last executing test programs: 3m2.459697682s ago: executing program 1 (id=559): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000000)='(!\xef(.(\\-]\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000016000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, 0x0}], 0x1, 0x4e, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000180)={0x0, 0xd000}) syz_emit_ethernet(0x3e, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa0f7f"], 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2m59.250014768s ago: executing program 1 (id=567): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, 0x0, &(0x7f0000001700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x9}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='mmap_lock_acquire_returned\x00', r0}, 0x10) munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) shmat(0x0, &(0x7f0000001000/0x3000)=nil, 0x0) 2m58.899397683s ago: executing program 1 (id=572): bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, &(0x7f0000000140)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x4000885}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x80, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/114, 0xffffff44}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r2, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 2m58.360848107s ago: executing program 2 (id=579): pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) write(r1, &(0x7f0000000240)="94", 0x1) vmsplice(r2, &(0x7f0000000380)=[{&(0x7f0000013580)="0dd2e7c8926dc6acd0ae6c178054e95986faff9544de5fc4c30adf404da41181a77466ac5075905ea5f50134fdd517a957fe2ee59b61f9fe8d7aabe595ea23de2723e437af0423a56686a4c2d957be1a0ab922fbbd3cb1d8c6ab0d58440a327c8eb05d445b4ac5f20abe449e4084f8b996268d0564f67980d3ed3479e0edfe5cec7b4f89bface391c9c4c58ad123b91c33173c72326d1df18804a9ea20f9ece48f784d8ca2318e3d2b316666b5dfb7295c4915989d5bcb120e8fedaa97b93a137c256ce4", 0x20013644}, {&(0x7f0000013680)="c578381bf5113dad8319d9ea5294285ae9a90384ce23866477bef9de4399237d8b3522c9c194e71edaf3332a2f169682f9d8fa271683d4d441b710409e506333e0c3b64e52e8720734b6787f4a84f5bebb046649c6c697d978affd349031b2cd874c7a8961a586a9f2d62f945e7a5bf2f5f7a31684c0503704881d2578a2a98ac3ef4e4a4b0dcdb70db735d5c1652eed3848b2dd4131bb0eb7cfadfaf5", 0x9d}], 0x2, 0x0) tee(r0, r2, 0x8f5, 0x100000000000000) 2m58.188075473s ago: executing program 1 (id=583): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000e00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000200)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) fcntl$notify(r1, 0x402, 0x30) setxattr$system_posix_acl(&(0x7f0000000140)='./file0\x00', &(0x7f0000002b80)='system.posix_acl_access\x00', &(0x7f0000000280)=ANY=[@ANYBLOB="02000000010007000000f8ff0300000000000000100006000000000020000400000000b1a927760ce88031defc32d2a4189302ebc8020a121ce1123dfc933c015811f890c949337e9485e4a4ea1e94349ba74658b1025375c279937851472c66515b1acd213adf313d0629804fdf55a4ebf5d525b87e7cc930b6e042584cf4693970710f79d53914241309b0eb618b212daf6c11a2b432708056d24f22fc6f0ce836c1af29acbec17b7fefdc00e62b48417a380da5e9ce84891195b2c15d0d7e89ce44903c2fc7ca"], 0x4, 0x3) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r0}, 0xc) 2m57.856750992s ago: executing program 1 (id=588): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x9, 0x3, 0x10004, 0x5}, 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000001c00)={{r0}, &(0x7f0000000b40), &(0x7f0000001bc0)='%pK \x00'}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd850000002d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r1}, 0x10) 2m57.626001835s ago: executing program 1 (id=590): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000200)={'syzkaller0\x00', @link_local}) write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="7bedcb5d07081196f37538e486dd6372ce22667f2b00dbf6e9617a5f2b5f367158cf474f58bbcfe8875afdef00010000000029fe534962623e"], 0x66) 2m57.315371813s ago: executing program 2 (id=592): syz_emit_ethernet(0x99, &(0x7f0000000000)={@multicast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "081f20", 0x63, 0x3a, 0xff, @dev={0xfe, 0x80, '\x00', 0x20}, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, [{0x0, 0x5, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad9648926974"}, {0x0, 0x1, "020000000400000126000400"}, {0x18, 0x1, '\x00\x00\x00\x00\x00\x00'}, {0x18, 0x2, "7c5fedeead5d05b87f9a168ce9fa5053c7"}]}}}}}}, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCXONC(r0, 0x540a, 0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCSETSW2(r1, 0x402c542c, &(0x7f00000000c0)={0xfffffff8, 0x0, 0xfffbfffd, 0x981, 0x47, "0441920887e8d2b791f19dd026d76d7fcb3678", 0x4, 0x200}) 2m57.088372329s ago: executing program 2 (id=596): r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="802c00007010110028001280110001006272696467655f736c61766500000000100005800800030004"], 0x48}}, 0x40050) 2m56.946786902s ago: executing program 2 (id=598): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000e00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000200)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) fcntl$notify(r1, 0x402, 0x30) setxattr$system_posix_acl(&(0x7f0000000140)='./file0\x00', &(0x7f0000002b80)='system.posix_acl_access\x00', &(0x7f0000000280)=ANY=[@ANYBLOB="02000000010007000000f8ff0300000000000000100006000000000020000400000000b1a927760ce88031defc32d2a4189302ebc8020a121ce1123dfc933c015811f890c949337e9485e4a4ea1e94349ba74658b1025375c279937851472c66515b1acd213adf313d0629804fdf55a4ebf5d525b87e7cc930b6e042584cf4693970710f79d53914241309b0eb618b212daf6c11a2b432708056d24f22fc6f0ce836c1af29acbec17b7fefdc00e62b48417a380da5e9ce84891195b2c15d0d7e89ce44903c2fc7ca"], 0x4, 0x3) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r0}, 0xc) 2m56.772817395s ago: executing program 2 (id=599): mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_BIND_IP(0xffffffffffffffff, &(0x7f0000000500)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e20, 0x8, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x1}}}, 0x30) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r2, 0x0, r3, 0x0, 0xf3a, 0x0) splice(0xffffffffffffffff, 0x0, r3, 0x0, 0x80, 0x4) timer_settime(r1, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 2m55.772851832s ago: executing program 2 (id=608): r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="48000000100009040000", @ANYRES32=r2, @ANYBLOB="802c00007010110028001280110001006272696467655f736c61766500000000100005800800030004"], 0x48}}, 0x40050) 2m42.200874996s ago: executing program 32 (id=590): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000200)={'syzkaller0\x00', @link_local}) write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="7bedcb5d07081196f37538e486dd6372ce22667f2b00dbf6e9617a5f2b5f367158cf474f58bbcfe8875afdef00010000000029fe534962623e"], 0x66) 2m40.609901479s ago: executing program 33 (id=608): r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="48000000100009040000", @ANYRES32=r2, @ANYBLOB="802c00007010110028001280110001006272696467655f736c61766500000000100005800800030004"], 0x48}}, 0x40050) 1m18.149407429s ago: executing program 4 (id=1146): socket$netlink(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) setsockopt$inet_sctp_SCTP_AUTOCLOSE(0xffffffffffffffff, 0x84, 0x4, &(0x7f0000000080)=0x10000, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='mnt/encrypted_dir\x00', 0x120) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000d00)=ANY=[], 0xff2e) madvise(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xc7104133aadc6813) madvise(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x15) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) r4 = dup(r3) getrlimit(0xe, &(0x7f0000000040)) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000100)=[@in6={0xa, 0x4e24, 0x6, @empty}], 0x1c) sendmsg$inet6(r3, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043) r5 = dup(r3) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000000)='ip6gretap0\x00', 0x10) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e22, @empty}}, 0x8003, 0x1, 0xe652, 0x2, 0x4, 0x8, 0xff}, 0x9c) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0xce20, 0x6, @empty, 0x2d}}, 0x7, 0x1, 0xf06, 0x3, 0xb4, 0x7f, 0x9}, 0x9c) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e60, 0xeffffff2, @empty, 0x5}}, 0x10001fc, 0x6, 0xffff1896, 0x3, 0x26, 0xffffffb9, 0x1a}, 0x9c) 1m17.102449941s ago: executing program 4 (id=1149): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e21, 0x5, @ipv4={'\x00', '\xff\xff', @empty}, 0x4}, 0x1c) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x659, @empty, 0xff}, 0x1c) setsockopt$inet6_udp_int(r0, 0x11, 0xa, &(0x7f0000000040)=0x7, 0x4) r1 = fcntl$dupfd(r0, 0x406, r0) write$cgroup_pid(r1, 0x0, 0x0) poll(&(0x7f0000000000), 0x20000000000000b5, 0x9) 1m16.679052732s ago: executing program 4 (id=1152): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x3, 0x4, 0x4, 0x10001, 0x4}, 0x50) 1m16.267979114s ago: executing program 4 (id=1154): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(r0, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc}) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2) ioctl$KVM_SET_MP_STATE(r1, 0x4004ae99, &(0x7f0000000100)=0x4) ioctl$KVM_RUN(r1, 0xae80, 0x0) 1m15.619605556s ago: executing program 4 (id=1160): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40001}, 0x4040850) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWCHAIN={0x48, 0x3, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x3cb140bb}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x4}]}, @NFTA_CHAIN_POLICY={0x8}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r1, &(0x7f0000004880)=[{{&(0x7f0000002180)={0xa, 0x4e21, 0x8, @local, 0x8}, 0x1c, 0x0}}], 0x1, 0x240880d1) 1m13.971612826s ago: executing program 5 (id=1163): pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r2, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) write(r1, &(0x7f0000000240)="94", 0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000380)=[{&(0x7f0000013580)="0dd2e7c8926dc6acd0ae6c178054e95986faff9544de5fc4c30adf404da41181a77466ac5075905ea5f50134fdd517a957fe2ee59b61f9fe8d7aabe595ea23de2723e437af0423a56686a4c2d957be1a0ab922fbbd3cb1d8c6ab0d58440a327c8eb05d445b4ac5f20abe449e4084f8b996268d0564f67980d3ed3479e0edfe5cec7b4f89bface391c9c4c58ad123b91c33173c72326d1df18804a9ea20f9ece48f784d8ca2318e3d2b316666b5dfb7295c4915989d5bcb120e8fedaa97b93a137c256ce4", 0x20013644}, {&(0x7f0000013680)="c578381bf5113dad8319d9ea5294285ae9a90384ce23866477bef9de4399237d8b3522c9c194e71edaf3332a2f169682f9d8fa271683d4d441b710409e506333e0c3b64e52e8720734b6787f4a84f5bebb046649c6c697d978affd349031b2cd874c7a8961a586a9f2d62f945e7a5bf2f5f7a31684c0503704881d2578a2a98ac3ef4e4a4b0dcdb70db735d5c1652eed3848b2dd4131bb0eb7cfadfaf5", 0x9d}], 0x2, 0x0) tee(r0, 0xffffffffffffffff, 0x8f5, 0x100000000000000) 1m11.899486306s ago: executing program 4 (id=1166): r0 = userfaultfd(0x80001) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x2000009, 0x32, 0xffffffffffffffff, 0x91c6b000) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000002c0)={0xaa, 0x100}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000480)=[@textreal={0x8, 0x0}], 0x1, 0x1, 0x0, 0x0) readv(r0, &(0x7f00000001c0)=[{&(0x7f0000000340)=""/114, 0x72}], 0x1) syz_open_dev$evdev(&(0x7f0000002f80), 0x3, 0x484000) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000000000)={&(0x7f0000000000/0x800000)=nil, 0x800000}) 1m10.79285503s ago: executing program 5 (id=1167): munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000340)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@func_proto]}}, &(0x7f0000000f40)=""/4104, 0x26, 0x1008, 0x1}, 0x28) 1m7.649753989s ago: executing program 5 (id=1170): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(r0, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc}) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2) ioctl$KVM_SET_MP_STATE(r1, 0x4004ae99, &(0x7f0000000100)=0x4) ioctl$KVM_RUN(r1, 0xae80, 0x0) 1m5.978902165s ago: executing program 5 (id=1174): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e21, 0x5, @ipv4={'\x00', '\xff\xff', @empty}, 0x4}, 0x1c) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x659, @empty, 0xff}, 0x1c) setsockopt$inet6_udp_int(r0, 0x11, 0xa, &(0x7f0000000040)=0x7, 0x4) r1 = fcntl$dupfd(r0, 0x406, r0) write$cgroup_pid(r1, 0x0, 0x0) poll(&(0x7f0000000000), 0x20000000000000b5, 0x9) 1m4.816470336s ago: executing program 5 (id=1176): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x2c, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x54}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETRULE(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)={0x20, 0x7, 0xa, 0x201, 0x0, 0x0, {0xa, 0x0, 0x4001}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x20040850}, 0x44054) 1m4.567395667s ago: executing program 0 (id=1178): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x16, 0xe, &(0x7f0000001480)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d55906000000000f0000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd8000000000000080231c61ccd106cb937b450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e1179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9ccd5788029901e5a79d8b9990ace8f74087f25ad50c4608800"/686], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000340)}, 0x42) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xb, 0x0, &(0x7f0000000040)="05804ab382844306d758e6", 0x0, 0x12c4, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1m1.246024386s ago: executing program 5 (id=1181): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x2400, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0xd, 0xfffffffb, 0x7fffffff}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084) sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)=@newqdisc={0x58, 0x28, 0x4ee4e6a52ff56541, 0x5001, 0xfffffdfc, {0x0, 0x0, 0x0, r3, {0x3}, {0x0, 0xfff1}, {0x2, 0x9}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x0, 0xdb, 0x7ff, 0x2, 0x9, 0x6, 0x2, 0xfffffffb, 0xc00000}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x40098}, 0x4000000) close(r0) 1m1.245765019s ago: executing program 0 (id=1182): timer_create(0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000004018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000d00000001"], 0x48) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xe, 0x4, 0x8, 0x7}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r1}, 0x10) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) 1m0.441199897s ago: executing program 3 (id=1183): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_procs(r0, 0x0, 0x2, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000240)='hugetlb.2MB.max_usage_in_bytes\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f00000001c0)=0x2fb, 0x12) 1m0.228417037s ago: executing program 0 (id=1184): r0 = syz_clone(0x80, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x4206, r0) tkill(r0, 0xf) 58.073922869s ago: executing program 3 (id=1186): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e21, 0x5, @ipv4={'\x00', '\xff\xff', @empty}, 0x4}, 0x1c) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x659, @empty, 0xff}, 0x1c) setsockopt$inet6_udp_int(r0, 0x11, 0xa, &(0x7f0000000040)=0x7, 0x4) r1 = fcntl$dupfd(r0, 0x406, r0) write$cgroup_pid(r1, &(0x7f0000000240), 0xfdef) poll(0x0, 0x0, 0x9) 56.237733442s ago: executing program 0 (id=1187): r0 = syz_open_dev$ttys(0xc, 0x2, 0x1) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000000)=0x100) r1 = syz_open_dev$ptys(0xc, 0x3, 0x1) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000080)=0x3) ppoll(&(0x7f0000000040), 0x0, 0x0, &(0x7f0000000100)={[0xffff]}, 0x8) 55.773316984s ago: executing program 34 (id=1166): r0 = userfaultfd(0x80001) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x2000009, 0x32, 0xffffffffffffffff, 0x91c6b000) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000002c0)={0xaa, 0x100}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000480)=[@textreal={0x8, 0x0}], 0x1, 0x1, 0x0, 0x0) readv(r0, &(0x7f00000001c0)=[{&(0x7f0000000340)=""/114, 0x72}], 0x1) syz_open_dev$evdev(&(0x7f0000002f80), 0x3, 0x484000) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000000000)={&(0x7f0000000000/0x800000)=nil, 0x800000}) 53.496987273s ago: executing program 3 (id=1189): r0 = socket(0xa, 0x5, 0x0) listen(r0, 0x100) sendmsg$inet_sctp(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x4855}, 0x4008850) 53.301934385s ago: executing program 0 (id=1191): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x16, 0xe, &(0x7f0000001480)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d55906000000000f0000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd8000000000000080231c61ccd106cb937b450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e1179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9ccd5788029901e5a79d8b9990ace8f74087f25ad50c4608800"/686], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000340)}, 0x42) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xd, 0x0, &(0x7f0000000040)="05804ab382844306d758e620b9", 0x0, 0x12c4, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 52.918224159s ago: executing program 3 (id=1192): socket$inet_sctp(0x2, 0x5, 0x84) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080), 0x1c0002, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0xffffffffffffff2c}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0x4fee, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7}) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0200000004"], 0x48) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 52.307280516s ago: executing program 0 (id=1193): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000740), 0x20001, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x0, {0x2, 0x4f23, @local}, {0x2, 0x4e25, @rand_addr=0x64010100}, {0x2, 0x4e24, @broadcast}, 0x1d7, 0x0, 0x0, 0x0, 0x6, 0x0, 0xe, 0xffffffffbffffff8, 0xc3}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000016000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, 0x0}], 0x1, 0x55, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 50.205513862s ago: executing program 3 (id=1195): capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x481}) r0 = syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x9840) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000040)={0x53, 0xffffffffffffffff, 0x6, 0x1, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000380)="259374c94982", 0x0, 0x0, 0x14, 0x0, 0x0}) 48.684650002s ago: executing program 3 (id=1197): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000001c0)={{{@in6=@private2, @in=@multicast2, 0x4e22, 0x20, 0x1, 0x0, 0xa}, {0x0, 0xfffffffffffffffb, 0x400000000, 0x800000004, 0x0, 0x6, 0x0, 0xffffffff}, {}, 0xfffffffd, 0xa}, {{@in6=@mcast1, 0xffffff7f, 0x62}, 0x0, @in=@dev={0xac, 0x14, 0x14, 0x30}, 0x3507, 0x0, 0x3, 0x0, 0xfffffffe, 0x4000000}}, 0xe8) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_CAP_X2APIC_API(r1, 0x4068aea3, &(0x7f0000002a80)={0x81, 0x0, 0x3}) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000300)={0x2, 0x0, @ioapic={0xeeee0000, 0x8, 0xba2, 0x8c5f, 0x0, [{0x46, 0x8, 0x1}, {0x2, 0x29, 0x6, '\x00', 0xf8}, {0x60, 0x3, 0x0, '\x00', 0xbd}, {0x7, 0x4, 0x9, '\x00', 0xd}, {0x5, 0x4, 0x4, '\x00', 0x5}, {0x3, 0x40, 0x71, '\x00', 0x2}, {0x7, 0x7, 0xfd, '\x00', 0xf9}, {0x7, 0xc5, 0x1, '\x00', 0x5}, {0x7, 0xfb, 0x3, '\x00', 0x2}, {0xfe, 0x1, 0x6, '\x00', 0x4}, {0x1, 0x4e, 0x0, '\x00', 0x2}, {0x9, 0x30, 0x5, '\x00', 0x3}, {0xfa, 0x0, 0x8, '\x00', 0x7}, {0x80, 0x2, 0x80, '\x00', 0x4}, {0x1, 0x8, 0x3, '\x00', 0x6}, {0x7, 0xf1, 0x6, '\x00', 0x4}, {0x2, 0x7, 0x8, '\x00', 0x3}, {0x4, 0x6, 0x9, '\x00', 0x48}, {0x90, 0x0, 0x81, '\x00', 0x6}, {0xa, 0xff, 0x5}, {0x0, 0x4, 0x3, '\x00', 0x6a}, {0x7, 0x35, 0x7a, '\x00', 0x7}, {0x4, 0x7, 0x5, '\x00', 0xf}, {0x8, 0x2, 0x62, '\x00', 0x1}]}}) 45.195229148s ago: executing program 35 (id=1181): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x2400, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0xd, 0xfffffffb, 0x7fffffff}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084) sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)=@newqdisc={0x58, 0x28, 0x4ee4e6a52ff56541, 0x5001, 0xfffffdfc, {0x0, 0x0, 0x0, r3, {0x3}, {0x0, 0xfff1}, {0x2, 0x9}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x0, 0xdb, 0x7ff, 0x2, 0x9, 0x6, 0x2, 0xfffffffb, 0xc00000}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x40098}, 0x4000000) close(r0) 35.546948057s ago: executing program 36 (id=1193): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000740), 0x20001, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x0, {0x2, 0x4f23, @local}, {0x2, 0x4e25, @rand_addr=0x64010100}, {0x2, 0x4e24, @broadcast}, 0x1d7, 0x0, 0x0, 0x0, 0x6, 0x0, 0xe, 0xffffffffbffffff8, 0xc3}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000016000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, 0x0}], 0x1, 0x55, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 33.585640521s ago: executing program 6 (id=1203): timer_create(0x2, 0x0, &(0x7f0000bbdffc)) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000d00000001"], 0x48) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xe, 0x4, 0x8, 0x7}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r1}, 0x10) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) 32.274149862s ago: executing program 37 (id=1197): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000001c0)={{{@in6=@private2, @in=@multicast2, 0x4e22, 0x20, 0x1, 0x0, 0xa}, {0x0, 0xfffffffffffffffb, 0x400000000, 0x800000004, 0x0, 0x6, 0x0, 0xffffffff}, {}, 0xfffffffd, 0xa}, {{@in6=@mcast1, 0xffffff7f, 0x62}, 0x0, @in=@dev={0xac, 0x14, 0x14, 0x30}, 0x3507, 0x0, 0x3, 0x0, 0xfffffffe, 0x4000000}}, 0xe8) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_CAP_X2APIC_API(r1, 0x4068aea3, &(0x7f0000002a80)={0x81, 0x0, 0x3}) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000300)={0x2, 0x0, @ioapic={0xeeee0000, 0x8, 0xba2, 0x8c5f, 0x0, [{0x46, 0x8, 0x1}, {0x2, 0x29, 0x6, '\x00', 0xf8}, {0x60, 0x3, 0x0, '\x00', 0xbd}, {0x7, 0x4, 0x9, '\x00', 0xd}, {0x5, 0x4, 0x4, '\x00', 0x5}, {0x3, 0x40, 0x71, '\x00', 0x2}, {0x7, 0x7, 0xfd, '\x00', 0xf9}, {0x7, 0xc5, 0x1, '\x00', 0x5}, {0x7, 0xfb, 0x3, '\x00', 0x2}, {0xfe, 0x1, 0x6, '\x00', 0x4}, {0x1, 0x4e, 0x0, '\x00', 0x2}, {0x9, 0x30, 0x5, '\x00', 0x3}, {0xfa, 0x0, 0x8, '\x00', 0x7}, {0x80, 0x2, 0x80, '\x00', 0x4}, {0x1, 0x8, 0x3, '\x00', 0x6}, {0x7, 0xf1, 0x6, '\x00', 0x4}, {0x2, 0x7, 0x8, '\x00', 0x3}, {0x4, 0x6, 0x9, '\x00', 0x48}, {0x90, 0x0, 0x81, '\x00', 0x6}, {0xa, 0xff, 0x5}, {0x0, 0x4, 0x3, '\x00', 0x6a}, {0x7, 0x35, 0x7a, '\x00', 0x7}, {0x4, 0x7, 0x5, '\x00', 0xf}, {0x8, 0x2, 0x62, '\x00', 0x1}]}}) 28.482709965s ago: executing program 6 (id=1205): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'macvtap0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x170, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x28, 0x1ff, 0x2, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@uncond, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x9, 0x0, 0x41, 0x0, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528) syz_emit_ethernet(0x5e, &(0x7f0000002200)=ANY=[], 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@newlink={0x50, 0x10, 0xffffffffffffffff, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0xc6da5938055fa6fd, 0x21}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvtap={{0xc}, {0x4}}}, @IFLA_MTU={0x8, 0x4, 0xff}, @IFLA_LINK={0x8, 0x5, r1}, @IFLA_ADDRESS={0xa, 0x1, @local}]}, 0x50}, 0x1, 0x0, 0x0, 0x51}, 0x2000c000) 23.475320736s ago: executing program 6 (id=1206): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x10, 0x7fff0000}]}) r0 = gettid() r1 = getpid() rt_tgsigqueueinfo(r1, r0, 0x5, 0x0) 19.339084333s ago: executing program 6 (id=1207): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f0000000040)=0x2, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) getdents(0xffffffffffffffff, 0x0, 0x0) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) connect$inet(r0, &(0x7f00000000c0)={0x2, 0x6e20, @local}, 0x10) 15.99584597s ago: executing program 6 (id=1208): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40300, 0x0) ioctl$KVM_GET_MSRS_sys(r0, 0xc008ae88, &(0x7f0000000080)={0x1, 0x0, [{0x48d, 0x0, 0x73}]}) 15.740813272s ago: executing program 6 (id=1209): sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000", @ANYRES16], 0x1c}, 0x1, 0x0, 0x0, 0x8041}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) 0s ago: executing program 38 (id=1209): sendmsg$NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000", @ANYRES16], 0x1c}, 0x1, 0x0, 0x0, 0x8041}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.122' (ED25519) to the list of known hosts. [ 87.353201][ T5795] cgroup: Unknown subsys name 'net' [ 87.592851][ T5795] cgroup: Unknown subsys name 'cpuset' [ 87.647559][ T5795] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 89.640118][ T5795] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 92.180796][ T10] cfg80211: failed to load regulatory.db [ 92.652213][ T5808] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 92.655062][ T5808] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 92.657733][ T5808] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 92.681065][ T5808] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 92.682944][ T5808] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 92.704822][ T5808] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 92.724457][ T5808] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 92.729121][ T5808] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 92.731182][ T5808] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 92.740676][ T5808] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 92.824358][ T5813] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 92.839261][ T5813] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 92.840477][ T5813] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 92.842343][ T5813] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 92.843188][ T5813] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 92.868109][ T5821] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 92.872447][ T5821] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 92.874053][ T5821] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 92.876599][ T5821] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 92.880577][ T5813] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 92.881724][ T5813] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 92.882429][ T5821] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 92.882580][ T5821] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 92.884694][ T5813] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 92.887092][ T5821] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 93.906213][ T5806] chnl_net:caif_netlink_parms(): no params data found [ 94.088815][ T5810] chnl_net:caif_netlink_parms(): no params data found [ 94.142358][ T5812] chnl_net:caif_netlink_parms(): no params data found [ 94.149959][ T5807] chnl_net:caif_netlink_parms(): no params data found [ 94.173101][ T5816] chnl_net:caif_netlink_parms(): no params data found [ 94.728231][ T5806] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.728340][ T5806] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.728818][ T5806] bridge_slave_0: entered allmulticast mode [ 94.731032][ T5806] bridge_slave_0: entered promiscuous mode [ 94.777778][ T5806] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.777910][ T5806] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.778047][ T5806] bridge_slave_1: entered allmulticast mode [ 94.779977][ T5806] bridge_slave_1: entered promiscuous mode [ 94.799079][ T5124] Bluetooth: hci0: command tx timeout [ 94.799318][ T5821] Bluetooth: hci1: command tx timeout [ 94.877046][ T5821] Bluetooth: hci2: command tx timeout [ 94.958485][ T5821] Bluetooth: hci4: command tx timeout [ 94.967492][ T5821] Bluetooth: hci3: command tx timeout [ 95.377972][ T5810] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.379136][ T5810] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.379510][ T5810] bridge_slave_0: entered allmulticast mode [ 95.381472][ T5810] bridge_slave_0: entered promiscuous mode [ 95.451628][ T5806] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 95.670650][ T5810] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.670767][ T5810] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.670930][ T5810] bridge_slave_1: entered allmulticast mode [ 95.672848][ T5810] bridge_slave_1: entered promiscuous mode [ 95.740629][ T5806] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.744335][ T5812] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.744467][ T5812] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.744680][ T5812] bridge_slave_0: entered allmulticast mode [ 95.749145][ T5812] bridge_slave_0: entered promiscuous mode [ 95.782145][ T5807] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.782274][ T5807] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.782842][ T5807] bridge_slave_0: entered allmulticast mode [ 95.784875][ T5807] bridge_slave_0: entered promiscuous mode [ 95.898187][ T5816] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.898296][ T5816] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.898429][ T5816] bridge_slave_0: entered allmulticast mode [ 95.900351][ T5816] bridge_slave_0: entered promiscuous mode [ 95.987915][ T5812] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.988204][ T5812] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.988344][ T5812] bridge_slave_1: entered allmulticast mode [ 95.990265][ T5812] bridge_slave_1: entered promiscuous mode [ 95.991885][ T5807] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.992000][ T5807] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.992334][ T5807] bridge_slave_1: entered allmulticast mode [ 95.994262][ T5807] bridge_slave_1: entered promiscuous mode [ 96.148167][ T5816] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.148299][ T5816] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.148481][ T5816] bridge_slave_1: entered allmulticast mode [ 96.150725][ T5816] bridge_slave_1: entered promiscuous mode [ 96.416625][ T5810] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.509673][ T5806] team0: Port device team_slave_0 added [ 96.650726][ T5810] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.720289][ T5806] team0: Port device team_slave_1 added [ 96.724330][ T5812] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.729136][ T5807] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.811197][ T5816] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.877048][ T5124] Bluetooth: hci0: command tx timeout [ 96.877087][ T5821] Bluetooth: hci1: command tx timeout [ 96.901292][ T5812] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.903826][ T5807] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.957045][ T5821] Bluetooth: hci2: command tx timeout [ 96.976095][ T5816] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.037029][ T5821] Bluetooth: hci4: command tx timeout [ 97.037066][ T5821] Bluetooth: hci3: command tx timeout [ 97.259721][ T5810] team0: Port device team_slave_0 added [ 97.659460][ T5806] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 97.659475][ T5806] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 97.659494][ T5806] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 97.840289][ T5810] team0: Port device team_slave_1 added [ 97.919194][ T5806] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 97.919213][ T5806] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 97.919239][ T5806] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 97.921325][ T5812] team0: Port device team_slave_0 added [ 97.924651][ T5807] team0: Port device team_slave_0 added [ 98.019572][ T5816] team0: Port device team_slave_0 added [ 98.039464][ T5812] team0: Port device team_slave_1 added [ 98.041647][ T5807] team0: Port device team_slave_1 added [ 98.129867][ T5816] team0: Port device team_slave_1 added [ 98.288596][ T5810] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 98.288614][ T5810] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 98.288633][ T5810] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 98.488871][ T5810] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 98.488890][ T5810] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 98.488917][ T5810] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 98.748969][ T5812] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 98.748989][ T5812] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 98.749010][ T5812] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 98.750249][ T5807] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 98.750264][ T5807] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 98.750299][ T5807] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 98.762031][ T5816] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 98.762052][ T5816] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 98.762083][ T5816] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 98.891281][ T5812] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 98.891298][ T5812] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 98.891325][ T5812] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 98.892577][ T5807] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 98.892595][ T5807] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 98.892614][ T5807] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 98.895449][ T5816] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 98.895461][ T5816] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 98.895480][ T5816] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 98.919714][ T5806] hsr_slave_0: entered promiscuous mode [ 98.921813][ T5806] hsr_slave_1: entered promiscuous mode [ 98.957669][ T5124] Bluetooth: hci1: command tx timeout [ 98.957710][ T5124] Bluetooth: hci0: command tx timeout [ 99.037512][ T5821] Bluetooth: hci2: command tx timeout [ 99.117018][ T5821] Bluetooth: hci3: command tx timeout [ 99.117055][ T5821] Bluetooth: hci4: command tx timeout [ 99.384040][ T5810] hsr_slave_0: entered promiscuous mode [ 99.385083][ T5810] hsr_slave_1: entered promiscuous mode [ 99.385882][ T5810] debugfs: 'hsr0' already exists in 'hsr' [ 99.385981][ T5810] Cannot create hsr debugfs directory [ 99.704315][ T5812] hsr_slave_0: entered promiscuous mode [ 99.705369][ T5812] hsr_slave_1: entered promiscuous mode [ 99.706049][ T5812] debugfs: 'hsr0' already exists in 'hsr' [ 99.706073][ T5812] Cannot create hsr debugfs directory [ 99.794598][ T5807] hsr_slave_0: entered promiscuous mode [ 99.795623][ T5807] hsr_slave_1: entered promiscuous mode [ 99.796330][ T5807] debugfs: 'hsr0' already exists in 'hsr' [ 99.796352][ T5807] Cannot create hsr debugfs directory [ 99.914291][ T5816] hsr_slave_0: entered promiscuous mode [ 99.915353][ T5816] hsr_slave_1: entered promiscuous mode [ 99.916040][ T5816] debugfs: 'hsr0' already exists in 'hsr' [ 99.916065][ T5816] Cannot create hsr debugfs directory [ 101.037108][ T5124] Bluetooth: hci0: command tx timeout [ 101.037146][ T5124] Bluetooth: hci1: command tx timeout [ 101.117119][ T5821] Bluetooth: hci2: command tx timeout [ 101.197079][ T5124] Bluetooth: hci3: command tx timeout [ 101.197126][ T5821] Bluetooth: hci4: command tx timeout [ 101.301099][ T5806] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 101.349235][ T5806] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 101.393002][ T5806] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 101.451112][ T5806] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 101.575853][ T5810] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 101.605927][ T5810] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 101.645135][ T5810] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 101.702206][ T5810] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 101.837956][ T5812] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 101.880445][ T5812] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 101.916132][ T5812] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 101.970967][ T5812] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 102.119415][ T5807] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 102.171599][ T5807] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 102.210446][ T5807] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 102.262889][ T5807] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 102.370388][ T5806] 8021q: adding VLAN 0 to HW filter on device bond0 [ 102.412602][ T5816] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 102.454726][ T5816] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 102.500865][ T5816] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 102.535602][ T5816] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 102.599420][ T5806] 8021q: adding VLAN 0 to HW filter on device team0 [ 102.643077][ T5810] 8021q: adding VLAN 0 to HW filter on device bond0 [ 102.654759][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.655289][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 102.699251][ T3033] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.699458][ T3033] bridge0: port 2(bridge_slave_1) entered forwarding state [ 102.760282][ T5810] 8021q: adding VLAN 0 to HW filter on device team0 [ 102.800633][ T3033] bridge0: port 1(bridge_slave_0) entered blocking state [ 102.800784][ T3033] bridge0: port 1(bridge_slave_0) entered forwarding state [ 102.841430][ T5812] 8021q: adding VLAN 0 to HW filter on device bond0 [ 102.846297][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 102.846412][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 102.957050][ T5812] 8021q: adding VLAN 0 to HW filter on device team0 [ 102.981936][ T5807] 8021q: adding VLAN 0 to HW filter on device bond0 [ 103.005091][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.005235][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.055203][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.056164][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 103.142026][ T5807] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.166015][ T5816] 8021q: adding VLAN 0 to HW filter on device bond0 [ 103.198439][ T1410] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.198592][ T1410] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.262851][ T1124] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.263056][ T1124] bridge0: port 2(bridge_slave_1) entered forwarding state [ 103.310014][ T5816] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.362256][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.362417][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.405617][ T1124] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.414353][ T1124] bridge0: port 2(bridge_slave_1) entered forwarding state [ 103.525257][ T5806] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 103.689510][ T5810] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 103.844074][ T5806] veth0_vlan: entered promiscuous mode [ 103.886652][ T5812] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 103.930193][ T5806] veth1_vlan: entered promiscuous mode [ 104.037827][ T5810] veth0_vlan: entered promiscuous mode [ 104.127548][ T5810] veth1_vlan: entered promiscuous mode [ 104.211819][ T5806] veth0_macvtap: entered promiscuous mode [ 104.234179][ T5807] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 104.253258][ T5806] veth1_macvtap: entered promiscuous mode [ 104.355044][ T5810] veth0_macvtap: entered promiscuous mode [ 104.404863][ T5806] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 104.405608][ T5810] veth1_macvtap: entered promiscuous mode [ 104.430883][ T5816] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 104.463822][ T5806] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 104.501305][ T1124] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.504801][ T5810] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 104.522456][ T1124] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.543263][ T1124] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.562506][ T1124] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.566716][ T5810] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 104.672950][ T5807] veth0_vlan: entered promiscuous mode [ 104.682692][ T3033] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.686289][ T3033] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.740031][ T3033] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.755927][ T3033] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.866458][ T5807] veth1_vlan: entered promiscuous mode [ 104.869351][ T5812] veth0_vlan: entered promiscuous mode [ 104.961231][ T5816] veth0_vlan: entered promiscuous mode [ 105.023920][ T5812] veth1_vlan: entered promiscuous mode [ 105.043687][ T3033] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.043707][ T3033] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.084313][ T5816] veth1_vlan: entered promiscuous mode [ 105.161852][ T2969] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.161874][ T2969] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.235141][ T5807] veth0_macvtap: entered promiscuous mode [ 105.251847][ T3033] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.251869][ T3033] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.315058][ T5807] veth1_macvtap: entered promiscuous mode [ 105.356345][ T5812] veth0_macvtap: entered promiscuous mode [ 105.371100][ T37] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.371122][ T37] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.403888][ T5812] veth1_macvtap: entered promiscuous mode [ 105.423764][ T5816] veth0_macvtap: entered promiscuous mode [ 105.449046][ T5807] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 105.462510][ T5816] veth1_macvtap: entered promiscuous mode [ 105.494049][ T5807] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 105.529321][ T5812] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 105.570224][ T1124] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.572559][ T1124] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.574159][ T1124] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.576247][ T1124] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.624162][ T5812] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 105.635290][ T5816] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 105.730234][ T5816] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 105.731199][ T13] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.735286][ T13] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.741155][ T13] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.776739][ T13] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.854169][ T5925] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 105.907619][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.910298][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.911788][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.912348][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.444301][ T37] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.444324][ T37] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.542459][ T1410] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.542481][ T1410] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.683001][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.683022][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.825840][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.825863][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.972679][ T2969] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.972701][ T2969] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.051737][ T1410] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.051758][ T1410] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.405671][ T6025] syz.4.34 (6025) used greatest stack depth: 18744 bytes left [ 133.709177][ T6302] syz.4.134 (6302) used greatest stack depth: 18376 bytes left [ 135.024240][ T6363] warning: `syz.1.164' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 138.249602][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.249707][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.547911][ T6393] syz.0.174 (6393) used greatest stack depth: 17288 bytes left [ 143.116494][ T6487] syz.3.213 (6487) used greatest stack depth: 17128 bytes left [ 143.871273][ T6501] netlink: 40 bytes leftover after parsing attributes in process `syz.3.221'. [ 145.865987][ T6539] netlink: 40 bytes leftover after parsing attributes in process `syz.4.236'. [ 147.471574][ T6565] netlink: 40 bytes leftover after parsing attributes in process `syz.4.248'. [ 150.400880][ T6606] netlink: 40 bytes leftover after parsing attributes in process `syz.0.261'. [ 152.110019][ T6636] netlink: 40 bytes leftover after parsing attributes in process `syz.1.274'. [ 153.657574][ T6664] netlink: 40 bytes leftover after parsing attributes in process `syz.0.287'. [ 155.668806][ T6698] netlink: 16 bytes leftover after parsing attributes in process `syz.0.299'. [ 157.654522][ T6724] netlink: 16 bytes leftover after parsing attributes in process `syz.1.311'. [ 160.440758][ T6779] netlink: 16 bytes leftover after parsing attributes in process `syz.4.329'. [ 164.785294][ T6845] netlink: 12 bytes leftover after parsing attributes in process `syz.3.356'. [ 167.604046][ T6885] netlink: 12 bytes leftover after parsing attributes in process `syz.3.370'. [ 170.581174][ T6926] netlink: 4 bytes leftover after parsing attributes in process `syz.0.386'. [ 172.461611][ T6963] netlink: 4 bytes leftover after parsing attributes in process `syz.2.402'. [ 174.794983][ T7005] netlink: 4 bytes leftover after parsing attributes in process `syz.3.418'. [ 174.948932][ T6982] syz.2.408 (6982) used greatest stack depth: 17032 bytes left [ 176.926227][ T7039] netlink: 4 bytes leftover after parsing attributes in process `syz.0.433'. [ 177.947321][ T7067] Zero length message leads to an empty skb [ 181.165605][ T7116] netlink: 4 bytes leftover after parsing attributes in process `syz.4.461'. [ 182.945905][ T7163] netlink: 'syz.1.478': attribute type 5 has an invalid length. [ 182.945928][ T7163] netlink: 4 bytes leftover after parsing attributes in process `syz.1.478'. [ 185.321843][ T7199] netlink: 'syz.2.490': attribute type 5 has an invalid length. [ 185.321868][ T7199] netlink: 4 bytes leftover after parsing attributes in process `syz.2.490'. [ 190.890433][ T7315] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 199.637494][ T7508] netlink: 40 bytes leftover after parsing attributes in process `syz.2.608'. [ 199.688176][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.688250][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 212.229245][ T7649] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=3171344376 (25370755008 ns) > initial count (669850936 ns). Using initial count to start timer. [ 214.304842][ T5124] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 214.324315][ T5124] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 214.399045][ T5124] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 214.405029][ T5124] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 214.406097][ T5124] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 215.695661][ T7697] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 215.728928][ T7697] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 215.737252][ T7697] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 215.745368][ T7697] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 215.746331][ T7697] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 216.479170][ T7699] Bluetooth: hci5: command tx timeout [ 217.126847][ T7699] Bluetooth: hci0: command 0x0406 tx timeout [ 217.126893][ T7699] Bluetooth: hci2: command 0x0406 tx timeout [ 217.126930][ T7697] Bluetooth: hci4: command 0x0406 tx timeout [ 217.127037][ T7699] Bluetooth: hci1: command 0x0406 tx timeout [ 217.127062][ T7699] Bluetooth: hci3: command 0x0406 tx timeout [ 217.836906][ T5821] Bluetooth: hci6: command tx timeout [ 218.556876][ T5821] Bluetooth: hci5: command tx timeout [ 219.922459][ T5821] Bluetooth: hci6: command tx timeout [ 222.381598][ T5821] Bluetooth: hci5: command tx timeout [ 222.381634][ T5821] Bluetooth: hci6: command tx timeout [ 223.936002][ T7725] vlan2: entered promiscuous mode [ 223.936027][ T7725] macvtap0: entered promiscuous mode [ 224.163013][ T7803] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 224.396832][ T61] Bluetooth: hci6: command tx timeout [ 224.396873][ T61] Bluetooth: hci5: command tx timeout [ 226.745861][ T13] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 226.818389][ T7850] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 227.192128][ T13] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 227.576438][ T13] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 228.529331][ T13] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 228.682426][ T7886] vlan2: entered promiscuous mode [ 228.862553][ T7704] chnl_net:caif_netlink_parms(): no params data found [ 228.906410][ T7685] chnl_net:caif_netlink_parms(): no params data found [ 229.228949][ T7904] netlink: 12 bytes leftover after parsing attributes in process `syz.4.759'. [ 229.648392][ T7704] bridge0: port 1(bridge_slave_0) entered blocking state [ 229.648731][ T7704] bridge0: port 1(bridge_slave_0) entered disabled state [ 229.648921][ T7704] bridge_slave_0: entered allmulticast mode [ 229.651033][ T7704] bridge_slave_0: entered promiscuous mode [ 229.758768][ T7704] bridge0: port 2(bridge_slave_1) entered blocking state [ 229.758914][ T7704] bridge0: port 2(bridge_slave_1) entered disabled state [ 229.759167][ T7704] bridge_slave_1: entered allmulticast mode [ 229.761673][ T7704] bridge_slave_1: entered promiscuous mode [ 229.764978][ T7685] bridge0: port 1(bridge_slave_0) entered blocking state [ 229.765120][ T7685] bridge0: port 1(bridge_slave_0) entered disabled state [ 229.765372][ T7685] bridge_slave_0: entered allmulticast mode [ 229.774419][ T7685] bridge_slave_0: entered promiscuous mode [ 229.880087][ T7685] bridge0: port 2(bridge_slave_1) entered blocking state [ 229.880240][ T7685] bridge0: port 2(bridge_slave_1) entered disabled state [ 229.880469][ T7685] bridge_slave_1: entered allmulticast mode [ 229.884157][ T7685] bridge_slave_1: entered promiscuous mode [ 230.837671][ T7704] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 230.984547][ T7704] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 230.985480][ T13] bridge_slave_1: left allmulticast mode [ 230.985684][ T13] bridge_slave_1: left promiscuous mode [ 230.989255][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 231.076074][ T13] bridge_slave_0: left allmulticast mode [ 231.076105][ T13] bridge_slave_0: left promiscuous mode [ 231.076396][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 233.798782][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 233.878229][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 233.920832][ T13] bond0 (unregistering): Released all slaves [ 233.972804][ T7685] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 234.113178][ T7685] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 235.367867][ T7704] team0: Port device team_slave_0 added [ 235.688000][ T7704] team0: Port device team_slave_1 added [ 235.762113][ T7685] team0: Port device team_slave_0 added [ 235.990429][ T7685] team0: Port device team_slave_1 added [ 236.311031][ T8001] vlan2: entered promiscuous mode [ 237.524230][ T7704] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 237.524249][ T7704] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 237.524278][ T7704] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 237.576317][ T7685] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 237.576335][ T7685] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 237.576362][ T7685] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 237.638672][ T7704] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 237.638690][ T7704] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 237.638719][ T7704] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 237.640300][ T7685] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 237.640315][ T7685] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 237.640343][ T7685] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 238.189716][ T13] hsr_slave_0: left promiscuous mode [ 238.247207][ T13] hsr_slave_1: left promiscuous mode [ 238.248524][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 238.248659][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 238.325341][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 238.325372][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 238.458658][ T13] veth1_macvtap: left promiscuous mode [ 238.459770][ T13] veth0_macvtap: left promiscuous mode [ 238.460090][ T13] veth1_vlan: left promiscuous mode [ 238.460458][ T13] veth0_vlan: left promiscuous mode [ 241.092864][ T8091] process 'syz.0.832' launched './file0' with NULL argv: empty string added [ 241.637688][ T13] team0 (unregistering): Port device team_slave_1 removed [ 242.288591][ T13] team0 (unregistering): Port device team_slave_0 removed [ 249.002192][ T8145] kvm: Disabled LAPIC found during irq injection [ 249.138456][ T7685] hsr_slave_0: entered promiscuous mode [ 249.139558][ T7685] hsr_slave_1: entered promiscuous mode [ 249.140369][ T7685] debugfs: 'hsr0' already exists in 'hsr' [ 249.140396][ T7685] Cannot create hsr debugfs directory [ 249.156557][ T7704] hsr_slave_0: entered promiscuous mode [ 249.162321][ T7704] hsr_slave_1: entered promiscuous mode [ 249.165318][ T7704] debugfs: 'hsr0' already exists in 'hsr' [ 249.165359][ T7704] Cannot create hsr debugfs directory [ 249.339778][ T8148] netlink: 4 bytes leftover after parsing attributes in process `syz.0.852'. [ 249.340230][ T8148] netlink: 4 bytes leftover after parsing attributes in process `syz.0.852'. [ 249.428895][ T8148] netlink: 4 bytes leftover after parsing attributes in process `syz.0.852'. [ 249.428960][ T8148] netlink: 4 bytes leftover after parsing attributes in process `syz.0.852'. [ 249.574735][ T8148] netlink: 4 bytes leftover after parsing attributes in process `syz.0.852'. [ 249.574802][ T8148] netlink: 4 bytes leftover after parsing attributes in process `syz.0.852'. [ 251.255807][ T13] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 251.314711][ T7685] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 251.361838][ T7685] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 251.413615][ T7685] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 251.679545][ T13] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 251.700361][ T8195] netlink: 4 bytes leftover after parsing attributes in process `syz.4.862'. [ 251.700423][ T8195] netlink: 4 bytes leftover after parsing attributes in process `syz.4.862'. [ 251.759086][ T7685] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 251.803503][ T8195] netlink: 4 bytes leftover after parsing attributes in process `syz.4.862'. [ 251.803567][ T8195] netlink: 4 bytes leftover after parsing attributes in process `syz.4.862'. [ 251.994767][ T13] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.252090][ T13] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.407691][ T7704] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 252.479058][ T7704] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 252.535130][ T7704] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 252.635970][ T7704] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 253.099918][ T13] bridge_slave_1: left allmulticast mode [ 253.099948][ T13] bridge_slave_1: left promiscuous mode [ 253.100223][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 253.179039][ T13] bridge_slave_0: left allmulticast mode [ 253.179063][ T13] bridge_slave_0: left promiscuous mode [ 253.179236][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 255.010964][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 255.071810][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 255.130353][ T13] bond0 (unregistering): Released all slaves [ 255.404362][ T7685] 8021q: adding VLAN 0 to HW filter on device bond0 [ 255.469505][ T7685] 8021q: adding VLAN 0 to HW filter on device team0 [ 255.515833][ T1410] bridge0: port 1(bridge_slave_0) entered blocking state [ 255.533538][ T1410] bridge0: port 1(bridge_slave_0) entered forwarding state [ 255.732449][ T8271] __nla_validate_parse: 8 callbacks suppressed [ 255.732471][ T8271] netlink: 4 bytes leftover after parsing attributes in process `syz.0.875'. [ 255.732527][ T8271] netlink: 4 bytes leftover after parsing attributes in process `syz.0.875'. [ 256.070406][ T3033] bridge0: port 2(bridge_slave_1) entered blocking state [ 256.070554][ T3033] bridge0: port 2(bridge_slave_1) entered forwarding state [ 256.627455][ T7704] 8021q: adding VLAN 0 to HW filter on device bond0 [ 256.887062][ T13] hsr_slave_0: left promiscuous mode [ 256.945562][ T13] hsr_slave_1: left promiscuous mode [ 256.946565][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 256.946591][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 257.013136][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 257.013167][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 257.116335][ T13] veth1_macvtap: left promiscuous mode [ 257.116448][ T13] veth0_macvtap: left promiscuous mode [ 257.130073][ T13] veth1_vlan: left promiscuous mode [ 257.130276][ T13] veth0_vlan: left promiscuous mode [ 258.263275][ T8314] netlink: 4 bytes leftover after parsing attributes in process `syz.4.887'. [ 258.263338][ T8314] netlink: 4 bytes leftover after parsing attributes in process `syz.4.887'. [ 259.519588][ T13] team0 (unregistering): Port device team_slave_1 removed [ 259.717580][ T13] team0 (unregistering): Port device team_slave_0 removed [ 260.475914][ T8328] netlink: 12 bytes leftover after parsing attributes in process `syz.0.893'. [ 261.130116][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 261.130193][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 262.947247][ T8356] netlink: 12 bytes leftover after parsing attributes in process `syz.4.904'. [ 263.184647][ T7704] 8021q: adding VLAN 0 to HW filter on device team0 [ 263.304346][ T71] bridge0: port 1(bridge_slave_0) entered blocking state [ 263.304506][ T71] bridge0: port 1(bridge_slave_0) entered forwarding state [ 263.363849][ T71] bridge0: port 2(bridge_slave_1) entered blocking state [ 263.367691][ T71] bridge0: port 2(bridge_slave_1) entered forwarding state [ 264.083183][ T7685] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 264.382366][ T7704] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 266.011567][ T8412] netlink: 12 bytes leftover after parsing attributes in process `syz.4.913'. [ 266.059067][ T7685] veth0_vlan: entered promiscuous mode [ 266.133325][ T7685] veth1_vlan: entered promiscuous mode [ 266.270967][ T8419] kvm: Disabled LAPIC found during irq injection [ 266.419667][ T7704] veth0_vlan: entered promiscuous mode [ 266.438997][ T7685] veth0_macvtap: entered promiscuous mode [ 266.459204][ T7704] veth1_vlan: entered promiscuous mode [ 266.466282][ T7685] veth1_macvtap: entered promiscuous mode [ 266.568483][ T7685] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 266.629152][ T7685] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 266.706253][ T1410] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 266.732146][ T1410] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 266.748571][ T1410] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 266.773703][ T1410] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 266.775631][ T7704] veth0_macvtap: entered promiscuous mode [ 266.861897][ T7704] veth1_macvtap: entered promiscuous mode [ 268.087787][ T7704] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 268.140900][ T8450] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 268.206062][ T7704] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 268.340021][ T1025] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 268.341039][ T1025] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 268.344578][ T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 268.344613][ T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 268.352237][ T1025] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 268.402638][ T1025] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 268.667726][ T2969] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 268.667749][ T2969] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 270.182371][ T2969] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 270.182395][ T2969] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 270.429516][ T3033] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 270.429538][ T3033] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 276.624222][ T8626] vlan2: entered promiscuous mode [ 276.624374][ T8626] macvtap0: entered promiscuous mode [ 289.545648][ T8921] capability: warning: `syz.3.1072' uses 32-bit capabilities (legacy support in use) [ 291.209764][ T8956] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 304.726485][ T9211] syz.0.1165 (9211) used greatest stack depth: 16552 bytes left [ 322.580170][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.580247][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 329.380886][ T61] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 329.393111][ T61] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 329.394426][ T61] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 329.409515][ T61] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 329.415414][ T61] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 332.676759][ T61] Bluetooth: hci1: command tx timeout [ 334.717105][ T61] Bluetooth: hci1: command tx timeout [ 337.095961][ T5821] Bluetooth: hci1: command tx timeout [ 339.476943][ T5808] Bluetooth: hci1: command tx timeout [ 340.246902][ T5808] Bluetooth: hci6: command 0x0406 tx timeout [ 340.246946][ T5808] Bluetooth: hci5: command 0x0406 tx timeout [ 340.708524][ T5808] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 340.772026][ T5808] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 340.773362][ T5808] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 340.775059][ T5808] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 340.775891][ T5808] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 343.806305][ T5813] Bluetooth: hci2: command tx timeout [ 345.895316][ T61] Bluetooth: hci2: command tx timeout [ 345.966200][ T9307] chnl_net:caif_netlink_parms(): no params data found [ 348.880687][ T61] Bluetooth: hci2: command tx timeout [ 350.959956][ T61] Bluetooth: hci2: command tx timeout [ 358.621549][ T5813] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 358.624580][ T5813] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 358.629531][ T5813] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 358.644217][ T5813] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 358.645571][ T5813] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 359.236264][ T5813] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 359.254876][ T5813] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 359.256120][ T5813] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 359.257504][ T5813] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 359.258414][ T5813] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 360.986892][ T5813] Bluetooth: hci7: command tx timeout [ 361.370095][ T5813] Bluetooth: hci8: command tx timeout [ 363.065454][ T5813] Bluetooth: hci7: command tx timeout [ 363.446772][ T5813] Bluetooth: hci8: command tx timeout [ 365.156994][ T9307] bridge0: port 1(bridge_slave_0) entered blocking state [ 365.157138][ T9307] bridge0: port 1(bridge_slave_0) entered disabled state [ 365.157412][ T9307] bridge_slave_0: entered allmulticast mode [ 365.160372][ T9307] bridge_slave_0: entered promiscuous mode [ 365.377055][ T5813] Bluetooth: hci7: command tx timeout [ 365.517048][ T5813] Bluetooth: hci8: command tx timeout [ 365.586514][ T9307] bridge0: port 2(bridge_slave_1) entered blocking state [ 365.766015][ T9307] bridge0: port 2(bridge_slave_1) entered disabled state [ 365.766298][ T9307] bridge_slave_1: entered allmulticast mode [ 365.806844][ T9307] bridge_slave_1: entered promiscuous mode [ 367.586780][ T5813] Bluetooth: hci7: command tx timeout [ 367.596859][ T5813] Bluetooth: hci8: command tx timeout [ 370.551038][ T9307] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 370.750494][ T9307] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 376.861959][ T9307] team0: Port device team_slave_0 added [ 376.907556][ T9329] chnl_net:caif_netlink_parms(): no params data found [ 377.098760][ T9307] team0: Port device team_slave_1 added [ 383.019289][ T61] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 383.052686][ T61] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 383.068830][ T61] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 383.087179][ T61] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 383.104271][ T61] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 384.003808][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 384.003883][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 385.277279][ T5813] Bluetooth: hci3: command tx timeout [ 387.415707][ T5813] Bluetooth: hci3: command tx timeout [ 388.758095][ T61] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 388.765212][ T61] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 388.783141][ T61] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 388.784789][ T61] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 389.196273][ T61] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 389.688004][ T61] Bluetooth: hci3: command tx timeout [ 391.756848][ T5813] Bluetooth: hci6: command tx timeout [ 391.757151][ T5813] Bluetooth: hci3: command tx timeout [ 394.166950][ T5821] Bluetooth: hci6: command tx timeout [ 396.346887][ T5821] Bluetooth: hci6: command tx timeout [ 398.556975][ T5821] Bluetooth: hci6: command tx timeout [ 401.270267][ T9329] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wg0": -EINTR [ 408.910717][ T5813] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 408.927143][ T5813] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 408.936928][ T5813] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 408.938394][ T5813] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 408.939793][ T5813] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 411.746943][ T5821] Bluetooth: hci1: command tx timeout [ 413.770474][ T5813] Bluetooth: hci1: command tx timeout [ 415.039675][ T5821] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 415.042025][ T5821] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 415.045291][ T5821] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 415.046577][ T5821] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 415.058605][ T5821] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 415.878897][ T5821] Bluetooth: hci1: command tx timeout [ 417.337039][ T5821] Bluetooth: hci9: command tx timeout [ 417.919271][ T5813] Bluetooth: hci1: command tx timeout [ 417.931509][ T5813] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 418.021961][ T5813] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 418.066870][ T5813] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 418.408147][ T5813] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 418.423975][ T5813] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 419.356780][ T5813] Bluetooth: hci9: command tx timeout [ 420.556944][ T5813] Bluetooth: hci2: command tx timeout [ 421.817656][ T5813] Bluetooth: hci9: command tx timeout [ 422.637049][ T5813] Bluetooth: hci2: command tx timeout [ 423.916770][ T5813] Bluetooth: hci9: command tx timeout [ 424.726818][ T5813] Bluetooth: hci2: command tx timeout [ 426.796801][ T5813] Bluetooth: hci2: command tx timeout [ 442.492406][ T5821] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 442.501452][ T5821] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 442.503127][ T5821] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 442.505279][ T5821] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 442.506212][ T5821] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 444.556963][ T5821] Bluetooth: hci8: command tx timeout [ 445.467420][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.467506][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 446.636884][ T5821] Bluetooth: hci8: command tx timeout [ 446.685197][ T5813] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 446.702573][ T5813] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 446.704112][ T5813] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 446.705644][ T5813] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 446.706520][ T5813] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 448.736684][ T5813] Bluetooth: hci8: command tx timeout [ 448.956853][ T5813] Bluetooth: hci10: command tx timeout [ 450.796807][ T5813] Bluetooth: hci8: command tx timeout [ 451.085041][ T5813] Bluetooth: hci10: command tx timeout [ 453.124749][ T5813] Bluetooth: hci10: command tx timeout [ 455.250718][ T5813] Bluetooth: hci10: command tx timeout [ 458.999760][ T5821] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 459.519600][ T5821] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 459.549066][ T5821] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 459.550971][ T5821] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 459.551844][ T5821] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 461.676825][ T5821] Bluetooth: hci11: command tx timeout [ 463.927076][ T5821] Bluetooth: hci11: command tx timeout [ 466.209046][ T5821] Bluetooth: hci11: command tx timeout [ 468.636796][ T5821] Bluetooth: hci11: command tx timeout [ 469.323563][ T5813] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 469.346978][ T5813] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 469.348933][ T5813] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 469.351805][ T5813] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 469.352703][ T5813] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 471.654264][ T5813] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 471.677105][ T5813] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 471.678498][ T5813] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 471.705433][ T5813] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 471.706385][ T5813] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 471.756984][ T5821] Bluetooth: hci12: command tx timeout [ 473.836810][ T5821] Bluetooth: hci13: command tx timeout [ 473.837114][ T5821] Bluetooth: hci12: command tx timeout [ 475.980807][ T5813] Bluetooth: hci12: command tx timeout [ 475.980846][ T5813] Bluetooth: hci13: command tx timeout [ 476.167809][ T39] INFO: task syz.0.1193:9288 blocked for more than 143 seconds. [ 476.167852][ T39] Not tainted syzkaller #0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 476.167864][ T39] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 476.167875][ T39] task:syz.0.1193 state:D stack:25160 pid:9288 tgid:9288 ppid:5816 task_flags:0x400040 flags:0x00080002 [ 476.167961][ T39] Call Trace: [ 476.167973][ T39] [ 476.167989][ T39] __schedule+0x16f3/0x4c20 [ 476.168041][ T39] ? kasan_save_stack+0x3e/0x60 [ 476.168064][ T39] ? call_rcu+0x157/0x9c0 [ 476.168092][ T39] ? tdp_mmu_next_root+0x566/0x610 [ 476.168121][ T39] ? kvm_tdp_mmu_zap_invalidated_roots+0xb9/0x340 [ 476.168158][ T39] ? kvm_mmu_uninit_tdp_mmu+0x32/0xc0 [ 476.168186][ T39] ? kvm_mmu_uninit_vm+0x53/0x90 [ 476.168211][ T39] ? kvm_arch_destroy_vm+0x23d/0x280 [ 476.168236][ T39] ? exit_to_user_mode_loop+0xe9/0x130 [ 476.168265][ T39] ? __pfx___schedule+0x10/0x10 [ 476.168313][ T39] ? _raw_spin_unlock_irq+0x23/0x50 [ 476.168346][ T39] rt_mutex_schedule+0x77/0xf0 [ 476.168376][ T39] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 476.168400][ T39] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 476.168443][ T39] rt_mutex_slowlock+0x2b1/0x6e0 [ 476.168470][ T39] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 476.168495][ T39] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 476.168516][ T39] ? __lock_acquire+0xab9/0xd20 [ 476.168553][ T39] ? rcu_barrier+0x4c/0x570 [ 476.168590][ T39] ? rt_mutex_slowunlock+0x493/0x8a0 [ 476.168618][ T39] ? rcu_barrier+0x4c/0x570 [ 476.168646][ T39] mutex_lock_nested+0x16a/0x1d0 [ 476.168668][ T39] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 476.168698][ T39] rcu_barrier+0x4c/0x570 [ 476.168730][ T39] ? rt_write_unlock+0x191/0x230 [ 476.168759][ T39] kvm_mmu_uninit_vm+0x53/0x90 [ 476.168788][ T39] kvm_arch_destroy_vm+0x23d/0x280 [ 476.168814][ T39] kvm_put_kvm+0x6ca/0xa80 [ 476.168849][ T39] ? __pfx_kvm_vm_release+0x10/0x10 [ 476.168874][ T39] kvm_vm_release+0x46/0x50 [ 476.168896][ T39] __fput+0x45b/0xa80 [ 476.168940][ T39] task_work_run+0x1d4/0x260 [ 476.168973][ T39] ? __pfx_task_work_run+0x10/0x10 [ 476.169008][ T39] ? exit_to_user_mode_loop+0x40/0x130 [ 476.169035][ T39] exit_to_user_mode_loop+0xe9/0x130 [ 476.169060][ T39] do_syscall_64+0x2bd/0xfa0 [ 476.169089][ T39] ? lockdep_hardirqs_on+0x9c/0x150 [ 476.169119][ T39] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 476.169141][ T39] ? clear_bhb_loop+0x60/0xb0 [ 476.169176][ T39] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 476.169198][ T39] RIP: 0033:0x7fb761a8efc9 [ 476.169222][ T39] RSP: 002b:00007ffc2b970798 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 476.169245][ T39] RAX: 0000000000000000 RBX: 000000000004f398 RCX: 00007fb761a8efc9 [ 476.169261][ T39] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 476.169274][ T39] RBP: 00007fb761ce7da0 R08: 0000000000000001 R09: 000000082b970a8f [ 476.169289][ T39] R10: 0000001b2e820000 R11: 0000000000000246 R12: 00007fb761ce5fac [ 476.169304][ T39] R13: 00007fb761ce5fa0 R14: ffffffffffffffff R15: 00007ffc2b9708b0 [ 476.169353][ T39] [ 476.169363][ T39] INFO: task syz.3.1197:9301 blocked for more than 143 seconds. [ 476.169378][ T39] Not tainted syzkaller #0 [ 476.169389][ T39] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 476.169399][ T39] task:syz.3.1197 state:D stack:25160 pid:9301 tgid:9301 ppid:5806 task_flags:0x400040 flags:0x00080003 [ 476.169460][ T39] Call Trace: [ 476.169467][ T39] [ 476.169480][ T39] __schedule+0x16f3/0x4c20 [ 476.169537][ T39] ? __pfx___schedule+0x10/0x10 [ 476.169586][ T39] ? _raw_spin_unlock_irq+0x23/0x50 [ 476.169619][ T39] rt_mutex_schedule+0x77/0xf0 [ 476.169648][ T39] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 476.169672][ T39] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 476.169715][ T39] rt_mutex_slowlock+0x2b1/0x6e0 [ 476.169741][ T39] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 476.169766][ T39] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 476.169788][ T39] ? __lock_acquire+0xab9/0xd20 [ 476.169824][ T39] ? rcu_barrier+0x4c/0x570 [ 476.169862][ T39] ? rt_mutex_slowunlock+0x493/0x8a0 [ 476.169891][ T39] ? rcu_barrier+0x4c/0x570 [ 476.169919][ T39] mutex_lock_nested+0x16a/0x1d0 [ 476.169940][ T39] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 476.169970][ T39] rcu_barrier+0x4c/0x570 [ 476.170002][ T39] ? rt_write_unlock+0x191/0x230 [ 476.170033][ T39] kvm_mmu_uninit_vm+0x53/0x90 [ 476.170061][ T39] kvm_arch_destroy_vm+0x23d/0x280 [ 476.170087][ T39] kvm_put_kvm+0x6ca/0xa80 [ 476.170121][ T39] ? __pfx_kvm_vm_release+0x10/0x10 [ 476.170152][ T39] kvm_vm_release+0x46/0x50 [ 476.170175][ T39] __fput+0x45b/0xa80 [ 476.170217][ T39] task_work_run+0x1d4/0x260 [ 476.170250][ T39] ? __pfx_task_work_run+0x10/0x10 [ 476.170285][ T39] ? exit_to_user_mode_loop+0x40/0x130 [ 476.170312][ T39] exit_to_user_mode_loop+0xe9/0x130 [ 476.170336][ T39] do_syscall_64+0x2bd/0xfa0 [ 476.170367][ T39] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 476.170389][ T39] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 476.170412][ T39] ? clear_bhb_loop+0x60/0xb0 [ 476.170439][ T39] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 476.170461][ T39] RIP: 0033:0x7f844abfefc9 [ 476.170477][ T39] RSP: 002b:00007fff9eb74f28 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 476.170499][ T39] RAX: 0000000000000000 RBX: 000000000005026d RCX: 00007f844abfefc9 [ 476.170514][ T39] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 476.170527][ T39] RBP: 00007f844ae57da0 R08: 0000000000000001 R09: 000000089eb7521f [ 476.170542][ T39] R10: 0000001b2eb20000 R11: 0000000000000246 R12: 00007f844ae55fac [ 476.170558][ T39] R13: 00007f844ae55fa0 R14: ffffffffffffffff R15: 00007fff9eb75040 [ 476.170595][ T39] [ 476.170627][ T39] [ 476.170627][ T39] Showing all locks held in the system: [ 476.170637][ T39] 3 locks held by kworker/u8:1/13: [ 476.170650][ T39] #0: ffff88813fe29938 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 476.170722][ T39] #1: ffffc90000127ba0 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 476.170787][ T39] #2: ffffffff8d7afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 476.170848][ T39] 2 locks held by ktimers/0/16: [ 476.170861][ T39] 4 locks held by pr/legacy/17: [ 476.170875][ T39] 2 locks held by ksoftirqd/1/30: [ 476.170888][ T39] 4 locks held by kworker/u8:2/37: [ 476.170900][ T39] 1 lock held by khungtaskd/39: [ 476.170912][ T39] #0: ffffffff8d7aa4c0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 476.170979][ T39] 3 locks held by kworker/u8:5/1025: [ 476.170992][ T39] #0: ffff88813fe29938 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 476.171062][ T39] #1: ffffc900045dfba0 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 476.171125][ T39] #2: ffffffff8d7afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 476.171194][ T39] 3 locks held by kworker/u8:7/1160: [ 476.171207][ T39] #0: ffff88813fe29938 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 476.171276][ T39] #1: ffffc900046afba0 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 476.171340][ T39] #2: ffffffff8d7afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 476.171401][ T39] 7 locks held by kworker/u8:9/1922: [ 476.171428][ T39] 2 locks held by getty/5567: [ 476.171440][ T39] #0: ffff88823bf748a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 476.171496][ T39] #1: ffffc90003e7b2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1400 [ 476.171563][ T39] 1 lock held by syz.6.1038/8811: [ 476.171575][ T39] #0: ffffffff8d7afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 476.171633][ T39] 1 lock held by syz.4.1166/9215: [ 476.171645][ T39] #0: ffffffff8d7afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 476.171702][ T39] 1 lock held by syz.5.1181/9253: [ 476.171712][ T39] #0: ffffffff8d7afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 476.171771][ T39] 1 lock held by syz.0.1193/9288: [ 476.171783][ T39] #0: ffffffff8d7afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 476.171840][ T39] 1 lock held by syz.3.1197/9301: [ 476.171852][ T39] #0: ffffffff8d7afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 476.171910][ T39] 1 lock held by syz-executor/9307: [ 476.171922][ T39] #0: ffffffff8d7afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 476.171982][ T39] 1 lock held by syz-executor/9329: [ 476.171994][ T39] #0: ffffffff8d7afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 476.172052][ T39] 2 locks held by syz-executor/9360: [ 476.172064][ T39] #0: ffffffff8ea6a220 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x337/0x4e0 [ 476.172127][ T39] #1: ffffffff8d7afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 476.172193][ T39] 1 lock held by syz-executor/9367: [ 476.172205][ T39] #0: ffffffff8d7afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 476.172265][ T39] 1 lock held by syz.6.1209/9374: [ 476.172276][ T39] #0: ffffffff8d7afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 476.172344][ T39] 2 locks held by syz-executor/9392: [ 476.172356][ T39] #0: ffffffff8ea6a220 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x337/0x4e0 [ 476.172416][ T39] #1: ffffffff8d7afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 476.172474][ T39] 2 locks held by syz-executor/9395: [ 476.172486][ T39] #0: ffffffff8ea6a220 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x337/0x4e0 [ 476.172547][ T39] #1: ffffffff8d7afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 476.172605][ T39] 2 locks held by syz-executor/9405: [ 476.172618][ T39] 2 locks held by syz-executor/9410: [ 476.172629][ T39] #0: ffffffff8ea6a220 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x337/0x4e0 [ 476.172684][ T39] #1: ffffffff8ea77138 (rtnl_mutex){+.+.}-{4:4}, at: ops_undo_list+0x2a4/0x990 [ 476.172733][ T39] 2 locks held by syz-executor/9412: [ 476.172745][ T39] #0: ffffffff8ea6a220 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x337/0x4e0 [ 476.172806][ T39] #1: ffffffff8ea77138 (rtnl_mutex){+.+.}-{4:4}, at: ip_tunnel_init_net+0x2ab/0x800 [ 476.172868][ T39] 2 locks held by syz-executor/9424: [ 476.172881][ T39] #0: ffffffff8ea6a220 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x337/0x4e0 [ 476.172942][ T39] #1: ffffffff8ea77138 (rtnl_mutex){+.+.}-{4:4}, at: ip_tunnel_init_net+0x2ab/0x800 [ 476.173004][ T39] 2 locks held by syz-executor/9428: [ 476.173014][ T39] #0: ffffffff8ea6a220 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x337/0x4e0 [ 476.173076][ T39] #1: ffffffff8ea77138 (rtnl_mutex){+.+.}-{4:4}, at: ip_tunnel_init_net+0x2ab/0x800 [ 476.173138][ T39] 1 lock held by syz-executor/9432: [ 476.173158][ T39] #0: ffffffff8ea77138 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 476.173218][ T39] 1 lock held by syz-executor/9437: [ 476.173230][ T39] #0: ffffffff8ea77138 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 476.173288][ T39] 1 lock held by syz-executor/9442: [ 476.173300][ T39] #0: ffffffff8ea77138 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 476.173358][ T39] [ 476.173364][ T39] ============================================= [ 476.173364][ T39] [ 476.173383][ T39] NMI backtrace for cpu 1 [ 476.173410][ T39] CPU: 1 UID: 0 PID: 39 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 476.173442][ T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 476.173454][ T39] Call Trace: [ 476.173463][ T39] [ 476.173472][ T39] dump_stack_lvl+0x189/0x250 [ 476.173504][ T39] ? __pfx_dump_stack_lvl+0x10/0x10 [ 476.173532][ T39] ? __pfx__printk+0x10/0x10 [ 476.173573][ T39] nmi_cpu_backtrace+0x39e/0x3d0 [ 476.173599][ T39] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 476.173624][ T39] ? __pfx__printk+0x10/0x10 [ 476.173657][ T39] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 476.173692][ T39] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 476.173718][ T39] watchdog+0xf60/0xfa0 [ 476.173748][ T39] ? watchdog+0x1e2/0xfa0 [ 476.173780][ T39] kthread+0x711/0x8a0 [ 476.173809][ T39] ? __pfx_watchdog+0x10/0x10 [ 476.173832][ T39] ? __pfx_kthread+0x10/0x10 [ 476.173855][ T39] ? rt_spin_unlock+0x150/0x200 [ 476.173884][ T39] ? rt_spin_unlock+0x161/0x200 [ 476.173905][ T39] ? __pfx_kthread+0x10/0x10 [ 476.173931][ T39] ret_from_fork+0x4bc/0x870 [ 476.173966][ T39] ? __pfx_ret_from_fork+0x10/0x10 [ 476.174007][ T39] ? __switch_to_asm+0x39/0x70 [ 476.174036][ T39] ? __switch_to_asm+0x33/0x70 [ 476.174063][ T39] ? __pfx_kthread+0x10/0x10 [ 476.174090][ T39] ret_from_fork_asm+0x1a/0x30 [ 476.174139][ T39] [ 476.174153][ T39] Sending NMI from CPU 1 to CPUs 0: [ 476.174182][ C0] NMI backtrace for cpu 0 [ 476.174199][ C0] CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 476.174231][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 476.174246][ C0] RIP: 0010:__lock_acquire+0x111/0xd20 [ 476.174271][ C0] Code: 83 6e 92 48 29 c8 48 c1 f8 03 48 be 29 5c 8f c2 f5 28 5c 8f 48 0f af f0 45 85 f6 0f 85 4a 01 00 00 45 85 ed 0f 84 41 01 00 00 <41> 83 fd 31 0f 83 12 01 00 00 48 83 7c 24 68 00 0f 84 2b 01 00 00 [ 476.174286][ C0] RSP: 0018:ffffc90000156510 EFLAGS: 00000002 [ 476.174300][ C0] RAX: 000000000000f91f RBX: ffff8880b883cb60 RCX: ffffffff926e8310 [ 476.174314][ C0] RDX: 0000000000000008 RSI: 00000000000009f7 RDI: ffff88801baa5a00 [ 476.174326][ C0] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 476.174336][ C0] R10: dffffc0000000000 R11: ffffed100bda4416 R12: 0000000000000000 [ 476.174349][ C0] R13: 0000000000000008 R14: 0000000000000000 R15: 0000000000000000 [ 476.174360][ C0] FS: 0000000000000000(0000) GS:ffff888126bc2000(0000) knlGS:0000000000000000 [ 476.174375][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 476.174387][ C0] CR2: 000056152d318a38 CR3: 0000000034d7e000 CR4: 00000000003526f0 [ 476.174409][ C0] DR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000000083 [ 476.174421][ C0] DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 476.174433][ C0] Call Trace: [ 476.174440][ C0] [ 476.174451][ C0] ? enqueue_to_backlog+0x15b/0xd80 [ 476.174476][ C0] lock_acquire+0x120/0x360 [ 476.174494][ C0] ? enqueue_to_backlog+0x15b/0xd80 [ 476.174525][ C0] rt_spin_lock+0x88/0x3e0 [ 476.174543][ C0] ? enqueue_to_backlog+0x15b/0xd80 [ 476.174569][ C0] ? __pfx_rt_spin_lock+0x10/0x10 [ 476.174587][ C0] ? ktime_get_with_offset+0x93/0x2a0 [ 476.174611][ C0] ? seqcount_lockdep_reader_access+0x174/0x1c0 [ 476.174637][ C0] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 476.174666][ C0] enqueue_to_backlog+0x15b/0xd80 [ 476.174694][ C0] ? read_tsc+0x9/0x20 [ 476.174719][ C0] netif_rx_internal+0x130/0x560 [ 476.174739][ C0] ? __pfx_netif_rx_internal+0x10/0x10 [ 476.174759][ C0] ? rcu_is_watching+0x15/0xb0 [ 476.174783][ C0] __netif_rx+0xaa/0x110 [ 476.174807][ C0] loopback_xmit+0x47a/0x6f0 [ 476.174830][ C0] dev_hard_start_xmit+0x2f0/0x870 [ 476.174860][ C0] __dev_queue_xmit+0x1b50/0x3b70 [ 476.174887][ C0] ? __dev_queue_xmit+0x26f/0x3b70 [ 476.174913][ C0] ? synproxy_pernet+0x23/0x240 [ 476.174936][ C0] ? __pfx___dev_queue_xmit+0x10/0x10 [ 476.174958][ C0] ? synproxy_pernet+0x23/0x240 [ 476.174977][ C0] ? synproxy_pernet+0x23/0x240 [ 476.174995][ C0] ? synproxy_pernet+0x23/0x240 [ 476.175014][ C0] ? __asan_memset+0x22/0x50 [ 476.175043][ C0] ? __lock_acquire+0xab9/0xd20 [ 476.175067][ C0] ? ip_output+0x29f/0x450 [ 476.175091][ C0] ? ip_finish_output2+0xbae/0x11d0 [ 476.175116][ C0] ip_finish_output2+0xd5a/0x11d0 [ 476.175141][ C0] ? ip_finish_output2+0x452/0x11d0 [ 476.175169][ C0] ? __pfx_ip_finish_output2+0x10/0x10 [ 476.175194][ C0] ? ip_skb_dst_mtu+0x917/0xb70 [ 476.175217][ C0] ? ip_finish_output+0x33a/0x3f0 [ 476.175239][ C0] ip_output+0x29f/0x450 [ 476.175260][ C0] ? ip_output+0x5b/0x450 [ 476.175280][ C0] synproxy_send_client_synack+0x8bb/0xe20 [ 476.175307][ C0] ? __pfx_synproxy_send_client_synack+0x10/0x10 [ 476.175327][ C0] ? nft_xfrm_get_eval+0x3e8/0x500 [ 476.175350][ C0] ? synproxy_pernet+0x45/0x270 [ 476.175377][ C0] nft_synproxy_eval_v4+0x36e/0x560 [ 476.175411][ C0] ? __pfx_nft_synproxy_eval_v4+0x10/0x10 [ 476.175437][ C0] ? nf_ip_checksum+0x13c/0x510 [ 476.175463][ C0] nft_synproxy_do_eval+0x345/0x570 [ 476.175490][ C0] ? __pfx_nft_synproxy_do_eval+0x10/0x10 [ 476.175523][ C0] nft_do_chain+0x40c/0x1920 [ 476.175553][ C0] ? __pfx_nft_do_chain+0x10/0x10 [ 476.175586][ C0] ? try_to_take_rt_mutex+0x840/0xb00 [ 476.175613][ C0] nft_do_chain_inet+0x25d/0x340 [ 476.175636][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 476.175659][ C0] ? __lock_acquire+0xab9/0xd20 [ 476.175682][ C0] ? NF_HOOK+0x9a/0x3a0