last executing test programs: 26.97840235s ago: executing program 3 (id=4): socket(0x1e, 0x1, 0x0) r0 = socket$inet_sctp(0x2, 0x1, 0x84) r1 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r1, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x58}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="090d0000000000f0ff000700000008000300", @ANYRES32=r6, @ANYBLOB="0800051d000000001400060076657468115f746f5f7465616d8000000400cc000800054001000000140004"], 0x58}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000cc0)={'wlan0\x00', 0x0}) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_INTERFACE(r8, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r3, @ANYBLOB='%\b\x00z\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\b\x00', @ANYRES32=r7, @ANYBLOB], 0x54}}, 0x0) listen(r1, 0x0) r9 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r9, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10) r10 = dup3(r0, r0, 0x80000) r11 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581", @ANYRES32, @ANYRESOCT=r10], 0x0) syz_usb_control_io$hid(r11, 0x0, 0x0) syz_usb_control_io(r11, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d09647190890"], 0x0, 0x0, 0x0, 0x0}, 0x0) r12 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) ioctl$HIDIOCGUSAGE(r12, 0x4018480c, &(0x7f00000000c0)={0x2}) r13 = accept(r1, 0x0, 0x0) sendmsg$nl_route(r13, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000680)=ANY=[], 0xfffffdef}}, 0x200040c0) close_range(r0, 0xffffffffffffffff, 0x0) 26.569944708s ago: executing program 4 (id=5): syz_emit_ethernet(0x60, &(0x7f0000000000)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaabb86dd60000000002a3afffe8000000096285600000000000000000000bbff020000000000000000000000000001890090780000000020010000000200"/96], 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0xfffffffffffffff9) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) eventfd(0x83) ioctl$UFFDIO_ZEROPAGE(0xffffffffffffffff, 0xc020aa04, 0x0) r2 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC(r2, 0x29, 0xcc, &(0x7f0000000280)={{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast2}}, 0x5c) setsockopt$MRT6_ADD_MFC_PROXY(r2, 0x29, 0xd2, &(0x7f0000000300)={{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast2}, 0x1}, 0x5c) r3 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC(r3, 0x29, 0xcc, &(0x7f0000000280)={{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast2}}, 0x5c) setsockopt$MRT6_FLUSH(r3, 0x29, 0xd4, &(0x7f0000000240)=0x2, 0x4) 26.302177464s ago: executing program 0 (id=1): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000459bb2405804035000000000000109021b00011100000009040000019569", @ANYRES32], 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000240)}, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/fs/bpf', 0x0, 0x0) openat$cgroup_ro(r1, &(0x7f0000000040)='io.stat\x00', 0x275a, 0x0) r2 = socket$inet_sctp(0x2, 0x5, 0x84) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="380000001000"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000180012800c0001006d6163766c616e001800028004000580ae442be9ec0f27fe30f5acf9cfef54d568e76d01db82bfef6965e45bebab74f55027d960580f75c8515cde379a77b3b1f749cbdbd06724850afbc10b84da03a43c86285b12e9d661b278a3aea1e05d4d2e3b24a51c79b5b283612c606f06b22da5c3497833f165c5dc34edfb778c3e56f2e6b3f666a3497107fd4a7113e1"], 0x38}}, 0x0) r5 = socket$kcm(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)={0x70, 0x0, 0x0, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_DATA_SEQ={0x5}, @L2TP_ATTR_VLAN_ID={0x6}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_VLAN_ID={0x6, 0xe, 0xfffa}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x3}, @L2TP_ATTR_L2SPEC_TYPE={0x5, 0x5, 0x1}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @broadcast}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'veth0_vlan\x00'}, @L2TP_ATTR_UDP_DPORT={0x6, 0x1b, 0x4e20}]}, 0x70}}, 0x0) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003b000b05d25a806c8c6394f90224fc60100005000a000200053582c137153e37000c0180fc0b10000600", 0x33fe0}], 0x1}, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x5, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, r4) bind$inet(0xffffffffffffffff, 0x0, 0x0) syz_usb_connect(0x0, 0x24, 0x0, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00'}) r6 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) preadv(r6, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a24000000000a01010000000000000000050000000900010073797a30000000000400060070000000030a01030000000000000000050000000900010073797a30000000001c0008800c00024000000000000000000c00014000000000000000000900030073797a3200000000280004800800024000000000080001400000000014000300766c616e3000"/167], 0xd0}}, 0x0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0) syz_emit_ethernet(0x3e, &(0x7f0000000100)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x7, 0xc2, 0x0, 0x0, 0x0, {[@mss={0x2, 0x0, 0xa005}, @sack_perm]}}}}}}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) 25.334353324s ago: executing program 2 (id=7): syz_usb_connect(0x0, 0x2d, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000240)}, 0x0) r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="380000001000"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000180012800c0001006d6163766c616e001800028004000580ae442be9ec0f27fe30f5acf9cfef54d568e76d01db82bfef6965e45bebab74f55027d960580f75c8515cde379a77b3b1f749cbdbd06724850afbc10b84da03a43c86285b12e9d661b278a3aea1e05d4d2e3b24a51c79b5b283612c606f06b22da5c3497833f165c5dc34edfb778c3e56f2e6b3f666a3497107fd4a7113"], 0x38}}, 0x0) r3 = socket$kcm(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)={0x70, 0x0, 0x0, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_DATA_SEQ={0x5}, @L2TP_ATTR_VLAN_ID={0x6}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_VLAN_ID={0x6, 0xe, 0xfffa}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x3}, @L2TP_ATTR_L2SPEC_TYPE={0x5, 0x5, 0x1}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @broadcast}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'veth0_vlan\x00'}, @L2TP_ATTR_UDP_DPORT={0x6, 0x1b, 0x4e20}]}, 0x70}}, 0x0) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003b000b05d25a806c8c6394f90224fc60100005000a000200053582c137153e37000c0180fc0b10000600", 0x33fe0}], 0x1}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x5, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) bind$inet(0xffffffffffffffff, 0x0, 0x0) syz_usb_connect(0x0, 0x24, 0x0, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00'}) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) preadv(r4, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a24000000000a01010000000000000000050000000900010073797a30000000000400060070000000030a01030000000000000000050000000900010073797a30000000001c0008800c00024000000000000000000c00014000000000000000000900030073797a3200000000280004800800024000000000080001400000000014000300766c616e3000"/167], 0xd0}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_emit_ethernet(0x3e, &(0x7f0000000100)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x7, 0xc2, 0x0, 0x0, 0x0, {[@mss={0x2, 0x0, 0xa005}, @sack_perm]}}}}}}}, 0x0) 25.29109426s ago: executing program 4 (id=8): syz_emit_ethernet(0x60, &(0x7f0000000000)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaabb86dd60000000002a3afffe8000000096285600000000000000000000bbff020000000000000000000000000001890090780000000020010000000200"/96], 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0xfffffffffffffff9) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) eventfd(0x83) ioctl$UFFDIO_ZEROPAGE(0xffffffffffffffff, 0xc020aa04, 0x0) r2 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC(r2, 0x29, 0xcc, &(0x7f0000000280)={{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast2}}, 0x5c) setsockopt$MRT6_ADD_MFC_PROXY(r2, 0x29, 0xd2, &(0x7f0000000300)={{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast2}, 0x1}, 0x5c) r3 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC(r3, 0x29, 0xcc, &(0x7f0000000280)={{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast2}}, 0x5c) setsockopt$MRT6_FLUSH(r3, 0x29, 0xd4, &(0x7f0000000240)=0x2, 0x4) 24.539216618s ago: executing program 3 (id=9): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_QP_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001280)={&(0x7f00000001c0)=ANY=[@ANYRES8=r0], 0x20}, 0x1, 0x0, 0x0, 0x40008d5}, 0x40094) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001500)={0x0, 0x0, 0x0}, 0xc5) r2 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0xffffff06, &(0x7f0000000080)=[{&(0x7f0000000040)="c01803001d000b63d25a80648c2594f90124fc60100c064001000009053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x4000}, 0x3500000000000000) r3 = openat$uinput(0xffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_GET_VERSION(r3, 0x8004552d, 0x0) ioctl$UI_GET_VERSION(r3, 0x8004552d, &(0x7f0000001380)) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYBLOB], 0x54}}, 0x0) r5 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) preadv(r5, &(0x7f00000000c0)=[{&(0x7f0000000040)=""/98, 0x62}], 0x1, 0x0, 0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) close(r5) r6 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) r7 = syz_open_procfs(0x0, &(0x7f0000000100)='comm\x00') preadv(r7, &(0x7f0000000000)=[{&(0x7f0000000240)=""/135, 0x87}], 0x1, 0x0, 0x0) r8 = socket$pptp(0x18, 0x1, 0x2) getsockopt$sock_buf(r8, 0x1, 0x2e, &(0x7f0000000240)=""/4096, &(0x7f0000001240)=0x1000) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r6, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x2, 0x4}) r9 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) syz_open_dev$media(0x0, 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r9, 0xc04064a0, &(0x7f0000000700)={0x0, &(0x7f0000000640)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_CURSOR(r6, 0xc01c64a3, &(0x7f0000000040)={0x3, r10, 0x0, 0x80000001, 0xb, 0x1fd, 0x1}) 24.230686866s ago: executing program 4 (id=10): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_QP_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001280)={&(0x7f00000001c0)=ANY=[@ANYRES8=r0], 0x20}, 0x1, 0x0, 0x0, 0x40008d5}, 0x40094) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001500)={0x0, 0x0, 0x0}, 0xc5) r2 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0xffffff06, &(0x7f0000000080)=[{&(0x7f0000000040)="c01803001d000b63d25a80648c2594f90124fc60100c064001000009053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x4000}, 0x3500000000000000) r3 = openat$uinput(0xffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_GET_VERSION(r3, 0x8004552d, 0x0) ioctl$UI_GET_VERSION(r3, 0x8004552d, &(0x7f0000001380)) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYBLOB="0000000000000000340012800e0001006970366772657461700000002000028014000700feffffff000000"], 0x54}}, 0x0) r5 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) preadv(r5, &(0x7f00000000c0)=[{&(0x7f0000000040)=""/98, 0x62}], 0x1, 0x0, 0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) close(r5) r6 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) r7 = syz_open_procfs(0x0, &(0x7f0000000100)='comm\x00') preadv(r7, &(0x7f0000000000)=[{&(0x7f0000000240)=""/135, 0x87}], 0x1, 0x0, 0x0) r8 = socket$pptp(0x18, 0x1, 0x2) getsockopt$sock_buf(r8, 0x1, 0x2e, &(0x7f0000000240)=""/4096, &(0x7f0000001240)=0x1000) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r6, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x2, 0x4}) r9 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) syz_open_dev$media(0x0, 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r9, 0xc04064a0, 0x0) ioctl$DRM_IOCTL_MODE_CURSOR(r6, 0xc01c64a3, &(0x7f0000000040)={0x3, 0x0, 0x0, 0x80000001, 0xb, 0x1fd, 0x1}) 24.171012837s ago: executing program 2 (id=11): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_QP_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001280)={&(0x7f00000001c0)=ANY=[@ANYRES8=r0], 0x20}, 0x1, 0x0, 0x0, 0x40008d5}, 0x40094) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001500)={0x0, 0x0, 0x0}, 0xc5) r2 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0xffffff06, &(0x7f0000000080)=[{&(0x7f0000000040)="c01803001d000b63d25a80648c2594f90124fc60100c064001000009053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x4000}, 0x3500000000000000) r3 = openat$uinput(0xffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_GET_VERSION(r3, 0x8004552d, 0x0) ioctl$UI_GET_VERSION(r3, 0x8004552d, &(0x7f0000001380)) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYBLOB="0000000000000000340012800e0001006970366772657461700000002000028014000700feffffff0000"], 0x54}}, 0x0) r5 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) preadv(r5, &(0x7f00000000c0)=[{&(0x7f0000000040)=""/98, 0x62}], 0x1, 0x0, 0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) close(r5) r6 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) r7 = syz_open_procfs(0x0, &(0x7f0000000100)='comm\x00') preadv(r7, &(0x7f0000000000)=[{&(0x7f0000000240)=""/135, 0x87}], 0x1, 0x0, 0x0) r8 = socket$pptp(0x18, 0x1, 0x2) getsockopt$sock_buf(r8, 0x1, 0x2e, &(0x7f0000000240)=""/4096, &(0x7f0000001240)=0x1000) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r6, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x2, 0x4}) r9 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) syz_open_dev$media(0x0, 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r9, 0xc04064a0, &(0x7f0000000700)={0x0, &(0x7f0000000640)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_CURSOR(r6, 0xc01c64a3, &(0x7f0000000040)={0x3, r10, 0x0, 0x80000001, 0xb, 0x1fd, 0x1}) 24.006593902s ago: executing program 1 (id=12): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_QP_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001280)={&(0x7f00000001c0)=ANY=[@ANYRES8=r0], 0x20}, 0x1, 0x0, 0x0, 0x40008d5}, 0x40094) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001500)={0x0, 0x0, 0x0}, 0xc5) r2 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0xffffff06, &(0x7f0000000080)=[{&(0x7f0000000040)="c01803001d000b63d25a80648c2594f90124fc60100c064001000009053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x4000}, 0x3500000000000000) r3 = openat$uinput(0xffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_GET_VERSION(r3, 0x8004552d, 0x0) ioctl$UI_GET_VERSION(r3, 0x8004552d, &(0x7f0000001380)) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYBLOB="0000000000000000340012800e0001006970366772657461700000002000028014000700feffffff000000"], 0x54}}, 0x0) r5 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) preadv(r5, &(0x7f00000000c0)=[{&(0x7f0000000040)=""/98, 0x62}], 0x1, 0x0, 0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) close(r5) r6 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) r7 = syz_open_procfs(0x0, &(0x7f0000000100)='comm\x00') preadv(r7, &(0x7f0000000000)=[{&(0x7f0000000240)=""/135, 0x87}], 0x1, 0x0, 0x0) r8 = socket$pptp(0x18, 0x1, 0x2) getsockopt$sock_buf(r8, 0x1, 0x2e, &(0x7f0000000240)=""/4096, &(0x7f0000001240)=0x1000) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r6, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x2, 0x4}) r9 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) syz_open_dev$media(0x0, 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r9, 0xc04064a0, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_CURSOR(r6, 0xc01c64a3, &(0x7f0000000040)={0x3, 0x0, 0x0, 0x80000001, 0xb, 0x1fd, 0x1}) 23.99257302s ago: executing program 0 (id=13): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000459bb2405804035000000000000109021b00011100000009040000019569", @ANYRES32], 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000240)}, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/fs/bpf', 0x0, 0x0) openat$cgroup_ro(r1, &(0x7f0000000040)='io.stat\x00', 0x275a, 0x0) r2 = socket$inet_sctp(0x2, 0x5, 0x84) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = socket$kcm(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)={0x70, 0x0, 0x0, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_DATA_SEQ={0x5}, @L2TP_ATTR_VLAN_ID={0x6}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_VLAN_ID={0x6, 0xe, 0xfffa}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x3}, @L2TP_ATTR_L2SPEC_TYPE={0x5, 0x5, 0x1}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @broadcast}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'veth0_vlan\x00'}, @L2TP_ATTR_UDP_DPORT={0x6, 0x1b, 0x4e20}]}, 0x70}}, 0x0) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003b000b05d25a806c8c6394f90224fc60100005000a000200053582c137153e37000c0180fc0b10000600", 0x33fe0}], 0x1}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x5, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, r4) bind$inet(0xffffffffffffffff, 0x0, 0x0) syz_usb_connect(0x0, 0x24, 0x0, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00'}) r6 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) preadv(r6, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a24000000000a01010000000000000000050000000900010073797a30000000000400060070000000030a01030000000000000000050000000900010073797a30000000001c0008800c00024000000000000000000c00014000000000000000000900030073797a3200000000280004800800024000000000080001400000000014000300766c616e3000"/167], 0xd0}}, 0x0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0) syz_emit_ethernet(0x3e, &(0x7f0000000100)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x7, 0xc2, 0x0, 0x0, 0x0, {[@mss={0x2, 0x0, 0xa005}, @sack_perm]}}}}}}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) 23.529722932s ago: executing program 3 (id=14): syz_usb_connect(0x0, 0x2d, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000240)}, 0x0) r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="380000001000"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000180012800c0001006d6163766c616e001800028004000580ae442be9ec0f27fe30f5acf9cfef54d568e76d01db82bfef6965e45bebab74f55027d960580f75c8515cde379a77b3b1f749cbdbd06724850afbc10b84da03a43c86285b12e9d661b278a3aea1e05d4d2e3b24a51c79b5b283612c606f06b22da5c3497833f165c5dc34edfb778c3e56f2e6b3f666a3497107fd4a7113e1"], 0x38}}, 0x0) r3 = socket$kcm(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)={0x60, 0x0, 0x0, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_DATA_SEQ={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x3}, @L2TP_ATTR_L2SPEC_TYPE={0x5, 0x5, 0x1}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @broadcast}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'veth0_vlan\x00'}, @L2TP_ATTR_UDP_DPORT={0x6, 0x1b, 0x4e20}]}, 0x60}}, 0x0) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x5, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) bind$inet(0xffffffffffffffff, 0x0, 0x0) syz_usb_connect(0x0, 0x24, 0x0, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00'}) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) preadv(r4, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a24000000000a01010000000000000000050000000900010073797a30000000000400060070000000030a01030000000000000000050000000900010073797a30000000001c0008800c00024000000000000000000c00014000000000000000000900030073797a3200000000280004800800024000000000080001400000000014000300766c616e3000"/167], 0xd0}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_emit_ethernet(0x3e, &(0x7f0000000100)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x7, 0xc2, 0x0, 0x0, 0x0, {[@mss={0x2, 0x0, 0xa005}, @sack_perm]}}}}}}}, 0x0) 23.143899539s ago: executing program 4 (id=15): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_QP_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001280)={&(0x7f00000001c0)=ANY=[@ANYRES8=r0], 0x20}, 0x1, 0x0, 0x0, 0x40008d5}, 0x40094) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001500)={0x0, 0x0, 0x0}, 0xc5) r2 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0xffffff06, &(0x7f0000000080)=[{&(0x7f0000000040)="c01803001d000b63d25a80648c2594f90124fc60100c064001000009053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x4000}, 0x3500000000000000) r3 = openat$uinput(0xffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_GET_VERSION(r3, 0x8004552d, 0x0) ioctl$UI_GET_VERSION(r3, 0x8004552d, &(0x7f0000001380)) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYBLOB="0000000000000000340012800e000100697036677265"], 0x54}}, 0x0) r5 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) preadv(r5, &(0x7f00000000c0)=[{&(0x7f0000000040)=""/98, 0x62}], 0x1, 0x0, 0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) close(r5) r6 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) r7 = syz_open_procfs(0x0, &(0x7f0000000100)='comm\x00') preadv(r7, &(0x7f0000000000)=[{&(0x7f0000000240)=""/135, 0x87}], 0x1, 0x0, 0x0) r8 = socket$pptp(0x18, 0x1, 0x2) getsockopt$sock_buf(r8, 0x1, 0x2e, &(0x7f0000000240)=""/4096, &(0x7f0000001240)=0x1000) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r6, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x2, 0x4}) r9 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) syz_open_dev$media(0x0, 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r9, 0xc04064a0, &(0x7f0000000700)={0x0, &(0x7f0000000640)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_CURSOR(r6, 0xc01c64a3, &(0x7f0000000040)={0x3, r10, 0x0, 0x80000001, 0xb, 0x1fd, 0x1}) 23.102198548s ago: executing program 2 (id=16): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_QP_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001280)={&(0x7f00000001c0)=ANY=[@ANYRES8=r0], 0x20}, 0x1, 0x0, 0x0, 0x40008d5}, 0x40094) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001500)={0x0, 0x0, 0x0}, 0xc5) r2 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0xffffff06, &(0x7f0000000080)=[{&(0x7f0000000040)="c01803001d000b63d25a80648c2594f90124fc60100c064001000009053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x4000}, 0x3500000000000000) r3 = openat$uinput(0xffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_GET_VERSION(r3, 0x8004552d, 0x0) ioctl$UI_GET_VERSION(r3, 0x8004552d, &(0x7f0000001380)) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYBLOB="0000000000000000340012800e0001006970366772657461700000002000028014000700feffffff000000"], 0x54}}, 0x0) r5 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) preadv(r5, &(0x7f00000000c0)=[{&(0x7f0000000040)=""/98, 0x62}], 0x1, 0x0, 0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) close(r5) r6 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) r7 = syz_open_procfs(0x0, &(0x7f0000000100)='comm\x00') preadv(r7, &(0x7f0000000000)=[{&(0x7f0000000240)=""/135, 0x87}], 0x1, 0x0, 0x0) r8 = socket$pptp(0x18, 0x1, 0x2) getsockopt$sock_buf(r8, 0x1, 0x2e, &(0x7f0000000240)=""/4096, &(0x7f0000001240)=0x1000) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r6, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x2, 0x4}) r9 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) syz_open_dev$media(0x0, 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r9, 0xc04064a0, 0x0) ioctl$DRM_IOCTL_MODE_CURSOR(r6, 0xc01c64a3, &(0x7f0000000040)={0x3, 0x0, 0x0, 0x80000001, 0xb, 0x1fd, 0x1}) 22.19450266s ago: executing program 1 (id=17): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_QP_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001280)={&(0x7f00000001c0)=ANY=[@ANYRES8=r0], 0x20}, 0x1, 0x0, 0x0, 0x40008d5}, 0x40094) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) sendmsg$sock(0xffffffffffffffff, &(0x7f0000001500)={0x0, 0x0, 0x0}, 0xc5) r2 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0xffffff06, &(0x7f0000000080)=[{&(0x7f0000000040)="c01803001d000b63d25a80648c2594f90124fc60100c064001000009053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x4000}, 0x3500000000000000) r3 = openat$uinput(0xffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_GET_VERSION(r3, 0x8004552d, 0x0) ioctl$UI_GET_VERSION(r3, 0x8004552d, &(0x7f0000001380)) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYBLOB="0000000000000000340012800e0001006970366772657461700000002000028014000700feffffff00"], 0x54}}, 0x0) r5 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) preadv(r5, &(0x7f00000000c0)=[{&(0x7f0000000040)=""/98, 0x62}], 0x1, 0x0, 0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) close(r5) r6 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) r7 = syz_open_procfs(0x0, &(0x7f0000000100)='comm\x00') preadv(r7, &(0x7f0000000000)=[{&(0x7f0000000240)=""/135, 0x87}], 0x1, 0x0, 0x0) r8 = socket$pptp(0x18, 0x1, 0x2) getsockopt$sock_buf(r8, 0x1, 0x2e, &(0x7f0000000240)=""/4096, &(0x7f0000001240)=0x1000) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r6, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x2, 0x4}) r9 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) syz_open_dev$media(0x0, 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r9, 0xc04064a0, &(0x7f0000000700)={0x0, &(0x7f0000000640)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_CURSOR(r6, 0xc01c64a3, &(0x7f0000000040)={0x3, r10, 0x0, 0x80000001, 0xb, 0x1fd, 0x1}) 22.161305482s ago: executing program 3 (id=18): socket$nl_sock_diag(0x10, 0x3, 0x4) socket$inet_udp(0x2, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040), 0x20001, 0x0) open(&(0x7f0000000040)='./bus\x00', 0x864c42, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000005"], 0x48) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) socket$kcm(0x10, 0x2, 0x0) mq_open(&(0x7f0000000000)='\'\x80\x00\x00\x00\x00\x00\x00\x012\x9c\xe1\x00\x03q\xc3\x14(w\xaf\xb3\xc4\xd8V|\xc0\x03\xaf\a', 0x40, 0x88, 0x0) epoll_create1(0x80000) socket$unix(0x1, 0x5, 0x0) pipe(0x0) r0 = socket(0x1, 0x803, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=@newlink={0x44, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5caf7}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r1}, @IFLA_MASTER={0x8}]}, 0x44}}, 0x0) 15.06462036s ago: executing program 0 (id=19): syz_usb_connect(0x0, 0x2d, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000240)}, 0x0) r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="380000001000"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000180012800c0001006d6163766c616e001800028004000580ae442be9ec0f27fe30f5acf9cfef54d568e76d01db82bfef6965e45bebab74f55027d960580f75c8515cde379a77b3b1f749cbdbd06724850afbc10b84da03a43c86285b12e9d661b278a3aea1e05d4d2e3b24a51c79b5b283612c606f06b22da5c3497833f165c5dc34edfb778c3e56f2e6b3f666a3497107fd4a7113e1"], 0x38}}, 0x0) r3 = socket$kcm(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)={0x14}, 0x14}}, 0x0) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003b000b05d25a806c8c6394f90224fc60100005000a000200053582c137153e37000c0180fc0b10000600", 0x33fe0}], 0x1}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x5, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) bind$inet(0xffffffffffffffff, 0x0, 0x0) syz_usb_connect(0x0, 0x24, 0x0, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00'}) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) preadv(r4, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a24000000000a01010000000000000000050000000900010073797a30000000000400060070000000030a01030000000000000000050000000900010073797a30000000001c0008800c00024000000000000000000c00014000000000000000000900030073797a3200000000280004800800024000000000080001400000000014000300766c616e3000"/167], 0xd0}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_emit_ethernet(0x3e, &(0x7f0000000100)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x7, 0xc2, 0x0, 0x0, 0x0, {[@mss={0x2, 0x0, 0xa005}, @sack_perm]}}}}}}}, 0x0) 14.140191956s ago: executing program 1 (id=20): syz_emit_ethernet(0x60, &(0x7f0000000000)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaabb86dd60000000002a3afffe8000000096285600000000000000000000bbff020000000000000000000000000001890090780000000020010000000200"/96], 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0xfffffffffffffff9) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) eventfd(0x83) ioctl$UFFDIO_ZEROPAGE(0xffffffffffffffff, 0xc020aa04, 0x0) r2 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_DEL_MIF(r2, 0x29, 0xc8, 0x0, 0xc000000) setsockopt$MRT6_ADD_MFC(r2, 0x29, 0xcc, &(0x7f0000000280)={{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast2}}, 0x5c) r3 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC(r3, 0x29, 0xcc, &(0x7f0000000280)={{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast2}}, 0x5c) setsockopt$MRT6_FLUSH(r3, 0x29, 0xd4, &(0x7f0000000240)=0x2, 0x4) 14.139329185s ago: executing program 2 (id=21): socket(0x1e, 0x1, 0x0) r0 = socket$inet_sctp(0x2, 0x1, 0x84) r1 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r1, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x58}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="090d0000000000f0ff000700000008000300", @ANYRES32=r5, @ANYBLOB="0800051d000000001400060076657468115f746f5f7465616d8000000400cc000800054001000000140004"], 0x58}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000cc0)={'wlan0\x00', 0x0}) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_INTERFACE(r7, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYBLOB='%\b\x00z\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\b', @ANYRES32=r6, @ANYBLOB], 0x54}}, 0x0) listen(r1, 0x0) r8 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r8, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10) r9 = dup3(r0, r0, 0x80000) r10 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581", @ANYRES32, @ANYRESOCT=r9], 0x0) syz_usb_control_io$hid(r10, 0x0, 0x0) syz_usb_control_io(r10, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d09647190890"], 0x0, 0x0, 0x0, 0x0}, 0x0) r11 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) ioctl$HIDIOCGUSAGE(r11, 0x4018480c, &(0x7f00000000c0)={0x2}) r12 = accept(r1, 0x0, 0x0) sendmsg$nl_route(r12, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000680)=ANY=[], 0xfffffdef}}, 0x200040c0) close_range(r0, 0xffffffffffffffff, 0x0) 5.083016605s ago: executing program 2 (id=24): r0 = syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a82300000904000002ca744d00090503034d00ff99090805", @ANYRES32], &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) r2 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCL_GETMOUSEREPORTING(r2, 0x5603, 0x0) read$char_usb(r1, &(0x7f0000000180)=""/97, 0x61) write$char_usb(r1, &(0x7f0000000240)="8b", 0x1) r3 = socket$key(0xf, 0x3, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r4, &(0x7f0000001880)=[{0x0}], 0x1, 0x0, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) sendmsg$key(r3, &(0x7f00000001c0)={0x500, 0x0, 0x0}, 0x0) r5 = openat$ttyS3(0xffffff9c, 0x0, 0x0, 0x0) r6 = dup(r5) flock(0xffffffffffffffff, 0xa556a814575266ed) ioctl$TCSETSW2(r6, 0x402c542c, 0x0) ioctl$TIOCMBIS(r6, 0x5416, &(0x7f0000000100)=0x7) r7 = socket$inet(0x2, 0x3, 0x8d) r8 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$inet_msfilter(r8, 0x0, 0x8, &(0x7f0000000280)=ANY=[], 0x1) getsockopt$inet_pktinfo(r7, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000140)=0xc) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000000)={@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, r9}) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000680)={0x1b, 0x0, 0x0, 0x3, 0x0, r4, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x2, 0x3, 0x0, @void, @value, @void, @value}, 0x48) bind$can_j1939(0xffffffffffffffff, 0x0, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11}, &(0x7f00000001c0)) syz_usb_disconnect(r0) 4.828695198s ago: executing program 1 (id=26): socket(0x1e, 0x1, 0x0) r0 = socket$inet_sctp(0x2, 0x1, 0x84) r1 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r1, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x58}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="090d0000000000f0ff000700000008000300", @ANYRES32=r6, @ANYBLOB="0800051d000000001400060076657468115f746f5f7465616d8000000400cc00080005400100000014"], 0x58}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000cc0)={'wlan0\x00', 0x0}) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_INTERFACE(r8, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="2508007a0000000000000700000008000300", @ANYRES32=r7, @ANYBLOB="1400060064756d6d7930000000000000000000001400040076657468315f746f5f626f016400000005005300010000000800050004"], 0x54}}, 0x0) listen(r1, 0x0) r9 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r9, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10) r10 = dup3(r0, r0, 0x80000) r11 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581", @ANYRES32, @ANYRESOCT=r10], 0x0) syz_usb_control_io$hid(r11, 0x0, 0x0) syz_usb_control_io(r11, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d09647190890"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) r12 = accept(r1, 0x0, 0x0) sendmsg$nl_route(r12, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000680)=ANY=[], 0xfffffdef}}, 0x200040c0) close_range(r0, 0xffffffffffffffff, 0x0) 1.452533083s ago: executing program 1 (id=27): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)=ANY=[@ANYBLOB, @ANYRES16=r1, @ANYBLOB="090d0000000000f0ff000700000008000300", @ANYRES32=r2], 0x58}}, 0x0) 1.279548749s ago: executing program 1 (id=28): socket(0x1e, 0x1, 0x0) r0 = socket$inet_sctp(0x2, 0x1, 0x84) r1 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r1, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x58}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="090d0000000000f0ff000700000008000300", @ANYRES32=r5, @ANYBLOB="0800051d000000001400060076657468115f746f5f7465616d8000000400cc000800054001000000140004"], 0x58}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000cc0)={'wlan0\x00', 0x0}) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_INTERFACE(r7, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES32=r6, @ANYBLOB], 0x54}}, 0x0) listen(r1, 0x0) r8 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r8, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10) r9 = dup3(r0, r0, 0x80000) r10 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581", @ANYRES32, @ANYRESOCT=r9], 0x0) syz_usb_control_io$hid(r10, 0x0, 0x0) syz_usb_control_io(r10, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d09647190890"], 0x0, 0x0, 0x0, 0x0}, 0x0) r11 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) ioctl$HIDIOCGUSAGE(r11, 0x4018480c, &(0x7f00000000c0)={0x2}) r12 = accept(r1, 0x0, 0x0) sendmsg$nl_route(r12, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000680)=ANY=[], 0xfffffdef}}, 0x200040c0) close_range(r0, 0xffffffffffffffff, 0x0) 0s ago: executing program 2 (id=29): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000459bb2405804035000000000000109021b00011100000009040000019569", @ANYRES32], 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000240)}, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/fs/bpf', 0x0, 0x0) openat$cgroup_ro(r1, &(0x7f0000000040)='io.stat\x00', 0x275a, 0x0) r2 = socket$inet_sctp(0x2, 0x5, 0x84) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="380000001000"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000180012800c0001006d6163766c616e001800028004000580ae442be9ec0f27fe30f5acf9cfef54d568e76d01db82bfef6965e45bebab74f55027d960580f75c8515cde379a77b3b1f749cbdbd06724850afbc10b84da03a43c86285b12e9d661b278a3aea1e05d4d2e3b24a51c79b5b283612c606f06b22da5c3497833f165c5dc34edfb778c3e56f2e6b3f666a3497107fd4a7113e1"], 0x38}}, 0x0) r4 = socket$kcm(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)={0x70, 0x0, 0x0, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_DATA_SEQ={0x5}, @L2TP_ATTR_VLAN_ID={0x6}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_VLAN_ID={0x6, 0xe, 0xfffa}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x3}, @L2TP_ATTR_L2SPEC_TYPE={0x5, 0x5, 0x1}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @broadcast}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'veth0_vlan\x00'}, @L2TP_ATTR_UDP_DPORT={0x6, 0x1b, 0x4e20}]}, 0x70}}, 0x0) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003b000b05d25a806c8c6394f90224fc60100005000a000200053582c137153e37000c0180fc0b10000600", 0x33fe0}], 0x1}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x5, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) syz_usb_connect(0x0, 0x24, 0x0, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00'}) r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) preadv(r5, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a24000000000a01010000000000000000050000000900010073797a30000000000400060070000000030a01030000000000000000050000000900010073797a30000000001c0008800c00024000000000000000000c00014000000000000000000900030073797a3200000000280004800800024000000000080001400000000014000300766c616e3000"/167], 0xd0}}, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0) syz_emit_ethernet(0x3e, &(0x7f0000000100)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x7, 0xc2, 0x0, 0x0, 0x0, {[@mss={0x2, 0x0, 0xa005}, @sack_perm]}}}}}}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.74' (ED25519) to the list of known hosts. [ 58.660885][ T5218] cgroup: Unknown subsys name 'net' [ 58.763758][ T5218] cgroup: Unknown subsys name 'cpuset' [ 58.771951][ T5218] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 60.296595][ T5218] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 62.518068][ T5231] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 62.525870][ T5231] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 62.537209][ T5234] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 62.545588][ T5234] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 62.553879][ T5234] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 62.561121][ T5234] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 62.569638][ T5234] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 62.574129][ T5238] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 62.577831][ T5234] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 62.591338][ T5238] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 62.592053][ T5234] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 62.610684][ T5238] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 62.612797][ T5234] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 62.618523][ T5238] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 62.630752][ T5234] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 62.641060][ T5234] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 62.648773][ T5238] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 62.649045][ T5241] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 62.665191][ T5238] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 62.666474][ T5241] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 62.686252][ T5241] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 62.693695][ T5241] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 62.708199][ T5241] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 62.716691][ T5241] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 62.727862][ T5241] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 62.736047][ T5241] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 62.736056][ T5231] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 62.740821][ T5231] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 62.760730][ T5231] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 62.769483][ T5233] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 63.176403][ T5245] chnl_net:caif_netlink_parms(): no params data found [ 63.258552][ T5243] chnl_net:caif_netlink_parms(): no params data found [ 63.300587][ T5252] chnl_net:caif_netlink_parms(): no params data found [ 63.396054][ T5251] chnl_net:caif_netlink_parms(): no params data found [ 63.425320][ T5248] chnl_net:caif_netlink_parms(): no params data found [ 63.448113][ T5245] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.456431][ T5245] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.466486][ T5245] bridge_slave_0: entered allmulticast mode [ 63.474301][ T5245] bridge_slave_0: entered promiscuous mode [ 63.501197][ T5245] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.508411][ T5245] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.515899][ T5245] bridge_slave_1: entered allmulticast mode [ 63.522667][ T5245] bridge_slave_1: entered promiscuous mode [ 63.598006][ T5245] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.615540][ T5243] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.623327][ T5243] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.631276][ T5243] bridge_slave_0: entered allmulticast mode [ 63.638003][ T5243] bridge_slave_0: entered promiscuous mode [ 63.665644][ T5245] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.699030][ T5243] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.706288][ T5243] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.713693][ T5243] bridge_slave_1: entered allmulticast mode [ 63.721153][ T5243] bridge_slave_1: entered promiscuous mode [ 63.727786][ T5252] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.735561][ T5252] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.743400][ T5252] bridge_slave_0: entered allmulticast mode [ 63.750276][ T5252] bridge_slave_0: entered promiscuous mode [ 63.807683][ T5252] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.815497][ T5252] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.823155][ T5252] bridge_slave_1: entered allmulticast mode [ 63.829856][ T5252] bridge_slave_1: entered promiscuous mode [ 63.854902][ T5245] team0: Port device team_slave_0 added [ 63.862318][ T5251] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.869703][ T5251] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.877218][ T5251] bridge_slave_0: entered allmulticast mode [ 63.884141][ T5251] bridge_slave_0: entered promiscuous mode [ 63.892448][ T5251] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.899620][ T5251] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.907248][ T5251] bridge_slave_1: entered allmulticast mode [ 63.914467][ T5251] bridge_slave_1: entered promiscuous mode [ 63.944796][ T5245] team0: Port device team_slave_1 added [ 63.965045][ T5243] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.977319][ T5243] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.988442][ T5252] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.998000][ T5248] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.005308][ T5248] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.012549][ T5248] bridge_slave_0: entered allmulticast mode [ 64.019286][ T5248] bridge_slave_0: entered promiscuous mode [ 64.027132][ T5248] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.034448][ T5248] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.041776][ T5248] bridge_slave_1: entered allmulticast mode [ 64.048607][ T5248] bridge_slave_1: entered promiscuous mode [ 64.082054][ T5252] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 64.126137][ T5251] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 64.148900][ T5243] team0: Port device team_slave_0 added [ 64.169530][ T5245] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 64.176778][ T5245] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.202944][ T5245] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 64.221199][ T5251] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 64.233277][ T5243] team0: Port device team_slave_1 added [ 64.242492][ T5252] team0: Port device team_slave_0 added [ 64.250787][ T5248] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 64.262865][ T5248] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 64.272780][ T5245] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 64.279799][ T5245] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.306660][ T5245] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.336332][ T5252] team0: Port device team_slave_1 added [ 64.393462][ T5248] team0: Port device team_slave_0 added [ 64.401921][ T5251] team0: Port device team_slave_0 added [ 64.409263][ T5248] team0: Port device team_slave_1 added [ 64.415984][ T5243] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 64.424284][ T5243] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.450788][ T5243] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 64.472933][ T5252] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 64.480041][ T5252] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.506709][ T5252] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 64.536673][ T5251] team0: Port device team_slave_1 added [ 64.551512][ T5243] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 64.558576][ T5243] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.584948][ T5243] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.601956][ T5252] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 64.608929][ T5252] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.636246][ T5252] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.671725][ T5251] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 64.678711][ T5251] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.704950][ T5251] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 64.736437][ T5245] hsr_slave_0: entered promiscuous mode [ 64.743514][ T5245] hsr_slave_1: entered promiscuous mode [ 64.750968][ T5233] Bluetooth: hci2: command tx timeout [ 64.763093][ T5233] Bluetooth: hci0: command tx timeout [ 64.766243][ T5248] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 64.775700][ T5248] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.801783][ T5248] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 64.813591][ T5251] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 64.821023][ T5251] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.847175][ T5251] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.856163][ T5233] Bluetooth: hci4: command tx timeout [ 64.857803][ T54] Bluetooth: hci3: command tx timeout [ 64.863455][ T5231] Bluetooth: hci1: command tx timeout [ 64.899377][ T5243] hsr_slave_0: entered promiscuous mode [ 64.905805][ T5243] hsr_slave_1: entered promiscuous mode [ 64.912107][ T5243] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 64.920086][ T5243] Cannot create hsr debugfs directory [ 64.930273][ T5248] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 64.937333][ T5248] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.963453][ T5248] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 65.011635][ T5251] hsr_slave_0: entered promiscuous mode [ 65.018186][ T5251] hsr_slave_1: entered promiscuous mode [ 65.028538][ T5251] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 65.036838][ T5251] Cannot create hsr debugfs directory [ 65.070359][ T5252] hsr_slave_0: entered promiscuous mode [ 65.076700][ T5252] hsr_slave_1: entered promiscuous mode [ 65.083129][ T5252] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 65.090797][ T5252] Cannot create hsr debugfs directory [ 65.106668][ T5248] hsr_slave_0: entered promiscuous mode [ 65.113057][ T5248] hsr_slave_1: entered promiscuous mode [ 65.119162][ T5248] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 65.126844][ T5248] Cannot create hsr debugfs directory [ 65.491548][ T5243] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 65.504278][ T5243] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 65.515015][ T5243] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 65.524822][ T5243] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 65.590487][ T5245] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 65.614769][ T5245] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 65.632287][ T5245] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 65.655330][ T5245] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 65.674712][ T5252] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 65.685783][ T5252] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 65.696206][ T5252] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 65.706984][ T5252] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 65.791299][ T5251] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 65.830376][ T5251] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 65.842766][ T5248] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 65.853113][ T5248] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 65.866836][ T5248] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 65.877286][ T5251] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 65.892849][ T5251] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 65.919713][ T5248] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 66.024530][ T5243] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.045338][ T5252] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.094430][ T5243] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.109274][ T5252] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.147776][ T29] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.155099][ T29] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.167200][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.174362][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.205411][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.212581][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.231340][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.238439][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.263902][ T5245] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.299299][ T5251] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.329432][ T5248] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.345692][ T5245] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.384300][ T5251] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.396963][ T2949] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.404142][ T2949] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.436948][ T5248] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.459000][ T2995] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.466137][ T2995] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.497593][ T2995] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.504763][ T2995] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.515165][ T2995] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.522352][ T2995] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.536102][ T2995] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.543361][ T2995] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.576233][ T2949] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.583397][ T2949] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.622302][ T5252] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.719541][ T5243] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.796660][ T5252] veth0_vlan: entered promiscuous mode [ 66.831381][ T5233] Bluetooth: hci0: command tx timeout [ 66.836988][ T5231] Bluetooth: hci2: command tx timeout [ 66.841326][ T5252] veth1_vlan: entered promiscuous mode [ 66.861147][ T5248] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.877268][ T5245] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.910364][ T5233] Bluetooth: hci4: command tx timeout [ 66.910664][ T54] Bluetooth: hci3: command tx timeout [ 66.915850][ T5231] Bluetooth: hci1: command tx timeout [ 66.930799][ T5251] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.959429][ T5243] veth0_vlan: entered promiscuous mode [ 67.002011][ T5252] veth0_macvtap: entered promiscuous mode [ 67.016190][ T5252] veth1_macvtap: entered promiscuous mode [ 67.033331][ T5248] veth0_vlan: entered promiscuous mode [ 67.055851][ T5248] veth1_vlan: entered promiscuous mode [ 67.065390][ T5243] veth1_vlan: entered promiscuous mode [ 67.078496][ T5252] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 67.106067][ T5245] veth0_vlan: entered promiscuous mode [ 67.137807][ T5251] veth0_vlan: entered promiscuous mode [ 67.148622][ T5252] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 67.164126][ T5252] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.174531][ T5252] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.183483][ T5252] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.193934][ T5252] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.220860][ T5245] veth1_vlan: entered promiscuous mode [ 67.242941][ T5248] veth0_macvtap: entered promiscuous mode [ 67.258745][ T5251] veth1_vlan: entered promiscuous mode [ 67.284254][ T5248] veth1_macvtap: entered promiscuous mode [ 67.318738][ T5251] veth0_macvtap: entered promiscuous mode [ 67.376310][ T5251] veth1_macvtap: entered promiscuous mode [ 67.401232][ T5243] veth0_macvtap: entered promiscuous mode [ 67.408645][ T5245] veth0_macvtap: entered promiscuous mode [ 67.418627][ T5245] veth1_macvtap: entered promiscuous mode [ 67.427751][ T5248] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.438728][ T5248] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.453932][ T5248] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 67.478776][ T5243] veth1_macvtap: entered promiscuous mode [ 67.481982][ T2995] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.501162][ T2995] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.524021][ T5248] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.535617][ T5248] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.548353][ T5248] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 67.567491][ T5251] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.578911][ T5251] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.589419][ T5251] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.600576][ T5251] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.612353][ T5251] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 67.625551][ T5248] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.635216][ T5248] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.644277][ T5248] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.653147][ T5248] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.676489][ T5251] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.687174][ T5251] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.697576][ T5251] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.709600][ T5251] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.723418][ T5251] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 67.735251][ T1058] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.737616][ T5251] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.752899][ T1058] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.757908][ T5251] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.769394][ T5251] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.778530][ T5251] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.807327][ T5245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.818149][ T5245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.828248][ T5245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.838955][ T5245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.849123][ T5245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.859682][ T5245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.872537][ T5245] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 67.884311][ T5245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.895102][ T5245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.907742][ T5245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.918245][ T5245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.928557][ T5245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.939081][ T5245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.950506][ T5245] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 67.972575][ T5245] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.981965][ T5245] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.991076][ T5245] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.999809][ T5245] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.024205][ T5243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 68.041616][ T5252] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 68.043643][ T5243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.068434][ T5243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 68.079119][ T5243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.089055][ T5243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 68.099722][ T5243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.109608][ T5243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 68.121502][ T5243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.135348][ T5243] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 68.163000][ T5243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.178129][ T5243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.188120][ T5243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.199160][ T5243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.209106][ T5243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.219622][ T5243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.229565][ T5243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.240358][ T5243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.253096][ T5243] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 68.297616][ T5243] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.307123][ T5243] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.316098][ T5243] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.324975][ T5243] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.502041][ T927] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.566064][ T927] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.633681][ T927] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.701467][ T927] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.752783][ T5290] netlink: 'syz.1.2': attribute type 6 has an invalid length. [ 68.769547][ T29] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.801007][ T29] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.821368][ T5290] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.2'. [ 68.849151][ T2995] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.861892][ T2995] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.910256][ T2995] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.911412][ T5231] Bluetooth: hci2: command tx timeout [ 68.918099][ T2995] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.933240][ T5231] Bluetooth: hci0: command tx timeout [ 68.980279][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 68.990517][ T54] Bluetooth: hci3: command tx timeout [ 68.996020][ T54] Bluetooth: hci1: command tx timeout [ 69.001602][ T54] Bluetooth: hci4: command tx timeout [ 69.019139][ T927] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.071563][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 69.080412][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 69.088723][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 69.098328][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 69.099453][ T927] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.263092][ T2995] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.297514][ T2995] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.435071][ T1058] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.473856][ T1058] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.530212][ T51] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 69.636272][ T5305] netlink: 'syz.2.3': attribute type 6 has an invalid length. [ 69.680085][ T5305] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.3'. [ 69.702396][ T5304] netlink: 'syz.1.6': attribute type 11 has an invalid length. [ 69.763882][ T51] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 69.815767][ T51] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 69.855510][ T51] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 69.869720][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 69.894308][ T51] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 69.906634][ T51] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 69.932175][ T51] usb 4-1: config 0 descriptor?? [ 69.945955][ T5298] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 69.995597][ T0] NOHZ tick-stop error: local softirq work is pending, handler #41!!! [ 70.051088][ T5286] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 70.070183][ T5294] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 70.222436][ T5294] usb 1-1: config 17 has an invalid descriptor of length 255, skipping remainder of the config [ 70.239186][ T5286] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 70.252307][ T5286] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 70.274953][ T5286] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 70.286740][ T5294] usb 1-1: config 17 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 70.330653][ T5286] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 70.358167][ T5286] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 70.364769][ T5294] usb 1-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 70.386609][ T5294] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 70.419692][ T51] plantronics 0003:047F:FFFF.0001: unknown main item tag 0xd [ 70.433784][ T5286] usb 2-1: config 0 descriptor?? [ 70.451662][ T5304] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 70.472480][ T51] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving [ 70.544444][ T51] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 70.724852][ T51] usb 4-1: USB disconnect, device number 2 [ 70.742532][ T5311] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1'. [ 70.796450][ T5311] openvswitch: netlink: Tunnel attr 0 has unexpected len 2 expected 8 [ 70.885483][ T5286] plantronics 0003:047F:FFFF.0002: unknown main item tag 0xd [ 70.896967][ T5318] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.7'. [ 70.921453][ T5286] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving [ 70.942265][ T5286] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 70.958985][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 70.967574][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 70.976262][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 70.985787][ T5318] openvswitch: netlink: Tunnel attr 0 has unexpected len 2 expected 8 [ 71.000056][ T5231] Bluetooth: hci0: command tx timeout [ 71.000098][ T54] Bluetooth: hci2: command tx timeout [ 71.070754][ T5231] Bluetooth: hci4: command tx timeout [ 71.073458][ T54] Bluetooth: hci1: command tx timeout [ 71.076227][ T5231] Bluetooth: hci3: command tx timeout [ 71.297280][ T5283] usb 2-1: USB disconnect, device number 2 [ 71.312792][ T5294] usb 1-1: string descriptor 0 read error: -71 [ 71.341560][ T5294] aiptek 1-1:17.0: interface has no int in endpoints, but must have minimum 1 [ 71.379203][ T5294] usb 1-1: USB disconnect, device number 2 [ 71.553442][ T1270] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.570264][ T1270] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.586534][ T5323] netlink: 'syz.3.9': attribute type 6 has an invalid length. [ 71.600780][ T5323] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.9'. [ 71.878664][ T5330] netlink: 'syz.4.10': attribute type 6 has an invalid length. [ 71.887702][ T5330] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.10'. [ 71.968994][ T5332] netlink: 'syz.2.11': attribute type 6 has an invalid length. [ 71.984248][ T5332] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.11'. [ 72.152492][ T5341] netlink: 'syz.1.12': attribute type 6 has an invalid length. [ 72.187256][ T5341] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.12'. [ 72.330180][ T51] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 72.481091][ T5345] Zero length message leads to an empty skb [ 72.544484][ T51] usb 1-1: config 17 has an invalid descriptor of length 255, skipping remainder of the config [ 72.577880][ T51] usb 1-1: config 17 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 72.600151][ T51] usb 1-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 72.620401][ T51] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 72.883968][ T5339] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.13'. [ 72.903590][ T5339] openvswitch: netlink: Tunnel attr 0 has unexpected len 2 expected 8 [ 73.392198][ T51] usb 1-1: string descriptor 0 read error: -71 [ 73.465374][ T51] aiptek 1-1:17.0: interface has no int in endpoints, but must have minimum 1 [ 73.642996][ T5353] netlink: 'syz.2.16': attribute type 6 has an invalid length. [ 73.777749][ T5353] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.16'. [ 75.951387][ T51] usb 1-1: USB disconnect, device number 3 [ 77.479974][ C1] sched: DL replenish lagged too much [ 81.829198][ T8] cfg80211: failed to load regulatory.db [ 86.055545][ T5365] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.19'. [ 86.620222][ T5365] openvswitch: netlink: Tunnel attr 0 has unexpected len 2 expected 8 [ 87.068308][ T5369] netlink: 'syz.2.21': attribute type 11 has an invalid length. [ 88.421443][ T8] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 90.348814][ T8] usb 3-1: device descriptor read/all, error -71 [ 91.407897][ T5383] netlink: 'syz.1.26': attribute type 11 has an invalid length. [ 91.471199][ T5233] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 91.490156][ T5233] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 91.512846][ T5233] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 91.529554][ T5233] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 91.537368][ T5233] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 91.547184][ T5233] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 91.575671][ T5385] netlink: 'syz.1.26': attribute type 11 has an invalid length. [ 91.651337][ T8] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 91.725738][ T5231] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 91.736012][ T5231] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 91.746924][ T5231] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 91.763021][ T5231] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 91.791387][ T5231] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 91.805033][ T5231] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 91.870936][ T8] usb 3-1: Using ep0 maxpacket: 8 [ 91.894499][ T8] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 91.950099][ T8] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 92.057251][ T8] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 92.112787][ T8] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 92.160005][ T8] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 92.196468][ T8] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 92.220124][ T8] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 92.231766][ T5294] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 92.268996][ T8] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 92.328137][ T8] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 92.366773][ T8] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 92.404507][ T8] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 92.426342][ T5294] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 92.452760][ T5231] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 92.461518][ T5231] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 92.473967][ T5231] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 92.483537][ T8] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 92.499512][ T5231] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 92.508102][ T5231] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 92.516121][ T5231] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 92.550556][ T5294] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 92.572262][ T8] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 92.598197][ T5294] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 92.630861][ T8] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 92.654130][ T5294] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 92.677041][ T8] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 92.698573][ T5294] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 92.720409][ T8] usb 3-1: string descriptor 0 read error: -22 [ 92.726793][ T8] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 92.741733][ T5294] usb 2-1: config 0 descriptor?? [ 92.760679][ T5386] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 92.768627][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 92.844288][ T8] adutux 3-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 93.208668][ T5294] plantronics 0003:047F:FFFF.0003: unknown main item tag 0xd [ 93.237151][ T5294] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving [ 93.276289][ T5294] plantronics 0003:047F:FFFF.0003: hiddev1,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 93.412687][ T5393] syz.2.24(5393): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 93.527327][ T5294] usb 2-1: USB disconnect, device number 3 [ 93.630180][ T5231] Bluetooth: hci2: command tx timeout [ 93.955554][ T5231] Bluetooth: hci3: command tx timeout [ 94.522417][ T5273] usb 3-1: USB disconnect, device number 3 [ 94.530615][ T5392] usb 3-1: Couldn't submit interrupt_out_urb -19 [ 94.594066][ T5231] Bluetooth: hci0: command tx timeout [ 94.716383][ T5399] netlink: 'syz.1.28': attribute type 11 has an invalid length. [ 95.020105][ T5273] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 95.183171][ T5273] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 95.199251][ T5273] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 95.217351][ T5273] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 95.248773][ T5273] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 95.259717][ T5273] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 95.282840][ T5273] usb 2-1: config 0 descriptor?? [ 95.290463][ T5400] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 95.720078][ T5231] Bluetooth: hci2: command tx timeout [ 96.040778][ T5231] Bluetooth: hci3: command tx timeout [ 96.111318][ T5273] plantronics 0003:047F:FFFF.0004: unknown main item tag 0xd [ 96.134314][ T5273] plantronics 0003:047F:FFFF.0004: No inputs registered, leaving [ 96.156175][ T5273] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 96.270141][ T5312] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 96.419045][ T5273] usb 2-1: USB disconnect, device number 4 [ 96.437396][ T5312] usb 3-1: config 17 has an invalid descriptor of length 255, skipping remainder of the config [ 96.481536][ T5312] usb 3-1: config 17 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 96.507767][ T5312] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 96.533664][ T5312] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 96.670154][ T5231] Bluetooth: hci0: command tx timeout [ 96.810856][ T5402] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.29'. [ 96.833954][ T5402] openvswitch: netlink: Tunnel attr 0 has unexpected len 2 expected 8 [ 129.208446][ T5231] Bluetooth: hci2: command tx timeout [ 129.224310][ T5231] Bluetooth: hci3: command tx timeout [ 129.229793][ T5231] Bluetooth: hci0: command tx timeout [ 159.337832][ T5233] Bluetooth: hci0: command tx timeout [ 159.353141][ T5233] Bluetooth: hci3: command tx timeout [ 159.358695][ T5233] Bluetooth: hci2: command tx timeout [ 240.721309][ T1270] ieee802154 phy0 wpan0: encryption failed: -22 [ 240.727659][ T1270] ieee802154 phy1 wpan1: encryption failed: -22 [ 240.741182][ T1270] ieee802154 phy0 wpan0: encryption failed: -22 [ 240.747600][ T1270] ieee802154 phy1 wpan1: encryption failed: -22 [ 240.883005][ T5312] usb 3-1: string descriptor 0 read error: -32 [ 241.271503][ T5312] aiptek 3-1:17.0: interface has no int in endpoints, but must have minimum 1 [ 255.324772][ T5234] Bluetooth: hci3: command 0x0406 tx timeout [ 255.330970][ T5234] Bluetooth: hci2: command 0x0406 tx timeout [ 255.337058][ T5234] Bluetooth: hci1: command 0x0406 tx timeout [ 255.343210][ T5234] Bluetooth: hci0: command 0x0406 tx timeout [ 255.349329][ T5234] Bluetooth: hci4: command 0x0406 tx timeout [ 267.608092][ T5312] usb 3-1: USB disconnect, device number 4 [ 267.710066][ T31] INFO: task kworker/0:0:8 blocked for more than 162 seconds. [ 267.717832][ T31] Not tainted 6.11.0-syzkaller-10669-g11a299a7933e #0 [ 267.779939][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 267.840098][ T31] task:kworker/0:0 state:D stack:23096 pid:8 tgid:8 ppid:2 flags:0x00004000 [ 267.869628][ T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 267.983247][ T31] Workqueue: events_power_efficient crda_timeout_work [ 268.012621][ T1270] ieee802154 phy0 wpan0: encryption failed: -22 [ 268.019471][ T1270] ieee802154 phy1 wpan1: encryption failed: -22 [ 268.150003][ T31] Call Trace: [ 268.153412][ T31] [ 268.156480][ T31] __schedule+0x1895/0x4b30 [ 268.264901][ T31] ? __pfx___schedule+0x10/0x10 [ 268.317372][ T31] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 268.400060][ T31] ? __pfx_lock_release+0x10/0x10 [ 268.406208][ T31] ? kick_pool+0x1bd/0x620 [ 268.509992][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 268.515285][ T31] ? lockdep_hardirqs_on+0x99/0x150 [ 268.620007][ T31] ? schedule+0x90/0x320 [ 268.624338][ T31] schedule+0x14b/0x320 [ 268.628546][ T31] schedule_preempt_disabled+0x13/0x30 [ 268.760020][ T31] __mutex_lock+0x6a7/0xd70 [ 268.764624][ T31] ? __mutex_lock+0x52a/0xd70 [ 268.769352][ T31] ? crda_timeout_work+0x15/0x50 [ 268.925482][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 268.991440][ T31] ? process_scheduled_works+0x976/0x1850 [ 268.997261][ T31] crda_timeout_work+0x15/0x50 [ 269.109933][ T31] process_scheduled_works+0xa63/0x1850 [ 269.115591][ T31] ? __pfx_process_scheduled_works+0x10/0x10 [ 269.211326][ T31] ? assign_work+0x364/0x3d0 [ 269.216016][ T31] worker_thread+0x870/0xd30 [ 269.299961][ T31] ? __kthread_parkme+0x169/0x1d0 [ 269.305083][ T31] ? __pfx_worker_thread+0x10/0x10 [ 269.415466][ T31] kthread+0x2f0/0x390 [ 269.419617][ T31] ? __pfx_worker_thread+0x10/0x10 [ 269.509894][ T31] ? __pfx_kthread+0x10/0x10 [ 269.514568][ T31] ret_from_fork+0x4b/0x80 [ 269.519031][ T31] ? __pfx_kthread+0x10/0x10 [ 269.610029][ T31] ret_from_fork_asm+0x1a/0x30 [ 269.614895][ T31] [ 269.690041][ T31] INFO: task kworker/u8:5:927 blocked for more than 164 seconds. [ 269.697830][ T31] Not tainted 6.11.0-syzkaller-10669-g11a299a7933e #0 [ 269.980002][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 269.988749][ T31] task:kworker/u8:5 state:D stack:21072 pid:927 tgid:927 ppid:2 flags:0x00004000 [ 270.016715][ T31] Workqueue: events_unbound linkwatch_event [ 270.064002][ T31] Call Trace: [ 270.067449][ T31] [ 270.110296][ T31] __schedule+0x1895/0x4b30 [ 270.114914][ T31] ? __pfx___schedule+0x10/0x10 [ 270.160026][ T31] ? __pfx_lock_release+0x10/0x10 [ 270.165158][ T31] ? __mutex_trylock_common+0x92/0x2e0 [ 270.229391][ T31] ? kthread_data+0x52/0xd0 [ 270.260003][ T31] ? schedule+0x90/0x320 [ 270.264431][ T31] ? wq_worker_sleeping+0x66/0x240 [ 270.269609][ T31] ? schedule+0x90/0x320 [ 270.359999][ T31] schedule+0x14b/0x320 [ 270.364261][ T31] schedule_preempt_disabled+0x13/0x30 [ 270.369765][ T31] __mutex_lock+0x6a7/0xd70 [ 270.450007][ T31] ? __mutex_lock+0x52a/0xd70 [ 270.455829][ T31] ? linkwatch_event+0xe/0x60 [ 270.525595][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 270.571514][ T31] ? process_scheduled_works+0x976/0x1850 [ 270.577325][ T31] linkwatch_event+0xe/0x60 [ 270.629935][ T31] process_scheduled_works+0xa63/0x1850 [ 270.635692][ T31] ? __pfx_process_scheduled_works+0x10/0x10 [ 270.715731][ T31] ? assign_work+0x364/0x3d0 [ 270.749908][ T31] worker_thread+0x870/0xd30 [ 270.754598][ T31] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 270.820291][ T31] ? __kthread_parkme+0x169/0x1d0 [ 270.825444][ T31] ? __pfx_worker_thread+0x10/0x10 [ 270.895558][ T31] kthread+0x2f0/0x390 [ 270.899719][ T31] ? __pfx_worker_thread+0x10/0x10 [ 270.969918][ T31] ? __pfx_kthread+0x10/0x10 [ 270.974603][ T31] ret_from_fork+0x4b/0x80 [ 270.979075][ T31] ? __pfx_kthread+0x10/0x10 [ 271.040058][ T31] ret_from_fork_asm+0x1a/0x30 [ 271.044954][ T31] [ 271.105432][ T31] INFO: task syz-executor:5243 blocked for more than 166 seconds. [ 271.174513][ T31] Not tainted 6.11.0-syzkaller-10669-g11a299a7933e #0 [ 271.182209][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 271.191056][ T31] task:syz-executor state:D stack:19968 pid:5243 tgid:5243 ppid:1 flags:0x00004006 [ 271.201678][ T31] Call Trace: [ 271.204996][ T31] [ 271.207959][ T31] __schedule+0x1895/0x4b30 [ 271.212635][ T31] ? __pfx___schedule+0x10/0x10 [ 271.217536][ T31] ? __pfx_lock_release+0x10/0x10 [ 271.222836][ T31] ? __mutex_trylock_common+0x92/0x2e0 [ 271.228356][ T31] ? schedule+0x90/0x320 [ 271.234375][ T31] schedule+0x14b/0x320 [ 271.238645][ T31] schedule_preempt_disabled+0x13/0x30 [ 271.244394][ T31] __mutex_lock+0x6a7/0xd70 [ 271.248971][ T31] ? __mutex_lock+0x52a/0xd70 [ 271.253747][ T31] ? tun_chr_close+0x3b/0x1b0 [ 271.258467][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 271.263760][ T31] ? __pfx_call_rcu+0x10/0x10 [ 271.268488][ T31] tun_chr_close+0x3b/0x1b0 [ 271.400035][ T31] ? __pfx_tun_chr_close+0x10/0x10 [ 271.405281][ T31] __fput+0x23f/0x880 [ 271.409329][ T31] task_work_run+0x24f/0x310 [ 271.471256][ T31] ? kasan_quarantine_put+0xdc/0x230 [ 271.505690][ T31] ? __pfx_task_work_run+0x10/0x10 [ 271.536238][ T31] ? do_exit+0xa2a/0x28e0 [ 271.569937][ T31] ? kmem_cache_free+0x1a2/0x420 [ 271.574984][ T31] ? do_exit+0xa2a/0x28e0 [ 271.620024][ T31] do_exit+0xa2f/0x28e0 [ 271.624286][ T31] ? __pfx_do_exit+0x10/0x10 [ 271.628927][ T31] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 271.691344][ T31] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 271.697427][ T31] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 271.759959][ T31] ? _raw_spin_lock_irq+0xdf/0x120 [ 271.765177][ T31] do_group_exit+0x207/0x2c0 [ 271.800452][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 271.805746][ T31] ? lockdep_hardirqs_on+0x99/0x150 [ 271.899930][ T31] get_signal+0x176f/0x1810 [ 271.904545][ T31] ? __pfx_get_signal+0x10/0x10 [ 271.909450][ T31] ? __pfx_vfs_read+0x10/0x10 [ 271.975930][ T31] arch_do_signal_or_restart+0x96/0x860 [ 272.014394][ T31] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 272.042469][ T31] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 272.048574][ T31] ? syscall_exit_to_user_mode+0xa3/0x370 [ 272.125767][ T31] syscall_exit_to_user_mode+0xc9/0x370 [ 272.190253][ T31] do_syscall_64+0x100/0x230 [ 272.230032][ T31] ? clear_bhb_loop+0x35/0x90 [ 272.234799][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 272.352751][ T31] RIP: 0033:0x7f7c55d7c97c [ 272.357286][ T31] RSP: 002b:00007f7c5605fd90 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 272.513735][ T31] RAX: 0000000000000000 RBX: 00000000ffffffff RCX: 00007f7c55d7c97c [ 272.613106][ T5238] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 272.630011][ T5238] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 272.638503][ T5238] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 272.646935][ T5238] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 272.654664][ T5238] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 272.662098][ T5238] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 272.695195][ T31] RDX: 0000000000000028 RSI: 00007f7c5605fe40 RDI: 00000000000000f9 [ 272.703334][ T31] RBP: 00007f7c5605fdec R08: 0000000000000000 R09: 0079746972756365 [ 272.719269][ T31] R10: 00007f7c55f077e0 R11: 0000000000000246 R12: 0000555562ea15eb [ 272.727708][ T31] R13: 0000555562ea1590 R14: 0000000000014df2 R15: 00007f7c5605fe40 [ 272.739936][ T31] [ 272.747063][ T31] INFO: task syz-executor:5387 blocked for more than 167 seconds. [ 272.758883][ T31] Not tainted 6.11.0-syzkaller-10669-g11a299a7933e #0 [ 272.768630][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 273.130046][ T31] task:syz-executor state:D stack:25040 pid:5387 tgid:5387 ppid:1 flags:0x00004006 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 273.179975][ T31] Call Trace: [ 273.183375][ T31] [ 273.186350][ T31] __schedule+0x1895/0x4b30 [ 273.234262][ T31] ? __pfx___schedule+0x10/0x10 [ 273.239213][ T31] ? __pfx_lock_release+0x10/0x10 [ 273.325857][ T31] ? __mutex_trylock_common+0x92/0x2e0 [ 273.384382][ T31] ? schedule+0x90/0x320 [ 273.388718][ T31] schedule+0x14b/0x320 [ 273.478368][ T31] schedule_preempt_disabled+0x13/0x30 [ 273.484657][ T31] __mutex_lock+0x6a7/0xd70 [ 273.489229][ T31] ? __mutex_lock+0x52a/0xd70 [ 273.560024][ T31] ? ip_tunnel_init_net+0x20e/0x720 [ 273.565323][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 273.620150][ T31] ip_tunnel_init_net+0x20e/0x720 [ 273.625274][ T31] ? __pfx_ip_tunnel_init_net+0x10/0x10 [ 273.720084][ T31] ? ops_init+0x75/0x590 [ 273.724432][ T31] ops_init+0x31e/0x590 [ 273.729769][ T31] ? lockdep_init_map_type+0xa1/0x910 [ 273.779963][ T31] setup_net+0x287/0x9e0 [ 273.784289][ T31] ? __pfx_down_read_killable+0x10/0x10 [ 273.846718][ T31] ? __pfx_setup_net+0x10/0x10 [ 273.880213][ T31] copy_net_ns+0x33f/0x570 [ 273.884810][ T31] create_new_namespaces+0x425/0x7b0 [ 273.935176][ T31] unshare_nsproxy_namespaces+0x124/0x180 [ 273.985491][ T31] ksys_unshare+0x619/0xc10 [ 274.027548][ T31] ? __pfx_ksys_unshare+0x10/0x10 [ 274.033442][ T31] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 274.095451][ T31] ? do_syscall_64+0x100/0x230 [ 274.132358][ T31] __x64_sys_unshare+0x38/0x40 [ 274.137228][ T31] do_syscall_64+0xf3/0x230 [ 274.190359][ T31] ? clear_bhb_loop+0x35/0x90 [ 274.230059][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 274.236065][ T31] RIP: 0033:0x7fb367f7f737 [ 274.285382][ T31] RSP: 002b:00007fb36825ffa8 EFLAGS: 00000206 ORIG_RAX: 0000000000000110 [ 274.307888][ T31] RAX: ffffffffffffffda RBX: 00007fb367ff198c RCX: 00007fb367f7f737 [ 274.335422][ T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 [ 274.350225][ T31] RBP: 0000000000000000 R08: 00007fb368c67d60 R09: 0000000000000000 [ 274.358282][ T31] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000000000c [ 274.374237][ T31] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 274.384663][ T31] [ 274.397465][ T31] INFO: task syz-executor:5389 blocked for more than 169 seconds. [ 274.407817][ T31] Not tainted 6.11.0-syzkaller-10669-g11a299a7933e #0 [ 274.430639][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 274.439386][ T31] task:syz-executor state:D stack:26736 pid:5389 tgid:5389 ppid:1 flags:0x00004006 [ 274.481512][ T31] Call Trace: [ 274.484859][ T31] [ 274.487835][ T31] __schedule+0x1895/0x4b30 [ 274.530257][ T31] ? __pfx___schedule+0x10/0x10 [ 274.535202][ T31] ? __pfx_lock_release+0x10/0x10 [ 274.551156][ T31] ? __mutex_trylock_common+0x92/0x2e0 [ 274.556803][ T31] ? schedule+0x90/0x320 [ 274.579895][ T31] schedule+0x14b/0x320 [ 274.584148][ T31] schedule_preempt_disabled+0x13/0x30 [ 274.589650][ T31] __mutex_lock+0x6a7/0xd70 [ 274.619913][ T31] ? __mutex_lock+0x52a/0xd70 [ 274.624680][ T31] ? register_nexthop_notifier+0x84/0x290 [ 274.640024][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 274.645131][ T31] ? __asan_memset+0x23/0x50 [ 274.659897][ T31] register_nexthop_notifier+0x84/0x290 [ 274.665534][ T31] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 274.679870][ T31] ? __pfx_debug_check_no_locks_freed+0x10/0x10 [ 274.686189][ T31] ? __pfx_register_nexthop_notifier+0x10/0x10 [ 274.708439][ T31] ? __asan_memset+0x23/0x50 [ 274.714918][ T31] ops_init+0x31e/0x590 [ 274.719135][ T31] ? lockdep_init_map_type+0xa1/0x910 [ 274.730296][ T31] setup_net+0x287/0x9e0 [ 274.734602][ T31] ? __pfx_down_read_killable+0x10/0x10 [ 274.746621][ T31] ? __pfx_setup_net+0x10/0x10 [ 274.761481][ T31] copy_net_ns+0x33f/0x570 [ 274.766072][ T31] create_new_namespaces+0x425/0x7b0 [ 274.771985][ T31] unshare_nsproxy_namespaces+0x124/0x180 [ 274.777781][ T31] ksys_unshare+0x619/0xc10 [ 274.782910][ T31] ? __pfx_ksys_unshare+0x10/0x10 [ 274.788006][ T31] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 274.794776][ T31] ? do_syscall_64+0x100/0x230 [ 274.799614][ T31] __x64_sys_unshare+0x38/0x40 [ 274.804907][ T31] do_syscall_64+0xf3/0x230 [ 274.809482][ T31] ? clear_bhb_loop+0x35/0x90 [ 274.816191][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 274.822567][ T31] RIP: 0033:0x7ffa6297f737 [ 274.827025][ T31] RSP: 002b:00007ffa62c5ffa8 EFLAGS: 00000206 ORIG_RAX: 0000000000000110 [ 274.836154][ T31] RAX: ffffffffffffffda RBX: 00007ffa629f198c RCX: 00007ffa6297f737 [ 274.844689][ T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 [ 274.853291][ T31] RBP: 0000000000000000 R08: 00007ffa63667d60 R09: 0000000000000000 [ 274.863064][ T31] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000000000c [ 274.871526][ T31] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 274.879564][ T31] [ 274.883240][ T31] INFO: task syz-executor:5391 blocked for more than 170 seconds. [ 274.893128][ T31] Not tainted 6.11.0-syzkaller-10669-g11a299a7933e #0 [ 274.900582][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 274.909292][ T31] task:syz-executor state:D stack:25552 pid:5391 tgid:5391 ppid:1 flags:0x00004006 [ 274.925599][ T31] Call Trace: [ 274.928947][ T31] [ 274.931998][ T31] __schedule+0x1895/0x4b30 [ 274.936572][ T31] ? __pfx___schedule+0x10/0x10 [ 274.941671][ T31] ? __pfx_lock_release+0x10/0x10 [ 274.946766][ T31] ? __mutex_trylock_common+0x92/0x2e0 [ 274.952352][ T31] ? schedule+0x90/0x320 [ 274.956634][ T31] schedule+0x14b/0x320 [ 274.961862][ T31] schedule_preempt_disabled+0x13/0x30 [ 274.967388][ T31] __mutex_lock+0x6a7/0xd70 [ 274.972007][ T31] ? __mutex_lock+0x52a/0xd70 [ 274.976732][ T31] ? register_nexthop_notifier+0x84/0x290 [ 274.983922][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 274.989208][ T31] ? __asan_memset+0x23/0x50 [ 274.994128][ T31] register_nexthop_notifier+0x84/0x290 [ 274.999726][ T31] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 275.005700][ T31] ? __pfx_debug_check_no_locks_freed+0x10/0x10 [ 275.017799][ T31] ? __pfx_register_nexthop_notifier+0x10/0x10 [ 275.024107][ T31] ? __asan_memset+0x23/0x50 [ 275.028754][ T31] ops_init+0x31e/0x590 [ 275.038894][ T31] ? lockdep_init_map_type+0xa1/0x910 [ 275.044396][ T31] setup_net+0x287/0x9e0 [ 275.048689][ T31] ? __pfx_down_read_killable+0x10/0x10 [ 275.061790][ T31] ? __pfx_setup_net+0x10/0x10 [ 275.066641][ T31] copy_net_ns+0x33f/0x570 [ 275.071707][ T31] create_new_namespaces+0x425/0x7b0 [ 275.077295][ T31] unshare_nsproxy_namespaces+0x124/0x180 [ 275.085419][ T31] ksys_unshare+0x619/0xc10 [ 275.095770][ T31] ? __pfx_ksys_unshare+0x10/0x10 [ 275.103239][ T31] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 275.109289][ T31] ? do_syscall_64+0x100/0x230 [ 275.117607][ T31] __x64_sys_unshare+0x38/0x40 [ 275.124790][ T31] do_syscall_64+0xf3/0x230 [ 275.129346][ T31] ? clear_bhb_loop+0x35/0x90 [ 275.137521][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 275.145922][ T31] RIP: 0033:0x7f4a8bd7f737 [ 275.153881][ T31] RSP: 002b:00007f4a8c05ffa8 EFLAGS: 00000206 ORIG_RAX: 0000000000000110 [ 275.164220][ T31] RAX: ffffffffffffffda RBX: 00007f4a8bdf198c RCX: 00007f4a8bd7f737 [ 275.172372][ T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 [ 275.180443][ T31] RBP: 0000000000000000 R08: 00007f4a8ca67d60 R09: 0000000000000000 [ 275.188450][ T31] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000000000c [ 275.196547][ T31] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 275.206123][ T31] [ 275.214557][ T31] INFO: task syz.1.28:5399 blocked for more than 170 seconds. [ 275.222181][ T31] Not tainted 6.11.0-syzkaller-10669-g11a299a7933e #0 [ 275.229492][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 275.238681][ T31] task:syz.1.28 state:D stack:25808 pid:5399 tgid:5398 ppid:5252 flags:0x00004004 [ 275.248978][ T31] Call Trace: [ 275.252340][ T31] [ 275.255305][ T31] __schedule+0x1895/0x4b30 [ 275.259909][ T31] ? __pfx___schedule+0x10/0x10 [ 275.265513][ T31] ? __pfx_lock_release+0x10/0x10 [ 275.270732][ T31] ? __mutex_trylock_common+0x92/0x2e0 [ 275.276251][ T31] ? schedule+0x90/0x320 [ 275.280610][ T31] schedule+0x14b/0x320 [ 275.284815][ T31] schedule_preempt_disabled+0x13/0x30 [ 275.290359][ T31] __mutex_lock+0x6a7/0xd70 [ 275.294906][ T31] ? __mutex_lock+0x52a/0xd70 [ 275.299625][ T31] ? nl80211_pre_doit+0x5f/0x8b0 [ 275.304698][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 275.309774][ T31] ? genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 275.316296][ T31] ? __nla_parse+0x40/0x60 [ 275.322557][ T31] nl80211_pre_doit+0x5f/0x8b0 [ 275.327395][ T31] genl_rcv_msg+0xaaa/0xec0 [ 275.332494][ T31] ? mark_lock+0x9a/0x360 [ 275.336879][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 275.342550][ T31] ? __pfx_lock_acquire+0x10/0x10 [ 275.347627][ T31] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 275.353592][ T31] ? __pfx_nl80211_new_interface+0x10/0x10 [ 275.359465][ T31] ? __pfx_nl80211_post_doit+0x10/0x10 [ 275.365496][ T31] ? __pfx___might_resched+0x10/0x10 [ 275.372208][ T31] netlink_rcv_skb+0x1e3/0x430 [ 275.377033][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 275.382574][ T31] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 275.387934][ T31] ? __netlink_deliver_tap+0x77e/0x7c0 [ 275.394004][ T31] genl_rcv+0x28/0x40 [ 275.398042][ T31] netlink_unicast+0x7f6/0x990 [ 275.403271][ T31] ? __pfx_netlink_unicast+0x10/0x10 [ 275.408599][ T31] ? __virt_addr_valid+0x183/0x530 [ 275.414251][ T31] ? __check_object_size+0x48e/0x900 [ 275.419681][ T31] netlink_sendmsg+0x8e4/0xcb0 [ 275.424986][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 275.432066][ T31] ? aa_sock_msg_perm+0x91/0x160 [ 275.437059][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 275.442870][ T31] __sock_sendmsg+0x221/0x270 [ 275.447600][ T31] ____sys_sendmsg+0x52a/0x7e0 [ 275.452928][ T31] ? __pfx_____sys_sendmsg+0x10/0x10 [ 275.458285][ T31] __sys_sendmsg+0x292/0x380 [ 275.463413][ T31] ? __pfx___sys_sendmsg+0x10/0x10 [ 275.468623][ T31] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 275.476346][ T31] ? do_syscall_64+0x100/0x230 [ 275.481478][ T31] ? do_syscall_64+0xb6/0x230 [ 275.486211][ T31] do_syscall_64+0xf3/0x230 [ 275.491180][ T31] ? clear_bhb_loop+0x35/0x90 [ 275.495909][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 275.502288][ T31] RIP: 0033:0x7fce5ad7df39 [ 275.506744][ T31] RSP: 002b:00007fce5bb48038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 275.515698][ T31] RAX: ffffffffffffffda RBX: 00007fce5af35f80 RCX: 00007fce5ad7df39 [ 275.524035][ T31] RDX: 0000000000000000 RSI: 0000000020000400 RDI: 0000000000000007 [ 275.532388][ T31] RBP: 00007fce5adf0216 R08: 0000000000000000 R09: 0000000000000000 [ 275.542142][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 275.550610][ T31] R13: 0000000000000000 R14: 00007fce5af35f80 R15: 00007fce5b05fa28 [ 275.558657][ T31] [ 275.563812][ T31] [ 275.563812][ T31] Showing all locks held in the system: [ 275.563954][ T5241] Bluetooth: hci5: command tx timeout [ 275.573619][ T31] 3 locks held by kworker/0:0/8: [ 275.600618][ T31] #0: ffff88801ac81948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 275.618252][ T31] #1: ffffc900000d7d00 ((crda_timeout).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 275.631812][ T31] #2: ffffffff8fcd18c8 (rtnl_mutex){+.+.}-{3:3}, at: crda_timeout_work+0x15/0x50 [ 275.646078][ T31] 6 locks held by kworker/u8:1/12: [ 275.654228][ T31] #0: ffff88801baed948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 275.669959][ T31] #1: ffffc90000117d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 275.688083][ T31] #2: ffffffff8fcc4dd0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 [ 275.698580][ T31] #3: ffff8880507cf0e8 (&dev->mutex){....}-{3:3}, at: devlink_pernet_pre_exit+0x13b/0x440 [ 275.715890][ T31] #4: ffff888062f38250 (&devlink->lock_key#2){+.+.}-{3:3}, at: devlink_pernet_pre_exit+0x14d/0x440 [ 275.727406][ T31] #5: ffffffff8fcd18c8 (rtnl_mutex){+.+.}-{3:3}, at: nsim_destroy+0x71/0x5c0 [ 275.739878][ T31] 1 lock held by khungtaskd/31: [ 275.744993][ T31] #0: ffffffff8e937ee0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 275.761476][ T31] 3 locks held by kworker/u8:5/927: [ 275.766731][ T31] #0: ffff88801ac89148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 275.785164][ T31] #1: ffffc9000388fd00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 275.797693][ T31] #2: ffffffff8fcd18c8 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 275.812207][ T31] 3 locks held by kworker/R-ipv6_/2725: [ 275.817825][ T31] #0: ffff88814bab4948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 275.833299][ T31] #1: ffffc900092a7c80 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 275.847399][ T31] #2: ffffffff8fcd18c8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x19/0x30 [ 275.862903][ T31] 4 locks held by dhcpcd/4900: [ 275.867743][ T31] 2 locks held by getty/4984: [ 275.876342][ T31] #0: ffff8880326aa0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 275.891845][ T31] #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6a6/0x1e00 [ 275.905706][ T31] 2 locks held by syz-executor/5243: [ 275.913752][ T31] #0: ffffffff8fcd18c8 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3b/0x1b0 [ 275.931815][ T31] #1: ffffffff8e93d478 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830 [ 275.943130][ T31] 1 lock held by syz-executor/5251: [ 275.948538][ T31] #0: ffffffff8fcd18c8 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3b/0x1b0 [ 275.957735][ T31] 1 lock held by syz-executor/5252: [ 275.963165][ T31] #0: ffffffff8fcd18c8 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3b/0x1b0 [ 275.972455][ T31] 3 locks held by kworker/0:3/5273: [ 275.977699][ T31] #0: ffff88801ac81948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 275.991397][ T31] #1: ffffc90004077d00 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 276.002748][ T31] #2: ffffffff8fcd18c8 (rtnl_mutex){+.+.}-{3:3}, at: reg_check_chans_work+0x99/0xfd0 [ 276.012620][ T31] 2 locks held by syz-executor/5387: [ 276.017936][ T31] #0: ffffffff8fcc4dd0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 276.027423][ T31] #1: ffffffff8fcd18c8 (rtnl_mutex){+.+.}-{3:3}, at: ip_tunnel_init_net+0x20e/0x720 [ 276.037437][ T31] 2 locks held by syz-executor/5389: [ 276.043325][ T31] #0: ffffffff8fcc4dd0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 276.053140][ T31] #1: ffffffff8fcd18c8 (rtnl_mutex){+.+.}-{3:3}, at: ip_tunnel_init_net+0x20e/0x720 [ 276.063044][ T31] 2 locks held by syz-executor/5391: [ 276.068478][ T31] #0: ffffffff8fcc4dd0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 276.078048][ T31] #1: ffffffff8fcd18c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 276.089355][ T31] 2 locks held by syz.1.28/5399: [ 276.094589][ T31] #0: ffffffff8fd37630 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 276.103004][ T31] #1: ffffffff8fcd18c8 (rtnl_mutex){+.+.}-{3:3}, at: nl80211_pre_doit+0x5f/0x8b0 [ 276.113030][ T31] 2 locks held by syz-executor/5415: [ 276.118351][ T31] #0: ffffffff8fcc4dd0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 276.127921][ T31] #1: ffffffff8fcd18c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 276.138090][ T31] 2 locks held by dhcpcd/5416: [ 276.143230][ T31] #0: ffff88806b3ea258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcb0 [ 276.153274][ T31] #1: ffffffff8e93d478 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830 [ 276.164358][ T31] 1 lock held by dhcpcd/5417: [ 276.169058][ T31] #0: ffff88806b3ec258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcb0 [ 276.178929][ T31] 1 lock held by dhcpcd/5418: [ 276.183784][ T31] #0: ffff88802ee8c258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcb0 [ 276.194853][ T31] 1 lock held by dhcpcd/5419: [ 276.199581][ T31] #0: ffff88804a36e258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcb0 [ 276.209386][ T31] 1 lock held by dhcpcd/5420: [ 276.214229][ T31] #0: ffff88802ee8e258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcb0 [ 276.223992][ T31] 1 lock held by dhcpcd/5421: [ 276.228686][ T31] #0: ffff8880475d8258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcb0 [ 276.238553][ T31] [ 276.241118][ T31] ============================================= [ 276.241118][ T31] [ 276.249577][ T31] NMI backtrace for cpu 1 [ 276.253954][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.11.0-syzkaller-10669-g11a299a7933e #0 [ 276.264197][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 276.274388][ T31] Call Trace: [ 276.277697][ T31] [ 276.280678][ T31] dump_stack_lvl+0x241/0x360 [ 276.285407][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 276.290733][ T31] ? __pfx__printk+0x10/0x10 [ 276.295334][ T31] nmi_cpu_backtrace+0x49c/0x4d0 [ 276.300380][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 276.305873][ T31] ? _printk+0xd5/0x120 [ 276.310049][ T31] ? __pfx__printk+0x10/0x10 [ 276.314670][ T31] ? __wake_up_klogd+0xcc/0x110 [ 276.319531][ T31] ? __pfx__printk+0x10/0x10 [ 276.324136][ T31] ? __rcu_read_unlock+0xa1/0x110 [ 276.329175][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 276.335168][ T31] nmi_trigger_cpumask_backtrace+0x198/0x320 [ 276.341169][ T31] watchdog+0xff4/0x1040 [ 276.345425][ T31] ? watchdog+0x1ea/0x1040 [ 276.349867][ T31] ? __pfx_watchdog+0x10/0x10 [ 276.354569][ T31] kthread+0x2f0/0x390 [ 276.358649][ T31] ? __pfx_watchdog+0x10/0x10 [ 276.363339][ T31] ? __pfx_kthread+0x10/0x10 [ 276.367935][ T31] ret_from_fork+0x4b/0x80 [ 276.372368][ T31] ? __pfx_kthread+0x10/0x10 [ 276.377056][ T31] ret_from_fork_asm+0x1a/0x30 [ 276.381848][ T31] [ 276.385815][ T31] Sending NMI from CPU 1 to CPUs 0: [ 276.392124][ C0] NMI backtrace for cpu 0 [ 276.392137][ C0] CPU: 0 UID: 0 PID: 1077 Comm: kworker/u8:7 Not tainted 6.11.0-syzkaller-10669-g11a299a7933e #0 [ 276.392158][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 276.392169][ C0] Workqueue: bat_events batadv_nc_worker [ 276.392190][ C0] RIP: 0010:kasan_check_range+0x1b7/0x290 [ 276.392214][ C0] Code: f5 4d 01 fb 48 8d 5d 07 48 85 ed 48 0f 49 dd 48 83 e3 f8 48 29 dd 74 12 41 80 3b 00 0f 85 a6 00 00 00 49 ff c3 48 ff cd 75 ee <5b> 41 5c 41 5e 41 5f 5d c3 cc cc cc cc 40 84 ed 75 5f f7 c5 00 ff [ 276.392234][ C0] RSP: 0018:ffffc90003cd7820 EFLAGS: 00000056 [ 276.392248][ C0] RAX: 0000000000000001 RBX: 1ffffffff284d113 RCX: ffffffff8170287b [ 276.392262][ C0] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff94268898 [ 276.392273][ C0] RBP: 0000000000000000 R08: ffffffff9426889f R09: 1ffffffff284d113 [ 276.392286][ C0] R10: dffffc0000000000 R11: fffffbfff284d114 R12: ffff888026f00000 [ 276.392299][ C0] R13: ffff888026f00ad8 R14: dffffc0000000001 R15: fffffbfff284d114 [ 276.392312][ C0] FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 276.392326][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 276.392338][ C0] CR2: 00005613841b7ca3 CR3: 000000002cc10000 CR4: 00000000003506f0 [ 276.392353][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 276.392363][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 276.392374][ C0] Call Trace: [ 276.392381][ C0] [ 276.392387][ C0] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 276.392413][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 276.392440][ C0] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 276.392471][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 276.392494][ C0] ? nmi_handle+0x14f/0x5a0 [ 276.392511][ C0] ? nmi_handle+0x2a/0x5a0 [ 276.392527][ C0] ? kasan_check_range+0x1b7/0x290 [ 276.392546][ C0] ? default_do_nmi+0x63/0x160 [ 276.392572][ C0] ? exc_nmi+0x123/0x1f0 [ 276.392597][ C0] ? end_repeat_nmi+0xf/0x53 [ 276.392621][ C0] ? __lock_acquire+0xc8b/0x2050 [ 276.392646][ C0] ? kasan_check_range+0x1b7/0x290 [ 276.392666][ C0] ? kasan_check_range+0x1b7/0x290 [ 276.392686][ C0] ? kasan_check_range+0x1b7/0x290 [ 276.392717][ C0] [ 276.392723][ C0] [ 276.392730][ C0] __lock_acquire+0xc8b/0x2050 [ 276.392759][ C0] lock_acquire+0x1ed/0x550 [ 276.392782][ C0] ? batadv_nc_purge_paths+0xe8/0x3b0 [ 276.392803][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 276.392827][ C0] ? __local_bh_disable_ip+0x187/0x220 [ 276.392854][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 276.392872][ C0] ? batadv_nc_purge_paths+0xe8/0x3b0 [ 276.392889][ C0] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 276.392910][ C0] ? __local_bh_enable_ip+0x168/0x200 [ 276.392931][ C0] ? batadv_nc_purge_paths+0x312/0x3b0 [ 276.392948][ C0] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 276.392971][ C0] ? batadv_nc_purge_paths+0xe8/0x3b0 [ 276.392988][ C0] _raw_spin_lock_bh+0x35/0x50 [ 276.393006][ C0] ? batadv_nc_purge_paths+0xe8/0x3b0 [ 276.393022][ C0] ? __pfx_batadv_nc_to_purge_nc_path_coding+0x10/0x10 [ 276.393041][ C0] batadv_nc_purge_paths+0xe8/0x3b0 [ 276.393082][ C0] batadv_nc_worker+0x328/0x610 [ 276.393098][ C0] ? batadv_nc_worker+0xcb/0x610 [ 276.393114][ C0] ? process_scheduled_works+0x976/0x1850 [ 276.393139][ C0] process_scheduled_works+0xa63/0x1850 [ 276.393172][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 276.393198][ C0] ? assign_work+0x364/0x3d0 [ 276.393226][ C0] worker_thread+0x870/0xd30 [ 276.393252][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 276.393273][ C0] ? __kthread_parkme+0x169/0x1d0 [ 276.393298][ C0] ? __pfx_worker_thread+0x10/0x10 [ 276.393322][ C0] kthread+0x2f0/0x390 [ 276.393337][ C0] ? __pfx_worker_thread+0x10/0x10 [ 276.393360][ C0] ? __pfx_kthread+0x10/0x10 [ 276.393376][ C0] ret_from_fork+0x4b/0x80 [ 276.393400][ C0] ? __pfx_kthread+0x10/0x10 [ 276.393415][ C0] ret_from_fork_asm+0x1a/0x30 [ 276.393445][ C0] [ 276.396759][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 276.796637][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.11.0-syzkaller-10669-g11a299a7933e #0 [ 276.806814][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 276.816895][ T31] Call Trace: [ 276.820181][ T31] [ 276.823114][ T31] dump_stack_lvl+0x241/0x360 [ 276.827815][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 276.833015][ T31] ? __pfx__printk+0x10/0x10 [ 276.837691][ T31] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 276.843791][ T31] ? vscnprintf+0x5d/0x90 [ 276.848130][ T31] panic+0x349/0x880 [ 276.852044][ T31] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 276.858259][ T31] ? __pfx_panic+0x10/0x10 [ 276.863025][ T31] ? tick_nohz_tick_stopped+0x82/0xb0 [ 276.868398][ T31] ? __irq_work_queue_local+0x137/0x410 [ 276.873965][ T31] ? preempt_schedule_thunk+0x1a/0x30 [ 276.879336][ T31] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 276.885699][ T31] ? nmi_trigger_cpumask_backtrace+0x2d4/0x320 [ 276.891950][ T31] ? nmi_trigger_cpumask_backtrace+0x2d9/0x320 [ 276.898211][ T31] watchdog+0x1033/0x1040 [ 276.902659][ T31] ? watchdog+0x1ea/0x1040 [ 276.907229][ T31] ? __pfx_watchdog+0x10/0x10 [ 276.912181][ T31] kthread+0x2f0/0x390 [ 276.916252][ T31] ? __pfx_watchdog+0x10/0x10 [ 276.920945][ T31] ? __pfx_kthread+0x10/0x10 [ 276.925535][ T31] ret_from_fork+0x4b/0x80 [ 276.929963][ T31] ? __pfx_kthread+0x10/0x10 [ 276.934553][ T31] ret_from_fork_asm+0x1a/0x30 [ 276.939349][ T31] [ 276.942648][ T31] Kernel Offset: disabled [ 276.947278][ T31] Rebooting in 86400 seconds..