last executing test programs: 15m24.25493281s ago: executing program 0 (id=298): r0 = syz_clone(0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) syz_open_dev$midi(&(0x7f00000012c0), 0x2, 0x2) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)) socket(0x400000000010, 0x3, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'veth0\x00'}) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_xfrm(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0x40}}, 0x90) socket$inet6(0xa, 0x3, 0x8000000003c) r3 = getpgrp(0x0) sched_setaffinity(r3, 0x8, &(0x7f00000000c0)=0x9) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x2, 0x0) prlimit64(r3, 0xe, &(0x7f0000000380)={0x8, 0x104008d}, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @local}, 0x10) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) r5 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x1, &(0x7f0000000480)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) futex_waitv(&(0x7f0000001080)=[{0x3, &(0x7f0000001040)=0x3, 0x82}], 0x1, 0x0, &(0x7f0000001100)={0x77359400}, 0x1) 15m22.72131157s ago: executing program 0 (id=302): r0 = socket$inet6(0xa, 0x3, 0x7) setsockopt$inet6_int(r0, 0x29, 0x4b, &(0x7f0000000000)=0x2, 0x4) sendmsg$WG_CMD_GET_DEVICE(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc0}, 0x20040000) sendmmsg$inet6(r0, &(0x7f0000004580)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='$\x00\x00\x00\x00\x00\x00\x00)\x00\x00\x00'], 0x28}}], 0x1, 0x0) 15m20.851569388s ago: executing program 0 (id=303): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r0, &(0x7f0000003580)={0x2, 0x0, @dev}, 0x10) r1 = socket$kcm(0xa, 0x1, 0x106) sendmsg$kcm(r1, 0x0, 0xe07e872420dfefca) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000003580)={0x20, 0x24, 0x107, 0x70bd2e, 0x25dfdbfb, {0x2, 0x7c}, [@nested={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0x2, 0x0, 0x0, @u32=0x1}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x4048011}, 0x8010) 15m18.872709443s ago: executing program 0 (id=307): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000007c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(sm4)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000001900)=[{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f00000000c0)="5bdbd57a0e656889964df9937f561de9b944d1e381fed329742e239cb13cf2af711d48d2f15b3118abd8fd087f117830209a631f9dfbec5cbbbb2216a2d87dfb0d7dd906c594125a10053c8e288ac4445ff0e999d423cc250e31e8650d248e49ba5fb3be8db01db38acf5a4455630ecb10f753530ada6598a1ff4805370a5cebf0", 0x81}], 0x1, &(0x7f00000006c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x2}], 0x1, 0x0) recvmmsg(r1, &(0x7f0000000700)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f00000003c0)=""/109, 0x6d}, {0x0}], 0x2, &(0x7f0000000680)=""/56, 0x38}, 0x8}], 0x1, 0x40012000, 0x0) 15m16.132282265s ago: executing program 0 (id=311): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94) r0 = socket(0x1, 0x803, 0x0) getsockname$packet(r0, 0x0, &(0x7f0000000200)) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x40}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_FLAGS={0x8, 0x8, 0x100}]}, 0x34}}, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@ipv6_newaddr={0x2c, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x88}, [@IFA_LOCAL={0x14, 0x2, @ipv4}]}, 0x2c}}, 0x0) 15m15.992023604s ago: executing program 0 (id=313): ptrace(0x10, 0x0) syz_open_dev$midi(&(0x7f00000012c0), 0x2, 0x2) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)) r0 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'veth0\x00'}) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_xfrm(r1, 0x0, 0x90) socket$inet6(0xa, 0x3, 0x8000000003c) r2 = getpgrp(0x0) sched_setaffinity(r2, 0x8, &(0x7f00000000c0)=0x9) prlimit64(0x0, 0xe, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x2, 0x0) prlimit64(r2, 0xe, 0x0, 0x0) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @local}, 0x10) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6) r4 = syz_open_dev$MSR(&(0x7f0000000140), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) r5 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x1, &(0x7f0000000480)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) futex_waitv(&(0x7f0000001080)=[{0x3, &(0x7f0000001040)=0x3, 0x82}], 0x1, 0x0, &(0x7f0000001100)={0x77359400}, 0x1) 15m0.604100417s ago: executing program 32 (id=313): ptrace(0x10, 0x0) syz_open_dev$midi(&(0x7f00000012c0), 0x2, 0x2) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)) r0 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'veth0\x00'}) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_xfrm(r1, 0x0, 0x90) socket$inet6(0xa, 0x3, 0x8000000003c) r2 = getpgrp(0x0) sched_setaffinity(r2, 0x8, &(0x7f00000000c0)=0x9) prlimit64(0x0, 0xe, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x2, 0x0) prlimit64(r2, 0xe, 0x0, 0x0) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @local}, 0x10) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6) r4 = syz_open_dev$MSR(&(0x7f0000000140), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) r5 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x1, &(0x7f0000000480)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) futex_waitv(&(0x7f0000001080)=[{0x3, &(0x7f0000001040)=0x3, 0x82}], 0x1, 0x0, &(0x7f0000001100)={0x77359400}, 0x1) 10m31.657201934s ago: executing program 1 (id=1509): socketpair$unix(0x1, 0x2, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() r1 = socket$netlink(0x10, 0x3, 0x4) writev(r1, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000c40)={&(0x7f00000000c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x20, 0x20, 0x5, [@enum={0x3, 0x1, 0x0, 0xf, 0x4, [{0xa, 0x3}]}, @struct={0x4}]}, {0x0, [0x0, 0x0, 0x61]}}, &(0x7f0000001fc0)=""/4115, 0x3d, 0x1013, 0x1}, 0x20) socket$inet6_tcp(0xa, 0x1, 0x0) r4 = add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) keyctl$search(0xa, r4, &(0x7f0000000380)='keyring\x00', &(0x7f00000003c0)={'syz', 0x3}, 0x0) add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0x0) bpf$ITER_CREATE(0xb, 0x0, 0x0) syz_emit_ethernet(0x86, &(0x7f0000000000)={@multicast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x1b59, 0x64, 0x0, @wg=@response={0x2, 0x0, 0xe0, "00ab08653904030401c50900000009c5000000efffffffff00", "9384bbeb3018ad591b661fe808b21b77", {"694c875dfb1be5d2a0057a62022a1564", "a329d3a13bd5b6cc6a9471314a1d8c69"}}}}}}}, 0x0) 10m30.351539978s ago: executing program 1 (id=1515): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) 10m29.143697718s ago: executing program 1 (id=1520): r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x0, 0x3}, 0x10) r1 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x0, 0x1}, 0x10) sendmsg$tipc(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81}, 0x80) r2 = dup3(r0, r1, 0x0) r3 = socket$tipc(0x1e, 0x2, 0x0) socket$tipc(0x1e, 0x5, 0x0) write$P9_RGETATTR(r2, 0x0, 0x0) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000180)={0x42}, 0x10) setsockopt$TIPC_GROUP_LEAVE(r2, 0x10f, 0x88) 10m28.655298121s ago: executing program 1 (id=1528): r0 = semget$private(0x0, 0x4000000009, 0x0) semop(r0, &(0x7f0000000000)=[{0x0, 0xffff}, {0x0, 0x8, 0x800}], 0x2) semop(r0, &(0x7f0000000080), 0x0) 10m25.886265167s ago: executing program 1 (id=1547): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x200000b, 0x204031, 0xffffffffffffffff, 0xffffd000) r1 = syz_open_procfs(0x0, &(0x7f0000002340)='fdinfo\x00') getdents(r1, &(0x7f0000000440)=""/242, 0xf2) getdents64(r1, &(0x7f0000000840)=""/217, 0xd9) 10m25.772968893s ago: executing program 1 (id=1549): ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$nl_route(0x10, 0x3, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r0 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r0, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000180)={0x48, 0x2, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x48}}, 0x0) r2 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r2, 0x107, 0xf, 0x0, 0x0) sendmsg$kcm(r2, &(0x7f0000000080)={&(0x7f0000000100)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x1, 0x1, 0x3, 0x2}}, 0x80, &(0x7f0000000040)=[{&(0x7f0000000380)}], 0x1}, 0x20008010) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB="4400000009060102000000f8ffffff00000000000900020073797a310000008005000100070000001c0007800c00018008000140fffffffe0c00028008000140"], 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000050) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0xf0b, 0x70bd29, 0x25dfdc00, {0x60, 0x0, 0x0, 0x0, {0xffe0, 0x3}, {0xfff3, 0x5}, {0x8, 0xfff2}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_AUTORATE={0x8, 0x9, 0xb6a}, @TCA_CAKE_WASH={0x8}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x44045}, 0x14) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0x14, &(0x7f00000007c0)=ANY=[@ANYBLOB="1800"/12, @ANYRES32, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000025000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000100000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 10m10.696840894s ago: executing program 33 (id=1549): ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$nl_route(0x10, 0x3, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r0 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r0, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000180)={0x48, 0x2, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x48}}, 0x0) r2 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r2, 0x107, 0xf, 0x0, 0x0) sendmsg$kcm(r2, &(0x7f0000000080)={&(0x7f0000000100)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x1, 0x1, 0x3, 0x2}}, 0x80, &(0x7f0000000040)=[{&(0x7f0000000380)}], 0x1}, 0x20008010) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB="4400000009060102000000f8ffffff00000000000900020073797a310000008005000100070000001c0007800c00018008000140fffffffe0c00028008000140"], 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000050) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0xf0b, 0x70bd29, 0x25dfdc00, {0x60, 0x0, 0x0, 0x0, {0xffe0, 0x3}, {0xfff3, 0x5}, {0x8, 0xfff2}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_AUTORATE={0x8, 0x9, 0xb6a}, @TCA_CAKE_WASH={0x8}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x44045}, 0x14) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0x14, &(0x7f00000007c0)=ANY=[@ANYBLOB="1800"/12, @ANYRES32, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000025000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000100000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 4m54.451265042s ago: executing program 2 (id=2760): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000840)={0x2c, &(0x7f00000005c0)={0x0, 0xe, 0x4, "d4c58c73"}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) 4m49.895084558s ago: executing program 2 (id=2775): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f0000007680)={0x0, 0x0, &(0x7f0000007640)={&(0x7f0000000000)=ANY=[@ANYBLOB="46040000", @ANYRES16, @ANYBLOB="ff830500000700ffffff", @ANYRES8], 0x4}}, 0x0) sendfile(r2, r0, 0x0, 0x100000000) 4m47.44343487s ago: executing program 2 (id=2780): mkdirat(0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./file0/file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1) mkdirat(0xffffffffffffffff, &(0x7f00000000c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, 0x0) chdir(&(0x7f00000003c0)='./bus\x00') bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000900)=ANY=[], 0x5cc}, 0x1, 0x0, 0x0, 0x4000084}, 0x4000) setsockopt$MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, 0x0, 0x0) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) setsockopt$bt_BT_FLUSHABLE(r3, 0x112, 0x8, 0x0, 0x0) 4m36.297284454s ago: executing program 2 (id=2803): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000440)={0xd, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000640000000000000001000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f60008000000b70300008420000085000000720000009500000000000000"], &(0x7f0000000300)='GPL\x00', 0x6, 0x5, &(0x7f0000000340)=""/5}, 0x94) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) r1 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x800) ioctl$SG_GET_VERSION_NUM(r1, 0x2284, &(0x7f0000000080)) 4m35.465765534s ago: executing program 2 (id=2805): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, 0x0, 0x0) 4m33.29501063s ago: executing program 2 (id=2811): socket$inet_sctp(0x2, 0x5, 0x84) syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000000000000000000400000000aa"], 0x0) connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty, 0xa, 0x4}, 0x20) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1d, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x4, 0x40, 0x7fff0000}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1f, &(0x7f0000000240)={0x0, 0x0}) ioctl$SNDRV_PCM_IOCTL_WRITEI_FRAMES(0xffffffffffffffff, 0x40184150, &(0x7f0000000100)={0x0, 0x0}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 4m26.518147651s ago: executing program 5 (id=2825): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000440)={0xd, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000640000000000000001000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f60008000000b70300008420000085000000720000009500000000000000"], &(0x7f0000000300)='GPL\x00', 0x6, 0x5, &(0x7f0000000340)=""/5}, 0x94) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x8, &(0x7f0000006680)) r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x800) ioctl$SG_GET_VERSION_NUM(r0, 0x2284, &(0x7f0000000080)) 4m25.254596016s ago: executing program 5 (id=2826): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29") ptrace$getregset(0x4205, r0, 0x1, &(0x7f0000000080)={&(0x7f0000000000)=""/120, 0x78}) 4m24.010595197s ago: executing program 5 (id=2831): socket$packet(0x11, 0x3, 0x300) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) ftruncate(r0, 0x5) 4m20.78846233s ago: executing program 5 (id=2837): sched_setscheduler(0x0, 0x1, 0x0) socket$alg(0x26, 0x5, 0x0) r0 = openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x88a01, 0x0) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r1 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000080)=0x74000000) write$dsp(r0, &(0x7f0000002000)='`', 0x88020) 4m17.453962978s ago: executing program 34 (id=2811): socket$inet_sctp(0x2, 0x5, 0x84) syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000000000000000000400000000aa"], 0x0) connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty, 0xa, 0x4}, 0x20) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1d, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x4, 0x40, 0x7fff0000}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1f, &(0x7f0000000240)={0x0, 0x0}) ioctl$SNDRV_PCM_IOCTL_WRITEI_FRAMES(0xffffffffffffffff, 0x40184150, &(0x7f0000000100)={0x0, 0x0}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 4m17.40328695s ago: executing program 5 (id=2842): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4805}, 0x20000050) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a40000000160a03020000000000000000020000000900020073797a30000000000900010073797a3000000000140003800800014000000000080002400000000014000000110001"], 0x68}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000150000000000000000000500000a40000000160a01040000000000000000020000040900020073797a30000000000900010073797a300000000014000380080001"], 0x68}}, 0x0) 4m15.263781022s ago: executing program 5 (id=2847): sendmsg$ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x93ea05013bd5580e) syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000000000000000000400000000aa"], 0x0) connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty, 0xa, 0x4}, 0x20) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1f, &(0x7f0000000240)={0x1, &(0x7f0000000040)=[{0x6, 0x7, 0x5, 0x9}]}) ioctl$SNDRV_PCM_IOCTL_WRITEI_FRAMES(0xffffffffffffffff, 0x40184150, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3m59.670577386s ago: executing program 35 (id=2847): sendmsg$ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x93ea05013bd5580e) syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000000000000000000400000000aa"], 0x0) connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty, 0xa, 0x4}, 0x20) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1f, &(0x7f0000000240)={0x1, &(0x7f0000000040)=[{0x6, 0x7, 0x5, 0x9}]}) ioctl$SNDRV_PCM_IOCTL_WRITEI_FRAMES(0xffffffffffffffff, 0x40184150, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1m28.922848321s ago: executing program 6 (id=3179): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000001200)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000840)={0x2c, &(0x7f00000005c0)={0x0, 0xe, 0x4, "d4c58c73"}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) 1m23.439059416s ago: executing program 6 (id=3189): socket$nl_sock_diag(0x10, 0x3, 0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x8, 0x50032, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r1 = landlock_create_ruleset(&(0x7f00000002c0)={0x7f6e, 0x2}, 0x18, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, 0x0, 0x0) landlock_restrict_self(r1, 0x0) 1m21.244946868s ago: executing program 6 (id=3192): socketpair$unix(0x1, 0x2, 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000140)=@raw={'raw\x00', 0x8, 0x3, 0x440, 0x320, 0xa, 0x148, 0x368, 0x60, 0x400, 0x2a8, 0x2a8, 0x400, 0x2a8, 0x7fffffe, 0x0, {[{{@ip={@multicast2, @multicast2, 0x0, 0x0, 'bridge0\x00', 'rose0\x00'}, 0x0, 0x2a0, 0x310, 0x0, {0x200003ae, 0x7f00}, [@common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @pinned={0x1, 0x8601, 0x6, './file0\x00'}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "f2f7b9f28413d9d8ad470ad2b60c45cb4ea6e7bf902bdc2ff8a9304d9f655c746adc0bdc773506378bc2d27efd6abb05175089830cc46186074d7de46d5af300"}}}, {{@ip={@empty, @empty, 0x0, 0x0, 'syzkaller0\x00', 'veth0_to_team\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@MARK={0x28}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x4a0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000000) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) io_getevents(0x0, 0x3, 0x0, 0x0, 0x0) io_destroy(0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000740)={&(0x7f0000000540)=@pptp={0x18, 0x2, {0x2, @private=0xa010102}}, 0x80, &(0x7f0000000300)=[{0x0}, {&(0x7f0000001400)}], 0x2, 0x0, 0x700}, 0x40000) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000000)=0x200000000) write$vhost_msg_v2(r1, &(0x7f0000002b00)={0x2, 0x0, {&(0x7f0000000600)=""/13, 0xd, 0x0, 0x3, 0x2}}, 0x48) write$vhost_msg_v2(r1, &(0x7f0000000180)={0x2, 0x0, {&(0x7f0000000280)=""/184, 0x2562bac182d8b35a, 0x0, 0x2, 0x3}}, 0x48) 1m16.91584701s ago: executing program 6 (id=3199): bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0), 0x0, 0x1}, 0x38) r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000640)="3013f93f6a23826aeaa571d88a1fc628ec108a5ce411744d4e3ae79c5374eb3bdc7564d840b7d870c0da80f54b31a033a88be722054380d9761c", 0x3a}, {&(0x7f00000006c0)}, {&(0x7f0000001400)="9e74720b4949dd14b726badb57f016c3874d42340685e5af37d9d352ac739667546ab1897ec0f2fca33e402e62684d6f1f7bd3b281c17ff2b9575e88ed0264d35a6a10a5635b3b95fdd129d8a7f19bfc456f92098237f0e6fadce260d131a520b26d86390dbb99fcfbb9c5716a8134f0e1df76c45f10c57c8c658c3b76a7f84ff9d6d0964edecac3bc88d2b73051513a74ac758e7bb09e11f4cf999a486c5a8c34406d79ce51b790ac546521582bc2a9ad6167d7c5b9edd962d693e080a314bd31180ff59d7ec6b77bd6036817ab9e6f175736046c9f1d0997b9902c1a1201a446bf707bd2af47ec19dc8c97dfa73e532cada9a36f3bee55f1008ead64c640830d5eb5f047ad731713100ee3aa8d7c1fb0619c254d98ac0267df6e1dd3838cb31020af60b073376c1a08800fdf3d35720041f2aa74795ed3dbdb87631bfaddbb2da8f08fcde8d868070fbe7776073fe53b582e60b2bc1a84ba46c13227852dc9a65944e9186b7278973a36d17afa6181a2cc7539b32bfb64baceffbe3fd05efc088099d1ac62d2d5b062ecb3dc9dfdae20400a0ac09418013f02eeb3407e816534b4179810e59b4382cc59b86171586b1790257fed1b9ff27748a7d90d9407380e85a21faf357ac75a5821c581b34ca0a5531d527676f4e377f056a6dd574c7ac05d16fed626083bd8206ed32289bf5d94c3ba54f9c611ba2bbfc0cc66c0aee6bd32af449860a3969680bed537c3afe4128aa9984db297894bd01b69b1ffff4c86abdb946349deb1ee92013afd9d08d933431e41dd86648bd57965e6d9452542bd09411954ea4b0c27fe46203c8fcd8a1dc462d95003420f170bed4f4353ffde59ad6378aa90d1d2aa752218233d49b416e98d4a6ffd1baa526a8ce3451162b5eb5355f3faa6289ea2fbfd61278d407e77dc321b922c548c2d0eebd9b64071581830e66d65fb2a16d268db95a4db7bc7d4c7bd9ad000cb9520642c2bea06910ad99eca323b86189aab3db9125b4285e818854a012f74b2062de694986c7a03457775e96b30403ab06c4aa786f82e92c02635ec91ae7437fc0b71bbb73f7d15f39e023c88a5b156bd0f91e119f729695c48250975fe853a056c2a603f794b80e0fc22804616136912604e3833154f6f16a4bdaf48338152756a7fbf1b4cff414e98a4bff1f024727e676210448d189952ef67acb055433f3d0cb5abaae77c12dbe9d3b4a986c31b562025ef97dcc073b03ff6d3b010569238b11892f59caff159d4c54a3ebda66936b2d37a6c207a8362f7defeca6d5879037a2a5f195c04486d27686bff036b955c9beb8561e1f625acb04791992a8080e45c939a021bd2a4212018b0d605437962cf5736a7264b8734d74ed87e5e36ebd369aafbf9e2ba3f8d69b156f763024a6268199a70356a2824868180a9ff494179b35afde7047a94c7753dcefd7649b8b9c8642a1c2998e82d83c4812aa445a3ce06b76befadfe6278e1ea44b9ab784d945e8df0e2f3c6ec25341975f6bc0af7e102b6f5168b62c92f74babb856e3bbd2a96d952e1a40c5dd61252f8b9b701df9e3d272e77043cff57849fac4511f8d9d6bdcb8be26d96612565926b025c1d4d66263c8fa097dc0dfa5b1b8a36f9ef0881cbb3538f93a488259df30727c422313faf17ba54b246bd416b38f853b4b965a101c04a9ba8298f66318a41bc03467bac68893bc9b5e1d47f5913bf3b29fb522a597facbd406486bb0bae631fd321eecccc5c3a7bb8880073882c42d22487d58ece660c23862239b7699ccde923b88f777053f351b1a6c241546cefe6a52a6013e18ef0a2c37f41688e33d79efe41dfd81df58f1423baa3c1cc4ef7bcb1bde04e0bc0c9c63233e77afd2ceb742e5e7e7a7af2265c5cf70c639b1d84a637f7bb632baa3cee451e23f065614c6afaa637c89c5191925ebafffcd84fdb9e6a0ebfee2f1f4026a16e98477c8e15aacb4bfe45011e0a052eee775d48e6d88216c52fadb55f6fa4ef07f3b1b70b63beb74c6473008bcfa08fd4f320c95de4f74c37a098a1c05c486c4b98ada818e94d96f4f67257ad6a3218ba047839e634c8801e9c9bd157211889299114752cc3cf92bc340443eb74486d32be5b8055ed20c53d58a0a047c85bf63ceaf75286f6af2b9e8a50b82d7f6828cf90611fd59cd155b8152b63f6b5d447d6527288e5051966250ebda77c910b7468a162813f09dde277a4ae30539db55fabee7a10a4cc55f39c9049f907baac8171c0502c54234f7679c1e79415635cc6851b92e51cc784f078706ebe29924169d9e5982d335ec2b4b35f002cc66eba2b47e883c05a7980e30dddc6a59a0fee2403e77a31c147c12319e05cd3f101fecb1a14ab77bddd958d0da63263aa75fb07b936686c7391d1f97576fb4d526d73acecab0573c2179cf92bd5dec0d03861846ca31d4c555efa4670cab43de38fd8c979e06a0ba5e990e5cd84c3d760f8b8f59623ed2f0063bdbe9b3d00b7967b08edf6575c4f887db243f77d07b85a9b7aa2b37d562f4adaab6891408c1003c82891b736c2eb61919f17d0657eb49fbf6bb51c56ac8547212f15b950683c533ad170fb23ac11e55eddffd044710a6bcf563e601e77a75277f1dcc92a5fb0052b41cebb282aecf93d460706f1323b8766140389c66ffed5026daf508c52fcaecb55c1aa4273cb05d25d04938c7df6bcda9174cf08b4d2b7172a3dc45ce9866e6141210c7ee5a61d35751fa2945a4ff94e5df5d77eb0c9fc63148c4871d2dca098bb192aa99ccab8dd8b78313d124cdfe5cc2eabe884554f6081abb91904fe01f6d9d01cb320ab62002a4644b5ccd248e8bec740d72851e328ff55157b39234705e8bfe947daf892be1a09230f3d8b86360adce01621ba347fc9e9e4901fc815a208c63a60266f1998709f5f03983a7b35e0e2963070a91f2912beb46c36d6d5b748944630ccd84917b3eb4abd9353b19ca8042f57a401fe05241b5771e4b8d3c7c592295771fe9e02a2906719e38d306e53105f1c48ff88cb93ff1d315428f15baeeb56fb4f5504ef6993bd0d33ce8dba40be620dc4b2d5e3b5d5a941bcd194723a3c634a19599e0d0bc7ce0d55f1411ae3b2e25caa39c96cacefe08a2870b25615e3106a64cc9181548cfcb62ffc6fe10294fec2d7d0297b913fd7326ad8bb991113172fa8dececf448f887fbf9f0def1bddb796e5e1f323234326a089bed346b3d8dcec4ee52e78b50dfc48dee499420ca1f652b34d8a64b890801e5c90f8fae2f688e68ae3d1d079f4bfc350ef007626746958ad7bcd13dee16913407bc953ff5ac3013b1592b00fdf43784497ce8eaddfb7345fcd3b07d64e284a7529cfb9899e5b8ca62c7eb1491b985f2a3f544d6978107f87bcd8496a34d0f429e65558000b472108a99028e263649be5f3e75c10ca4102819776330423e3264a87095f2b3be20e1ea911b2e285191a4c27a0eab19a5bdbf26bd08fead4f22ebe5b1c82e99edb0c49a4770f74b2e012c5b0d6c6599eaa7f6939cffe30a4184fb3dec8c5a2acd6718edda3867f25cb552926b34c0ee01ccc0160f6f90d08eb72062d014e11285b9c3d02176942c6d881ef830c313b8b578cb54a494205fe7ecf257f7d545c374b931c6c2b15dceacd926b3b76c5298edf0c3bd943537c320ec4c151e6d94743288a030f7cf759229736e68963871b3f31eb521f3e9106255a7c9b8b9db64e9627922df28b5610fa5d66d6fc5fd9966ab57c46daac489b2dabb7273fe15c14a4d837efa05449e8ca3768", 0xa77}], 0x3, &(0x7f0000002400)=[{0xc50, 0x1, 0x8, "244df5680b8203b6b985638f2545f2ac042a9aee660edf5459c22ed1ed6026739f79e286a1f42ab62b2270f719c0ea01f4cfde2afa600b46d7d34e10f60c895126a9adf4a9885156ee2178974a935091e8c514514f31db8fcb6395a59a1710c7cff57d7f512eb909c22710e93086e706d2a3e4c1a121465944394844b45ed609c9fabb4edaf37a3df4d37a5ea7e027b1c5b22dd328957ae0b6f90667ae9f43322d694eebddddf7f23f1943855002a99e58c8402393d5a7dfd8d88cd1fcb86fe7aac690f8fcffa5b9dc3fdbb4822e588b7773ff35873a5ea7cc83b006d00e70987f313f1b9ba1b1b93ed3eb0362a138f2fba123982919b7aa914be8ba9c71a8d76f7045daafabfb4a50993005e0686440e9f97cc259b5350c86a0effdea17facf052b6772c96ea5fedb6b9497e591f51bd0e02ac86402d6f3fe7d0e856a69c6e3d49d89ba91e2fe519d5ac2186091766c178f274e81493af54a02f7e0b3e47c0a862bd7af9712e65f74595e8c63c91a45ebd081ad910d95f26192ead1daf401b015eb772f4b91bbacf26157d5d6d626eff439e238a6dd9ebce65fb960ae90ec490d5014589a24d107c8b66a587166ce85e9bffd332defeee0c3333d15ed629874fb3259217911d50a1eec22b3c205b3c2068bdbe9d0145de5536049af47bea81d4cffdc45b277e8c06249510d2d429cb3e606d27f40918bd250818d0a09512ed8a2727c81a38e44366deb7ca5e30556b03305ae54b19cc17f6a543a9d397676d1d18c873c30f02a873c6fe6cb1c21d0ebf78c1bc732ef62cbc92e71d461886c9fa5f04d28dc4c7e3b3ed55fb39603c041d27017322610ac1a16c63c91ed376d9bba0df833d185fff47bad911c26a5918034211a3dbe77663f21a22b4bed8a3cbabfcd5622a1bbc3c015d1890391c5f5f57ff316718f57d7927f41724ee25f274c98a22d8cc1f7348cdd5ff604f4fe21d50f21a1638a75b39c6a5e5c0470812e9e7a663f4f61e6f8b008d31c6e9bd4686a17e0f4fb42c06a19436731d612990f7dbdc2d9b6dd4a5152b8cdbef0906e6f6dd07ad305da2d579fb968b000ad7075c91d35f1af5c3783cbeb9306de0cb3f086a0e2950f564b6e1d0ff9bc785d53ed0176c3feaa5356559ebf4508bccc9202ee45d1c20f768f98f60aed75b7da8dba4f1c36a8b668e3a9a19eb431d4759a7b6840c888774194f60f872790fb243fdb2fb1184bc6dd225bfdb447cc1cfa5277569536d051e8069185956aaa7c34217597ab9c93e3ac647542aab63a11dce2a50d9ae996bb2477afc23d2456f36c58a8ca9308aea7548ea875ed4159d2df58cc3edcc0f1afd5fbed7e8fd540a9e97009a801e6d1397670d528f6c8ebbfce8ac7196efb13d05df6d95942f3a5f7629c857e558f0f408cfe6c5d7b9b3c07ac388904b79ffa7f947c0738b1722e6c817cb87cbee4d26d29ac34205523c121677cf55e891a681e9e4a1847ff29a8f440a427ebb9fa040f212b558c0932ad7f7e1115f48c52adcfbfb13ca9fe08f5507a74b04fee211674865f4ffa3f5cfba2fa7640a055efb6e848f4b6f9222bbe3b26a3721ddabc492c0586ca63fb03cc73007bef0e35606cfc629fa1c551eee50593712449e31c730042128ecdf57b35c79d040c6c23c663c5d30e2f3e711c8a9b9949814afee7117207a2b3ee989dd8edf72d997b3baa3ad5b700a8bf3c29d347094df4864bd4f4c234d5ef682b20f2664f7af13ec91c2490b0ddaff7cb2214d84a0a4486e6c51db48c21b6ef2bccf637bd589204716b019f976491ec9eedea1e67d48521a6e42cbc77c808e597a876226ba352c79e5f485ce3dd499f7eb22831a3951b70c5c869c90596fa211a1b9844c8a80e3fccaef546d08c4599f43b08bf198d8ed3b666088b191103f477bcf885bee9e280c9c126f1a2ddff0963ef5da8136f405dd5479e121fccbfa18c290acbee162a13006fcca07773a3da5db87b29c6ee7d66d2340bc053b83d600b5aaab198965f691aa52be98fda0998bb6a330f54575429a3cb7dcca97db0cdf3a2f1003514b1c213875e5306feb23a152898fd2cd25d4b93867018f713fd5d070846cd9981a489bd1b26ddc9c55a84d2d69d2687c5119cda5dffd0f425205aad0533f1bbef18df707d80422c3ce3f41382bf63906622250d2013552d40d97f2ef8bfca77331262e2989401b7644797bad8525f93754b54ad7098bfccb80540686972f7bc6aae896cd999c7bfdef03d14c013fbe14d2664cedbee82453ce9c0353142b5f8a2914572b1e59c072149b467a52979027666a0659c2e509dd6fd542d2410c42509ceca783d663c5c3813becb351d4a6f1602e40d047fedcbcdffad0c0b37f93bdce20ab98003cb718f613b6900aa252648e54d8b311ab249dfd548f5b60d2d8694f8aa1859b3c5c05f76d3f9b2de17a4a8328c7f5db363d9d161ad3de19b99781ce192ac0082d3b798d84f4bed0dd93ebdca87a6301c68ef57934f00089d3a2b943235633e22d3df2364917738a1cd3a3d3a16c682f087e5df2a7b91eb6fb6902ae15dcf48f5ca55d50015a9013fc9176cba5e37d75bc8d6a7cc72b8ad3fa2da84b31570d100499c7cafd1627c41bc0201f0954e8a8e26e876cd1b090af8d053735298d0d07a86e6d72988ad1f50a9897dc4382a9f6d5c651006e15dddc8951d543d0500adf8112de6767b075655b359407a9492e2076bd357592eda6479e6f37e55ce92024b4f791066f4e815ca5187caaf9870c10b1cdc7484d8f86185690f09c8af0fb222bc8f48e83837525f219cc7f2cef1b66bd392800103fc047dcc2dcfbb33fb4bfd2bd67dacbf66b80b6287f682b4c6b8c0d58cf4f9e3a9f69ea56f9e27e52cd21aab42f9f04eba3317f1927fbdd500e10acc508ff158346839d7e2ec004d9d25d5f785971940a329e89c89ee7575e34060ecdd5333071defcfd84abbf5787a5db4248e312b9f4955d3c767ec218e726fa2f46fbcd75dd6966efdac1ae06013cfcdbb62cb6be19ec96d883676995fb9e325a8c7bf5658806de9c8dd9ce0a7d1bea024c1aca7c1baaf3d5b0a68a8eb75996dc5ca3327dee4794d121d08cae66e2ca9c749c4956deeed5f5a341ae324a98185918c63d09c262acbc3f3190f224a555e133e2629eb7e21db87e075a92d4b3d02c0938c9d155c4816842a6b916b0c57f2c80ca53ecd39194eede230b3c9377b39c8f8d62ab9ca9eb2463e69003c34c9833165ed3063e4541bc5ee55ecb2164784648a1741e505c8609e868b29d52fb4a7ca2bc762ea0a127fdd7f14787faa5188afc8e74557213ec261b86a80227566141885b6a27ef42bc90e9615439ba996c5a47c22812ca7e790ff5b992185cc95438118d34e4e967863a93be631a7e20356b29b8d46fccc0d80feb218d368a8aeae7a7dc7d5005abf36013498fb177e2c8776cc8d1f606ef95217e0be7e18bd75e209427a05895b26354f140e9e1870fc52913d17e09f78e7beb3ce86b3b3f424086b68b5eb7dbb76d45441b7523ac1b7b2c423440886c946b7f9dc1e7baadb434f30a70908a46bb2fc70c5a4ff234d13c3c62065d31931b200426b38fe46cc82cab2d95fcb12ce95ef3910ed0270fe40e65fa6eac628c46abd2aceb604fb64390313ac734f793764e9fd6579591b8b9a87394a2dcb5fee88deadad3b4774cba87c5f2c75a6ab0f2da04a583b1e47da363ca00c7f9a4c7593d139acbefb6f6ec341079d6c713b5fbfd8237e186f2166d6619411092b82b7cf4f45953b33cfccb8fadc4ab5cde926b5a909ec288eb7a9089b8cceb1cef2ef299881bd2a107574325116a7f72d68b641c0ba04024df088606a51c619d7dc1fc924e269f46fb1e73db8b55da8f87e68e66ff52967e66d971acccf2bbf0d6beaa53eb2f1215e23f961dc7370cb05c23606a2c1628509f04448091964cee7ed1eb9c419788f8b6d50f7da0c8ab6d3c206910d345d4e5da8c751145616a9fbf13c9958e253200f4cc65c542486cfd5444aa0f29da078e44f3867f996a04989acc14de81468f7e465737e6394df89fa04793d75c1dd60047fef04717536562e7149c273dfb3587753115e67a18e3de27fa09158bf8e987011b7f227cc1fde527604bf5e5faea8ed9ed60ea18d5b74f4369437adcf590ebade205567c3c4900cef28e91761746d4b031dbe202143712fc31eb9382f9700c6b90b39d6cd382923d44f46401b5325871985cce1822514686d5483725fc89b9c51b43ef05342a3a5c58be8e4220dfdd08e1c46954a9600bf682b21a6734aec38dc4f80d8a8018f2b73bb881e8380e09ec76626524b93695842145408d82817a7fc6aa28818246a554ba9c544dcbb110252cccfbc7c0c0127b66711ee999aa55bd104792077698e569e8b019acebb1b22c0938898a09fa9eef45e"}], 0xc50}, 0x40000) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10805}, 0x44049) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r3, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 1m16.351364131s ago: executing program 6 (id=3202): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa1000000000000070100"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000faff0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYRESOCT], 0x0, 0x4a}, 0x28) io_uring_setup(0x2f00, &(0x7f0000000700)={0x0, 0xe8e2, 0x2, 0x20001, 0x2d6}) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x1e, 0x0, 0x0) r3 = socket$kcm(0x2, 0x200000000000001, 0x106) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_ro(r4, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) sendmsg$inet(r3, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x0, @remote}, 0x10, 0x0}, 0x3000c041) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x6, 0xc, &(0x7f00000008c0)=ANY=[@ANYBLOB="180200000400000000000000000000008500000041000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000ffffff85850000007100"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x258, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08060cdc030ec0007f03e3f70000000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08120800030006010000bdad446b9bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1}, 0x0) 1m14.562942492s ago: executing program 6 (id=3206): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_HYPERV_EVENTFD(r0, 0x4018aebd, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="5000000002060500000000010000000000000000050005000a000000050004000000000005000100070000000900020073797a310000000016000300686173683a6e65742c706f72742c6e6574"], 0x50}}, 0x0) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000000000000aa1800148014000240fc000000000000000000000000000000060004404e1f0000050007008400000006000540"], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0) r2 = socket$netlink(0x10, 0x3, 0xc) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(0xffffffffffffffff, 0x7, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 58.492300044s ago: executing program 36 (id=3206): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_HYPERV_EVENTFD(r0, 0x4018aebd, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="5000000002060500000000010000000000000000050005000a000000050004000000000005000100070000000900020073797a310000000016000300686173683a6e65742c706f72742c6e6574"], 0x50}}, 0x0) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000000000000aa1800148014000240fc000000000000000000000000000000060004404e1f0000050007008400000006000540"], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0) r2 = socket$netlink(0x10, 0x3, 0xc) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(0xffffffffffffffff, 0x7, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 10.953867s ago: executing program 4 (id=3328): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f000000cf00)=@newqdisc={0x48, 0x24, 0xf0b, 0x0, 0x1000000, {0x60, 0x0, 0x0, r2, {0x0, 0x8}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x18, 0x2, [@TCA_CAKE_BASE_RATE64={0xc, 0x2, 0x1003}, @TCA_CAKE_ACK_FILTER={0x8, 0x10, 0x2}]}}]}, 0x48}}, 0x0) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r4 = socket$inet_tcp(0x2, 0x1, 0x0) dup2(r3, r4) sendmmsg$inet(r4, &(0x7f0000000d40)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000002f00)=[{&(0x7f0000000540)="679512f062b8d965651edd4c06c90178", 0x10}], 0x1}}, {{0x0, 0x0, &(0x7f0000000c00)=[{&(0x7f0000003200)="8c", 0x1}], 0x1, 0x0, 0x0, 0x180}}, {{0x0, 0x0, &(0x7f0000001100)=[{&(0x7f00000012c0)="c89339f96fa636ba2f527aaa37159cc815448e015b23284d531bdd25a86c02e88b8f962021a37fd9614193094b27b21bf40bc7b43441ae5179a127ea80e91899e1f10a7045c4412bb7997ff8838923521fe0754832209cd546f4ed81500298511e080ec7059b1c32c07fd26f721c6611b8cb344a3fd8f7a889c50a42881e09d4d7ee7ee6c308a13ae6436c858933dc99f71924b68ae0faf95b0afcd3533bcc32840737f434728a12e99aea5c4ee6a603636560b8d9de530d395181e440c1a025ff8d6f33062f14ba2403a178e32ff2d4ec5d0d2c83233b01a41103ef38daeed650987abebe0e8ba7effc07bb5dbbc9a38a11f082f2c99937942f017c37a59572f5069ca709702ef133aa9730ebb5b72687f6175906dbc32289108cc93e5c84284bc701a0629e12eca8c15e763acd011323b758fdb82a63665c906b176042a6c601b5428722c8f6b795a4effc0d4c9a4b4963ae30e77afa0b473d27f4938b1f081765f30aee60de80b1154e3afc3593cad6a146f1c4e954a6b7535f7c4f1baf0e7280ae8957eb14aecb29cc42be434b6a73840fb4668ab11c7ad5f300d7561aa60619fc26a1bfe8fa4858b8b4282d0c9a86c8c2eed644303c1213114081f9cd2358f6609ed25113de321db6b3efbfea341c7318fdcf6776383d3329f080e2386a708679852ee2c28c2ab423163be97f818424b862486791ce5b8b25836a4f07079b65c7c3b2e797eee7f267e5cf37fb63bb89f6b15c332da46b2a313ff6cd958152701a73601c7d02b74622ba7ff9c2fccb1826a3238b95163edcf5dbb381c666fcd8f0ce22eb182135bd8a32c627e20354f2253edb77efadbb48d512ca030763df825c1dd71d34295dc2e75e0a3054354ca6674e2d16ae319c8f3bf7a7fe1e1e596cc2679444c2b5e84a5caaa40136a41a3a35e2ca053d8e4ff2134c2bd7dc2c5c7ef55579a7b569b5face778afba93a877b622f473d942fef36d909b7c17e2ba3948fc889f377f0bce583835ce70b86ee8c419f77c9fa9da33d5f3fd2f994c2229b59db0670a15d7ba9b8b3245c7c2f83953c046528db1d9626877752071b0389bb18edd4d3797b6846e8746911526b6cfb1da1a206f5d13f69d7a8a76f5dfaf02abdfde171ed51a80ca2146fe8a181df5f9c9e969c1e2113bb355a956dd0139446d7e5b1ae338513459753977c245177ed5ae398bb23ad503739c2d75b99d70af19a2faf0a6922585378c0c881298f5af7dc63f99b40be3aea8c25bb8f599ffc4d47caec400357f2fa0675c5a81141d6b1697a", 0x394}, {&(0x7f0000000a00)=',', 0x1}, {0x0}], 0x3}}], 0x4, 0x0) 9.42023672s ago: executing program 4 (id=3330): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000001200)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) 9.322242087s ago: executing program 3 (id=3331): r0 = io_uring_setup(0x7d5, &(0x7f0000000500)={0x0, 0x2000000, 0x400}) r1 = msgget(0x0, 0x2c4) msgsnd(r1, &(0x7f0000000000)={0x3, "46e51f4d1e3c1ef83f32986e91d21c8e3d7f11d88b70f827ce836b3aaaddf33bbffc63d4ca90eeb54139235ddfb4bd7b605cac26a8ee591ca0741593f3626936a5ca45e03bbb1dd60319018fc25d651ee1e05e741c7c32ffd6acffd0ecfbfacf144acb18135c5944876949cd1c36c9014e042de6f40ec28e422b9d6fc23e269ce17475792fd55191e078702c28ff9176ba7f70f16332a88c93772c6a712e40ab2c4df2146a0472297a9c318a908886b651b0a3bb5ccd3f40fd443ef06c1a2c8a1d6bd871c3e9fa0d9cc027873cbf6a152d8f94b55e4da248e0f0976170810ef408a5581e6595547b67c18496683e0ee037a70e48793bcd99c22186f151b56c1ef185758b2a9742c92abcfca92178b232a78956035a467ef03d33c712aec9bf562da8b28f8b682b71ad47781917f03f30b94253d0901b1bef367191842a605327b9e003c3b827338f8e8c6fff69d8446de91943547d52c56febad98e037aaaf99f5f335056c9493f82564cd5763f1349509ce7b8ff5689ed918c53e71f072b0b61c03f4fedf2ae0da9df32c69bf20240083771e8cc18444b9ba4cdd23d4747dfdf3d4682e2d6a09ad77e4ef8d8431483e3f444351a6661303477ab7d608908dec8b9b1b578419faae39ac1a9c6a4b2c0761ce2c593ec2db1ec3af608dd3e824d30bcce77543d34549dc28396fa38ed299740995b71cb9dc1a251eb3ab72462c4907c52db1a2ce99e2bc984aa0d7af87814559cb47145d356264ba70d7e2bbae2006bcda299c3a572bef1ca1b00aad4afcefb98f69a7c43ea37e51b43d0930df691d5088808cdc5557cef6dceed0d398e60cdd21eb1addccd2c8ca329a7aef998a53096661909b4a04a2831b29b35439ed1906cbc07565bc627c919f7835572df4926ca3451fe31ddf123c23"}, 0x293, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 8.368829131s ago: executing program 4 (id=3332): socket$nl_sock_diag(0x10, 0x3, 0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x8, 0x50032, 0xffffffffffffffff, 0x0) r1 = landlock_create_ruleset(&(0x7f00000002c0)={0x7f6e, 0x2}, 0x18, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, 0x0, 0x0) landlock_restrict_self(r1, 0x4) landlock_restrict_self(r1, 0x0) link(0x0, &(0x7f0000000180)='./file0\x00') 8.066373014s ago: executing program 3 (id=3333): getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000180)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback, 0x6}}, 0x3, 0x81}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000) r1 = socket$inet(0x2, 0x801, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200047bc, 0x0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a37f2", 0x8, 0x2c, 0x0, @remote, @local, {[], {{0x3a00, 0x5, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) splice(r1, 0x0, 0xffffffffffffffff, 0x0, 0xc0, 0x5) syz_io_uring_submit(0x0, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x3516, 0xc2de, 0x8, 0x0, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) r4 = dup3(r3, r2, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000001c0)={0x8, 0x0, &(0x7f0000000fc0)=[@release={0x40046306, 0x5}], 0x0, 0x0, 0x0}) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000600)=ANY=[], 0x100}}, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a14000000000a01030000000000000000010020052c000000030a01020000000000000000010000040900030073797a32000000000900010073797a300000000054000000060a010400000000000000000100000008000b40fffffffe0900010073797a30000000002c00048014"], 0xbc}}, 0x4000) 7.144395062s ago: executing program 4 (id=3334): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_rdma(0x10, 0x3, 0x14) bpf$PROG_LOAD(0x5, 0x0, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f00000006c0), 0xffffffffffffffff) memfd_create(0x0, 0x1) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$TIPC_CMD_GET_NODES(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000480)={0x1c, r4, 0x1, 0x70bd2b, 0x0, {{}, {0x0, 0x6}}}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 5.374356734s ago: executing program 3 (id=3335): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x148) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) r1 = fanotify_init(0xf00, 0x1000) fanotify_mark(r1, 0x105, 0x5000003a, r0, 0x0) mknod$loop(&(0x7f0000001b80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x8008, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYRES32=0x0, @ANYRES16, @ANYRESHEX], 0x50) io_uring_enter(0xffffffffffffffff, 0x2219, 0x7721, 0x33, 0x0, 0x0) creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x93) renameat2(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, &(0x7f0000000480)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2) 2.179013401s ago: executing program 3 (id=3336): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000200000000000000000008"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x1e00}, 0x94) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x14080, 0x10000}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8, 0x1, r0}]}, @IFLA_GROUP={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000040}, 0x0) 2.17511731s ago: executing program 4 (id=3337): openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) openat$sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv4/tcp_sack\x00', 0x1, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e21, @local}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x40000, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x3, 0xfff3}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x6, 0x6b7, 0x80, 0x800, 0xffffffff, 0x91b1}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000400}, 0x800) sendto$inet(r0, &(0x7f0000000900)="2e552f5d9fd8b0d9627c4980f0d1ea2bf8f617a682acd2841acd878bd68344d4f50f83b0c51fa9135a01c95d4a068ec8b12d01010000a44c4505ba9a36f2cf4cc5e8308126d0a2c3b9d24e57c5011376b6263e2a1258eec1eb72bedea3eb5ccf73eb081b4c6d5faa998d7b795c057dd757d14200a8a6dbb3e59df96b77d16753ac4b32b94ffe6b5ee304d0428eb18056657c8c5c71c632be66cb26fe5c9abec7591ef3cb9b2a1133e9fa9bf0de6c378bed7b51cb8a07c343aabfda193349b91a5dc81a658cb61fbbfa51ef95abe03381ee2cb8d41da19ea8b96ec68ce17cf57da60f1d04acaf34a643db8d2d5ad2991f306b42744347a0c9e1fe2136b2b3da49032d3a57df1e236222cf6d6fe396aff8e5fe7fff5baa88789b783c12045e2c904a5d118369fdddc3e6e2f24bdbb26df92ac9bf4751c897a87c0223888e36ad14ba6e4d879ff464cac6f13a3a543e067d922e99c50f2fc6391e9c1c82b7195005eafdbb3374200c134cbd0f11739e8c19dd07140686242fea48caf3a1a93b86f35d77f258a2c9ce24cf321068551a584262d7a74a344e428c77c8af755e72904b0ca8a0bb359fb0", 0xffffff5d, 0x12, 0x0, 0x0) recvfrom$inet(r0, &(0x7f0000000080), 0xffffffffffffffa9, 0xc9100120, 0x0, 0x0) 1.021079321s ago: executing program 3 (id=3338): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) bind$netlink(r2, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfd, 0x400}, 0xc) getsockname$packet(r2, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r3, @ANYBLOB="00001000252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c0000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000014001280090001007663616e000000000400028008000a00", @ANYRES32=r3], 0x3c}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) bind$netlink(r5, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfd, 0x400}, 0xc) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[], 0x3c}}, 0x0) 310.649051ms ago: executing program 4 (id=3339): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000001200)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) 0s ago: executing program 3 (id=3340): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000980)=ANY=[@ANYBLOB="1400000042000b06"], 0x14}}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000580)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000001a40)=""/102392, 0x18ff8) socket$tipc(0x1e, 0x5, 0x0) r2 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_READI_FRAMES(0xffffffffffffffff, 0x80184151, &(0x7f0000000180)={0x0, &(0x7f00000009c0)="d3c01be1b2cc5aa32751a91ce869fdee5c956fcfa86b20b36bd5deb08ad84ffd230072f3cd0259d726f9cd3fa9e2781b160e14560f01f044ae8b9b86ea2526d604bf213e615cc4efb4c71505b4f23e8f9fd5efc994b48265248d5dda27cb2ff3bebc954f1e71ab5c903a0077d7c0515bad8cb086d8b780becc793ff2faeae955f55be7f21e0b38eaf08125003c151e11070d0bd70d6e35fa481204a713b72bba2a617f482cddadb5761f962c7e06e7c8b13d231b0fcec523c6349dc4d5fc94590786da53daf3963c4d3a075cd34caf14cc690e966bed303ffc00ff503822543a176943f1267c350224838122b45a62c7dd5e00000000000000457c208f953a88214ec8344f0094b22864cd8a173f4dd18172ff867562123d6817068c315bd96cf17c6cdb68c44a0757aa425bc5f2902b04131e90990c4a1824e3c9db0afc6abf4096161e50d3d20b3af0db80a04906efa63e05732f13979594f9f14d4c93b896f0cbd83d412d5a2a46c60287211dd36419a9a6c13da2beeb68fc12ad6aee1ab50d499222b713c59e44cc607fc1438275f1b09130fa1124bee2013d3798946aecba84c7fd09949e26701a7741c17f005e4cc0ead354d53ce4dd0d8a70affe02b5f69ac4e26cf2738d7f63f1597bbdbe8961f41ffa5194357b98dc007c85e91e781cf534753b8226bd164f00ef3e7cfc653748a566f3", 0x1f5}) r3 = socket$tipc(0x1e, 0x2, 0x0) sendmsg$tipc(r3, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) socket$tipc(0x1e, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8b29, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001040)=@newsa={0x14c, 0x10, 0x1, 0xbffffffe, 0x100, {{@in=@empty, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x1, 0x394, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x2c}, {@in6=@mcast2, 0x4d4, 0x6c}, @in6=@empty, {0xfffffffffffffffc, 0x9, 0x6, 0xffff, 0x8251c, 0x2, 0xfffffffffffffff8, 0x8000}, {0x6, 0x0, 0x1f, 0x3}, {0x2, 0xfffffffc}, 0x70bd26, 0x3504, 0xa, 0x1, 0xfd, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @coaddr={0x14, 0xe, @in6=@private1={0xfc, 0x1, '\x00', 0x1}}]}, 0x14c}, 0x1, 0x0, 0x0, 0x8801}, 0x10) socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$FICLONERANGE(r2, 0x4020940d, &(0x7f0000000440)={{r1}, 0x2, 0x9b, 0x7}) recvmmsg(r0, &(0x7f0000000ec0)=[{{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000f00)=""/286, 0x11e}, {0x0}, {&(0x7f0000000240)=""/248, 0xf8}], 0x3}, 0x1005}], 0x1, 0x0, 0x0) kernel console output (not intermixed with test programs): with an up link [ 507.226786][T10616] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 509.520355][T10616] team0: Port device team_slave_0 added [ 509.540991][T10616] team0: Port device team_slave_1 added [ 510.454135][ T57] bridge_slave_1: left allmulticast mode [ 510.454162][ T57] bridge_slave_1: left promiscuous mode [ 510.454390][ T57] bridge0: port 2(bridge_slave_1) entered disabled state [ 510.715017][ T57] bridge_slave_0: left allmulticast mode [ 510.715044][ T57] bridge_slave_0: left promiscuous mode [ 510.715296][ T57] bridge0: port 1(bridge_slave_0) entered disabled state [ 510.918734][T10727] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 510.924977][T10727] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 510.944317][T10727] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 510.970504][T10727] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 510.971858][T10727] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 513.477194][ T5804] Bluetooth: hci3: command tx timeout [ 515.329820][T10586] Set syz1 is full, maxelem 65536 reached [ 515.337087][ T57] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 515.425068][ T57] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 515.459181][ T57] bond0 (unregistering): Released all slaves [ 515.496871][T10727] Bluetooth: hci3: command tx timeout [ 516.910309][T10616] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 516.910325][T10616] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 516.910349][T10616] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 518.342030][T10727] Bluetooth: hci3: command tx timeout [ 518.369536][T10616] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 518.369552][T10616] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 518.369577][T10616] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 519.214980][T10774] gretap1: entered allmulticast mode [ 520.337386][T10616] hsr_slave_0: entered promiscuous mode [ 520.340230][T10616] hsr_slave_1: entered promiscuous mode [ 520.360213][T10616] debugfs: 'hsr0' already exists in 'hsr' [ 520.360255][T10616] Cannot create hsr debugfs directory [ 520.376415][T10727] Bluetooth: hci3: command tx timeout [ 521.183947][ T57] hsr_slave_0: left promiscuous mode [ 521.216460][ T57] hsr_slave_1: left promiscuous mode [ 521.217446][ T57] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 521.217469][ T57] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 521.272282][ T57] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 521.272309][ T57] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 521.390521][ T57] veth1_macvtap: left promiscuous mode [ 521.390618][ T57] veth0_macvtap: left promiscuous mode [ 521.390840][ T57] veth1_vlan: left promiscuous mode [ 521.391005][ T57] veth0_vlan: left promiscuous mode [ 521.873610][ T37] audit: type=1326 audit(1773135820.967:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10832 comm="syz.5.1627" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fad66b8c799 code=0x0 [ 521.923447][ T37] audit: type=1326 audit(1773135821.007:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10832 comm="syz.5.1627" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fad66b8c799 code=0x0 [ 522.497817][ T57] team0 (unregistering): Port device team_slave_1 removed [ 522.558339][ T57] team0 (unregistering): Port device team_slave_0 removed [ 524.448786][T10726] chnl_net:caif_netlink_parms(): no params data found [ 524.477587][ T5804] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 524.485508][ T5804] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 524.489167][ T5804] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 524.490194][ T5804] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 524.490869][ T5804] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 524.869848][ T37] audit: type=1326 audit(1773135823.967:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10865 comm="syz.4.1638" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f10caa6c799 code=0x0 [ 526.536565][ T5804] Bluetooth: hci0: command tx timeout [ 526.538622][T10726] bridge0: port 1(bridge_slave_0) entered blocking state [ 526.538743][T10726] bridge0: port 1(bridge_slave_0) entered disabled state [ 526.538944][T10726] bridge_slave_0: entered allmulticast mode [ 526.541965][T10726] bridge_slave_0: entered promiscuous mode [ 526.668054][ T37] audit: type=1326 audit(1773135825.767:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10899 comm="syz.5.1643" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fad66b8c799 code=0x0 [ 526.717941][ T37] audit: type=1326 audit(1773135825.817:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10899 comm="syz.5.1643" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fad66b8c799 code=0x0 [ 526.887507][T10726] bridge0: port 2(bridge_slave_1) entered blocking state [ 526.887620][T10726] bridge0: port 2(bridge_slave_1) entered disabled state [ 526.887843][T10726] bridge_slave_1: entered allmulticast mode [ 526.890403][T10726] bridge_slave_1: entered promiscuous mode [ 527.444566][ T57] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 527.521461][T10726] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 527.583934][T10726] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 527.769398][ T57] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 527.899814][T10726] team0: Port device team_slave_0 added [ 527.945456][T10726] team0: Port device team_slave_1 added [ 528.115340][ T57] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 528.271164][T10726] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 528.271175][T10726] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 528.271189][T10726] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 528.504599][ T57] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 528.556045][T10726] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 528.556062][T10726] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 528.556083][T10726] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 528.616454][ T5804] Bluetooth: hci0: command tx timeout [ 528.701554][T10616] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 528.770706][T10616] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 528.818078][T10616] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 528.902083][T10616] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 529.009328][T10726] hsr_slave_0: entered promiscuous mode [ 529.010723][T10726] hsr_slave_1: entered promiscuous mode [ 529.011749][T10726] debugfs: 'hsr0' already exists in 'hsr' [ 529.011772][T10726] Cannot create hsr debugfs directory [ 529.171143][T10869] chnl_net:caif_netlink_parms(): no params data found [ 530.012615][T10727] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 530.016750][T10727] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 530.018008][T10727] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 530.019176][T10727] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 530.019802][T10727] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 530.724647][T10727] Bluetooth: hci0: command tx timeout [ 531.103497][ T57] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 532.074714][T10869] bridge0: port 1(bridge_slave_0) entered blocking state [ 532.074826][T10869] bridge0: port 1(bridge_slave_0) entered disabled state [ 532.074954][T10869] bridge_slave_0: entered allmulticast mode [ 532.076865][T10869] bridge_slave_0: entered promiscuous mode [ 532.108574][T10869] bridge0: port 2(bridge_slave_1) entered blocking state [ 532.108651][T10869] bridge0: port 2(bridge_slave_1) entered disabled state [ 532.108776][T10869] bridge_slave_1: entered allmulticast mode [ 532.110127][T10869] bridge_slave_1: entered promiscuous mode [ 532.220044][ T57] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 532.341534][T10869] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 532.377357][T10869] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 532.494262][ T57] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 533.475683][T10727] Bluetooth: hci2: command tx timeout [ 533.475990][T10727] Bluetooth: hci0: command tx timeout [ 533.571222][T10869] team0: Port device team_slave_0 added [ 533.822488][ T57] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 533.888196][T10869] team0: Port device team_slave_1 added [ 533.966572][T10869] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 533.966588][T10869] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 533.966610][T10869] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 533.974807][T10869] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 533.974818][T10869] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 533.974832][T10869] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 534.098635][T10726] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 534.148650][T10726] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 534.193782][T10726] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 534.294281][T10726] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 534.325985][T10869] hsr_slave_0: entered promiscuous mode [ 534.332879][T10869] hsr_slave_1: entered promiscuous mode [ 534.333400][T10869] debugfs: 'hsr0' already exists in 'hsr' [ 534.333415][T10869] Cannot create hsr debugfs directory [ 535.408117][ T57] bridge_slave_1: left allmulticast mode [ 535.408143][ T57] bridge_slave_1: left promiscuous mode [ 535.408371][ T57] bridge0: port 2(bridge_slave_1) entered disabled state [ 535.496447][ T5804] Bluetooth: hci2: command tx timeout [ 535.497760][ T57] bridge_slave_0: left allmulticast mode [ 535.497777][ T57] bridge_slave_0: left promiscuous mode [ 535.497933][ T57] bridge0: port 1(bridge_slave_0) entered disabled state [ 535.580223][ T57] bridge_slave_1: left allmulticast mode [ 535.580243][ T57] bridge_slave_1: left promiscuous mode [ 535.580379][ T57] bridge0: port 2(bridge_slave_1) entered disabled state [ 535.647330][ T57] bridge_slave_0: left allmulticast mode [ 535.647350][ T57] bridge_slave_0: left promiscuous mode [ 535.647519][ T57] bridge0: port 1(bridge_slave_0) entered disabled state [ 537.636375][ T5804] Bluetooth: hci2: command tx timeout [ 537.689820][ T57] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 537.759742][ T57] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 537.810148][ T57] bond0 (unregistering): Released all slaves [ 538.316995][ T57] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 538.396926][ T57] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 538.420565][ T57] bond0 (unregistering): Released all slaves [ 538.468239][T10616] 8021q: adding VLAN 0 to HW filter on device bond0 [ 538.506949][T10939] chnl_net:caif_netlink_parms(): no params data found [ 538.726005][T10616] 8021q: adding VLAN 0 to HW filter on device team0 [ 539.117525][T10939] bridge0: port 1(bridge_slave_0) entered blocking state [ 539.117640][T10939] bridge0: port 1(bridge_slave_0) entered disabled state [ 539.117810][T10939] bridge_slave_0: entered allmulticast mode [ 539.119208][T10939] bridge_slave_0: entered promiscuous mode [ 539.124034][T10939] bridge0: port 2(bridge_slave_1) entered blocking state [ 539.124114][T10939] bridge0: port 2(bridge_slave_1) entered disabled state [ 539.124232][T10939] bridge_slave_1: entered allmulticast mode [ 539.125515][T10939] bridge_slave_1: entered promiscuous mode [ 540.019422][ T5804] Bluetooth: hci2: command tx timeout [ 540.110411][ T1336] bridge0: port 1(bridge_slave_0) entered blocking state [ 540.110670][ T1336] bridge0: port 1(bridge_slave_0) entered forwarding state [ 540.301603][ T67] bridge0: port 2(bridge_slave_1) entered blocking state [ 540.301708][ T67] bridge0: port 2(bridge_slave_1) entered forwarding state [ 540.305564][T10939] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 540.551925][T10939] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 540.817887][T10939] team0: Port device team_slave_0 added [ 540.825623][T10939] team0: Port device team_slave_1 added [ 541.221015][T10939] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 541.221031][T10939] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 541.221055][T10939] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 541.230618][T10939] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 541.230634][T10939] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 541.230658][T10939] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 541.392348][T10939] hsr_slave_0: entered promiscuous mode [ 541.393089][T10939] hsr_slave_1: entered promiscuous mode [ 541.395034][T10939] debugfs: 'hsr0' already exists in 'hsr' [ 541.395051][T10939] Cannot create hsr debugfs directory [ 541.777994][T10726] 8021q: adding VLAN 0 to HW filter on device bond0 [ 542.006383][ T57] hsr_slave_0: left promiscuous mode [ 542.046816][ T57] hsr_slave_1: left promiscuous mode [ 542.047456][ T57] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 542.047472][ T57] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 542.088393][ T57] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 542.088420][ T57] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 542.256444][ T57] hsr_slave_0: left promiscuous mode [ 542.276779][ T57] hsr_slave_1: left promiscuous mode [ 542.277431][ T57] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 542.277447][ T57] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 542.317466][ T57] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 542.317493][ T57] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 542.392445][T11037] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1683'. [ 542.460121][ T57] veth1_macvtap: left promiscuous mode [ 542.460874][ T57] veth0_macvtap: left promiscuous mode [ 542.461012][ T57] veth1_vlan: left promiscuous mode [ 542.461106][ T57] veth0_vlan: left promiscuous mode [ 542.766716][ T57] veth1_macvtap: left promiscuous mode [ 542.766774][ T57] veth0_macvtap: left promiscuous mode [ 542.766900][ T57] veth1_vlan: left promiscuous mode [ 542.766989][ T57] veth0_vlan: left promiscuous mode [ 545.097113][ T57] team0 (unregistering): Port device team_slave_1 removed [ 545.116916][ T57] team0 (unregistering): Port device team_slave_0 removed [ 545.577542][ T57] team0 (unregistering): Port device team_slave_1 removed [ 545.617462][ T57] team0 (unregistering): Port device team_slave_0 removed [ 545.994699][T10869] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 546.079968][T10869] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 546.120891][T10869] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 546.184326][T10726] 8021q: adding VLAN 0 to HW filter on device team0 [ 546.203382][T10869] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 546.294379][ T3880] bridge0: port 1(bridge_slave_0) entered blocking state [ 546.294502][ T3880] bridge0: port 1(bridge_slave_0) entered forwarding state [ 546.353332][ T3880] bridge0: port 2(bridge_slave_1) entered blocking state [ 546.353555][ T3880] bridge0: port 2(bridge_slave_1) entered forwarding state [ 546.603296][T10939] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 546.692133][T10616] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 547.049686][T10939] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 547.370501][T10939] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 547.777786][T10939] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 547.858269][T10616] veth0_vlan: entered promiscuous mode [ 547.933531][T10616] veth1_vlan: entered promiscuous mode [ 548.148726][T10869] 8021q: adding VLAN 0 to HW filter on device bond0 [ 548.187877][T10616] veth0_macvtap: entered promiscuous mode [ 548.298651][T10616] veth1_macvtap: entered promiscuous mode [ 548.347060][ T57] IPVS: stop unused estimator thread 0... [ 548.404485][T10869] 8021q: adding VLAN 0 to HW filter on device team0 [ 548.483973][T10726] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 548.486089][ T164] bridge0: port 1(bridge_slave_0) entered blocking state [ 548.489875][ T164] bridge0: port 1(bridge_slave_0) entered forwarding state [ 548.508947][T10616] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 548.514018][T10939] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 548.581869][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 548.586896][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 548.593186][T10939] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 548.659207][T10939] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 548.733877][T10616] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 548.750072][T10939] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 548.820323][ T6947] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 548.832267][ T6947] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 548.844269][ T6947] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 548.872535][ T6947] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 549.420785][ T57] bridge_slave_1: left allmulticast mode [ 549.420812][ T57] bridge_slave_1: left promiscuous mode [ 549.421025][ T57] bridge0: port 2(bridge_slave_1) entered disabled state [ 549.478090][ T57] bridge_slave_0: left allmulticast mode [ 549.478109][ T57] bridge_slave_0: left promiscuous mode [ 549.478284][ T57] bridge0: port 1(bridge_slave_0) entered disabled state [ 550.186892][ T57] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 550.268554][ T57] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 550.290451][ T57] bond0 (unregistering): Released all slaves [ 550.496377][ T3880] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 550.496396][ T3880] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 551.034265][ T6953] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 551.034285][ T6953] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 551.464192][T10726] veth0_vlan: entered promiscuous mode [ 551.595350][T10726] veth1_vlan: entered promiscuous mode [ 551.766332][ T57] hsr_slave_0: left promiscuous mode [ 551.806440][ T57] hsr_slave_1: left promiscuous mode [ 551.807190][ T57] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 551.807206][ T57] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 551.867341][ T57] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 551.867368][ T57] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 551.940090][ T57] veth1_macvtap: left promiscuous mode [ 551.940154][ T57] veth0_macvtap: left promiscuous mode [ 551.940284][ T57] veth1_vlan: left promiscuous mode [ 551.940382][ T57] veth0_vlan: left promiscuous mode [ 552.646985][ T57] team0 (unregistering): Port device team_slave_1 removed [ 552.706965][ T57] team0 (unregistering): Port device team_slave_0 removed [ 552.960376][T10939] 8021q: adding VLAN 0 to HW filter on device bond0 [ 553.002486][T10869] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 553.077430][T10939] 8021q: adding VLAN 0 to HW filter on device team0 [ 553.135573][ T164] bridge0: port 1(bridge_slave_0) entered blocking state [ 553.135790][ T164] bridge0: port 1(bridge_slave_0) entered forwarding state [ 553.180258][T10726] veth0_macvtap: entered promiscuous mode [ 553.199684][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 553.199792][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 553.227211][T10726] veth1_macvtap: entered promiscuous mode [ 553.413643][T10869] veth0_vlan: entered promiscuous mode [ 553.427716][T10726] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 553.451354][T10726] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 553.467284][T10869] veth1_vlan: entered promiscuous mode [ 553.523566][ T164] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 553.541076][ T164] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 553.544024][ T164] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 553.867984][ T164] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 554.803318][T10869] veth0_macvtap: entered promiscuous mode [ 554.901792][T10869] veth1_macvtap: entered promiscuous mode [ 555.001660][ T164] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 555.001680][ T164] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 555.166438][ T6947] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 555.166458][ T6947] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 555.208809][T10869] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 555.229765][T10939] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 555.294883][T10869] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 555.339503][ T6953] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 555.341362][ T6953] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 555.341413][ T6953] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 555.341588][ T6953] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 556.746334][ T6135] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 556.746354][ T6135] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 556.867923][ T6953] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 556.867942][ T6953] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 557.231127][T10939] veth0_vlan: entered promiscuous mode [ 557.294514][T10939] veth1_vlan: entered promiscuous mode [ 557.769884][T10939] veth0_macvtap: entered promiscuous mode [ 558.774765][T10939] veth1_macvtap: entered promiscuous mode [ 559.761130][T10939] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 559.948340][T10939] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 560.030711][ T3930] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 560.031183][ T3930] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 560.031587][ T3930] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 560.035503][ T3930] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 560.344935][T11282] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1735'. [ 560.767878][ T6947] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 560.767899][ T6947] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 561.023804][ T6135] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 561.023824][ T6135] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 562.942342][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.942408][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 564.486767][T11384] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1769'. [ 564.631781][T11384] team0: Port device team_slave_0 removed [ 565.050941][T11409] gretap1: entered allmulticast mode [ 565.252206][T11415] Bluetooth: MGMT ver 1.23 [ 565.252237][T11415] Bluetooth: hci0: invalid length 0, exp 2 for type 0 [ 568.298658][T10727] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 568.304299][T10727] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 568.305571][T10727] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 568.307241][T10727] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 568.308259][T10727] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 568.497086][T11457] Bluetooth: hci0: invalid length 0, exp 2 for type 0 [ 568.603466][ T3880] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 569.463019][ T3880] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 570.465088][T10727] Bluetooth: hci3: command tx timeout [ 570.668660][T11478] netlink: 'syz.5.1804': attribute type 1 has an invalid length. [ 571.093256][ T3880] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 572.435337][ T5804] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 572.479329][ T5804] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 572.499327][ T5804] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 572.500748][ T5804] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 572.501480][ T5804] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 572.547704][ T5804] Bluetooth: hci3: command tx timeout [ 572.601349][ T3880] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 572.913359][T11453] chnl_net:caif_netlink_parms(): no params data found [ 573.617921][T11453] bridge0: port 1(bridge_slave_0) entered blocking state [ 573.618102][T11453] bridge0: port 1(bridge_slave_0) entered disabled state [ 573.618290][T11453] bridge_slave_0: entered allmulticast mode [ 573.622245][T11453] bridge_slave_0: entered promiscuous mode [ 573.624836][ T3880] bridge_slave_1: left allmulticast mode [ 573.624872][ T3880] bridge_slave_1: left promiscuous mode [ 573.625071][ T3880] bridge0: port 2(bridge_slave_1) entered disabled state [ 573.757633][ T3880] bridge_slave_0: left allmulticast mode [ 573.757653][ T3880] bridge_slave_0: left promiscuous mode [ 573.757803][ T3880] bridge0: port 1(bridge_slave_0) entered disabled state [ 574.555626][T10727] Bluetooth: hci1: command tx timeout [ 574.666522][T10727] Bluetooth: hci3: command tx timeout [ 575.667079][ T3880] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 575.867161][ T3880] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 575.920846][ T3880] bond0 (unregistering): Released all slaves [ 576.694744][T10727] Bluetooth: hci1: command tx timeout [ 576.696556][T10727] Bluetooth: hci3: command tx timeout [ 576.743896][T11453] bridge0: port 2(bridge_slave_1) entered blocking state [ 576.743990][T11453] bridge0: port 2(bridge_slave_1) entered disabled state [ 576.744125][T11453] bridge_slave_1: entered allmulticast mode [ 576.748526][T11453] bridge_slave_1: entered promiscuous mode [ 577.875100][T11572] netlink: 'syz.5.1838': attribute type 1 has an invalid length. [ 577.875163][T11572] netlink: 224 bytes leftover after parsing attributes in process `syz.5.1838'. [ 578.393324][ T5804] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 578.402802][ T5804] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 578.405417][ T5804] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 578.424775][ T5804] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 578.433668][ T5804] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 578.696305][ T5804] Bluetooth: hci1: command tx timeout [ 579.742117][T11453] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 579.772888][T11453] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 580.148072][T11453] team0: Port device team_slave_0 added [ 580.163012][T11504] chnl_net:caif_netlink_parms(): no params data found [ 580.187502][T11453] team0: Port device team_slave_1 added [ 580.376554][ T3880] hsr_slave_0: left promiscuous mode [ 580.417766][ T3880] hsr_slave_1: left promiscuous mode [ 580.418607][ T3880] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 580.418623][ T3880] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 580.476993][ T3880] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 580.477021][ T3880] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 580.536443][ T5804] Bluetooth: hci0: command tx timeout [ 580.572869][ T3880] veth1_macvtap: left promiscuous mode [ 580.572977][ T3880] veth0_macvtap: left promiscuous mode [ 580.575807][ T3880] veth1_vlan: left promiscuous mode [ 580.575994][ T3880] veth0_vlan: left promiscuous mode [ 580.678875][ T37] audit: type=1326 audit(1773135879.777:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11623 comm="syz.4.1860" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f10caa6c799 code=0x0 [ 580.738764][ T37] audit: type=1326 audit(1773135879.827:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11623 comm="syz.4.1860" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f10caa6c799 code=0x0 [ 580.776319][ T5804] Bluetooth: hci1: command tx timeout [ 581.331668][T11636] netlink: 'syz.5.1866': attribute type 1 has an invalid length. [ 581.678618][ T3880] team0 (unregistering): Port device team_slave_1 removed [ 581.744037][ T3880] team0 (unregistering): Port device team_slave_0 removed [ 582.221681][T11636] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 582.231936][T11637] gretap1: entered allmulticast mode [ 582.324262][T11453] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 582.324279][T11453] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 582.324303][T11453] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 582.357489][T11453] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 582.357505][T11453] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 582.357530][T11453] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 582.579348][T11453] hsr_slave_0: entered promiscuous mode [ 582.580445][T11453] hsr_slave_1: entered promiscuous mode [ 582.612844][T11504] bridge0: port 1(bridge_slave_0) entered blocking state [ 582.613032][T11504] bridge0: port 1(bridge_slave_0) entered disabled state [ 582.613195][T11504] bridge_slave_0: entered allmulticast mode [ 582.615621][T11504] bridge_slave_0: entered promiscuous mode [ 582.617128][ T5804] Bluetooth: hci0: command tx timeout [ 582.645044][T11504] bridge0: port 2(bridge_slave_1) entered blocking state [ 582.645152][T11504] bridge0: port 2(bridge_slave_1) entered disabled state [ 582.645341][T11504] bridge_slave_1: entered allmulticast mode [ 582.647720][T11504] bridge_slave_1: entered promiscuous mode [ 582.909370][T11504] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 582.969181][T11504] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 583.059774][T11504] team0: Port device team_slave_0 added [ 583.063002][T11504] team0: Port device team_slave_1 added [ 583.207833][T11504] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 583.207851][T11504] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 583.207874][T11504] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 583.265350][T11504] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 583.265365][T11504] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 583.265388][T11504] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 583.669964][T11581] chnl_net:caif_netlink_parms(): no params data found [ 584.829141][ T5804] Bluetooth: hci0: command tx timeout [ 585.019074][T11504] hsr_slave_0: entered promiscuous mode [ 585.020268][T11504] hsr_slave_1: entered promiscuous mode [ 585.021082][T11504] debugfs: 'hsr0' already exists in 'hsr' [ 585.021103][T11504] Cannot create hsr debugfs directory [ 585.095789][ T37] audit: type=1326 audit(1773135884.187:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11685 comm="syz.5.1877" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb1153cc799 code=0x0 [ 585.143484][ T37] audit: type=1326 audit(1773135884.237:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11685 comm="syz.5.1877" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb1153cc799 code=0x0 [ 586.087274][T11581] bridge0: port 1(bridge_slave_0) entered blocking state [ 586.087430][T11581] bridge0: port 1(bridge_slave_0) entered disabled state [ 586.087644][T11581] bridge_slave_0: entered allmulticast mode [ 586.091505][T11581] bridge_slave_0: entered promiscuous mode [ 586.892933][ T5804] Bluetooth: hci0: command tx timeout [ 587.044325][T11581] bridge0: port 2(bridge_slave_1) entered blocking state [ 587.044562][T11581] bridge0: port 2(bridge_slave_1) entered disabled state [ 587.044713][T11581] bridge_slave_1: entered allmulticast mode [ 587.046093][T11581] bridge_slave_1: entered promiscuous mode [ 587.251128][ T3880] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 587.541031][T11581] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 587.721224][ T3880] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 587.759543][T11581] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 588.038380][ T3880] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 588.111339][T11581] team0: Port device team_slave_0 added [ 588.268008][T11581] team0: Port device team_slave_1 added [ 588.481047][ T3880] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 589.410591][T11745] gretap1: entered allmulticast mode [ 589.419304][T11581] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 589.419318][T11581] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 589.419342][T11581] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 589.513552][T11581] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 589.513569][T11581] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 589.513592][T11581] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 589.776037][T11453] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 589.793102][ T37] audit: type=1326 audit(1773135888.887:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11755 comm="syz.5.1905" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb1153cc799 code=0x0 [ 589.793148][ T37] audit: type=1326 audit(1773135888.887:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11755 comm="syz.5.1905" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb1153cc799 code=0x0 [ 589.939578][T11581] hsr_slave_0: entered promiscuous mode [ 589.940368][T11581] hsr_slave_1: entered promiscuous mode [ 589.940881][T11581] debugfs: 'hsr0' already exists in 'hsr' [ 589.940896][T11581] Cannot create hsr debugfs directory [ 589.949211][T11453] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 590.264065][T11504] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 590.329637][T11453] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 590.540354][T11453] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 591.660428][T11800] Bluetooth: MGMT ver 1.23 [ 591.660450][T11800] Bluetooth: hci0: invalid length 0, exp 2 for type 0 [ 591.810098][T11504] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 592.221307][T11504] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 592.721072][T11504] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 592.890823][T11825] netlink: 'syz.5.1923': attribute type 1 has an invalid length. [ 592.890844][T11825] netlink: 224 bytes leftover after parsing attributes in process `syz.5.1923'. [ 595.046346][T11831] netlink: 'syz.5.1925': attribute type 1 has an invalid length. [ 595.046418][T11831] netlink: 224 bytes leftover after parsing attributes in process `syz.5.1925'. [ 596.536045][ T3880] bridge_slave_1: left allmulticast mode [ 596.536072][ T3880] bridge_slave_1: left promiscuous mode [ 596.558172][ T3880] bridge0: port 2(bridge_slave_1) entered disabled state [ 596.645312][ T3880] bridge_slave_0: left allmulticast mode [ 596.645330][ T3880] bridge_slave_0: left promiscuous mode [ 596.645486][ T3880] bridge0: port 1(bridge_slave_0) entered disabled state [ 596.728555][ T3880] bridge_slave_1: left allmulticast mode [ 596.728575][ T3880] bridge_slave_1: left promiscuous mode [ 596.728719][ T3880] bridge0: port 2(bridge_slave_1) entered disabled state [ 596.817413][ T3880] bridge_slave_0: left allmulticast mode [ 596.817433][ T3880] bridge_slave_0: left promiscuous mode [ 596.817638][ T3880] bridge0: port 1(bridge_slave_0) entered disabled state [ 600.833695][T11866] netlink: 'syz.5.1937': attribute type 1 has an invalid length. [ 600.833761][T11866] netlink: 224 bytes leftover after parsing attributes in process `syz.5.1937'. [ 601.176930][ T3880] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 601.257267][ T3880] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 601.293741][ T3880] bond0 (unregistering): Released all slaves [ 601.863509][T11878] Bluetooth: hci0: invalid length 0, exp 2 for type 0 [ 602.846316][T11884] netlink: 'syz.5.1944': attribute type 1 has an invalid length. [ 602.846380][T11884] netlink: 224 bytes leftover after parsing attributes in process `syz.5.1944'. [ 603.187316][ T3880] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 604.116950][ T3880] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 604.168505][ T3880] bond0 (unregistering): Released all slaves [ 604.406479][ T809] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 605.248030][ T809] usb 6-1: config 220 has an invalid interface number: 76 but max is 2 [ 605.248056][ T809] usb 6-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 605.248073][ T809] usb 6-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 605.248088][ T809] usb 6-1: config 220 has no interface number 2 [ 605.248149][ T809] usb 6-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 605.248171][ T809] usb 6-1: config 220 interface 0 has no altsetting 0 [ 605.248185][ T809] usb 6-1: config 220 interface 76 has no altsetting 0 [ 605.248200][ T809] usb 6-1: config 220 interface 1 has no altsetting 0 [ 605.386980][ T809] usb 6-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 605.387009][ T809] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 605.387027][ T809] usb 6-1: Product: syz [ 605.387040][ T809] usb 6-1: Manufacturer: syz [ 605.387051][ T809] usb 6-1: SerialNumber: syz [ 605.688148][ T809] uvcvideo 6-1:220.0: Found UVC 7.01 device syz (8086:0b07) [ 605.688179][ T809] uvcvideo 6-1:220.0: No valid video chain found. [ 605.733792][ T809] usb 6-1: USB disconnect, device number 16 [ 605.963921][T11453] 8021q: adding VLAN 0 to HW filter on device bond0 [ 606.194238][T11453] 8021q: adding VLAN 0 to HW filter on device team0 [ 606.571872][T11936] netlink: 72 bytes leftover after parsing attributes in process `syz.5.1959'. [ 606.613399][ T57] bridge0: port 1(bridge_slave_0) entered blocking state [ 606.613595][ T57] bridge0: port 1(bridge_slave_0) entered forwarding state [ 606.617657][T11936] netlink: 72 bytes leftover after parsing attributes in process `syz.5.1959'. [ 606.657851][T11936] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1959'. [ 606.748996][T11936] team0: Port device team_slave_0 removed [ 606.887794][ T3930] bridge0: port 2(bridge_slave_1) entered blocking state [ 606.887922][ T3930] bridge0: port 2(bridge_slave_1) entered forwarding state [ 608.343017][T11973] netlink: 'syz.5.1968': attribute type 1 has an invalid length. [ 608.343080][T11973] netlink: 224 bytes leftover after parsing attributes in process `syz.5.1968'. [ 609.015701][T11504] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 609.315113][T11504] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 610.224139][T11504] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 611.359813][ T3880] hsr_slave_0: left promiscuous mode [ 611.396843][ T3880] hsr_slave_1: left promiscuous mode [ 611.397911][ T3880] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 611.397935][ T3880] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 611.460121][ T3880] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 611.460147][ T3880] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 612.686539][ T3880] hsr_slave_0: left promiscuous mode [ 612.727441][ T3880] hsr_slave_1: left promiscuous mode [ 612.729052][ T3880] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 612.729070][ T3880] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 612.747253][ T3880] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 612.747280][ T3880] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 612.861294][ T3880] veth1_macvtap: left promiscuous mode [ 612.861355][ T3880] veth0_macvtap: left promiscuous mode [ 612.861520][ T3880] veth1_vlan: left promiscuous mode [ 612.861630][ T3880] veth0_vlan: left promiscuous mode [ 613.006642][ T3880] veth1_macvtap: left promiscuous mode [ 613.006793][ T3880] veth0_macvtap: left promiscuous mode [ 613.006949][ T3880] veth1_vlan: left promiscuous mode [ 613.007038][ T3880] veth0_vlan: left promiscuous mode [ 613.776785][ T3880] team0 (unregistering): Port device team_slave_1 removed [ 613.817308][ T3880] team0 (unregistering): Port device team_slave_0 removed [ 614.326802][ T3880] team0 (unregistering): Port device team_slave_1 removed [ 614.560752][T11504] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 615.106334][T11581] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 615.969797][T11581] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 616.070297][T11581] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 616.140950][T11581] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 616.447994][T11453] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 616.755609][T11504] 8021q: adding VLAN 0 to HW filter on device bond0 [ 616.880580][T11581] 8021q: adding VLAN 0 to HW filter on device bond0 [ 616.893190][T11504] 8021q: adding VLAN 0 to HW filter on device team0 [ 616.924788][ T57] bridge0: port 1(bridge_slave_0) entered blocking state [ 616.933626][ T57] bridge0: port 1(bridge_slave_0) entered forwarding state [ 616.966313][ T5870] usb 6-1: new full-speed USB device number 17 using dummy_hcd [ 617.000542][ T6947] bridge0: port 2(bridge_slave_1) entered blocking state [ 617.000752][ T6947] bridge0: port 2(bridge_slave_1) entered forwarding state [ 617.067220][T11581] 8021q: adding VLAN 0 to HW filter on device team0 [ 617.124023][ T1179] bridge0: port 1(bridge_slave_0) entered blocking state [ 617.135051][ T1179] bridge0: port 1(bridge_slave_0) entered forwarding state [ 617.136420][ T5870] usb 6-1: no configurations [ 617.136437][ T5870] usb 6-1: can't read configurations, error -22 [ 617.199793][ T3839] bridge0: port 2(bridge_slave_1) entered blocking state [ 617.200038][ T3839] bridge0: port 2(bridge_slave_1) entered forwarding state [ 617.296419][ T5870] usb 6-1: new full-speed USB device number 18 using dummy_hcd [ 617.467985][ T5870] usb 6-1: no configurations [ 617.468004][ T5870] usb 6-1: can't read configurations, error -22 [ 617.470592][ T5870] usb usb6-port1: attempt power cycle [ 617.713785][T11453] veth0_vlan: entered promiscuous mode [ 617.743041][T11453] veth1_vlan: entered promiscuous mode [ 617.807563][ T5870] usb 6-1: new full-speed USB device number 19 using dummy_hcd [ 618.013557][ T5870] usb 6-1: no configurations [ 618.013570][ T5870] usb 6-1: can't read configurations, error -22 [ 618.297059][ T5870] usb 6-1: new full-speed USB device number 20 using dummy_hcd [ 618.405023][ T5870] usb 6-1: no configurations [ 618.405087][ T5870] usb 6-1: can't read configurations, error -22 [ 618.457600][ T5870] usb usb6-port1: unable to enumerate USB device [ 618.841095][T11453] veth0_macvtap: entered promiscuous mode [ 618.975376][T11453] veth1_macvtap: entered promiscuous mode [ 619.066021][T11504] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 619.115310][T11453] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 619.150513][T11581] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 619.171557][T11453] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 619.213757][ T3880] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 619.225592][ T3880] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 619.247360][ T3880] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 619.250637][ T3880] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 619.562528][T11504] veth0_vlan: entered promiscuous mode [ 619.608138][T11581] veth0_vlan: entered promiscuous mode [ 619.613797][ T6947] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 619.613817][ T6947] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 619.615084][T11504] veth1_vlan: entered promiscuous mode [ 619.668539][T11581] veth1_vlan: entered promiscuous mode [ 619.709556][ T6135] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 619.709576][ T6135] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 619.878440][T11504] veth0_macvtap: entered promiscuous mode [ 619.894360][T11581] veth0_macvtap: entered promiscuous mode [ 619.901278][T11504] veth1_macvtap: entered promiscuous mode [ 619.921371][T11581] veth1_macvtap: entered promiscuous mode [ 620.132335][T11504] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 620.172716][T11581] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 620.213128][T11504] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 621.451926][T11581] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 621.475022][ T3880] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 621.485124][ T3880] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 621.505916][ T3880] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 621.515785][ T3880] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 621.549560][ T3839] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 621.549924][ T3839] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 621.550183][ T3839] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 621.551257][ T3839] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 621.652871][T12149] gretap1: entered allmulticast mode [ 623.582979][ T6953] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 623.583001][ T6953] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 623.671830][ T6953] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 623.671848][ T6953] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 623.746360][ T6947] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 623.746376][ T6947] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 623.873076][ T6953] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 623.873096][ T6953] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 624.383022][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.575654][T12182] netlink: 'syz.3.1839': attribute type 1 has an invalid length. [ 624.575675][T12182] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1839'. [ 625.882459][T12187] netlink: 152 bytes leftover after parsing attributes in process `syz.3.2015'. [ 630.377862][T12245] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2031'. [ 630.430900][ T37] audit: type=1326 audit(1773135929.527:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12246 comm="syz.4.2034" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f10caa6c799 code=0x0 [ 630.478706][ T37] audit: type=1326 audit(1773135929.577:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12246 comm="syz.4.2034" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f10caa6c799 code=0x0 [ 631.368857][T12245] team0: Port device team_slave_0 removed [ 631.396928][T12255] netlink: 144 bytes leftover after parsing attributes in process `syz.6.2037'. [ 634.747683][T12285] netlink: 'syz.2.2048': attribute type 1 has an invalid length. [ 634.747760][T12285] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2048'. [ 636.611203][ T37] audit: type=1326 audit(1773135935.707:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12304 comm="syz.3.2057" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff206a8c799 code=0x0 [ 636.611233][ T37] audit: type=1326 audit(1773135935.707:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12304 comm="syz.3.2057" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff206a8c799 code=0x0 [ 643.485401][ T37] audit: type=1326 audit(1773135942.577:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12385 comm="syz.5.2083" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb1153cc799 code=0x0 [ 643.517499][ T37] audit: type=1326 audit(1773135942.617:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12385 comm="syz.5.2083" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb1153cc799 code=0x0 [ 644.914784][T12408] sg_write: data in/out 436700/168 bytes for SCSI command 0x0-- guessing data in; [ 644.914784][T12408] program syz.2.2090 not setting count and/or reply_len properly [ 646.534307][ T809] IPVS: starting estimator thread 0... [ 646.616395][T12424] IPVS: using max 9 ests per chain, 21600 per kthread [ 647.766668][T12442] netlink: 144 bytes leftover after parsing attributes in process `syz.5.2101'. [ 649.028091][ T37] audit: type=1326 audit(1773135948.117:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12454 comm="syz.2.2106" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8c3e4ec799 code=0x0 [ 649.120552][ T37] audit: type=1326 audit(1773135948.197:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12454 comm="syz.2.2106" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8c3e4ec799 code=0x0 [ 650.864443][ C0] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 650.881151][ C0] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 652.816621][T12514] sg_write: data in/out 424412/120 bytes for SCSI command 0x0-- guessing data in; [ 652.816621][T12514] program syz.6.2129 not setting count and/or reply_len properly [ 654.300689][T12543] netlink: 144 bytes leftover after parsing attributes in process `syz.4.2139'. [ 657.178945][T12580] netlink: 144 bytes leftover after parsing attributes in process `syz.3.2154'. [ 657.196378][T12578] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2153'. [ 658.951680][T12603] overlayfs: failed to resolve './bus': -2 [ 658.981370][T10727] Bluetooth: hci2: command 0x0406 tx timeout [ 659.479671][T12607] sg_write: data in/out 412124/72 bytes for SCSI command 0x0-- guessing data in; [ 659.479671][T12607] program syz.2.2164 not setting count and/or reply_len properly [ 659.693205][T12615] gretap1: entered allmulticast mode [ 659.718609][T12621] netlink: 144 bytes leftover after parsing attributes in process `syz.4.2169'. [ 660.530173][T12641] sg_write: data in/out 412124/72 bytes for SCSI command 0x0-- guessing data in; [ 660.530173][T12641] program syz.5.2178 not setting count and/or reply_len properly [ 662.835917][T12665] netlink: 144 bytes leftover after parsing attributes in process `syz.5.2186'. [ 662.977996][T12671] sg_write: data in/out 412124/72 bytes for SCSI command 0x0-- guessing data in; [ 662.977996][T12671] program syz.5.2189 not setting count and/or reply_len properly [ 664.636578][ T9] IPVS: starting estimator thread 0... [ 664.726339][T12688] IPVS: using max 16 ests per chain, 38400 per kthread [ 664.836058][T12699] netlink: 144 bytes leftover after parsing attributes in process `syz.2.2199'. [ 666.164575][ T37] audit: type=1326 audit(1773135965.247:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12706 comm="syz.2.2202" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8c3e4ec799 code=0x0 [ 666.164621][ T37] audit: type=1326 audit(1773135965.257:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12706 comm="syz.2.2202" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8c3e4ec799 code=0x0 [ 666.223453][ T37] audit: type=1326 audit(1773135965.317:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12706 comm="syz.2.2202" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8c3e4ec799 code=0x0 [ 666.995298][ T5804] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 667.840657][T12733] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 667.847220][T12737] netlink: 144 bytes leftover after parsing attributes in process `syz.6.2214'. [ 673.691665][T12784] netlink: 144 bytes leftover after parsing attributes in process `syz.4.2228'. [ 674.148393][T12798] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2233'. [ 678.489971][T12837] netlink: 144 bytes leftover after parsing attributes in process `syz.2.2243'. [ 682.009646][T12877] netlink: 152 bytes leftover after parsing attributes in process `syz.5.2259'. [ 684.443892][ C0] vxcan0: j1939_tp_rxtimer: 0xffff88803ca56400: rx timeout, send abort [ 684.448375][ C0] vxcan0: j1939_xtp_rx_abort_one: 0xffff88803ca56400: 0x0f000: (3) A timeout occurred and this is the connection abort to close the session. [ 684.531383][T12913] netlink: 152 bytes leftover after parsing attributes in process `syz.4.2270'. [ 686.429949][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 687.260569][T12949] netlink: 152 bytes leftover after parsing attributes in process `syz.3.2282'. [ 690.420847][T12980] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2296'. [ 690.467752][T12983] sg_write: data in/out 422364/112 bytes for SCSI command 0x0-- guessing data in; [ 690.467752][T12983] program syz.2.2294 not setting count and/or reply_len properly [ 691.515644][ T37] audit: type=1326 audit(1773135990.607:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12988 comm="syz.6.2299" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa2c535c799 code=0x0 [ 691.538737][ T37] audit: type=1326 audit(1773135990.637:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12988 comm="syz.6.2299" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa2c535c799 code=0x0 [ 691.557749][ T37] audit: type=1326 audit(1773135990.657:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12988 comm="syz.6.2299" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa2c535c799 code=0x0 [ 692.996899][T13017] sg_write: data in/out 422364/112 bytes for SCSI command 0x0-- guessing data in; [ 692.996899][T13017] program syz.2.2308 not setting count and/or reply_len properly [ 693.016251][T10727] Bluetooth: hci3: command 0x0406 tx timeout [ 698.233642][ T5804] Bluetooth: hci1: command 0x0406 tx timeout [ 698.290390][T13063] netlink: 152 bytes leftover after parsing attributes in process `syz.5.2324'. [ 698.365573][T13065] sg_write: data in/out 412124/72 bytes for SCSI command 0x0-- guessing data in; [ 698.365573][T13065] program syz.5.2325 not setting count and/or reply_len properly [ 699.982273][T13098] sg_write: data in/out 412124/72 bytes for SCSI command 0x0-- guessing data in; [ 699.982273][T13098] program syz.3.2339 not setting count and/or reply_len properly [ 701.927975][T13134] sg_write: data in/out 414172/80 bytes for SCSI command 0x0-- guessing data in; [ 701.927975][T13134] program syz.2.2352 not setting count and/or reply_len properly [ 702.579579][T13147] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 703.311658][T10727] Bluetooth: hci0: command 0x0406 tx timeout [ 704.224120][T13162] fuse: Unknown parameter 'user_i00000000000000000000' [ 705.458755][T13173] sg_write: data in/out 414172/80 bytes for SCSI command 0x0-- guessing data in; [ 705.458755][T13173] program syz.6.2366 not setting count and/or reply_len properly [ 710.415099][ T37] audit: type=1326 audit(1773136009.507:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13216 comm="syz.5.2379" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb1153cc799 code=0x0 [ 710.449961][ T37] audit: type=1326 audit(1773136009.547:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13216 comm="syz.5.2379" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb1153cc799 code=0x0 [ 710.486266][ T37] audit: type=1326 audit(1773136009.577:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13216 comm="syz.5.2379" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb1153cc799 code=0x0 [ 711.401514][T13239] netlink: 152 bytes leftover after parsing attributes in process `syz.4.2388'. [ 712.751241][ T37] audit: type=1326 audit(1773136011.757:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13251 comm="syz.3.2394" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff206a8c799 code=0x0 [ 712.781473][ T37] audit: type=1326 audit(1773136011.847:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13251 comm="syz.3.2394" exe="/root/syz-executor" sig=31 arch=c000003e syscall=14 compat=0 ip=0x7ff206a49491 code=0x0 [ 713.075455][ T37] audit: type=1326 audit(1773136012.157:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13251 comm="syz.3.2394" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff206a8c799 code=0x0 [ 714.207471][T10727] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 714.213489][T10727] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 714.214708][T10727] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 714.215753][T10727] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 714.218270][T10727] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 714.424987][T13273] sg_write: data in/out 424924/122 bytes for SCSI command 0x0-- guessing data in; [ 714.424987][T13273] program syz.2.2398 not setting count and/or reply_len properly [ 715.886464][T13266] chnl_net:caif_netlink_parms(): no params data found [ 716.793221][ T5804] Bluetooth: hci5: command tx timeout [ 719.805760][ T5804] Bluetooth: hci5: command tx timeout [ 720.062185][T13266] bridge0: port 1(bridge_slave_0) entered blocking state [ 720.062374][T13266] bridge0: port 1(bridge_slave_0) entered disabled state [ 720.062581][T13266] bridge_slave_0: entered allmulticast mode [ 720.065154][T13266] bridge_slave_0: entered promiscuous mode [ 720.095294][T13266] bridge0: port 2(bridge_slave_1) entered blocking state [ 720.095513][T13266] bridge0: port 2(bridge_slave_1) entered disabled state [ 720.095792][T13266] bridge_slave_1: entered allmulticast mode [ 720.251080][T13266] bridge_slave_1: entered promiscuous mode [ 720.325141][T13320] sg_write: data in/out 424924/122 bytes for SCSI command 0x0-- guessing data in; [ 720.325141][T13320] program syz.2.2410 not setting count and/or reply_len properly [ 720.483173][T13266] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 720.497776][T13266] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 720.595217][T13266] team0: Port device team_slave_0 added [ 720.619415][T13266] team0: Port device team_slave_1 added [ 720.771236][T13266] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 720.771253][T13266] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 720.771274][T13266] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 720.997638][T13266] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 720.997655][T13266] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 720.997679][T13266] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 721.827755][ T5804] Bluetooth: hci5: command tx timeout [ 722.122943][ T37] audit: type=1326 audit(1773136021.217:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13341 comm="syz.6.2416" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa2c535c799 code=0x0 [ 722.173079][ T37] audit: type=1326 audit(1773136021.267:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13341 comm="syz.6.2416" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa2c535c799 code=0x0 [ 722.599256][T13266] hsr_slave_0: entered promiscuous mode [ 722.600637][T13266] hsr_slave_1: entered promiscuous mode [ 722.601524][T13266] debugfs: 'hsr0' already exists in 'hsr' [ 722.601545][T13266] Cannot create hsr debugfs directory [ 723.993765][ T5804] Bluetooth: hci5: command tx timeout [ 724.062534][T13359] sg_write: data in/out 424924/122 bytes for SCSI command 0x0-- guessing data in; [ 724.062534][T13359] program syz.6.2421 not setting count and/or reply_len properly [ 724.326945][T13365] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 724.931942][T13368] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2424'. [ 725.124764][T13374] sg_write: data in/out 420316/104 bytes for SCSI command 0x0-- guessing data in; [ 725.124764][T13374] program syz.5.2425 not setting count and/or reply_len properly [ 726.162699][T13371] bridge1: entered promiscuous mode [ 726.162936][T13371] macsec1: entered promiscuous mode [ 729.177687][T13383] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 730.206776][T13266] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 730.254959][T13408] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2436'. [ 732.365362][T13413] bridge2: entered promiscuous mode [ 732.365489][T13413] macsec1: entered promiscuous mode [ 735.513659][T13266] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 735.735422][T13459] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 738.198901][T13476] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 738.955262][T13266] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 739.310307][T13480] sg_write: data in/out 420316/104 bytes for SCSI command 0x0-- guessing data in; [ 739.310307][T13480] program syz.2.2459 not setting count and/or reply_len properly [ 739.472446][T13266] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 739.992239][ T12] bridge_slave_1: left allmulticast mode [ 739.992266][ T12] bridge_slave_1: left promiscuous mode [ 739.992512][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 740.188203][T13510] MTD: Attempt to mount non-MTD device "/dev/loop5" [ 741.285489][ T12] bridge_slave_0: left allmulticast mode [ 741.285510][ T12] bridge_slave_0: left promiscuous mode [ 741.285671][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 744.176955][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 744.256863][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 744.278320][ T12] bond0 (unregistering): Released all slaves [ 744.284187][ T12] bond1 (unregistering): Released all slaves [ 747.270838][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 748.098773][T13266] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 749.748353][T13266] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 749.809138][T13266] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 749.896385][ T830] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 749.931384][T13266] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 750.106316][ T830] usb 4-1: Using ep0 maxpacket: 32 [ 750.135402][ T830] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 750.135466][ T830] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 750.135569][ T830] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 750.135628][ T830] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 750.245957][ T830] usb 4-1: config 0 descriptor?? [ 750.357511][ T830] hub 4-1:0.0: USB hub found [ 750.393945][T13598] MTD: Attempt to mount non-MTD device "/dev/loop5" [ 750.756776][ T830] hub 4-1:0.0: 1 port detected [ 751.410058][ T830] hub 4-1:0.0: activate --> -90 [ 753.141003][ T5944] usb 4-1: USB disconnect, device number 27 [ 753.167969][ T12] hsr_slave_0: left promiscuous mode [ 753.301397][ T830] usb 4-1-port1: config error [ 753.317017][ T12] hsr_slave_1: left promiscuous mode [ 753.358550][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 753.358583][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 753.407463][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 753.407488][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 754.501354][ T12] veth1_macvtap: left promiscuous mode [ 754.501453][ T12] veth0_macvtap: left promiscuous mode [ 754.501681][ T12] veth1_vlan: left promiscuous mode [ 754.501834][ T12] veth0_vlan: left promiscuous mode [ 759.591880][T13660] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2510'. [ 759.767387][ T12] team0 (unregistering): Port device team_slave_1 removed [ 760.184882][ T12] team0 (unregistering): Port device team_slave_0 removed [ 761.571504][T13686] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 762.278176][T13266] 8021q: adding VLAN 0 to HW filter on device bond0 [ 762.413702][T13266] 8021q: adding VLAN 0 to HW filter on device team0 [ 762.427952][ T67] bridge0: port 1(bridge_slave_0) entered blocking state [ 762.428131][ T67] bridge0: port 1(bridge_slave_0) entered forwarding state [ 762.440994][ T67] bridge0: port 2(bridge_slave_1) entered blocking state [ 762.441077][ T67] bridge0: port 2(bridge_slave_1) entered forwarding state [ 764.492399][T13712] MTD: Attempt to mount non-MTD device "/dev/loop6" [ 764.900931][T13266] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 765.363785][ T12] IPVS: stop unused estimator thread 0... [ 767.501792][T13266] veth0_vlan: entered promiscuous mode [ 767.577252][T13266] veth1_vlan: entered promiscuous mode [ 767.834465][T13757] MTD: Attempt to mount non-MTD device "/dev/loop5" [ 768.735118][T13266] veth0_macvtap: entered promiscuous mode [ 768.740396][T13266] veth1_macvtap: entered promiscuous mode [ 768.762115][T13266] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 768.815528][T13266] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 769.202300][ T3880] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 769.202552][ T3880] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 769.202998][ T3880] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 769.203414][ T3880] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 770.766938][ T1179] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 770.766958][ T1179] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 771.052210][T13789] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 771.941436][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 771.941450][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 772.651453][T13803] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 772.655954][T13803] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 777.406239][ T6023] usb 3-1: new low-speed USB device number 10 using dummy_hcd [ 777.506232][ T809] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 777.560418][ T6023] usb 3-1: unable to get BOS descriptor or descriptor too short [ 777.581096][ T6023] usb 3-1: config 1 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 777.581130][ T6023] usb 3-1: config 1 interface 0 has no altsetting 0 [ 777.584729][ T6023] usb 3-1: string descriptor 0 read error: -22 [ 777.584865][ T6023] usb 3-1: New USB device found, idVendor=05ac, idProduct=0272, bcdDevice= 0.40 [ 777.584885][ T6023] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 777.661052][ T809] usb 5-1: Using ep0 maxpacket: 32 [ 777.663011][ T809] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 777.663040][ T809] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 777.663075][ T809] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 777.663096][ T809] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 777.713657][ T809] usb 5-1: config 0 descriptor?? [ 777.715311][ T6023] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input5 [ 777.802797][ T809] hub 5-1:0.0: USB hub found [ 778.160906][T13877] MTD: Attempt to mount non-MTD device "/dev/loop5" [ 778.280323][ T5151] bcm5974 3-1:1.0: could not read from device [ 778.497801][ T809] hub 5-1:0.0: 1 port detected [ 779.051949][T13880] hub 5-1:0.0: activate --> -90 [ 779.097424][T13498] bcm5974 3-1:1.0: could not read from device [ 779.123126][ T6023] usb 3-1: USB disconnect, device number 10 [ 779.185205][ T5151] bcm5974 3-1:1.0: could not read from device [ 779.279671][ T5151] bcm5974 3-1:1.0: could not read from device [ 779.893832][ T830] usb 5-1: USB disconnect, device number 18 [ 779.986283][T13880] usb 5-1-port1: config error [ 780.800513][T13894] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2588'. [ 780.838754][T13904] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2592'. [ 781.134180][T13917] netlink: 152 bytes leftover after parsing attributes in process `syz.3.2594'. [ 782.737996][T13942] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2604'. [ 783.566252][ T5944] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 783.740590][ T5944] usb 3-1: Using ep0 maxpacket: 32 [ 783.823936][ T5944] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 783.823955][ T5944] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 783.823976][ T5944] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 783.823986][ T5944] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 783.847651][ T5944] usb 3-1: config 0 descriptor?? [ 783.871471][ T5944] hub 3-1:0.0: USB hub found [ 784.143978][ T5944] hub 3-1:0.0: 1 port detected [ 784.988669][ T5944] hub 3-1:0.0: activate --> -90 [ 785.052324][T13960] netlink: 152 bytes leftover after parsing attributes in process `syz.6.2609'. [ 785.251692][ T5944] hub 3-1:0.0: hub_ext_port_status failed (err = -71) [ 785.420416][ T13] usb 3-1: Failed to suspend device, error -71 [ 785.440928][ T5944] usb 3-1: USB disconnect, device number 11 [ 787.412021][T13975] sg_write: data in/out 420828/106 bytes for SCSI command 0x0-- guessing data in; [ 787.412021][T13975] program syz.2.2615 not setting count and/or reply_len properly [ 788.577198][T13980] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2616'. [ 788.779924][ T5804] Bluetooth: hci1: Malformed MSFT vendor event: 0x02 [ 788.971036][T13991] netlink: 152 bytes leftover after parsing attributes in process `syz.5.2621'. [ 789.958360][T13998] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2623'. [ 790.112556][T14006] sg_write: data in/out 422108/111 bytes for SCSI command 0x0-- guessing data in; [ 790.112556][T14006] program syz.3.2626 not setting count and/or reply_len properly [ 790.876541][T14014] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2629'. [ 791.040024][T14009] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2627'. [ 791.303163][T14021] netlink: 152 bytes leftover after parsing attributes in process `syz.4.2633'. [ 792.594313][T14029] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 793.089943][T14033] netlink: 144 bytes leftover after parsing attributes in process `syz.3.2635'. [ 793.669230][T14045] sg_write: data in/out 422108/111 bytes for SCSI command 0x0-- guessing data in; [ 793.669230][T14045] program syz.4.2640 not setting count and/or reply_len properly [ 793.976447][T14055] netlink: 152 bytes leftover after parsing attributes in process `syz.6.2644'. [ 794.437958][T14059] netlink: 144 bytes leftover after parsing attributes in process `syz.6.2646'. [ 794.497274][ T5804] Bluetooth: hci5: Malformed MSFT vendor event: 0x02 [ 795.260181][T14076] sg_write: data in/out 422108/111 bytes for SCSI command 0x0-- guessing data in; [ 795.260181][T14076] program syz.3.2653 not setting count and/or reply_len properly [ 796.593961][T14089] netlink: 144 bytes leftover after parsing attributes in process `syz.3.2658'. [ 796.976356][ T6023] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 797.931446][ T6023] usb 7-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 797.931476][ T6023] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 797.978612][ T6023] usb 7-1: config 0 descriptor?? [ 798.013451][ T6023] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 800.530005][ T6023] usb 7-1: USB disconnect, device number 2 [ 800.745758][T14127] netlink: 144 bytes leftover after parsing attributes in process `syz.3.2670'. [ 801.518571][ T5944] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 802.546237][ T5944] usb 4-1: Using ep0 maxpacket: 32 [ 802.591654][ T5944] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 802.591687][ T5944] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 802.591723][ T5944] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 802.591743][ T5944] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 802.596732][ T5944] usb 4-1: config 0 descriptor?? [ 802.602705][ T5944] hub 4-1:0.0: USB hub found [ 802.827666][ T5944] hub 4-1:0.0: 1 port detected [ 803.925317][ T5944] usb 4-1: USB disconnect, device number 28 [ 803.987701][T14157] netlink: 144 bytes leftover after parsing attributes in process `syz.3.2683'. [ 806.190321][T14175] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2690'. [ 807.651863][T14202] netlink: 144 bytes leftover after parsing attributes in process `syz.3.2696'. [ 808.749813][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 810.476286][ T830] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 810.832606][ T830] usb 6-1: Using ep0 maxpacket: 32 [ 810.834496][ T830] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 810.834524][ T830] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 810.834559][ T830] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 810.834581][ T830] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 810.840159][ T830] usb 6-1: config 0 descriptor?? [ 810.844342][ T830] hub 6-1:0.0: USB hub found [ 811.066289][ T830] hub 6-1:0.0: 1 port detected [ 812.183434][T14248] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 812.564878][ T5944] hub 6-1:0.0: activate --> -90 [ 812.768999][ T5944] hub 6-1:0.0: hub_ext_port_status failed (err = -71) [ 812.776360][ T36] usb 6-1: USB disconnect, device number 21 [ 812.776527][ T6135] usb 6-1: Failed to suspend device, error -19 [ 813.412677][T14274] netlink: 'syz.4.2717': attribute type 1 has an invalid length. [ 813.412698][T14274] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2717'. [ 814.780581][T14283] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 815.639989][T14290] netlink: 144 bytes leftover after parsing attributes in process `syz.6.2725'. [ 816.059919][T14299] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 816.927566][T14304] sg_write: data in/out 434396/159 bytes for SCSI command 0x0-- guessing data in; [ 816.927566][T14304] program syz.3.2731 not setting count and/or reply_len properly [ 822.256822][T14318] netlink: 44 bytes leftover after parsing attributes in process `syz.6.2736'. [ 822.514281][T14323] netlink: 144 bytes leftover after parsing attributes in process `syz.6.2738'. [ 823.681002][T14342] sg_write: data in/out 434396/159 bytes for SCSI command 0x0-- guessing data in; [ 823.681002][T14342] program syz.6.2745 not setting count and/or reply_len properly [ 823.898206][T14347] netlink: 44 bytes leftover after parsing attributes in process `syz.6.2748'. [ 824.410188][T14353] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 826.826297][ T5944] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 826.986438][ T5944] usb 7-1: Using ep0 maxpacket: 32 [ 826.988829][ T5944] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 826.988860][ T5944] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 826.988895][ T5944] usb 7-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 826.988916][ T5944] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 827.030053][ T5944] usb 7-1: config 0 descriptor?? [ 827.061996][ T5944] hub 7-1:0.0: USB hub found [ 827.206178][ T5806] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 827.332955][ T5944] hub 7-1:0.0: 1 port detected [ 827.774920][ T5806] usb 3-1: Using ep0 maxpacket: 32 [ 827.780579][ T5806] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 827.780610][ T5806] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 827.780693][ T5806] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 827.780713][ T5806] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 827.800096][ T5806] usb 3-1: config 0 descriptor?? [ 827.831409][ T5806] hub 3-1:0.0: USB hub found [ 828.036329][ T5806] hub 3-1:0.0: 1 port detected [ 828.071697][T14386] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2764'. [ 828.154437][ C0] raw-gadget.0 gadget.6: ignoring, device is not running [ 828.154861][ T5944] hub 7-1:0.0: hub_ext_port_status failed (err = -71) [ 828.176770][ T5837] usb 7-1: USB disconnect, device number 3 [ 829.432484][ T5806] hub 3-1:0.0: activate --> -90 [ 830.094615][T13880] usb 3-1: USB disconnect, device number 12 [ 830.102706][ T5806] hub 3-1:0.0: hub_ext_port_status failed (err = -71) [ 833.430400][T14428] netlink: 'syz.5.2776': attribute type 1 has an invalid length. [ 833.430463][T14428] netlink: 224 bytes leftover after parsing attributes in process `syz.5.2776'. [ 833.832245][T14431] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2777'. [ 834.038716][T14439] MTD: Attempt to mount non-MTD device "/dev/loop6" [ 836.387767][T10727] Bluetooth: hci5: command 0x0406 tx timeout [ 844.108713][T14498] MTD: Attempt to mount non-MTD device "/dev/loop6" [ 847.322212][T14525] MTD: Attempt to mount non-MTD device "/dev/loop5" [ 851.835693][T14546] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2814'. [ 853.349437][T14558] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 856.887566][T14584] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2828'. [ 859.371600][T14601] netlink: 'syz.4.2833': attribute type 1 has an invalid length. [ 859.371664][T14601] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2833'. [ 863.060556][T14620] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2839'. [ 863.219081][ T5806] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 863.646261][ T5806] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 863.646290][ T5806] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 863.646307][ T5806] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 863.646353][ T5806] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 863.646376][ T5806] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 863.696943][ T5806] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 863.696972][ T5806] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 863.696990][ T5806] usb 5-1: Product: syz [ 863.697003][ T5806] usb 5-1: Manufacturer: syz [ 863.790529][ T5806] cdc_wdm 5-1:1.0: skipping garbage [ 863.790546][ T5806] cdc_wdm 5-1:1.0: skipping garbage [ 863.830450][ T5806] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 863.830488][ T5806] cdc_wdm 5-1:1.0: Unknown control protocol [ 864.101918][T14625] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2842'. [ 864.746517][ T5806] usb 5-1: USB disconnect, device number 19 [ 866.878173][T10727] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 866.903683][T10727] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 866.905080][T10727] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 866.916371][T10727] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 866.936618][T10727] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 867.540606][ T37] audit: type=1326 audit(1773136422.638:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14637 comm="syz.5.2847" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb1153cc799 code=0x0 [ 867.996170][ T37] audit: type=1326 audit(1773136423.088:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14637 comm="syz.5.2847" exe="/root/syz-executor" sig=31 arch=c000003e syscall=14 compat=0 ip=0x7fb115389491 code=0x0 [ 869.076399][T10727] Bluetooth: hci4: command tx timeout [ 870.206761][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 871.134646][T10727] Bluetooth: hci4: command tx timeout [ 872.107765][T14661] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2856'. [ 873.256298][T10727] Bluetooth: hci4: command tx timeout [ 875.346291][T10727] Bluetooth: hci4: command tx timeout [ 875.387540][T14664] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 878.416249][ T36] usb 4-1: new low-speed USB device number 29 using dummy_hcd [ 878.443815][T14639] chnl_net:caif_netlink_parms(): no params data found [ 878.642551][ T36] usb 4-1: unable to get BOS descriptor or descriptor too short [ 878.643535][ T36] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 878.643568][ T36] usb 4-1: can't read configurations, error -71 [ 880.403715][T14639] bridge0: port 1(bridge_slave_0) entered blocking state [ 880.403831][T14639] bridge0: port 1(bridge_slave_0) entered disabled state [ 880.404068][T14639] bridge_slave_0: entered allmulticast mode [ 880.635391][T14639] bridge_slave_0: entered promiscuous mode [ 880.638919][T14639] bridge0: port 2(bridge_slave_1) entered blocking state [ 880.639026][T14639] bridge0: port 2(bridge_slave_1) entered disabled state [ 880.639199][T14639] bridge_slave_1: entered allmulticast mode [ 880.914063][T14639] bridge_slave_1: entered promiscuous mode [ 882.569923][T14639] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 882.579087][T14639] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 883.020354][T14639] team0: Port device team_slave_0 added [ 883.023814][T14639] team0: Port device team_slave_1 added [ 884.619609][ T5804] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 884.639170][ T5804] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 884.658951][ T5804] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 884.660088][ T5804] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 884.725228][ T5804] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 885.108209][T14639] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 885.108226][T14639] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 885.108250][T14639] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 885.110346][T14639] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 885.110359][T14639] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 885.110382][T14639] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 885.751957][T14751] netlink: 'syz.3.2892': attribute type 1 has an invalid length. [ 885.751979][T14751] netlink: 224 bytes leftover after parsing attributes in process `syz.3.2892'. [ 886.856834][T10727] Bluetooth: hci1: command tx timeout [ 888.996103][T10727] Bluetooth: hci1: command tx timeout [ 889.916229][ T830] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 890.176122][ T830] usb 4-1: Using ep0 maxpacket: 32 [ 890.177836][ T830] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 890.177864][ T830] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 890.177892][ T830] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 890.177909][ T830] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 890.182378][ T830] usb 4-1: config 0 descriptor?? [ 890.299459][ T830] hub 4-1:0.0: USB hub found [ 890.303414][T10727] Bluetooth: hci3: Malformed MSFT vendor event: 0x02 [ 890.983760][ T830] hub 4-1:0.0: config failed, can't read hub descriptor (err -22) [ 891.035536][T10727] Bluetooth: hci1: command tx timeout [ 891.327316][ T830] usbhid 4-1:0.0: can't add hid device: -71 [ 891.327437][ T830] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 891.366263][ T830] usb 4-1: USB disconnect, device number 31 [ 893.120332][T14639] hsr_slave_0: entered promiscuous mode [ 893.121619][T14639] hsr_slave_1: entered promiscuous mode [ 893.122457][T14639] debugfs: 'hsr0' already exists in 'hsr' [ 893.122479][T14639] Cannot create hsr debugfs directory [ 893.152962][T10727] Bluetooth: hci1: command tx timeout [ 893.636281][ T9] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 893.906274][ T9] usb 7-1: Using ep0 maxpacket: 32 [ 893.911228][ T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 893.911258][ T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 893.911293][ T9] usb 7-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 893.911314][ T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 893.967945][ T9] usb 7-1: config 0 descriptor?? [ 894.408764][ T9] hub 7-1:0.0: USB hub found [ 894.423119][ T9] hub 7-1:0.0: config failed, can't read hub descriptor (err -22) [ 895.124735][ T9] usbhid 7-1:0.0: can't add hid device: -71 [ 895.124856][ T9] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 895.209744][ T9] usb 7-1: USB disconnect, device number 4 [ 896.166242][ T36] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 896.666194][ T36] usb 4-1: Using ep0 maxpacket: 32 [ 896.696965][ T36] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 896.696997][ T36] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 896.697031][ T36] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 896.697052][ T36] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 896.777361][ T36] usb 4-1: config 0 descriptor?? [ 896.798509][ T36] hub 4-1:0.0: USB hub found [ 897.093948][ T36] hub 4-1:0.0: config failed, can't read hub descriptor (err -22) [ 897.483431][ T36] usbhid 4-1:0.0: can't add hid device: -71 [ 897.483545][ T36] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 897.796219][ T36] usb 4-1: USB disconnect, device number 32 [ 900.151453][T14639] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 900.520843][T14639] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 901.334983][T14732] chnl_net:caif_netlink_parms(): no params data found [ 901.446498][T14639] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 902.737850][T10727] Bluetooth: hci0: Malformed MSFT vendor event: 0x02 [ 902.942491][T14639] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 904.437009][T14863] MTD: Attempt to mount non-MTD device "/dev/loop6" [ 907.366134][ T10] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 907.956161][ T10] usb 4-1: Using ep0 maxpacket: 8 [ 907.965458][T14732] bridge0: port 1(bridge_slave_0) entered blocking state [ 907.965572][T14732] bridge0: port 1(bridge_slave_0) entered disabled state [ 907.965804][T14732] bridge_slave_0: entered allmulticast mode [ 908.028053][T14732] bridge_slave_0: entered promiscuous mode [ 908.068639][ T10] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 908.068691][ T10] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 908.074104][ T10] usb 4-1: New USB device found, idVendor=110a, idProduct=1110, bcdDevice=ab.5d [ 908.074131][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 908.074149][ T10] usb 4-1: Product: syz [ 908.074161][ T10] usb 4-1: Manufacturer: syz [ 908.074174][ T10] usb 4-1: SerialNumber: syz [ 908.092579][ T10] ti_usb_3410_5052 4-1:1.0: required endpoints missing [ 908.805050][T14732] bridge0: port 2(bridge_slave_1) entered blocking state [ 908.805170][T14732] bridge0: port 2(bridge_slave_1) entered disabled state [ 908.805406][T14732] bridge_slave_1: entered allmulticast mode [ 908.852581][T14732] bridge_slave_1: entered promiscuous mode [ 908.854115][ T36] usb 4-1: USB disconnect, device number 33 [ 908.858143][T10727] Bluetooth: hci3: Malformed MSFT vendor event: 0x02 [ 909.682802][T14900] MTD: Attempt to mount non-MTD device "/dev/loop6" [ 910.691702][T14732] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 912.948228][T14732] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 913.326218][ T5944] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 913.478625][T14732] team0: Port device team_slave_0 added [ 913.537448][T14732] team0: Port device team_slave_1 added [ 913.546141][ T5944] usb 7-1: Using ep0 maxpacket: 32 [ 913.547980][ T5944] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 913.548008][ T5944] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 913.548041][ T5944] usb 7-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 913.548061][ T5944] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 913.557940][ T5944] usb 7-1: config 0 descriptor?? [ 913.561464][ T5944] hub 7-1:0.0: USB hub found [ 913.877761][ T5944] hub 7-1:0.0: 1 port detected [ 915.093301][ C0] raw-gadget.0 gadget.6: ignoring, device is not running [ 915.093633][ T5944] hub 7-1:0.0: hub_ext_port_status failed (err = -71) [ 915.165844][ T6135] usb 7-1: Failed to suspend device, error -71 [ 915.187561][ T9] usb 7-1: USB disconnect, device number 5 [ 915.685713][T14732] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 915.685729][T14732] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 915.685753][T14732] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 915.763407][T14639] 8021q: adding VLAN 0 to HW filter on device bond0 [ 915.773311][T14732] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 915.773326][T14732] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 915.773349][T14732] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 918.516224][ T5944] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 918.885146][T14732] hsr_slave_0: entered promiscuous mode [ 918.886886][T14732] hsr_slave_1: entered promiscuous mode [ 918.887758][T14732] debugfs: 'hsr0' already exists in 'hsr' [ 918.887799][T14732] Cannot create hsr debugfs directory [ 918.889722][T14639] 8021q: adding VLAN 0 to HW filter on device team0 [ 918.890774][ T5944] usb 7-1: Using ep0 maxpacket: 32 [ 918.892793][ T5944] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 918.892820][ T5944] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 918.892854][ T5944] usb 7-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 918.892873][ T5944] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 918.897705][ T5944] usb 7-1: config 0 descriptor?? [ 918.901505][ T5944] hub 7-1:0.0: USB hub found [ 919.316256][ T5855] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 919.375372][ T5944] hub 7-1:0.0: config failed, can't read hub descriptor (err -22) [ 919.666144][ T5855] usb 4-1: Using ep0 maxpacket: 32 [ 919.668251][ T5855] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 919.668281][ T5855] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 919.668315][ T5855] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 919.668343][ T5855] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 919.694243][ T1487] bridge0: port 1(bridge_slave_0) entered blocking state [ 919.697381][ T1487] bridge0: port 1(bridge_slave_0) entered forwarding state [ 919.758027][ T5855] usb 4-1: config 0 descriptor?? [ 919.763352][ T5855] hub 4-1:0.0: USB hub found [ 920.983499][ T5855] hub 4-1:0.0: config failed, can't read hub descriptor (err -22) [ 921.130553][ T5944] usbhid 7-1:0.0: can't add hid device: -71 [ 921.130666][ T5944] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 921.222793][ T5944] usb 7-1: USB disconnect, device number 6 [ 921.812496][ T5855] usbhid 4-1:0.0: can't add hid device: -71 [ 921.812619][ T5855] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 921.880602][ T5855] usb 4-1: USB disconnect, device number 34 [ 922.024925][T13207] bridge0: port 2(bridge_slave_1) entered blocking state [ 922.025049][T13207] bridge0: port 2(bridge_slave_1) entered forwarding state [ 926.530940][T10727] Bluetooth: hci0: Malformed MSFT vendor event: 0x02 [ 929.167667][ T5804] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 929.521616][ T5804] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 929.576346][ T5804] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 929.640196][ T5804] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 929.703813][ T5804] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 930.327233][ T9] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 930.496450][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 930.501176][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 930.501208][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 930.501244][ T9] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 930.501264][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 931.111637][ T9] usb 4-1: config 0 descriptor?? [ 931.129354][ T9] hub 4-1:0.0: USB hub found [ 931.479426][ T9] hub 4-1:0.0: config failed, can't read hub descriptor (err -22) [ 931.588175][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 931.882877][T10727] Bluetooth: hci2: command tx timeout [ 931.968535][T14732] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 932.388947][ T9] usbhid 4-1:0.0: can't add hid device: -71 [ 932.389077][ T9] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 932.616221][ T9] usb 4-1: USB disconnect, device number 35 [ 933.043769][T14732] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 933.910621][T10727] Bluetooth: hci2: command tx timeout [ 935.989418][T10727] Bluetooth: hci2: command tx timeout [ 936.607841][T14995] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 936.846490][ T5855] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 937.166402][ T5855] usb 7-1: device descriptor read/64, error -71 [ 937.548126][ T5855] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 937.956231][ T5855] usb 7-1: device descriptor read/64, error -71 [ 938.056241][T10727] Bluetooth: hci2: command tx timeout [ 938.073692][ T5855] usb usb7-port1: attempt power cycle [ 938.709852][ T5855] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 938.726968][ T5855] usb 7-1: device descriptor read/8, error -71 [ 938.747842][T14732] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 938.996161][ T5855] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 939.056226][T14732] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 939.223539][ C1] raw-gadget.0 gadget.6: ignoring, device is not running [ 939.223686][ T5855] usb 7-1: device descriptor read/8, error -32 [ 939.716689][ T5855] usb usb7-port1: unable to enumerate USB device [ 940.296080][T15014] MTD: Attempt to mount non-MTD device "/dev/loop6" [ 940.366626][ T5855] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 940.366934][ C1] raw-gadget.0 gadget.3: ignoring, device is not running [ 940.599002][ T5855] usb 4-1: device descriptor read/64, error -32 [ 940.983232][ T5855] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 942.021161][ T5855] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 942.021181][ T5855] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 942.021191][ T5855] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 942.023052][ T5855] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 942.023067][ T5855] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 945.009277][ T5855] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 945.009305][ T5855] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 945.009322][ T5855] usb 4-1: Product: syz [ 945.015678][ T5855] usb 4-1: can't set config #1, error -71 [ 945.095257][ T5855] usb 4-1: USB disconnect, device number 37 [ 947.957035][ T5804] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 947.978056][ T5804] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 947.980437][ T5804] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 947.981848][ T5804] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 948.014814][ T5804] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 950.236165][ T36] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 950.566288][T10727] Bluetooth: hci4: command tx timeout [ 950.586286][ T36] usb 7-1: Using ep0 maxpacket: 32 [ 950.606767][ T36] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 950.606798][ T36] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 950.606834][ T36] usb 7-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 950.606855][ T36] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 950.686189][ T830] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 950.806270][T14965] chnl_net:caif_netlink_parms(): no params data found [ 950.838957][ T36] usb 7-1: config 0 descriptor?? [ 950.906913][ T36] hub 7-1:0.0: USB hub found [ 951.903352][ T36] hub 7-1:0.0: config failed, can't read hub descriptor (err -22) [ 951.907909][ T830] usb 4-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 951.907936][ T830] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 952.028416][ T36] usbhid 7-1:0.0: can't add hid device: -71 [ 952.028545][ T36] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 952.028799][ T830] usb 4-1: config 0 descriptor?? [ 952.050696][ T830] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 952.071635][ T36] usb 7-1: USB disconnect, device number 11 [ 952.766081][T10727] Bluetooth: hci4: command tx timeout [ 954.803246][ T830] gspca_stv06xx: I2C: Read error writing address: -71 [ 954.849508][ T830] usb 4-1: USB disconnect, device number 38 [ 955.516148][ T9] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 955.576201][ T5804] Bluetooth: hci4: command tx timeout [ 955.826124][ T9] usb 7-1: Using ep0 maxpacket: 32 [ 955.843776][ T9] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 955.843800][ T9] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 955.843834][ T9] usb 7-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 955.843854][ T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 955.944842][ T9] usb 7-1: config 0 descriptor?? [ 957.656356][ T5804] Bluetooth: hci4: command tx timeout [ 958.526133][T13880] usb 7-1: USB disconnect, device number 12 [ 963.443614][T15116] MTD: Attempt to mount non-MTD device "/dev/loop6" [ 967.596214][ T5837] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 968.501181][ T5837] usb 4-1: Using ep0 maxpacket: 8 [ 969.203766][ T5837] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 969.203794][ T5837] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 969.203826][ T5837] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 969.203847][ T5837] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 969.203886][ T5837] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 969.203905][ T5837] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 969.633838][ T5837] usb 4-1: GET_CAPABILITIES returned 0 [ 969.633887][ T5837] usbtmc 4-1:16.0: can't read capabilities [ 969.884525][ T5837] usb 4-1: USB disconnect, device number 39 [ 974.672534][T15152] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 977.096321][T14965] bridge0: port 1(bridge_slave_0) entered blocking state [ 977.096433][T14965] bridge0: port 1(bridge_slave_0) entered disabled state [ 977.097022][T14965] bridge_slave_0: entered allmulticast mode [ 977.099513][T14965] bridge_slave_0: entered promiscuous mode [ 977.626122][ T5837] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 977.753144][T14965] bridge0: port 2(bridge_slave_1) entered blocking state [ 977.753272][T14965] bridge0: port 2(bridge_slave_1) entered disabled state [ 977.753638][T14965] bridge_slave_1: entered allmulticast mode [ 977.786295][ T5837] usb 7-1: Using ep0 maxpacket: 32 [ 977.788563][ T5837] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 977.788592][ T5837] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 977.788627][ T5837] usb 7-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 977.788646][ T5837] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 977.792022][T14965] bridge_slave_1: entered promiscuous mode [ 977.798828][ T5837] usb 7-1: config 0 descriptor?? [ 977.865835][ T5837] hub 7-1:0.0: USB hub found [ 979.490511][ T5837] hub 7-1:0.0: 1 port detected [ 979.545558][ T5837] hub 7-1:0.0: hub_hub_status failed (err = -71) [ 979.545583][ T5837] hub 7-1:0.0: config failed, can't get hub status (err -71) [ 979.621502][ T5837] usbhid 7-1:0.0: can't add hid device: -71 [ 979.621632][ T5837] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 979.849621][ T5837] usb 7-1: USB disconnect, device number 13 [ 980.734819][T15176] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3047'. [ 981.439979][ T164] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 982.221486][T15185] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 984.842513][T14965] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 984.986897][T14965] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 985.619591][T14965] team0: Port device team_slave_0 added [ 985.642025][T15041] chnl_net:caif_netlink_parms(): no params data found [ 985.776149][ T6023] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 986.108924][ T6023] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 986.108961][ T6023] usb 4-1: config 1 has an invalid descriptor of length 247, skipping remainder of the config [ 986.109020][ T6023] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 986.109066][ T6023] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 986.198284][T15201] MTD: Attempt to mount non-MTD device "/dev/loop6" [ 986.244844][ T6023] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 986.244880][ T6023] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 986.244957][ T6023] usb 4-1: Product: syz [ 986.244970][ T6023] usb 4-1: Manufacturer: syz [ 986.393973][T14965] team0: Port device team_slave_1 added [ 986.907967][ T6023] cdc_wdm 4-1:1.0: probe with driver cdc_wdm failed with error -22 [ 987.167643][ T9] usb 4-1: USB disconnect, device number 40 [ 990.050896][T10727] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 990.106638][T10727] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 990.112850][T10727] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 990.211013][T10727] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 991.129785][T10727] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 991.506556][ T830] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 991.755015][ T830] usb 7-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 991.755044][ T830] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 991.828027][ T830] usb 7-1: config 0 descriptor?? [ 991.845280][ T830] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 992.418810][T15041] bridge0: port 1(bridge_slave_0) entered blocking state [ 992.418935][T15041] bridge0: port 1(bridge_slave_0) entered disabled state [ 992.419170][T15041] bridge_slave_0: entered allmulticast mode [ 992.433904][T15041] bridge_slave_0: entered promiscuous mode [ 992.540559][T15041] bridge0: port 2(bridge_slave_1) entered blocking state [ 992.585844][T15041] bridge0: port 2(bridge_slave_1) entered disabled state [ 992.586929][T15041] bridge_slave_1: entered allmulticast mode [ 992.591834][T15041] bridge_slave_1: entered promiscuous mode [ 993.021904][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 993.397386][ T5804] Bluetooth: hci1: command tx timeout [ 994.161303][ T830] gspca_stv06xx: I2C: Read error writing address: -71 [ 994.209801][T15041] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 994.263829][ T830] usb 7-1: USB disconnect, device number 14 [ 994.554410][T15041] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 995.429090][ T5804] Bluetooth: hci1: command tx timeout [ 996.321772][T15041] team0: Port device team_slave_0 added [ 997.141026][T15041] team0: Port device team_slave_1 added [ 997.551643][ T5804] Bluetooth: hci1: command tx timeout [ 998.138493][T15041] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 998.138509][T15041] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 998.138532][T15041] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 998.140715][T15041] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 998.140728][T15041] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 998.140752][T15041] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 999.742085][ T5804] Bluetooth: hci1: command tx timeout [ 1008.032824][T10727] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1008.044901][T10727] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1008.077765][T10727] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1008.085836][T10727] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1008.101481][T10727] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1009.022784][T15217] chnl_net:caif_netlink_parms(): no params data found [ 1010.226208][T10727] Bluetooth: hci2: command tx timeout [ 1011.423452][T15356] MTD: Attempt to mount non-MTD device "/dev/loop6" [ 1012.313365][T10727] Bluetooth: hci2: command tx timeout [ 1013.338503][T15371] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3125'. [ 1014.806134][T10727] Bluetooth: hci2: command tx timeout [ 1015.994003][T15383] MTD: Attempt to mount non-MTD device "/dev/loop6" [ 1016.890421][T10727] Bluetooth: hci2: command tx timeout [ 1020.416881][T15217] bridge0: port 1(bridge_slave_0) entered blocking state [ 1020.417013][T15217] bridge0: port 1(bridge_slave_0) entered disabled state [ 1020.417265][T15217] bridge_slave_0: entered allmulticast mode [ 1020.796328][T15217] bridge_slave_0: entered promiscuous mode [ 1021.831543][T15217] bridge0: port 2(bridge_slave_1) entered blocking state [ 1021.831659][T15217] bridge0: port 2(bridge_slave_1) entered disabled state [ 1021.831933][T15217] bridge_slave_1: entered allmulticast mode [ 1021.834410][T15217] bridge_slave_1: entered promiscuous mode [ 1022.407867][T15403] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3141'. [ 1023.280051][T15217] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1023.860279][T15217] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1025.170857][T15217] team0: Port device team_slave_0 added [ 1025.962444][T15217] team0: Port device team_slave_1 added [ 1027.047555][T15217] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1027.047571][T15217] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1027.047595][T15217] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1027.049896][T15217] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1027.049910][T15217] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1027.049934][T15217] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1028.983492][T15329] chnl_net:caif_netlink_parms(): no params data found [ 1029.101786][T15217] hsr_slave_0: entered promiscuous mode [ 1029.103096][T15217] hsr_slave_1: entered promiscuous mode [ 1029.104043][T15217] debugfs: 'hsr0' already exists in 'hsr' [ 1029.104067][T15217] Cannot create hsr debugfs directory [ 1029.329205][T15459] netlink: 136 bytes leftover after parsing attributes in process `syz.6.3164'. [ 1030.736615][T15478] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3173'. [ 1032.365309][T15329] bridge0: port 1(bridge_slave_0) entered blocking state [ 1032.365439][T15329] bridge0: port 1(bridge_slave_0) entered disabled state [ 1032.365685][T15329] bridge_slave_0: entered allmulticast mode [ 1032.485194][T15329] bridge_slave_0: entered promiscuous mode [ 1032.587582][T15329] bridge0: port 2(bridge_slave_1) entered blocking state [ 1032.587688][T15329] bridge0: port 2(bridge_slave_1) entered disabled state [ 1032.587921][T15329] bridge_slave_1: entered allmulticast mode [ 1032.758788][T15329] bridge_slave_1: entered promiscuous mode [ 1032.826163][ T5806] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 1033.016340][ T5806] usb 7-1: Using ep0 maxpacket: 32 [ 1034.248542][ T5806] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1034.248573][ T5806] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1034.248610][ T5806] usb 7-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 1034.248630][ T5806] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1034.253451][ T5806] usb 7-1: config 0 descriptor?? [ 1034.277270][ T5806] hub 7-1:0.0: USB hub found [ 1035.356163][ T5806] hub 7-1:0.0: 1 port detected [ 1036.855030][T15329] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1036.885684][ T5806] hub 7-1:0.0: hub_ext_port_status failed (err = -71) [ 1036.924727][ T36] usb 7-1: USB disconnect, device number 15 [ 1036.924949][ T3930] usb 7-1: Failed to suspend device, error -19 [ 1037.018043][T15329] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1040.129551][T15329] team0: Port device team_slave_0 added [ 1048.892114][T15329] team0: Port device team_slave_1 added [ 1049.351958][ T5804] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1049.400313][ T5804] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1049.493775][T15329] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1049.493787][T15329] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1049.493800][T15329] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1049.495182][T15329] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1049.495191][T15329] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1049.495204][T15329] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1049.709487][ T5804] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1049.732397][ T5804] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1049.742485][ T5804] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1050.888079][T15329] hsr_slave_0: entered promiscuous mode [ 1050.924089][T15329] hsr_slave_1: entered promiscuous mode [ 1050.924989][T15329] debugfs: 'hsr0' already exists in 'hsr' [ 1050.925013][T15329] Cannot create hsr debugfs directory [ 1051.978680][ T5804] Bluetooth: hci4: command tx timeout [ 1054.056340][ T5804] Bluetooth: hci4: command tx timeout [ 1054.579158][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 1056.306339][ T5804] Bluetooth: hci4: command tx timeout [ 1058.466102][T10727] Bluetooth: hci4: command tx timeout [ 1059.540949][T15575] chnl_net:caif_netlink_parms(): no params data found [ 1064.714235][T15575] bridge0: port 1(bridge_slave_0) entered blocking state [ 1064.714347][T15575] bridge0: port 1(bridge_slave_0) entered disabled state [ 1064.714624][T15575] bridge_slave_0: entered allmulticast mode [ 1064.787484][T15575] bridge_slave_0: entered promiscuous mode [ 1065.293133][T15575] bridge0: port 2(bridge_slave_1) entered blocking state [ 1065.347769][T15575] bridge0: port 2(bridge_slave_1) entered disabled state [ 1065.396378][T15575] bridge_slave_1: entered allmulticast mode [ 1065.398873][T15575] bridge_slave_1: entered promiscuous mode [ 1065.713611][T15575] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1065.788430][T15575] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1067.140339][ T5804] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1067.145189][ T5804] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1067.158768][ T5804] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1067.162757][ T5804] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1067.163463][ T5804] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1067.195340][ T5804] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 1067.221860][T15683] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 1067.239833][T14440] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 1067.246666][T14440] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 1067.247523][T14440] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 1068.778302][T15575] team0: Port device team_slave_0 added [ 1068.801273][T15575] team0: Port device team_slave_1 added [ 1069.271771][T14440] Bluetooth: hci6: command tx timeout [ 1069.528361][T15575] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1069.528377][T15575] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1069.528401][T15575] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1069.530737][T15575] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1069.530751][T15575] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1069.530775][T15575] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1069.736466][T14440] Bluetooth: hci7: command tx timeout [ 1071.338477][T14440] Bluetooth: hci6: command tx timeout [ 1071.424649][T15575] hsr_slave_0: entered promiscuous mode [ 1071.936085][T14440] Bluetooth: hci7: command tx timeout [ 1072.457072][T15575] hsr_slave_1: entered promiscuous mode [ 1072.458126][T15575] debugfs: 'hsr0' already exists in 'hsr' [ 1072.458148][T15575] Cannot create hsr debugfs directory [ 1073.466171][T14440] Bluetooth: hci6: command tx timeout [ 1074.296171][T14440] Bluetooth: hci7: command tx timeout [ 1075.496150][T14440] Bluetooth: hci6: command tx timeout [ 1076.376152][T14440] Bluetooth: hci7: command tx timeout [ 1099.932727][T15679] chnl_net:caif_netlink_parms(): no params data found [ 1103.416319][T15675] chnl_net:caif_netlink_parms(): no params data found [ 1108.669802][T15679] bridge0: port 1(bridge_slave_0) entered blocking state [ 1108.669906][T15679] bridge0: port 1(bridge_slave_0) entered disabled state [ 1108.670133][T15679] bridge_slave_0: entered allmulticast mode [ 1108.672740][T15679] bridge_slave_0: entered promiscuous mode [ 1110.156611][T15679] bridge0: port 2(bridge_slave_1) entered blocking state [ 1110.156729][T15679] bridge0: port 2(bridge_slave_1) entered disabled state [ 1110.156981][T15679] bridge_slave_1: entered allmulticast mode [ 1110.159603][T15679] bridge_slave_1: entered promiscuous mode [ 1111.746493][T15675] bridge0: port 1(bridge_slave_0) entered blocking state [ 1111.746611][T15675] bridge0: port 1(bridge_slave_0) entered disabled state [ 1111.746899][T15675] bridge_slave_0: entered allmulticast mode [ 1111.778936][T15675] bridge_slave_0: entered promiscuous mode [ 1112.341411][T15675] bridge0: port 2(bridge_slave_1) entered blocking state [ 1112.341528][T15675] bridge0: port 2(bridge_slave_1) entered disabled state [ 1112.341714][T15675] bridge_slave_1: entered allmulticast mode [ 1112.344279][T15675] bridge_slave_1: entered promiscuous mode [ 1112.495427][T15679] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1113.099640][T15679] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1114.223950][T10727] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1114.445288][T10727] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1114.616970][ T5804] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1114.620991][ T5804] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1114.621749][ T5804] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1116.068443][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 1116.734728][T14440] Bluetooth: hci3: command tx timeout [ 1118.856167][T14440] Bluetooth: hci1: command 0x0406 tx timeout [ 1118.856465][T14440] Bluetooth: hci3: command tx timeout [ 1119.177100][T15675] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1119.218638][T15679] team0: Port device team_slave_0 added [ 1119.224693][T15675] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1119.242071][T15679] team0: Port device team_slave_1 added [ 1120.936224][ T5804] Bluetooth: hci3: command tx timeout [ 1122.296347][ T38] INFO: task syz-executor:14639 blocked for more than 143 seconds. [ 1122.296371][ T38] Not tainted syzkaller #0 [ 1122.296381][ T38] Blocked by coredump. [ 1122.296386][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1122.296395][ T38] task:syz-executor state:D stack:17632 pid:14639 tgid:14639 ppid:1 task_flags:0x40054c flags:0x00080003 [ 1122.296454][ T38] Call Trace: [ 1122.296464][ T38] [ 1122.296477][ T38] __schedule+0x1553/0x5240 [ 1122.296703][ T38] ? __lock_acquire+0x6b5/0x2cf0 [ 1122.296819][ T38] ? __pfx___schedule+0x10/0x10 [ 1122.296849][ T38] ? schedule+0x90/0x360 [ 1122.296873][ T38] schedule+0x164/0x360 [ 1122.296897][ T38] schedule_timeout+0xc3/0x2c0 [ 1122.296921][ T38] ? __pfx_schedule_timeout+0x10/0x10 [ 1122.296942][ T38] ? do_raw_spin_lock+0x12b/0x2f0 [ 1122.296975][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 1122.297022][ T38] ? wait_for_completion+0x274/0x5e0 [ 1122.297046][ T38] wait_for_completion+0x2cc/0x5e0 [ 1122.297078][ T38] ? __pfx_wait_for_completion+0x10/0x10 [ 1122.297106][ T38] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1122.297133][ T38] rcu_barrier+0x463/0x580 [ 1122.297170][ T38] netdev_run_todo+0x2e0/0xde0 [ 1122.297280][ T38] ? __pfx_netdev_run_todo+0x10/0x10 [ 1122.297303][ T38] ? kasan_quarantine_put+0xbb/0x1f0 [ 1122.297404][ T38] ? lockdep_hardirqs_on+0x7a/0x110 [ 1122.297467][ T38] ? netdev_state_change+0x1ca/0x220 [ 1122.297489][ T38] ? __pfx_tun_chr_close+0x10/0x10 [ 1122.297570][ T38] tun_chr_close+0x13f/0x1c0 [ 1122.297592][ T38] __fput+0x461/0xa90 [ 1122.297657][ T38] task_work_run+0x1d9/0x270 [ 1122.297686][ T38] ? __pfx_task_work_run+0x10/0x10 [ 1122.297707][ T38] ? kmem_cache_free+0x185/0x6b0 [ 1122.297791][ T38] ? put_net+0x191/0x260 [ 1122.297827][ T38] do_exit+0x70f/0x23c0 [ 1122.297864][ T38] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1122.297891][ T38] ? __pfx_do_exit+0x10/0x10 [ 1122.297906][ T38] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 1122.297924][ T38] ? reacquire_held_locks+0x104/0x190 [ 1122.297943][ T38] ? rt_spin_lock+0x1e0/0x400 [ 1122.297973][ T38] do_group_exit+0x21b/0x2d0 [ 1122.297993][ T38] ? rt_spin_unlock+0x160/0x200 [ 1122.298013][ T38] get_signal+0x125c/0x1310 [ 1122.298056][ T38] arch_do_signal_or_restart+0xbc/0x830 [ 1122.298101][ T38] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1122.298130][ T38] ? fput_close_sync+0x11f/0x240 [ 1122.298160][ T38] exit_to_user_mode_loop+0x86/0x480 [ 1122.298198][ T38] ? rcu_is_watching+0x15/0xb0 [ 1122.298221][ T38] do_syscall_64+0x32d/0xf80 [ 1122.298243][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1122.298276][ T38] ? clear_bhb_loop+0x40/0x90 [ 1122.298296][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f[ 1122.298296][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1122.298313][ T38] RIP: 0033:0x7f0e5465cfce [ 1122.298370][ T38] RSP: 002b:00007ffcbc5dcc68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 1122.298419][ T38] RAX: 0000000000000040 RBX: 0000555556008500 RCX: 00007f0e5465cfce [ 1122.298431][ T38] RDX: 0000000000000040 RSI: 00007f0e55444670 RDI: 0000000000000003 [ 1122.298443][ T38] RBP: 0000000000000001 R08: 00007ffcbc5dcce4 R09: 000000000000000c [ 1122.298455][ T38] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 1122.298465][ T38] R13: 0000000000000000 R14: 00007f0e55444670 R15: 0000000000000000 [ 1122.298494][ T38] [ 1122.298506][ T38] INFO: task syz-executor:14732 blocked for more than 143 seconds. [ 1122.298519][ T38] Not tainted syzkaller #0 [ 1122.298528][ T38] Blocked by coredump. [ 1122.298534][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1122.298542][ T38] task:syz-executor state:D stack:18632 pid:14732 tgid:14732 ppid:1 task_flags:0x40054c flags:0x00080003 [ 1122.298584][ T38] Call Trace: [ 1122.298590][ T38] [ 1122.298599][ T38] __schedule+0x1553/0x5240 [ 1122.298624][ T38] ? __lock_acquire+0x6b5/0x2cf0 [ 1122.298656][ T38] ? __lock_acquire+0x6b5/0x2cf0 [ 1122.298676][ T38] ? __pfx___schedule+0x10/0x10 [ 1122.298710][ T38] rt_mutex_schedule+0x76/0xf0 [ 1122.298740][ T38] rt_mutex_slowlock_block+0x508/0x680 [ 1122.298776][ T38] rt_mutex_slowlock+0x2dc/0x7b0 [ 1122.298798][ T38] ? rt_mutex_slowlock+0x1fd/0x7b0 [ 1122.298824][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 1122.298860][ T38] ? rcu_barrier+0x4c/0x580 [ 1122.298886][ T38] ? rcu_barrier+0x4c/0x580 [ 1122.298904][ T38] mutex_lock_nested+0x168/0x1d0 [ 1122.298920][ T38] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 1122.298944][ T38] rcu_barrier+0x4c/0x580 [ 1122.298973][ T38] netdev_run_todo+0x2e0/0xde0 [ 1122.299003][ T38] ? __pfx_netdev_run_todo+0x10/0x10 [ 1122.299026][ T38] ? kasan_quarantine_put+0xbb/0x1f0 [ 1122.299048][ T38] ? lockdep_hardirqs_on+0x7a/0x110 [ 1122.299077][ T38] ? netdev_state_change+0x1ca/0x220 [ 1122.299099][ T38] ? __pfx_tun_chr_close+0x10/0x10 [ 1122.299119][ T38] tun_chr_close+0x13f/0x1c0 [ 1122.299141][ T38] __fput+0x461/0xa90 [ 1122.299172][ T38] task_work_run+0x1d9/0x270 [ 1122.299195][ T38] ? __pfx_task_work_run+0x10/0x10 [ 1122.299215][ T38] ? kmem_cache_free+0x185/0x6b0 [ 1122.299238][ T38] ? put_net+0x191/0x260 [ 1122.299265][ T38] do_exit+0x70f/0x23c0 [ 1122.299286][ T38] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1122.299311][ T38] ? __pfx_do_exit+0x10/0x10 [ 1122.299327][ T38] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 1122.299345][ T38] ? reacquire_held_locks+0x104/0x190 [ 1122.299364][ T38] ? rt_spin_lock+0x1e0/0x400 [ 1122.299393][ T38] do_group_exit+0x21b/0x2d0 [ 1122.299411][ T38] ? rt_spin_unlock+0x160/0x200 [ 1122.299433][ T38] get_signal+0x125c/0x1310 [ 1122.299474][ T38] arch_do_signal_or_restart+0xbc/0x830 [ 1122.299500][ T38] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1122.299540][ T38] exit_to_user_mode_loop+0x86/0x480 [ 1122.299562][ T38] ? rcu_is_watching+0x15/0xb0 [ 1122.299584][ T38] do_syscall_64+0x32d/0xf80 [ 1122.299604][ T38] ? trace_irq_disable+0x3b/0x150 [ 1122.299634][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1122.299652][ T38] ? clear_bhb_loop+0x40/0x90 [ 1122.299674][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1122.299692][ T38] RIP: 0033:0x7fd50bfecfce [ 1122.299707][ T38] RSP: 002b:00007ffd129d37a8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 1122.299724][ T38] RAX: 0000000000000170 RBX: 0000555579dce500 RCX: 00007fd50bfecfce [ 1122.299737][ T38] RDX: 0000000000000170 RSI: 00007fd50cdd4670 RDI: 0000000000000005 [ 1122.299749][ T38] RBP: 0000000000000001 R08: 00007ffd129d3824 R09: 000000000000000c [ 1122.299760][ T38] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 1122.299771][ T38] R13: 0000000000000000 R14: 00007fd50cdd4670 R15: 0000000000000000 [ 1122.299800][ T38] [ 1122.299853][ T38] [ 1122.299853][ T38] Showing all locks held in the system: [ 1122.299863][ T38] 4 locks held by kworker/u8:0/12: [ 1122.299911][ T38] #0: ffff8880337bd938 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 [ 1122.299971][ T38] #1: ffffc90000117c40 ((work_completion)(&(&bat_priv->bla.work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 [ 1122.300018][ T38] #2: ffffffff8ddcb840 (rcu_read_lock){....}-{1:3}, at: batadv_bla_periodic_work+0x333/0xae0 [ 1122.300179][ T38] #3: ffff88813fffc5d8 (&zone->lock){+.+.}-{3:3}, at: get_page_from_freelist+0xd9f/0x2950 [ 1122.300249][ T38] 8 locks held by kworker/u8:1/13: [ 1122.300261][ T38] 3 locks held by rcuc/0/20: [ 1122.300272][ T38] 4 locks held by rcuc/1/28: [ 1122.300283][ T38] 1 lock held by khungtaskd/38: [ 1122.300292][ T38] #0: ffffffff8ddcb840 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 1122.300346][ T38] 3 locks held by kworker/u8:3/57: [ 1122.300357][ T38] #0: ffff888019c44138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 [ 1122.300402][ T38] #1: ffffc9000123fc40 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 [ 1122.300447][ T38] #2: ffffffff8f159ff8 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 1122.300539][ T38] 3 locks held by kworker/u8:4/67: [ 1122.300549][ T38] #0: ffff888019c44138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 [ 1122.300594][ T38] #1: ffffc9000152fc40 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 [ 1122.300639][ T38] #2: ffffffff8ddd1ab0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580 [ 1122.300684][ T38] 2 locks held by kworker/u8:5/142: [ 1122.300694][ T38] #0: ffff88801d7da938 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 [ 1122.300740][ T38] #1: ffffc90003a67c40 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 [ 1122.300786][ T38] 6 locks held by kworker/u8:6/164: [ 1122.300796][ T38] #0: ffff88801aee1138 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 [ 1122.300848][ T38] #1: ffffc90003a97c40 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 [ 1122.300892][ T38] #2: ffffffff8f14b840 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf4/0x800 [ 1122.300988][ T38] #3: ffff88804d8300d8 (&dev->mutex){....}-{4:4}, at: devlink_pernet_pre_exit+0x117/0x3f0 [ 1122.301085][ T38] #4: ffff888069c60300 (&devlink->lock_key#10){+.+.}-{4:4}, at: devlink_pernet_pre_exit+0x129/0x3f0 [ 1122.301138][ T38] #5: ffffffff8ddd1ab0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580 [ 1122.301187][ T38] 3 locks held by kworker/u8:9/1336: [ 1122.301210][ T38] 3 locks held by kworker/u8:11/3826: [ 1122.301219][ T38] #0: ffff888019c44138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 [ 1122.301264][ T38] #1: ffffc9000f23fc40 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 [ 1122.301308][ T38] #2: ffffffff8ddd1ab0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580 [ 1122.301351][ T38] 2 locks held by kworker/u8:12/3839: [ 1122.301362][ T38] #0: ffff88801d7da938 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 [ 1122.301407][ T38] #1: ffffc9000f3bfc40 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 [ 1122.301452][ T38] 6 locks held by kworker/u8:14/3880: [ 1122.301463][ T38] 3 locks held by kworker/u8:15/3930: [ 1122.301472][ T38] #0: ffff888069e62938 ((wq_completion)wg-kex-wg2#23){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 [ 1122.301522][ T38] #1: ffffc9000f6cfc40 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 [ 1122.301569][ T38] #2: ffff88813fffc5d8 (&zone->lock){+.+.}-{3:3}, at: get_page_from_freelist+0xd9f/0x2950 [ 1122.301612][ T38] 2 locks held by getty/5553: [ 1122.301622][ T38] #0: ffff8880286b00a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 1122.301721][ T38] #1: ffffc90003e8b2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x462/0x13c0 [ 1122.301794][ T38] 3 locks held by kworker/u8:18/6953: [ 1122.301812][ T38] #0: ffff888019c44138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 [ 1122.301857][ T38] #1: ffffc90008a47c40 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 [ 1122.301901][ T38] #2: ffffffff8ddd1ab0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580 [ 1122.301951][ T38] 2 locks held by kworker/u8:2/13205: [ 1122.301961][ T38] #0: ffff88801d7da938 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 [ 1122.302006][ T38] #1: ffffc90006cd7c40 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 [ 1122.302050][ T38] 3 locks held by kworker/u8:13/13206: [ 1122.302060][ T38] #0: ffff888019c44138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 [ 1122.302104][ T38] #1: ffffc90006ce7c40 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 [ 1122.302150][ T38] #2: ffffffff8ddd1ab0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580 [ 1122.302192][ T38] 2 locks held by kworker/u8:19/13207: [ 1122.302203][ T38] #0: ffff88801d7da938 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 [ 1122.302248][ T38] #1: ffffc90006cf7c40 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 [ 1122.302295][ T38] 3 locks held by kworker/1:0/13880: [ 1122.302306][ T38] 1 lock held by syz-executor/14639: [ 1122.302315][ T38] #0: ffffffff8ddd1ab0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580 [ 1122.302359][ T38] 1 lock held by syz-executor/14732: [ 1122.302369][ T38] #0: ffffffff8ddd1ab0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580 [ 1122.302413][ T38] 1 lock held by syz-executor/14965: [ 1122.302423][ T38] #0: ffffffff8ddd1ab0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580 [ 1122.302466][ T38] 1 lock held by syz-executor/15041: [ 1122.302476][ T38] #0: ffffffff8ddd1ab0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580 [ 1122.302521][ T38] 7 locks held by syz-executor/15217: [ 1122.302531][ T38] #0: ffff8880387a0480 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x22d/0xba0 [ 1122.302613][ T38] #1: ffff8880606bc078 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1df/0x540 [ 1122.302729][ T38] #2: ffff88802878ef08 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x232/0x540 [ 1122.302779][ T38] #3: ffffffff8e9c78b8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd7/0x370 [ 1122.302900][ T38] #4: ffff88802861d0d8 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xb6/0x870 [ 1122.302988][ T38] #5: ffff88802bd08300 (&devlink->lock_key#15){+.+.}-{4:4}, at: nsim_drv_remove+0x50/0x160 [ 1122.303070][ T38] #6: ffffffff8ddd1ab0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580 [ 1122.303114][ T38] 4 locks held by syz-executor/15329: [ 1122.303125][ T38] #0: ffff8880387a0480 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x22d/0xba0 [ 1122.303173][ T38] #1: ffff88807fb6ec78 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1df/0x540 [ 1122.303218][ T38] #2: ffff88802878ef08 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x232/0x540 [ 1122.303267][ T38] #3: ffffffff8e9c78b8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd7/0x370 [ 1122.303311][ T38] 1 lock held by syz.6.3206/15561: [ 1122.303318][ T38] #0: ffffffff8ddd1ab0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580 [ 1122.303362][ T38] 4 locks held by syz-executor/15575: [ 1122.303372][ T38] #0: ffff8880387a0480 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x22d/0xba0 [ 1122.303420][ T38] #1: ffff88803b946078 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1df/0x540 [ 1122.303465][ T38] #2: ffff88802878ef08 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x232/0x540 [ 1122.303514][ T38] #3: ffffffff8e9c78b8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd7/0x370 [ 1122.303559][ T38] 2 locks held by syz-executor/15675: [ 1122.303569][ T38] 2 locks held by syz-executor/15679: [ 1122.303579][ T38] #0: ffffffff8e8b5ca8 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250 [ 1122.303626][ T38] #1: ffffffff8f159ff8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8a1/0x1be0 [ 1122.303668][ T38] 3 locks held by kworker/u8:20/15723: [ 1122.303679][ T38] 6 locks held by kworker/u8:21/15724: [ 1122.303689][ T38] #0: ffff888019c44138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9ea/0x1830 [ 1122.303735][ T38] #1: ffffc900055bfc40 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa25/0x1830 [ 1122.303781][ T38] #2: ffff88802a65e300 (&devlink->lock_key#12){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 [ 1122.303836][ T38] #3: ffff8880298cad20 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 [ 1122.303876][ T38] #4: ffffffff8ddcb840 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400 [ 1122.303918][ T38] #5: ffff88813fffc5d8 (&zone->lock){+.+.}-{3:3}, at: get_page_from_freelist+0xd9f/0x2950 [ 1122.303960][ T38] 2 locks held by syz-executor/15849: [ 1122.303971][ T38] #0: ffffffff8f14b840 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x4f7/0x730 [ 1122.304013][ T38] #1: ffffffff8f159ff8 (rtnl_mutex){+.+.}-{4:4}, at: register_netdev+0x18/0x60 [ 1122.304059][ T38] 2 locks held by syz.3.3340/15863: [ 1122.304070][ T38] #0: ffff88803c3e26c8 (vm_lock){++++}-{0:0}, at: lock_vma_under_rcu+0x1d1/0x500 [ 1122.304151][ T38] #1: ffff88813fffc5d8 (&zone->lock){+.+.}-{3:3}, at: get_page_from_freelist+0xd9f/0x2950 [ 1122.304193][ T38] 2 locks held by syz-executor/15864: [ 1122.304203][ T38] #0: ffff888031a603b0 (&mm->mmap_lock){++++}-{4:4}, at: lock_mm_and_find_vma+0x36/0x340 [ 1122.304243][ T38] #1: ffff88813fffc5d8 (&zone->lock){+.+.}-{3:3}, at: get_page_from_freelist+0xd9f/0x2950 [ 1122.304284][ T38] [ 1122.304289][ T38] ============================================= [ 1122.304289][ T38] [ 1122.304302][ T38] NMI backtrace for cpu 1 [ 1122.304324][ T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1122.304344][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1122.304354][ T38] Call Trace: [ 1122.304362][ T38] [ 1122.304369][ T38] dump_stack_lvl+0xe8/0x150 [ 1122.304406][ T38] nmi_cpu_backtrace+0x274/0x2d0 [ 1122.304455][ T38] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1122.304486][ T38] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 1122.304508][ T38] sys_info+0x135/0x170 [ 1122.304554][ T38] watchdog+0xfd9/0x1030 [ 1122.304580][ T38] ? watchdog+0x21a/0x1030 [ 1122.304607][ T38] kthread+0x388/0x470 [ 1122.304625][ T38] ? __pfx_watchdog+0x10/0x10 [ 1122.304643][ T38] ? __pfx_kthread+0x10/0x10 [ 1122.304662][ T38] ret_from_fork+0x51e/0xb90 [ 1122.304692][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 1122.304714][ T38] ? __switch_to+0xc7d/0x1450 [ 1122.304737][ T38] ? __pfx_kthread+0x10/0x10 [ 1122.304756][ T38] ret_from_fork_asm+0x1a/0x30 [ 1122.304787][ T38] [ 1122.304794][ T38] Sending NMI from CPU 1 to CPUs 0: [ 1122.304830][ C0] NMI backtrace for cpu 0 [ 1122.304843][ C0] CPU: 0 UID: 0 PID: 20 Comm: rcuc/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1122.304860][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1122.304869][ C0] RIP: 0010:__sanitizer_cov_trace_const_cmp8+0x2a/0xa0 [ 1122.304890][ C0] Code: f3 0f 1e fa 48 8b 04 24 65 48 8b 0d c8 b6 89 10 65 44 8b 05 e8 b6 89 10 41 81 e0 00 00 ff 00 ba 00 01 00 00 23 91 a4 0b 00 00 <41> 89 d1 45 09 c1 74 12 45 85 c0 75 5b 85 d2 74 57 83 b9 64 16 00 [ 1122.304904][ C0] RSP: 0018:ffffc90000196ec0 EFLAGS: 00000206 [ 1122.304918][ C0] RAX: ffffffff81782855 RBX: 000000007d512d80 RCX: ffff88801ca90000 [ 1122.304929][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 1122.304939][ C0] RBP: 0000000000000180 R08: 0000000000000000 R09: 0000000000000100 [ 1122.304948][ C0] R10: dffffc0000000000 R11: ffffed100749f471 R12: ffff88807d512d80 [ 1122.304960][ C0] R13: 1ffff1100faa25e0 R14: 000000000000002e R15: 0000000000000000 [ 1122.304970][ C0] FS: 0000000000000000(0000) GS:ffff88812633f000(0000) knlGS:0000000000000000 [ 1122.304983][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1122.304994][ C0] CR2: 00007fa3d2ab263d CR3: 0000000029356000 CR4: 00000000003526f0 [ 1122.305007][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1122.305017][ C0] DR3: 000000000202000e DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 1122.305027][ C0] Call Trace: [ 1122.305033][ C0] [ 1122.305046][ C0] __phys_addr+0xc5/0x180 [ 1122.305064][ C0] kmem_cache_free+0x34/0x6b0 [ 1122.305089][ C0] skb_release_data+0x6c3/0x940 [ 1122.305161][ C0] __kfree_skb+0x5d/0x210 [ 1122.305180][ C0] nft_synproxy_eval_v4+0x352/0x4e0 [ 1122.305281][ C0] ? __pfx_nft_synproxy_eval_v4+0x10/0x10 [ 1122.305319][ C0] ? nf_ip_checksum+0x13c/0x510 [ 1122.305376][ C0] nft_synproxy_do_eval+0x305/0x580 [ 1122.305399][ C0] ? __pfx_nft_synproxy_do_eval+0x10/0x10 [ 1122.305420][ C0] ? update_cfs_rq_load_avg+0x3fb/0x4e0 [ 1122.305454][ C0] nft_do_chain+0x45e/0x1990 [ 1122.305534][ C0] ? __pfx_nft_do_chain+0x10/0x10 [ 1122.305556][ C0] ? rcu_is_watching+0x15/0xb0 [ 1122.305577][ C0] ? __lock_acquire+0x6b5/0x2cf0 [ 1122.305594][ C0] ? __lock_acquire+0x6b5/0x2cf0 [ 1122.305610][ C0] nft_do_chain_inet+0x29d/0x380 [ 1122.305675][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 1122.305697][ C0] ? rtlock_slowlock_locked+0xfb/0x3c80 [ 1122.305717][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 1122.305737][ C0] nf_hook_slow+0xc5/0x220 [ 1122.305757][ C0] NF_HOOK+0x21f/0x3c0 [ 1122.305815][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 1122.305858][ C0] ? NF_HOOK+0x9e/0x3c0 [ 1122.305876][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 1122.305894][ C0] ? ip_rcv_finish_core+0xda3/0x1c00 [ 1122.305915][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 1122.305938][ C0] ? ip_local_deliver+0x12a/0x1b0 [ 1122.305957][ C0] NF_HOOK+0x336/0x3c0 [ 1122.305972][ C0] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 1122.305989][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 1122.306007][ C0] ? NF_HOOK+0x9e/0x3c0 [ 1122.306025][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 1122.306045][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 1122.306066][ C0] ? __pfx_ip_rcv+0x10/0x10 [ 1122.306083][ C0] ? process_backlog+0x271/0xc60 [ 1122.306099][ C0] ? __pfx_ip_rcv+0x10/0x10 [ 1122.306118][ C0] process_backlog+0x569/0xc60 [ 1122.306135][ C0] ? stack_trace_save+0xa9/0x100 [ 1122.306161][ C0] __napi_poll+0xaf/0x580 [ 1122.306175][ C0] ? skb_defer_free_flush+0x233/0x260 [ 1122.306192][ C0] net_rx_action+0x696/0xe00 [ 1122.306215][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 1122.306231][ C0] ? kvm_sched_clock_read+0x11/0x20 [ 1122.306253][ C0] ? __pfx_sched_clock_cpu+0x10/0x10 [ 1122.306278][ C0] handle_softirqs+0x1de/0x6f0 [ 1122.306303][ C0] __local_bh_enable_ip+0x170/0x2b0 [ 1122.306328][ C0] ? rcu_cpu_kthread+0x205/0x1470 [ 1122.306342][ C0] rcu_cpu_kthread+0x9e8/0x1470 [ 1122.306360][ C0] ? rcu_cpu_kthread+0x205/0x1470 [ 1122.306378][ C0] ? __pfx_rcu_cpu_kthread+0x10/0x10 [ 1122.306391][ C0] ? preempt_schedule_thunk+0x16/0x30 [ 1122.306409][ C0] ? preempt_schedule_common+0x82/0xd0 [ 1122.306431][ C0] ? smpboot_thread_fn+0x4d/0xa50 [ 1122.306450][ C0] smpboot_thread_fn+0x541/0xa50 [ 1122.306471][ C0] ? smpboot_thread_fn+0x4d/0xa50 [ 1122.306495][ C0] kthread+0x388/0x470 [ 1122.306510][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 1122.306528][ C0] ? __pfx_kthread+0x10/0x10 [ 1122.306544][ C0] ret_from_fork+0x51e/0xb90 [ 1122.306564][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 1122.306582][ C0] ? __switch_to+0xc7d/0x1450 [ 1122.306601][ C0] ? __pfx_kthread+0x10/0x10 [ 1122.306615][ C0] ret_from_fork_asm+0x1a/0x30 [ 1122.306637][ C0] [ 1122.701059][ T38] Kernel panic - not syncing: hung_task: blocked tasks [ 1122.701078][ T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1122.701099][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1122.701109][ T38] Call Trace: [ 1122.701118][ T38] [ 1122.701126][ T38] vpanic+0x56c/0xa60 [ 1122.701155][ T38] ? __pfx___schedule+0x10/0x10 [ 1122.701177][ T38] ? __pfx_vpanic+0x10/0x10 [ 1122.701208][ T38] panic+0xc5/0xd0 [ 1122.701229][ T38] ? __pfx_panic+0x10/0x10 [ 1122.701253][ T38] ? preempt_schedule_thunk+0x16/0x30 [ 1122.701279][ T38] ? nmi_trigger_cpumask_backtrace+0x2bb/0x300 [ 1122.701301][ T38] watchdog+0x1023/0x1030 [ 1122.701327][ T38] ? watchdog+0x21a/0x1030 [ 1122.701353][ T38] kthread+0x388/0x470 [ 1122.701371][ T38] ? __pfx_watchdog+0x10/0x10 [ 1122.701388][ T38] ? __pfx_kthread+0x10/0x10 [ 1122.701407][ T38] ret_from_fork+0x51e/0xb90 [ 1122.701431][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 1122.701452][ T38] ? __switch_to+0xc7d/0x1450 [ 1122.701477][ T38] ? __pfx_kthread+0x10/0x10 [ 1122.701494][ T38] ret_from_fork_asm+0x1a/0x30 [ 1122.701524][ T38] [ 1122.701935][ T38] Kernel Offset: disabled