x1f\x8b\xb7\"\'\x9284\td d{\xc7w\xd1yX\xd4G\x8f\x1d\x011e\xf17\xd81c') ioctl$EVIOCSKEYCODE(r4, 0x40084504, &(0x7f0000000040)=[0x0, 0x1ff]) sendmsg$TIPC_CMD_RESET_LINK_STATS(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x28, 0x0, 0x100, 0x70bd2d, 0x25dfdbfb, {{}, {}, {0xc, 0x14, 'syz0\x00'}}, ["", "", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x600040c4}, 0x40000c0) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, 0x0, 0x0) 10.151812257s ago: executing program 4 (id=105): r0 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x2a, &(0x7f00000005c0)="0022040000ffffebfffffffeffffff0700000000ff000207835eeb1317b208feefaf234b4ff8b4cc4c39bdc84500000000f4b7d8c8cf2153622652328c19ef54234f905557c4070000008735e9ab2f77c62e0a5cdd2cf9984c070400000000000003ff23353d8b2fc6a3ae1ebfcb49004a3ccd3560ae01010000079c60ed7449b842f3e253b68a62b37f820fe75a9ea937ea4efbfb9b4a128f2dbe2837496d00ad7765abaac2ec0f91c88a1ea1ff6ee308c72f7d8ce98e798d41991ac25bb6fce2220c25ea380c63112ab358c3a6bd8a59c100000041b4e82cb03419544a3988bc226a85abe6eb60cd7cf8d103d38c31c7c86d16c4d86cbe4ab390c092d077ce70590fbbd4f8bf", 0x107) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000}}, 0x6d) r1 = socket$nl_generic(0x10, 0x3, 0x10) io_setup(0x3, &(0x7f0000000140)=0x0) io_destroy(r2) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000400)=ANY=[@ANYRES16=r1, @ANYRES64=r0], 0x0) syz_usb_control_io$hid(r3, 0x0, 0x0) syz_usb_control_io(r3, &(0x7f0000000740)={0x2c, &(0x7f0000000980)=ANY=[@ANYBLOB="00000001000000090090"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0) r4 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000000c0), 0x2) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r5) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="05000000000000ec00002100000008000300", @ANYRES32=r7, @ANYBLOB="08009e0080000000"], 0x24}}, 0x0) r8 = memfd_create(&(0x7f0000000780)='y\x105\xfb\xf7u\x83%:rQ\x94x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04B\xbb\xb2)\xce\xdfT8\xb2\xad6\x16Bkx\xd3\xcbZJo\xeea\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52@\x00\x00\x00\xbd{\x9f\xa9\x97\x9bB\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7\x85\xa6y\xc4J\xf1\xf7\x0fE\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF\x01vRk\xaamB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xbb\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\t;l\x1f\xaf\xb38U\xcb\xfa\xaeQ\x10b\x19\xb3\xb8\x1ag\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0\xd9\xaf\x12$\x89\x16%\x8b\x00\x00\x00\x00\xd0]&\xab%Y\x7f\t\x00\x1an\xd7\xc2OT\x92K\xfcY\xcb\xc3\x1bI\x15\xdd\xf9\x06\xf0\xf7\xa5bU\xebZ\xfeq\x8c\xd2$\x01\xe1\xfb\xe96\xf8R\xa6\xdc@\x88ln\x02B&y\x19]D/\x86t\xff=\xe0l\x02\xb4\x95\xed5\xacY\xb0X\x0ee3@\x84\xcb#\x19\xb9$\xab# vOm\xa9\xe5\x9b\x00'/362, 0xe) ftruncate(r8, 0xfffc) fcntl$addseals(r8, 0x409, 0x7) r9 = ioctl$UDMABUF_CREATE(r4, 0x40187542, &(0x7f0000000100)={r8, 0x0, 0x4000, 0x1000}) ioctl$DMA_BUF_SET_NAME_A(r9, 0x40046201, &(0x7f0000000280)='/t\xd6\x02\x00\xbf ]\xc7\xf9uf\x00[\xfa,\xda\x9a\x82\xb9sRG\x05Tn\x1b\x84\x00n\xddbW\x88\f<\x13W.\xb2\xfb\x1e\xd9\xcd\xaa\x02\xca$\x01\xde\x0e|g\xec.\xacowy\xedj\xc0\xc0\xecBe\xd9\xea\a\x91\xe4;\xc1k,\x9a=AI\xb0oP\x151k`M\xff\b\xaf\x01\xd0\xec\x8aB\xf5\xab_\xc8\n1\xa3\xf3\x91\x8c\xd1\x87:8\x9f\xb9\x95\xfc\xe8g\xe1Q?\xef\xb8\x81\x8b\'\xbc\xa0A\xbd\xccU\x9bc\xa8O\x8c\x04\xea\x1f\x8b\xb7\"\'\x9284\td d{\xc7w\xd1yX\xd4G\x8f\x1d\x011e\xf17\xd81c') ioctl$EVIOCSKEYCODE(r4, 0x40084504, &(0x7f0000000040)=[0x0, 0x1ff]) sendmsg$TIPC_CMD_RESET_LINK_STATS(r5, &(0x7f00000004c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x2000000}, 0x58, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00012bbd7000fbdbdf2501000000000000000c410000000c001473797a30000000005c8ae2b11b7619b146de2dc7a68ec2fd15e3850ebb6f8274632735a5de8bfa041b5a8e1c719ba3a1c376ec6adeb114684e80109f4cc8d8c30e9fb3b68e69ba888058f3b1a75582b6e3e907519e230a27382f748feb39d43225a03b8d9c2e424af0a9d387da280d8f52eadcf8d23d96c186ed5eb590afb3ec57ea80ba3e540e7e"], 0x28}, 0x1, 0x0, 0x0, 0x6008c0c4}, 0xc0) r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r10, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0) socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r10, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r10, &(0x7f0000000480)=ANY=[@ANYBLOB="08000800000012000000000000004500002800000000002f9078ac1e0001ffffffff001222eb", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="4000004f00cbe57012a08cf97a4b00"], 0xfdef) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, 0x0, 0x0) 9.713753617s ago: executing program 2 (id=106): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000100)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0xb, 0xc2, 0x1, 0x0, 0x0, {[@generic={0x3, 0x2}, @exp_smc={0xfe, 0x6}, @exp_fastopen={0xfe, 0x6, 0xf989, "1bd7"}, @timestamp={0x8, 0xa, 0x8, 0x5}]}}}}}}}, 0x0) 9.320767666s ago: executing program 0 (id=107): syz_usb_connect(0x5, 0x0, 0x0, &(0x7f00000012c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x89, &(0x7f0000000fc0)=@string={0x89, 0x3, "b44a774707234ae6b32d33e9c39baa6d508fb4df9c59d56464eaced71ae90b759e1aa1e7f1ffc66cf326802eb09a7968f90b38417dd21692e49842ec3f5780b65c4480fb7aacc3b30eb4e68a228b1ebf1df08dac2e62a615c94eee6de0ba611a5aed8789b5cc1795e1b1dc2beb58df2dbd248cc4c2da2c4464c9ba8617b351669f8528aef42375"}}]}) r0 = syz_open_dev$loop(&(0x7f0000000000), 0x4, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0) write$binfmt_aout(r1, &(0x7f00000010c0)=ANY=[], 0x1a3) write$binfmt_misc(r1, &(0x7f0000001000)=ANY=[@ANYBLOB="588c90aadaedde6a2e64f465b0fcbcb8b6449c2f317140214a9be29c9e467325a38e1b43cddd210783f3dc083935e3b9dbfc09a3e0b8febcada80457ed"], 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a010000000000000000030000000000ffcd00", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}}) 9.114984948s ago: executing program 2 (id=108): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_CONTEXT(r2, 0x84, 0x11, &(0x7f0000000480)={0x0, 0x1}, 0x8) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'veth1_to_bridge\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newqdisc={0x44, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_ECN_PROB={0x8}, @TCA_FQ_PIE_ECN={0x8}]}}]}, 0x44}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8}, {0x8, 0x2, @multicast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x8, 0x2, @multicast2}}}]}, @CTA_TIMEOUT={0x8}, @CTA_HELP={0x10, 0x5, 0x0, 0x1, {0x9, 0x1, 'pptp\x00'}}]}, 0x74}}, 0x0) r5 = socket(0xa, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r5, 0x0, 0x80, &(0x7f0000000080)=@broute={'broute\x00', 0x20, 0x2, 0x230, [0xc5, 0x4, 0x0, 0x0, 0x0, 0x200004c0], 0x0, 0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000050000000000000000000000000000feffffff01000000030000000000000081006e7230000000000000002000000000007465616d300000000000000000000020766c616e30000000000000004000000076657468305f746f5f746561ed000000aaaaaaf991bb000000000000aaaaaaaaaabb0000000000000000d0000000d000000000010000766c616e0069df4e5100000000000000000000079ba3160000000000000000000800000000eb560000000000892f0700636f6e6e6c6162656c000000000000000000e5ffffff00000000000020000000080000000000000000000000000000004e46515445554500000000000000000000000000000000008000000000000000080000000000000000080000000000040000000000000000000000008000000000000000ddff000001fcffffffffffff0000000001000000ffffffff000000000000000000000000000400000000efff000000000000000000000000000000000000000001000000feffffff010000000b00006b90088754ea234d6f6e6430000000000000000000000074489c4c2c0000000000000000000000626f6e64300000ff000000000000000076657468315f744d8abdc76964676500aaaaaaaaaabb0000000000e7feffffffffff00000008000000007000000070000000a0000000434f4e4e5345434d3c964de64039918d16289341524b0000000020827903000000000000000000000000000804000000"]}, 0x2a8) socket$inet6(0xa, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0x0) r6 = memfd_create(&(0x7f0000000940)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfdP\x96\\@\xdd\xa0\xa7lv\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90k\x96\x05\r\x84\x87\x1c\b\x8c`\xea)A\x90W\x81\xb7\xf9\xbd\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\x00\x00\x00\x00\x00\x00\x00\x06\x00\r\x1b\xd3\xff]mC\v\f\n\x1f\xe2\t\x14\x84\xe0\xa4\xda\xe7\xe8\xd5\x10\x00\xf4\xf8\xde\xf3\x00q?[\xba=\x1a7\b\xa1\xd3?\xbby\xa7\xea\xf7\x03\xee\xf31\a\xb2\xdf]\xc0\xeb\x16\xe4\x7f\x17o\x1b\xa4M\xafa\xc7tR?3hH\x18\xc9\xcd\xe3\xb5\xd6\xed1\x10\x8d\x87N\x9c8\xfd\xd0t\x0f\xeb\x17{\x1f\x990\xb8\x05\xbcO@AP1\x9d\x1b\xba%\xca!\x0eRsGT\xdf\xd8;\x9ea\xd0\x01\x0eq~\x00\x00\x00\x00\x00\x00\x00\xcc\xdf\x9f\xb6\x03J\x00\x00\x00\x00\x00\xc7\x12RV\x94\x03)\xd5h\x9ef\xc0\xf7L\xac<\x1e+\xa6\xb9\ng\xd5\xa3$\x87\xa7AK$\xe8\xd2\xc5&d\xa8\x93\x0e\xc2\xa7\x94/nH\x05I \xc7{\x99\xe6\x04\xd2d\xcb\xde{\xb7}\xba#\x04\xa7\x9eK5\xd9\xd2M\x855\x13\xb0\xe6dc[Fx\xf5\xd7f\xe1\x97\x7f{\x9a\xedoR\xf4\x9b.\x88<%\x9c\x81\x1f\xc6\x15R\\S\b\x87\xf8U\xffH\xf8\x0f\xbcB\x1d6\xf6N##\xd7+y\xf7\xef\xf4M\xb4y\xdcW\x13\x88=\xc5\xa6\xad\x0f\xd8y\xd6c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x81\x13\xefX\x12\xb5r\xc5j-\x83\xbf<+\xe6o\xf8KX\a\xdf\xc1\xbd\xa7\x88\xd8\xdf\xdaXYJq\xb2e\xb9\xec', 0x0) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0x6, 0x12, r6, 0x0) r7 = userfaultfd(0x80001) r8 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r8, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f00000026c0)=ANY=[@ANYBLOB="10000000090001"], 0x10}}, 0x0) ioctl$UFFDIO_API(r7, 0xc018aa3f, &(0x7f00000000c0)) socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$UFFDIO_REGISTER(r7, 0xc020aa00, &(0x7f00000001c0)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r7, 0xc020aa04, &(0x7f0000000040)={{&(0x7f000030e000/0x2000)=nil, 0x2000}}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) rseq(0x0, 0x0, 0x0, 0x0) 7.997206929s ago: executing program 2 (id=109): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x20, 0x10, 0xb, 0x0, 0x0, {0x3}, [@nested={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @u32=0x8000009}]}]}, 0x20}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x200000000000011, 0x2, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x200000000000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'bridge0\x00'}) r3 = socket$qrtr(0x2a, 0x2, 0x0) r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0) r5 = eventfd(0x0) ioctl$VHOST_SET_VRING_CALL(r4, 0x4008af21, &(0x7f0000000300)={0x0, r5}) close_range(r3, 0xffffffffffffffff, 0x0) r6 = openat(0xffffffffffffffff, 0x0, 0x610000, 0x1d0) ioctl$DMA_HEAP_IOCTL_ALLOC(r6, 0xc0184800, &(0x7f0000000180)={0x0, r1, 0x1}) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@dellink={0x74, 0x11, 0x1, 0x70bd26, 0x25dfdc03, {0x0, 0x0, 0x0, 0x0, 0x18005, 0x2}, [@IFLA_ADDRESS={0xa, 0x1, @link_local}, @IFLA_PHYS_PORT_ID={0xf, 0x22, "cd6faa50bbabbc22cd177f"}, @IFLA_LINKMODE={0x5, 0x11, 0x4}, @IFLA_IFALIAS={0x14, 0x14, 'veth1_to_team\x00'}, @IFLA_PHYS_SWITCH_ID={0x1b, 0x24, "af68250bb049f870662241f644372f59acd666ce3a42ca"}]}, 0x74}}, 0x1) remap_file_pages(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x4, 0x0, 0x100000) 7.996619067s ago: executing program 0 (id=110): socket$nl_route(0x10, 0x3, 0x0) socket$xdp(0x2c, 0x3, 0x0) pipe(&(0x7f0000000100)) socket$nl_generic(0x10, 0x3, 0x10) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r0 = socket$kcm(0x2, 0x5, 0x84) setsockopt$sock_attach_bpf(r0, 0x84, 0x9, &(0x7f0000000380), 0x98) socket$netlink(0x10, 0x3, 0x0) pipe(&(0x7f0000000100)) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x1, 0x803, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f00000001c0)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001ac0)=@newlink={0x64, 0x10, 0x609, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x88a8ffad}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0xe, 0xa}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r3}, @IFLA_MASTER={0x8, 0xa, r5}, @IFLA_ADDRESS={0xa, 0x1, @dev}]}, 0x64}}, 0x0) 7.747292138s ago: executing program 2 (id=111): socket$nl_route(0x10, 0x3, 0x0) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0xf, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000bc980000000000002408009a8efaf2008500000007000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = socket$netlink(0x10, 0x3, 0x0) writev(r1, &(0x7f0000000000)=[{&(0x7f0000000080)="390000001000090468fe0700000000000000ff3f02000000480100100000000019002b000a00010005000000000000720000000000001f0000", 0x39}], 0x1) 7.447343291s ago: executing program 1 (id=112): r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000400), 0x8080, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000440), &(0x7f0000000480)=0x4) r1 = socket$kcm(0x10, 0x2, 0x0) r2 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r2, 0x0, 0xf, &(0x7f0000000040)=0x7, 0x4) bind$inet(r2, &(0x7f0000000180)={0x2, 0x4e25, @broadcast}, 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) ioctl$USBDEVFS_DISCONNECT_CLAIM(r4, 0x4004551e, &(0x7f0000000380)={0x0, 0x0, "5a77bd038786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500031681905db88235f8a5447dd2a2fd6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd500800000000000000e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82577ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b394de70400d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca147df97db"}) ioctl$USBDEVFS_CLEAR_HALT(r4, 0x5514, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000000200)={0x0, 0xe2, "131decf226283a747d2853727467b6607dd1e7516170c4977fd3c48bf29b55fd9a85c74189fa5926b42180f1f2d60a8556777e3cac554bae9cb7b4e8990ea3e2f18bbbad54385b7c9dd332b2bcf1c1783b65111f22a2aba53dee819f29830f2738589260263a866144aa99ab77be76091e57d6141bed4d91318e75212acf20f833d5b3aadf5a8b9552dc98219de3ef44c9847389808634cdb070eef37ae86f431b6d6cf724886eaf2085e5170162396db5e382cf8b1a4ec69396ee9639a34bf9b9860fbbcdc90fee8a2dd3695d4d7846cc5d3de3398c2cc6bbbee840b98c174e2b2d"}, &(0x7f0000000080)=0xea) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000002a00), 0x800, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000000)={'pimreg\x00', 0x1}) ioctl$TUNSETVNETHDRSZ(r7, 0x400454d8, 0x0) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(0xffffffffffffffff, 0x84, 0x78, &(0x7f00000000c0)=r6, 0x4) sendmsg$nl_route(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB='\x00'/20, @ANYRES32=r5, @ANYBLOB="40000000001400001c00128009000100626f6e64000000000c0002800800070001000000"], 0x3c}}, 0x0) sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e000000a0fe000093040000060000000000020094ec34edb03393894d6a51acf5fa8cdd51e9950b8c043acb0aad83b8fcca91d8f40161ea3c8c127c8528bc5c57ab8e3a584f1adc7a8c6e71373d6f52826c6b5142ec78aa9a083dde210df4f9dd83d233c3ce7c4ffaf0f59a7099a1f4bb08176f364f44096bdeb3a51f9b1df597353c8dcb4e8dd1ac1714cbef3b163ec31dbfb9cbe6a23f1753ee96144c381d705b70de2e1ef0137900f57b43f42e8a63f463ff9ae9a3cb05e4880e4201c38ca34669802e58b0349bbb0bcb2d87e72b8dce8e0e10629a67972462b246963d612c1e013391c5d753fecc1f0e9a52bbc532ab", @ANYRES32=r0, @ANYBLOB='\b\x00'/20, @ANYRES32=r5, @ANYRES32=r0, @ANYBLOB="0500000001000000000000000500"/28], 0x50) socket$inet(0x2, 0x6, 0x2) r8 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x7e, 0x9e, 0xb4, 0x10, 0x54c, 0x38, 0x16f5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x8, 0xc5, 0x38}}]}}]}}, 0x0) syz_usb_control_io$hid(r8, 0x0, &(0x7f0000000180)={0x2c, 0x0, 0x0, &(0x7f0000000100), 0x0, 0x0}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000), 0x5) lsetxattr$security_capability(&(0x7f0000000140)='./file0\x00', &(0x7f0000000500), &(0x7f0000000540)=@v2={0x2000000, [{0x6, 0x2}, {0x3, 0x2d}]}, 0x14, 0x1) 6.871483109s ago: executing program 4 (id=113): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0xf, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000f08400000083000000870900000000000055090100000005009500000000000000bf91000000000000b70200000000000085000000850000007b0000002000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 6.817894371s ago: executing program 3 (id=114): sched_setaffinity(0xffffffffffffffff, 0x8, &(0x7f0000000000)=0xf) r0 = request_key(&(0x7f0000000040)='cifs.idmap\x00', &(0x7f0000000080)={'syz', 0x0}, &(0x7f00000000c0)='#.]@/]]#\x00', 0xfffffffffffffffd) r1 = geteuid() stat(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) keyctl$chown(0x4, r0, r1, r3) ioctl$DRM_IOCTL_AUTH_MAGIC(0xffffffffffffffff, 0x40046411, &(0x7f00000001c0)) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, 0x0, 0x0) quotactl$Q_GETINFO(0xffffffff80000501, 0x0, r2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000000340), 0xffffffffffffffff) sendto$inet6(r4, &(0x7f0000000440)="492829ec747c0ea9c3a71dc0c9155be9340ca45dafd2c60e885e2214ff03df429da576b7cbe07da7f274ec14eaa777692766f0be5d1b190e175cc51a637f8b7998dc87f42d187836600b65c0bdfa7cd799f5e9a817b1a417eb96a8feff5751637e09e9ee44de92be50e810493107be39ea9097cb5aeb4b373ebc3c938b027ae0f10517c54a8b897578c3b5411d7da17436800fb8ca872bcc0116deceffc234a4a093ee3d48cf023041afdda777015853d58f2632a6f37bfdee19e849ea367fb7118770bb4d9d104de88c9c51ed906bd20ec53218e49131f7f88e9dee7ffef26fcd8d84a06524efcbd7c7e06380", 0xed, 0x20000800, &(0x7f0000000540)={0xa, 0x4e22, 0x1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x3ff}, 0x1c) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r4, 0x84, 0x1b, &(0x7f0000000580), &(0x7f00000005c0)=0x8) r5 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_int(r5, 0x0, 0xc, &(0x7f0000000600)=0x4, 0x4) getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r4, 0x84, 0x20, &(0x7f0000000640), &(0x7f0000000680)=0x4) sync() r6 = add_key$fscrypt_v1(&(0x7f00000006c0), &(0x7f0000000700)={'fscrypt:', @desc1}, &(0x7f0000000740)={0x0, "331022950b88b0740903164edf050bda7086cfc0b9cf1764dbb66550a5c6943b83ebf5b5f839c3ad6a9c7222dd1d43a8f9fd7e966a2f73df62804a73591bfe76", 0x3e}, 0x48, r0) keyctl$revoke(0x3, r6) setsockopt$IP_VS_SO_SET_FLUSH(r5, 0x0, 0x485, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r5, 0x6, 0x16, &(0x7f00000007c0)=[@sack_perm], 0x1) ioctl$sock_inet_SIOCSARP(r5, 0x8955, &(0x7f0000000800)={{0x2, 0x4e20, @private=0xa010102}, {0x6, @multicast}, 0x3a, {0x2, 0x4e21, @empty}, 'rose0\x00'}) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000880)={'#! ', './file0', [{0x20, '\xbb\xbb\xbb\xbb\xbb\xbb'}, {0x20, 'rose0\x00'}, {}, {}, {0x20, 'IPVS\x00'}, {0x20, '@\'#].:^'}, {0x20, 'logon\x00'}, {0x20, '#.]@/]]#\x00'}, {0x20, '#.]@/]]#\x00'}], 0xa, "a4bc449476f6ccb88155576b6ed9d04c80213b6121adae719d09a1ff09f91faaf32d9caf77e846b4f456bdd6baed2ec235a6e4010c531f8db79585f1569dfa0d12be53262cf5160bfe641171c07234dea2d0ef31d9de58e46942c41627e029742dd3885a762eb85f738f5fa53da1ecea76109ccaa490c3b17e262ea69473f5bf8b6ee6177f9ceeab7590940c1428d01ec87c6b0f7377e50240bc4e701e0dd2ceffc3412bb60aac89551c3e4df71a39e25bc61a3daff1800cd2226d4a575c9d183cfe55482b4271d8a0933fdb7d8ae5af140f1623010398ef33d04c4fe8a533b977fd7df55b198adaa80cb04b918fdbe85e629cdfe22c18624c3197be708188d04f61ada34ae697ee053655c1458ed0ac4e4d329850bf4797c0f3d2b5e65c370afcb7400bad5f9b1bdd244a9cb37586c22876fd73d30b01178413abf9665e824287db05c82b7ca2a8c2e0d5c0da99a2a97b2699ba059b4d4176f556dc97494a385a3add41f61770bd28b879f8274a7534fcde47915e8d7d97647e69cf2c0c62a5ba8e74788109e168781262b1928928eef84e1b51b4f1becbc8b9398e0a92bf3a4e3c5bce90bdea3e1e3f328982a6a4fc585ae21d7f977452f9b67a4d7b90a83935f463edc776df0f6f1dcb9408d72bcf6bc87b7756e5b2eaa7611cde36238facd90604eb95cdc34485da672f55b58e172ca3f152fc44dbb8daad33c853323ac45a240f340c196e159def95785e9ba49edcad56705d11ffba729417cf590c16427284beca5e312de5cc2b4a46f1a846979872146726b97b222bc491eaacc30c08fb88a7f562f479ede13d8c9eff60a3942058cd0762d6214a11908b26d3ae5e4666c0bb0fb0d153cf97ce60c5b66795ca5a959cfeeea5880dc6c9b783f146f56862998ebf79a44171ed215524bd5acf974c9e8f81cba09798fefd04b94e8c963bac4c744846cafdbc30da2af9003f71620b3d6d35ade8a15381e3565a69ab1bd2d0e0b5584c38f7e8e1585bb8ef677b1f49d1bf077e8a285e369dc45f07fe97b63e52e0fb134490287b3b6d310706425728451577627bd00300d44b853d28838edb6dcfa85ca8ce31d419fa2ae28c15968b7561be268d2541380b39ecd5fbb4e09d32f682b2cfe99f4eb16f95593ebb2b5188a8c0cdf62161b5197b33ec2462be9415677080b194232edb0f237987ac6a6a97678a227b57c61e78fbfd1f8830f3f5cefb17eef9c526816652d1b4a45bac9399590bcef76913c269844722ed7292829aa0495e89c0663210656af978091dde5f0d62ca7bbbc684991bbc83409c56725167bbfd6d495a79d4bdde52f1361261450679e3940b73b287b7c2434a78cb9ce87e644c1da5c90cfbdb7da5dedf18b0177113e5c9cf5c674b2887c5510d35adbe4940115ff3a070984f56e830ed8f045aa394edd21059e2b4ca78c3c64190948414a5354db9ee43335dce2ce125dce8bd8b4f40d1fbc7e74f6675bb8bc64a8aee622935059d945f039f42c300cb1fa918a94c6765ba90006a8fa6b8e9eb953256743e8e903aa73b1c48d1e87b3c8e61856864b55c696ed162a36356b44c078f79cc74a49190f4b5b3f15998c3260da04b3e5928edb338bb9835abdecbe7cd315263b73dfcdc353f0cb075f068840a049602c603d9aceb2ac3fa122e068104a586556f5644689c0311381b1c26d4bdae3f59c9921eb85aea05fa918db0379dd31c55b64b3763a242134c6d2ad815d26038e76d09d52b6b93c47ecdc39a4741b13fd6ebb8273bbd7ebc70e5e294e859d33d3f14e0a9f8f29e75519ee37f6b99dc79a2e95eea8f40330daecab735284cce02b9c18ed7a13bd2998dc77948b4f5bc9e15d78737badc20430755dd36aa0f1b49f6e0b35d63d3322362a7405ab709728914bd91f88e35cc6e9b97acfb4014db48ced7b95e943b7b87a185f96c0917fc302ec40d838d3e88cb8d86f06b4ad87cf138f202c9d2c8ffefa0c7554ca4c33f96cef129128d01e92a2d8fea99f63955da1231ad5f5d924ebb3f9d9a522619206c06827897fddbc73ae7739ada71eb9b0d1177eaad0a8715ff0e57a34d19ca8caa5747c2574539c13dd6af35e85dcb362c2823aeb54a250cc65a6e5b9c6a976d018145f6ca3b5d7bf92f7746ccb825a1bfa1a16674eec0579978f3267fea5bab3af93c812a0371c75b54a48f1a91cddfe3f3867d6a5e41c7ebcff1152f00c5344c6606df33a1ae36ad1732a65960650c2eb1fba15794212848cbcca7ea6b58ce65890740a7fed46c817a4ad82eeabb64151e018fa25170ea96e65f5dee8cd598efee0424724dd86fd955ce671e48f2d487806f96084a748def414811b6b6d4c7df1a6df79f5e31cb9f3163c8216c4edce9e33657e3a38e6c79d1e678d52f298fca18a0c2e80699ae978d2818d6e0889f89d0bbdfe106cf3d6a9d3e27e6e200656882b5087ba2c03b0659a61bca5bba16cb048035768f00d2f7e8b47a1cb68f1d9ae366208bea8a32bd3c4ad7e0a76f2e6fc8841fa2b66621760b5e7dc7d15eacf62ef7e6cf11f2d18fb5951afa3c999b04048b5b3985ee76c2ede154c6b764ea349a3ebde10da0541458faca2a0261fd1bb970db0b9f3472b47bdbcded9b12a4e3196a23dc1512dd982ead608f443f960e796ab0389a9d4abd205eca43c7c73406ff7deb1fe2857e99619e94863a5ad752b17cdbc6ad1f72fda0cf161c140490ea5f07a650e56bb795441f7fbcc6d21ebdc0cecb5b7391552e4772be7f2bded8f0a6742ee51970fc08107de2b9e90a715ea1d1ff57248221501c869421eeddb9cd4edd3e6c1f8e9acaf08eaa72be5ef19e5a847edb43a2afdbceaff3c08e9a51e4bc2e92c278792b0086d34e70550b6a30cb91c57e1d3946725ad69dfdf9c8dc35f2401c1d7e7da109e9a539eeb36c6bbd6e19a5f05726f1dfe758e333c4c944f24cc6e3a073462b4d7122cab292ed90135848f408071a67af83b49635c26f627f61b03b17691b2ea22cc1a785133dd1458580de119c6cab568c552c4bebef7a8f4afb94b4a961f99e61af785b11a7aa278d7de84a60aa704d8b76cd954b6fa73e5891b07c74e4cd892f46287682203242e6005e3a710db48361ec09eb149437a7c40076ca2fdf13d0791fa0a93a8ff4f6f136167f560407e3686e6b6e8e81fa5f63c5444d2f935b761e84a5dc13c364393ce4e689e1ad7ddc1302446046853d0c0b5124dd0c0f41e03f96d05f0e6b84341a14123650e4f2fce6ffa87e9ae5d583d18e79cb18ccd0d39a72ac7d859851acf1d12222ecbbe83e47118b1bef18d4ed72769447b1932d4b8602233eeeda944973813c73a0453d1402eb3f8042af87747979d3de9339d7a3f95a943ea5f0df2a048053f17e8b913900aa8878e3bf34003d6b50ef046dfc60eca64f69e486f47e1aa53519a22023e680b6762fc0fbdc44664a5ef6eab5bfc94755a1cff6498b61ae349c4fb1e7984864fd34c48926044cac09dd734d4fa6e330c27b4e2aaba2b01175391067799d332e436368706f96f374dd55f904d49d6882fcf4a6c866d4abdc3e8cf26ca190fb4535a0b9e1a4adc440e335cbf59942c2fb92be0b326443fedad7ad976e623d8953fe15fc3ee65c2ba949f92ba74ded037ac8b892890b447755d0e59e4d391dec5a2e949b5b3e669f8a303d41b18786d8cdf1834a7ae1b62f72f151d8e9606ffbfa79c3b2d940bf51770543b4eccc45c4e7515c948cace053053ef7f117d9ab327997588e068126d16a209ed16e1f957ade39993be54f7da219e25ca715f64de3b9d0da143229794045fe46a960ce6d94084b69081d510e358d5a5365105264427dde8b633f58c8ec11ea4b066adf89c5090c8347015b6c89cc8a1b79e0f9a632385d0d673da53aedaca62ae3716018ffe2a69e740f1b9723715c27b6a4752229df4f91401670a42c3c8cbb01d63a2ac0416eab23da14e694c59e1ea7d8a91ca4ae057dd39f690c08fe50a2dc778132b7a8f3a8508b33dd4e61c0c85030ae305671e6374714836aa73c991d1431a8af3c71ff0ba85ec077a38470b91fef2e6499db1252cad0b7edc28196ce5ee82b41af91cbd9d11d5d74d965893c9499dfc82cc390cff679622fb1e17f090fbde7ac46a42615dd26582e17a38d438a8d565edc8c6a558854ba3def19ae2a0d3b4341d3e6dd0fc8efc772ecc28171e7ee9ee26f7f47cbabb8a5c588ae6039e69fe8f55e9d121d30541f83cc6d65dbc991fc198a6f91856607355baaf41c7a1fe7dc5993d888c7f2ed32235593e2c0cc03944799b658d65f70ec5ffd6ecf52126b633e6a7e801f8889a1d15360d9dc6de86f828fbd75323549de60929ea2126bf77e8c4c662a54a87f421a1e7d38610a5614b460fa0b5c19bf2226512bb7bacd25ce17b252668c00ade82e47e6c98c8ab6c2a4f57112b9ec4c0c84b886b93baeb831f15f2c9a1d842e13b6c89a2e2e3cc126b494ada6c718b879881e225eb5e3e187e342f57c225801bed98482c71d5748dbd4067539c1701c8df8b947e1cff411132f2bce0fb5cf690aeaafe06b86136eaa3e3b4da98fe808af18eaf205365eb33462cac0dcdc585898f9cbc6a55250bf4b1a6ef5f5a024b17af0eeed0c364ae82677f8c409cd6bb684d7748d51c48f1634bf1363b29df91c66726853d98b209b71294fe41f60f4b07f21ec58c2356364d0a6bb4909e35fe0518ee33dacdf474d72358c9b40bd3390b6682d1db91bf2649db1c4aa7491924db92fc7c4a71bd26b6f14960798806c34564698ae536e5e4247f7f602e4a6a37052156bd3a1ca63c5e182e6631d35930032a04957a5601458d4d5a065a96ebcee3b1bb5183d0aa5bef4dd5d8856f6524b95c8eadfebafe69212dd54292cc436db6c65161ea0dc4f00f817450680e11f3094307c290100be2276ad0b3d20d9868757cd6b45afca6e3faf59cf06277bac467d887d732e9ad03e7b61265b90d256ba8749db4ad0b510386c92bf950ad2c77cdf92947b3096c4a14603036319912126f374f123b75fffd35708a5f0727b8cc08e5334eac5c17abf7de0a997b0cb189a7507cf4d91a8d54b5a2e43ce663a387e641efc481976704367fca41e20a7c568eb615d4a97d902cebe318a4c71677fc4710fc3a985741f67b208caefdef7f1589454b5670065dac281b27676226c2f4441a57544b00fb3d24770405c95527f7261c53eeb69105793e4213ccaba51edfe095999ed794761ba7254d768e46fb67572e7f4a299b9d4b4a9c430bbb62c721e0ab34bdfaa2b9211a4ed8858c06d2d2bb44cb63665b0b9ef14d5d9a55aa508993d1f689973eb8b94f4440776cd3f3326cf9cabdc29127b5821be57a37de8d414940ccba26827fdeb0d7307f8567aef547498d9754a24a8d7d172d21218e8fb2c10a2555ca9cbcdaa1192564f7f5b843bd978453a212374af2148a185730923b19340cd75a0e2682166c824386e8aebb36f520b087f645e97ba5fc0adeb8c5d494060eeae0e27ef378ed2953de96b83e637da629c34a60f909002edea50d2a8707981ac779d64caaa683dfb805a824d81d225e32224f75d2507d40c8119c8e336da8ee3f8075c75f544a9ccb05c4c9fa62ed01e41094cb3d1ce095c70e950a40cbc0a954710f8fb1cab9fc71561599dc4337587edaa0df074948a50a68d536e60cbfea35b967a088dc5b43b8213179343b5f237a5a419a97f7251cc5d6c208bc9eeba7b978b0fa48d3676e78468b4c44079aa2a6c7eb828f602537a87d976aa8385f1c2db7508471e84dcaff3ec9e6f52f9"}, 0x1044) r7 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x40040, 0x3) sendmsg$kcm(r7, &(0x7f0000001ac0)={&(0x7f0000001940)=@pppoe={0x18, 0x0, {0x0, @multicast, 'vlan0\x00'}}, 0x80, &(0x7f0000001a80)=[{&(0x7f00000019c0)="c2d93f0cb251be3183a50d0efa474034c207b8762c11396cc5285eae658d713a999eb5696c1d7848cf3e1f72af24d9ab0b61ba9200b19fcf6dfc98953bc421acf22d28de31cf9738d87bd10a2b3326cff53d17dc1010b5f179a3b528b365da99f83a68daa83961717296adebbb7dce2116ea82919dde6aa9ba37fd5de037e5d4e6e6f80cc6cf260ae90d6cee0dedaf017ff5d400169c9d4fdfb1ed06d31cd449bab0cd2396fdb1e25d155060c34d5266319db1dad2cef4c58ad59711c9cd", 0xbe}], 0x1}, 0x40004) keyctl$instantiate(0xc, r6, &(0x7f0000001b00)=@encrypted_new={'new ', 'default', 0x20, 'trusted:', '/', 0x20, 0x4}, 0x2b, r6) ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f0000001b40)={[0x5, 0xfffffffffffffff4, 0x3, 0x8, 0x7, 0xaf, 0x0, 0x401, 0x0, 0xf, 0x6, 0x7, 0x9, 0xa507, 0x1000, 0xa3], 0x0, 0x240}) write$UHID_CREATE(0xffffffffffffffff, &(0x7f0000001c40)={0x0, {'syz1\x00', 'syz1\x00', 'syz1\x00', &(0x7f0000001c00)=""/34, 0x22, 0xa397, 0x40, 0x8, 0x800, 0x2}}, 0x120) 6.633450712s ago: executing program 4 (id=115): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) r1 = syz_io_uring_setup(0x16d2, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x0, 0x1d}, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) keyctl$join(0x1, 0x0) syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r4}}) io_uring_enter(r1, 0x2d3e, 0x0, 0x0, 0x0, 0x0) r5 = syz_open_dev$midi(&(0x7f00000001c0), 0x2, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r5, 0xc0305710, &(0x7f0000000340)={0x1}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c00000018000100000000000000000002000000fc000009000800000600150005000000280016802400010002"], 0x4c}}, 0x0) rseq(&(0x7f0000000080)={0x0, 0x0, 0x0, 0x5}, 0x20, 0x0, 0x0) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_TLS_TX(r6, 0x6, 0x1, &(0x7f0000000000)=@ccm_128={{}, "c04d831721b66c43", "7ef59d2d9a7fe77696db761c0000b3d9", "a7844c4e", "6c25c0284645e18b"}, 0x28) setsockopt$inet_int(r6, 0x0, 0x13, &(0x7f0000000080)=0x2, 0x4) r7 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x0) rseq(&(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x2, 0x77, 0x63c2, 0x4}, 0x3}, 0x20, 0x0, 0x0) ioctl$I2C_PEC(r7, 0x708, 0x2) ioctl$I2C_SMBUS(r7, 0x720, &(0x7f0000000180)={0x1, 0x0, 0x5, &(0x7f0000000140)={0x0, "96e67ad2d32945a0324a1c270700000000b76b8afe83c910c40000000000001d00"}}) socket$nl_generic(0x10, 0x3, 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendto$inet(0xffffffffffffffff, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27) preadv(r0, &(0x7f0000000200), 0x0, 0x9, 0x1) 6.190598939s ago: executing program 4 (id=116): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000080)=0x0) timer_create(0x6, &(0x7f0000000180)={0x0, 0x1d, 0x0, @tid=r0}, &(0x7f00000001c0)) timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) syz_io_uring_setup(0x24fa, &(0x7f0000000380)={0x0, 0x0, 0x108, 0x1}, 0x0, 0x0) getpgid(0xffffffffffffffff) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1) 6.140896826s ago: executing program 3 (id=117): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000000)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r1, 0x0, 0x0, 0x0}) r3 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x802) write$evdev(r3, &(0x7f0000000000), 0x100000008) (async) ioctl$F2FS_IOC_GARBAGE_COLLECT(r3, 0x80004506, 0x0) (async) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) (async) ioctl$IOMMU_HWPT_GET_DIRTY_BITMAP(r0, 0x3b8c, &(0x7f0000000100)={0x30, r2, 0x0, 0x0, 0xa0, 0xa, 0x0, 0x0}) 598.324µs ago: executing program 3 (id=118): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) mmap$binder(&(0x7f0000000000/0x4000)=nil, 0x1fffff, 0x1, 0x11, r1, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0xe) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x4008032, 0xffffffffffffffff, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000002c0)={'syz0\x00', {0xfff, 0x0, 0x3, 0x5c}, 0x30, [0x5, 0x9, 0x6, 0x5, 0xe1c5f86f, 0x1, 0x0, 0x25b, 0x0, 0x7ff, 0x4, 0xffffffff, 0x0, 0x101, 0x663, 0x1, 0x2, 0x7, 0x0, 0x4, 0x8, 0x1, 0x0, 0xff, 0x8, 0x32ec, 0x0, 0x2, 0xd, 0xfffff20e, 0x3, 0x40, 0x6, 0x5, 0xff, 0xfffffffb, 0x10, 0xe, 0x9, 0x4, 0x7, 0x3, 0x0, 0x0, 0x8, 0x1, 0x14000000, 0x100, 0x9dd, 0x3, 0x7, 0x6, 0x9, 0x4, 0x3, 0x10001, 0x4, 0x5, 0xea11, 0x1, 0xfffffff8, 0x9, 0x0, 0xfffffffd], [0x2, 0xb, 0x6, 0x4, 0x6, 0x3, 0x1, 0x1, 0x9, 0x100, 0xa1, 0x1, 0xb, 0x7, 0x525, 0x4, 0x6, 0x400, 0xa, 0x2, 0x2, 0xa000000, 0x6, 0x7, 0x9, 0x0, 0x200000, 0x4, 0x80000000, 0x80000000, 0x80000001, 0x7e2f, 0x0, 0xe87, 0x9c, 0x8, 0x3, 0x2, 0x6, 0x2, 0xf, 0x279a, 0x0, 0x3, 0x8, 0x6, 0x81, 0x6, 0x7, 0x81, 0xfff, 0x400, 0x7, 0x7f, 0x2, 0xf8c2, 0x8, 0x2, 0x4, 0x9, 0x4, 0x0, 0x1, 0x7fffffff], [0x8, 0x7e9, 0x8, 0x90, 0x8, 0x6, 0x4, 0x1, 0x6, 0x5, 0x4, 0x401, 0x5, 0x5, 0x7, 0xe0d2, 0x0, 0x9, 0x5, 0x3, 0xa, 0x2, 0x3, 0xfffffffd, 0x8, 0xa, 0xd0000000, 0xd, 0x3, 0x6, 0x1, 0x3, 0xe54, 0x3217889f, 0x3, 0x5, 0x4, 0x401, 0x3, 0xed2, 0x7, 0x3, 0x0, 0x4e, 0x8, 0x2, 0x7, 0x3, 0x5, 0x10, 0x5, 0x3, 0x1, 0x101, 0xfffffff7, 0x9, 0x9, 0x8, 0x8, 0xe4ab, 0xd, 0xc7, 0x1000, 0xa], [0x8001, 0x10001, 0x8, 0xfffffff7, 0x1, 0x8001, 0x1, 0xffff8001, 0x5, 0x401, 0x10000, 0x5, 0x4, 0x8, 0x7ff, 0xfffffffb, 0x7, 0x8, 0x89, 0x3, 0x1, 0x6, 0x8, 0x2, 0x3, 0x9, 0x6, 0xfffffe48, 0xba, 0x0, 0xf, 0x0, 0x6, 0xe, 0x9, 0x9, 0xc1a, 0x2a03, 0xffff, 0x80000001, 0x35, 0x66, 0xf695, 0x0, 0x10001, 0xe, 0xe3, 0xf, 0x81, 0x7f, 0x200, 0x96fc, 0x3, 0x1, 0x401, 0xe000, 0x9, 0x8000, 0x6060, 0x7, 0x8f8, 0x6, 0x4, 0x5]}, 0x45c) syz_emit_ethernet(0x4e, &(0x7f0000000100)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0xb, 0xc2, 0x1, 0x0, 0x0, {[@generic={0x3, 0x2}, @exp_smc={0xfe, 0x6}, @exp_fastopen={0xfe, 0x6, 0xf989, "1bd7"}, @timestamp={0x8, 0xa, 0x8, 0x5}]}}}}}}}, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) 0s ago: executing program 4 (id=119): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x13}, 0x18) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) unshare(0x28000600) rt_sigaction(0x19, &(0x7f0000000000)={0xfffffffffffffffc, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000600)) fallocate(0xffffffffffffffff, 0x2, 0x400000000000004, 0x5) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x33, 0x0, 0x0) socket$inet6_dccp(0xa, 0x6, 0x0) setsockopt$inet6_dccp_int(0xffffffffffffffff, 0x21, 0x6, &(0x7f0000000100)=0x5, 0x4) r1 = socket(0xa, 0x3, 0x4) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'dummy0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_MTU={0x8}]}, 0x28}}, 0x0) ioctl$sock_SIOCBRDELBR(r1, 0x89a2, &(0x7f0000000000)='bridge0\x00') r5 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400), 0x0, 0x0, 0x0}) r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) r8 = mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r7, 0x0) mprotect(&(0x7f0000ffb000/0x2000)=nil, 0x2002, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200), 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000001c0)={0xc8, 0x0, &(0x7f0000000780)=[@free_buffer={0x40086303, r8}, @reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f00000002c0)={@fd, @fd, @flat=@binder={0x73622a85, 0xa, 0x4000000000002}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}, 0x400}, @transaction_sg={0x40486311, {0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000480)={@fda={0x66646185, 0x0, 0x0, 0x30}, @ptr={0x70742a85, 0x1, &(0x7f0000001740)=""/4096, 0x1000, 0x0, 0x16}, @ptr={0x70742a85, 0x0, &(0x7f0000000400)=""/81, 0x51, 0x2, 0x33}}, &(0x7f00000003c0)={0x0, 0x20, 0x48}}}, @request_death={0x400c630e, 0x0, 0x2000000}, @acquire_done={0x40106309, 0x3}], 0x0, 0x0, 0x0}) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_SET_PIT2(r10, 0x4038ae7a, &(0x7f0000000240)={[{0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfc, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}]}) writev(r5, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.9' (ED25519) to the list of known hosts. [ 58.568036][ T5212] cgroup: Unknown subsys name 'net' [ 58.709443][ T5212] cgroup: Unknown subsys name 'cpuset' [ 58.717560][ T5212] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 60.116489][ T5212] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 62.479724][ T5223] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 62.506218][ T5223] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 62.513770][ T5223] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 62.522069][ T5223] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 62.530073][ T5223] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 62.537726][ T5223] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 62.614393][ T4618] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 62.622498][ T4618] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 62.643460][ T4618] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 62.664446][ T5230] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 62.672231][ T5230] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 62.680010][ T5230] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 62.687551][ T5230] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 62.696401][ T54] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 62.704640][ T5232] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 62.773743][ T5234] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 62.777126][ T5223] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 62.789079][ T5223] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 62.796373][ T5236] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 62.804384][ T5236] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 62.819430][ T5238] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 62.827869][ T5223] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 62.835566][ T5238] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 62.842942][ T5223] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 62.851005][ T5238] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 62.858096][ T5236] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 62.867330][ T5236] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 62.880279][ T5236] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 62.891257][ T5236] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 62.899113][ T5223] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 62.961922][ T5226] chnl_net:caif_netlink_parms(): no params data found [ 63.092489][ T5226] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.100212][ T5226] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.108083][ T5226] bridge_slave_0: entered allmulticast mode [ 63.114738][ T5226] bridge_slave_0: entered promiscuous mode [ 63.124469][ T5226] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.131614][ T5226] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.138836][ T5226] bridge_slave_1: entered allmulticast mode [ 63.146012][ T5226] bridge_slave_1: entered promiscuous mode [ 63.195278][ T5226] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.207883][ T5226] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.274463][ T5226] team0: Port device team_slave_0 added [ 63.316130][ T5226] team0: Port device team_slave_1 added [ 63.358805][ T5226] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.366883][ T5226] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.393872][ T5226] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 63.409595][ T5226] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.416646][ T5226] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.442689][ T5226] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.464319][ T5244] chnl_net:caif_netlink_parms(): no params data found [ 63.530197][ T5226] hsr_slave_0: entered promiscuous mode [ 63.536956][ T5226] hsr_slave_1: entered promiscuous mode [ 63.669249][ T5242] chnl_net:caif_netlink_parms(): no params data found [ 63.684568][ T5240] chnl_net:caif_netlink_parms(): no params data found [ 63.727961][ T5244] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.735045][ T5244] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.743143][ T5244] bridge_slave_0: entered allmulticast mode [ 63.750382][ T5244] bridge_slave_0: entered promiscuous mode [ 63.793877][ T5244] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.801247][ T5244] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.808478][ T5244] bridge_slave_1: entered allmulticast mode [ 63.815081][ T5244] bridge_slave_1: entered promiscuous mode [ 63.832060][ T5243] chnl_net:caif_netlink_parms(): no params data found [ 63.889315][ T5244] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.928712][ T5244] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.972822][ T5242] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.980024][ T5242] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.988103][ T5242] bridge_slave_0: entered allmulticast mode [ 63.994710][ T5242] bridge_slave_0: entered promiscuous mode [ 64.002573][ T5242] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.009999][ T5242] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.017263][ T5242] bridge_slave_1: entered allmulticast mode [ 64.023900][ T5242] bridge_slave_1: entered promiscuous mode [ 64.043620][ T5240] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.051252][ T5240] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.059883][ T5240] bridge_slave_0: entered allmulticast mode [ 64.068056][ T5240] bridge_slave_0: entered promiscuous mode [ 64.106339][ T5240] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.116085][ T5240] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.123333][ T5240] bridge_slave_1: entered allmulticast mode [ 64.130436][ T5240] bridge_slave_1: entered promiscuous mode [ 64.147540][ T5244] team0: Port device team_slave_0 added [ 64.172570][ T5242] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 64.193206][ T5244] team0: Port device team_slave_1 added [ 64.207845][ T5243] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.215048][ T5243] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.222599][ T5243] bridge_slave_0: entered allmulticast mode [ 64.229774][ T5243] bridge_slave_0: entered promiscuous mode [ 64.238951][ T5243] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.246171][ T5243] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.253310][ T5243] bridge_slave_1: entered allmulticast mode [ 64.260726][ T5243] bridge_slave_1: entered promiscuous mode [ 64.278936][ T5242] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 64.290519][ T5240] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 64.303092][ T5240] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 64.321443][ T5244] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 64.328576][ T5244] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.355274][ T5244] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 64.401613][ T5244] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 64.409724][ T5244] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.436097][ T5244] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.472403][ T5240] team0: Port device team_slave_0 added [ 64.483550][ T5243] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 64.494867][ T5243] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 64.511794][ T5226] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 64.523075][ T5242] team0: Port device team_slave_0 added [ 64.530497][ T5240] team0: Port device team_slave_1 added [ 64.552086][ T5226] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 64.566840][ T5242] team0: Port device team_slave_1 added [ 64.589057][ T5226] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 64.606487][ T5232] Bluetooth: hci0: command tx timeout [ 64.613032][ T5240] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 64.620403][ T5240] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.646548][ T5240] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 64.677176][ T5243] team0: Port device team_slave_0 added [ 64.683172][ T5226] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 64.702624][ T5240] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 64.710143][ T5240] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.736248][ T5240] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.755233][ T5244] hsr_slave_0: entered promiscuous mode [ 64.762016][ T5244] hsr_slave_1: entered promiscuous mode [ 64.768724][ T5244] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 64.776901][ T5244] Cannot create hsr debugfs directory [ 64.784353][ T5243] team0: Port device team_slave_1 added [ 64.799900][ T5242] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 64.807197][ T5242] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.833332][ T5242] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 64.846500][ T5232] Bluetooth: hci1: command tx timeout [ 64.850953][ T5242] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 64.859445][ T5242] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.885662][ T5242] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.906426][ T5243] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 64.913403][ T5243] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.940761][ T5232] Bluetooth: hci3: command tx timeout [ 64.946389][ T54] Bluetooth: hci2: command tx timeout [ 64.951908][ T5243] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 64.999693][ T5243] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 65.006974][ T5232] Bluetooth: hci4: command tx timeout [ 65.012138][ T5243] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 65.042150][ T5243] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 65.065547][ T5240] hsr_slave_0: entered promiscuous mode [ 65.072005][ T5240] hsr_slave_1: entered promiscuous mode [ 65.078773][ T5240] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 65.087102][ T5240] Cannot create hsr debugfs directory [ 65.159808][ T5242] hsr_slave_0: entered promiscuous mode [ 65.167065][ T5242] hsr_slave_1: entered promiscuous mode [ 65.173164][ T5242] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 65.181343][ T5242] Cannot create hsr debugfs directory [ 65.240299][ T5243] hsr_slave_0: entered promiscuous mode [ 65.249092][ T5243] hsr_slave_1: entered promiscuous mode [ 65.255154][ T5243] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 65.262978][ T5243] Cannot create hsr debugfs directory [ 65.510861][ T5244] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 65.521060][ T5244] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 65.531713][ T5244] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 65.540563][ T5244] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 65.593112][ T5226] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.603942][ T5240] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 65.625399][ T5240] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 65.647314][ T5240] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 65.669448][ T5240] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 65.696371][ T5226] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.718139][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.725520][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.742179][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.749469][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.767298][ T5243] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 65.776952][ T5243] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 65.806783][ T5243] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 65.841279][ T5243] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 65.883154][ T5244] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.915278][ T5242] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 65.930779][ T5242] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 65.944814][ T5242] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 65.970145][ T5244] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.981610][ T5242] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 66.014677][ T1813] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.021894][ T1813] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.048885][ T1813] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.056027][ T1813] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.137991][ T5240] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.147968][ T5226] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.208933][ T5240] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.230861][ T1813] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.238031][ T1813] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.255871][ T5243] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.273773][ T1813] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.281003][ T1813] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.334524][ T5243] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.368157][ T5244] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.390194][ T5226] veth0_vlan: entered promiscuous mode [ 66.400709][ T1813] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.407844][ T1813] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.431287][ T1813] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.438409][ T1813] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.453727][ T5226] veth1_vlan: entered promiscuous mode [ 66.495473][ T5242] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.533905][ T5240] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.605498][ T5242] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.623269][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.630395][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.647425][ T5226] veth0_macvtap: entered promiscuous mode [ 66.659499][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.666631][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.680043][ T5240] veth0_vlan: entered promiscuous mode [ 66.693037][ T5240] veth1_vlan: entered promiscuous mode [ 66.696010][ T5232] Bluetooth: hci0: command tx timeout [ 66.700935][ T5244] veth0_vlan: entered promiscuous mode [ 66.715346][ T5226] veth1_macvtap: entered promiscuous mode [ 66.777227][ T5244] veth1_vlan: entered promiscuous mode [ 66.812789][ T5240] veth0_macvtap: entered promiscuous mode [ 66.824642][ T5226] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.847678][ T5240] veth1_macvtap: entered promiscuous mode [ 66.865139][ T5226] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.887270][ T5226] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.896828][ T5226] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.905530][ T5226] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.915147][ T5226] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.926628][ T5232] Bluetooth: hci1: command tx timeout [ 66.937354][ T5244] veth0_macvtap: entered promiscuous mode [ 66.946891][ T5243] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.964922][ T5240] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.980206][ T5240] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.991855][ T5240] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 67.003314][ T5244] veth1_macvtap: entered promiscuous mode [ 67.009378][ T5232] Bluetooth: hci2: command tx timeout [ 67.009424][ T54] Bluetooth: hci3: command tx timeout [ 67.035402][ T5240] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.046474][ T5240] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.059752][ T5240] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 67.075368][ T5242] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 67.086273][ T54] Bluetooth: hci4: command tx timeout [ 67.100408][ T5240] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.109439][ T5240] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.118724][ T5240] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.128220][ T5240] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.185104][ T5244] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.196953][ T5244] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.208439][ T5244] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.219288][ T5244] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.230821][ T5244] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 67.259607][ T5242] veth0_vlan: entered promiscuous mode [ 67.314363][ T5244] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.325082][ T5244] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.337841][ T5244] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.348535][ T5244] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.359953][ T5244] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 67.388070][ T5242] veth1_vlan: entered promiscuous mode [ 67.403777][ T5243] veth0_vlan: entered promiscuous mode [ 67.411654][ T5244] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.420753][ T5244] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.430601][ T5244] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.441363][ T5244] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.461823][ T188] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.469873][ T188] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.504524][ T5243] veth1_vlan: entered promiscuous mode [ 67.532765][ T5242] veth0_macvtap: entered promiscuous mode [ 67.538786][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.550163][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.606808][ T5243] veth0_macvtap: entered promiscuous mode [ 67.619218][ T188] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.627699][ T188] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.651838][ T5242] veth1_macvtap: entered promiscuous mode [ 67.680375][ T1811] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.690456][ T5243] veth1_macvtap: entered promiscuous mode [ 67.699984][ T1811] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.736083][ T5226] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 67.771635][ T5243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.785427][ T5243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.803590][ T5243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.821990][ T5243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.836228][ T5243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.853394][ T5243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.866606][ T5243] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 67.883438][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.914893][ T5243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.926077][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.944608][ T5243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.960689][ T5243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.970688][ T5280] Zero length message leads to an empty skb [ 67.972832][ T5243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.992846][ T5243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.005529][ T5243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.032097][ T5243] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 68.044052][ T5242] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 68.058563][ T5242] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.075775][ T5242] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 68.087288][ T5242] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.098299][ T5242] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 68.110492][ T5283] sctp: [Deprecated]: syz.0.1 (pid 5283) Use of int in maxseg socket option. [ 68.110492][ T5283] Use struct sctp_assoc_value instead [ 68.131821][ T5242] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.142613][ T5242] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 68.154948][ T5242] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.168525][ T5242] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 68.195725][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 68.211412][ T5243] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.229911][ T5243] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.243633][ T5243] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.254435][ T5243] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.353600][ T5242] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.364632][ T5242] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.379922][ T5242] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.390621][ T5242] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.400982][ T5242] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.411781][ T5275] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 68.420849][ T5242] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.433544][ T5242] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.444117][ T5242] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.455450][ T5242] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 68.467470][ T5242] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.476670][ T5242] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.485394][ T5242] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.495121][ T5242] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.524712][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.544224][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.576249][ T5275] usb 3-1: Using ep0 maxpacket: 16 [ 68.598704][ T5275] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 68.640190][ T5275] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 68.664570][ T5275] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 68.688405][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.697248][ T5275] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 68.715996][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.740628][ T5275] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 68.766675][ T54] Bluetooth: hci0: command tx timeout [ 68.802998][ T5275] usb 3-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 25 [ 68.831165][ T5275] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 68.841171][ T5275] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 68.851202][ T1811] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.865537][ T5275] usb 3-1: SerialNumber: syz [ 68.889356][ T1811] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.927863][ T5275] cdc_acm 3-1:1.0: Control and data interfaces are not separated! [ 68.952544][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.963505][ T5275] cdc_acm 3-1:1.0: probe with driver cdc_acm failed with error -12 [ 68.981729][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.989009][ T29] audit: type=1326 audit(1726981528.631:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5291 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68c217def9 code=0x7ffc0000 [ 68.989056][ T29] audit: type=1326 audit(1726981528.631:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5291 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68c217def9 code=0x7ffc0000 [ 69.040237][ T29] audit: type=1326 audit(1726981528.691:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5291 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f68c217def9 code=0x7ffc0000 [ 69.062579][ T54] Bluetooth: hci1: command tx timeout [ 69.086338][ T29] audit: type=1326 audit(1726981528.691:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5291 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68c217def9 code=0x7ffc0000 [ 69.087556][ T54] Bluetooth: hci3: command tx timeout [ 69.113701][ T54] Bluetooth: hci2: command tx timeout [ 69.166405][ T5232] Bluetooth: hci4: command tx timeout [ 69.205320][ T29] audit: type=1326 audit(1726981528.691:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5291 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68c217def9 code=0x7ffc0000 [ 69.277580][ T5282] batadv0: entered promiscuous mode [ 69.283103][ T5282] macsec1: entered promiscuous mode [ 69.344031][ T5282] batadv0: left promiscuous mode [ 69.371020][ T29] audit: type=1326 audit(1726981528.691:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5291 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f68c217def9 code=0x7ffc0000 [ 69.400128][ T29] audit: type=1326 audit(1726981528.691:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5291 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68c217def9 code=0x7ffc0000 [ 69.432911][ T29] audit: type=1326 audit(1726981528.691:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5291 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68c217def9 code=0x7ffc0000 [ 69.465369][ T29] audit: type=1326 audit(1726981528.691:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5291 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f68c217def9 code=0x7ffc0000 [ 69.466063][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 69.540767][ T188] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.576997][ T188] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.616097][ T29] audit: type=1326 audit(1726981528.691:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5291 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68c217def9 code=0x7ffc0000 [ 69.652641][ T5286] usb 3-1: USB disconnect, device number 2 [ 69.905400][ T5304] bond_slave_0: entered promiscuous mode [ 69.905454][ T5304] bond_slave_1: entered promiscuous mode [ 69.905577][ T5304] vlan2: entered promiscuous mode [ 69.905589][ T5304] bond0: entered promiscuous mode [ 69.922305][ T5298] syz.3.4 (5298): drop_caches: 2 [ 69.969786][ T5304] vlan2: entered allmulticast mode [ 69.969811][ T5304] bond0: entered allmulticast mode [ 69.969826][ T5304] bond_slave_0: entered allmulticast mode [ 69.969842][ T5304] bond_slave_1: entered allmulticast mode [ 69.980354][ T5304] bond0: left allmulticast mode [ 69.980377][ T5304] bond_slave_0: left allmulticast mode [ 69.980393][ T5304] bond_slave_1: left allmulticast mode [ 69.980416][ T5304] bond0: left promiscuous mode [ 69.980739][ T5304] bond_slave_0: left promiscuous mode [ 69.981299][ T5304] bond_slave_1: left promiscuous mode [ 70.656086][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 70.658527][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 70.662824][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 70.755898][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 70.859910][ T5232] Bluetooth: hci0: command tx timeout [ 71.056062][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 71.056692][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 71.082909][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 71.084594][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 71.097363][ T5232] Bluetooth: hci1: command tx timeout [ 71.178650][ T5232] Bluetooth: hci2: command tx timeout [ 71.178700][ T5232] Bluetooth: hci3: command tx timeout [ 71.267047][ T54] Bluetooth: hci4: command tx timeout [ 71.536767][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.547157][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 72.177244][ T1813] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 72.450418][ T5295] syz.1.2 (5295): drop_caches: 2 [ 72.453727][ T1813] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 72.738447][ T1813] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 72.930185][ T1813] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 72.975137][ T5232] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 72.983339][ T5232] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 72.996467][ T5232] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 73.023453][ T5232] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 73.053147][ T5232] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 73.064498][ T5232] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 73.112868][ T5335] netlink: 8 bytes leftover after parsing attributes in process `syz.2.17'. [ 73.426897][ T5354] netlink: 'syz.4.20': attribute type 20 has an invalid length. [ 73.463594][ T5354] netlink: 8 bytes leftover after parsing attributes in process `syz.4.20'. [ 73.551912][ T1813] bridge_slave_1: left allmulticast mode [ 73.572834][ T1813] bridge_slave_1: left promiscuous mode [ 73.591014][ T1813] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.612661][ T1813] bridge_slave_0: left allmulticast mode [ 73.633394][ T1813] bridge_slave_0: left promiscuous mode [ 73.642164][ T1813] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.730786][ T5351] syz.2.19 (5351): drop_caches: 2 [ 74.143114][ T1813] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 74.155356][ T1813] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 74.165944][ T5275] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 74.179597][ T1813] bond0 (unregistering): Released all slaves [ 74.199461][ T5364] tunl0: entered promiscuous mode [ 74.214462][ T5364] netlink: 'syz.1.24': attribute type 1 has an invalid length. [ 74.231090][ T5364] netlink: 9 bytes leftover after parsing attributes in process `syz.1.24'. [ 74.285184][ T5342] chnl_net:caif_netlink_parms(): no params data found [ 74.330545][ T5278] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 74.356824][ T5275] usb 3-1: Using ep0 maxpacket: 8 [ 74.368881][ T5275] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 74.393352][ T5275] usb 3-1: config 0 has no interfaces? [ 74.412053][ T5275] usb 3-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58 [ 74.426978][ T5275] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 74.435007][ T5275] usb 3-1: Product: syz [ 74.440763][ T5275] usb 3-1: Manufacturer: syz [ 74.447210][ T5275] usb 3-1: SerialNumber: syz [ 74.463026][ T5275] usb 3-1: config 0 descriptor?? [ 74.506034][ T5278] usb 1-1: Using ep0 maxpacket: 16 [ 74.539110][ T5278] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 74.551682][ T5274] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 74.586096][ T5278] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 74.634658][ T29] kauditd_printk_skb: 1698 callbacks suppressed [ 74.634677][ T29] audit: type=1326 audit(1726981534.281:1710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5386 comm="syz.1.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effdc17def9 code=0x7ffc0000 [ 74.672937][ T5278] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice=ff.40 [ 74.697633][ T5362] FAULT_INJECTION: forcing a failure. [ 74.697633][ T5362] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 74.732455][ T5278] usb 1-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 74.764066][ T5362] CPU: 0 UID: 0 PID: 5362 Comm: syz.2.23 Not tainted 6.11.0-syzkaller-08481-g88264981f208 #0 [ 74.770825][ T29] audit: type=1326 audit(1726981534.281:1711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5386 comm="syz.1.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effdc17def9 code=0x7ffc0000 [ 74.774263][ T5362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 74.806466][ T5362] Call Trace: [ 74.809762][ T5362] [ 74.812710][ T5362] dump_stack_lvl+0x241/0x360 [ 74.817435][ T5362] ? __pfx_dump_stack_lvl+0x10/0x10 [ 74.818221][ T29] audit: type=1326 audit(1726981534.311:1712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5386 comm="syz.1.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7effdc17def9 code=0x7ffc0000 [ 74.822640][ T5362] ? __pfx__printk+0x10/0x10 [ 74.822669][ T5362] ? __pfx_lock_release+0x10/0x10 [ 74.854443][ T5362] should_fail_ex+0x3b0/0x4e0 [ 74.859171][ T5362] set_fd_set+0x3a/0xa0 [ 74.863360][ T5362] core_sys_select+0x800/0x910 [ 74.868165][ T5362] ? __pfx_core_sys_select+0x10/0x10 [ 74.873171][ T29] audit: type=1326 audit(1726981534.311:1713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5386 comm="syz.1.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effdc17def9 code=0x7ffc0000 [ 74.873500][ T5362] ? __might_fault+0xaa/0x120 [ 74.900409][ T5362] ? __pfx_set_user_sigmask+0x10/0x10 [ 74.905805][ T5362] ? __fget_files+0x3f3/0x470 [ 74.910507][ T5362] __se_sys_pselect6+0x319/0x3f0 [ 74.915504][ T5362] ? __pfx___se_sys_pselect6+0x10/0x10 [ 74.920985][ T5362] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 74.927339][ T5362] ? do_syscall_64+0x100/0x230 [ 74.932132][ T5362] ? __x64_sys_pselect6+0x21/0xf0 [ 74.937107][ T29] audit: type=1326 audit(1726981534.311:1714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5386 comm="syz.1.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effdc17def9 code=0x7ffc0000 [ 74.937163][ T5362] do_syscall_64+0xf3/0x230 [ 74.963805][ T5362] ? clear_bhb_loop+0x35/0x90 [ 74.968518][ T5362] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.974473][ T5362] RIP: 0033:0x7f6f20d7def9 [ 74.978923][ T5362] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 74.998576][ T5362] RSP: 002b:00007f6f21b72038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e [ 75.007027][ T5362] RAX: ffffffffffffffda RBX: 00007f6f20f35f80 RCX: 00007f6f20d7def9 [ 75.015020][ T5362] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000040 [ 75.018335][ T29] audit: type=1326 audit(1726981534.311:1715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5386 comm="syz.1.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7effdc17def9 code=0x7ffc0000 [ 75.022992][ T5362] RBP: 00007f6f21b72090 R08: 0000000020000040 R09: 0000000000000000 [ 75.023011][ T5362] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000001 [ 75.023025][ T5362] R13: 0000000000000000 R14: 00007f6f20f35f80 R15: 00007f6f2105fa28 [ 75.023055][ T5362] [ 75.080753][ T5278] usb 1-1: Product: syz [ 75.082115][ T5286] usb 3-1: USB disconnect, device number 3 [ 75.085021][ T5278] usb 1-1: SerialNumber: syz [ 75.135222][ T5389] netlink: 40 bytes leftover after parsing attributes in process `syz.4.31'. [ 75.162695][ T29] audit: type=1326 audit(1726981534.311:1716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5386 comm="syz.1.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effdc17def9 code=0x7ffc0000 [ 75.196883][ T54] Bluetooth: hci4: command tx timeout [ 75.268855][ T29] audit: type=1326 audit(1726981534.311:1717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5386 comm="syz.1.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7effdc17def9 code=0x7ffc0000 [ 75.348265][ T5342] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.355625][ T5342] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.373864][ T29] audit: type=1326 audit(1726981534.311:1718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5386 comm="syz.1.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effdc17def9 code=0x7ffc0000 [ 75.409606][ T5342] bridge_slave_0: entered allmulticast mode [ 75.427330][ T5342] bridge_slave_0: entered promiscuous mode [ 75.472964][ T29] audit: type=1326 audit(1726981534.311:1719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5386 comm="syz.1.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7effdc17def9 code=0x7ffc0000 [ 75.520851][ T5342] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.552744][ T5342] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.562931][ T5342] bridge_slave_1: entered allmulticast mode [ 75.587178][ T5342] bridge_slave_1: entered promiscuous mode [ 75.654997][ T5409] syz.4.33 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 75.793149][ T5412] netlink: 56 bytes leftover after parsing attributes in process `syz.2.34'. [ 75.826791][ T1813] hsr_slave_0: left promiscuous mode [ 75.833051][ T1813] hsr_slave_1: left promiscuous mode [ 75.858495][ T1813] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 75.872864][ T1813] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 75.892480][ T1813] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 75.900923][ T1813] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 75.940125][ T1813] veth1_macvtap: left promiscuous mode [ 75.959087][ T5418] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 75.999654][ T1813] veth0_macvtap: left promiscuous mode [ 75.999840][ T1813] veth1_vlan: left promiscuous mode [ 76.000082][ T1813] veth0_vlan: left promiscuous mode [ 76.065974][ T5274] usb 5-1: new full-speed USB device number 3 using dummy_hcd [ 76.260356][ T5274] usb 5-1: New USB device found, idVendor=0df6, idProduct=0056, bcdDevice=a0.b5 [ 76.269761][ T5274] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 76.298599][ T5274] usb 5-1: config 0 descriptor?? [ 76.377663][ T5278] usb 1-1: 0:2 : does not exist [ 76.440850][ T5278] usb 1-1: USB disconnect, device number 2 [ 76.529174][ T5274] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 76.553370][ T5274] asix 5-1:0.0: probe with driver asix failed with error -71 [ 76.567778][ T5426] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 76.587172][ T5274] usb 5-1: USB disconnect, device number 3 [ 76.883265][ T1813] team0 (unregistering): Port device team_slave_1 removed [ 76.924658][ T1813] team0 (unregistering): Port device team_slave_0 removed [ 76.936167][ T5276] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 77.123874][ T5276] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 77.140989][ T5276] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 77.160794][ T5276] usb 2-1: New USB device found, idVendor=0499, idProduct=1058, bcdDevice=31.95 [ 77.199066][ T5276] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 77.209303][ T5276] usb 2-1: config 0 descriptor?? [ 77.246639][ T54] Bluetooth: hci4: command tx timeout [ 77.520927][ T5438] netlink: 24 bytes leftover after parsing attributes in process `syz.4.39'. [ 77.546688][ T5276] usb 2-1: USB disconnect, device number 2 [ 77.833349][ T5342] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.850303][ T5422] bond_slave_0: entered promiscuous mode [ 77.856177][ T5422] bond_slave_1: entered promiscuous mode [ 77.862346][ T5422] vlan2: entered promiscuous mode [ 77.869249][ T5422] bond0: entered promiscuous mode [ 77.874608][ T5422] vlan2: entered allmulticast mode [ 77.893557][ T5422] bond0: entered allmulticast mode [ 77.898866][ T5422] bond_slave_0: entered allmulticast mode [ 77.906660][ T5422] bond_slave_1: entered allmulticast mode [ 77.914172][ T5422] bond0: left allmulticast mode [ 77.919223][ T5422] bond_slave_0: left allmulticast mode [ 77.925661][ T5422] bond_slave_1: left allmulticast mode [ 77.931498][ T5422] bond0: left promiscuous mode [ 77.937598][ T5422] bond_slave_0: left promiscuous mode [ 77.943066][ T5422] bond_slave_1: left promiscuous mode [ 77.961668][ T5446] tunl0: entered promiscuous mode [ 77.970049][ T5446] netlink: 'syz.0.42': attribute type 1 has an invalid length. [ 77.977776][ T5446] netlink: 9 bytes leftover after parsing attributes in process `syz.0.42'. [ 77.993429][ T5342] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.175214][ T5342] team0: Port device team_slave_0 added [ 78.331479][ T5342] team0: Port device team_slave_1 added [ 78.546940][ T5342] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.580617][ T5342] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.648815][ T5342] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.670661][ T5342] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.681511][ T5342] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.738488][ T5342] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.850620][ T5342] hsr_slave_0: entered promiscuous mode [ 78.858276][ T5342] hsr_slave_1: entered promiscuous mode [ 78.872248][ T5342] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 78.886751][ T5276] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 78.904091][ T5342] Cannot create hsr debugfs directory [ 79.046177][ T5276] usb 1-1: Using ep0 maxpacket: 8 [ 79.074257][ T5276] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 79.097385][ T5276] usb 1-1: config 0 has no interfaces? [ 79.115610][ T5276] usb 1-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58 [ 79.133504][ T5276] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 79.152013][ T5276] usb 1-1: Product: syz [ 79.166980][ T5276] usb 1-1: Manufacturer: syz [ 79.174030][ T5276] usb 1-1: SerialNumber: syz [ 79.208072][ T5276] usb 1-1: config 0 descriptor?? [ 79.209233][ T1813] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 79.345004][ T54] Bluetooth: hci4: command tx timeout [ 79.346515][ T1813] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 79.394948][ T5232] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 79.404154][ T5232] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 79.411944][ T5232] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 79.507239][ T5276] usb 1-1: USB disconnect, device number 3 [ 79.516352][ T5232] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 79.532864][ T5232] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 79.548398][ T5232] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 79.595793][ T5485] netlink: 8 bytes leftover after parsing attributes in process `syz.2.51'. [ 79.609646][ T5485] vlan2: entered allmulticast mode [ 79.689256][ T1813] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 79.710331][ T5487] netlink: 'syz.1.50': attribute type 1 has an invalid length. [ 79.718703][ T5487] netlink: 9 bytes leftover after parsing attributes in process `syz.1.50'. [ 79.908639][ T29] kauditd_printk_skb: 59 callbacks suppressed [ 79.908658][ T29] audit: type=1326 audit(1726981539.561:1779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5497 comm="syz.1.52" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7effdc17def9 code=0x0 [ 80.677486][ T5276] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 80.842473][ T5276] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 80.853095][ T5276] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 80.867030][ T5276] usb 1-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 80.876168][ T5276] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 80.890603][ T5276] usb 1-1: config 0 descriptor?? [ 80.902370][ T5276] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 81.008963][ T5274] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 81.172222][ T5274] usb 2-1: Using ep0 maxpacket: 8 [ 81.179900][ T5274] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 81.190835][ T5274] usb 2-1: config 0 has no interfaces? [ 81.213250][ T5274] usb 2-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58 [ 81.222430][ T5274] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 81.230561][ T5274] usb 2-1: Product: syz [ 81.234795][ T5274] usb 2-1: Manufacturer: syz [ 81.239578][ T5274] usb 2-1: SerialNumber: syz [ 81.252945][ T5274] usb 2-1: config 0 descriptor?? [ 81.337336][ T1813] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 81.417678][ T54] Bluetooth: hci4: command tx timeout [ 81.461386][ T5508] FAULT_INJECTION: forcing a failure. [ 81.461386][ T5508] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 81.493875][ T5508] CPU: 0 UID: 0 PID: 5508 Comm: syz.1.56 Not tainted 6.11.0-syzkaller-08481-g88264981f208 #0 [ 81.504092][ T5508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 81.514197][ T5508] Call Trace: [ 81.517508][ T5508] [ 81.520455][ T5508] dump_stack_lvl+0x241/0x360 [ 81.525144][ T5508] ? __pfx_dump_stack_lvl+0x10/0x10 [ 81.530347][ T5508] ? __pfx__printk+0x10/0x10 [ 81.534947][ T5508] ? snprintf+0xda/0x120 [ 81.539209][ T5508] should_fail_ex+0x3b0/0x4e0 [ 81.543909][ T5508] _copy_to_user+0x2f/0xb0 [ 81.548344][ T5508] simple_read_from_buffer+0xca/0x150 [ 81.553730][ T5508] proc_fail_nth_read+0x1e9/0x250 [ 81.558771][ T5508] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 81.564337][ T5508] ? rw_verify_area+0x55e/0x6f0 [ 81.569203][ T5508] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 81.574771][ T5508] vfs_read+0x201/0xbc0 [ 81.578940][ T5508] ? __pfx_lock_release+0x10/0x10 [ 81.583993][ T5508] ? __pfx_vfs_read+0x10/0x10 [ 81.588693][ T5508] ? __fget_files+0x3f3/0x470 [ 81.593380][ T5508] ? __fdget_pos+0x24e/0x320 [ 81.597969][ T5508] ksys_read+0x1a0/0x2c0 [ 81.602219][ T5508] ? __pfx_ksys_read+0x10/0x10 [ 81.606998][ T5508] ? do_syscall_64+0x100/0x230 [ 81.611769][ T5508] ? do_syscall_64+0xb6/0x230 [ 81.616546][ T5508] do_syscall_64+0xf3/0x230 [ 81.621063][ T5508] ? clear_bhb_loop+0x35/0x90 [ 81.625755][ T5508] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.631651][ T5508] RIP: 0033:0x7effdc17c93c [ 81.636066][ T5508] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 81.655765][ T5508] RSP: 002b:00007effdcf35030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 81.664271][ T5508] RAX: ffffffffffffffda RBX: 00007effdc335f80 RCX: 00007effdc17c93c [ 81.672250][ T5508] RDX: 000000000000000f RSI: 00007effdcf350a0 RDI: 0000000000000009 [ 81.680404][ T5508] RBP: 00007effdcf35090 R08: 0000000000000000 R09: 0000000000000000 [ 81.688383][ T5508] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000001 [ 81.696379][ T5508] R13: 0000000000000000 R14: 00007effdc335f80 R15: 00007effdc45fa28 [ 81.704387][ T5508] [ 81.707516][ C0] vkms_vblank_simulate: vblank timer overrun [ 81.735500][ T54] Bluetooth: hci2: command tx timeout [ 81.761400][ T5286] usb 2-1: USB disconnect, device number 3 [ 81.779730][ T1170] cfg80211: failed to load regulatory.db [ 81.853274][ T29] audit: type=1326 audit(1726981541.501:1780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5515 comm="syz.1.59" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effdc17def9 code=0x7ffc0000 [ 81.948211][ T29] audit: type=1326 audit(1726981541.501:1781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5515 comm="syz.1.59" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effdc17def9 code=0x7ffc0000 [ 81.971287][ T29] audit: type=1326 audit(1726981541.531:1782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5515 comm="syz.1.59" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7effdc17def9 code=0x7ffc0000 [ 81.993718][ C0] vkms_vblank_simulate: vblank timer overrun [ 82.000346][ T29] audit: type=1326 audit(1726981541.531:1783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5515 comm="syz.1.59" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effdc17def9 code=0x7ffc0000 [ 82.023071][ T29] audit: type=1326 audit(1726981541.531:1784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5515 comm="syz.1.59" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effdc17def9 code=0x7ffc0000 [ 82.045359][ C0] vkms_vblank_simulate: vblank timer overrun [ 82.052018][ T29] audit: type=1326 audit(1726981541.531:1785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5515 comm="syz.1.59" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7effdc17def9 code=0x7ffc0000 [ 82.104306][ T29] audit: type=1326 audit(1726981541.531:1786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5515 comm="syz.1.59" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effdc17def9 code=0x7ffc0000 [ 82.126637][ C0] vkms_vblank_simulate: vblank timer overrun [ 82.171222][ T29] audit: type=1326 audit(1726981541.531:1787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5515 comm="syz.1.59" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effdc17def9 code=0x7ffc0000 [ 82.173083][ T5273] usb 1-1: USB disconnect, device number 4 [ 82.193399][ C0] vkms_vblank_simulate: vblank timer overrun [ 82.225242][ T29] audit: type=1326 audit(1726981541.531:1788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5515 comm="syz.1.59" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7effdc17def9 code=0x7ffc0000 [ 82.247517][ C0] vkms_vblank_simulate: vblank timer overrun [ 82.456798][ T5527] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 82.466635][ T1813] bridge_slave_1: left allmulticast mode [ 82.482883][ T1813] bridge_slave_1: left promiscuous mode [ 82.490097][ T1813] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.508687][ T1813] bridge_slave_0: left allmulticast mode [ 82.514377][ T1813] bridge_slave_0: left promiscuous mode [ 82.520262][ T1813] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.666647][ T5273] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 82.854047][ T5273] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 82.886110][ T5273] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 82.896495][ T5273] usb 1-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 82.905586][ T5273] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 82.933321][ T5273] usb 1-1: config 0 descriptor?? [ 83.419118][ T5274] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 83.431036][ T1813] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 83.460629][ T1813] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 83.495811][ T1813] bond0 (unregistering): Released all slaves [ 83.580148][ T5274] usb 2-1: Using ep0 maxpacket: 8 [ 83.590495][ T5555] tunl0: entered promiscuous mode [ 83.610460][ T5555] netlink: 'syz.2.65': attribute type 1 has an invalid length. [ 83.619883][ T5555] netlink: 9 bytes leftover after parsing attributes in process `syz.2.65'. [ 83.694707][ T5274] usb 2-1: unable to get BOS descriptor or descriptor too short [ 83.707385][ T5493] chnl_net:caif_netlink_parms(): no params data found [ 83.716805][ T5274] usb 2-1: no configurations [ 83.721458][ T5274] usb 2-1: can't read configurations, error -22 [ 83.811326][ T54] Bluetooth: hci2: command tx timeout [ 83.857497][ T5562] loop4: detected capacity change from 0 to 7 [ 83.888178][ T5563] loop2: detected capacity change from 0 to 7 [ 83.896745][ T5562] Dev loop4: unable to read RDB block 7 [ 83.902455][ T5562] loop4: unable to read partition table [ 83.916356][ T5563] Dev loop2: unable to read RDB block 7 [ 83.921974][ T5563] loop2: unable to read partition table [ 83.941707][ T5562] loop4: partition table beyond EOD, truncated [ 83.952792][ T5563] loop2: partition table beyond EOD, truncated [ 83.963498][ T5562] loop_reread_partitions: partition scan of loop4 (被xڬdƤݡ [ 83.963498][ T5562] ) failed (rc=-5) [ 83.989092][ T5563] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 84.037531][ T5342] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 84.069575][ T5342] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 84.133446][ T5551] PKCS7: Unknown OID: [4] 2.19.13055.170809666(bad) [ 84.145999][ T5551] PKCS7: Only support pkcs7_signedData type [ 84.163707][ T5342] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 84.194338][ T5342] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 84.368518][ T5493] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.389943][ T5493] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.413704][ T5493] bridge_slave_0: entered allmulticast mode [ 84.424626][ T5493] bridge_slave_0: entered promiscuous mode [ 84.446651][ T1813] hsr_slave_0: left promiscuous mode [ 84.456649][ T1813] hsr_slave_1: left promiscuous mode [ 84.473243][ T1813] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 84.487984][ T1813] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 84.512858][ T1813] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 84.542970][ T1813] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 84.614695][ T1813] veth1_macvtap: left promiscuous mode [ 84.630916][ T1813] veth0_macvtap: left promiscuous mode [ 84.646748][ T1813] veth1_vlan: left promiscuous mode [ 84.652606][ T1813] veth0_vlan: left promiscuous mode [ 84.698992][ T5569] netlink: 'syz.1.68': attribute type 1 has an invalid length. [ 84.771495][ T5569] mmap: syz.1.68 (5569) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 85.566013][ T5273] usbhid 1-1:0.0: can't add hid device: -71 [ 85.572067][ T5273] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 85.601349][ T5273] usb 1-1: USB disconnect, device number 5 [ 85.647380][ T29] kauditd_printk_skb: 23 callbacks suppressed [ 85.647396][ T29] audit: type=1326 audit(1726981545.301:1812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5577 comm="syz.1.71" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effdc17def9 code=0x7ffc0000 [ 85.675794][ C0] vkms_vblank_simulate: vblank timer overrun [ 85.701814][ T5581] openvswitch: netlink: Flow actions attr not present in new flow. [ 85.713443][ T29] audit: type=1326 audit(1726981545.301:1813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5577 comm="syz.1.71" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effdc17def9 code=0x7ffc0000 [ 85.782584][ T29] audit: type=1326 audit(1726981545.311:1814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5580 comm="syz.0.72" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1dd657def9 code=0x7ffc0000 [ 85.835625][ T29] audit: type=1326 audit(1726981545.311:1815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5580 comm="syz.0.72" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1dd657def9 code=0x7ffc0000 [ 85.857938][ C0] vkms_vblank_simulate: vblank timer overrun [ 85.886178][ T54] Bluetooth: hci2: command tx timeout [ 85.892454][ T29] audit: type=1326 audit(1726981545.311:1816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5580 comm="syz.0.72" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f1dd657def9 code=0x7ffc0000 [ 85.961325][ T29] audit: type=1326 audit(1726981545.311:1817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5580 comm="syz.0.72" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f1dd657df33 code=0x7ffc0000 [ 86.006109][ T29] audit: type=1326 audit(1726981545.311:1818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5580 comm="syz.0.72" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f1dd657df33 code=0x7ffc0000 [ 86.028129][ C0] vkms_vblank_simulate: vblank timer overrun [ 86.035567][ T29] audit: type=1326 audit(1726981545.311:1819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5580 comm="syz.0.72" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1dd657def9 code=0x7ffc0000 [ 86.057770][ C0] vkms_vblank_simulate: vblank timer overrun [ 86.091619][ T1813] team0 (unregistering): Port device team_slave_1 removed [ 86.116223][ T29] audit: type=1326 audit(1726981545.311:1820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5580 comm="syz.0.72" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1dd657def9 code=0x7ffc0000 [ 86.173316][ T29] audit: type=1326 audit(1726981545.321:1821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5580 comm="syz.0.72" exe="/root/syz-executor" sig=0 arch=c000003e syscall=427 compat=0 ip=0x7f1dd657def9 code=0x7ffc0000 [ 86.206957][ T1813] team0 (unregistering): Port device team_slave_0 removed [ 86.666221][ T5590] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=32768 (65536 ns) > initial count (54 ns). Using initial count to start timer. [ 86.814162][ T5560] coredump: 47(syz.2.67): interrupted: fatal signal pending [ 86.827565][ T5560] coredump: 47(syz.2.67): written to core: VMAs: 42, size 100966400; core: 51114992 bytes, pos 88539136 [ 86.973573][ T5493] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.990658][ T5493] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.000502][ T5493] bridge_slave_1: entered allmulticast mode [ 87.022861][ T5493] bridge_slave_1: entered promiscuous mode [ 87.053114][ T5586] netlink: 'syz.0.74': attribute type 1 has an invalid length. [ 87.067128][ T5586] netlink: 9 bytes leftover after parsing attributes in process `syz.0.74'. [ 87.161438][ T5493] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.208087][ T5493] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.248736][ T5594] netlink: 'syz.0.77': attribute type 1 has an invalid length. [ 87.319691][ T5493] team0: Port device team_slave_0 added [ 87.346484][ T5493] team0: Port device team_slave_1 added [ 87.461215][ T5493] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.475727][ T5493] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.536289][ T5493] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.605206][ T5493] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.630450][ T5493] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.699537][ T5493] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.789806][ T5342] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.882961][ T5602] syz.0.78 (5602): drop_caches: 2 [ 87.958172][ T5613] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 87.966230][ T54] Bluetooth: hci2: command tx timeout [ 87.976551][ T5613] ALSA: seq fatal error: cannot create timer (-22) [ 88.006062][ T25] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 88.019804][ T5493] hsr_slave_0: entered promiscuous mode [ 88.082088][ T5493] hsr_slave_1: entered promiscuous mode [ 88.114333][ T5493] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.131435][ T5493] Cannot create hsr debugfs directory [ 88.180820][ T25] usb 3-1: device descriptor read/64, error -71 [ 88.280248][ T5342] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.342540][ T5624] openvswitch: netlink: Flow actions attr not present in new flow. [ 88.360058][ T62] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.367302][ T62] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.436720][ T25] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 88.448288][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.455423][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.618045][ T25] usb 3-1: device descriptor read/64, error -71 [ 88.737024][ T25] usb usb3-port1: attempt power cycle [ 88.851069][ T5342] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.049164][ T5342] veth0_vlan: entered promiscuous mode [ 89.116552][ T25] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 89.127690][ T5342] veth1_vlan: entered promiscuous mode [ 89.157043][ T25] usb 3-1: device descriptor read/8, error -71 [ 89.241684][ T5342] veth0_macvtap: entered promiscuous mode [ 89.304999][ T5342] veth1_macvtap: entered promiscuous mode [ 89.364748][ T5342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 89.406271][ T25] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 89.435414][ T5342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 89.456549][ T5342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 89.456867][ T25] usb 3-1: device descriptor read/8, error -71 [ 89.476039][ T5342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 89.513724][ T5342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 89.541854][ T5342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 89.563865][ T5342] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.596731][ T25] usb usb3-port1: unable to enumerate USB device [ 89.606838][ T5493] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 89.637835][ T5493] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 89.651786][ T5493] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 89.688137][ T5342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 89.704095][ T5342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 89.714782][ T5342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 89.766219][ T5342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 89.803400][ T5342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 89.829023][ T5342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 89.852214][ T5342] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.896419][ T5493] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 89.967646][ T5342] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.011057][ T5342] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.050578][ T5342] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.076233][ T5342] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.385022][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.393961][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.406816][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.417057][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.548326][ T5493] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.556974][ T5299] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 90.631287][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0 [ 90.644627][ T5493] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.645736][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0 [ 90.704284][ T5660] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 90.709699][ T1813] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.721734][ T1813] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.726738][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0 [ 90.757088][ T5299] usb 1-1: New USB device found, idVendor=0df6, idProduct=0056, bcdDevice=a0.b5 [ 90.766737][ T5299] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 90.793638][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0 [ 90.809172][ T5299] usb 1-1: config 0 descriptor?? [ 90.816791][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0 [ 90.822971][ T5670] netlink: 'syz.2.86': attribute type 1 has an invalid length. [ 90.845765][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0 [ 90.858442][ T1813] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.865630][ T1813] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.888717][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0 [ 90.898885][ T5668] netlink: 'syz.1.85': attribute type 1 has an invalid length. [ 90.906252][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0 [ 90.909005][ T5668] netlink: 9 bytes leftover after parsing attributes in process `syz.1.85'. [ 90.923391][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0 [ 90.971940][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0 [ 91.000482][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0 [ 91.031655][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0 [ 91.052447][ T5299] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 91.068436][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0 [ 91.076620][ T5299] asix 1-1:0.0: probe with driver asix failed with error -71 [ 91.091169][ T5493] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.091937][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0 [ 91.120955][ T5299] usb 1-1: USB disconnect, device number 6 [ 91.150525][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0 [ 91.180728][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0 [ 91.212895][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0 [ 91.212943][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0 [ 91.212973][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0 [ 91.213002][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0 [ 91.213031][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0 [ 91.213060][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0 [ 91.213089][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0 [ 91.213141][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0 [ 91.213170][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0 [ 91.213198][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0 [ 91.213226][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0 [ 91.213254][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0 [ 91.213282][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0 [ 91.213311][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0 [ 91.213338][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0 [ 91.213366][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0 [ 91.213394][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0 [ 91.213423][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0 [ 91.213451][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0 [ 91.213480][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0 [ 91.213508][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0 [ 91.213536][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0 [ 91.213565][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0 [ 91.213593][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0 [ 91.213622][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0 [ 91.213650][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0 [ 91.213679][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0 [ 91.213707][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0 [ 91.213736][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0 [ 91.213764][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0 [ 91.213793][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0 [ 91.213822][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0 [ 91.238737][ T5273] hid-generic 0000:0000:0003.0001: hidraw0: HID v0.00 Device [syz0] on syz1 [ 91.285102][ T5493] veth0_vlan: entered promiscuous mode [ 91.302114][ T5493] veth1_vlan: entered promiscuous mode [ 91.363955][ T5493] veth0_macvtap: entered promiscuous mode [ 91.368634][ T5493] veth1_macvtap: entered promiscuous mode [ 91.587641][ T29] kauditd_printk_skb: 579 callbacks suppressed [ 91.587659][ T29] audit: type=1326 audit(1726981551.241:2401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5688 comm="syz.3.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcae517def9 code=0x7ffc0000 [ 91.608403][ T5493] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.657773][ T5493] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.667713][ T5493] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.678187][ T5493] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.688112][ T5493] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.703007][ T5493] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.713434][ T5493] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.724428][ T5493] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.724912][ T29] audit: type=1326 audit(1726981551.241:2402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5688 comm="syz.3.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcae517def9 code=0x7ffc0000 [ 91.736233][ T5493] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.809875][ T5493] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.822271][ T5493] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.835936][ T5493] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.846752][ T5493] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.865059][ T29] audit: type=1326 audit(1726981551.301:2403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5688 comm="syz.3.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fcae517def9 code=0x7ffc0000 [ 91.866117][ T5493] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.899587][ T29] audit: type=1326 audit(1726981551.301:2404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5688 comm="syz.3.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcae517def9 code=0x7ffc0000 [ 91.926881][ T29] audit: type=1326 audit(1726981551.301:2405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5688 comm="syz.3.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcae517def9 code=0x7ffc0000 [ 91.956544][ T29] audit: type=1326 audit(1726981551.371:2406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5688 comm="syz.3.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7fcae517def9 code=0x7ffc0000 [ 91.996584][ T5493] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.006507][ T5493] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.019582][ T5493] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.038739][ T5493] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.051454][ T5493] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.061949][ T5493] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.091093][ T29] audit: type=1326 audit(1726981551.371:2407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5688 comm="syz.3.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcae517def9 code=0x7ffc0000 [ 92.125932][ T5493] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.134768][ T29] audit: type=1326 audit(1726981551.371:2408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5688 comm="syz.3.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcae517def9 code=0x7ffc0000 [ 92.157460][ T29] audit: type=1326 audit(1726981551.371:2409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5688 comm="syz.3.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fcae517def9 code=0x7ffc0000 [ 92.180088][ T29] audit: type=1326 audit(1726981551.371:2410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5688 comm="syz.3.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fcae517df33 code=0x7ffc0000 [ 92.186283][ T5493] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.225761][ T5691] syz.3.90 (5691): drop_caches: 2 [ 92.646435][ T188] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.674695][ T188] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.728629][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.729388][ T1170] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 92.745031][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.863706][ T5720] netlink: 'syz.1.97': attribute type 1 has an invalid length. [ 93.006277][ T1170] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 93.014999][ T1170] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 93.057930][ T1170] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 93.080315][ T5727] netlink: 'syz.1.98': attribute type 1 has an invalid length. [ 93.103759][ T1170] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 93.120307][ T5727] netlink: 9 bytes leftover after parsing attributes in process `syz.1.98'. [ 93.131179][ T1170] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 93.172583][ T1170] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 93.209025][ T1170] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 93.231908][ T1170] usb 4-1: Product: syz [ 93.245782][ T1170] usb 4-1: Manufacturer: syz [ 93.338483][ T1170] cdc_wdm 4-1:1.0: skipping garbage [ 93.344718][ T1170] cdc_wdm 4-1:1.0: skipping garbage [ 93.378609][ T1170] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 93.384577][ T1170] cdc_wdm 4-1:1.0: Unknown control protocol [ 93.594753][ C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 93.601610][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 93.608099][ C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 93.614806][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 93.621084][ C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 93.627712][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 93.634144][ C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 93.640769][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 93.647056][ C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 93.653698][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 93.660000][ C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 93.666632][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 93.672934][ C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 93.679563][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 93.685861][ C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 93.692475][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 93.699392][ C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 93.706029][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 93.712289][ C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 93.718919][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 93.764049][ T5276] usb 4-1: USB disconnect, device number 2 [ 93.764100][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 94.412773][ T5752] bond_slave_0: entered promiscuous mode [ 94.412816][ T5752] bond_slave_1: entered promiscuous mode [ 94.412893][ T5752] vlan3: entered promiscuous mode [ 94.412907][ T5752] bond0: entered promiscuous mode [ 94.413189][ T5752] vlan3: entered allmulticast mode [ 94.413204][ T5752] bond0: entered allmulticast mode [ 94.413217][ T5752] bond_slave_0: entered allmulticast mode [ 94.413231][ T5752] bond_slave_1: entered allmulticast mode [ 94.461527][ T5752] bond0: left allmulticast mode [ 94.461555][ T5752] bond_slave_0: left allmulticast mode [ 94.461574][ T5752] bond_slave_1: left allmulticast mode [ 94.461601][ T5752] bond0: left promiscuous mode [ 94.462023][ T5752] bond_slave_0: left promiscuous mode [ 94.462073][ T5752] bond_slave_1: left promiscuous mode [ 94.606230][ T25] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 94.760414][ T25] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 94.760459][ T25] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 94.760516][ T25] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 94.760545][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 94.763188][ T25] usb 2-1: config 0 descriptor?? [ 94.772324][ T25] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 94.976024][ T5273] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 95.265509][ T5702] coredump: 69(syz.0.93): interrupted: fatal signal pending [ 95.273075][ T5702] coredump: 69(syz.0.93): written to core: VMAs: 37, size 97476608; core: 58606070 bytes, pos 96063488 [ 95.990870][ T5286] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 96.004907][ T5770] loop4: detected capacity change from 0 to 7 [ 96.026856][ T5770] Dev loop4: unable to read RDB block 7 [ 96.033993][ T5273] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 96.044673][ T5273] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 96.076403][ T5770] loop4: unable to read partition table [ 96.096433][ T5770] loop4: partition table beyond EOD, truncated [ 96.108252][ T5273] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 96.124440][ T5770] loop_reread_partitions: partition scan of loop4 (被xڬdƤݡ [ 96.124440][ T5770] ) failed (rc=-5) [ 96.146030][ T5273] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 96.181656][ T5273] usb 4-1: config 0 descriptor?? [ 96.196204][ T5286] usb 5-1: device descriptor read/64, error -71 [ 96.207593][ T5273] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 96.453729][ T5286] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 96.596064][ T5286] usb 5-1: device descriptor read/64, error -71 [ 96.720315][ T5286] usb usb5-port1: attempt power cycle [ 96.933006][ T5779] netlink: 'syz.2.109': attribute type 1 has an invalid length. [ 96.977506][ T5780] syz_tun: entered promiscuous mode [ 96.989610][ T5780] vlan2: entered promiscuous mode [ 96.995042][ T5780] vlan2: entered allmulticast mode [ 97.005518][ T5780] syz_tun: entered allmulticast mode [ 97.054261][ T5780] syz_tun: left allmulticast mode [ 97.069109][ T5780] syz_tun: left promiscuous mode [ 97.090104][ T5286] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 97.126756][ T5286] usb 5-1: device descriptor read/8, error -71 [ 97.303578][ T5273] usb 2-1: USB disconnect, device number 6 [ 97.396598][ T5286] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 97.470046][ T5286] usb 5-1: device descriptor read/8, error -71 [ 97.501155][ T5786] usb usb8: usbfs: interface 0 claimed by hub while 'syz.1.112' resets device [ 97.628109][ T5286] usb usb5-port1: unable to enumerate USB device [ 97.889591][ T46] usb 4-1: USB disconnect, device number 3 [ 98.016488][ T5286] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 98.189736][ T5286] usb 2-1: Using ep0 maxpacket: 16 [ 98.223661][ T5286] usb 2-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 98.283698][ T5286] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 98.343498][ T5286] usb 2-1: Product: syz [ 98.356559][ T29] kauditd_printk_skb: 104 callbacks suppressed [ 98.356604][ T29] audit: type=1326 audit(1726981558.011:2515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5800 comm="syz.4.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f3e37def9 code=0x7ffc0000 [ 98.398624][ T5286] usb 2-1: Manufacturer: syz [ 98.424058][ T5286] usb 2-1: SerialNumber: syz [ 98.448524][ T5286] usb 2-1: config 0 descriptor?? [ 98.474665][ T5286] visor 2-1:0.0: Sony Clie 3.5 converter detected [ 98.502560][ T29] audit: type=1326 audit(1726981558.041:2516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5800 comm="syz.4.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f3e37def9 code=0x7ffc0000 [ 98.525055][ C1] vkms_vblank_simulate: vblank timer overrun [ 98.660965][ T29] audit: type=1326 audit(1726981558.061:2517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5800 comm="syz.4.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f5f3e37def9 code=0x7ffc0000 [ 98.687322][ T5286] usb 2-1: clie_3_5_startup: get config number bad return length: 0 [ 98.736551][ T5286] visor 2-1:0.0: probe with driver visor failed with error -5 [ 101.590175][ T16] sched: DL replenish lagged too much [ 104.286566][ T29] audit: type=1326 audit(1726981558.061:2518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5800 comm="syz.4.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f5f3e37df33 code=0x7ffc0000 [ 104.707459][ T5286] usb 2-1: USB disconnect, device number 7 [ 104.719760][ T29] audit: type=1326 audit(1726981558.061:2519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5800 comm="syz.4.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f5f3e37df33 code=0x7ffc0000 [ 104.908381][ T29] audit: type=1326 audit(1726981558.071:2520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5800 comm="syz.4.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f3e37def9 code=0x7ffc0000 [ 105.000696][ T29] audit: type=1326 audit(1726981558.091:2521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5800 comm="syz.4.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=427 compat=0 ip=0x7f5f3e37def9 code=0x7ffc0000 [ 119.281565][ T29] audit: type=1326 audit(1726981558.091:2522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5800 comm="syz.4.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f3e37def9 code=0x7ffc0000 [ 126.696056][ T29] audit: type=1326 audit(1726981558.091:2523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5800 comm="syz.4.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7f5f3e37def9 code=0x7ffc0000 [ 127.310200][ T29] audit: type=1326 audit(1726981558.091:2524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5800 comm="syz.4.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f3e37def9 code=0x7ffc0000 [ 127.433147][ T29] audit: type=1326 audit(1726981558.091:2525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5800 comm="syz.4.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f3e37def9 code=0x7ffc0000 [ 127.613549][ T29] audit: type=1326 audit(1726981558.091:2526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5800 comm="syz.4.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7f5f3e37def9 code=0x7ffc0000 [ 127.786243][ T29] audit: type=1326 audit(1726981558.091:2527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5800 comm="syz.4.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f3e37def9 code=0x7ffc0000 [ 127.945990][ T29] audit: type=1326 audit(1726981558.091:2528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5800 comm="syz.4.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f5f3e37c890 code=0x7ffc0000 [ 128.131375][ T29] audit: type=1326 audit(1726981558.091:2529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5800 comm="syz.4.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f3e37def9 code=0x7ffc0000 [ 128.318628][ T29] audit: type=1326 audit(1726981558.091:2530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5800 comm="syz.4.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f5f3e37def9 code=0x7ffc0000 [ 128.494242][ T29] audit: type=1326 audit(1726981558.091:2531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5800 comm="syz.4.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f3e37def9 code=0x7ffc0000 [ 128.661271][ T29] audit: type=1326 audit(1726981558.091:2532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5800 comm="syz.4.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f5f3e37def9 code=0x7ffc0000 [ 130.005673][ T5232] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 130.014669][ T5232] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 130.022998][ T5232] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 130.031831][ T5232] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 130.039911][ T5232] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 130.049229][ T5232] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 130.117080][ T54] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 130.133087][ T54] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 130.140902][ T54] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 130.162932][ T54] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 130.173662][ T54] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 130.181679][ T54] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 130.586616][ T5232] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 130.618117][ T5232] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 130.628611][ T5232] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 130.636885][ T5232] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 130.644628][ T5232] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 130.652489][ T5232] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 130.837688][ T5232] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 130.848786][ T5232] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 130.856796][ T5232] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 130.865587][ T5232] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 130.873765][ T5232] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 130.884640][ T5232] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 131.034647][ T54] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 131.043308][ T54] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 131.051876][ T54] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 131.067272][ T54] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 131.077597][ T54] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 131.086062][ T54] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 131.299895][ T5831] chnl_net:caif_netlink_parms(): no params data found [ 131.512600][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state [ 131.520999][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state [ 131.537942][ T5831] bridge_slave_0: entered allmulticast mode [ 131.552749][ T5831] bridge_slave_0: entered promiscuous mode [ 131.562588][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state [ 131.576652][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state [ 131.593442][ T5831] bridge_slave_1: entered allmulticast mode [ 131.602043][ T5831] bridge_slave_1: entered promiscuous mode [ 131.721713][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 131.750218][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 131.911144][ T5831] team0: Port device team_slave_0 added [ 131.925142][ T5831] team0: Port device team_slave_1 added [ 132.014902][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 132.023135][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 132.057496][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 132.084987][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 132.105205][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 132.135918][ T5232] Bluetooth: hci5: command tx timeout [ 132.149527][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 132.272373][ T5831] hsr_slave_0: entered promiscuous mode [ 132.286640][ T5232] Bluetooth: hci6: command tx timeout [ 132.296426][ T5831] hsr_slave_1: entered promiscuous mode [ 132.312867][ T5831] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 132.322562][ T5831] Cannot create hsr debugfs directory [ 132.770379][ T5232] Bluetooth: hci7: command tx timeout [ 132.931856][ T5232] Bluetooth: hci4: command tx timeout [ 132.955269][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.966362][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.166110][ T5232] Bluetooth: hci2: command tx timeout [ 134.207045][ T5232] Bluetooth: hci5: command tx timeout [ 134.366185][ T5232] Bluetooth: hci6: command tx timeout [ 134.848899][ T5232] Bluetooth: hci7: command tx timeout [ 135.014403][ T5232] Bluetooth: hci4: command tx timeout [ 135.246294][ T5232] Bluetooth: hci2: command tx timeout [ 136.286035][ T5232] Bluetooth: hci5: command tx timeout [ 136.446257][ T5232] Bluetooth: hci6: command tx timeout [ 136.926440][ T5232] Bluetooth: hci7: command tx timeout [ 137.093846][ T5232] Bluetooth: hci4: command tx timeout [ 137.326020][ T5232] Bluetooth: hci2: command tx timeout [ 138.368435][ T5232] Bluetooth: hci5: command tx timeout [ 138.525965][ T5232] Bluetooth: hci6: command tx timeout [ 139.009439][ T5232] Bluetooth: hci7: command tx timeout [ 139.174178][ T5232] Bluetooth: hci4: command tx timeout [ 139.406042][ T5232] Bluetooth: hci2: command tx timeout [ 140.805012][ T5831] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 155.282257][ T5783] netlink: 'syz.2.111': attribute type 1 has an invalid length. [ 155.303071][ T5783] netlink: 9 bytes leftover after parsing attributes in process `syz.2.111'. [ 166.263063][ T5788] netlink: 'syz.1.112': attribute type 10 has an invalid length. [ 166.525764][ T5788] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 183.592557][ T5831] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.222478][ T5232] Bluetooth: hci0: command 0x0406 tx timeout [ 188.796280][ T5232] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 188.804739][ T5232] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 188.815403][ T5232] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 188.825088][ T5232] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 188.838536][ T5232] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 188.845977][ T5232] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 190.486481][ T54] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 190.495541][ T54] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 190.504522][ T54] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 190.517907][ T54] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 190.527314][ T54] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 190.536482][ T54] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 190.791452][ T5232] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 190.800096][ T5232] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 190.808658][ T5232] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 190.816773][ T5232] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 190.825516][ T5232] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3 [ 190.839174][ T5236] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 190.848855][ T5236] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 190.872951][ T5236] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 190.880779][ T5236] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 190.893376][ T5236] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 190.901424][ T5236] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3 [ 190.945050][ T5236] Bluetooth: hci1: command tx timeout [ 190.958062][ T54] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 190.976330][ T5232] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 190.993092][ T5223] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 191.002107][ T5223] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 191.010430][ T5223] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 191.018614][ T5223] Bluetooth: hci10: unexpected cc 0x0c25 length: 249 > 3 [ 191.030298][ T5223] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 191.227597][ T5831] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 192.606446][ T5223] Bluetooth: hci3: command tx timeout [ 192.932476][ T5223] Bluetooth: hci8: command tx timeout [ 193.006024][ T5236] Bluetooth: hci1: command tx timeout [ 193.013638][ T5223] Bluetooth: hci9: command tx timeout [ 193.166425][ T5223] Bluetooth: hci10: command tx timeout [ 194.371477][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.393407][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.686381][ T5223] Bluetooth: hci3: command tx timeout [ 195.006187][ T5223] Bluetooth: hci8: command tx timeout [ 195.086017][ T5236] Bluetooth: hci1: command tx timeout [ 195.093084][ T5223] Bluetooth: hci9: command tx timeout [ 195.246331][ T5223] Bluetooth: hci10: command tx timeout [ 196.766076][ T5223] Bluetooth: hci3: command tx timeout [ 197.085903][ T5223] Bluetooth: hci8: command tx timeout [ 197.167933][ T5236] Bluetooth: hci1: command tx timeout [ 197.173431][ T5223] Bluetooth: hci9: command tx timeout [ 197.326141][ T5223] Bluetooth: hci10: command tx timeout [ 198.856182][ T5223] Bluetooth: hci3: command tx timeout [ 199.174221][ T5223] Bluetooth: hci8: command tx timeout [ 199.246123][ T5223] Bluetooth: hci9: command tx timeout [ 199.406555][ T5223] Bluetooth: hci10: command tx timeout [ 242.492321][ T5831] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 242.705977][ T5814] bridge_slave_1: left allmulticast mode [ 242.711680][ T5814] bridge_slave_1: left promiscuous mode [ 242.761908][ T5814] bridge0: port 2(bridge_slave_1) entered disabled state [ 242.896536][ T5814] bridge_slave_0: left allmulticast mode [ 242.926449][ T5814] bridge_slave_0: left promiscuous mode [ 242.932278][ T5814] bridge0: port 1(bridge_slave_0) entered disabled state [ 244.376270][ T5814] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 244.417887][ T5814] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 244.458848][ T5814] bond0 (unregistering): Released all slaves [ 249.450012][ T5236] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 249.458755][ T5236] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 249.468661][ T5236] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 249.503772][ T5236] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 249.511633][ T5236] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 249.528304][ T5236] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 249.814136][ T5878] chnl_net:caif_netlink_parms(): no params data found [ 250.011611][ T5878] bridge0: port 1(bridge_slave_0) entered blocking state [ 250.026493][ T5878] bridge0: port 1(bridge_slave_0) entered disabled state [ 250.033818][ T5878] bridge_slave_0: entered allmulticast mode [ 250.051076][ T5878] bridge_slave_0: entered promiscuous mode [ 250.069761][ T5878] bridge0: port 2(bridge_slave_1) entered blocking state [ 250.083241][ T5878] bridge0: port 2(bridge_slave_1) entered disabled state [ 250.093774][ T5878] bridge_slave_1: entered allmulticast mode [ 250.108756][ T5878] bridge_slave_1: entered promiscuous mode [ 250.343906][ T5878] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 250.409180][ T5878] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 250.758612][ T5878] team0: Port device team_slave_0 added [ 250.817093][ T5878] team0: Port device team_slave_1 added [ 251.088435][ T5878] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 251.136343][ T5878] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 251.241813][ T5232] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 251.266487][ T5232] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 251.274863][ T5232] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 251.290131][ T5232] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 251.299817][ T5232] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 251.309387][ T5232] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 251.384425][ T5878] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 251.433391][ T5232] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 251.444417][ T5232] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 251.454718][ T5232] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 251.465971][ T5232] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 251.474134][ T5232] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 251.482198][ T5232] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 251.566230][ T5878] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 251.573231][ T5878] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 251.603410][ T5232] Bluetooth: hci0: command tx timeout [ 251.644866][ T54] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 251.657322][ T54] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 251.667715][ T5878] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 251.774188][ T5236] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 251.782544][ T5238] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 251.793635][ T5238] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 251.802400][ T5238] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 251.812650][ T5238] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 251.821294][ T5238] Bluetooth: hci12: unexpected cc 0x0c25 length: 249 > 3 [ 251.828762][ T5238] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 251.870687][ T5878] hsr_slave_0: entered promiscuous mode [ 251.886972][ T5238] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 251.896519][ T5238] Bluetooth: hci11: unexpected cc 0x0c25 length: 249 > 3 [ 251.905406][ T5238] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 251.980361][ T5878] hsr_slave_1: entered promiscuous mode [ 252.020314][ T5878] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 252.037086][ T5878] Cannot create hsr debugfs directory [ 252.783042][ T5232] Bluetooth: hci6: command 0x0406 tx timeout [ 253.406122][ T5223] Bluetooth: hci4: command tx timeout [ 253.574303][ T5223] Bluetooth: hci5: command tx timeout [ 253.645926][ T5223] Bluetooth: hci0: command tx timeout [ 253.886174][ T5223] Bluetooth: hci12: command tx timeout [ 253.966495][ T5223] Bluetooth: hci11: command tx timeout [ 255.503831][ T5223] Bluetooth: hci4: command tx timeout [ 255.656236][ T5223] Bluetooth: hci5: command tx timeout [ 255.736346][ T5223] Bluetooth: hci0: command tx timeout [ 255.808050][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.814408][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.966303][ T5238] Bluetooth: hci12: command tx timeout [ 256.046379][ T5238] Bluetooth: hci11: command tx timeout [ 257.566234][ T5238] Bluetooth: hci4: command tx timeout [ 257.726212][ T5238] Bluetooth: hci5: command tx timeout [ 257.806322][ T5238] Bluetooth: hci0: command tx timeout [ 257.895713][ T54] Bluetooth: hci7: command 0x0406 tx timeout [ 257.902208][ T5238] Bluetooth: hci2: command 0x0406 tx timeout [ 258.045996][ T5223] Bluetooth: hci12: command tx timeout [ 258.126906][ T5223] Bluetooth: hci11: command tx timeout [ 259.646099][ T5223] Bluetooth: hci4: command tx timeout [ 259.806308][ T5223] Bluetooth: hci5: command tx timeout [ 260.126338][ T5223] Bluetooth: hci12: command tx timeout [ 260.206407][ T5223] Bluetooth: hci11: command tx timeout [ 306.105119][ T5878] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 312.681117][ T5230] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 312.696112][ T5230] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 312.704114][ T5230] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 312.712603][ T5230] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 312.720434][ T5230] Bluetooth: hci13: unexpected cc 0x0c25 length: 249 > 3 [ 312.728854][ T5230] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 313.534087][ T5236] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1 [ 313.543856][ T5236] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9 [ 313.557274][ T5236] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9 [ 313.566341][ T5236] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4 [ 313.584077][ T5236] Bluetooth: hci14: unexpected cc 0x0c25 length: 249 > 3 [ 313.592753][ T5236] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2 [ 313.817295][ T5230] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1 [ 313.826864][ T5230] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9 [ 313.834673][ T5230] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9 [ 313.846605][ T5230] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4 [ 313.855141][ T5230] Bluetooth: hci15: unexpected cc 0x0c25 length: 249 > 3 [ 313.863283][ T5230] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2 [ 313.971828][ T5230] Bluetooth: hci16: unexpected cc 0x0c03 length: 249 > 1 [ 313.985298][ T5230] Bluetooth: hci16: unexpected cc 0x1003 length: 249 > 9 [ 313.993765][ T5230] Bluetooth: hci16: unexpected cc 0x1001 length: 249 > 9 [ 314.002014][ T5230] Bluetooth: hci16: unexpected cc 0x0c23 length: 249 > 4 [ 314.010285][ T5230] Bluetooth: hci16: unexpected cc 0x0c25 length: 249 > 3 [ 314.018471][ T5230] Bluetooth: hci16: unexpected cc 0x0c38 length: 249 > 2 [ 314.220113][ T5230] Bluetooth: hci9: command 0x0406 tx timeout [ 314.226263][ T5236] Bluetooth: hci1: command 0x0406 tx timeout [ 314.232300][ T5236] Bluetooth: hci3: command 0x0406 tx timeout [ 314.238816][ T5230] Bluetooth: hci8: command 0x0406 tx timeout [ 314.244855][ T5230] Bluetooth: hci10: command 0x0406 tx timeout [ 314.419300][ T54] Bluetooth: hci17: unexpected cc 0x0c03 length: 249 > 1 [ 314.431248][ T4618] Bluetooth: hci17: unexpected cc 0x1003 length: 249 > 9 [ 314.440188][ T4618] Bluetooth: hci17: unexpected cc 0x1001 length: 249 > 9 [ 314.449946][ T4618] Bluetooth: hci17: unexpected cc 0x0c23 length: 249 > 4 [ 314.458155][ T4618] Bluetooth: hci17: unexpected cc 0x0c25 length: 249 > 3 [ 314.465702][ T4618] Bluetooth: hci17: unexpected cc 0x0c38 length: 249 > 2 [ 314.766030][ T4618] Bluetooth: hci13: command tx timeout [ 315.656138][ T4618] Bluetooth: hci14: command tx timeout [ 315.886173][ T4618] Bluetooth: hci15: command tx timeout [ 316.446334][ T4618] Bluetooth: hci16: command tx timeout [ 316.525962][ T4618] Bluetooth: hci17: command tx timeout [ 316.846310][ T4618] Bluetooth: hci13: command tx timeout [ 317.256414][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.262938][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.736527][ T4618] Bluetooth: hci14: command tx timeout [ 317.974189][ T4618] Bluetooth: hci15: command tx timeout [ 318.526294][ T4618] Bluetooth: hci16: command tx timeout [ 318.606329][ T4618] Bluetooth: hci17: command tx timeout [ 318.926168][ T4618] Bluetooth: hci13: command tx timeout [ 319.805954][ T4618] Bluetooth: hci14: command tx timeout [ 320.046231][ T4618] Bluetooth: hci15: command tx timeout [ 320.606027][ T4618] Bluetooth: hci16: command tx timeout [ 320.685943][ T4618] Bluetooth: hci17: command tx timeout [ 321.006256][ T4618] Bluetooth: hci13: command tx timeout [ 321.886366][ T4618] Bluetooth: hci14: command tx timeout [ 322.126255][ T4618] Bluetooth: hci15: command tx timeout [ 322.686308][ T4618] Bluetooth: hci16: command tx timeout [ 322.766081][ T4618] Bluetooth: hci17: command tx timeout [ 370.366229][ T30] INFO: task syz-executor:5825 blocked for more than 143 seconds. [ 370.374115][ T30] Not tainted 6.11.0-syzkaller-08481-g88264981f208 #0 [ 370.435984][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 370.444725][ T30] task:syz-executor state:D stack:24440 pid:5825 tgid:5825 ppid:1 flags:0x00004006 [ 370.491721][ T30] Call Trace: [ 370.495148][ T30] [ 370.506307][ T30] __schedule+0x1895/0x4b30 [ 370.510887][ T30] ? __pfx___schedule+0x10/0x10 [ 370.538544][ T30] ? __pfx_lock_release+0x10/0x10 [ 370.543643][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 370.562275][ T30] ? schedule+0x90/0x320 [ 370.572774][ T30] schedule+0x14b/0x320 [ 370.593032][ T30] schedule_preempt_disabled+0x13/0x30 [ 370.615148][ T30] __mutex_lock+0x6a7/0xd70 [ 370.626106][ T30] ? __mutex_lock+0x52a/0xd70 [ 370.630845][ T30] ? ip_tunnel_init_net+0x20e/0x720 [ 370.663838][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 370.669299][ T30] ? read_word_at_a_time+0xe/0x20 [ 370.674373][ T30] ? sized_strscpy+0x8d/0x220 [ 370.704205][ T30] ip_tunnel_init_net+0x20e/0x720 [ 370.723392][ T30] ? __pfx_ip_tunnel_init_net+0x10/0x10 [ 370.734954][ T30] ? ops_init+0x75/0x590 [ 370.746199][ T30] ops_init+0x31e/0x590 [ 370.750399][ T30] ? lockdep_init_map_type+0xa1/0x910 [ 370.774158][ T30] setup_net+0x287/0x9e0 [ 370.785771][ T30] ? __pfx_down_read_killable+0x10/0x10 [ 370.815838][ T30] ? __pfx_setup_net+0x10/0x10 [ 370.820673][ T30] copy_net_ns+0x33f/0x570 [ 370.825127][ T30] create_new_namespaces+0x425/0x7b0 [ 370.883703][ T30] unshare_nsproxy_namespaces+0x124/0x180 [ 370.903416][ T30] ksys_unshare+0x619/0xc10 [ 370.943468][ T30] ? __pfx_ksys_unshare+0x10/0x10 [ 370.956230][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 370.962301][ T30] ? do_syscall_64+0x100/0x230 [ 371.004139][ T30] __x64_sys_unshare+0x38/0x40 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 371.033367][ T30] do_syscall_64+0xf3/0x230 [ 371.040656][ T30] ? clear_bhb_loop+0x35/0x90 [ 371.045416][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 371.066417][ T30] RIP: 0033:0x7f53a677f6f7 [ 371.070894][ T30] RSP: 002b:00007f53a6a5ffa8 EFLAGS: 00000206 ORIG_RAX: 0000000000000110 [ 371.124444][ T30] RAX: ffffffffffffffda RBX: 00007f53a67f22ec RCX: 00007f53a677f6f7 [ 371.224042][ T30] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 [ 371.289672][ T30] RBP: 0000000000000000 R08: 00007f53a7467d60 R09: 0000000000000000 [ 371.315608][ T30] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000000000c [ 371.324508][ T30] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 371.353387][ T30] [ 371.359224][ T30] [ 371.359224][ T30] Showing all locks held in the system: [ 371.373263][ T30] 1 lock held by khungtaskd/30: [ 371.381388][ T30] #0: ffffffff8e937ee0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 371.395925][ T30] 3 locks held by kworker/u8:2/35: [ 371.401078][ T30] #0: ffff88802e274948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 371.423209][ T30] #1: ffffc90000ab7d00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 371.444635][ T30] #2: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xd0/0x16f0 [ 371.454464][ T30] 3 locks held by kworker/1:1/46: [ 371.466104][ T30] #0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 371.484672][ T30] #1: ffffc90000b67d00 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 371.510675][ T30] #2: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xe/0x20 [ 371.530741][ T30] 3 locks held by kworker/u8:3/52: [ 371.542474][ T30] #0: ffff88801ac89148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 371.559180][ T30] #1: ffffc90000bd7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 371.575873][ T30] #2: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 371.584933][ T30] 3 locks held by kworker/u8:4/62: [ 371.601325][ T30] #0: ffff88801c7b9948 ((wq_completion)cfg80211){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 371.616658][ T30] #1: ffffc900015e7d00 ((work_completion)(&(&rdev->dfs_update_channels_wk)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 371.635931][ T30] #2: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: cfg80211_dfs_channels_update_work+0xbf/0x610 [ 371.655369][ T30] 3 locks held by kworker/0:2/1170: [ 371.661405][ T30] 2 locks held by getty/4982: [ 371.674175][ T30] #0: ffff88814c2cc0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 371.686219][ T30] #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6a6/0x1e00 [ 371.704761][ T30] 6 locks held by kworker/0:4/5274: [ 371.712738][ T30] 3 locks held by kworker/0:7/5277: [ 371.725795][ T30] #0: ffff88801ac81948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 371.749267][ T30] #1: ffffc9000400fd00 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 371.766107][ T30] #2: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: reg_check_chans_work+0x99/0xfd0 [ 371.783193][ T30] 1 lock held by syz.0.110/5780: [ 371.790227][ T30] #0: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3b/0x1b0 [ 371.805910][ T30] 3 locks held by kworker/u8:9/5814: [ 371.815537][ T30] #0: ffff88801baed948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 371.835829][ T30] #1: ffffc90009587d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 371.856074][ T30] #2: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 [ 371.865546][ T30] 1 lock held by syz-executor/5824: [ 371.877840][ T30] #0: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3b/0x1b0 [ 371.892949][ T30] 2 locks held by syz-executor/5825: [ 371.902034][ T30] #0: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 371.914943][ T30] #1: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: ip_tunnel_init_net+0x20e/0x720 [ 371.931746][ T30] 2 locks held by syz-executor/5828: [ 371.938766][ T30] #0: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 371.955841][ T30] #1: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: cangw_pernet_exit_batch+0x20/0x90 [ 371.965658][ T30] 1 lock held by syz-executor/5831: [ 371.980751][ T30] #0: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3b/0x1b0 [ 371.993916][ T30] 2 locks held by syz-executor/5833: [ 372.004033][ T30] #0: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 372.025024][ T30] #1: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: cangw_pernet_exit_batch+0x20/0x90 [ 372.035209][ T30] 2 locks held by syz-executor/5848: [ 372.046320][ T30] #0: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 372.065192][ T30] #1: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: ip_tunnel_init_net+0x20e/0x720 [ 372.075156][ T30] 2 locks held by syz-executor/5854: [ 372.085925][ T30] #0: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 372.095413][ T30] #1: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: ip_tunnel_init_net+0x20e/0x720 [ 372.114108][ T30] 2 locks held by syz-executor/5860: [ 372.121520][ T30] #0: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 372.140653][ T30] #1: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: ip_tunnel_init_net+0x20e/0x720 [ 372.155265][ T30] 2 locks held by syz-executor/5861: [ 372.165389][ T30] #0: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 372.179972][ T30] #1: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: ip_tunnel_init_net+0x20e/0x720 [ 372.194350][ T30] 2 locks held by syz-executor/5862: [ 372.203344][ T30] #0: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 372.217717][ T30] #1: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: ip_tunnel_init_net+0x20e/0x720 [ 372.236386][ T30] 7 locks held by syz-executor/5878: [ 372.241729][ T30] #0: ffff88802e738420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x224/0xc90 [ 372.258481][ T30] #1: ffff8880551d0088 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1ea/0x500 [ 372.274311][ T30] #2: ffff888144310c38 (kn->active#49){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20e/0x500 [ 372.288026][ T30] #3: ffffffff8f568bc8 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: del_device_store+0xfc/0x480 [ 372.306139][ T30] #4: ffff888055c5d0e8 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0xce/0x7c0 [ 372.326626][ T30] #5: ffff888055c5e250 (&devlink->lock_key){+.+.}-{3:3}, at: nsim_drv_remove+0x50/0x160 [ 372.344264][ T30] #6: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: nsim_destroy+0x71/0x5c0 [ 372.355352][ T30] 2 locks held by syz-executor/5892: [ 372.374517][ T30] #0: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 372.394131][ T30] #1: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 372.412371][ T30] 2 locks held by syz-executor/5894: [ 372.419557][ T30] #0: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 372.435832][ T30] #1: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 372.455652][ T30] 2 locks held by syz-executor/5896: [ 372.462084][ T30] #0: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 372.479848][ T30] #1: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 372.495887][ T30] 2 locks held by syz-executor/5897: [ 372.501201][ T30] #0: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 372.518270][ T30] #1: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 372.541693][ T30] 2 locks held by syz-executor/5904: [ 372.551243][ T30] #0: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 372.566592][ T30] #1: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 372.584594][ T30] 2 locks held by syz-executor/5909: [ 372.590276][ T30] #0: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 372.606025][ T30] #1: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 372.626338][ T30] 2 locks held by syz-executor/5911: [ 372.633246][ T30] #0: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 372.646282][ T30] #1: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 372.665620][ T30] 2 locks held by syz-executor/5913: [ 372.671259][ T30] #0: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 372.685774][ T30] #1: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 372.706991][ T30] 2 locks held by syz-executor/5915: [ 372.712327][ T30] #0: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 372.725786][ T30] #1: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 372.746706][ T30] [ 372.749077][ T30] ============================================= [ 372.749077][ T30] [ 372.766619][ T30] NMI backtrace for cpu 1 [ 372.770989][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-syzkaller-08481-g88264981f208 #0 [ 372.781166][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 372.791240][ T30] Call Trace: [ 372.794534][ T30] [ 372.797490][ T30] dump_stack_lvl+0x241/0x360 [ 372.802206][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 372.807441][ T30] ? __pfx__printk+0x10/0x10 [ 372.812069][ T30] nmi_cpu_backtrace+0x49c/0x4d0 [ 372.817088][ T30] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 372.822589][ T30] ? _printk+0xd5/0x120 [ 372.826769][ T30] ? __pfx__printk+0x10/0x10 [ 372.831394][ T30] ? __wake_up_klogd+0xcc/0x110 [ 372.836273][ T30] ? __pfx__printk+0x10/0x10 [ 372.840890][ T30] ? __rcu_read_unlock+0xa1/0x110 [ 372.845946][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 372.851980][ T30] nmi_trigger_cpumask_backtrace+0x198/0x320 [ 372.858001][ T30] watchdog+0xff4/0x1040 [ 372.862279][ T30] ? watchdog+0x1ea/0x1040 [ 372.866743][ T30] ? __pfx_watchdog+0x10/0x10 [ 372.871443][ T30] kthread+0x2f0/0x390 [ 372.875528][ T30] ? __pfx_watchdog+0x10/0x10 [ 372.880230][ T30] ? __pfx_kthread+0x10/0x10 [ 372.884844][ T30] ret_from_fork+0x4b/0x80 [ 372.889294][ T30] ? __pfx_kthread+0x10/0x10 [ 372.893912][ T30] ret_from_fork_asm+0x1a/0x30 [ 372.898730][ T30] [ 372.902814][ T30] Sending NMI from CPU 1 to CPUs 0: [ 372.908504][ C0] NMI backtrace for cpu 0 [ 372.908518][ C0] CPU: 0 UID: 0 PID: 5274 Comm: kworker/0:4 Not tainted 6.11.0-syzkaller-08481-g88264981f208 #0 [ 372.908548][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 372.908560][ C0] Workqueue: events nsim_dev_trap_report_work [ 372.908589][ C0] RIP: 0010:lock_release+0x658/0xa30 [ 372.908619][ C0] Code: 3c 3b 00 74 08 4c 89 f7 e8 75 ca 8d 00 f6 84 24 91 00 00 00 02 75 77 41 f7 c5 00 02 00 00 74 01 fb 48 c7 44 24 60 0e 36 e0 45 <4b> c7 04 27 00 00 00 00 4b c7 44 27 08 00 00 00 00 65 48 8b 04 25 [ 372.908633][ C0] RSP: 0018:ffffc90000006d00 EFLAGS: 00000046 [ 372.908649][ C0] RAX: 0000000000000001 RBX: 1ffff92000000db2 RCX: ffffc90000006d03 [ 372.908662][ C0] RDX: 0000000000000006 RSI: ffffffff8c0adbc0 RDI: ffffffff8c60d040 [ 372.908675][ C0] RBP: ffffc90000006e30 R08: ffffffff901c77af R09: 1ffffffff2038ef5 [ 372.908689][ C0] R10: dffffc0000000000 R11: fffffbfff2038ef6 R12: 1ffff92000000dac [ 372.908702][ C0] R13: 0000000000000046 R14: ffffc90000006d90 R15: dffffc0000000000 [ 372.908715][ C0] FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 372.908730][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 372.908743][ C0] CR2: 0000001b32d1e000 CR3: 000000000e734000 CR4: 00000000003506f0 [ 372.908759][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 372.908769][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 372.908781][ C0] Call Trace: [ 372.908787][ C0] [ 372.908794][ C0] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 372.908821][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 372.908849][ C0] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 372.908875][ C0] ? nmi_handle+0x2a/0x5a0 [ 372.908900][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 372.908924][ C0] ? nmi_handle+0x14f/0x5a0 [ 372.908941][ C0] ? nmi_handle+0x2a/0x5a0 [ 372.908959][ C0] ? lock_release+0x658/0xa30 [ 372.908989][ C0] ? default_do_nmi+0x63/0x160 [ 372.909017][ C0] ? exc_nmi+0x123/0x1f0 [ 372.909042][ C0] ? end_repeat_nmi+0xf/0x53 [ 372.909069][ C0] ? lock_release+0x658/0xa30 [ 372.909095][ C0] ? lock_release+0x658/0xa30 [ 372.909121][ C0] ? lock_release+0x658/0xa30 [ 372.909146][ C0] [ 372.909152][ C0] [ 372.909161][ C0] ? debug_object_activate+0x3e4/0x510 [ 372.909186][ C0] ? do_raw_spin_lock+0x14f/0x370 [ 372.909208][ C0] ? __pfx_lock_release+0x10/0x10 [ 372.909238][ C0] ? __pfx_debug_objects_fill_pool+0x10/0x10 [ 372.909267][ C0] _raw_spin_unlock_irqrestore+0x79/0x140 [ 372.909287][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 372.909312][ C0] debug_object_activate+0x3e4/0x510 [ 372.909336][ C0] ? ip_finish_output2+0x45f/0x1390 [ 372.909360][ C0] ? __pfx_debug_object_activate+0x10/0x10 [ 372.909390][ C0] ? rcuref_put_slowpath+0x138/0x340 [ 372.909413][ C0] ? __pfx_dst_destroy_rcu+0x10/0x10 [ 372.909437][ C0] call_rcu+0x97/0xa70 [ 372.909461][ C0] ? __pfx_call_rcu+0x10/0x10 [ 372.909479][ C0] ? rcuref_put+0x1e3/0x240 [ 372.909500][ C0] ? __pfx_rcuref_put+0x10/0x10 [ 372.909527][ C0] skb_release_head_state+0x73/0x250 [ 372.909552][ C0] consume_skb+0x60/0xf0 [ 372.909574][ C0] nft_synproxy_eval_v4+0x3d2/0x610 [ 372.909598][ C0] ? __pfx_nft_synproxy_eval_v4+0x10/0x10 [ 372.909620][ C0] ? nf_ip_checksum+0x13a/0x500 [ 372.909643][ C0] nft_synproxy_do_eval+0x362/0xa60 [ 372.909666][ C0] ? __pfx_nft_synproxy_do_eval+0x10/0x10 [ 372.909686][ C0] ? __lock_acquire+0x1384/0x2050 [ 372.909714][ C0] ? __pfx_validate_chain+0x10/0x10 [ 372.909738][ C0] nft_do_chain+0x4ad/0x1da0 [ 372.909777][ C0] ? __pfx_nft_do_chain+0x10/0x10 [ 372.909796][ C0] ? __local_bh_enable_ip+0x168/0x200 [ 372.909841][ C0] ? __pfx_nf_nat_inet_fn+0x10/0x10 [ 372.909864][ C0] nft_do_chain_inet+0x418/0x6b0 [ 372.909884][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 372.909901][ C0] ? ipt_do_table+0x312/0x1860 [ 372.909927][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 372.909944][ C0] nf_hook_slow+0xc3/0x220 [ 372.909960][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 372.909986][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 372.910028][ C0] NF_HOOK+0x29e/0x450 [ 372.910052][ C0] ? NF_HOOK+0x9a/0x450 [ 372.910075][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 372.910099][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 372.910126][ C0] ? ip_rcv_finish+0x406/0x560 [ 372.910151][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 372.910175][ C0] NF_HOOK+0x3a4/0x450 [ 372.910197][ C0] ? __lock_acquire+0x1384/0x2050 [ 372.910223][ C0] ? NF_HOOK+0x9a/0x450 [ 372.910246][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 372.910268][ C0] ? ip_rcv_core+0x801/0xd10 [ 372.910292][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 372.910320][ C0] ? __pfx_ip_rcv+0x10/0x10 [ 372.910344][ C0] __netif_receive_skb+0x2bf/0x650 [ 372.910371][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 372.910396][ C0] ? __pfx___netif_receive_skb+0x10/0x10 [ 372.910421][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 372.910446][ C0] ? __pfx_lock_release+0x10/0x10 [ 372.910471][ C0] ? _raw_spin_lock_irq+0xdf/0x120 [ 372.910495][ C0] process_backlog+0x662/0x15b0 [ 372.910514][ C0] ? process_backlog+0x33b/0x15b0 [ 372.910534][ C0] ? __pfx_process_backlog+0x10/0x10 [ 372.910551][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 372.910577][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 372.910604][ C0] __napi_poll+0xcb/0x490 [ 372.910630][ C0] net_rx_action+0x89b/0x1240 [ 372.910657][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 372.910676][ C0] ? sched_clock+0x4a/0x70 [ 372.910704][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 372.910734][ C0] handle_softirqs+0x2c5/0x980 [ 372.910758][ C0] ? do_softirq+0x11b/0x1e0 [ 372.910781][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 372.910808][ C0] do_softirq+0x11b/0x1e0 [ 372.910828][ C0] [ 372.910834][ C0] [ 372.910840][ C0] ? __pfx_do_softirq+0x10/0x10 [ 372.910861][ C0] ? __pfx_lockdep_softirqs_on+0x10/0x10 [ 372.910888][ C0] ? rcu_is_watching+0x15/0xb0 [ 372.910907][ C0] __local_bh_enable_ip+0x1bb/0x200 [ 372.910930][ C0] ? nsim_dev_trap_report_work+0x75d/0xaa0 [ 372.910953][ C0] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 372.910981][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 372.911003][ C0] ? nsim_dev_trap_report_work+0x6a7/0xaa0 [ 372.911028][ C0] nsim_dev_trap_report_work+0x75d/0xaa0 [ 372.911059][ C0] ? process_scheduled_works+0x976/0x1850 [ 372.911083][ C0] process_scheduled_works+0xa63/0x1850 [ 372.911119][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 372.911146][ C0] ? assign_work+0x364/0x3d0 [ 372.911170][ C0] worker_thread+0x870/0xd30 [ 372.911208][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 372.911228][ C0] ? __kthread_parkme+0x169/0x1d0 [ 372.911252][ C0] ? __pfx_worker_thread+0x10/0x10 [ 372.911274][ C0] kthread+0x2f0/0x390 [ 372.911288][ C0] ? __pfx_worker_thread+0x10/0x10 [ 372.911310][ C0] ? __pfx_kthread+0x10/0x10 [ 372.911325][ C0] ret_from_fork+0x4b/0x80 [ 372.911347][ C0] ? __pfx_kthread+0x10/0x10 [ 372.911381][ C0] ret_from_fork_asm+0x1a/0x30 [ 372.911426][ C0] [ 373.666773][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 373.673669][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-syzkaller-08481-g88264981f208 #0 [ 373.683931][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 373.694120][ T30] Call Trace: [ 373.697422][ T30] [ 373.700375][ T30] dump_stack_lvl+0x241/0x360 [ 373.705083][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 373.710302][ T30] ? __pfx__printk+0x10/0x10 [ 373.714912][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 373.720935][ T30] ? vscnprintf+0x5d/0x90 [ 373.725298][ T30] panic+0x349/0x880 [ 373.729241][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 373.735433][ T30] ? __pfx_panic+0x10/0x10 [ 373.739871][ T30] ? tick_nohz_tick_stopped+0x82/0xb0 [ 373.745291][ T30] ? __irq_work_queue_local+0x137/0x410 [ 373.750878][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 373.756275][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 373.762471][ T30] ? nmi_trigger_cpumask_backtrace+0x2d4/0x320 [ 373.768668][ T30] ? nmi_trigger_cpumask_backtrace+0x2d9/0x320 [ 373.774862][ T30] watchdog+0x1033/0x1040 [ 373.779231][ T30] ? watchdog+0x1ea/0x1040 [ 373.783686][ T30] ? __pfx_watchdog+0x10/0x10 [ 373.788417][ T30] kthread+0x2f0/0x390 [ 373.792508][ T30] ? __pfx_watchdog+0x10/0x10 [ 373.797213][ T30] ? __pfx_kthread+0x10/0x10 [ 373.801827][ T30] ret_from_fork+0x4b/0x80 [ 373.806275][ T30] ? __pfx_kthread+0x10/0x10 [ 373.810888][ T30] ret_from_fork_asm+0x1a/0x30 [ 373.815699][ T30] [ 373.819068][ T30] Kernel Offset: disabled [ 373.823427][ T30] Rebooting in 86400 seconds..