last executing test programs: 2m28.142966095s ago: executing program 3 (id=482): bpf$MAP_CREATE(0x0, 0x0, 0x48) prlimit64(0x0, 0x6, &(0x7f0000000140)={0x0, 0x4}, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f00006ec000/0x1000)=nil, &(0x7f00002c7000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000559000/0x4000)=nil, &(0x7f000008d000/0x1000)=nil, &(0x7f00005e2000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f000021a000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r0 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1}) bpf$MAP_CREATE(0x0, 0x0, 0x48) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 2m27.960014701s ago: executing program 3 (id=484): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=@newtfilter={0x60, 0x2c, 0xd3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0xb, 0xfff3}, {}, {0x7, 0x300}}, [@filter_kind_options=@f_basic={{0xa}, {0x30, 0x2, [@TCA_BASIC_EMATCHES={0x2c, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0x20, 0x2, 0x0, 0x1, [@TCF_EM_META={0x1c, 0x1, 0x0, 0x0, {{0x7, 0x4, 0x4}, [@TCA_EM_META_LVALUE={0x4}, @TCA_EM_META_HDR={0xc, 0x1, {{0x5, 0x6, 0x2}, {0x5, 0x40}}}]}}]}]}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x10}, 0x0) 2m27.254684057s ago: executing program 3 (id=494): bpf$MAP_CREATE(0x0, 0x0, 0x48) prlimit64(0x0, 0x6, &(0x7f0000000140)={0x0, 0x4}, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f00006ec000/0x1000)=nil, &(0x7f00002c7000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000559000/0x4000)=nil, &(0x7f000008d000/0x1000)=nil, &(0x7f00005e2000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f000021a000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r0 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x48) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 2m27.16158871s ago: executing program 3 (id=497): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000300)='./file0/../file0\x00', 0x0, 0x2151090, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) umount2(&(0x7f0000000340)='./file0/file0\x00', 0x8) 2m26.890694013s ago: executing program 3 (id=500): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000002c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'adiantum(adiantum(lrw(twofish),fcrypt,sha256),des3_ede-generic,c'}, 0x58) 2m24.65681521s ago: executing program 3 (id=514): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000040), 0x10) listen(0xffffffffffffffff, 0x0) r2 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r2, &(0x7f0000000080), 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$sock_linger(r2, 0x1, 0xd, &(0x7f0000000140)={0x1, 0x9}, 0x8) close(r2) 2m24.315165119s ago: executing program 32 (id=514): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000040), 0x10) listen(0xffffffffffffffff, 0x0) r2 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r2, &(0x7f0000000080), 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$sock_linger(r2, 0x1, 0xd, &(0x7f0000000140)={0x1, 0x9}, 0x8) close(r2) 2m12.69520978s ago: executing program 1 (id=589): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000140)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r1, 0x0, 0x0) openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.memory_spread_slab\x00', 0x2, 0x0) 2m12.45105146s ago: executing program 1 (id=593): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f0000000180)={0x0, &(0x7f00000001c0)=[@code={0xa, 0x54, {"0fc7bcaeb20000000f78d0410fc7b23e000000470f01df66b8a1000f00d8b8010000000f01c1b805000000b9009000000f01d9670fc7b25000000066ba4200ec410f07"}}], 0x54}) ioctl$KVM_SET_NESTED_STATE(r3, 0x4080aebf, &(0x7f00000005c0)={{0x1, 0x0, 0x80, {0x6000}}, "743e03458a315529bfe74e753577d126c39875f4d976a910b1ca7d320bbd169af9836c48aeff25d8b1ed2b448516718b02a87986bc4d9730ee6a5154f9c7df2a075df15efcc0f36d387b4ec00b83d059610a69f22c7a6c9ee213564179c422637e2a09fa5945366996c97c72c1feaccae20ee744414a7d97e8c4cb9803db3c45b310ee27e10f6869b742931d7dc778b0ee58e09a50dee36517969bf5c81c7b4c4bc58068b3c44b711a76d39d45da1a2ddc41643b92dc9acb804fbae85f56b3ac66cc8edc41932ccecf34e3930f6829bdd9f569dee7c2ab22858bdd7d35f95f2f2499933c34e6b9f88c2355fd5f84084ae62aa39fe6a451921c06dd99b62cd9128918850e5d48a1da3296e19a9f5f36c11d67c2019a487232a7071a4f3b94dbced3772cd79959fc8457a4e5afc22bf22982ed2686b6cdd8311b7cefe0bface7284c8b9dd64d769c5e158018c22b6b1e9b397b002c996d002664e970a1d8d5fdce6df2eea1a4fc1b625459554b1bc21852b1ac64cad52fcfb42eb50694cc9fda08a531a0bad678047fe925a54b0db98ad66bc448fe655bcc0aada1100a8231b59ee0f2dd34b628658f8dd6b15a2b8d6eaab5925bbb5252cd14a1b4484303fc90d5bc430dbff0abc8e4b004a8d01f222329611cd99d3bb176c0168cafbb1c35cbc44f0ed289971fddecc89d9a5cd37fa6bce9a171d6b221f3688b7d4088576aaa89321febe59620fab0cf83b32e5aff49279c32c1dcf8975387637c0bae8a1f03d710ddc2e19924d842fc8e306cd6c8dc0137e1d2d7db7f9893f66a4d9cec572d308c7afc5c53bea8996333737b667f6dc7f5d52b607c944215853fe7b162586292d93cc18a5eee97c00db25fa518a9fbc067e2e7c7174d0ccd2dd28c6109325d12d61ef513c9fa0780a15afa8baa3e2addb01eb85d076da8f2e93a7a9e13ede492335d2344be59c90585fc611c8d538a17a84ae509ae22c64822e4182a1e4df1ecd4be8cb50089bb64dd1e270941afc772e4a4884f096e43b1a97c9dacab5c68d7394f44bbada41b2d02a9a92d8295e5b91c30a823687b84f483639262784fccf2826a09259afe920dde5e1b8563729787ca975a7ec131ec7aff896b12840eabaff32a0e026f246622bc470f1b17b3dcddcd79bba9a345465dcdda0c666535f8019bca1e07bd947825b74b67ad20f4a2145b2f1ae300a551c4a040cc29a83f91f6e07be388a91d6f74ac66d9871099197ff99b3e5bd3d1203ec828029a3af378cf3793ba812013d2647112824e8dfc5ce0fffca5abe1a22b23fc913ab937916676684ef505d3a3ccbe7302fda50a31881d0e338abcb1bf802deef69e3af18a22750a96eb8a06ca851ba2783034ed37a0a399398862e4cf3dea19e3b2f3a81cb86ca4d6323b5641bd16094ec8aa663632d39c824ea9177aaec9ce13b32c5e3833c68cfa645f4bcd8b12cb34bdbef0e7f98185dd255c78681234c226a11e82f34854cbd8564a298a169d7fa85a8b34a8370dcccdc84ab4e5e57caf6c022c50e2782cec9f0353c980310ffa6737e0e50cf2e2a30ca1d128b1fd03a3f8d4be17cb7dd4334615b004fa552048536e2728f1662d29a157dc20fca5d3f1b81564a614702a5cbc7cd87fab131dcdf894d86316f5afb10a6a9500b9a7c9cebfae6ea5bb2de85afc59f96a893c8f56700ca038a5595b4c93ae719a16b951fd5ab360fd6cc3615acfbee8ab48808edf4d9bb6e3ec4b89daf15e03d813984fdf44136f5c32d3f9688b5ce266cc7000d76650eddb974ac86531bfc60d03e07f34c6302f4180e94fdc10910313821116aef6e35edc0be2d3ce3f129325e534ccf052e930e3ce4a662df8532760b86c3bbf191c5405e79d80715d108876eed013e726599a85c2369b955c95c26bcf4d75b4738dcab02fb1fe744cad323bcfbbbedb61be7e3731af52486b8ec4d7e1f07555aab365f335d4a0595837a4c701861f611a01d32c1782f13ea31866201dc609e0f8da5efa0d5c18907acf11282a79de5f15366ccf6347cf881874df5a9ebc4edccf239ab5dfca9c39d7301c578f098b66b8d7e2c3f917ebbdfd982a91b9cc8748b6e1e8d5aa5cbb831c94727f17aa7709c5707c6736c22a4873673b2df5890f4c707fcda6ee984a62b78162b60a982e73da64f6f70c2067d699bb7b78cd840d6d2a646a20cca2e15973fc1b0ade082db82726174b13ac856d07c87477f5231ee6d404ddd80086b60ab257b1ef6ea699120de1c6ba3c19711cf3abb99ff09d99e1fbda86f8bdf6fd478fc0f40d395a6040e8304bba97293383527209aba4e2d4810203dc002b79041d20c2d9ee62f88df4fd043e9a9c6de26c26218258ade603cfce1d2e230e90aededea76c2fa14ed504482fba4306003ebb9d1ba03ad9277c8257e9f5849ae01c03cf2e25e455f4dd962f3e4ac3a645f8c5db2e0c3d5434dd7c1ecd3b88d76a4148797a70a93ccdea55404bb94beca02b6d8e862a7338be7446c874df222264ab8444cd60a5b7311866bd7d1f064c47f496f565f2fdcdc4ea2cce8dc4f463cf81c1a657a427c14d12edbac51b4e0d182bbc4bd2fff31d76ba1be701607e955c2347fc541bd163440263fa43610facfaef426795be7e606f7e0062fabc5e04057fa2dbb9b9bd806fd15f122a1b06e20cd20dd893d3771f50085624470c579c6bf77395e597efe070d2426a32e6ab4a91a6fd704823925a9db7a610520a26371cde3f7caf977028c0ce2a2868a2f05aa9250b73a0123b7d1603489112dfe9f505758a68d05770f69803de40d6202633ec288891930507d4ca49874a94328097479f50fd7ff60dc37396f77ef2f9530ac9a8e560df9a8e7046aee32f9f45c7a70430863ca0af55ec171e897c3443426af2ecc4f92427ff62050de8895732ffd0e881ccc712bd8207582aa204b051bd0c4f8c7f5ad0e85ef34895c8cea29bc6aac99b4851bd51169e957f7f8c63699741c0a497af3782105b739173e2c7ea4fa7f65ca6c3ca4cc8168ee3596459f2c97e6cdc195e573286418ddcfbc47c4be8a9c466460af39db27f4d082f7d3b92200422d8fe3b0a5d8c12fe56a646470be732019c595422389238f3b0c488d70c4740a838d1eb364e870ec2a2c904af615fe757f0b5cb68ae4c96dd57ec79ddcd76122888c7fc717cfb52e51905e11dd64c9f3709494a6a8167ff62be468c882fceed7ab4c5727fd8a4f4c7426414ac1508e3b9a7868ccc0e3bdd454af612e9e24bc8e6c0cea1ddda887c6999767271b8dd2386f6bbf21e087cf33f9c3c26d41ad945c8ad5cfad34f11b6e4d5496f3f3929274d9706f9cb7a252bde9ed61488ee8766b6362acf7b318ad512db47f36b858cfbec45e96410dd394273d94ef002cd36979c8c520cb6c8198c01bbb2e6294d5698002e8270027ef3d3537a97c0dfca5900d580b11809e7bb283a69ef31deb9287c276ad55357dcc0d1156250e9a856b7e1214304ee12a08b01b7f313bf4535114cbf4a148ba4f4cef7df21b4f420b6436cb965c9489fdfce9c9e337b3386356ae20a9b1ead94605c6b0e288338c8c821dd45347a916efcdc05b609cf9897af66ebcbb9317409f00164c2f16bcdb79c70b109c41a279f088b51e08edc09f2d3d8503d70289ff84ed0218047da4c9397ecc94b0e874ff726dc473dc6e6d15855b220e419aadcf1e113844cdc533b699343f2d033f7e59359ea6bd9c1cd755950968c973c73ca7ed11da2f49b577c37aeef7ee7b03f0d8c103f3f4f5b62a623029e1e18685365c938cf71b7a3bf6238e659a5257f88525960723c691c49395ca674229c1dd16f6a208550a7b9f5539a75fae921bf1a0cd568373362884517d3f8feae3ec807cf3bdbb727e510586cb20eb47d28d9a86bbd2a365cd3dae63140085f08d3006fbce6515f1ba4ceb1b6c6a63a8dba09d7290a21735ac1cb6fca43affa227a9e899dc90035d0b57b91a6a5deef0f239da468c391fec3078cf61a2e1783c7a2bf9083d6eb9e69a8cd07bad769e600d9056d9a1bf4a0b63a8628f723df3624d39559f2d15f253e0584536f0127422cd4aa8b29b595d6dbc7b1f1ff517277fd9a57c0c4f4cf362fb5d0d4b758a4187c4c66de50a5074e863c6a0ec83514d17674a3a35d1609047edc8c8237c0fc4767cc756327b4daeeb4470113fe9c610ea73c2b7953cc7e8c50da4030d228e40c2b59c6ed4da0f4f6982befad61d92670e72f0a642aea0faaab0db17947e50a8f9a3b90d4be975467b8e297f781ba08a6b5abab49abeab0fe89d76a9bc6fb99093488841879a3a17a998594ff8f70ef2261f78f5c2e05cbf288bd12b41721fb911c667e8d9c3d6202edc4c83bd6dcb72baf593828495c9288dde5bc8017d072833d2d6b073062a4873c9d24018eef414bf09cf8b301fb775fc5debebef1c044bd7c594e26c8efad64dc48d51dea1e67120ee6061e951ab6fa98cd327ea89cc22380c2b57e5fcc802117be91d9c68b30f556ed7405d69e7529cece16b7a26022de1d85fcf29a7f00504145c25edb8c731d2b8076525509c75f3b919a3d7d92df54dfda34110dadb7e96611a8b68a22bf70a467cc906c1ebe97ea33836ce410c9a558986e18b03a2a4ffa066f579d498428aecc3434fda20c5ded67a620a4f76c70bca5525af3829929f121537be89a056ad94421119c32973dff55110229880f1fa9cfe46e4dc877f589e7fe1c35eee49034548802a4e67392ee5bb8cbedc11f307a573e9c28ee82c2c02c0b4edac83429ce06f97321bd236ed221904d8902a0bb67381be2ebf0c82514729a4dc6bb7de07636ac8b6ee22618790224c34dadbf208ac63f5338544a6ae9ca2c6354f60eda829746b2b2dfefc3faa93256c599325f02cfa0f2d50ca007eadfa226ed829a8eef09ddee369bf905dce4e69f36e5600e2e3b3cbc0a451d35736c45d355424ca2f9e13f1afc3bcc2fba3ea92b8789a7189a90ebf51e66b6aa78e51c0d2070a0969077bbebf8ae88ca2198adc7a8d7f2cddb799b166c3fa8947790c11d1101ddc1c07551084e453c874242e80c068b490f939eb9e55fb92ce51ddfae6b7ff69eeff68b46e0ffd2ad8e97711cc5c65391e95a296403db5716cc8ffc5c46c10bde4ab8578bc69656a2278915f78f334565aafd31d8cdb6a97f2952cb1342e393af5879f4bdd06ed5d4ca74aef65fbea5da1e1f435eb73247839bf9d2a786eee6543cf27b62cec70f5d0a972a050b2212e8cf1f40149f00d9a7de715f867a2be28451c715de86f8f4a1babde5786f596b2b37511389a0a3b4fac685fdfca5300facec3f24922931101cbcab9c3b13ea0de4acc4d7ffc516eed650220a80eeeee664338bb7bc6c6b70bcc072d721ada85ded3276e45696200abb35810afebf705e61158c4c1d03e3fdacc7520e7af5a07ee5ed8a66cee97667f677b1923cef7c5e289393bc47bd745557224ce4fe0a0d79250603a5587b14fd75baeb84d9c3e66b4bfd5a17ceb75ecfd9b0f6811eb0c1a9a5e3b5919badd832893a64886b09915dce75c9a701bd3b0472f61edbb2125f188194e9ae4846d313bb475d630aae2bac66fa4e9a9a9d545b35065dbafeb3d4c8af8965c1825c42e8cd8079694c9559ab14888b86783082ecc96f04ef79de53a6a54d5f3e4b8a1166d6c7d337e79ceb07b01aca3ee16b7dc0dc5e71f3ee844030e7fcd8008f0af9e867440b89b1a405b200", "604588204666032baa92780c78a6a014fe0e2f42ecdc3b53d38c31190f971a68a934a5d16c9050c90928490032203497e2d037ec20decfca80ca254296b0b55abdc4782376c2247fb165242bffcf0868f11f7aad0fb67ebf9050299dc89652994c819ad9382777f52d3bf707635140b79e30b19e6b66580799eaf214bacb7c4d957194db6d6114838c607668ea8fd6cc473108fd0878202f8e481881a153b97a29d002bc96c123b39e76f46a27c503ba00bfbeb21367e0f18718b3e410569570f87fdbbe5612ba63542fd901151b3a17325c7103ff1e411d0eba5fe5314b76c997a6420ec6382eb6920c1177770317d9f5b6c8bfb9b258c13fbafde14bc81201e323a2f2c807a758aa898a4be4242f80cf8b280c720d7ce1b1a3871ac7368b188458795a7a3df0baf477412cdf9595160eda4452bdacb5e2f23a3866bddebd6faaccdd1c99e4b6ce9096b9fb92b8bb3649acaadc57017ae1eb1dd5e0eb71a729169a7d67e0869bd456b15ae4d24aa15159bddffceec57494f91038a3ceb560bbac3fae978bf5cc27f10f52e98b6b5db83d11cfbd6e011d5b4001b6cd8b3773d4d755ab2e040b1e78aaa3458d3b8dd7933d0f3c4ebaf0d8f26bfc45ce1b1e46216ac1696395c9f87c9e5f4b3c1f74de00798addaa331fbabb2090334bf734f7ed299175f398e8cd8a63e2cd1b2d8fae8077c253a80914d3c953e767477dd5be168cca7e77481e73db1e81a2ca62c4315f963dceb77b548e1f882c7554bbe814a95e2332cd59d14bc76cc3095ee29a6d73b5b8ff9245d219ca8fe7534b7110055df87957042f1b1da8d1777b694eb9b7bdffb5c5c583ddef3f7f349c6ccb8c0d1c7bd1cdf0435b2d247464294d878b86a53845dd6a441cda6f6188ca6a7cedb24b86ff8e4c8d3f8e7dbd42116bc3034d428be42bce755ac04cf21652e89a41c61b7db535467f9380cfc0652cb69d93a065f45103bbe582cbaec9d3400d248e272314d8e9747631e6062d6204a91f5bd5e5521b60d4c9eed09266917405089bc274720e654a0c47a3471c97f81edbce013f1f318e7d6cb8175cd27b636f6ee709d751797fe96a2cc8713f47528f0d818fbed64b7d92df2910fbf3d166b221f7352adf72fc24ca35b7e24e622e8b70f6ff4605d02631eb9bee5a82cba93ba958630519f7c7c6cb7489acd6a05eca4e89eafa13c13910b787dc5c62cf59c73160ba9be1a2a78ecd2a369ac90a808191fb0ddca8a3dd3ffdbf3cdec7fb7ef08313a40bfeb2a057a834e1cee6a3b4aa001203c025ca514bf8422281b8f6a8ce498073f70f6801c5b32c2850e3ab11e5a155770fc827928d47fa746bec9645172844bdb6ff71b9e3418157215f24b81357c5df80e0f4d4d73aeac6df166506d35f8016822400b2ebca9616c2a2b97bff716653ff8542cbd44b29a3e448d36483554fa2d894ca6092898a31c1ff17099efd467a46e78dc739d9421f336e85166dad53a3f98040af135cd7a5af5a3e0e8527fff8aeb5bc1c304484f1d87282ae26bf67e429d77bc4bf1ab925513c50e7d7ca57d9dac76da0d0da9e3ddc933ee8dc9f0da076c59239822f2a63fadd059abb8b63c050d8af5922e25b4abec73f5e3b69a5a46bffda7136104987a9a2d159618af18659c4fe45e529c1ff71b539ee26bb056ffc3a7dcf806615eaf3f8335ff787013e72acd52e85a3a36ba8857f18dd71af72f3e19517d6e8741ee8d015e3cca3afeaf6fbdddcfe001bf0b8a92a8f34000a11657f6f416217c967832228d1c9d6acc2a16750cf28468be208d8f4a115413782d0b5bb884b68ccf9634974890117f5b5972a978545155439fa9440252e2d246a8f1ed0023e6bbf484d96722f35c88339f515e01479012c6a0c41ce431720ea736bbd1b072877e7cc0d6f6ba089f4c0a7035b66f830773115f8cda0bf56bed32e2a5446560afda30f7d24e5cef55d2ecb77c1422518ab402556cc43b7bbb3c08e9fc3d4d423589a3d9820f5cace3269ebaa3c260c5dd2ffa40a74c81202baeef6a0508bc41059b26dd61114043db0a50082bd738e860842724cc352fb9157419c1f155463fbb0d9d415962553e6e44e0667df47bbe8a89b348433e1e9d65b5ed58f4604cb3630d1ba39a4394a1f7acbf61b4a49a3d10a681582546edbc5b3ead9436bb8474af84849d045dc37e5f98f8cb246d5abb509e37bc6c66c76991f4d547df40ca54b83f3a83d28319e5fb39c458eb5df055df5c7ccde0f17ee0cc5bcceb47e74e9f9ae88ef52521bcb14e1d4eff5d997993ccebbf881bba9f2140fd73fbd9c391a15b81c80304d1cd77d033b527b4900284cb7715581f051f08094dac8dfbbac6f435be00418a84973b01bce1c8a361693c32500e62616f751e05a5c23d75993c8be0df15b9fae978f0114faf1a34a501cc515f6f6beb16b3d4f525d0d86f4179274cf6e774656fa97057411416a4e7dea8cf508f5e55f1dcef6b83db0915966a17fe7ed815d4532539f104a849095b60006b40051204f8f2d4353d9c27e1c89bc50a738eeb826c0176045ccc74bf2ddac29e0101e314564c508fbdd5b306130cba792e5e27be2b62420c4ae815487057225bac555bf0690b5c18884661c3a78816daec4f01269f120c70067d20fec00459fb536d4571e4b7e15896ad606eb8e2ec3d453000dd6f4a3875535056ce106c838e5ba5aebef966a6df032701bff82f53d2dcbea57ad5a5e314bd7f2e8c92f172d5e62087c007457e31bbb58104ade1aee291e305d582bef1f811ab2e1ab88be1d0464fc5842be14b4e6e2ef4fd216c7de083a0ea1fed7c109920918c14783b65649a392cfe19492b8fb3fe073d43a2726b30165c8e40328fdda10b30865b3148735359638be7942865a63c1dcf1964e6b19c0b8a9d2a50a349e9264f6ca664675a0ca7ff743e8b426b457984aa95601453b781c197343c669155dcb8d807e993dc859533ca3f674fefaf951af2f8c7f9fb066de4a8bd6c347458145b7d3b1daab3ec8334b3de7fe061934563178a4161d1cdc964338a74f1ac77a4c8ec2d4a9b2fa7987514c2c8ef7831d8ef61d0a36c026fa04e0eb05f9aaf96f9c6624ee1e8c705cb329c5b54eb55b97cc8938b70bb131a7e41ae8a921a0ec074a40fff6c0d84e1ac59d763a859449751a3c17ef395e384ffa637e4f5dbbfff3ee5756e45be9d36db6c612364dbc3a195445ad8717c9178a67fd4d2799287bbf36e483a0659d99fd480e14e3664aac72a0b41d5fa4b8d185525b4eb56f0038c5a1112e4ea4d56031522d78401c518b9829696adca7b0c41eb50bec4bde9a85d2268f02e707939ea1199c0061c424af48b06a9eca0329d37e5a59f0a348954e89279503094efdbc3a222ff1c4c47c6d0698a6fca079259d1b755c2b4d05304c7df95e2c5600467e4ca73dd61d89cbfc7e9e6d527156fe3affebac0b11824dfe13d24f7ea27052fa9f7b728eb0f50c14ea8f63678cc12e7870a152defc8aa6d4a716e113a38e119cc0d6a7ee3caa2f76e1aad29534fc2cba55e2fe8330947084dfdf882c4960545dbb4538904a39b568595220a72ed644b30385e425743fcabdaf70376169e02714f5a455266b58f780a6af55659e52464822bc661378dfbf8d6a86549b004ef38ae84d306388c311ff0f87aaa43867651ce3e8a9771cd3eb321f2be265aabd1b84fe45dcbeeeb1a67f89fa69d1c8277112efa80ba7ab5f9f356351151eb252395f69b718d3332aa2f91066182b527468bd74e3f4d4fcf9620ed2fc630c43151af01d13b844df74ba88e4c8a3b52e9b3cbe9b661b819c879f28c80b1fececae1f578d3b8ea37f107d474fc202dbfd4221b8d8e9074852f83b8d59a263154137fff7acbbdf39dc03a3db2bd88f8629c0aaed33040e4e3e5671a9c36f6da73ee7f6a541a62f2b1128178d12d5fd92620a864f629b313d8af4322405bf760fc5ba46a1662c4b99742a9a628939a8ef6c1b12cff8108dfe480b44fecbe6ae4b2576a1610ebf32a0980c2834a8a79e44d45e8743854bcc7fc143c305ee67dd8fff213bd3d3aafbdfc4d90e048765d96a7c74d4a6ebfb930358172c65b56e7d0a3665c06f5bfdbdee0ef60b11d5186e75c36a23beb1c505cd423462689a219467cf28d49a10a25c35f04e84fb383b6740b4f4d938a5280004227af98cae74cb8abdc13aded838667c45c136e8d932a9eaf016829eb2e72b32ec145e076fe4c60b29fafe5bdb08dbcb0cce664126009f038f67d51a6c09e62d3f0d4f21d48a05e587703ff79571da2bd80953ef4830c2defe3d21f591eeb140ad5f262a6062549f02b40426cbd529e23396091db4692602d0f433b643b90a48241afe42786b4d4c7d7eb7d3a5a0fec9a9788225a99e7be3485230f6440c4363350990081430d3e8a429bc4289bedb16b976ac1c570f0e0b6543d43e59b7cf701e8f96bd75bec6434ba489ca4b4122fe5b4f97d2140ad31c5c7caee32bc11035cecd83769829b36fc4b6f50c0ce2298d91543371f045c5ccce3544b882b9197908dc80a4271ba111fdd078d77e81e7efb5c8f98387184593b12ed42987e3df11dbe4f69a39ee515c3c2975ec56caba5f5c8f0e6f6d8710198092b8733fd0dcd7c56fdd383e8a0de218aa57f22e244ec6a1f99534e9783f3381c32fda5db0f277b377311bfb681dae8d1e95af31209231502aa776ed623e51e1236ddd0fd21d7bda6f2363bf177f6839cfebe07222f2e74bc7f52a1a07f1760c276cebd7b4ee3d201a2245951645bacb3ef8719d7338558b4c96a3de11c236f22b791fddbafb660beb9bb1dccd1ed4c6abe53b6aa551439ab9f120f71ead325e5d7381dad83f6a0a9f4d62b9c356f992fedebca25e61a942f7022b1d366e88ce4bfa7b57d862ead1545922d9cdd4c5ee090818627e98de5316e1070901861d86d17664d311853f06e12eaef105227bf8729e2f2744d2ee08e7f6cbb2a86414c760e727b15c98fd93bef7a89001eee041542cc8159c05cd25496b1674a5cac1d6f2e2fc1b2f2971419b8543a8b402fcf4bca10712c32d3738e9600a4ea5520dc510bc47965c527e46af31165bb46e684cdf7f48e5ea9e2a4a40b14a635e1a0ecf0eea57e9594f32f59be8cab420ed78e74b1f015cb2dfc746730a6b7657f544f8ed3489604fb3e5b5b277f70532b1c4ebf75144f4079c2ffc15094f1b02d0eec8fa6228f474ed755e99fb6a8b446a2bb016301922d9a2e9e28cc5f60135a79e4cc2f522c9e6c196b2d300175cf11e12b28a8d843933ef1b617d71b131e8d93a09c34762d031eeb76ee9d456c6cf44d1c10f9bc1a5f510e08f9db443b8c5217ff8a755caf03879a0bc8c5e8ef5651728cbbd6cf40adaea2a51c630e8ed56cebc15860caf822f150ea9a6ed933115b7c7914fca617e031ede393a1e0c5ced48b42bc9e628ebf2d5091c2f8499f99f018e363afc121251bbae0e541e9e9e6bcdeefa0453be18c2c263992778efd4704033b92601187c3720f02b8ad0d243f3536e3c17267cb24f29923f778f05d3930683628d9c65a9f28003105c28655a438492e858d561161282779f1f78c8679a6b0abeb3dad54ae75c393d54c316717cbb76531c0108cd1016c20305d25a0d46f072dd44349295013b4de34977de291e28113e2baa6b3f3599fb06fd2f4d7f50bca0e5eefeb207227589705f0acc747401a32f3490769ae5601a80dc006e070fbfb37dd663f82852e1bc98bfb87cc463eee573c538c4cc6cc5bb00"}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 2m11.639385893s ago: executing program 1 (id=604): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@metacopy_on}]}) r0 = open(&(0x7f0000000040)='./file0\x00', 0x400, 0x43) mknodat$loop(r0, &(0x7f0000000200)='./file0\x00', 0x40, 0x1) chdir(&(0x7f00000003c0)='./bus\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000540)='./file7\x00', 0x1c0) renameat2(0xffffffffffffff9c, &(0x7f0000000780)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file7/file0\x00', 0x1) 2m11.393527312s ago: executing program 1 (id=606): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) recvmmsg(r0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_int(r0, 0x0, 0x14, &(0x7f0000000000)=0x6, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800"/16], 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000240)) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48) socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="100000002d000b02d25a806f8c6394f9101a04", 0x13}], 0x1}, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x10) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfe33) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = socket(0x400000000010, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x1c, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x0, {}, [@NHA_BLACKHOLE={0x4}]}, 0x1c}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@newnexthop={0x24, 0x68, 0x1, 0x2, 0x7ffffffc, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x4}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0xfffffffffffffda3, &(0x7f0000000180)={&(0x7f0000000200)=@delnexthop={0x20, 0x69, 0xb, 0x0, 0x0, {}, [{0x8, 0x1, 0x1}]}, 0x20}}, 0x4000000) 2m6.575598683s ago: executing program 1 (id=615): mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x1c, &(0x7f0000000000)='//sys\x00\x00\x00\x00\x00\x00\x80\x004\x00\x00s/\x92ync_\x93\x96\xff\x92\xaf\x00Se\xf44.\x00'/49}, 0x30) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) unshare(0x48020200) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x200000000000, &(0x7f0000000200)='./file0\x00', 0x0, 0x206002, 0x0) 2m3.510643434s ago: executing program 1 (id=642): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r0}, 0x18) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000140)={0x28, 0x0, 0x0, @my=0x1}, 0x10) 1m48.34533651s ago: executing program 33 (id=642): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r0}, 0x18) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000140)={0x28, 0x0, 0x0, @my=0x1}, 0x10) 1m24.202570635s ago: executing program 5 (id=834): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f0000004380)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x24}}, 0x0) 1m24.025535263s ago: executing program 5 (id=835): r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0x9}]}, &(0x7f00000002c0)=0x10) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000300)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f0000000000)={r2, 0xb, 0x8}, 0x8) 1m23.060642026s ago: executing program 5 (id=837): io_uring_setup(0x1d48, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r1 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000800007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x26, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$TOKEN_CREATE(0x24, &(0x7f0000000040)={0x0, r4}, 0x8) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYRES16=r0, @ANYRES64=r2, @ANYRESDEC=r4], &(0x7f0000000300)='GPL\x00', 0x909, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) ioctl$USBDEVFS_IOCTL(r1, 0xc0105512, &(0x7f0000000200)) r6 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(r6, 0x8918, &(0x7f0000000240)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x30}) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004"], 0x48) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r7, @ANYBLOB="0000000000000000b703000000030000850000001b000000b7"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000480)='kfree\x00', r8, 0x0, 0x7}, 0x18) socket$inet_sctp(0x2, 0x5, 0x84) ioctl$USBDEVFS_IOCTL(r1, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect) 1m21.914323096s ago: executing program 5 (id=846): r0 = syz_clone(0x2000, 0x0, 0x0, 0x0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000280)={0x1, &(0x7f00000002c0)=[{0x6, 0x7, 0x0, 0x7fff0006}]}) sched_getattr(r0, 0x0, 0x0, 0x0) 1m21.567313769s ago: executing program 5 (id=847): ioctl$int_in(0xffffffffffffffff, 0x5452, 0x0) timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x6093, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r4, 0x0, r2, 0x0, 0xf3a, 0x0) tee(r1, r5, 0xf3a, 0x4) mknodat(0xffffffffffffff9c, 0x0, 0x11c0, 0x1) write$binfmt_elf64(r3, &(0x7f0000000380)=ANY=[], 0x18c6) 1m20.967949659s ago: executing program 5 (id=850): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f0000000140)={0x0, &(0x7f00000001c0)=[@cpuid={0x14, 0x18, {0x40b, 0xde}}], 0x18}) ioctl$KVM_SET_CPUID2(r3, 0x4008ae90, &(0x7f0000000000)=ANY=[]) ioctl$KVM_RUN(r3, 0xae80, 0x0) 1m15.5937582s ago: executing program 2 (id=859): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1m14.542073893s ago: executing program 2 (id=862): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB="1800000000030000000000000000000095"], &(0x7f0000001700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='kmem_cache_free\x00', r0}, 0x18) r1 = socket$inet_sctp(0x2, 0x5, 0x84) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) r3 = dup(r2) sendmsg$inet6(r2, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043) r4 = dup(r2) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000000)='bond_slave_1\x00', 0x10) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e22, @empty}}, 0x8003, 0xbffc, 0xe652, 0x2, 0x4, 0x8, 0xff}, 0x9c) write$binfmt_elf64(r3, &(0x7f0000000b40)={{0x7f, 0x45, 0x4c, 0x46, 0xe, 0x7, 0x0, 0x3, 0x5, 0x2, 0x3d, 0x46d, 0x29, 0x40, 0x150, 0x87e, 0x5, 0x38, 0x1, 0x0, 0xa076, 0x1}, [{0x70000000, 0x7, 0x7, 0x910, 0x3, 0x3, 0x4, 0x3}]}, 0x78) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000a40)={0x0, @in6={{0xa, 0x4e24, 0x5, @loopback, 0x1}}, 0x4, 0x1, 0xf06, 0x0, 0xac, 0x7d, 0x5}, 0x9c) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, 0x0, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000140)=@newtaction={0x14, 0x30, 0x1, 0x70bd2b, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x2000c800}, 0x2400c800) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e60, 0xfffffff2, @empty, 0x3}}, 0x1000000, 0x31, 0xffff1896, 0x3, 0x6, 0x8, 0x1b}, 0x9c) close_range(r1, 0xffffffffffffffff, 0x0) 1m10.611399587s ago: executing program 2 (id=868): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x2082) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000340)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x10, 0x7ffc1ffb}]}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$SG_IO(r1, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffe, 0x6, 0x0, @buffer={0x2, 0x41001, &(0x7f00000000c0)=""/81}, &(0x7f0000000380)="259374c96ee3", 0x0, 0x300, 0x0, 0x0, 0x0}) 1m10.600681216s ago: executing program 6 (id=869): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xa, 0x4, 0xdd, 0xa}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa20000000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000088fe508a8500000004000000850000000500000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x3, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 1m8.208236654s ago: executing program 2 (id=870): io_uring_setup(0x1d48, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r1 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000800007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x26, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$TOKEN_CREATE(0x24, &(0x7f0000000040)={0x0, r5}, 0x8) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYRES16=r0, @ANYRES64=r2, @ANYRESDEC=r5], &(0x7f0000000300)='GPL\x00', 0x909, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10) ioctl$USBDEVFS_IOCTL(r1, 0xc0105512, &(0x7f0000000200)) r7 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(r7, 0x8918, &(0x7f0000000240)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x30}) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0700000004"], 0x48) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r8, @ANYBLOB="0000000000000000b703000000030000850000001b000000b7"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000480)='kfree\x00', r9, 0x0, 0x7}, 0x18) socket$inet_sctp(0x2, 0x5, 0x84) ioctl$USBDEVFS_IOCTL(r1, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect) 1m7.391564221s ago: executing program 6 (id=871): mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0xffffffff) r0 = open$dir(&(0x7f0000000180)='./file0\x00', 0x7e, 0x0) readv(r0, &(0x7f0000000780)=[{&(0x7f0000000200)=""/240, 0xf0}], 0x1) vmsplice(r0, 0x0, 0x0, 0x6) 1m4.163412632s ago: executing program 34 (id=850): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f0000000140)={0x0, &(0x7f00000001c0)=[@cpuid={0x14, 0x18, {0x40b, 0xde}}], 0x18}) ioctl$KVM_SET_CPUID2(r3, 0x4008ae90, &(0x7f0000000000)=ANY=[]) ioctl$KVM_RUN(r3, 0xae80, 0x0) 1m4.12305388s ago: executing program 2 (id=875): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000940)) write$RDMA_USER_CM_CMD_BIND_IP(r2, &(0x7f0000000500)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e21, 0x9, @mcast2, 0x2}}}, 0x30) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000980), 0xfdef) timer_settime(r1, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) read$FUSE(r3, &(0x7f0000000980)={0x2020}, 0x2020) 1m3.335389191s ago: executing program 6 (id=877): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f000000850000000500000095"], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x94) close(r1) 1m3.046644025s ago: executing program 2 (id=879): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000004c0)=ANY=[@ANYBLOB="01000000000000007000004000000000060000000000b2"]) 1m1.378420825s ago: executing program 6 (id=880): mremap(&(0x7f0000000000/0x9000)=nil, 0x600a00, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil) waitid(0x0, 0x0, &(0x7f0000000440), 0x41000004, 0x0) 1m1.13649499s ago: executing program 4 (id=882): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) shutdown(r0, 0x1) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff274140000"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0xf, @loopback, 0x5}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0xfffffff1, @empty, 0x2}, 0x1c) 1m0.807727292s ago: executing program 6 (id=883): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="6c0000001000ffff28bd7000f8dbdf250000395c", @ANYRES32=0x0, @ANYBLOB="0000000002000000440012800b000100697036746e6c000034000280140002002001000000000000000000000000000014000300ff0200000000000000000000000000010500090004000000080004"], 0x6c}, 0x1, 0x0, 0x0, 0x24004845}, 0x40014) 1m0.16764046s ago: executing program 6 (id=884): r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000040)={0x3, 0x2, 0x3000, 0x1000, &(0x7f0000feb000/0x1000)=nil}) io_setup(0x2, &(0x7f0000000000)=0x0) syz_clone3(&(0x7f0000000080)={0x21840000, &(0x7f0000000040)=0xffffffffffffffff, 0x0, 0x0, {0x27}, 0x0, 0x0, 0x0, 0x0}, 0x58) io_submit(r1, 0x1, &(0x7f0000001300)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x6, r2, 0x0}]) sendmsg$inet6(r0, &(0x7f00000000c0)={&(0x7f0000000180)={0xa, 0x4e21, 0x4080000, @dev={0xfe, 0x80, '\x00', 0x1a}}, 0x1c, 0x0}, 0x40c0) 58.253880553s ago: executing program 4 (id=887): socket(0x840000000002, 0x3, 0xff) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) close(0x3) 53.662281778s ago: executing program 4 (id=890): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=ANY=[@ANYBLOB='8\x00\x00', @ANYRES16=r1, @ANYBLOB="010028bd7000ffdbdf2514000000080001000100000008001c00", @ANYRES32, @ANYBLOB="08000100020000000c0006"], 0x38}, 0x1, 0x0, 0x0, 0x20000840}, 0x4000000) 53.661938444s ago: executing program 4 (id=891): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x220) openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x40000, 0x120) unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200) openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x888000, 0x0) 52.692304864s ago: executing program 4 (id=892): r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x8000, 0x1f7) r2 = fanotify_init(0x200, 0x0) fanotify_mark(r2, 0x201, 0x4800003e, r1, 0x0) write$binfmt_elf64(r0, &(0x7f0000000180)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3, 0x3e, 0xffffffeb, 0x7c, 0x40, 0x0, 0x0, 0x9, 0x38, 0x1, 0xfffe, 0x2, 0x5}, [{0x3, 0xf97, 0x4, 0xd, 0x0, 0xe5, 0x1, 0x3}]}, 0x78) close(r0) execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x1000) 49.162752461s ago: executing program 4 (id=894): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x2, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x10}, 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000200)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) socket$netlink(0x10, 0x3, 0x0) 47.191265264s ago: executing program 35 (id=879): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000004c0)=ANY=[@ANYBLOB="01000000000000007000004000000000060000000000b2"]) 43.962838006s ago: executing program 36 (id=884): r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000040)={0x3, 0x2, 0x3000, 0x1000, &(0x7f0000feb000/0x1000)=nil}) io_setup(0x2, &(0x7f0000000000)=0x0) syz_clone3(&(0x7f0000000080)={0x21840000, &(0x7f0000000040)=0xffffffffffffffff, 0x0, 0x0, {0x27}, 0x0, 0x0, 0x0, 0x0}, 0x58) io_submit(r1, 0x1, &(0x7f0000001300)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x6, r2, 0x0}]) sendmsg$inet6(r0, &(0x7f00000000c0)={&(0x7f0000000180)={0xa, 0x4e21, 0x4080000, @dev={0xfe, 0x80, '\x00', 0x1a}}, 0x1c, 0x0}, 0x40c0) 43.190437181s ago: executing program 0 (id=898): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e0000000018ef02800c0002001c0000001f000000060001000000000008000500", @ANYRES32, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r0, @ANYBLOB="0a000100000070"], 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x48010) 40.630165159s ago: executing program 0 (id=899): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000001b00)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) 33.633520692s ago: executing program 37 (id=894): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x2, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x10}, 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000200)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) socket$netlink(0x10, 0x3, 0x0) 30.337577822s ago: executing program 0 (id=901): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) recvmmsg(r0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_int(r0, 0x0, 0x14, &(0x7f0000000000)=0x6, 0x4) r1 = socket$kcm(0x2d, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000"], 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x89e2, &(0x7f0000000240)={r1}) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48) socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="100000002d000b02d25a806f8c6394f9101a04", 0x13}], 0x1}, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x10) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfe33) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = socket(0x400000000010, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x1c, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x0, {}, [@NHA_BLACKHOLE={0x4}]}, 0x1c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@newnexthop={0x24, 0x68, 0x1, 0x2, 0x7ffffffc, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x4}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0xfffffffffffffda3, &(0x7f0000000180)={&(0x7f0000000200)=@delnexthop={0x20, 0x69, 0xb, 0x0, 0x0, {}, [{0x8, 0x1, 0x1}]}, 0x20}}, 0x4000000) 21.691677114s ago: executing program 0 (id=902): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) shutdown(r0, 0x1) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0xf, @loopback, 0x5}, 0x1c) connect$inet6(r0, 0x0, 0x0) 20.084819498s ago: executing program 0 (id=903): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet6_int(r0, 0x29, 0x4e, &(0x7f0000000040)=0x2, 0x4) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000940), 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000240)=[@in6={0xa, 0x4e22, 0x0, @private0, 0x800}]}, &(0x7f00000003c0)=0x10) 16.941416226s ago: executing program 0 (id=904): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000380)={'pimreg\x00', 0x5005}) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000010024bd7000fc0ddf2500000000", @ANYRES32=0x0, @ANYBLOB="1b0b04000300000008001b"], 0x28}, 0x1, 0x0, 0x0, 0x68010}, 0x0) write$tun(r0, &(0x7f0000001b80)={@void, @val={0x0, 0x4, 0x8, 0xe057, 0x18, 0xc}, @ipv6=@icmpv6={0x6, 0x6, "a44cda", 0x18, 0x3a, 0x0, @dev={0xfe, 0x80, '\x00', 0x12}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, {[], @ndisc_na={0x88, 0x0, 0x0, 0x4f, '\x00', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}}, 0x4a) 0s ago: executing program 38 (id=904): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000380)={'pimreg\x00', 0x5005}) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000010024bd7000fc0ddf2500000000", @ANYRES32=0x0, @ANYBLOB="1b0b04000300000008001b"], 0x28}, 0x1, 0x0, 0x0, 0x68010}, 0x0) write$tun(r0, &(0x7f0000001b80)={@void, @val={0x0, 0x4, 0x8, 0xe057, 0x18, 0xc}, @ipv6=@icmpv6={0x6, 0x6, "a44cda", 0x18, 0x3a, 0x0, @dev={0xfe, 0x80, '\x00', 0x12}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, {[], @ndisc_na={0x88, 0x0, 0x0, 0x4f, '\x00', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}}, 0x4a) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.2' (ED25519) to the list of known hosts. [ 73.074951][ T5789] cgroup: Unknown subsys name 'net' [ 73.336030][ T5789] cgroup: Unknown subsys name 'cpuset' [ 73.402977][ T5789] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 74.988771][ T5789] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 79.178064][ T61] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 79.183466][ T61] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 79.196628][ T5816] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 79.197881][ T61] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 79.198765][ T5816] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 79.204936][ T5816] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 79.205706][ T5816] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 79.206464][ T5816] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 79.207216][ T5816] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 79.209924][ T5816] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 79.210331][ T61] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 79.211132][ T61] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 79.211270][ T5816] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 79.212783][ T61] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 79.214377][ T61] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 79.250880][ T5119] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 79.254627][ T5119] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 79.255398][ T5119] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 79.256496][ T5119] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 79.257238][ T5119] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 79.333229][ T5803] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 79.337579][ T5803] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 79.338395][ T5803] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 79.339667][ T5803] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 79.340475][ T5803] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 80.175428][ T5799] chnl_net:caif_netlink_parms(): no params data found [ 80.233788][ T5801] chnl_net:caif_netlink_parms(): no params data found [ 80.243859][ T5804] chnl_net:caif_netlink_parms(): no params data found [ 80.390586][ T5800] chnl_net:caif_netlink_parms(): no params data found [ 80.638092][ T5806] chnl_net:caif_netlink_parms(): no params data found [ 81.194765][ T5799] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.196082][ T5799] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.196435][ T5799] bridge_slave_0: entered allmulticast mode [ 81.198039][ T5799] bridge_slave_0: entered promiscuous mode [ 81.263490][ T5119] Bluetooth: hci0: command tx timeout [ 81.263943][ T5119] Bluetooth: hci3: command tx timeout [ 81.264041][ T5803] Bluetooth: hci2: command tx timeout [ 81.341657][ T5813] Bluetooth: hci1: command tx timeout [ 81.359564][ T5799] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.359698][ T5799] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.359861][ T5799] bridge_slave_1: entered allmulticast mode [ 81.361317][ T5799] bridge_slave_1: entered promiscuous mode [ 81.364965][ T5801] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.365088][ T5801] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.367502][ T5801] bridge_slave_0: entered allmulticast mode [ 81.370114][ T5801] bridge_slave_0: entered promiscuous mode [ 81.374631][ T5804] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.374753][ T5804] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.374907][ T5804] bridge_slave_0: entered allmulticast mode [ 81.377457][ T5804] bridge_slave_0: entered promiscuous mode [ 81.431859][ T5813] Bluetooth: hci4: command tx timeout [ 81.542198][ T5801] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.542315][ T5801] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.542425][ T5801] bridge_slave_1: entered allmulticast mode [ 81.543943][ T5801] bridge_slave_1: entered promiscuous mode [ 81.544888][ T5804] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.545007][ T5804] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.545128][ T5804] bridge_slave_1: entered allmulticast mode [ 81.546591][ T5804] bridge_slave_1: entered promiscuous mode [ 81.615640][ T31] cfg80211: failed to load regulatory.db [ 81.965168][ T5800] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.965298][ T5800] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.965497][ T5800] bridge_slave_0: entered allmulticast mode [ 81.967550][ T5800] bridge_slave_0: entered promiscuous mode [ 82.045784][ T5799] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.214621][ T5800] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.214748][ T5800] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.214932][ T5800] bridge_slave_1: entered allmulticast mode [ 82.216808][ T5800] bridge_slave_1: entered promiscuous mode [ 82.217726][ T5806] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.217853][ T5806] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.218024][ T5806] bridge_slave_0: entered allmulticast mode [ 82.223829][ T5806] bridge_slave_0: entered promiscuous mode [ 82.230465][ T5799] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.236138][ T5801] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.241203][ T5804] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.542439][ T5806] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.542546][ T5806] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.542675][ T5806] bridge_slave_1: entered allmulticast mode [ 82.544186][ T5806] bridge_slave_1: entered promiscuous mode [ 82.604692][ T5801] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.606813][ T5804] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.934822][ T5800] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.014307][ T5799] team0: Port device team_slave_0 added [ 83.164680][ T5800] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.167444][ T5806] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.170060][ T5799] team0: Port device team_slave_1 added [ 83.172365][ T5801] team0: Port device team_slave_0 added [ 83.175323][ T5804] team0: Port device team_slave_0 added [ 83.254129][ T5806] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.313631][ T5801] team0: Port device team_slave_1 added [ 83.315300][ T5804] team0: Port device team_slave_1 added [ 83.341679][ T5813] Bluetooth: hci2: command tx timeout [ 83.341708][ T5813] Bluetooth: hci3: command tx timeout [ 83.341729][ T5813] Bluetooth: hci0: command tx timeout [ 83.421619][ T5803] Bluetooth: hci1: command tx timeout [ 83.501472][ T5803] Bluetooth: hci4: command tx timeout [ 83.643673][ T5800] team0: Port device team_slave_0 added [ 84.103454][ T5799] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.103466][ T5799] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.103478][ T5799] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.243931][ T5800] team0: Port device team_slave_1 added [ 84.245712][ T5806] team0: Port device team_slave_0 added [ 84.246724][ T5799] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.246736][ T5799] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.246760][ T5799] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.247827][ T5801] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.247836][ T5801] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.247848][ T5801] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.248947][ T5804] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.248958][ T5804] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.248981][ T5804] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.343427][ T5806] team0: Port device team_slave_1 added [ 84.357238][ T5801] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.357253][ T5801] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.357276][ T5801] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.358784][ T5804] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.358796][ T5804] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.358819][ T5804] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.525477][ T5800] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.525490][ T5800] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.525503][ T5800] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.606883][ T5800] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.606894][ T5800] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.606906][ T5800] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.607817][ T5806] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.607825][ T5806] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.607837][ T5806] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.708857][ T5806] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.708870][ T5806] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 84.708883][ T5806] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.976330][ T5799] hsr_slave_0: entered promiscuous mode [ 84.977302][ T5799] hsr_slave_1: entered promiscuous mode [ 85.120273][ T5801] hsr_slave_0: entered promiscuous mode [ 85.121075][ T5801] hsr_slave_1: entered promiscuous mode [ 85.122602][ T5801] debugfs: 'hsr0' already exists in 'hsr' [ 85.122722][ T5801] Cannot create hsr debugfs directory [ 85.133820][ T5804] hsr_slave_0: entered promiscuous mode [ 85.135150][ T5804] hsr_slave_1: entered promiscuous mode [ 85.136086][ T5804] debugfs: 'hsr0' already exists in 'hsr' [ 85.136107][ T5804] Cannot create hsr debugfs directory [ 85.421568][ T5813] Bluetooth: hci3: command tx timeout [ 85.421597][ T5813] Bluetooth: hci2: command tx timeout [ 85.421715][ T5803] Bluetooth: hci0: command tx timeout [ 85.468334][ T5800] hsr_slave_0: entered promiscuous mode [ 85.469110][ T5800] hsr_slave_1: entered promiscuous mode [ 85.469691][ T5800] debugfs: 'hsr0' already exists in 'hsr' [ 85.469708][ T5800] Cannot create hsr debugfs directory [ 85.501722][ T5803] Bluetooth: hci1: command tx timeout [ 85.591926][ T5803] Bluetooth: hci4: command tx timeout [ 85.737942][ T5806] hsr_slave_0: entered promiscuous mode [ 85.738762][ T5806] hsr_slave_1: entered promiscuous mode [ 85.739355][ T5806] debugfs: 'hsr0' already exists in 'hsr' [ 85.739372][ T5806] Cannot create hsr debugfs directory [ 87.162440][ T5799] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 87.219537][ T5799] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 87.237195][ T5799] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 87.287811][ T5799] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 87.383858][ T5801] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 87.409437][ T5801] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 87.448542][ T5801] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 87.478038][ T5801] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 87.501694][ T5803] Bluetooth: hci0: command tx timeout [ 87.501736][ T5803] Bluetooth: hci3: command tx timeout [ 87.501754][ T5119] Bluetooth: hci2: command tx timeout [ 87.581464][ T5119] Bluetooth: hci1: command tx timeout [ 87.589872][ T5804] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 87.639669][ T5804] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 87.657349][ T5804] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 87.661544][ T5119] Bluetooth: hci4: command tx timeout [ 87.713594][ T5804] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 87.843738][ T5800] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 87.885449][ T5800] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 87.928586][ T5800] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 87.964566][ T5800] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 88.065195][ T5799] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.098274][ T5806] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 88.144215][ T5806] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 88.178392][ T5806] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 88.218558][ T5806] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 88.263163][ T5799] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.295395][ T5801] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.298889][ T1504] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.299825][ T1504] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.343020][ T1507] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.343099][ T1507] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.390259][ T5801] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.427609][ T1526] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.427728][ T1526] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.454125][ T5804] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.473383][ T1526] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.473483][ T1526] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.538392][ T5804] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.569547][ T5800] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.575150][ T1507] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.575349][ T1507] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.627082][ T1507] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.627223][ T1507] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.705819][ T5800] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.736248][ T5806] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.766290][ T1507] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.766552][ T1507] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.837683][ T1504] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.837895][ T1504] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.910031][ T5806] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.958007][ T87] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.969231][ T87] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.017665][ T1526] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.017870][ T1526] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.083220][ T5799] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.207613][ T5801] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.392404][ T5799] veth0_vlan: entered promiscuous mode [ 89.434833][ T5799] veth1_vlan: entered promiscuous mode [ 89.457383][ T5804] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.485809][ T5801] veth0_vlan: entered promiscuous mode [ 89.537987][ T5801] veth1_vlan: entered promiscuous mode [ 89.606119][ T5799] veth0_macvtap: entered promiscuous mode [ 89.616719][ T5800] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.656033][ T5799] veth1_macvtap: entered promiscuous mode [ 89.720648][ T5804] veth0_vlan: entered promiscuous mode [ 89.762908][ T5806] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.767677][ T5801] veth0_macvtap: entered promiscuous mode [ 89.794028][ T5799] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.797960][ T5804] veth1_vlan: entered promiscuous mode [ 89.809673][ T5801] veth1_macvtap: entered promiscuous mode [ 89.830296][ T5799] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.869954][ T1526] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.884715][ T1526] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.889257][ T1526] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.900131][ T1526] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.917096][ T5801] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.998577][ T5801] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.082496][ T1526] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.087004][ T161] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.118700][ T5804] veth0_macvtap: entered promiscuous mode [ 90.130388][ T161] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.144958][ T161] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.164661][ T5804] veth1_macvtap: entered promiscuous mode [ 90.174953][ T5806] veth0_vlan: entered promiscuous mode [ 90.316287][ T5806] veth1_vlan: entered promiscuous mode [ 90.359751][ T1526] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.359770][ T1526] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.383111][ T5804] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.428205][ T5804] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.443749][ T5800] veth0_vlan: entered promiscuous mode [ 90.488287][ T1504] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.495488][ T1504] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.497624][ T161] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.497640][ T161] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.503700][ T1504] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.508987][ T5800] veth1_vlan: entered promiscuous mode [ 90.511256][ T1504] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.609436][ T5806] veth0_macvtap: entered promiscuous mode [ 90.677190][ T1526] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.677208][ T1526] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.698513][ T5806] veth1_macvtap: entered promiscuous mode [ 90.796164][ T1504] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.796181][ T1504] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.886624][ T5806] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.902844][ T5800] veth0_macvtap: entered promiscuous mode [ 90.905340][ T5806] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.907098][ T1127] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.907114][ T1127] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.930308][ T5800] veth1_macvtap: entered promiscuous mode [ 90.956748][ T1127] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.985614][ T1127] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.005904][ T1127] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.017366][ T1127] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.030118][ T1127] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.030135][ T1127] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.127962][ T5800] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.272886][ T5800] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.408302][ T1504] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.410026][ T1504] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.449802][ T1504] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.472440][ T1504] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.480352][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.480369][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.809947][ T1507] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.809967][ T1507] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.139592][ T1507] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.139612][ T1507] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.153078][ T5940] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 92.412408][ T1309] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.412426][ T1309] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.651653][ T31] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 92.898656][ T31] usb 4-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65 [ 92.898684][ T31] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 92.898702][ T31] usb 4-1: Product: syz [ 92.898715][ T31] usb 4-1: Manufacturer: syz [ 92.898728][ T31] usb 4-1: SerialNumber: syz [ 93.012215][ T31] usb 4-1: config 0 descriptor?? [ 93.091877][ T44] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 93.284798][ T44] usb 1-1: config 5 has an invalid interface number: 3 but max is 0 [ 93.284878][ T44] usb 1-1: config 5 has no interface number 0 [ 93.314835][ T31] usb 4-1: ignoring: probably an ADSL modem [ 93.316308][ T44] usb 1-1: New USB device found, idVendor=09fb, idProduct=602a, bcdDevice=fd.36 [ 93.316334][ T44] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 93.316353][ T44] usb 1-1: Product: syz [ 93.316366][ T44] usb 1-1: Manufacturer: syz [ 93.316380][ T44] usb 1-1: SerialNumber: syz [ 93.406917][ T44] ftdi_sio 1-1:5.3: FTDI USB Serial Device converter detected [ 93.450348][ T44] ftdi_sio ttyUSB0: unknown device type: 0xfd36 [ 93.643993][ T5945] netlink: 4 bytes leftover after parsing attributes in process `syz.0.13'. [ 93.651693][ T5955] Bluetooth: MGMT ver 1.23 [ 93.659450][ T5945] ip6tnl0: entered promiscuous mode [ 93.659474][ T5945] ip6tnl0: entered allmulticast mode [ 93.680136][ T5945] netlink: 4 bytes leftover after parsing attributes in process `syz.0.13'. [ 93.696475][ T31] cxacru 4-1:0.0: usbatm_usb_probe: bind failed: -19! [ 93.779255][ T44] usb 1-1: USB disconnect, device number 2 [ 93.794526][ T44] ftdi_sio 1-1:5.3: device disconnected [ 93.941580][ T5918] usb 4-1: USB disconnect, device number 2 [ 95.747809][ T5984] fuse: Invalid rootmode [ 96.411454][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 96.411520][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 96.411588][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 96.411654][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 96.411726][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 96.411792][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 96.411859][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 96.411925][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 96.411992][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 96.412059][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 97.185156][ C0] vkms_vblank_simulate: vblank timer overrun [ 97.410741][ T5994] syz.3.27 uses obsolete (PF_INET,SOCK_PACKET) [ 97.506038][ T6000] netlink: 4 bytes leftover after parsing attributes in process `syz.4.30'. [ 97.751659][ T31] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 97.916379][ T31] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 97.916426][ T31] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 97.916451][ T31] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 97.916471][ T31] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 97.918781][ T31] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 97.918806][ T31] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 97.918825][ T31] usb 2-1: Manufacturer: syz [ 97.951175][ T31] usb 2-1: config 0 descriptor?? [ 98.507261][ T31] appleir 0003:05AC:8243.0001: unknown main item tag 0x0 [ 99.232652][ T31] appleir 0003:05AC:8243.0001: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 99.503954][ T10] usb 2-1: USB disconnect, device number 2 [ 99.599647][ T6022] fido_id[6022]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 99.711984][ T6010] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 101.175283][ T6040] netlink: 208 bytes leftover after parsing attributes in process `syz.0.42'. [ 101.176627][ T6040] netlink: 208 bytes leftover after parsing attributes in process `syz.0.42'. [ 101.176853][ T6040] Zero length message leads to an empty skb [ 101.417568][ T6045] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5 [ 101.555797][ T6050] netlink: 42 bytes leftover after parsing attributes in process `syz.2.46'. [ 101.559423][ T6050] syz.2.46 (6050): attempted to duplicate a private mapping with mremap. This is not supported. [ 102.729012][ T6065] netlink: 84 bytes leftover after parsing attributes in process `syz.3.53'. [ 105.435266][ T6098] netlink: 24 bytes leftover after parsing attributes in process `syz.4.61'. [ 105.572915][ T6098] netlink: 4 bytes leftover after parsing attributes in process `syz.4.61'. [ 107.684491][ T6115] F2FS-fs (loop7): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 107.684515][ T6115] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock [ 107.684725][ T6115] F2FS-fs (loop7): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 107.684742][ T6115] F2FS-fs (loop7): Can't find valid F2FS filesystem in 2th superblock [ 111.864360][ T6154] netlink: 8 bytes leftover after parsing attributes in process `syz.1.81'. [ 111.883140][ T6154] bridge0: port 2(bridge_slave_1) entered disabled state [ 111.890544][ T6154] bridge0: port 1(bridge_slave_0) entered disabled state [ 112.303765][ T6164] netlink: 'syz.3.85': attribute type 1 has an invalid length. [ 113.972840][ T6192] F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 113.972900][ T6192] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 113.978310][ T6192] F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 113.978358][ T6192] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock [ 115.004519][ T6195] hub 9-0:1.0: USB hub found [ 115.013887][ T6195] hub 9-0:1.0: 1 port detected [ 115.504450][ T6199] syz_tun: entered allmulticast mode [ 115.751558][ T5805] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 115.861604][ T6197] syz_tun: left allmulticast mode [ 115.898201][ T5805] usb 1-1: device descriptor read/64, error -71 [ 116.117463][ T6214] netlink: 12 bytes leftover after parsing attributes in process `syz.3.100'. [ 116.117496][ T6214] netlink: 36 bytes leftover after parsing attributes in process `syz.3.100'. [ 116.161586][ T5805] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 116.319361][ T5805] usb 1-1: device descriptor read/64, error -71 [ 116.477816][ T5805] usb usb1-port1: attempt power cycle [ 116.982027][ T5805] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 117.013188][ T5805] usb 1-1: device descriptor read/8, error -71 [ 117.251552][ T5805] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 117.285213][ T5805] usb 1-1: device descriptor read/8, error -71 [ 117.404800][ T5805] usb usb1-port1: unable to enumerate USB device [ 122.873324][ T6279] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.877120][ T6279] bridge0: port 1(bridge_slave_0) entered disabled state [ 125.993025][ T6321] netlink: 24 bytes leftover after parsing attributes in process `syz.4.138'. [ 126.528130][ T37] audit: type=1326 audit(1760736895.363:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6329 comm="syz.2.141" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1c5b76efc9 code=0x0 [ 126.542093][ T6330] fuse: Bad value for 'fd' [ 127.308759][ T6355] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input6 [ 128.800726][ T6367] netlink: 12 bytes leftover after parsing attributes in process `syz.2.156'. [ 128.802742][ T6365] fuse: Unknown parameter '0x0000000000000004' [ 129.566669][ T6395] fuse: Unknown parameter '0x0000000000000004' [ 129.917018][ T6403] netlink: 4 bytes leftover after parsing attributes in process `syz.2.166'. [ 129.917050][ T6403] netlink: 36 bytes leftover after parsing attributes in process `syz.2.166'. [ 130.888629][ T6422] bridge0: port 2(bridge_slave_1) entered disabled state [ 130.896710][ T6422] bridge0: port 1(bridge_slave_0) entered disabled state [ 131.489583][ T6422] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 131.513150][ T6422] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 131.548045][ T6435] netlink: 92 bytes leftover after parsing attributes in process `syz.1.184'. [ 132.611498][ T1119] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.632798][ T1119] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.761602][ T1119] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.790626][ T1324] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.790718][ T1324] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.762495][ T6461] netlink: 8 bytes leftover after parsing attributes in process `syz.3.192'. [ 133.872578][ T1119] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.971642][ T37] audit: type=1326 audit(1760736902.803:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6471 comm="syz.1.196" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fadf47aefc9 code=0x0 [ 134.783799][ T6500] syz_tun: entered allmulticast mode [ 134.805162][ T6498] netlink: 24 bytes leftover after parsing attributes in process `syz.0.207'. [ 135.190172][ T6508] netlink: 12 bytes leftover after parsing attributes in process `syz.2.208'. [ 135.232008][ T6499] syz_tun: left allmulticast mode [ 135.407579][ T6513] io-wq is not configured for unbound workers [ 136.509104][ T6535] syz_tun: entered allmulticast mode [ 136.714289][ T6534] syz_tun: left allmulticast mode [ 138.351144][ T37] audit: type=1326 audit(1760736907.183:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6558 comm="syz.2.232" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1c5b76efc9 code=0x0 [ 142.901507][ T10] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 143.068752][ T10] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 143.068866][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 143.068891][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 143.068911][ T10] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 143.120269][ T10] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 143.120295][ T10] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 143.120313][ T10] usb 4-1: Manufacturer: syz [ 143.165074][ T10] usb 4-1: config 0 descriptor?? [ 143.193585][ T6663] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 143.628169][ T10] usbhid 4-1:0.0: can't add hid device: -71 [ 143.628292][ T10] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 143.681385][ T10] usb 4-1: USB disconnect, device number 3 [ 145.458947][ T6705] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 145.791477][ T1232] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 145.973655][ T1232] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 145.973701][ T1232] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 145.973724][ T1232] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 145.973742][ T1232] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 145.977808][ T1232] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 145.977834][ T1232] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 145.977852][ T1232] usb 4-1: Manufacturer: syz [ 146.053679][ T1232] usb 4-1: config 0 descriptor?? [ 146.554909][ T6725] netlink: 8 bytes leftover after parsing attributes in process `syz.1.303'. [ 146.621238][ T1232] usbhid 4-1:0.0: can't add hid device: -71 [ 146.621526][ T1232] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 146.642311][ T1232] usb 4-1: USB disconnect, device number 4 [ 146.832849][ T6734] autofs: Unknown parameter './file0' [ 147.468320][ T6758] 9pnet_fd: Insufficient options for proto=fd [ 148.021555][ T1230] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 148.155145][ T6796] netlink: 12 bytes leftover after parsing attributes in process `syz.4.334'. [ 148.193957][ T1230] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 148.194003][ T1230] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 148.194027][ T1230] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 148.194048][ T1230] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 148.195704][ T1230] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 148.195728][ T1230] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 148.195746][ T1230] usb 2-1: Manufacturer: syz [ 148.282894][ T1230] usb 2-1: config 0 descriptor?? [ 149.170009][ T1230] usbhid 2-1:0.0: can't add hid device: -71 [ 149.170130][ T1230] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 149.364377][ T1230] usb 2-1: USB disconnect, device number 3 [ 149.425801][ T6822] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 149.736848][ T6833] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input7 [ 149.875502][ T6837] netlink: 8 bytes leftover after parsing attributes in process `syz.4.353'. [ 152.785657][ T6879] netlink: 4 bytes leftover after parsing attributes in process `syz.2.368'. [ 152.931554][ T10] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 153.086773][ T10] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 153.086819][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 153.086845][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 153.086865][ T10] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 153.088432][ T10] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 153.088457][ T10] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 153.088476][ T10] usb 1-1: Manufacturer: syz [ 153.177882][ T10] usb 1-1: config 0 descriptor?? [ 154.126772][ T10] usbhid 1-1:0.0: can't add hid device: -71 [ 154.126905][ T10] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 154.156386][ T10] usb 1-1: USB disconnect, device number 7 [ 155.319238][ T6907] sctp: [Deprecated]: syz.2.379 (pid 6907) Use of int in max_burst socket option deprecated. [ 155.319238][ T6907] Use struct sctp_assoc_value instead [ 157.421513][ T1232] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 158.016794][ T1232] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 158.016840][ T1232] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 158.016865][ T1232] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 158.016885][ T1232] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 158.018521][ T1232] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 158.018546][ T1232] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 158.018565][ T1232] usb 4-1: Manufacturer: syz [ 158.031106][ T1232] usb 4-1: config 0 descriptor?? [ 158.464912][ T6950] netlink: 12 bytes leftover after parsing attributes in process `syz.2.394'. [ 159.048197][ T1232] usbhid 4-1:0.0: can't add hid device: -71 [ 159.048321][ T1232] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 159.068771][ T1232] usb 4-1: USB disconnect, device number 5 [ 161.891755][ T7012] netlink: 28 bytes leftover after parsing attributes in process `syz.2.419'. [ 161.891787][ T7012] netlink: 36 bytes leftover after parsing attributes in process `syz.2.419'. [ 163.681200][ T7042] af_packet: tpacket_rcv: packet too big, clamped from 102 to 4294967286. macoff=82 [ 163.715664][ T7044] netlink: 'syz.3.431': attribute type 13 has an invalid length. [ 163.769133][ T7049] netlink: 12 bytes leftover after parsing attributes in process `syz.0.432'. [ 164.025483][ T7060] netlink: 24 bytes leftover after parsing attributes in process `syz.4.437'. [ 164.199629][ T7069] autofs: Unknown parameter '00000000000000000000' [ 164.811301][ T7093] autofs: Unknown parameter '00000000000000000000' [ 164.962532][ T7102] syz_tun: entered allmulticast mode [ 165.182694][ T7101] syz_tun: left allmulticast mode [ 165.330209][ T7118] netlink: 'syz.1.464': attribute type 13 has an invalid length. [ 165.565514][ T7128] autofs: Unknown parameter '00000000000000000000' [ 167.015226][ T7149] syz_tun: entered allmulticast mode [ 167.248036][ T7147] syz_tun: left allmulticast mode [ 167.272202][ T7157] netlink: 24 bytes leftover after parsing attributes in process `syz.1.480'. [ 167.317768][ T7159] netlink: 20 bytes leftover after parsing attributes in process `syz.4.479'. [ 167.317800][ T7159] netlink: 36 bytes leftover after parsing attributes in process `syz.4.479'. [ 167.477203][ T7165] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input8 [ 168.161844][ T7189] team0: No ports can be present during mode change [ 168.430852][ T7198] netlink: 'syz.1.496': attribute type 1 has an invalid length. [ 168.672451][ T7203] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 168.679365][ T7209] 8021q: adding VLAN 0 to HW filter on device bond1 [ 169.060593][ T7217] syz.4.503 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 170.194566][ T7228] F2FS-fs (loop9): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 170.194590][ T7228] F2FS-fs (loop9): Can't find valid F2FS filesystem in 1th superblock [ 170.194703][ T7228] F2FS-fs (loop9): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 170.194719][ T7228] F2FS-fs (loop9): Can't find valid F2FS filesystem in 2th superblock [ 171.426598][ T7253] F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 171.426614][ T7253] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 171.426712][ T7253] F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 171.426722][ T7253] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock [ 172.026810][ T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 173.803817][ T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 174.005429][ T5803] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 174.008685][ T5803] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 174.009931][ T5803] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 174.046218][ T5803] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 174.047982][ T5803] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 174.519918][ T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 175.223844][ T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 175.346157][ T7315] netlink: 12 bytes leftover after parsing attributes in process `syz.0.543'. [ 176.052837][ T7293] chnl_net:caif_netlink_parms(): no params data found [ 176.141507][ T5119] Bluetooth: hci0: command tx timeout [ 176.293206][ T12] bridge_slave_1: left allmulticast mode [ 176.293366][ T12] bridge_slave_1: left promiscuous mode [ 176.295886][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 176.486739][ T12] bridge_slave_0: left allmulticast mode [ 176.486767][ T12] bridge_slave_0: left promiscuous mode [ 176.487111][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.221488][ T5119] Bluetooth: hci0: command tx timeout [ 179.080022][ T7376] netlink: 4 bytes leftover after parsing attributes in process `syz.2.565'. [ 180.301677][ T5119] Bluetooth: hci0: command tx timeout [ 180.341993][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 180.412190][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 180.433613][ T12] bond0 (unregistering): Released all slaves [ 180.447490][ T12] bond1 (unregistering): Released all slaves [ 182.245530][ T7422] netlink: 4 bytes leftover after parsing attributes in process `syz.4.578'. [ 182.381524][ T5119] Bluetooth: hci0: command tx timeout [ 182.674598][ T7293] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.674733][ T7293] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.674954][ T7293] bridge_slave_0: entered allmulticast mode [ 182.677743][ T7293] bridge_slave_0: entered promiscuous mode [ 182.722679][ T7293] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.722828][ T7293] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.723051][ T7293] bridge_slave_1: entered allmulticast mode [ 182.742152][ T7293] bridge_slave_1: entered promiscuous mode [ 183.064115][ T7450] No control pipe specified [ 183.172410][ T7452] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 183.335159][ T7293] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 183.486951][ T12] hsr_slave_0: left promiscuous mode [ 183.551462][ T12] hsr_slave_1: left promiscuous mode [ 183.552677][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 183.552779][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 183.621474][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 183.621502][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 183.860732][ T12] veth1_macvtap: left promiscuous mode [ 183.860968][ T12] veth0_macvtap: left promiscuous mode [ 183.861265][ T12] veth1_vlan: left promiscuous mode [ 183.889216][ T12] veth0_vlan: left promiscuous mode [ 184.585980][ T7494] F2FS-fs (loop9): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 184.586002][ T7494] F2FS-fs (loop9): Can't find valid F2FS filesystem in 1th superblock [ 184.586093][ T7494] F2FS-fs (loop9): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 184.586109][ T7494] F2FS-fs (loop9): Can't find valid F2FS filesystem in 2th superblock [ 184.790006][ T7499] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input9 [ 186.393618][ T12] team0 (unregistering): Port device team_slave_1 removed [ 186.592311][ T12] team0 (unregistering): Port device team_slave_0 removed [ 188.815412][ T7293] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 188.998188][ T7512] 8021q: adding VLAN 0 to HW filter on device bond0 [ 189.013970][ T7512] 8021q: adding VLAN 0 to HW filter on device team0 [ 189.050075][ T7512] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 189.059590][ T7525] netlink: 4 bytes leftover after parsing attributes in process `syz.2.614'. [ 189.706702][ T7293] team0: Port device team_slave_0 added [ 189.760359][ T7293] team0: Port device team_slave_1 added [ 190.175341][ T7552] F2FS-fs (loop9): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 190.175366][ T7552] F2FS-fs (loop9): Can't find valid F2FS filesystem in 1th superblock [ 190.175479][ T7552] F2FS-fs (loop9): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 190.175502][ T7552] F2FS-fs (loop9): Can't find valid F2FS filesystem in 2th superblock [ 190.356582][ T7293] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 190.356597][ T7293] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 190.356622][ T7293] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 190.374678][ T7293] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 190.374692][ T7293] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 190.374716][ T7293] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 190.671737][ T7565] netlink: 4 bytes leftover after parsing attributes in process `syz.4.629'. [ 191.083770][ T7578] netlink: 12 bytes leftover after parsing attributes in process `syz.4.634'. [ 191.173197][ T7293] hsr_slave_0: entered promiscuous mode [ 191.174610][ T7293] hsr_slave_1: entered promiscuous mode [ 191.553167][ T7592] netlink: 36 bytes leftover after parsing attributes in process `syz.4.639'. [ 192.679270][ T7293] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 192.716632][ T7293] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 192.827526][ T7293] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 192.896639][ T7293] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 193.667329][ T7293] 8021q: adding VLAN 0 to HW filter on device bond0 [ 193.762293][ T7293] 8021q: adding VLAN 0 to HW filter on device team0 [ 193.789420][ T1309] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.789706][ T1309] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.835363][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.835555][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 194.228794][ T1324] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.228863][ T1324] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.575487][ T7293] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 195.724552][ T7293] veth0_vlan: entered promiscuous mode [ 195.777103][ T7293] veth1_vlan: entered promiscuous mode [ 195.962345][ T7293] veth0_macvtap: entered promiscuous mode [ 195.974878][ T7293] veth1_macvtap: entered promiscuous mode [ 196.060692][ T7293] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 196.080737][ T7293] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 196.112990][ T1504] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.132295][ T1504] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.136165][ T43] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.137196][ T43] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.426843][ T1552] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 197.426861][ T1552] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 197.704517][ T1119] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 197.704536][ T1119] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 200.094874][ T7732] process 'syz.2.666' launched './file0' with NULL argv: empty string added [ 201.061602][ T7745] netlink: 28 bytes leftover after parsing attributes in process `syz.0.669'. [ 201.425355][ T5803] Bluetooth: hci1: command 0x0406 tx timeout [ 201.426130][ T5803] Bluetooth: hci2: command 0x0406 tx timeout [ 201.426165][ T5803] Bluetooth: hci3: command 0x0406 tx timeout [ 202.243541][ T7768] netlink: 24 bytes leftover after parsing attributes in process `syz.5.678'. [ 202.977839][ T7778] netlink: 28 bytes leftover after parsing attributes in process `syz.4.681'. [ 203.011683][ T7780] netlink: 52 bytes leftover after parsing attributes in process `syz.5.682'. [ 204.298982][ T7808] netlink: 24 bytes leftover after parsing attributes in process `syz.5.694'. [ 204.497829][ T37] audit: type=1326 audit(1760736973.333:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7812 comm="syz.0.696" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8c8f0efc9 code=0x7ffc0000 [ 204.498485][ T37] audit: type=1326 audit(1760736973.333:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7812 comm="syz.0.696" exe="/root/syz-executor" sig=0 arch=c000003e syscall=233 compat=0 ip=0x7fa8c8f0efc9 code=0x7ffc0000 [ 204.499267][ T37] audit: type=1326 audit(1760736973.333:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7812 comm="syz.0.696" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8c8f0efc9 code=0x7ffc0000 [ 204.500664][ T37] audit: type=1326 audit(1760736973.333:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7812 comm="syz.0.696" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8c8f0efc9 code=0x7ffc0000 [ 205.670796][ T7831] netlink: 12 bytes leftover after parsing attributes in process `syz.5.702'. [ 206.560109][ T7842] hub 9-0:1.0: USB hub found [ 206.569505][ T7842] hub 9-0:1.0: 1 port detected [ 208.252639][ T5119] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 208.262313][ T5119] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 208.263744][ T5119] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 208.285419][ T5119] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 208.286226][ T5119] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 209.141844][ T7863] netlink: 108 bytes leftover after parsing attributes in process `syz.0.710'. [ 209.616299][ T7873] netlink: 8 bytes leftover after parsing attributes in process `syz.2.715'. [ 209.715803][ T7852] chnl_net:caif_netlink_parms(): no params data found [ 210.382005][ T61] Bluetooth: hci5: command tx timeout [ 210.525136][ T7852] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.525355][ T7852] bridge0: port 1(bridge_slave_0) entered disabled state [ 210.525560][ T7852] bridge_slave_0: entered allmulticast mode [ 210.538086][ T7852] bridge_slave_0: entered promiscuous mode [ 210.561476][ T7852] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.561615][ T7852] bridge0: port 2(bridge_slave_1) entered disabled state [ 210.561856][ T7852] bridge_slave_1: entered allmulticast mode [ 210.565346][ T7852] bridge_slave_1: entered promiscuous mode [ 210.960620][ T7852] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 210.987548][ T7852] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 211.455721][ T7852] team0: Port device team_slave_0 added [ 211.459436][ T7852] team0: Port device team_slave_1 added [ 211.638427][ T7915] netlink: 'syz.5.728': attribute type 4 has an invalid length. [ 211.683524][ T7917] netlink: 'syz.5.728': attribute type 4 has an invalid length. [ 212.128412][ T7852] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 212.128429][ T7852] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 212.128454][ T7852] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 212.190388][ T7852] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 212.190404][ T7852] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 212.190429][ T7852] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 212.461887][ T61] Bluetooth: hci5: command tx timeout [ 212.736989][ T7852] hsr_slave_0: entered promiscuous mode [ 212.756582][ T7852] hsr_slave_1: entered promiscuous mode [ 212.762574][ T7852] debugfs: 'hsr0' already exists in 'hsr' [ 212.762617][ T7852] Cannot create hsr debugfs directory [ 213.355323][ T7954] hub 9-0:1.0: USB hub found [ 213.356789][ T7954] hub 9-0:1.0: 1 port detected [ 213.414613][ T7953] bridge0: port 2(bridge_slave_1) entered disabled state [ 213.419516][ T7953] bridge0: port 1(bridge_slave_0) entered disabled state [ 213.469592][ T7953] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.469767][ T7953] bridge0: port 2(bridge_slave_1) entered forwarding state [ 213.488259][ T7953] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.488447][ T7953] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.499338][ T7953] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 214.082507][ T7970] netlink: 24 bytes leftover after parsing attributes in process `syz.0.738'. [ 214.543232][ T61] Bluetooth: hci5: command tx timeout [ 214.596768][ T7852] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 214.669022][ T7852] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 214.738443][ T7852] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 214.858787][ T7852] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 215.362301][ T7852] 8021q: adding VLAN 0 to HW filter on device bond0 [ 215.441876][ T7852] 8021q: adding VLAN 0 to HW filter on device team0 [ 215.466542][ T1504] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.471951][ T1504] bridge0: port 1(bridge_slave_0) entered forwarding state [ 215.488728][ T1504] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.488872][ T1504] bridge0: port 2(bridge_slave_1) entered forwarding state [ 216.055343][ T8017] hub 9-0:1.0: USB hub found [ 216.055683][ T8017] hub 9-0:1.0: 1 port detected [ 216.622174][ T61] Bluetooth: hci5: command tx timeout [ 216.745563][ T8031] netlink: 4 bytes leftover after parsing attributes in process `syz.5.749'. [ 216.850313][ T7852] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 217.887838][ T7852] veth0_vlan: entered promiscuous mode [ 217.928785][ T7852] veth1_vlan: entered promiscuous mode [ 217.997379][ T7852] veth0_macvtap: entered promiscuous mode [ 218.029170][ T7852] veth1_macvtap: entered promiscuous mode [ 218.056605][ T7852] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 218.073802][ T7852] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 218.194946][ T43] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.200523][ T12] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.216651][ T12] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.217147][ T12] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.607748][ T1504] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 218.607766][ T1504] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 218.724673][ T1552] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 218.724692][ T1552] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 219.099449][ T8068] syz.2.761 (8068) used greatest stack depth: 18344 bytes left [ 220.231699][ T8077] syz.2.763 (8077) used greatest stack depth: 16040 bytes left [ 220.758122][ T8090] netlink: 'syz.2.768': attribute type 8 has an invalid length. [ 220.758142][ T8090] netlink: 32 bytes leftover after parsing attributes in process `syz.2.768'. [ 221.605157][ T8110] syz.4.778 (8110) used greatest stack depth: 15480 bytes left [ 222.833611][ T8128] netlink: 'syz.2.784': attribute type 1 has an invalid length. [ 223.531751][ T8146] No control pipe specified [ 223.687202][ T8148] netlink: 4 bytes leftover after parsing attributes in process `syz.4.792'. [ 225.410343][ T8161] netlink: 'syz.4.798': attribute type 1 has an invalid length. [ 225.662208][ T8173] autofs: Unknown parameter '0x0000000000000000' [ 225.711922][ T8176] No control pipe specified [ 225.777429][ T8170] 8021q: adding VLAN 0 to HW filter on device bond1 [ 226.198276][ T8187] netlink: 24 bytes leftover after parsing attributes in process `syz.0.806'. [ 228.062097][ T8209] netlink: 4 bytes leftover after parsing attributes in process `syz.4.818'. [ 228.979640][ T37] audit: type=1326 audit(1760736997.813:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8220 comm="syz.4.822" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f59fdd0efc9 code=0x0 [ 230.367301][ T37] audit: type=1326 audit(1760736999.193:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8233 comm="syz.0.827" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8c8f0efc9 code=0x7ffc0000 [ 230.599933][ T8239] netlink: 4 bytes leftover after parsing attributes in process `syz.6.829'. [ 233.001989][ T8266] netlink: 4 bytes leftover after parsing attributes in process `syz.2.842'. [ 233.046468][ T8267] hub 9-0:1.0: USB hub found [ 233.047701][ T8267] hub 9-0:1.0: 1 port detected [ 233.374132][ T8273] netlink: 'syz.2.844': attribute type 1 has an invalid length. [ 233.439998][ T8273] 8021q: adding VLAN 0 to HW filter on device bond1 [ 233.876119][ T8274] F2FS-fs (loop13): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 233.876142][ T8274] F2FS-fs (loop13): Can't find valid F2FS filesystem in 1th superblock [ 233.876470][ T8274] F2FS-fs (loop13): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 233.876489][ T8274] F2FS-fs (loop13): Can't find valid F2FS filesystem in 2th superblock [ 234.525839][ T8276] bond1: (slave veth3): Enslaving as an active interface with a down link [ 234.713783][ T8293] ======================================================= [ 234.713783][ T8293] WARNING: The mand mount option has been deprecated and [ 234.713783][ T8293] and is ignored by this kernel. Remove the mand [ 234.713783][ T8293] option from the mount to silence this warning. [ 234.713783][ T8293] ======================================================= [ 236.474510][ T5918] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 237.138060][ T5918] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 237.138103][ T5918] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 237.138145][ T5918] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 253 [ 237.143556][ T5918] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 237.143582][ T5918] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 237.143601][ T5918] usb 7-1: Manufacturer: syz [ 237.216648][ T5918] usb 7-1: config 0 descriptor?? [ 237.290130][ T5918] usbhid 7-1:0.0: couldn't find an input interrupt endpoint [ 239.011932][ T8273] 8021q: adding VLAN 0 to HW filter on device team0 [ 239.024980][ T8273] bond1: (slave team0): making interface the new active one [ 239.026962][ T8273] team0: entered promiscuous mode [ 239.026981][ T8273] team_slave_0: entered promiscuous mode [ 239.027224][ T8273] team_slave_1: entered promiscuous mode [ 239.029469][ T8273] bond1: (slave team0): Enslaving as an active interface with an up link [ 239.341462][ T5918] usb 7-1: USB disconnect, device number 2 [ 240.325062][ T8312] hub 9-0:1.0: USB hub found [ 240.325617][ T8312] hub 9-0:1.0: 1 port detected [ 241.431541][ T8320] netlink: 12 bytes leftover after parsing attributes in process `syz.0.860'. [ 243.274607][ T8330] netlink: 'syz.6.865': attribute type 1 has an invalid length. [ 246.181607][ T37] audit: type=1326 audit(1760737015.003:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8335 comm="syz.2.868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c5b76efc9 code=0x7ffc0000 [ 246.181663][ T37] audit: type=1326 audit(1760737015.003:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8335 comm="syz.2.868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f1c5b76efc9 code=0x7ffc0000 [ 246.181704][ T37] audit: type=1326 audit(1760737015.003:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8335 comm="syz.2.868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c5b76efc9 code=0x7ffc0000 [ 246.181746][ T37] audit: type=1326 audit(1760737015.003:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8335 comm="syz.2.868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c5b76efc9 code=0x7ffc0000 [ 246.181786][ T37] audit: type=1326 audit(1760737015.003:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8335 comm="syz.2.868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1c5b76efc9 code=0x7ffc0000 [ 246.181828][ T37] audit: type=1326 audit(1760737015.003:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8335 comm="syz.2.868" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c5b76efc9 code=0x7ffc0000 [ 246.504405][ T10] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 248.658846][ T10] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 248.658886][ T10] usb 1-1: can't read configurations, error -71 [ 249.497400][ T8344] hub 9-0:1.0: USB hub found [ 249.519271][ T8344] hub 9-0:1.0: 1 port detected [ 253.682062][ T8363] netlink: 12 bytes leftover after parsing attributes in process `syz.4.878'. [ 255.673681][ T1324] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.673748][ T1324] ieee802154 phy1 wpan1: encryption failed: -22 [ 257.854119][ T5119] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 257.857400][ T5119] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 257.879789][ T5119] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 257.880975][ T5119] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 258.041693][ T5119] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 260.306147][ T5119] Bluetooth: hci4: command tx timeout [ 260.950259][ T43] team0: left promiscuous mode [ 260.950281][ T43] team_slave_0: left promiscuous mode [ 261.822911][ T43] team_slave_1: left promiscuous mode [ 262.381553][ T5119] Bluetooth: hci4: command tx timeout [ 264.511347][ T5119] Bluetooth: hci4: command tx timeout [ 266.541435][ T5119] Bluetooth: hci4: command tx timeout [ 266.620593][ T37] audit: type=1326 audit(1760737035.453:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8405 comm="syz.0.893" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa8c8f0efc9 code=0x0 [ 270.011403][ T5918] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 272.324195][ T5918] usb 1-1: device descriptor read/all, error -71 [ 273.270653][ T8385] chnl_net:caif_netlink_parms(): no params data found [ 273.322518][ T8419] netlink: 24 bytes leftover after parsing attributes in process `syz.0.898'. [ 280.287357][ T5119] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 280.290698][ T5119] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 280.313398][ T5119] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 280.314596][ T5119] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 280.315342][ T5119] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 282.262533][ T61] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 282.267466][ T61] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 282.268625][ T61] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 282.278607][ T61] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 282.281549][ T61] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 282.385739][ T61] Bluetooth: hci0: command tx timeout [ 284.394077][ T61] Bluetooth: hci6: command tx timeout [ 284.522112][ T61] Bluetooth: hci0: command tx timeout [ 286.461555][ T61] Bluetooth: hci6: command tx timeout [ 286.541395][ T61] Bluetooth: hci0: command tx timeout [ 288.541787][ T61] Bluetooth: hci6: command tx timeout [ 288.621531][ T61] Bluetooth: hci0: command tx timeout [ 290.621644][ T61] Bluetooth: hci6: command tx timeout [ 292.438255][ T5119] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 292.578462][ T5119] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 292.581124][ T5119] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 292.584046][ T5119] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 292.585227][ T5119] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 294.621931][ T61] Bluetooth: hci1: command tx timeout [ 296.951433][ T61] Bluetooth: hci1: command tx timeout [ 299.021433][ T61] Bluetooth: hci1: command tx timeout [ 301.101396][ T61] Bluetooth: hci1: command tx timeout [ 302.199035][ T1127] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 306.114027][ T8442] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 317.112789][ T1324] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.112860][ T1324] ieee802154 phy1 wpan1: encryption failed: -22 [ 321.261008][ T5119] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 321.387646][ T5119] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 321.389176][ T5119] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 321.390683][ T5119] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 321.451629][ T5119] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 323.581437][ T5119] Bluetooth: hci7: command tx timeout [ 325.252389][ T61] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 325.261984][ T61] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 325.265598][ T61] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 325.281807][ T61] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 325.282575][ T61] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 325.661483][ T5119] Bluetooth: hci7: command tx timeout [ 327.347031][ T5119] Bluetooth: hci8: command tx timeout [ 327.741458][ T5119] Bluetooth: hci7: command tx timeout [ 329.611416][ T5119] Bluetooth: hci8: command tx timeout [ 329.821430][ T5119] Bluetooth: hci7: command tx timeout [ 332.178119][ T5119] Bluetooth: hci8: command tx timeout [ 334.222415][ T61] Bluetooth: hci8: command tx timeout [ 334.541469][ T61] Bluetooth: hci5: command 0x0406 tx timeout [ 337.012298][ T61] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 337.014219][ T61] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 337.016119][ T61] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 337.017243][ T61] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 337.018336][ T61] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 339.253911][ T5119] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 339.262534][ T5119] Bluetooth: hci4: command tx timeout [ 339.263759][ T5119] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 339.264877][ T5119] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 339.265937][ T5119] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 339.266634][ T5119] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 341.341453][ T5808] Bluetooth: hci4: command tx timeout [ 341.341468][ T61] Bluetooth: hci9: command tx timeout [ 343.421404][ T61] Bluetooth: hci4: command tx timeout [ 343.421437][ T61] Bluetooth: hci9: command tx timeout [ 345.501561][ T5808] Bluetooth: hci9: command tx timeout [ 345.501569][ T61] Bluetooth: hci4: command tx timeout [ 347.582074][ T5808] Bluetooth: hci9: command tx timeout [ 349.157244][ T61] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 349.309863][ T61] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 349.311093][ T61] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 349.317038][ T61] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 349.318238][ T61] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 351.391341][ T61] Bluetooth: hci10: command tx timeout [ 353.421449][ T61] Bluetooth: hci10: command tx timeout [ 355.582662][ T61] Bluetooth: hci10: command tx timeout [ 357.661369][ T61] Bluetooth: hci10: command tx timeout [ 378.759986][ T1324] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.760063][ T1324] ieee802154 phy1 wpan1: encryption failed: -22 [ 384.353903][ T5808] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 384.431938][ T5808] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 384.449249][ T5808] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 384.461886][ T5808] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 384.496202][ T5808] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 385.537168][ T61] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 385.549930][ T61] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 385.551156][ T61] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 385.554740][ T61] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 385.555563][ T61] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 386.641379][ T5808] Bluetooth: hci1: command tx timeout [ 387.821453][ T61] Bluetooth: hci11: command tx timeout [ 388.703336][ T61] Bluetooth: hci1: command tx timeout [ 390.061372][ T61] Bluetooth: hci11: command tx timeout [ 390.908105][ T61] Bluetooth: hci1: command tx timeout [ 392.172698][ T61] Bluetooth: hci11: command tx timeout [ 393.103833][ T61] Bluetooth: hci1: command tx timeout [ 394.701383][ T61] Bluetooth: hci11: command tx timeout [ 400.892186][ T5808] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 400.907334][ T5808] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 400.911658][ T5808] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 400.912808][ T5808] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 400.913542][ T5808] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 403.165607][ T5808] Bluetooth: hci3: command tx timeout [ 404.545188][ T5119] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 404.591935][ T5119] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 404.593322][ T5119] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 404.594409][ T5119] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 404.595115][ T5119] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 405.191366][ T5119] Bluetooth: hci3: command tx timeout [ 406.381366][ T5119] Bluetooth: hci0: command 0x0406 tx timeout [ 406.381403][ T5119] Bluetooth: hci6: command 0x0406 tx timeout [ 407.443185][ T5813] Bluetooth: hci3: command tx timeout [ 409.531454][ T5808] Bluetooth: hci3: command tx timeout [ 409.531517][ T5808] Bluetooth: hci7: command tx timeout [ 411.669795][ T61] Bluetooth: hci7: command tx timeout [ 413.741401][ T61] Bluetooth: hci7: command tx timeout [ 416.091467][ T61] Bluetooth: hci7: command tx timeout [ 416.876268][ T8472] workqueue: Failed to create a rescuer kthread for wq "bond0": -EINTR [ 420.901659][ T38] INFO: task syz.6.884:8379 blocked for more than 143 seconds. [ 420.901700][ T38] Not tainted syzkaller #0 [ 420.901710][ T38] Blocked by coredump. [ 420.901716][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 420.901725][ T38] task:syz.6.884 state:D stack:25160 pid:8379 tgid:8379 ppid:7852 task_flags:0x40004c flags:0x00080000 [ 420.901792][ T38] Call Trace: [ 420.901801][ T38] [ 420.901816][ T38] __schedule+0x16f3/0x4c20 [ 420.901873][ T38] ? __lock_acquire+0xab9/0xd20 [ 420.901894][ T38] ? __pfx___schedule+0x10/0x10 [ 420.901937][ T38] ? schedule+0x91/0x360 [ 420.901966][ T38] schedule+0x165/0x360 [ 420.901994][ T38] schedule_timeout+0x9a/0x270 [ 420.902019][ T38] ? __pfx_schedule_timeout+0x10/0x10 [ 420.902057][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 420.902083][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 420.902109][ T38] ? wait_for_completion+0x267/0x5d0 [ 420.902137][ T38] wait_for_completion+0x2bf/0x5d0 [ 420.902178][ T38] ? __pfx_wait_for_completion+0x10/0x10 [ 420.902219][ T38] exit_aio+0x2f1/0x3b0 [ 420.902246][ T38] ? __pfx_exit_aio+0x10/0x10 [ 420.902280][ T38] ? uprobe_clear_state+0x288/0x2a0 [ 420.902300][ T38] ? mm_update_next_owner+0x808/0x870 [ 420.902328][ T38] __mmput+0x68/0x3d0 [ 420.902357][ T38] exit_mm+0x1da/0x2c0 [ 420.902382][ T38] ? __pfx_exit_mm+0x10/0x10 [ 420.902407][ T38] ? rcu_is_watching+0x15/0xb0 [ 420.902434][ T38] do_exit+0x648/0x2300 [ 420.902452][ T38] ? preempt_schedule_thunk+0x16/0x30 [ 420.902486][ T38] ? rt_mutex_slowunlock+0x668/0x8a0 [ 420.902513][ T38] ? __pfx_do_exit+0x10/0x10 [ 420.902534][ T38] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 420.902560][ T38] ? __rcu_read_unlock+0x84/0xe0 [ 420.902589][ T38] ? rt_spin_unlock+0x161/0x200 [ 420.902615][ T38] do_group_exit+0x21c/0x2d0 [ 420.902644][ T38] __x64_sys_exit_group+0x3f/0x40 [ 420.902666][ T38] x64_sys_call+0x21f7/0x2200 [ 420.902695][ T38] do_syscall_64+0xfa/0xfa0 [ 420.902721][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 420.902747][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 420.902765][ T38] ? clear_bhb_loop+0x60/0xb0 [ 420.902788][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 420.902807][ T38] RIP: 0033:0x7fe14a58efc9 [ 420.902828][ T38] RSP: 002b:00007ffd62cec0a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 420.902848][ T38] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe14a58efc9 [ 420.902862][ T38] RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000 [ 420.902873][ T38] RBP: 00007ffd62cec10c R08: 0000000662cec19f R09: 00000000000927c0 [ 420.902886][ T38] R10: 0000000000000001 R11: 0000000000000246 R12: 000000000000001a [ 420.902898][ T38] R13: 00000000000927c0 R14: 000000000003e43a R15: 00007ffd62cec160 [ 420.902931][ T38] [ 420.902957][ T38] [ 420.902957][ T38] Showing all locks held in the system: [ 420.902968][ T38] 8 locks held by kworker/u8:1/13: [ 420.902982][ T38] 1 lock held by khungtaskd/38: [ 420.902992][ T38] #0: ffffffff8d7aa4c0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 420.903040][ T38] 6 locks held by kworker/u8:2/43: [ 420.903060][ T38] 6 locks held by kworker/u8:8/1127: [ 420.903070][ T38] #0: ffff88801a294938 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 420.903122][ T38] #1: ffffc9000491fba0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 420.903172][ T38] #2: ffffffff8ea6b620 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x820 [ 420.903222][ T38] #3: ffff8880399dd0d8 (&dev->mutex){....}-{4:4}, at: devlink_pernet_pre_exit+0x10a/0x3d0 [ 420.903268][ T38] #4: ffff8880399de300 (&devlink->lock_key#5){+.+.}-{4:4}, at: devlink_pernet_pre_exit+0x11c/0x3d0 [ 420.903317][ T38] #5: ffffffff8d7afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 420.903366][ T38] 6 locks held by kworker/u8:9/1309: [ 420.903377][ T38] 4 locks held by kworker/u8:11/1507: [ 420.903388][ T38] 3 locks held by kworker/u8:13/1552: [ 420.903398][ T38] #0: ffff88813fe29938 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 420.903455][ T38] #1: ffffc9000567fba0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 420.903506][ T38] #2: ffffffff8ea78538 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 420.903561][ T38] 2 locks held by getty/5562: [ 420.903571][ T38] #0: ffff88823bf2c0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 420.903618][ T38] #1: ffffc90003e8b2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1400 [ 420.903673][ T38] 2 locks held by kworker/0:6/5918: [ 420.903690][ T38] 1 lock held by syz.4.15/5965: [ 420.903700][ T38] #0: ffffffff8d7afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 420.903752][ T38] 1 lock held by syz.5.850/8299: [ 420.903762][ T38] #0: ffffffff8d7afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 420.903810][ T38] 1 lock held by syz.2.879/8364: [ 420.903821][ T38] #0: ffffffff8d7afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 420.903869][ T38] 1 lock held by syz-executor/8385: [ 420.903879][ T38] #0: ffffffff8d7afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 420.903927][ T38] 2 locks held by syz-executor/8422: [ 420.903937][ T38] #0: ffffffff8ea6b620 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x337/0x4e0 [ 420.903983][ T38] #1: ffffffff8d7afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 420.904031][ T38] 2 locks held by syz-executor/8424: [ 420.904042][ T38] #0: ffffffff8ea6b620 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x337/0x4e0 [ 420.904089][ T38] #1: ffffffff8d7afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 420.904137][ T38] 1 lock held by syz-executor/8433: [ 420.904147][ T38] #0: ffffffff8d7afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 420.904195][ T38] 1 lock held by syz.0.904/8441: [ 420.904205][ T38] #0: ffffffff8d7afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 420.904254][ T38] 1 lock held by syz-executor/8454: [ 420.904264][ T38] #0: ffffffff8d7afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 420.904312][ T38] 1 lock held by syz-executor/8458: [ 420.904322][ T38] #0: ffffffff8d7afe70 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 420.904370][ T38] 1 lock held by syz-executor/8465: [ 420.904380][ T38] #0: ffffffff8ea78538 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 420.904427][ T38] 1 lock held by syz-executor/8468: [ 420.904438][ T38] #0: ffffffff8ea78538 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 420.904484][ T38] 2 locks held by syz-executor/8491: [ 420.904494][ T38] #0: ffffffff8ea6b620 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x337/0x4e0 [ 420.904541][ T38] #1: ffffffff8ea78538 (rtnl_mutex){+.+.}-{4:4}, at: register_netdev+0x18/0x60 [ 420.904584][ T38] 1 lock held by syz-executor/8496: [ 420.904594][ T38] #0: ffffffff8ea78538 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8e9/0x1c80 [ 420.904642][ T38] 1 lock held by syz-executor/8504: [ 420.904652][ T38] #0: ffffffff8ea78538 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8e9/0x1c80 [ 420.904706][ T38] 1 lock held by syz-executor/8507: [ 420.904717][ T38] [ 420.904721][ T38] ============================================= [ 420.904721][ T38] [ 420.904735][ T38] NMI backtrace for cpu 0 [ 420.904754][ T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 420.904774][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 420.904784][ T38] Call Trace: [ 420.904791][ T38] [ 420.904799][ T38] dump_stack_lvl+0x189/0x250 [ 420.904824][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 420.904845][ T38] ? __pfx__printk+0x10/0x10 [ 420.904879][ T38] nmi_cpu_backtrace+0x39e/0x3d0 [ 420.904905][ T38] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 420.904930][ T38] ? __pfx__printk+0x10/0x10 [ 420.904956][ T38] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 420.904983][ T38] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 420.905008][ T38] watchdog+0xf60/0xfa0 [ 420.905033][ T38] ? watchdog+0x1e2/0xfa0 [ 420.905059][ T38] kthread+0x711/0x8a0 [ 420.905084][ T38] ? __pfx_watchdog+0x10/0x10 [ 420.905102][ T38] ? __pfx_kthread+0x10/0x10 [ 420.905120][ T38] ? rt_spin_unlock+0x150/0x200 [ 420.905146][ T38] ? rt_spin_unlock+0x161/0x200 [ 420.905165][ T38] ? __pfx_kthread+0x10/0x10 [ 420.905187][ T38] ret_from_fork+0x4bc/0x870 [ 420.905216][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 420.905249][ T38] ? __switch_to_asm+0x39/0x70 [ 420.905271][ T38] ? __switch_to_asm+0x33/0x70 [ 420.905292][ T38] ? __pfx_kthread+0x10/0x10 [ 420.905314][ T38] ret_from_fork_asm+0x1a/0x30 [ 420.905354][ T38] [ 420.905361][ T38] Sending NMI from CPU 0 to CPUs 1: [ 420.905385][ C1] NMI backtrace for cpu 1 [ 420.905399][ C1] CPU: 1 UID: 0 PID: 1309 Comm: kworker/u8:9 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 420.905419][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 420.905431][ C1] Workqueue: events_unbound cfg80211_wiphy_work [ 420.905457][ C1] RIP: 0010:rcu_is_watching+0x3a/0xb0 [ 420.905478][ C1] Code: e8 2b 8f 21 09 89 c3 83 f8 08 73 65 49 bf 00 00 00 00 00 fc ff df 4c 8d 34 dd d0 5d 07 8d 4c 89 f0 48 c1 e8 03 42 80 3c 38 00 <74> 08 4c 89 f7 e8 1c 73 7b 00 48 c7 c3 d8 d4 c6 91 49 03 1e 48 89 [ 420.905493][ C1] RSP: 0018:ffffc90004e6f130 EFLAGS: 00000246 [ 420.905508][ C1] RAX: 1ffffffff1a0ebbb RBX: 0000000000000001 RCX: e90dee00ace56e00 [ 420.905521][ C1] RDX: 0000000000000100 RSI: ffffffff8b3f5440 RDI: ffffffff8b3f5400 [ 420.905534][ C1] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000100 [ 420.905544][ C1] R10: dffffc0000000000 R11: fffffbfff1deee6f R12: ffff8880b893c890 [ 420.905558][ C1] R13: ffff8880b893c890 R14: ffffffff8d075dd8 R15: dffffc0000000000 [ 420.905571][ C1] FS: 0000000000000000(0000) GS:ffff888126cc6000(0000) knlGS:0000000000000000 [ 420.905586][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 420.905598][ C1] CR2: 00007ffe24d44d64 CR3: 0000000067c5c000 CR4: 00000000003526f0 [ 420.905614][ C1] Call Trace: [ 420.905620][ C1] [ 420.905628][ C1] ? process_backlog+0x27b/0x900 [ 420.905649][ C1] process_backlog+0x2b5/0x900 [ 420.905677][ C1] __napi_poll+0xb6/0x540 [ 420.905699][ C1] net_rx_action+0x5f7/0xda0 [ 420.905729][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 420.905752][ C1] ? kvm_sched_clock_read+0x11/0x20 [ 420.905781][ C1] ? __pfx_sched_clock_cpu+0x10/0x10 [ 420.905811][ C1] handle_softirqs+0x22f/0x710 [ 420.905841][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 420.905871][ C1] __local_bh_enable_ip+0x1a0/0x2e0 [ 420.905896][ C1] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 420.905917][ C1] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 420.905946][ C1] ? rt_spin_unlock+0x150/0x200 [ 420.905969][ C1] ? rt_spin_unlock+0x161/0x200 [ 420.905991][ C1] ? cfg80211_put_bss+0x20e/0x270 [ 420.906011][ C1] ? cfg80211_put_bss+0x45/0x270 [ 420.906032][ C1] ieee80211_ibss_rx_queued_mgmt+0x11fd/0x2af0 [ 420.906055][ C1] ? __lock_acquire+0xab9/0xd20 [ 420.906076][ C1] ? do_raw_spin_lock+0x121/0x290 [ 420.906103][ C1] ? ieee80211_ibss_rx_queued_mgmt+0xfab/0x2af0 [ 420.906126][ C1] ? __pfx_ieee80211_ibss_rx_queued_mgmt+0x10/0x10 [ 420.906147][ C1] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 420.906172][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 420.906196][ C1] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 420.906221][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 420.906252][ C1] ? rt_mutex_slowunlock+0x493/0x8a0 [ 420.906293][ C1] ieee80211_iface_work+0x85f/0x12d0 [ 420.906322][ C1] cfg80211_wiphy_work+0x2bb/0x470 [ 420.906346][ C1] ? process_scheduled_works+0x9ef/0x17b0 [ 420.906375][ C1] process_scheduled_works+0xae1/0x17b0 [ 420.906415][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 420.906449][ C1] worker_thread+0x8a0/0xda0 [ 420.906466][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 420.906496][ C1] ? __kthread_parkme+0x7b/0x200 [ 420.906518][ C1] kthread+0x711/0x8a0 [ 420.906539][ C1] ? __pfx_worker_thread+0x10/0x10 [ 420.906555][ C1] ? __pfx_kthread+0x10/0x10 [ 420.906572][ C1] ? rt_spin_unlock+0x150/0x200 [ 420.906595][ C1] ? rt_spin_unlock+0x161/0x200 [ 420.906614][ C1] ? __pfx_kthread+0x10/0x10 [ 420.906633][ C1] ret_from_fork+0x4bc/0x870 [ 420.906658][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 420.906685][ C1] ? __switch_to_asm+0x39/0x70 [ 420.906707][ C1] ? __switch_to_asm+0x33/0x70 [ 420.906727][ C1] ? __pfx_kthread+0x10/0x10 [ 420.906746][ C1] ret_from_fork_asm+0x1a/0x30 [ 420.906778][ C1] [ 420.907388][ T38] Kernel panic - not syncing: hung_task: blocked tasks [ 420.907402][ T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 420.907423][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 420.907433][ T38] Call Trace: [ 420.907440][ T38] [ 420.907448][ T38] dump_stack_lvl+0x99/0x250 [ 420.907470][ T38] ? __asan_memcpy+0x40/0x70 [ 420.907495][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 420.907517][ T38] ? __pfx__printk+0x10/0x10 [ 420.907551][ T38] vpanic+0x237/0x6d0 [ 420.907569][ T38] ? __pfx_vpanic+0x10/0x10 [ 420.907598][ T38] panic+0xb9/0xc0 [ 420.907615][ T38] ? __pfx_panic+0x10/0x10 [ 420.907636][ T38] ? irq_work_queue+0xc3/0x140 [ 420.907660][ T38] ? nmi_trigger_cpumask_backtrace+0x234/0x300 [ 420.907690][ T38] watchdog+0xf9f/0xfa0 [ 420.907716][ T38] ? watchdog+0x1e2/0xfa0 [ 420.907741][ T38] kthread+0x711/0x8a0 [ 420.907766][ T38] ? __pfx_watchdog+0x10/0x10 [ 420.907784][ T38] ? __pfx_kthread+0x10/0x10 [ 420.907802][ T38] ? rt_spin_unlock+0x150/0x200 [ 420.907828][ T38] ? rt_spin_unlock+0x161/0x200 [ 420.907848][ T38] ? __pfx_kthread+0x10/0x10 [ 420.907870][ T38] ret_from_fork+0x4bc/0x870 [ 420.907899][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 420.907931][ T38] ? __switch_to_asm+0x39/0x70 [ 420.907953][ T38] ? __switch_to_asm+0x33/0x70 [ 420.907974][ T38] ? __pfx_kthread+0x10/0x10 [ 420.907997][ T38] ret_from_fork_asm+0x1a/0x30 [ 420.908036][ T38] [ 420.908296][ T38] Kernel Offset: disabled