last executing test programs: 3.435646652s ago: executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) 3.331195512s ago: executing program 1: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0x0) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f00000001c0)) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f00000005c0)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0}) openat$sndseq(0xffffffffffffff9c, 0x0, 0x2080) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f0000000480)=""/86, &(0x7f0000000880)=""/72}) ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000540)={0x1}) 3.202126844s ago: executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000d80)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000c00), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000002100000008000300", @ANYRES32=r7, @ANYBLOB="1c002d80"], 0x44}}, 0x0) r8 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBSENT(r8, 0x4b68, 0x0) 2.635721338s ago: executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) 2.576683881s ago: executing program 4: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0x0) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f00000001c0)) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f00000005c0)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0}) openat$sndseq(0xffffffffffffff9c, 0x0, 0x2080) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000540)={0x1}) 2.428841309s ago: executing program 2: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r2, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000080), 0xc) 2.320028175s ago: executing program 4: syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='net/netstat\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a0000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) socket$packet(0x11, 0x2, 0x300) syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f0000000040)={0x3ff}, 0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000000), 0x6b5, 0x0) 2.112226178s ago: executing program 4: r0 = io_uring_setup(0x4822, &(0x7f0000000480)) r1 = socket$inet6(0xa, 0x806, 0x0) bind$inet6(r1, &(0x7f0000000080)={0xa, 0x4e23}, 0x1c) listen(r1, 0x3) r2 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r2, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) r3 = accept4(r1, 0x0, 0x0, 0x0) recvmmsg(r2, 0x0, 0x0, 0x0, 0x0) sendmmsg(r3, &(0x7f0000001500), 0x588, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 1.758662669s ago: executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00000000c0), 0x4) r1 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xfffffffffffffed2, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03002a000b05d25a806c8c6f94f90424fc601000127a0a000600093582c137153e37080c188005ac0f000300", 0x33fe0}], 0x1}, 0x0) 1.513967228s ago: executing program 0: r0 = socket$inet6(0xa, 0x3, 0x8000000003c) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r1, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000180)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x6c}, {0x6}]}, 0x10) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x1}, 0x1c) sendmsg(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x0) 1.431015918s ago: executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) 1.36743461s ago: executing program 4: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0x0) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f00000001c0)) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f00000005c0)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0}) openat$sndseq(0xffffffffffffff9c, 0x0, 0x2080) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000540)={0x1}) 1.180564307s ago: executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$inet_sctp(0x2, 0x0, 0x84) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000130000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x2d) syz_io_uring_setup(0x0, 0x0, &(0x7f0000000040)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index}) openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600200000000000500000014000500200100000000000000000100000000001c00090008000000", @ANYRES32=r1], 0x4c}}, 0x0) 1.171572476s ago: executing program 2: socket(0x200000100000011, 0x803, 0x0) socket$packet(0x11, 0x3, 0x300) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_open_pts(r0, 0x0) socket$inet(0x2b, 0x801, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r5 = dup(r4) ioctl$KVM_SET_MSRS(r5, 0xc048aeca, &(0x7f0000000040)=ANY=[@ANYRES16=r1]) 1.149293158s ago: executing program 4: setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000001c0)={0x3, &(0x7f0000000040)=[{0x28, 0x0, 0x0, 0xab4f}, {0x28, 0x1, 0xfd, 0xff7ff00c}, {0x6}]}, 0x10) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfdef) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='oom_adj\x00') write$binfmt_elf64(r1, &(0x7f0000000340)=ANY=[], 0xb0) sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = add_key$user(&(0x7f00000006c0), &(0x7f0000000300)={'syz', 0x1}, &(0x7f0000000440)="3118a062c5e6f9b332e2f3006a9a29fcaff672ae900d6fa95c321004ea8844c7a92ca02b058250a07854dcfb2951b8ea60e3c13305cb31f9a5493befc04fb0be50cc07b31ecfb1baf775d8efd3f847d3392d421fe46244c6886cbb9ad6077b29e5fa3bfdf07a4515d5588050fde3c0f03ddda2ebe8649cf2a473b5069866bd0d8a78cf92c40574dd50446db139d9723e0d3753eb94c0fac0c409d1f208c29e115fba14d1e378ef478508ae2e37b64ca1826d14e1209183948dc754c1d92fdebf", 0xc0, 0xffffffffffffffff) r5 = add_key$user(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000340)="8e", 0x1, 0xffffffffffffffff) keyctl$dh_compute(0x17, &(0x7f0000000040)={r5, r4, r4}, &(0x7f0000000180)=""/84, 0x54, &(0x7f0000000340)={&(0x7f0000000240)={'crct10dif-pclmul\x00'}}) 1.13441243s ago: executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000000c0)) pwritev(r0, 0x0, 0x0, 0x0, 0x0) 889.571189ms ago: executing program 0: syz_emit_vhci(&(0x7f00000003c0)=ANY=[@ANYBLOB="043e0b1ac91b"], 0xe) 818.68549ms ago: executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x0, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000300)) pwrite64(r0, &(0x7f0000000340)="5da1", 0x2, 0x0) 743.700135ms ago: executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x6, 0x42, 0x40, 0x0, 0x1}, 0x48) bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000500), 0x0, 0x2, r0}, 0x38) 691.20829ms ago: executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f00000001c0)=@gcm_128={{0x303}, "0400", "0d00000000000f7fdfff00", "cf0d00", "8657e2b7e43b34e4"}, 0x28) r1 = socket$inet6(0x10, 0x80002, 0x4) sendto$inet6(r1, &(0x7f0000000140)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323456536005ad94a461cdbfee9bdb9423523598451d1ec0cffc8792cd8000080", 0x4c, 0x0, 0x0, 0x0) 595.88368ms ago: executing program 1: ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) sendmmsg$sock(r0, 0x0, 0x0, 0x0) ioctl$F2FS_IOC_GARBAGE_COLLECT(0xffffffffffffffff, 0x80004507, 0x0) socket$inet6_sctp(0xa, 0x0, 0x84) syz_io_uring_setup(0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index, 0x0, 0x0}) ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4b72, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/if_inet6\x00') preadv(r1, &(0x7f0000001580)=[{&(0x7f0000000140)=""/170, 0xaa}], 0x1, 0x7f, 0x0) io_uring_setup(0x0, &(0x7f0000000040)) 505.388276ms ago: executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00000000c0), 0x4) r1 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xfffffffffffffed2, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03002a000b05d25a806c8c6f94f90424fc601000127a0a000600093582c137153e37080c188005ac0f000300", 0x33fe0}], 0x1}, 0x0) 477.994776ms ago: executing program 2: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r2, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000080), 0xc) 467.124207ms ago: executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) 345.430769ms ago: executing program 3: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0x0) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f00000001c0)) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f00000005c0)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0}) openat$sndseq(0xffffffffffffff9c, 0x0, 0x2080) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000540)={0x1}) 223.509137ms ago: executing program 3: r0 = socket$inet6(0xa, 0x3, 0x8000000003c) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r1, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000180)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x6c}, {0x6}]}, 0x10) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x1}, 0x1c) sendmsg(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x0) 165.776515ms ago: executing program 1: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000000c0)) pwritev(r0, 0x0, 0x0, 0x0, 0x0) 147.476218ms ago: executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$inet_sctp(0x2, 0x0, 0x84) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000130000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x2d) syz_io_uring_setup(0x0, 0x0, &(0x7f0000000040)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index}) openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600200000000000500000014000500200100000000000000000100000000001c00090008000000", @ANYRES32=r1], 0x4c}}, 0x0) 92.492882ms ago: executing program 3: socket(0x200000100000011, 0x803, 0x0) socket$packet(0x11, 0x3, 0x300) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_open_pts(r0, 0x0) socket$inet(0x2b, 0x801, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r5 = dup(r4) ioctl$KVM_SET_MSRS(r5, 0xc048aeca, &(0x7f0000000040)=ANY=[@ANYRES16=r1]) 0s ago: executing program 1: r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) r2 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0x0) r3 = getpid() r4 = syz_pidfd_open(r3, 0x0) prctl$PR_SET_MM_MAP(0x41, 0x3, 0x0, 0x0) r5 = pidfd_getfd(r4, r4, 0x0) r6 = fcntl$dupfd(r2, 0x0, r5) mmap$IORING_OFF_SQ_RING(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x200000f, 0x12, r6, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.41' (ED25519) to the list of known hosts. 2024/06/01 03:22:14 fuzzer started 2024/06/01 03:22:14 dialing manager at 10.128.0.169:30020 [ 51.018533][ T5087] cgroup: Unknown subsys name 'net' [ 51.158639][ T5087] cgroup: Unknown subsys name 'rlimit' 2024/06/01 03:22:16 starting 5 executor processes [ 52.260488][ T5094] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 52.273309][ T5094] syz-executor (5094) used greatest stack depth: 18800 bytes left [ 53.129960][ T5107] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 53.142706][ T5107] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 53.163716][ T5113] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 53.182294][ T5114] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 53.190149][ T5113] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 53.198716][ T5113] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 53.201432][ T5117] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 53.206572][ T5113] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 53.215229][ T5117] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 53.221769][ T5113] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 53.233831][ T5117] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 53.235913][ T5113] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 53.248844][ T5117] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 53.249421][ T5113] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 53.259147][ T5115] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 53.264907][ T5113] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 53.271331][ T5115] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 53.277076][ T5113] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 53.285278][ T5115] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 53.291324][ T5113] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 53.299072][ T5115] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 53.306781][ T5113] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 53.312119][ T5118] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 53.326031][ T5118] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 53.330589][ T5113] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 53.340500][ T5107] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 53.341068][ T5113] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 53.355760][ T5115] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 53.367740][ T53] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 53.375724][ T53] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 53.754566][ T5122] chnl_net:caif_netlink_parms(): no params data found [ 53.980931][ T5122] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.988841][ T5122] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.996620][ T5122] bridge_slave_0: entered allmulticast mode [ 54.004176][ T5122] bridge_slave_0: entered promiscuous mode [ 54.046097][ T5122] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.053338][ T5122] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.060461][ T5122] bridge_slave_1: entered allmulticast mode [ 54.067486][ T5122] bridge_slave_1: entered promiscuous mode [ 54.074649][ T5120] chnl_net:caif_netlink_parms(): no params data found [ 54.149224][ T5122] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.172656][ T5124] chnl_net:caif_netlink_parms(): no params data found [ 54.194227][ T5122] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.291166][ T5122] team0: Port device team_slave_0 added [ 54.319439][ T5123] chnl_net:caif_netlink_parms(): no params data found [ 54.342096][ T5122] team0: Port device team_slave_1 added [ 54.348296][ T5121] chnl_net:caif_netlink_parms(): no params data found [ 54.367285][ T5120] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.374600][ T5120] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.381867][ T5120] bridge_slave_0: entered allmulticast mode [ 54.388943][ T5120] bridge_slave_0: entered promiscuous mode [ 54.432742][ T5120] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.440155][ T5120] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.447987][ T5120] bridge_slave_1: entered allmulticast mode [ 54.455077][ T5120] bridge_slave_1: entered promiscuous mode [ 54.491169][ T5122] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.498376][ T5122] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.524875][ T5122] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.585015][ T5122] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.591997][ T5122] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.618594][ T5122] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.634336][ T5124] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.641499][ T5124] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.649109][ T5124] bridge_slave_0: entered allmulticast mode [ 54.655906][ T5124] bridge_slave_0: entered promiscuous mode [ 54.666919][ T5120] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.679906][ T5120] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.706160][ T5124] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.713702][ T5124] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.720877][ T5124] bridge_slave_1: entered allmulticast mode [ 54.728023][ T5124] bridge_slave_1: entered promiscuous mode [ 54.772316][ T5120] team0: Port device team_slave_0 added [ 54.824575][ T5120] team0: Port device team_slave_1 added [ 54.844018][ T5121] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.851200][ T5121] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.859248][ T5121] bridge_slave_0: entered allmulticast mode [ 54.866121][ T5121] bridge_slave_0: entered promiscuous mode [ 54.886313][ T5124] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.920316][ T5121] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.927741][ T5121] bridge0: port 2(bridge_slave_1) entered disabled state [ 54.935144][ T5121] bridge_slave_1: entered allmulticast mode [ 54.941996][ T5121] bridge_slave_1: entered promiscuous mode [ 54.948639][ T5123] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.956618][ T5123] bridge0: port 1(bridge_slave_0) entered disabled state [ 54.964119][ T5123] bridge_slave_0: entered allmulticast mode [ 54.970886][ T5123] bridge_slave_0: entered promiscuous mode [ 54.979983][ T5124] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 55.029756][ T5123] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.037127][ T5123] bridge0: port 2(bridge_slave_1) entered disabled state [ 55.045120][ T5123] bridge_slave_1: entered allmulticast mode [ 55.051805][ T5123] bridge_slave_1: entered promiscuous mode [ 55.074092][ T5124] team0: Port device team_slave_0 added [ 55.080748][ T5120] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 55.088081][ T5120] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.114071][ T5120] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.126892][ T5120] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.133917][ T5120] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.160124][ T5120] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 55.177201][ T5122] hsr_slave_0: entered promiscuous mode [ 55.184131][ T5122] hsr_slave_1: entered promiscuous mode [ 55.207273][ T5121] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 55.229518][ T5124] team0: Port device team_slave_1 added [ 55.271069][ T5121] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 55.306229][ T5123] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 55.316004][ T5124] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 55.323095][ T5124] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.350013][ T5124] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.384018][ T5114] Bluetooth: hci2: command tx timeout [ 55.391394][ T5121] team0: Port device team_slave_0 added [ 55.411729][ T5123] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 55.421832][ T5124] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.428979][ T5124] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.455362][ T5124] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 55.466046][ T5114] Bluetooth: hci1: command tx timeout [ 55.466282][ T5114] Bluetooth: hci3: command tx timeout [ 55.477266][ T5118] Bluetooth: hci4: command tx timeout [ 55.477475][ T5118] Bluetooth: hci0: command tx timeout [ 55.496692][ T5121] team0: Port device team_slave_1 added [ 55.550015][ T5123] team0: Port device team_slave_0 added [ 55.583453][ T5120] hsr_slave_0: entered promiscuous mode [ 55.589945][ T5120] hsr_slave_1: entered promiscuous mode [ 55.596991][ T5120] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 55.605908][ T5120] Cannot create hsr debugfs directory [ 55.613949][ T5123] team0: Port device team_slave_1 added [ 55.670377][ T5121] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 55.678008][ T5121] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.704628][ T5121] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.718662][ T5121] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.725693][ T5121] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.751755][ T5121] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 55.787294][ T5123] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 55.794329][ T5123] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.820679][ T5123] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 55.851740][ T5124] hsr_slave_0: entered promiscuous mode [ 55.858119][ T5124] hsr_slave_1: entered promiscuous mode [ 55.865176][ T5124] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 55.872757][ T5124] Cannot create hsr debugfs directory [ 55.888254][ T5123] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 55.895574][ T5123] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 55.921798][ T5123] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 56.055427][ T5121] hsr_slave_0: entered promiscuous mode [ 56.061976][ T5121] hsr_slave_1: entered promiscuous mode [ 56.069104][ T5121] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 56.076771][ T5121] Cannot create hsr debugfs directory [ 56.165121][ T5123] hsr_slave_0: entered promiscuous mode [ 56.171959][ T5123] hsr_slave_1: entered promiscuous mode [ 56.178204][ T5123] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 56.186375][ T5123] Cannot create hsr debugfs directory [ 56.438371][ T5122] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 56.464694][ T5122] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 56.497930][ T5122] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 56.531636][ T5122] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 56.579798][ T5124] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 56.598612][ T5124] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 56.620900][ T5124] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 56.637244][ T5124] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 56.669260][ T5120] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 56.681605][ T5120] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 56.707112][ T5120] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 56.717506][ T5120] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 56.818475][ T5123] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 56.830172][ T5123] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 56.850684][ T5123] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 56.869851][ T5123] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 56.980215][ T5121] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 56.991977][ T5121] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 57.006728][ T5121] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 57.017674][ T5121] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 57.105767][ T5124] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.160653][ T5120] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.202657][ T5122] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.236402][ T5124] 8021q: adding VLAN 0 to HW filter on device team0 [ 57.251373][ T5120] 8021q: adding VLAN 0 to HW filter on device team0 [ 57.276143][ T5160] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.283553][ T5160] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.318224][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.325384][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.335643][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.342924][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.352492][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.359607][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.373937][ T5122] 8021q: adding VLAN 0 to HW filter on device team0 [ 57.408544][ T5123] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.418005][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.425219][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.456956][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.464182][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.479643][ T5118] Bluetooth: hci2: command tx timeout [ 57.531014][ T5124] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 57.543281][ T53] Bluetooth: hci4: command tx timeout [ 57.543300][ T5114] Bluetooth: hci0: command tx timeout [ 57.543336][ T5114] Bluetooth: hci1: command tx timeout [ 57.548888][ T5118] Bluetooth: hci3: command tx timeout [ 57.586458][ T5120] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 57.596985][ T5120] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 57.636704][ T5123] 8021q: adding VLAN 0 to HW filter on device team0 [ 57.662308][ T5121] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.671198][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.678394][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.711576][ T5160] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.718826][ T5160] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.742403][ T5122] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 57.753338][ T5122] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 57.804098][ T5121] 8021q: adding VLAN 0 to HW filter on device team0 [ 57.863615][ T5120] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 57.874897][ T5124] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 57.884553][ T5162] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.891632][ T5162] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.905390][ T5122] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 57.957149][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.964280][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.097608][ T5123] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 58.108935][ T5124] veth0_vlan: entered promiscuous mode [ 58.122777][ T5122] veth0_vlan: entered promiscuous mode [ 58.166948][ T5120] veth0_vlan: entered promiscuous mode [ 58.191828][ T5122] veth1_vlan: entered promiscuous mode [ 58.207785][ T5124] veth1_vlan: entered promiscuous mode [ 58.230152][ T5120] veth1_vlan: entered promiscuous mode [ 58.277856][ T5122] veth0_macvtap: entered promiscuous mode [ 58.294682][ T5121] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 58.329302][ T5122] veth1_macvtap: entered promiscuous mode [ 58.375212][ T5124] veth0_macvtap: entered promiscuous mode [ 58.385353][ T5120] veth0_macvtap: entered promiscuous mode [ 58.392274][ T5123] veth0_vlan: entered promiscuous mode [ 58.407693][ T5124] veth1_macvtap: entered promiscuous mode [ 58.416845][ T5120] veth1_macvtap: entered promiscuous mode [ 58.434142][ T5123] veth1_vlan: entered promiscuous mode [ 58.466778][ T5122] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 58.480498][ T5124] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.492410][ T5124] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.505576][ T5124] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 58.529237][ T5122] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 58.556603][ T5122] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.566416][ T5122] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.575633][ T5122] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.589744][ T5122] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.606262][ T5124] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.616863][ T5124] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.629186][ T5124] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 58.641467][ T5124] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.650566][ T5124] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.663106][ T5124] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.671814][ T5124] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.691085][ T5120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.701791][ T5120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.716997][ T5120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 58.727827][ T5120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.739779][ T5120] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 58.758319][ T5121] veth0_vlan: entered promiscuous mode [ 58.777437][ T5120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.788542][ T5120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.798889][ T5120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.811212][ T5120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.826788][ T5120] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 58.855748][ T5120] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.866683][ T5120] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.875678][ T5120] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.884679][ T5120] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.905263][ T5123] veth0_macvtap: entered promiscuous mode [ 58.917394][ T5123] veth1_macvtap: entered promiscuous mode [ 58.936279][ T5121] veth1_vlan: entered promiscuous mode [ 59.030471][ T5123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 59.050490][ T5123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.060750][ T5123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 59.080632][ T5123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.090566][ T5123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 59.101221][ T5123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.112558][ T5123] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 59.148353][ T5123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 59.164798][ T5123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.178466][ T5123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 59.189273][ T5123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.199319][ T5123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 59.209785][ T5123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.220804][ T5123] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 59.237943][ T5123] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.244522][ T5159] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.247121][ T5123] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.264573][ T5123] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.273406][ T5123] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.274831][ T5159] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.319983][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.328224][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.377284][ T5121] veth0_macvtap: entered promiscuous mode [ 59.391390][ T2454] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.407727][ T5121] veth1_macvtap: entered promiscuous mode [ 59.413989][ T2454] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.491642][ T2454] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.504220][ T2454] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.516472][ T5121] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 59.527537][ T5121] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.538555][ T5121] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 59.550081][ T5121] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.552875][ T5118] Bluetooth: hci2: command tx timeout [ 59.565520][ T5121] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 59.576070][ T5121] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.586219][ T5121] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 59.597035][ T5121] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.608091][ T5121] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 59.623559][ T5118] Bluetooth: hci3: command tx timeout [ 59.624176][ T5114] Bluetooth: hci4: command tx timeout [ 59.629074][ T53] Bluetooth: hci1: command tx timeout [ 59.640063][ T5115] Bluetooth: hci0: command tx timeout [ 59.669040][ T5121] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 59.686425][ T5121] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.697483][ T5121] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 59.708966][ T5121] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.719684][ T5121] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 59.731119][ T5121] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.740994][ T5121] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 59.751751][ T5121] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 59.766757][ T5121] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 59.784739][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.792595][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.809188][ T784] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.823340][ T784] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.851266][ T5121] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.867446][ T5121] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.877650][ T5121] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.887659][ T5121] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.947373][ T784] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.969890][ T784] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.029665][ T784] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.043795][ T784] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.195250][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.210938][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.339179][ T5171] Zero length message leads to an empty skb [ 60.345334][ T5169] syz-executor.1 uses obsolete (PF_INET,SOCK_PACKET) [ 60.351980][ T5169] syzkaller1: entered promiscuous mode [ 60.367441][ T5169] syzkaller1: entered allmulticast mode [ 60.379492][ C1] TCP: request_sock_TCPv6: Possible SYN flooding on port [::1]:20002. Sending cookies. [ 60.380681][ T578] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.445607][ T578] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.553418][ T5174] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 60.794879][ T784] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 60.830977][ T5182] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 61.044953][ T784] usb 5-1: Using ep0 maxpacket: 32 [ 61.070144][ T784] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 61.093311][ T784] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 61.105705][ T784] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 61.116839][ T784] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 61.140420][ T784] hub 5-1:4.0: USB hub found [ 61.228749][ C0] TCP: request_sock_TCPv6: Possible SYN flooding on port [::1]:20002. Sending cookies. [ 61.323313][ T5160] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 61.336606][ T5201] syzkaller1: entered promiscuous mode [ 61.342345][ T5201] syzkaller1: entered allmulticast mode [ 61.360341][ T784] hub 5-1:4.0: 2 ports detected [ 61.503173][ T5160] usb 4-1: Using ep0 maxpacket: 32 [ 61.529638][ T5160] usb 4-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 61.542439][ T5160] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 61.563836][ T5160] usb 4-1: Product: syz [ 61.568065][ T5160] usb 4-1: Manufacturer: syz [ 61.572690][ T5160] usb 4-1: SerialNumber: syz [ 61.575598][ T784] hub 5-1:4.0: hub_hub_status failed (err = -32) [ 61.587658][ T784] hub 5-1:4.0: config failed, can't get hub status (err -32) [ 61.601461][ T5160] usb 4-1: config 0 descriptor?? [ 61.624059][ T53] Bluetooth: hci2: command tx timeout [ 61.638203][ T784] usb 5-1: USB disconnect, device number 2 [ 61.703075][ T53] Bluetooth: hci1: command tx timeout [ 61.704007][ T5115] Bluetooth: hci0: command tx timeout [ 61.708627][ T53] Bluetooth: hci3: command tx timeout [ 61.720158][ T5115] Bluetooth: hci4: command tx timeout [ 61.817467][ T5203] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 62.019431][ T5208] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 62.262610][ T5160] (unnamed net_device) (uninitialized): Assigned a random MAC address: 92:ed:96:a1:b7:0d [ 62.322718][ T5160] rtl8150 4-1:0.0: eth1: rtl8150 is detected [ 62.358390][ T5160] usb 4-1: USB disconnect, device number 2 [ 62.618860][ C1] TCP: request_sock_TCPv6: Possible SYN flooding on port [::1]:20002. Sending cookies. [ 62.684107][ T5230] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 63.159085][ T5239] syzkaller0: entered promiscuous mode [ 63.176035][ T5239] syzkaller0: entered allmulticast mode [ 63.373380][ C0] TCP: request_sock_TCPv6: Possible SYN flooding on port [::1]:20002. Sending cookies. [ 63.602545][ T5257] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 63.858334][ T53] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 63.867944][ T53] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 63.871372][ T5265] netlink: 209844 bytes leftover after parsing attributes in process `syz-executor.0'. [ 63.885259][ T53] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 63.903069][ T53] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 63.917575][ T53] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 63.925202][ T53] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 64.999972][ C0] TCP: request_sock_TCPv6: Possible SYN flooding on port [::1]:20002. Sending cookies. [ 65.092061][ T5122] syz-executor.4 (5122) used greatest stack depth: 18416 bytes left [ 65.272997][ T5157] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 65.285912][ T35] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.426777][ T35] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.466639][ T5267] chnl_net:caif_netlink_parms(): no params data found [ 65.483288][ T5157] usb 3-1: Using ep0 maxpacket: 32 [ 65.509587][ T5157] usb 3-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 65.527246][ T5157] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 65.540399][ T5157] usb 3-1: Product: syz [ 65.555435][ T5157] usb 3-1: Manufacturer: syz [ 65.559917][ T35] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.560148][ T5157] usb 3-1: SerialNumber: syz [ 65.581960][ T5301] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 65.583570][ T5157] usb 3-1: config 0 descriptor?? [ 65.689333][ T35] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 65.812047][ T5267] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.821100][ T5267] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.829065][ T5267] bridge_slave_0: entered allmulticast mode [ 65.837160][ T5267] bridge_slave_0: entered promiscuous mode [ 65.851598][ T5267] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.878492][ T5267] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.906540][ T5267] bridge_slave_1: entered allmulticast mode [ 65.908810][ C1] TCP: request_sock_TCPv6: Possible SYN flooding on port [::1]:20002. Sending cookies. [ 65.924644][ T5267] bridge_slave_1: entered promiscuous mode [ 66.024806][ T5115] Bluetooth: hci3: command tx timeout [ 66.162718][ T5267] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 66.244223][ T5157] (unnamed net_device) (uninitialized): Assigned a random MAC address: 82:91:cb:3c:66:f8 [ 66.407101][ T5312] syzkaller0: entered promiscuous mode [ 66.429373][ T5312] syzkaller0: entered allmulticast mode [ 66.456448][ T5267] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 66.474993][ T5329] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 66.571851][ T5157] rtl8150 3-1:0.0: eth4: rtl8150 is detected [ 66.607322][ T5267] team0: Port device team_slave_0 added [ 66.624082][ T5157] usb 3-1: USB disconnect, device number 2 [ 66.655200][ C1] TCP: request_sock_TCPv6: Possible SYN flooding on port [::1]:20002. Sending cookies. [ 66.808423][ T5267] team0: Port device team_slave_1 added [ 67.937860][ T5356] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 67.965889][ C0] TCP: request_sock_TCPv6: Possible SYN flooding on port [::1]:20002. Sending cookies. [ 68.105433][ T5115] Bluetooth: hci3: command tx timeout [ 68.155171][ T35] bridge_slave_1: left allmulticast mode [ 68.161048][ T35] bridge_slave_1: left promiscuous mode [ 68.170424][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.185534][ T35] bridge_slave_0: left allmulticast mode [ 68.191220][ T35] bridge_slave_0: left promiscuous mode [ 68.200063][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.266613][ T5363] netlink: 209844 bytes leftover after parsing attributes in process `syz-executor.0'. [ 68.587807][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 68.604137][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 68.617711][ T35] bond0 (unregistering): Released all slaves [ 68.645759][ T5267] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 68.652734][ T5267] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 68.680156][ T5267] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 68.776480][ T5267] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 68.803134][ T5267] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 68.868880][ T5267] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.161402][ T784] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 69.250210][ T5267] hsr_slave_0: entered promiscuous mode [ 69.281932][ T5267] hsr_slave_1: entered promiscuous mode [ 69.301885][ T5267] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 69.330758][ T5267] Cannot create hsr debugfs directory [ 69.372941][ T784] usb 3-1: Using ep0 maxpacket: 32 [ 69.393627][ T784] usb 3-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 69.408597][ T784] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 69.408619][ T35] hsr_slave_0: left promiscuous mode [ 69.426396][ T784] usb 3-1: Product: syz [ 69.435499][ T784] usb 3-1: Manufacturer: syz [ 69.447886][ T35] hsr_slave_1: left promiscuous mode [ 69.447915][ T784] usb 3-1: SerialNumber: syz [ 69.460500][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 69.487903][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 69.504680][ T784] usb 3-1: config 0 descriptor?? [ 69.519525][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 69.549593][ C1] TCP: request_sock_TCPv6: Possible SYN flooding on port [::1]:20002. Sending cookies. [ 69.550319][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 69.657600][ T35] veth1_macvtap: left promiscuous mode [ 69.669449][ T35] veth0_macvtap: left promiscuous mode [ 69.682095][ T35] veth1_vlan: left promiscuous mode [ 69.693620][ T35] veth0_vlan: left promiscuous mode [ 70.009914][ T5403] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 70.149868][ T784] (unnamed net_device) (uninitialized): Assigned a random MAC address: 86:9a:e0:67:d4:e7 [ 70.183232][ T5115] Bluetooth: hci3: command tx timeout [ 70.510937][ T35] team0 (unregistering): Port device team_slave_1 removed [ 70.547367][ T35] team0 (unregistering): Port device team_slave_0 removed [ 70.992929][ T784] rtl8150 3-1:0.0: eth4: rtl8150 is detected [ 71.021713][ T784] usb 3-1: USB disconnect, device number 3 [ 71.077158][ C1] TCP: request_sock_TCPv6: Possible SYN flooding on port [::1]:20002. Sending cookies. [ 71.708739][ T1249] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.715577][ T1249] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.756373][ T5443] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 71.881078][ C0] TCP: request_sock_TCPv6: Possible SYN flooding on port [::1]:20002. Sending cookies. [ 71.922908][ T9] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 72.142939][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 72.153392][ T9] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 72.169516][ T9] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 72.214701][ T9] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 72.237561][ T9] usb 2-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 72.257561][ T9] usb 2-1: Product: syz [ 72.261842][ T9] usb 2-1: Manufacturer: syz [ 72.266586][ T5115] Bluetooth: hci3: command tx timeout [ 72.278902][ T5267] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 72.287977][ T9] hub 2-1:4.0: USB hub found [ 72.358386][ T5267] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 72.383311][ T5267] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 72.435529][ T5267] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 72.532356][ T9] hub 2-1:4.0: 2 ports detected [ 72.562473][ T5475] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 72.788722][ T29] audit: type=1326 audit(1717212156.678:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5481 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7461579 code=0x7ffc0000 [ 72.854715][ T29] audit: type=1326 audit(1717212156.678:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5481 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7461579 code=0x7ffc0000 [ 72.889816][ T5267] 8021q: adding VLAN 0 to HW filter on device bond0 [ 72.926983][ T29] audit: type=1326 audit(1717212156.678:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5481 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7461579 code=0x7ffc0000 [ 72.963782][ T29] audit: type=1326 audit(1717212156.678:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5481 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7461579 code=0x7ffc0000 [ 73.000592][ T29] audit: type=1326 audit(1717212156.678:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5481 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7461579 code=0x7ffc0000 [ 73.026522][ T29] audit: type=1326 audit(1717212156.678:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5481 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7461579 code=0x7ffc0000 [ 73.050380][ T29] audit: type=1326 audit(1717212156.678:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5481 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7461579 code=0x7ffc0000 [ 73.093742][ T29] audit: type=1326 audit(1717212156.678:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5481 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7461579 code=0x7ffc0000 [ 73.095731][ T5267] 8021q: adding VLAN 0 to HW filter on device team0 [ 73.138376][ T29] audit: type=1326 audit(1717212156.678:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5481 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7461579 code=0x7ffc0000 [ 73.208752][ T29] audit: type=1326 audit(1717212156.678:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5481 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7461579 code=0x7ffc0000 [ 73.260113][ T5163] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.267339][ T5163] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.279195][ T5163] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.286419][ T5163] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.516790][ T5267] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 73.675507][ T5267] veth0_vlan: entered promiscuous mode [ 73.697163][ T5509] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 73.762447][ T5267] veth1_vlan: entered promiscuous mode [ 73.779354][ T9] hub 2-1:4.0: activate --> -90 [ 73.820395][ T5512] netlink: 209844 bytes leftover after parsing attributes in process `syz-executor.0'. [ 73.934910][ T5267] veth0_macvtap: entered promiscuous mode [ 73.979033][ T5267] veth1_macvtap: entered promiscuous mode [ 74.056339][ T5267] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 74.097459][ T5267] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.121277][ T5267] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 74.162327][ T5267] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.179015][ T9] usb 2-1-port2: config error [ 74.179253][ T5163] usb 2-1: USB disconnect, device number 2 [ 74.199904][ T5267] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 74.241498][ T5267] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.297998][ T5267] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 74.322642][ T5267] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.336133][ T5267] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 74.392845][ T5267] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.450358][ T5267] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.488074][ T5267] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.512044][ T5267] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.522510][ T5267] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.550142][ T5267] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.563660][ T5267] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.578309][ T5267] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.601046][ T5267] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 74.674418][ T5267] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.711065][ T5267] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.736448][ T5267] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.751680][ T5550] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 74.783345][ T5267] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.927086][ T5556] netlink: 209844 bytes leftover after parsing attributes in process `syz-executor.0'. [ 75.186110][ T2454] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.205841][ T2454] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.332222][ T2454] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.380633][ T2454] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.633548][ T5586] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 75.805669][ T5592] netlink: 209844 bytes leftover after parsing attributes in process `syz-executor.2'. [ 75.964724][ T5603] syzkaller1: entered promiscuous mode [ 75.983227][ T5603] syzkaller1: entered allmulticast mode [ 75.996297][ T5601] netlink: 188 bytes leftover after parsing attributes in process `syz-executor.0'. [ 76.152979][ T9] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 76.383936][ T9] usb 4-1: config 0 has too many interfaces: 149, using maximum allowed: 32 [ 76.412849][ T9] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 149 [ 76.446532][ T9] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 76.472872][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 76.484537][ T9] usb 4-1: Product: syz [ 76.491362][ T9] usb 4-1: Manufacturer: syz [ 76.501864][ T9] usb 4-1: SerialNumber: syz [ 76.510282][ T9] usb 4-1: config 0 descriptor?? [ 76.624176][ T5632] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 76.747558][ T9] usb 4-1: USB disconnect, device number 3 [ 76.835097][ T45] cfg80211: failed to load regulatory.db [ 76.888820][ C1] TCP: request_sock_TCP: Possible SYN flooding on port [::]:2. Sending cookies. [ 76.936858][ T5644] netlink: 209844 bytes leftover after parsing attributes in process `syz-executor.0'. [ 77.616755][ T5664] tipc: Enabling of bearer <éb:b> rejected, media not registered [ 77.664664][ T5675] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 78.305353][ T5696] netlink: 209844 bytes leftover after parsing attributes in process `syz-executor.0'. [ 78.401092][ T5651] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 79.038807][ T5722] syzkaller1: entered promiscuous mode [ 79.072895][ T5722] syzkaller1: entered allmulticast mode [ 79.251105][ T5733] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 79.465737][ T5743] netlink: 209844 bytes leftover after parsing attributes in process `syz-executor.4'. [ 79.477855][ T5742] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 80.124308][ T784] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 80.151376][ T5766] syzkaller1: entered promiscuous mode [ 80.175713][ T5766] syzkaller1: entered allmulticast mode [ 80.327020][ T784] usb 2-1: config 0 has no interfaces? [ 80.364687][ T784] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 80.389664][ T784] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 80.418767][ T784] usb 2-1: config 0 descriptor?? [ 80.481762][ T5781] netlink: 209844 bytes leftover after parsing attributes in process `syz-executor.4'. [ 80.559674][ T5738] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 80.824613][ T25] usb 2-1: USB disconnect, device number 3 [ 81.449458][ T5816] netlink: 209844 bytes leftover after parsing attributes in process `syz-executor.3'. [ 81.844119][ T5157] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 81.999981][ T5843] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 82.072096][ T5157] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 82.094308][ T5157] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 82.114697][ T5157] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 82.146290][ T5157] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 82.186693][ T5157] usb 3-1: Duplicate descriptor for config 1 interface 0 altsetting 0, skipping [ 82.226816][ T5157] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 82.259971][ T5157] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 82.269697][ T5858] netlink: 209844 bytes leftover after parsing attributes in process `syz-executor.4'. [ 82.277486][ T5157] usb 3-1: Product: syz [ 82.289907][ T5157] usb 3-1: Manufacturer: syz [ 82.294989][ T5157] usb 3-1: SerialNumber: syz [ 82.318802][ T5157] cdc_ncm 3-1:1.0: CDC Union missing and no IAD found [ 82.333731][ T5157] cdc_ncm 3-1:1.0: bind() failure [ 82.631554][ T9] usb 3-1: USB disconnect, device number 4 [ 82.837694][ T5879] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 83.098483][ T5892] netlink: 209844 bytes leftover after parsing attributes in process `syz-executor.1'. [ 83.271881][ T5897] sit0: entered allmulticast mode [ 83.404744][ T5899] sit0: entered promiscuous mode [ 83.522882][ T5910] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 83.896947][ T5929] netlink: 209844 bytes leftover after parsing attributes in process `syz-executor.3'. [ 84.513727][ T5157] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 84.756391][ T5157] usb 3-1: Using ep0 maxpacket: 32 [ 84.767724][ T5157] usb 3-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 84.781336][ T5157] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 84.789885][ T5157] usb 3-1: Product: syz [ 84.794326][ T5157] usb 3-1: Manufacturer: syz [ 84.799169][ T5157] usb 3-1: SerialNumber: syz [ 84.809336][ T5157] usb 3-1: config 0 descriptor?? [ 85.290434][ T5968] netlink: 209844 bytes leftover after parsing attributes in process `syz-executor.3'. [ 85.458485][ T5157] (unnamed net_device) (uninitialized): Assigned a random MAC address: fa:5d:82:12:d9:3f [ 85.493998][ T5157] rtl8150 3-1:0.0: eth1: rtl8150 is detected [ 85.758785][ T784] usb 3-1: USB disconnect, device number 5 [ 86.061152][ T5996] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 86.156451][ T6003] netlink: 209844 bytes leftover after parsing attributes in process `syz-executor.3'. [ 86.330113][ T5115] Bluetooth: hci3: unexpected subevent 0x1a length: 10 > 6 [ 87.019075][ T5115] Bluetooth: hci4: unexpected subevent 0x1a length: 10 > 6 [ 87.223188][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 87.335796][ T6055] netlink: 209844 bytes leftover after parsing attributes in process `syz-executor.4'. [ 87.553170][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 87.561832][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 87.570968][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 88.066412][ T6082] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 88.074089][ T6082] IPv6: NLM_F_CREATE should be set when creating new route [ 88.081344][ T6082] IPv6: NLM_F_CREATE should be set when creating new route [ 88.231158][ T5115] Bluetooth: hci4: unexpected subevent 0x1a length: 10 > 6 [ 88.638501][ T6104] netlink: 209844 bytes leftover after parsing attributes in process `syz-executor.0'. [ 89.051835][ T6120] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 89.059218][ T6120] IPv6: NLM_F_CREATE should be set when creating new route [ 89.066566][ T6120] IPv6: NLM_F_CREATE should be set when creating new route [ 89.146004][ T6126] ------------[ cut here ]------------ [ 89.151858][ T6126] kernel BUG at mm/page_table_check.c:148! [ 89.163634][ T6126] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI [ 89.170627][ T6126] CPU: 0 PID: 6126 Comm: syz-executor.1 Not tainted 6.10.0-rc1-syzkaller-00104-gd8ec19857b09 #0 [ 89.181057][ T6126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 89.191130][ T6126] RIP: 0010:__page_table_check_zero+0x25c/0x340 [ 89.197415][ T6126] Code: c1 0f 8c 51 fe ff ff 48 89 df e8 2f 44 f4 ff e9 44 fe ff ff e8 55 84 8e ff 90 0f 0b e8 4d 84 8e ff 90 0f 0b e8 45 84 8e ff 90 <0f> 0b f3 0f 1e fa 4c 89 f6 48 81 e6 ff 0f 00 00 31 ff e8 0d 89 8e [ 89.217045][ T6126] RSP: 0018:ffffc9000331f918 EFLAGS: 00010287 [ 89.223134][ T6126] RAX: ffffffff8207923b RBX: dffffc0000000000 RCX: 0000000000040000 [ 89.231131][ T6126] RDX: ffffc90009d22000 RSI: 0000000000004910 RDI: 0000000000004911 [ 89.239122][ T6126] RBP: ffff8880191faf8c R08: ffff8880191faf8f R09: 1ffff1100323f5f1 [ 89.247091][ T6126] R10: dffffc0000000000 R11: ffffed100323f5f2 R12: ffff8880191faf40 [ 89.255057][ T6126] R13: 1ffffffff2901be0 R14: 0000000000000002 R15: 0000000000000000 [ 89.263024][ T6126] FS: 0000000000000000(0000) GS:ffff8880b9400000(0063) knlGS:00000000f5e7db40 [ 89.271947][ T6126] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 89.278520][ T6126] CR2: 00007f615e9c1440 CR3: 000000002dc02000 CR4: 00000000003526f0 [ 89.286485][ T6126] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 89.294536][ T6126] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 89.302498][ T6126] Call Trace: [ 89.305784][ T6126] [ 89.308709][ T6126] ? __die_body+0x88/0xe0 [ 89.313050][ T6126] ? die+0xcf/0x110 [ 89.316875][ T6126] ? do_trap+0x15a/0x3a0 [ 89.321116][ T6126] ? __page_table_check_zero+0x25c/0x340 [ 89.326747][ T6126] ? do_error_trap+0x1dc/0x2c0 [ 89.331503][ T6126] ? __page_table_check_zero+0x25c/0x340 [ 89.337135][ T6126] ? __pfx_do_error_trap+0x10/0x10 [ 89.342245][ T6126] ? handle_invalid_op+0x34/0x40 [ 89.347175][ T6126] ? __page_table_check_zero+0x25c/0x340 [ 89.352808][ T6126] ? exc_invalid_op+0x38/0x50 [ 89.357488][ T6126] ? asm_exc_invalid_op+0x1a/0x20 [ 89.362506][ T6126] ? __page_table_check_zero+0x25b/0x340 [ 89.368135][ T6126] ? __page_table_check_zero+0x25c/0x340 [ 89.373763][ T6126] ? __page_table_check_zero+0x25b/0x340 [ 89.379395][ T6126] free_unref_page+0xd36/0xea0 [ 89.384159][ T6126] dec_usb_memory_use_count+0x259/0x350 [ 89.389713][ T6126] ? __pfx_usbdev_vm_close+0x10/0x10 [ 89.394990][ T6126] mmap_region+0x13b4/0x2090 [ 89.399586][ T6126] ? __pfx_mmap_region+0x10/0x10 [ 89.404522][ T6126] ? thp_get_unmapped_area_vmflags+0x269/0x380 [ 89.410673][ T6126] ? cap_mmap_addr+0x163/0x2c0 [ 89.415437][ T6126] ? __get_unmapped_area+0x2f0/0x360 [ 89.420725][ T6126] do_mmap+0x8ad/0xfa0 [ 89.424793][ T6126] ? __pfx_do_mmap+0x10/0x10 [ 89.429377][ T6126] ? __pfx_ima_file_mmap+0x10/0x10 [ 89.434485][ T6126] vm_mmap_pgoff+0x1dd/0x3d0 [ 89.439068][ T6126] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 89.444170][ T6126] ? __fget_files+0x29/0x470 [ 89.448844][ T6126] ? __fget_files+0x29/0x470 [ 89.453430][ T6126] ksys_mmap_pgoff+0x4f1/0x720 [ 89.458193][ T6126] ? __ia32_sys_mmap_pgoff+0x21/0xf0 [ 89.463480][ T6126] __do_fast_syscall_32+0xb4/0x120 [ 89.468585][ T6126] ? ret_from_fork_asm+0x1a/0x30 [ 89.473610][ T6126] ? lockdep_hardirqs_on+0x99/0x150 [ 89.478800][ T6126] do_fast_syscall_32+0x34/0x80 [ 89.483643][ T6126] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 89.489965][ T6126] RIP: 0023:0xf73f4579 [ 89.494034][ T6126] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 89.513635][ T6126] RSP: 002b:00000000f5e7d5ac EFLAGS: 00000206 ORIG_RAX: 00000000000000c0 [ 89.522051][ T6126] RAX: ffffffffffffffda RBX: 0000000020ff9000 RCX: 0000000000004000 [ 89.530020][ T6126] RDX: 000000000200000f RSI: 0000000000000012 RDI: 0000000000000007 [ 89.537983][ T6126] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 89.545944][ T6126] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 89.553906][ T6126] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 89.561875][ T6126] [ 89.564881][ T6126] Modules linked in: 2024/06/01 03:22:53 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 89.677315][ T6126] ---[ end trace 0000000000000000 ]--- [ 89.684374][ T6126] RIP: 0010:__page_table_check_zero+0x25c/0x340 [ 89.690667][ T6126] Code: c1 0f 8c 51 fe ff ff 48 89 df e8 2f 44 f4 ff e9 44 fe ff ff e8 55 84 8e ff 90 0f 0b e8 4d 84 8e ff 90 0f 0b e8 45 84 8e ff 90 <0f> 0b f3 0f 1e fa 4c 89 f6 48 81 e6 ff 0f 00 00 31 ff e8 0d 89 8e [ 89.722937][ T6126] RSP: 0018:ffffc9000331f918 EFLAGS: 00010287 [ 89.729069][ T6126] RAX: ffffffff8207923b RBX: dffffc0000000000 RCX: 0000000000040000 [ 89.742856][ T6126] RDX: ffffc90009d22000 RSI: 0000000000004910 RDI: 0000000000004911 [ 89.750886][ T6126] RBP: ffff8880191faf8c R08: ffff8880191faf8f R09: 1ffff1100323f5f1 [ 89.804558][ T6126] R10: dffffc0000000000 R11: ffffed100323f5f2 R12: ffff8880191faf40 [ 89.812668][ T6126] R13: 1ffffffff2901be0 R14: 0000000000000002 R15: 0000000000000000 [ 89.822865][ T6126] FS: 0000000000000000(0000) GS:ffff8880b9500000(0063) knlGS:00000000f5e7db40 [ 89.831832][ T6126] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 89.852866][ T6126] CR2: 0000000032d27000 CR3: 000000002dc02000 CR4: 00000000003526f0 [ 89.860903][ T6126] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 89.882853][ T6126] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 89.890893][ T6126] Kernel panic - not syncing: Fatal exception [ 89.897214][ T6126] Kernel Offset: disabled [ 89.901537][ T6126] Rebooting in 86400 seconds..