last executing test programs: 11m44.078741978s ago: executing program 2 (id=6317): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000280)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0xffffffffffffff61, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x78, 0x0, &(0x7f0000000540)={@ptr={0x66642a85, 0x0, 0x0, 0x0, 0x1, 0x25}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x1, 0x29}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x1, 0x20}}, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) 11m43.483345152s ago: executing program 2 (id=6319): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060", @ANYRESOCT], 0xb8}}, 0x20040014) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0x2, 0x0, 0x25dfdbfb, {{@in6=@private0, @in=@broadcast, 0x0, 0x4, 0x0, 0x0, 0xa, 0x60, 0x80, 0x3b, 0x0, 0xee01}, {0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, {0xfffffffffffffffe}, 0x9, 0x0, 0x0, 0x1, 0x2}}, 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x50) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e0001"], 0xb8}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc0000000000000000"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0) syz_usb_connect(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="120100001964d408861a92e03f53010203010902"], 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0xaa3, 0xfffffffffffffff8}, {0x0, 0x8}}}, 0xb8}}, 0x0) 11m40.875834687s ago: executing program 2 (id=6330): r0 = socket$kcm(0x11, 0x200000000000002, 0x300) r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x9, &(0x7f0000000240)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000002f000000b709000000000000850000002300000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000000c0)=r2, 0x4) syz_emit_ethernet(0x3e, &(0x7f0000000140)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x25}, @random="c6eb8947e4e4", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @rand_addr=0x64010100, @local}, @time_exceeded={0xb, 0xe0dbf46ca9d044ba, 0x0, 0x3, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @multicast1, @multicast1}}}}}}, 0x0) 11m38.0509726s ago: executing program 2 (id=6333): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000080), 0x42, 0x0) fsync(r0) 11m37.908073234s ago: executing program 2 (id=6334): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000300)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000440)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000500)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) 11m37.50403638s ago: executing program 2 (id=6337): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, 0x0, 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) unshare(0x64000600) 11m21.560370323s ago: executing program 32 (id=6337): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, 0x0, 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) unshare(0x64000600) 9m25.778029654s ago: executing program 3 (id=6580): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) syz_usb_connect(0x2, 0x2d, &(0x7f0000000a00)=ANY=[@ANYBLOB="120100000c9768405e0483020b9901e4020109021b000100000000090400fb015c291d00090509"], 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) pipe2(0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) syz_open_dev$audion(&(0x7f00000011c0), 0x3, 0x8c4201) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000040)) 9m22.260394227s ago: executing program 3 (id=6589): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x200000005c832, 0xffffffffffffffff, 0x0) setsockopt$CAN_RAW_RECV_OWN_MSGS(0xffffffffffffffff, 0x65, 0x4, &(0x7f0000000200), 0x4) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2) r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) 9m21.36420402s ago: executing program 3 (id=6593): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan1\x00'}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004080}, 0x0) 9m19.392322337s ago: executing program 3 (id=6594): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800010009000000000000000a00000000000000080001"], 0x24}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c0000006800e97800000000000000000a00000000000000040004"], 0x1c}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@newnexthop={0x24, 0x68, 0x1, 0x2, 0x7ffffffc, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x4}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000) 9m18.877114662s ago: executing program 3 (id=6598): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept(r0, 0x0, 0x0) sendmsg$nl_route_sched_retired(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=@deltclass={0x54, 0x29, 0x100, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x9, 0xffe0}, {0x4, 0x9}, {0xb, 0xc}}, [@c_atm={{0x8}, {0x28, 0x2, [@TCA_ATM_HDR={0x4}, @TCA_ATM_HDR={0x20, 0x3, "b27ce56d7bd66b577e2a00fa2a6f8cad70c37fd0b6897c949b3eae33"}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x8000}, 0x200048c5) recvmsg(r1, &(0x7f000000b680)={0x0, 0x10400004, &(0x7f000000b600)=[{&(0x7f000000b4c0)=""/5, 0x4}, {&(0x7f000000b500)=""/153, 0xfb59}], 0x2}, 0x0) sendmsg$BATADV_CMD_GET_GATEWAYS(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000980)=ANY=[], 0x48}, 0x1, 0x0, 0x0, 0x4000}, 0x40040) 9m18.652634274s ago: executing program 3 (id=6599): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3d, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7ffffdbd}]}) r4 = shmget$private(0x0, 0x3000, 0x2, &(0x7f0000ffd000/0x3000)=nil) r5 = shmat(r4, &(0x7f0000ffc000/0x3000)=nil, 0x4000) shmdt(r5) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0}, 0x18) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mremap(&(0x7f0000724000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f0000290000/0x4000)=nil) syz_emit_ethernet(0x95, &(0x7f0000000240)=ANY=[@ANYBLOB="ffffffffffffbbbbbbbbbbbb810013000805000817a2f1ff80114502115efa2edffe20909cab2da7c0ba8cc356fcdb59c3048b9ae94577115ca496e8207377a0b02da9b6b5f9dbacf68e1ecd9b71d26b036bef2c5ce88ea55818abc98ace892033dfe821fa6263b648e2bd1fcc2e0f5a7088bd59ef54b91786f90f4626dd33800b261e2f6292f759b1c6d900000000"], &(0x7f00000001c0)={0x1, 0x1, [0xf74, 0x4e0, 0xe4b, 0xa20]}) syz_open_dev$usbfs(&(0x7f0000000100), 0x775, 0x8000) munlockall() madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8) dup(r2) r6 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r6, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r0, 0x3ba0, &(0x7f00000003c0)={0x48, 0xc, r1, 0x0, 0x0, 0x200000000}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000000)={0x28, 0x6, r1, 0x0, &(0x7f0000ffb000/0x4000)=nil, 0x4000}) r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r7, 0xffffffffffffffff, 0x0) 9m3.517658922s ago: executing program 33 (id=6599): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3d, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7ffffdbd}]}) r4 = shmget$private(0x0, 0x3000, 0x2, &(0x7f0000ffd000/0x3000)=nil) r5 = shmat(r4, &(0x7f0000ffc000/0x3000)=nil, 0x4000) shmdt(r5) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0}, 0x18) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mremap(&(0x7f0000724000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f0000290000/0x4000)=nil) syz_emit_ethernet(0x95, &(0x7f0000000240)=ANY=[@ANYBLOB="ffffffffffffbbbbbbbbbbbb810013000805000817a2f1ff80114502115efa2edffe20909cab2da7c0ba8cc356fcdb59c3048b9ae94577115ca496e8207377a0b02da9b6b5f9dbacf68e1ecd9b71d26b036bef2c5ce88ea55818abc98ace892033dfe821fa6263b648e2bd1fcc2e0f5a7088bd59ef54b91786f90f4626dd33800b261e2f6292f759b1c6d900000000"], &(0x7f00000001c0)={0x1, 0x1, [0xf74, 0x4e0, 0xe4b, 0xa20]}) syz_open_dev$usbfs(&(0x7f0000000100), 0x775, 0x8000) munlockall() madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8) dup(r2) r6 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r6, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r0, 0x3ba0, &(0x7f00000003c0)={0x48, 0xc, r1, 0x0, 0x0, 0x200000000}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000000)={0x28, 0x6, r1, 0x0, &(0x7f0000ffb000/0x4000)=nil, 0x4000}) r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r7, 0xffffffffffffffff, 0x0) 5m16.970654616s ago: executing program 4 (id=8313): r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000180), 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$loop(0x0, 0x45ffffa, 0x281) io_uring_enter(0xffffffffffffffff, 0x95d, 0xfa39, 0xc1, 0x0, 0x0) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000040)={@private0}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x42002) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x40) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000050000030900010073797a30000000002c000000030a01010000000000000000050000000900010073797a30000000000900030073797a300000000044000000060a210400000000000000000500000008000b40000000001c000480180001800d00010073796e70726f787900000000040002800900010073797a3000000000140000001100010000000000000000000000000aeef99a77539f6a75304b5ef2cf29a4df05d4442ebf3efbce"], 0xb8}}, 0x0) io_uring_enter(0xffffffffffffffff, 0x47fa, 0x0, 0x0, 0x0, 0x0) accept$alg(r0, 0x0, 0x0) 5m16.872086003s ago: executing program 4 (id=8314): syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x418000) syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000040)=ANY=[], 0x0) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_disconnect(0xffffffffffffffff) write$char_usb(r0, 0x0, 0x0) 5m16.851077276s ago: executing program 4 (id=8315): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r1, 0x40015b0b, 0x0) 5m15.593073186s ago: executing program 4 (id=8317): creat(0x0, 0xd931d3864d39ddd8) r0 = open$dir(0x0, 0x0, 0x1) r1 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f00000000c0)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000001c0), 0x4e, 0x20044880) recvmmsg(r4, 0x0, 0x0, 0x2, 0x0) r6 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) fanotify_mark(0xffffffffffffffff, 0x7e, 0x800002a, r6, 0x0) write$qrtrtun(r1, &(0x7f0000000300)="ca0e808bb35b", 0x6) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000440)=[0x5], &(0x7f0000000240)=[0x2], 0x0, 0x1}}, 0x40) mmap$xdp(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1f, 0x12, r0, 0x0) 5m13.56750558s ago: executing program 4 (id=8321): r0 = syz_open_dev$swradio(&(0x7f00000000c0), 0x0, 0x2) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000040)={0xf0f041, 0x8e5}) 5m13.527355799s ago: executing program 4 (id=8322): r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000004000000000000000000181100", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket(0x10, 0x3, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f0000000780), r2) getsockname$packet(r2, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000bc0)=ANY=[@ANYBLOB="4400000010000104001007fb5c360dff9fe30000", @ANYRES32=r3, @ANYBLOB="0100000000000000240012000c000100627269646765000e140002000800070005"], 0x44}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendto$packet(r0, 0x0, 0x0, 0x0, &(0x7f00000003c0)={0x11, 0x8100, r3, 0x1, 0x0, 0x6, @local}, 0x14) 2m43.977857605s ago: executing program 5 (id=8701): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) dup(r0) r1 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x2}, &(0x7f0000000200)=0x0, &(0x7f00000001c0)=0x0) r4 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r4, 0x4008af00, &(0x7f00000001c0)=0x304008000) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0, 0x0, 0x0, 0x0, {0x1}, 0x1}) io_uring_enter(r1, 0x612a, 0x17e, 0x0, 0x0, 0x0) readv(r4, &(0x7f0000000100)=[{&(0x7f0000000080)=""/60, 0x3c}, {&(0x7f00000000c0)=""/19, 0x13}], 0x2) 2m41.95447126s ago: executing program 5 (id=8705): r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x182) mount(0x0, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{}, 0x0, 0x0}, 0x20) epoll_create1(0x0) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) write$tun(0xffffffffffffffff, &(0x7f0000000a00)={@val={0x0, 0x800}, @val={0x2, 0x0, 0x1, 0x5, 0x7, 0xf2}, @eth={@multicast, @remote, @val={@void, {0x8100, 0x2, 0x1, 0x4}}, {@mpls_mc={0x8848, {[{}, {0x2, 0x0, 0x1}, {0x1}], @ipv4=@dccp={{0xe, 0x4, 0x0, 0x8, 0x5b, 0x67, 0x0, 0x3, 0x21, 0x0, @empty, @private=0xa010100, {[@timestamp_prespec={0x44, 0x4, 0x3c}, @timestamp_addr={0x44, 0x1c, 0xec, 0x1, 0x0, [{@local, 0xfff}, {@empty, 0x80}, {@broadcast, 0x2}]}, @generic={0x44, 0x3, '|'}, @end]}}, {{0x4e24, 0x4e22, 0x4, 0x1, 0x5, 0x0, 0x0, 0x5, 0x2, "3ee198", 0x77, "d42178"}, "7553e24cfd3622fe3ea008e363100587553838"}}}}}}}, 0x87) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000380)=0x8008000000000002) sched_setscheduler(r1, 0x2, &(0x7f0000000240)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080", @ANYBLOB, @ANYBLOB], 0x50) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) r6 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) bind$bt_l2cap(r7, &(0x7f0000000280)={0x1f, 0x0, @none, 0x0, 0x2}, 0xe) mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r6, @ANYBLOB=',wfdno=', @ANYRESHEX=r7]) 2m40.288097s ago: executing program 5 (id=8708): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, 0x0, 0x0) r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCADDRT(r0, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}) 2m39.812516822s ago: executing program 5 (id=8711): ioctl$CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, &(0x7f0000004180)={"2370491d", 0x0, 0x5, 0x2, 0x8, 0x5, "000064640000001503fe00", '\x00', "0f00", "64bdac32", ["e86621d98c668c391f6bc506", "3549ffffff00", "2fc7977386afe0374831c1f9", "cf6cce2296b3f853e224c4e0"]}) ioctl$CEC_TRANSMIT(0xffffffffffffffff, 0xc0386105, &(0x7f0000000480)={0x5, 0xfffffffffffffffe, 0x3ff, 0x0, 0x5, 0x5, "0f00000000000101000000009ee900", 0x0, 0x2, 0x0, 0x6, 0x0, 0x4, 0xff}) 2m39.478137581s ago: executing program 5 (id=8713): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) write$tun(r0, &(0x7f0000000240)={@void, @val={0x0, 0x80, 0xfffb, 0xfffc, 0x56, 0x3}, @arp=@generic={0x208, 0x6, 0x6, 0x0, 0x1, @broadcast, "", @remote}}, 0x1e) 2m35.076400193s ago: executing program 6 (id=8719): pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_route(0x10, 0x3, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000002060101000000000000000000f90003050005000a0000000900020073797a300000000005"], 0x30}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="300000001c0001000000000004086aa42d"], 0x30}}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0) 2m34.48752395s ago: executing program 6 (id=8721): socket$nl_sock_diag(0x10, 0x3, 0x4) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_usb_connect(0x0, 0x5f, 0x0, 0x0) sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0) r2 = socket(0x2a, 0x2, 0x0) getsockname$packet(r2, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000014c0)=@newtfilter={0xbd8, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0xfffa}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_basic={{0xa}, {0xba8, 0x2, [@TCA_BASIC_ACT={0x60, 0x3, [@m_gact={0x5c, 0xe, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_GACT_PROB={0xc, 0x3, {0x0, 0x143e, 0x1}}, @TCA_GACT_PARMS={0x18, 0x2, {0x7ff, 0x1, 0x40000002, 0x0, 0x3}}]}, {0xb, 0x6, "435d6adbcfe776"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}]}, @TCA_BASIC_CLASSID={0x8, 0x1, {0xf, 0xfff2}}, @TCA_BASIC_CLASSID={0x8, 0x1, {0x9, 0x9419dd028165f667}}, @TCA_BASIC_EMATCHES={0x14, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x8}}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x81}}]}, @TCA_BASIC_POLICE={0x854, 0x4, [@TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x7}, @TCA_POLICE_RATE={0x404, 0x2, [0x3, 0x6000, 0x8, 0xfffffff7, 0x3, 0x2, 0x4, 0x2, 0xffffff52, 0x0, 0x92, 0x8, 0x6, 0x613, 0x9, 0xf9a4, 0x3, 0x1, 0xc9a8, 0x692, 0xefa, 0x10000, 0x6, 0x80000000, 0x2, 0x11b48045, 0x0, 0x6, 0xd0, 0xfffffffa, 0x1, 0xa, 0x0, 0x4, 0xfffffff7, 0xc, 0x5, 0x4, 0x81, 0x3, 0x2, 0x7, 0xff, 0x8000, 0x7b9, 0xfffffff4, 0x8, 0x400, 0x5, 0x8, 0x6, 0x100, 0xffff, 0x8000, 0xb3, 0x1, 0x1, 0x7ff, 0x9, 0x3, 0x7, 0x6, 0x1, 0x3, 0x9, 0x5, 0xfffffffb, 0x4, 0x2, 0x4, 0x4, 0x2, 0x1579, 0x6, 0x9, 0x0, 0x950, 0xe96c, 0x400, 0x7ff, 0x1, 0x3e, 0x5, 0x2c, 0x8856, 0x8000000, 0x7, 0x1, 0x8001, 0x7fff, 0xdd, 0xb4, 0x800, 0x2, 0x9, 0x81, 0x6a0, 0x5, 0x6, 0xa, 0xe, 0x1ff, 0x5, 0x4, 0x401, 0x7fff, 0x2, 0x7f, 0x6, 0x9, 0x9, 0x1, 0x81, 0x4b, 0xef, 0x5, 0x7, 0x401, 0x7, 0x9, 0x6, 0xfffffffe, 0x0, 0x7, 0x8, 0xd, 0x9, 0x10000, 0x10001, 0x9, 0x8, 0x1, 0x7f, 0x85, 0x772, 0x1ff, 0x8, 0x4, 0x2, 0xfa, 0x2, 0x0, 0x7, 0x91, 0x6, 0x6, 0x4, 0x5, 0x8, 0x1000, 0x2, 0xfffffffd, 0xff, 0x7, 0x9, 0xa, 0x9, 0xfff, 0x81, 0xffff286d, 0x7, 0x8, 0x5, 0x3, 0x80000000, 0x4, 0x3a, 0x1, 0x8, 0x483e5fcc, 0x5, 0xeb, 0x5, 0x7fffffff, 0x7ff, 0x6, 0x5, 0x3, 0xfffffff7, 0x1, 0x9, 0x8, 0xa94, 0x3, 0x5, 0x6, 0x8, 0x5, 0x8, 0x0, 0x5, 0xcb, 0x3, 0x0, 0x4, 0x6, 0x2, 0x7fc, 0xc, 0x10001, 0x9, 0x8, 0x5, 0xa2, 0x0, 0x3, 0x7, 0x100, 0x3a, 0xd, 0x6, 0x200, 0x5, 0x7, 0x1, 0x24, 0x3, 0x9, 0xffff, 0x3, 0xc4, 0x95c9, 0x3, 0x2, 0x40, 0x7fffffff, 0x8, 0xc, 0x7, 0x5, 0x1, 0x9, 0x3, 0x80000001, 0x2, 0x2898, 0x6, 0x9, 0x2f, 0x2, 0x81, 0x3, 0x2, 0x3, 0x0, 0x8001, 0xffff, 0x3, 0xffffff01, 0xc45a, 0x0, 0x9, 0x4, 0x7, 0x0, 0x5]}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x9, 0x63, 0x5, 0x4, 0xfb, 0x5, 0xffffffff, 0x6000, 0xb6d, 0x6, 0xecd3, 0x0, 0x800, 0x7, 0x2, 0x5, 0x1, 0x9, 0xe34, 0x1, 0x5, 0x9, 0x5717, 0xffffffff, 0x5, 0x0, 0xfffffa88, 0x0, 0x9, 0x6, 0x2, 0x8, 0x9862e6c7, 0x85a, 0x20000000, 0x6c000000, 0x4, 0x6, 0x1, 0x39, 0x800, 0xfffffff9, 0x7, 0x7, 0x3, 0x2, 0xfffffb0a, 0x5, 0x4, 0x8, 0x5, 0x8, 0x1, 0x800, 0xc4, 0x8001, 0xe20, 0x8, 0x6, 0x6, 0x6, 0x5, 0x4, 0xab, 0x6, 0xffff, 0x1000, 0x3, 0x17f, 0x3, 0x80, 0x8001, 0x5, 0x8, 0x1, 0x80, 0x2, 0x9c, 0xfff, 0x360, 0x80, 0x5, 0x800, 0x7800000, 0x29a, 0x80, 0xae, 0x9e, 0x4, 0x251c, 0x401, 0x611, 0xb, 0x65, 0x7, 0xe97, 0xfffffff7, 0xc, 0x7f, 0x0, 0x8, 0xdcb4, 0x100, 0x4, 0xff, 0x2, 0x81, 0xfffffffc, 0x8, 0x40, 0x1, 0x3, 0x5, 0x7, 0xa, 0x96b, 0x8, 0x7, 0x7, 0x7, 0xd0a3, 0x10, 0x4, 0x8000, 0x4, 0x5, 0x8, 0xa3ec, 0xfffffff3, 0x6, 0x0, 0x1, 0x2, 0x81, 0xfff, 0x6, 0x1, 0x8, 0x2, 0x1, 0xfff, 0x31, 0xf1c, 0x76, 0x7, 0x6, 0xa2, 0x5, 0xffff, 0x1, 0x600, 0x800, 0x0, 0x1, 0x68, 0x8, 0x2, 0x1, 0x3e1, 0x3, 0x5f9d, 0x2, 0xd92, 0x1, 0xfffffffe, 0xfffffff1, 0x5d, 0xf20f, 0xd, 0x9, 0x8, 0x7f, 0x3, 0xe, 0x331b, 0x8, 0x7, 0x8, 0x10001, 0x400, 0x1ff, 0x2, 0x8, 0x5, 0x431, 0x8, 0x65, 0x9, 0x3, 0x1000, 0x4, 0x8, 0xc0000000, 0x6, 0xa52, 0x7, 0x21, 0x7, 0x9, 0xff, 0x8, 0xff, 0xadc, 0x5650054a, 0x5, 0x2, 0x1, 0x3, 0x2, 0xfffffffd, 0xb44, 0x400, 0xffffffff, 0x4, 0x5, 0x1, 0x234, 0x4, 0x400, 0x7ff, 0x5, 0x6, 0x0, 0xfffffff0, 0x25cb, 0x9, 0x1, 0x4, 0x7, 0x3, 0x6, 0x3, 0x8000, 0x3, 0x6, 0x0, 0x2, 0x40, 0x8b1, 0x5, 0x56, 0x3, 0x8, 0x1, 0x6, 0x840a, 0x0, 0x3, 0x6, 0x8000, 0xf463, 0x4, 0x8, 0x0, 0x5, 0x7]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x5, 0xffffffffffffffff, 0xe, 0xd33, 0x7fffffff, {0x7, 0x1, 0xfff7, 0x0, 0x5, 0x3}, {0xc, 0x0, 0x7, 0xfffc, 0x8, 0xffff985b}, 0x9, 0x151ea45f, 0x4}}]}, @TCA_BASIC_EMATCHES={0x1c0, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x70, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x1, 0x0, 0x0, {{0x20, 0x8, 0x1}, {0x3, 0x5, 0x4}}}, @TCF_EM_IPT={0xc, 0x3, 0x0, 0x0, {{0xfff9, 0x9, 0x3}}}, @TCF_EM_NBYTE={0x10, 0x3, 0x0, 0x0, {{0x0, 0x2, 0x5}, {0x1, 0x0, 0x2}}}, @TCF_EM_IPSET={0x10, 0x3, 0x0, 0x0, {{0x4, 0x8, 0x9f1a}, {0x2, 0x1, 0xe}}}, @TCF_EM_NBYTE={0x10, 0x1, 0x0, 0x0, {{0x0, 0x2, 0xffc7}, {0x8, 0x0, 0x2}}}, @TCF_EM_IPT={0xc, 0x3, 0x0, 0x0, {{0x401, 0x9, 0x2}}}, @TCF_EM_CANID={0x14, 0x3, 0x0, 0x0, {{0x3, 0x7, 0x3}, {{0x2, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x1}}}}]}, @TCA_EMATCH_TREE_LIST={0x30, 0x2, 0x0, 0x1, [@TCF_EM_U32={0x1c, 0x3, 0x0, 0x0, {{0x8000, 0x3, 0x2700}, {0x3, 0x582ddb8c, 0x81, 0x7f}}}, @TCF_EM_IPSET={0x10, 0x1, 0x0, 0x0, {{0x0, 0x8, 0x8b9}, {0x1, 0x4, 0x2}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x53e}}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x7}}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x3}}, @TCA_EMATCH_TREE_LIST={0xf4, 0x2, 0x0, 0x1, [@TCF_EM_CANID={0x14, 0x3, 0x0, 0x0, {{0x3ff, 0x7, 0x8000}, {{0x4, 0x0, 0x0, 0x1}, {0x3, 0x1}}}}, @TCF_EM_U32={0x1c, 0x2, 0x0, 0x0, {{0x8, 0x3, 0xfff7}, {0xffffffff, 0x6, 0x6, 0x5}}}, @TCF_EM_IPSET={0x10, 0x1, 0x0, 0x0, {{0x4, 0x8, 0xfffd}, {0x4, 0x5, 0x5}}}, @TCF_EM_META={0xc, 0x3, 0x0, 0x0, {{0x8, 0x4, 0xfff7}}}, @TCF_EM_NBYTE={0x18, 0x1, 0x0, 0x0, {{0x6, 0x2, 0xcc}, {0x328, 0x7, 0x0, "961aff70bce3b6"}}}, @TCF_EM_CONTAINER={0xc, 0x1, 0x0, 0x0, {{0x25, 0x0, 0x8}}}, @TCF_EM_META={0x18, 0x2, 0x0, 0x0, {{0x2, 0x4, 0x985}, [@TCA_EM_META_HDR={0xc, 0x1, {{0x1, 0x7d, 0x2}, {0x1, 0xb}}}]}}, @TCF_EM_IPSET={0x10, 0x3, 0x0, 0x0, {{0x0, 0x8, 0x53}, {0x4, 0x1, 0x6}}}, @TCF_EM_CONTAINER={0x58, 0x1, 0x0, 0x0, {{0x5}, "ceaa7f0040a68314bc1967a6e57921adbc168cf233ad996adfaf90a4a044ec0a3a64c5120f5a0feeca3f7e905ec944433779fee2ebc500976842959dc0ee3970975b490d7d45e00676e688b4"}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x4aaf}}]}, @TCA_BASIC_EMATCHES={0x4}, @TCA_BASIC_EMATCHES={0x100, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x80, 0x2, 0x0, 0x1, [@TCF_EM_CMP={0x18, 0x3, 0x0, 0x0, {{0x9, 0x1, 0x6}, {0x1, 0x8001, 0xf001, 0x2, 0x3, 0x0, 0x2}}}, @TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0x6, 0x7, 0x7}, {{0x4, 0x1, 0x1, 0x1}, {0x3, 0x1, 0x0, 0x1}}}}, @TCF_EM_CANID={0x14, 0x2, 0x0, 0x0, {{0x9, 0x7, 0x2}, {{0x2, 0x1}, {0x4, 0x1, 0x0, 0x1}}}}, @TCF_EM_CMP={0x18, 0x3, 0x0, 0x0, {{0x12b, 0x1, 0xf757}, {0x87, 0xd, 0x1ff, 0x1, 0x4, 0x0, 0x3}}}, @TCF_EM_CANID={0x14, 0x2, 0x0, 0x0, {{0x2, 0x7, 0x9}, {{0x2, 0x0, 0x0, 0x1}, {0x1, 0x1, 0x1}}}}, @TCF_EM_IPSET={0x10, 0x1, 0x0, 0x0, {{0x8, 0x8, 0xf}, {0x3, 0x6, 0x7}}}]}, @TCA_EMATCH_TREE_LIST={0x74, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x1, 0x0, 0x0, {{0x2, 0x8, 0x565b}, {0x1, 0x3, 0x4}}}, @TCF_EM_META={0xc, 0x1, 0x0, 0x0, {{0x69}}}, @TCF_EM_META={0x2c, 0x1, 0x0, 0x0, {{0xa000, 0x4, 0x8}, [@TCA_EM_META_LVALUE={0x1e, 0x2, [@TCF_META_TYPE_INT=0x2, @TCF_META_TYPE_VAR="8d9ffcd2479727445b", @TCF_META_TYPE_VAR="4f39c08fea", @TCF_META_TYPE_INT, @TCF_META_TYPE_INT=0x5]}]}}, @TCF_EM_U32={0x1c, 0x3, 0x0, 0x0, {{0x3, 0x3, 0x3}, {0x2, 0x4, 0x0, 0x5}}}, @TCF_EM_IPT={0xc, 0x3, 0x0, 0x0, {{0x8, 0x9, 0x9}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x100}}]}, @TCA_BASIC_CLASSID={0x8, 0x1, {0xfff3, 0xa}}]}}]}, 0xbd8}}, 0x20004005) r4 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r4, &(0x7f00000002c0), 0x40000000000009f, 0x0) 2m31.471397394s ago: executing program 5 (id=8727): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x3, 0x3, &(0x7f0000000480)=@framed, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket(0x10, 0x803, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYRES8=r0], 0x1c}, 0x1, 0x0, 0x0, 0x20040040}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r1, &(0x7f0000000000), 0xd) 2m31.286729118s ago: executing program 6 (id=8729): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$802154_dgram(r3, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x0, 0x0}) sendmsg$IPVS_CMD_NEW_DAEMON(0xffffffffffffffff, 0x0, 0x4000) 2m29.717497188s ago: executing program 6 (id=8730): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@func_proto={0x0, 0x0, 0x0, 0xd, 0xa}]}}, 0x0, 0x26, 0x0, 0x8}, 0x28) 2m29.48031723s ago: executing program 6 (id=8734): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=@newnexthop={0x38, 0x68, 0x1, 0x100003, 0x7ffffffd, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x15}]}, @NHA_RES_GROUP={0xc, 0xc, 0x0, 0x1, [@NHA_RES_GROUP_BUCKETS={0x6, 0x1, 0x3fd4}]}, @NHA_GROUP_TYPE={0x6, 0x3, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x4008018}, 0x4000080) 2m29.132151915s ago: executing program 6 (id=8736): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) write$tun(r0, &(0x7f0000000240)={@void, @val={0x0, 0x80, 0xfffb, 0xfffc, 0x56, 0x3}, @arp=@generic={0x208, 0x6, 0x6, 0x0, 0x1, @broadcast, "", @remote}}, 0x1e) 2m16.27616559s ago: executing program 34 (id=8727): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x3, 0x3, &(0x7f0000000480)=@framed, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket(0x10, 0x803, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYRES8=r0], 0x1c}, 0x1, 0x0, 0x0, 0x20040040}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r1, &(0x7f0000000000), 0xd) 2m13.909560258s ago: executing program 35 (id=8736): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) write$tun(r0, &(0x7f0000000240)={@void, @val={0x0, 0x80, 0xfffb, 0xfffc, 0x56, 0x3}, @arp=@generic={0x208, 0x6, 0x6, 0x0, 0x1, @broadcast, "", @remote}}, 0x1e) 1m41.050443274s ago: executing program 1 (id=8807): socket$inet6(0xa, 0x80002, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) socket$kcm(0x10, 0x2, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) syz_open_dev$dri(0x0, 0x1, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$packet(0x11, 0x2, 0x300) socket$inet_sctp(0x2, 0x1, 0x84) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x13, 0x2}) openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x1494c0, 0x189) socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$nl_netfilter(0x10, 0x3, 0xc) pipe(&(0x7f0000000140)) openat$drirender128(0xffffffffffffff9c, &(0x7f0000000100), 0x303a40, 0x0) socket$packet(0x11, 0x3, 0x300) r1 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYRES8=r1], 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r2, &(0x7f0000000000), 0xd) 1m40.55021565s ago: executing program 1 (id=8809): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x1}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000640)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000440)={0x0, 0x1000000, 0x0, 0x1, 0xa00, &(0x7f00000005c0)="c6"}) 1m39.270292083s ago: executing program 1 (id=8811): socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00') mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x5, 0x3032, 0xffffffffffffffff, 0x0) socket$packet(0x11, 0x2, 0x300) r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) sendmsg$802154_raw(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)="e9", 0x1}, 0x1, 0x0, 0x0, 0x24040001}, 0x20044806) 1m37.924529328s ago: executing program 1 (id=8812): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0e000000040000000400000003"], 0x50) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x9d) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x16, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x5}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}, {0x95, 0x0, 0x0, 0x700}}, [], {{0x5, 0x1, 0x5, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 1m37.799170992s ago: executing program 1 (id=8813): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$can_j1939(0x1d, 0x2, 0x7) sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x4048081) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = creat(&(0x7f0000000400)='./bus\x00', 0x0) r3 = open(&(0x7f0000000100)='./bus\x00', 0x0, 0x0) truncate(&(0x7f0000000040)='./bus\x00', 0x9472) lsetxattr$security_ima(&(0x7f00000002c0)='./bus\x00', &(0x7f0000000180), &(0x7f0000000240)=@ng={0x4, 0x12}, 0x2, 0x0) dup3(r3, r2, 0x0) finit_module(r3, 0x0, 0x0) 1m30.849456144s ago: executing program 1 (id=8815): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) openat$dma_heap(0xffffffffffffff9c, 0x0, 0x80180, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{}, {}, {}, {0x7, 0x0, 0xb, 0x7}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ustat(0x801, 0x0) 1m15.271771842s ago: executing program 36 (id=8815): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) openat$dma_heap(0xffffffffffffff9c, 0x0, 0x80180, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{}, {}, {}, {0x7, 0x0, 0xb, 0x7}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ustat(0x801, 0x0) 31.98599787s ago: executing program 0 (id=8837): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) r0 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) read$msr(r0, &(0x7f000001b700)=""/102392, 0x18ff8) clock_gettime(0x2, &(0x7f0000001cc0)) r1 = landlock_create_ruleset(0x0, 0x0, 0x0) landlock_restrict_self(r1, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) listen(0xffffffffffffffff, 0x4) 27.458837107s ago: executing program 0 (id=8838): bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x12, 0x3, &(0x7f0000000700)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff1}, 0x94) 25.12120862s ago: executing program 0 (id=8839): r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp6\x00') r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x5, @empty}, 0x1c) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000000)=0x8, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f00000001c0)=0x800001, 0x4) bind$inet6(r2, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r2, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/160, 0xa0}, {&(0x7f0000000080)=""/37, 0x25}, {&(0x7f0000000400)=""/207, 0xcf}], 0x3, 0x144, 0x0) 23.732867284s ago: executing program 0 (id=8840): socket$inet6_icmp(0xa, 0x2, 0x3a) r0 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x1, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) syz_open_dev$tty1(0xc, 0x4, 0x1) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000010000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x64, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r2}, 0xc) 19.987014809s ago: executing program 0 (id=8841): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) tkill(r0, 0x3b) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = socket$rds(0x15, 0x5, 0x0) bind$rds(r3, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r3, &(0x7f0000000100)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000000400)=[@mask_cswp={0x58, 0x114, 0x9, {{0xe, 0x7}, &(0x7f0000000140)=0x6, 0x0, 0x6, 0x2, 0x7ff, 0x4, 0x22, 0xfffffffffffffffa}}], 0x58, 0x8004}, 0x0) 16.050685273s ago: executing program 0 (id=8842): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x80102, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = eventfd2(0xe5c, 0x80000) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000100)={r2, 0x7, 0x2}) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000000)={0xffffffffffffffff, 0x9, 0x2, r2}) 0s ago: executing program 37 (id=8842): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x80102, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = eventfd2(0xe5c, 0x80000) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000100)={r2, 0x7, 0x2}) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000000)={0xffffffffffffffff, 0x9, 0x2, r2}) kernel console output (not intermixed with test programs): =1804 audit(1763390140.291:27): pid=21736 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.6595" name="/newroot/628/file0" dev="tmpfs" ino=3534 res=1 errno=0 [ 1313.249287][ T37] audit: type=1804 audit(1763390140.951:28): pid=21744 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.0.6600" name="/newroot/649/file0" dev="tmpfs" ino=3689 res=1 errno=0 [ 1313.978400][T21484] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1314.242977][T19059] Bluetooth: hci0: command tx timeout [ 1315.325738][ T31] hid-generic FFFF:0008:0003.0001: item fetching failed at offset 0/2 [ 1315.332960][ T31] hid-generic FFFF:0008:0003.0001: probe with driver hid-generic failed with error -22 [ 1316.964051][T19059] Bluetooth: hci0: command tx timeout [ 1318.252624][T21759] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6606'. [ 1318.330403][T21484] team0: Port device team_slave_0 added [ 1318.362752][T21484] team0: Port device team_slave_1 added [ 1319.468148][ T5814] Bluetooth: hci0: command tx timeout [ 1319.827665][T19410] bridge_slave_1: left allmulticast mode [ 1319.827699][T19410] bridge_slave_1: left promiscuous mode [ 1319.827985][T19410] bridge0: port 2(bridge_slave_1) entered disabled state [ 1319.910698][T19410] bridge_slave_0: left allmulticast mode [ 1319.910731][T19410] bridge_slave_0: left promiscuous mode [ 1319.911040][T19410] bridge0: port 1(bridge_slave_0) entered disabled state [ 1320.542017][T19410] bridge_slave_1: left allmulticast mode [ 1320.542051][T19410] bridge_slave_1: left promiscuous mode [ 1320.542302][T19410] bridge0: port 2(bridge_slave_1) entered disabled state [ 1320.826049][ T37] audit: type=1804 audit(1763390148.541:29): pid=21782 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.6613" name="/newroot/635/file0" dev="tmpfs" ino=3571 res=1 errno=0 [ 1321.511176][ T5814] Bluetooth: hci0: command tx timeout [ 1321.974779][T19410] bridge_slave_0: left allmulticast mode [ 1321.974805][T19410] bridge_slave_0: left promiscuous mode [ 1321.975000][T19410] bridge0: port 1(bridge_slave_0) entered disabled state [ 1324.067194][T21789] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6616'. [ 1324.508161][T19410] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1324.627562][T19410] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1324.710910][T19410] bond0 (unregistering): Released all slaves [ 1326.520670][ T37] audit: type=1804 audit(1763390154.271:30): pid=21801 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.0.6620" name="/newroot/660/file0" dev="tmpfs" ino=3746 res=1 errno=0 [ 1326.998550][T19410] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1327.219324][T19410] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1327.682701][T19410] bond0 (unregistering): Released all slaves [ 1328.214674][ T37] audit: type=1804 audit(1763390155.941:31): pid=21814 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.0.6624" name="/newroot/664/file0" dev="tmpfs" ino=3767 res=1 errno=0 [ 1329.156131][T21484] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1329.156163][T21484] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1329.156196][T21484] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1329.242240][T21484] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1329.242259][T21484] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1329.242289][T21484] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1331.348834][T21827] ptrace attach of "./syz-executor exec"[13762] was attempted by "./syz-executor exec"[21827] [ 1333.610331][T21842] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6632'. [ 1333.846612][T19410] hsr_slave_0: left promiscuous mode [ 1333.887032][T19410] hsr_slave_1: left promiscuous mode [ 1333.889692][T19410] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1333.910527][T19410] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1334.066668][T19410] hsr_slave_0: left promiscuous mode [ 1334.086503][T19410] hsr_slave_1: left promiscuous mode [ 1334.088337][T19410] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1334.137333][T19410] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1336.748629][T19410] team0 (unregistering): Port device team_slave_1 removed [ 1336.920636][T19410] team0 (unregistering): Port device team_slave_0 removed [ 1339.739770][T19410] team0 (unregistering): Port device team_slave_1 removed [ 1340.212066][ T37] audit: type=1804 audit(1763390167.881:32): pid=21864 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.0.6637" name="/newroot/673/file0" dev="tmpfs" ino=3813 res=1 errno=0 [ 1341.052087][T19410] team0 (unregistering): Port device team_slave_0 removed [ 1341.679212][T21869] misc userio: No port type given on /dev/userio [ 1342.045820][T21871] netlink: 'syz.0.6639': attribute type 3 has an invalid length. [ 1343.732595][T19059] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1343.754254][T19059] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1343.763800][T19059] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1343.824641][ T5821] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1343.837635][T20840] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1343.840385][T20840] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1343.890242][ T5814] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1343.933480][ T5814] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1343.938922][ T5814] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1343.940369][ T5814] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1346.981952][ T37] audit: type=1804 audit(1763390174.211:33): pid=21895 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.6645" name="/newroot/644/file0" dev="tmpfs" ino=3618 res=1 errno=0 [ 1347.036543][ T5814] Bluetooth: hci5: command tx timeout [ 1347.037080][ T5814] Bluetooth: hci6: command tx timeout [ 1348.781070][T21733] chnl_net:caif_netlink_parms(): no params data found [ 1349.162453][T19059] Bluetooth: hci6: command tx timeout [ 1349.162491][T19059] Bluetooth: hci5: command tx timeout [ 1350.105817][ C0] vkms_vblank_simulate: vblank timer overrun [ 1350.498328][ C0] vkms_vblank_simulate: vblank timer overrun [ 1351.379933][ C0] vkms_vblank_simulate: vblank timer overrun [ 1351.416538][ T5814] Bluetooth: hci5: command tx timeout [ 1351.416576][ T5814] Bluetooth: hci6: command tx timeout [ 1351.879928][T21733] bridge0: port 1(bridge_slave_0) entered blocking state [ 1351.881557][T21733] bridge0: port 1(bridge_slave_0) entered disabled state [ 1351.881846][T21733] bridge_slave_0: entered allmulticast mode [ 1351.909689][T21733] bridge_slave_0: entered promiscuous mode [ 1351.977810][T21733] bridge0: port 2(bridge_slave_1) entered blocking state [ 1351.977955][T21733] bridge0: port 2(bridge_slave_1) entered disabled state [ 1351.978230][T21733] bridge_slave_1: entered allmulticast mode [ 1351.981570][T21733] bridge_slave_1: entered promiscuous mode [ 1352.531617][T21733] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1352.625501][T21733] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1353.959176][T19059] Bluetooth: hci6: command tx timeout [ 1353.959213][T19059] Bluetooth: hci5: command tx timeout [ 1355.070962][T21733] team0: Port device team_slave_0 added [ 1355.072030][T21797] chnl_net:caif_netlink_parms(): no params data found [ 1355.097653][T21853] chnl_net:caif_netlink_parms(): no params data found [ 1355.117577][T21733] team0: Port device team_slave_1 added [ 1357.348941][T21733] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1357.348960][T21733] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1357.348992][T21733] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1357.571620][T21733] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1357.571642][T21733] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1357.571675][T21733] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1357.882283][T19410] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1359.452204][T19410] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1359.550025][T22004] ptrace attach of "./syz-executor exec"[12925] was attempted by "./syz-executor exec"[22004] [ 1359.852748][T21797] bridge0: port 1(bridge_slave_0) entered blocking state [ 1359.874399][T21797] bridge0: port 1(bridge_slave_0) entered disabled state [ 1359.902116][T21797] bridge_slave_0: entered allmulticast mode [ 1359.974888][T21797] bridge_slave_0: entered promiscuous mode [ 1360.070353][T21853] bridge0: port 1(bridge_slave_0) entered blocking state [ 1360.070501][T21853] bridge0: port 1(bridge_slave_0) entered disabled state [ 1360.070792][T21853] bridge_slave_0: entered allmulticast mode [ 1360.075045][T21853] bridge_slave_0: entered promiscuous mode [ 1360.578135][T21797] bridge0: port 2(bridge_slave_1) entered blocking state [ 1360.578291][T21797] bridge0: port 2(bridge_slave_1) entered disabled state [ 1360.578537][T21797] bridge_slave_1: entered allmulticast mode [ 1360.580579][T21797] bridge_slave_1: entered promiscuous mode [ 1360.582098][T21853] bridge0: port 2(bridge_slave_1) entered blocking state [ 1360.582216][T21853] bridge0: port 2(bridge_slave_1) entered disabled state [ 1360.582379][T21853] bridge_slave_1: entered allmulticast mode [ 1360.584309][T21853] bridge_slave_1: entered promiscuous mode [ 1360.599299][T21733] hsr_slave_0: entered promiscuous mode [ 1360.600945][T21733] hsr_slave_1: entered promiscuous mode [ 1360.602092][T21733] debugfs: 'hsr0' already exists in 'hsr' [ 1360.602122][T21733] Cannot create hsr debugfs directory [ 1362.006295][T19410] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1362.249994][T21797] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1362.259725][T21853] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1362.400168][T19410] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1362.632820][T21797] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1362.648912][T21853] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1363.113911][T21797] team0: Port device team_slave_0 added [ 1363.120127][T21853] team0: Port device team_slave_0 added [ 1363.241573][T21797] team0: Port device team_slave_1 added [ 1363.244000][T21853] team0: Port device team_slave_1 added [ 1365.707427][T21797] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1365.707446][T21797] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1365.707470][T21797] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1365.714052][T21853] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1365.714072][T21853] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1365.714104][T21853] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1366.037888][T21797] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1366.037908][T21797] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1366.037940][T21797] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1366.047614][T21853] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1366.047632][T21853] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1366.047665][T21853] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1367.463604][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 1367.463683][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 1368.457484][T19825] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 1369.079508][T19825] usb 5-1: Using ep0 maxpacket: 8 [ 1369.142070][T19410] bridge_slave_1: left allmulticast mode [ 1369.142304][T19410] bridge_slave_1: left promiscuous mode [ 1369.175591][T19410] bridge0: port 2(bridge_slave_1) entered disabled state [ 1369.208481][T19825] usb 5-1: config 0 has an invalid interface number: 55 but max is 0 [ 1369.208503][T19825] usb 5-1: config 0 has no interface number 0 [ 1369.208537][T19825] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1369.208556][T19825] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 1369.208574][T19825] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1369.208594][T19825] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 1369.208626][T19825] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 1369.208643][T19825] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1369.219435][T19825] usb 5-1: config 0 descriptor?? [ 1369.242848][T19825] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 1369.360383][T19410] bridge_slave_0: left allmulticast mode [ 1369.360415][T19410] bridge_slave_0: left promiscuous mode [ 1369.360695][T19410] bridge0: port 1(bridge_slave_0) entered disabled state [ 1369.382547][T22063] netlink: 88 bytes leftover after parsing attributes in process `syz.0.6684'. [ 1369.442501][T19410] bridge_slave_1: left allmulticast mode [ 1369.442534][T19410] bridge_slave_1: left promiscuous mode [ 1369.443239][T19410] bridge0: port 2(bridge_slave_1) entered disabled state [ 1369.486781][T19825] usb 5-1: USB disconnect, device number 9 [ 1369.507675][T19825] ldusb 5-1:0.55: LD USB Device #0 now disconnected [ 1369.541767][T19410] bridge_slave_0: left allmulticast mode [ 1369.541801][T19410] bridge_slave_0: left promiscuous mode [ 1369.542052][T19410] bridge0: port 1(bridge_slave_0) entered disabled state [ 1370.063263][T19059] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1370.088551][T19059] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1370.089994][T19059] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1370.093402][T19059] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1370.094363][T19059] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1370.527461][T19410] bridge_slave_1: left allmulticast mode [ 1370.527496][T19410] bridge_slave_1: left promiscuous mode [ 1370.527774][T19410] bridge0: port 2(bridge_slave_1) entered disabled state [ 1370.617610][T19410] bridge_slave_0: left allmulticast mode [ 1370.617636][T19410] bridge_slave_0: left promiscuous mode [ 1370.617834][T19410] bridge0: port 1(bridge_slave_0) entered disabled state [ 1371.847533][T19410] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1371.947431][T19410] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1372.052302][T19410] bond0 (unregistering): Released all slaves [ 1372.146614][ T5814] Bluetooth: hci2: command tx timeout [ 1374.231429][ T5814] Bluetooth: hci2: command tx timeout [ 1376.288866][T19410] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1376.306506][ T5814] Bluetooth: hci2: command tx timeout [ 1376.357377][T19410] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1376.447365][T19410] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 1376.497791][T19410] bond0 (unregistering): Released all slaves [ 1377.417365][T19410] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1377.813423][T22213] netlink: 'syz.0.6750': attribute type 3 has an invalid length. [ 1378.647467][ T5814] Bluetooth: hci2: command tx timeout [ 1378.669316][T19410] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1378.751702][T19410] bond0 (unregistering): Released all slaves [ 1378.803579][T21797] hsr_slave_0: entered promiscuous mode [ 1378.804644][T21797] hsr_slave_1: entered promiscuous mode [ 1378.805372][T21797] debugfs: 'hsr0' already exists in 'hsr' [ 1378.805393][T21797] Cannot create hsr debugfs directory [ 1378.876041][T21853] hsr_slave_0: entered promiscuous mode [ 1378.883708][T21853] hsr_slave_1: entered promiscuous mode [ 1378.884771][T21853] debugfs: 'hsr0' already exists in 'hsr' [ 1378.884797][T21853] Cannot create hsr debugfs directory [ 1380.500772][T19410] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1380.527429][T19410] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1380.666729][T19410] hsr_slave_0: left promiscuous mode [ 1380.686878][T19410] hsr_slave_1: left promiscuous mode [ 1380.688956][T19410] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1380.688978][T19410] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1380.747521][T19410] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1380.747553][T19410] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1380.836665][T19410] hsr_slave_0: left promiscuous mode [ 1380.886731][T19410] hsr_slave_1: left promiscuous mode [ 1380.887629][T19410] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1380.909999][T19410] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1381.013651][T19410] veth1_macvtap: left promiscuous mode [ 1381.013731][T19410] veth0_macvtap: left promiscuous mode [ 1381.013913][T19410] veth1_vlan: left promiscuous mode [ 1381.014046][T19410] veth0_vlan: left promiscuous mode [ 1381.508615][T19410] team0 (unregistering): Port device team_slave_1 removed [ 1381.647387][T19410] team0 (unregistering): Port device team_slave_0 removed [ 1384.337352][T19410] team0 (unregistering): Port device team_slave_1 removed [ 1384.658650][T19410] team0 (unregistering): Port device team_slave_0 removed [ 1385.359367][ C1] vkms_vblank_simulate: vblank timer overrun [ 1385.410491][T19059] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1385.415481][T19059] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1385.448233][ C1] vkms_vblank_simulate: vblank timer overrun [ 1385.466783][T19059] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1385.471062][T19059] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1385.471901][T19059] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1386.091197][ C1] vkms_vblank_simulate: vblank timer overrun [ 1386.313144][ C1] vkms_vblank_simulate: vblank timer overrun [ 1386.491398][ C1] vkms_vblank_simulate: vblank timer overrun [ 1386.682200][ C1] vkms_vblank_simulate: vblank timer overrun [ 1386.827143][ C1] vkms_vblank_simulate: vblank timer overrun [ 1386.897265][ C1] vkms_vblank_simulate: vblank timer overrun [ 1387.374023][ C1] vkms_vblank_simulate: vblank timer overrun [ 1387.508803][ T5814] Bluetooth: hci0: command tx timeout [ 1387.614116][ C1] vkms_vblank_simulate: vblank timer overrun [ 1387.924527][ C1] vkms_vblank_simulate: vblank timer overrun [ 1388.147832][ C1] vkms_vblank_simulate: vblank timer overrun [ 1388.296738][ C1] vkms_vblank_simulate: vblank timer overrun [ 1388.524822][ C1] vkms_vblank_simulate: vblank timer overrun [ 1388.589995][T19410] team0 (unregistering): Port device team_slave_1 removed [ 1388.757454][T19410] team0 (unregistering): Port device team_slave_0 removed [ 1388.863351][ C1] vkms_vblank_simulate: vblank timer overrun [ 1388.931298][ C1] vkms_vblank_simulate: vblank timer overrun [ 1389.193846][ C1] vkms_vblank_simulate: vblank timer overrun [ 1389.586697][ T5814] Bluetooth: hci0: command tx timeout [ 1389.776637][ C1] vkms_vblank_simulate: vblank timer overrun [ 1390.597299][T22070] chnl_net:caif_netlink_parms(): no params data found [ 1391.667020][ T5814] Bluetooth: hci0: command tx timeout [ 1392.828530][T22070] bridge0: port 1(bridge_slave_0) entered blocking state [ 1392.828791][T22070] bridge0: port 1(bridge_slave_0) entered disabled state [ 1392.829042][T22070] bridge_slave_0: entered allmulticast mode [ 1392.836179][T22070] bridge_slave_0: entered promiscuous mode [ 1392.913865][T21853] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1392.994708][T22070] bridge0: port 2(bridge_slave_1) entered blocking state [ 1392.994813][T22070] bridge0: port 2(bridge_slave_1) entered disabled state [ 1392.994994][T22070] bridge_slave_1: entered allmulticast mode [ 1392.999275][T22070] bridge_slave_1: entered promiscuous mode [ 1393.042722][T21853] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1393.179455][T21853] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1393.329030][T21853] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1393.383978][T22070] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1393.401990][T22070] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1393.402395][T22268] chnl_net:caif_netlink_parms(): no params data found [ 1393.661448][T22070] team0: Port device team_slave_0 added [ 1393.746846][T19059] Bluetooth: hci0: command tx timeout [ 1393.751714][T22070] team0: Port device team_slave_1 added [ 1394.000211][T22070] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1394.000231][T22070] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1394.000262][T22070] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1394.092456][T22070] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1394.092470][T22070] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1394.092492][T22070] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1394.225882][T22268] bridge0: port 1(bridge_slave_0) entered blocking state [ 1394.226113][T22268] bridge0: port 1(bridge_slave_0) entered disabled state [ 1394.241375][T22268] bridge_slave_0: entered allmulticast mode [ 1394.244489][T22268] bridge_slave_0: entered promiscuous mode [ 1394.270028][T22268] bridge0: port 2(bridge_slave_1) entered blocking state [ 1394.270237][T22268] bridge0: port 2(bridge_slave_1) entered disabled state [ 1394.270508][T22268] bridge_slave_1: entered allmulticast mode [ 1394.273568][T22268] bridge_slave_1: entered promiscuous mode [ 1395.483563][T22268] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1395.531885][T22070] hsr_slave_0: entered promiscuous mode [ 1395.533383][T22070] hsr_slave_1: entered promiscuous mode [ 1395.534415][T22070] debugfs: 'hsr0' already exists in 'hsr' [ 1395.534441][T22070] Cannot create hsr debugfs directory [ 1395.552860][T22268] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1395.705498][ T37] audit: type=1326 audit(1763390223.451:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22536 comm="syz.0.6879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26fa72f6c9 code=0x7ffc0000 [ 1395.705851][ T37] audit: type=1326 audit(1763390223.451:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22536 comm="syz.0.6879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26fa72f6c9 code=0x7ffc0000 [ 1395.706809][ T37] audit: type=1326 audit(1763390223.451:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22536 comm="syz.0.6879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f26fa72f6c9 code=0x7ffc0000 [ 1395.706873][ T37] audit: type=1326 audit(1763390223.451:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22536 comm="syz.0.6879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26fa72f6c9 code=0x7ffc0000 [ 1395.842099][ T37] audit: type=1326 audit(1763390223.541:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22536 comm="syz.0.6879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26fa72f6c9 code=0x7ffc0000 [ 1395.842159][ T37] audit: type=1326 audit(1763390223.581:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22536 comm="syz.0.6879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f26fa72f6c9 code=0x7ffc0000 [ 1395.842209][ T37] audit: type=1326 audit(1763390223.581:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22536 comm="syz.0.6879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26fa72f6c9 code=0x7ffc0000 [ 1395.842258][ T37] audit: type=1326 audit(1763390223.591:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22536 comm="syz.0.6879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=190 compat=0 ip=0x7f26fa72f6c9 code=0x7ffc0000 [ 1395.842307][ T37] audit: type=1326 audit(1763390223.591:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22536 comm="syz.0.6879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26fa72f6c9 code=0x7ffc0000 [ 1395.842360][ T37] audit: type=1326 audit(1763390223.591:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22536 comm="syz.0.6879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f26fa72f6c9 code=0x7ffc0000 [ 1396.573822][T22268] team0: Port device team_slave_0 added [ 1396.851224][T22268] team0: Port device team_slave_1 added [ 1397.352202][ T5814] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1397.367106][ T5814] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1397.379360][ T5814] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1397.388980][ T5814] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1397.389807][ T5814] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1398.983489][T22268] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1398.983504][T22268] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1398.983526][T22268] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1399.069907][T22268] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1399.069926][T22268] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1399.069957][T22268] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1399.509598][ T5814] Bluetooth: hci3: command tx timeout [ 1400.626843][ T31] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 1400.704200][T22268] hsr_slave_0: entered promiscuous mode [ 1400.705801][T22268] hsr_slave_1: entered promiscuous mode [ 1400.718500][T22268] debugfs: 'hsr0' already exists in 'hsr' [ 1400.718532][T22268] Cannot create hsr debugfs directory [ 1400.776505][ T31] usb 1-1: Using ep0 maxpacket: 8 [ 1400.779001][ T31] usb 1-1: config 0 has no interfaces? [ 1400.799292][ T31] usb 1-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f [ 1400.799320][ T31] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1400.799338][ T31] usb 1-1: Product: syz [ 1400.799352][ T31] usb 1-1: Manufacturer: syz [ 1400.799365][ T31] usb 1-1: SerialNumber: syz [ 1400.848795][ T31] usb 1-1: config 0 descriptor?? [ 1401.088564][ T10] usb 1-1: USB disconnect, device number 10 [ 1401.586490][ T5814] Bluetooth: hci3: command tx timeout [ 1403.498968][T19410] bridge_slave_1: left allmulticast mode [ 1403.498996][T19410] bridge_slave_1: left promiscuous mode [ 1403.499231][T19410] bridge0: port 2(bridge_slave_1) entered disabled state [ 1403.602850][T19410] bridge_slave_0: left allmulticast mode [ 1403.602883][T19410] bridge_slave_0: left promiscuous mode [ 1403.603170][T19410] bridge0: port 1(bridge_slave_0) entered disabled state [ 1403.666807][ T5814] Bluetooth: hci3: command tx timeout [ 1403.684488][T19410] bridge_slave_1: left allmulticast mode [ 1403.684520][T19410] bridge_slave_1: left promiscuous mode [ 1403.684770][T19410] bridge0: port 2(bridge_slave_1) entered disabled state [ 1403.760178][T19410] bridge_slave_0: left allmulticast mode [ 1403.760210][T19410] bridge_slave_0: left promiscuous mode [ 1403.760473][T19410] bridge0: port 1(bridge_slave_0) entered disabled state [ 1404.894671][ T10] IPVS: starting estimator thread 0... [ 1404.977061][T22756] IPVS: using max 8 ests per chain, 19200 per kthread [ 1405.097865][T19410] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1405.307492][T19410] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1405.389058][T19410] bond0 (unregistering): Released all slaves [ 1405.746623][ T5814] Bluetooth: hci3: command tx timeout [ 1406.058058][T19410] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1406.190265][T19410] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1406.298130][T19410] bond0 (unregistering): Released all slaves [ 1407.499795][T12406] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 1407.505760][T22562] chnl_net:caif_netlink_parms(): no params data found [ 1407.646558][T12406] usb 1-1: Using ep0 maxpacket: 8 [ 1407.649236][T12406] usb 1-1: config 0 has no interfaces? [ 1407.651609][T12406] usb 1-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f [ 1407.651639][T12406] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1407.651654][T12406] usb 1-1: Product: syz [ 1407.651665][T12406] usb 1-1: Manufacturer: syz [ 1407.651676][T12406] usb 1-1: SerialNumber: syz [ 1407.656268][T12406] usb 1-1: config 0 descriptor?? [ 1407.766570][T19410] hsr_slave_0: left promiscuous mode [ 1407.806589][T19410] hsr_slave_1: left promiscuous mode [ 1407.807694][T19410] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1407.847368][T19410] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1407.917524][T12406] usb 1-1: USB disconnect, device number 11 [ 1408.046601][T19410] hsr_slave_0: left promiscuous mode [ 1408.086527][T19410] hsr_slave_1: left promiscuous mode [ 1408.087671][T19410] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1408.137806][T19410] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1410.257455][T19410] team0 (unregistering): Port device team_slave_1 removed [ 1411.558196][T19410] team0 (unregistering): Port device team_slave_0 removed [ 1411.956433][T12406] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 1412.106629][T12406] usb 1-1: Using ep0 maxpacket: 8 [ 1412.108772][T12406] usb 1-1: config 0 has no interfaces? [ 1412.111558][T12406] usb 1-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f [ 1412.111587][T12406] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1412.111602][T12406] usb 1-1: Product: syz [ 1412.111613][T12406] usb 1-1: Manufacturer: syz [ 1412.111624][T12406] usb 1-1: SerialNumber: syz [ 1412.136714][T12406] usb 1-1: config 0 descriptor?? [ 1412.364709][T12406] usb 1-1: USB disconnect, device number 12 [ 1412.998243][T22934] fuse: Bad value for 'fd' [ 1414.398811][T19410] team0 (unregistering): Port device team_slave_1 removed [ 1414.638336][T19410] team0 (unregistering): Port device team_slave_0 removed [ 1415.804255][T22070] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1416.091555][T22070] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1416.153442][T22070] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1416.251880][T22070] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1417.162143][T22562] bridge0: port 1(bridge_slave_0) entered blocking state [ 1417.162308][T22562] bridge0: port 1(bridge_slave_0) entered disabled state [ 1417.162537][T22562] bridge_slave_0: entered allmulticast mode [ 1417.164630][T22562] bridge_slave_0: entered promiscuous mode [ 1417.203074][T22562] bridge0: port 2(bridge_slave_1) entered blocking state [ 1417.203217][T22562] bridge0: port 2(bridge_slave_1) entered disabled state [ 1417.203505][T22562] bridge_slave_1: entered allmulticast mode [ 1417.208817][T22562] bridge_slave_1: entered promiscuous mode [ 1417.819537][T22562] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1417.873135][T22562] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1418.371919][T22562] team0: Port device team_slave_0 added [ 1418.425252][T22562] team0: Port device team_slave_1 added [ 1419.570802][T22562] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1419.570821][T22562] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1419.570852][T22562] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1419.640096][T22562] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1419.640117][T22562] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1419.640149][T22562] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1420.083261][T22562] hsr_slave_0: entered promiscuous mode [ 1420.138318][T22562] hsr_slave_1: entered promiscuous mode [ 1420.139406][T22562] debugfs: 'hsr0' already exists in 'hsr' [ 1420.139433][T22562] Cannot create hsr debugfs directory [ 1420.141519][T22268] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 1420.344431][T22268] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 1420.422048][T22268] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 1420.859228][T22268] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 1422.615117][T22070] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1423.027730][T22070] 8021q: adding VLAN 0 to HW filter on device team0 [ 1423.114950][T16795] bridge0: port 1(bridge_slave_0) entered blocking state [ 1423.115102][T16795] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1423.164908][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 1423.165146][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1423.585353][T19410] bridge_slave_1: left allmulticast mode [ 1423.585384][T19410] bridge_slave_1: left promiscuous mode [ 1423.585712][T19410] bridge0: port 2(bridge_slave_1) entered disabled state [ 1423.683592][T19410] bridge_slave_0: left allmulticast mode [ 1423.683632][T19410] bridge_slave_0: left promiscuous mode [ 1423.683910][T19410] bridge0: port 1(bridge_slave_0) entered disabled state [ 1424.038910][ C1] vkms_vblank_simulate: vblank timer overrun [ 1424.251653][ C1] vkms_vblank_simulate: vblank timer overrun [ 1424.400317][T19410] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1424.518108][T19410] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1424.600566][T19410] bond0 (unregistering): Released all slaves [ 1424.760698][ C1] vkms_vblank_simulate: vblank timer overrun [ 1424.834326][ C1] vkms_vblank_simulate: vblank timer overrun [ 1424.917235][ C1] vkms_vblank_simulate: vblank timer overrun [ 1425.036774][ C1] vkms_vblank_simulate: vblank timer overrun [ 1425.136781][T19410] hsr_slave_0: left promiscuous mode [ 1425.237913][T19410] hsr_slave_1: left promiscuous mode [ 1425.240367][T19410] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1425.284221][T19410] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1426.252547][ C1] vkms_vblank_simulate: vblank timer overrun [ 1426.551363][ C1] vkms_vblank_simulate: vblank timer overrun [ 1427.041301][T19410] team0 (unregistering): Port device team_slave_1 removed [ 1427.227179][T19410] team0 (unregistering): Port device team_slave_0 removed [ 1427.272826][ C1] vkms_vblank_simulate: vblank timer overrun [ 1427.329785][ C1] vkms_vblank_simulate: vblank timer overrun [ 1427.526571][ C1] vkms_vblank_simulate: vblank timer overrun [ 1427.597414][ C1] vkms_vblank_simulate: vblank timer overrun [ 1427.885087][ C1] vkms_vblank_simulate: vblank timer overrun [ 1427.992566][ C1] vkms_vblank_simulate: vblank timer overrun [ 1428.550310][ C1] vkms_vblank_simulate: vblank timer overrun [ 1428.554431][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 1428.554508][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 1428.833432][ C1] vkms_vblank_simulate: vblank timer overrun [ 1428.901076][ C1] vkms_vblank_simulate: vblank timer overrun [ 1428.964279][T22268] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1429.353817][T22268] 8021q: adding VLAN 0 to HW filter on device team0 [ 1429.435858][ T3579] bridge0: port 1(bridge_slave_0) entered blocking state [ 1429.436102][ T3579] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1429.489526][T16757] bridge0: port 2(bridge_slave_1) entered blocking state [ 1429.489672][T16757] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1432.705487][T19059] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1432.721439][T19059] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1432.722945][T19059] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1432.726140][T19059] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1432.729503][T19059] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1433.111835][T22562] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1433.181216][T22562] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1433.234946][T22562] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1433.838830][T22562] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1433.960068][T22268] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1434.326503][ C1] vkms_vblank_simulate: vblank timer overrun [ 1434.787175][ T5814] Bluetooth: hci2: command tx timeout [ 1435.563252][ C1] vkms_vblank_simulate: vblank timer overrun [ 1435.851820][ C1] vkms_vblank_simulate: vblank timer overrun [ 1436.144480][T22268] veth0_vlan: entered promiscuous mode [ 1436.866970][ T5814] Bluetooth: hci2: command tx timeout [ 1436.901829][T23415] chnl_net:caif_netlink_parms(): no params data found [ 1436.972284][T22268] veth1_vlan: entered promiscuous mode [ 1438.117756][ C1] vkms_vblank_simulate: vblank timer overrun [ 1438.386088][T23415] bridge0: port 1(bridge_slave_0) entered blocking state [ 1438.394638][T23415] bridge0: port 1(bridge_slave_0) entered disabled state [ 1438.395756][T23415] bridge_slave_0: entered allmulticast mode [ 1438.414999][T23415] bridge_slave_0: entered promiscuous mode [ 1438.435511][T22562] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1438.444010][T19410] bridge_slave_1: left allmulticast mode [ 1438.444041][T19410] bridge_slave_1: left promiscuous mode [ 1438.444368][T19410] bridge0: port 2(bridge_slave_1) entered disabled state [ 1438.508627][T19410] bridge_slave_0: left allmulticast mode [ 1438.508661][T19410] bridge_slave_0: left promiscuous mode [ 1438.508911][T19410] bridge0: port 1(bridge_slave_0) entered disabled state [ 1438.626999][T12406] usb 1-1: new full-speed USB device number 13 using dummy_hcd [ 1438.778890][T12406] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 1438.778926][T12406] usb 1-1: config 0 interface 0 has no altsetting 0 [ 1438.786147][T12406] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 1438.786182][T12406] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 1438.786205][T12406] usb 1-1: Product: syz [ 1438.786220][T12406] usb 1-1: Manufacturer: syz [ 1438.786236][T12406] usb 1-1: SerialNumber: syz [ 1438.870745][T12406] usb 1-1: config 0 descriptor?? [ 1438.889267][T12406] usb 1-1: selecting invalid altsetting 0 [ 1438.947066][ T5814] Bluetooth: hci2: command tx timeout [ 1441.027124][ T5814] Bluetooth: hci2: command tx timeout [ 1441.546151][ T10] usb 1-1: USB disconnect, device number 13 [ 1444.527585][T19410] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1444.637238][T19410] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1444.806876][T19410] bond0 (unregistering): Released all slaves [ 1444.843784][T23415] bridge0: port 2(bridge_slave_1) entered blocking state [ 1444.843955][T23415] bridge0: port 2(bridge_slave_1) entered disabled state [ 1444.844242][T23415] bridge_slave_1: entered allmulticast mode [ 1444.868253][T23415] bridge_slave_1: entered promiscuous mode [ 1445.334639][T23415] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1445.588038][T19410] hsr_slave_0: left promiscuous mode [ 1445.655326][T19410] hsr_slave_1: left promiscuous mode [ 1445.657816][T19410] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1445.697424][T19410] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1445.812026][T19059] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1445.832478][T19059] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1445.833900][T19059] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1445.835693][T19059] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1445.857843][T19059] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1447.737190][T19410] team0 (unregistering): Port device team_slave_1 removed [ 1448.126909][T19059] Bluetooth: hci0: command tx timeout [ 1448.392482][T19410] team0 (unregistering): Port device team_slave_0 removed [ 1450.174673][T19059] Bluetooth: hci0: command tx timeout [ 1452.240334][T19059] Bluetooth: hci0: command tx timeout [ 1454.398231][T19059] Bluetooth: hci0: command tx timeout [ 1455.642207][T23415] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1456.108648][ T5889] hid-generic FFFF:0008:0003.0002: item fetching failed at offset 0/2 [ 1456.109432][ T5889] hid-generic FFFF:0008:0003.0002: probe with driver hid-generic failed with error -22 [ 1456.581780][T23415] team0: Port device team_slave_0 added [ 1456.609158][T23415] team0: Port device team_slave_1 added [ 1456.948421][T23415] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1456.948441][T23415] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1456.948472][T23415] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1457.052715][T23415] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1457.052734][T23415] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1457.052767][T23415] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1457.803398][ T5814] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1457.828752][ T5814] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1457.845661][ T5814] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1457.849672][ T5814] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1457.856868][ T5814] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1458.391832][ C0] vkms_vblank_simulate: vblank timer overrun [ 1458.395383][T23415] hsr_slave_0: entered promiscuous mode [ 1458.407288][T23415] hsr_slave_1: entered promiscuous mode [ 1458.408485][T23415] debugfs: 'hsr0' already exists in 'hsr' [ 1458.408517][T23415] Cannot create hsr debugfs directory [ 1458.551699][ C0] vkms_vblank_simulate: vblank timer overrun [ 1459.105913][ C0] vkms_vblank_simulate: vblank timer overrun [ 1459.569943][ C0] vkms_vblank_simulate: vblank timer overrun [ 1459.786681][ C0] vkms_vblank_simulate: vblank timer overrun [ 1459.995991][T19059] Bluetooth: hci3: command tx timeout [ 1461.656087][ C0] vkms_vblank_simulate: vblank timer overrun [ 1461.736004][ C0] vkms_vblank_simulate: vblank timer overrun [ 1462.066869][T19059] Bluetooth: hci3: command tx timeout [ 1462.827171][T23691] chnl_net:caif_netlink_parms(): no params data found [ 1464.157082][T19059] Bluetooth: hci3: command tx timeout [ 1464.256757][T23691] bridge0: port 1(bridge_slave_0) entered blocking state [ 1464.257396][T23691] bridge0: port 1(bridge_slave_0) entered disabled state [ 1464.257697][T23691] bridge_slave_0: entered allmulticast mode [ 1464.338924][T23691] bridge_slave_0: entered promiscuous mode [ 1464.495358][T23691] bridge0: port 2(bridge_slave_1) entered blocking state [ 1464.495516][T23691] bridge0: port 2(bridge_slave_1) entered disabled state [ 1464.495797][T23691] bridge_slave_1: entered allmulticast mode [ 1464.506536][T23691] bridge_slave_1: entered promiscuous mode [ 1464.744032][T23915] chnl_net:caif_netlink_parms(): no params data found [ 1465.022850][T23691] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1465.235600][T23691] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1465.973744][T23691] team0: Port device team_slave_0 added [ 1466.049543][T23691] team0: Port device team_slave_1 added [ 1466.229107][T19059] Bluetooth: hci3: command tx timeout [ 1467.343520][T23915] bridge0: port 1(bridge_slave_0) entered blocking state [ 1467.343825][T23915] bridge0: port 1(bridge_slave_0) entered disabled state [ 1467.344099][T23915] bridge_slave_0: entered allmulticast mode [ 1467.381721][T23915] bridge_slave_0: entered promiscuous mode [ 1467.409877][T23691] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1467.409938][T23691] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1467.410010][T23691] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1467.463017][T23915] bridge0: port 2(bridge_slave_1) entered blocking state [ 1467.463162][T23915] bridge0: port 2(bridge_slave_1) entered disabled state [ 1467.463450][T23915] bridge_slave_1: entered allmulticast mode [ 1467.498923][T23915] bridge_slave_1: entered promiscuous mode [ 1467.734068][T23691] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1467.734084][T23691] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1467.734106][T23691] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1468.392303][T23915] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1468.393324][T23415] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1468.467271][T23915] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1468.469248][T23415] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1468.800774][T23415] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1469.079252][T23415] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1469.141166][T23691] hsr_slave_0: entered promiscuous mode [ 1469.142680][T23691] hsr_slave_1: entered promiscuous mode [ 1469.143739][T23691] debugfs: 'hsr0' already exists in 'hsr' [ 1469.143765][T23691] Cannot create hsr debugfs directory [ 1469.212433][T23915] team0: Port device team_slave_0 added [ 1469.230803][T23915] team0: Port device team_slave_1 added [ 1469.724960][T23915] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1469.724980][T23915] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1469.725012][T23915] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1469.929451][T23915] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1469.929470][T23915] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1469.929500][T23915] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1470.639959][T23915] hsr_slave_0: entered promiscuous mode [ 1470.641480][T23915] hsr_slave_1: entered promiscuous mode [ 1470.642525][T23915] debugfs: 'hsr0' already exists in 'hsr' [ 1470.642553][T23915] Cannot create hsr debugfs directory [ 1471.120223][T19410] bridge_slave_1: left allmulticast mode [ 1471.120255][T19410] bridge_slave_1: left promiscuous mode [ 1471.120538][T19410] bridge0: port 2(bridge_slave_1) entered disabled state [ 1471.319326][T19410] bridge_slave_0: left allmulticast mode [ 1471.319360][T19410] bridge_slave_0: left promiscuous mode [ 1471.319653][T19410] bridge0: port 1(bridge_slave_0) entered disabled state [ 1471.399063][T19360] hid-generic FFFF:0008:0003.0003: item fetching failed at offset 0/2 [ 1471.399849][T19360] hid-generic FFFF:0008:0003.0003: probe with driver hid-generic failed with error -22 [ 1471.442710][T19410] bridge_slave_1: left allmulticast mode [ 1471.442742][T19410] bridge_slave_1: left promiscuous mode [ 1471.443006][T19410] bridge0: port 2(bridge_slave_1) entered disabled state [ 1471.557341][T19410] bridge_slave_0: left allmulticast mode [ 1471.557373][T19410] bridge_slave_0: left promiscuous mode [ 1471.557634][T19410] bridge0: port 1(bridge_slave_0) entered disabled state [ 1474.677549][T19410] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1474.798110][T19410] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1474.920119][T19410] bond0 (unregistering): Released all slaves [ 1476.787384][T19410] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1476.878672][T19410] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1476.931815][T19410] bond0 (unregistering): Released all slaves [ 1479.444035][T19410] hsr_slave_0: left promiscuous mode [ 1479.481693][T19410] hsr_slave_1: left promiscuous mode [ 1479.482838][T19410] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1479.527348][T19410] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1479.726534][T19410] hsr_slave_0: left promiscuous mode [ 1479.776723][T19410] hsr_slave_1: left promiscuous mode [ 1479.777790][T19410] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1479.828180][T19410] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1479.975331][T19410] veth1_vlan: left promiscuous mode [ 1479.975532][T19410] veth0_vlan: left promiscuous mode [ 1481.484673][T24489] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7712'. [ 1482.087462][T19410] team0 (unregistering): Port device team_slave_1 removed [ 1482.258582][T19410] team0 (unregistering): Port device team_slave_0 removed [ 1485.137344][T19410] team0 (unregistering): Port device team_slave_1 removed [ 1485.457336][T19410] team0 (unregistering): Port device team_slave_0 removed [ 1489.299467][T23415] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1489.431379][T23415] 8021q: adding VLAN 0 to HW filter on device team0 [ 1489.449280][T16758] bridge0: port 1(bridge_slave_0) entered blocking state [ 1489.449508][T16758] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1489.476184][ T3579] bridge0: port 2(bridge_slave_1) entered blocking state [ 1489.490255][ T3579] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1490.036502][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 1490.036581][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 1491.465234][ T5814] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1491.480198][ T5814] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1491.482255][ T5814] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1491.515573][ T5814] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1491.519731][ T5814] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1493.153308][T23691] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 1493.354430][T23691] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 1493.463688][T23691] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 1493.586506][T19059] Bluetooth: hci2: command tx timeout [ 1493.628211][T23691] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 1493.794073][T24850] loop2: detected capacity change from 0 to 7 [ 1493.794888][T24784] chnl_net:caif_netlink_parms(): no params data found [ 1493.873625][T24850] Dev loop2: unable to read RDB block 7 [ 1493.873679][T24850] loop2: AHDI p1 p2 p3 [ 1493.873711][T24850] loop2: partition table partially beyond EOD, truncated [ 1493.874797][T24850] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1493.874822][T24850] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1494.652412][T23915] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1495.115667][T23915] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1495.183162][T23915] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1495.346598][T23915] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1495.666439][T19059] Bluetooth: hci2: command tx timeout [ 1495.844233][T24784] bridge0: port 1(bridge_slave_0) entered blocking state [ 1495.844446][T24784] bridge0: port 1(bridge_slave_0) entered disabled state [ 1495.844731][T24784] bridge_slave_0: entered allmulticast mode [ 1495.856068][T24784] bridge_slave_0: entered promiscuous mode [ 1496.118177][T24784] bridge0: port 2(bridge_slave_1) entered blocking state [ 1496.118326][T24784] bridge0: port 2(bridge_slave_1) entered disabled state [ 1496.118649][T24784] bridge_slave_1: entered allmulticast mode [ 1496.121745][T24784] bridge_slave_1: entered promiscuous mode [ 1496.788066][T24784] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1496.844815][T24784] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1497.747865][T19059] Bluetooth: hci2: command tx timeout [ 1497.855414][T24784] team0: Port device team_slave_0 added [ 1497.880847][T24784] team0: Port device team_slave_1 added [ 1498.698131][T24784] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1498.698150][T24784] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1498.698180][T24784] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1498.731055][T24784] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1498.731078][T24784] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1498.731114][T24784] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1499.082790][T19410] bridge_slave_1: left allmulticast mode [ 1499.082824][T19410] bridge_slave_1: left promiscuous mode [ 1499.083090][T19410] bridge0: port 2(bridge_slave_1) entered disabled state [ 1499.140355][T25013] Bluetooth: MGMT ver 1.23 [ 1499.178135][T19410] bridge_slave_0: left allmulticast mode [ 1499.178186][T19410] bridge_slave_0: left promiscuous mode [ 1499.178462][T19410] bridge0: port 1(bridge_slave_0) entered disabled state [ 1499.857002][T19059] Bluetooth: hci2: command tx timeout [ 1500.274620][ C1] vkms_vblank_simulate: vblank timer overrun [ 1501.174695][ C1] vkms_vblank_simulate: vblank timer overrun [ 1501.235309][ C1] vkms_vblank_simulate: vblank timer overrun [ 1501.305987][ C1] vkms_vblank_simulate: vblank timer overrun [ 1501.376277][ C1] vkms_vblank_simulate: vblank timer overrun [ 1501.451105][ C1] vkms_vblank_simulate: vblank timer overrun [ 1501.716804][ C1] vkms_vblank_simulate: vblank timer overrun [ 1501.789652][ C1] vkms_vblank_simulate: vblank timer overrun [ 1502.003781][ C1] vkms_vblank_simulate: vblank timer overrun [ 1502.085480][ C1] vkms_vblank_simulate: vblank timer overrun [ 1502.744332][T19410] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1502.807229][T19410] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1502.841579][T19410] bond0 (unregistering): Released all slaves [ 1503.002353][ C1] vkms_vblank_simulate: vblank timer overrun [ 1503.290182][T24784] hsr_slave_0: entered promiscuous mode [ 1503.304111][T24784] hsr_slave_1: entered promiscuous mode [ 1503.336664][T24784] debugfs: 'hsr0' already exists in 'hsr' [ 1503.336825][T24784] Cannot create hsr debugfs directory [ 1503.376080][ C1] vkms_vblank_simulate: vblank timer overrun [ 1503.596685][T19410] hsr_slave_0: left promiscuous mode [ 1503.649108][T19410] hsr_slave_1: left promiscuous mode [ 1503.650200][T19410] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1503.699350][T19410] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1503.756167][T25130] loop2: detected capacity change from 0 to 7 [ 1503.794511][T25130] Dev loop2: unable to read RDB block 7 [ 1503.794553][T25130] loop2: AHDI p1 p2 p3 [ 1503.794584][T25130] loop2: partition table partially beyond EOD, truncated [ 1503.811563][T25130] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1503.811597][T25130] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1504.598942][ C1] vkms_vblank_simulate: vblank timer overrun [ 1504.671061][T23513] hid-generic FFFF:0008:0003.0004: item fetching failed at offset 0/2 [ 1504.673079][T23513] hid-generic FFFF:0008:0003.0004: probe with driver hid-generic failed with error -22 [ 1504.953676][ C1] vkms_vblank_simulate: vblank timer overrun [ 1505.059089][ C1] vkms_vblank_simulate: vblank timer overrun [ 1505.221149][ C1] vkms_vblank_simulate: vblank timer overrun [ 1505.325673][ C1] vkms_vblank_simulate: vblank timer overrun [ 1505.675027][ T5814] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1505.680272][ T5814] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1505.683770][ T5814] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1505.685720][ T5814] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1505.687900][ T5814] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1505.880892][T19410] team0 (unregistering): Port device team_slave_1 removed [ 1505.986007][ C1] vkms_vblank_simulate: vblank timer overrun [ 1506.627538][T19410] team0 (unregistering): Port device team_slave_0 removed [ 1506.803021][ C1] vkms_vblank_simulate: vblank timer overrun [ 1507.281272][ C1] vkms_vblank_simulate: vblank timer overrun [ 1507.322760][ C1] vkms_vblank_simulate: vblank timer overrun [ 1507.445598][ C1] vkms_vblank_simulate: vblank timer overrun [ 1508.003277][ C1] vkms_vblank_simulate: vblank timer overrun [ 1508.206357][T19059] Bluetooth: hci5: command tx timeout [ 1508.355414][ C1] vkms_vblank_simulate: vblank timer overrun [ 1508.454931][ C1] vkms_vblank_simulate: vblank timer overrun [ 1508.955205][ C1] vkms_vblank_simulate: vblank timer overrun [ 1509.026699][ C1] vkms_vblank_simulate: vblank timer overrun [ 1509.155255][ C1] vkms_vblank_simulate: vblank timer overrun [ 1509.267909][ C1] vkms_vblank_simulate: vblank timer overrun [ 1509.405322][ C1] vkms_vblank_simulate: vblank timer overrun [ 1509.667540][ C1] vkms_vblank_simulate: vblank timer overrun [ 1509.737775][ C1] vkms_vblank_simulate: vblank timer overrun [ 1509.803811][ C1] vkms_vblank_simulate: vblank timer overrun [ 1509.990117][ C1] vkms_vblank_simulate: vblank timer overrun [ 1510.228336][T19059] Bluetooth: hci5: command tx timeout [ 1511.206631][ C1] vkms_vblank_simulate: vblank timer overrun [ 1511.257524][ C1] vkms_vblank_simulate: vblank timer overrun [ 1511.425735][ C1] vkms_vblank_simulate: vblank timer overrun [ 1513.017057][ T5814] Bluetooth: hci5: command tx timeout [ 1514.459527][T23915] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1514.802832][T23915] 8021q: adding VLAN 0 to HW filter on device team0 [ 1514.872596][T16757] bridge0: port 1(bridge_slave_0) entered blocking state [ 1514.872747][T16757] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1515.026549][ T5814] Bluetooth: hci5: command tx timeout [ 1515.278539][T16758] bridge0: port 2(bridge_slave_1) entered blocking state [ 1515.278691][T16758] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1516.085984][T25169] chnl_net:caif_netlink_parms(): no params data found [ 1518.731303][T25412] loop2: detected capacity change from 0 to 7 [ 1518.735605][T25412] Dev loop2: unable to read RDB block 7 [ 1518.735641][T25412] loop2: AHDI p1 p2 p3 [ 1518.735671][T25412] loop2: partition table partially beyond EOD, truncated [ 1518.760115][T25412] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1518.760145][T25412] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1518.972572][T19059] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1518.975286][T19059] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1518.978840][T19059] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1518.981720][T19059] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1518.982597][T19059] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1518.997800][T25418] input: syz0 as /devices/virtual/input/input17 [ 1519.136670][T25169] bridge0: port 1(bridge_slave_0) entered blocking state [ 1519.136814][T25169] bridge0: port 1(bridge_slave_0) entered disabled state [ 1519.137093][T25169] bridge_slave_0: entered allmulticast mode [ 1519.142041][T25169] bridge_slave_0: entered promiscuous mode [ 1519.178351][T25169] bridge0: port 2(bridge_slave_1) entered blocking state [ 1519.183611][T25169] bridge0: port 2(bridge_slave_1) entered disabled state [ 1519.183897][T25169] bridge_slave_1: entered allmulticast mode [ 1519.215802][T25169] bridge_slave_1: entered promiscuous mode [ 1519.896958][T25169] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1520.219552][T25169] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1520.220120][T24784] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1520.601930][T24784] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1520.761664][T24784] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1520.858943][T25169] team0: Port device team_slave_0 added [ 1520.864967][T24784] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1520.970576][T25169] team0: Port device team_slave_1 added [ 1521.117032][ T5814] Bluetooth: hci0: command tx timeout [ 1521.372408][T25169] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1521.372428][T25169] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1521.372459][T25169] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1521.551539][T25169] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1521.551560][T25169] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1521.551584][T25169] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1521.999707][T19410] bridge_slave_1: left allmulticast mode [ 1521.999739][T19410] bridge_slave_1: left promiscuous mode [ 1522.000013][T19410] bridge0: port 2(bridge_slave_1) entered disabled state [ 1522.098923][T19410] bridge_slave_0: left allmulticast mode [ 1522.098956][T19410] bridge_slave_0: left promiscuous mode [ 1522.114928][T19410] bridge0: port 1(bridge_slave_0) entered disabled state [ 1522.366683][T19825] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 1522.528778][T19825] usb 1-1: Using ep0 maxpacket: 8 [ 1522.531940][T19825] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 1522.531982][T19825] usb 1-1: can't read configurations, error -61 [ 1522.689191][T19825] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 1522.846452][T19825] usb 1-1: Using ep0 maxpacket: 8 [ 1522.849566][T19825] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 1522.849610][T19825] usb 1-1: can't read configurations, error -61 [ 1522.849997][T19825] usb usb1-port1: attempt power cycle [ 1523.186714][ T5814] Bluetooth: hci0: command tx timeout [ 1523.198601][T19825] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 1523.217163][T19825] usb 1-1: Using ep0 maxpacket: 8 [ 1523.220012][T19825] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 1523.220052][T19825] usb 1-1: can't read configurations, error -61 [ 1523.346770][T19825] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 1523.373661][T19825] usb 1-1: Using ep0 maxpacket: 8 [ 1523.376112][T19825] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 1523.376162][T19825] usb 1-1: can't read configurations, error -61 [ 1523.395827][T19825] usb usb1-port1: unable to enumerate USB device [ 1523.448107][T19410] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1523.567285][T19410] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1523.650529][T19410] bond0 (unregistering): Released all slaves [ 1523.699394][T25169] hsr_slave_0: entered promiscuous mode [ 1523.700929][T25169] hsr_slave_1: entered promiscuous mode [ 1523.701992][T25169] debugfs: 'hsr0' already exists in 'hsr' [ 1523.702017][T25169] Cannot create hsr debugfs directory [ 1524.186508][T19410] hsr_slave_0: left promiscuous mode [ 1524.206617][T19410] hsr_slave_1: left promiscuous mode [ 1524.207414][T19410] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1524.249089][T19410] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1525.127524][T19410] team0 (unregistering): Port device team_slave_1 removed [ 1525.231206][T25605] 9pnet_fd: Insufficient options for proto=fd [ 1525.280818][ T5814] Bluetooth: hci0: command tx timeout [ 1525.384009][T19410] team0 (unregistering): Port device team_slave_0 removed [ 1527.217003][T25417] chnl_net:caif_netlink_parms(): no params data found [ 1527.346654][ T5814] Bluetooth: hci0: command tx timeout [ 1528.027105][T25417] bridge0: port 1(bridge_slave_0) entered blocking state [ 1528.027312][T25417] bridge0: port 1(bridge_slave_0) entered disabled state [ 1528.027593][T25417] bridge_slave_0: entered allmulticast mode [ 1528.030661][T25417] bridge_slave_0: entered promiscuous mode [ 1528.091493][T25417] bridge0: port 2(bridge_slave_1) entered blocking state [ 1528.091717][T25417] bridge0: port 2(bridge_slave_1) entered disabled state [ 1528.091996][T25417] bridge_slave_1: entered allmulticast mode [ 1528.095075][T25417] bridge_slave_1: entered promiscuous mode [ 1528.396216][T25417] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1528.412674][T25417] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1528.422068][T24784] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1528.874097][T25417] team0: Port device team_slave_0 added [ 1529.053080][T25417] team0: Port device team_slave_1 added [ 1529.529835][T25417] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1529.529851][T25417] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1529.529874][T25417] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1529.539641][T25417] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1529.539662][T25417] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1529.539698][T25417] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1529.550803][T24784] 8021q: adding VLAN 0 to HW filter on device team0 [ 1529.702737][T16795] bridge0: port 1(bridge_slave_0) entered blocking state [ 1529.702908][T16795] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1529.997609][T25417] hsr_slave_0: entered promiscuous mode [ 1529.999054][T25417] hsr_slave_1: entered promiscuous mode [ 1529.999820][T25417] debugfs: 'hsr0' already exists in 'hsr' [ 1529.999840][T25417] Cannot create hsr debugfs directory [ 1530.050878][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 1530.051051][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1530.473412][T25169] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 1530.524312][T25169] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 1530.580160][T25169] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 1530.662964][T25169] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 1531.038219][T19410] bridge_slave_1: left allmulticast mode [ 1531.038251][T19410] bridge_slave_1: left promiscuous mode [ 1531.038549][T19410] bridge0: port 2(bridge_slave_1) entered disabled state [ 1531.098124][T19410] bridge_slave_0: left allmulticast mode [ 1531.098149][T19410] bridge_slave_0: left promiscuous mode [ 1531.098339][T19410] bridge0: port 1(bridge_slave_0) entered disabled state [ 1532.957704][T19410] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1533.048263][T19410] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1533.091235][T19410] bond0 (unregistering): Released all slaves [ 1533.416042][T25705] tipc: Started in network mode [ 1533.416076][T25705] tipc: Node identity ae2896de9e08, cluster identity 4711 [ 1533.424021][T25705] tipc: Enabled bearer , priority 0 [ 1533.426065][T25701] syzkaller0: entered promiscuous mode [ 1533.426092][T25701] syzkaller0: entered allmulticast mode [ 1533.587270][T19410] hsr_slave_0: left promiscuous mode [ 1533.626905][T19410] hsr_slave_1: left promiscuous mode [ 1533.628147][T19410] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1533.693413][T19410] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1534.608779][T19410] team0 (unregistering): Port device team_slave_1 removed [ 1534.797420][T19410] team0 (unregistering): Port device team_slave_0 removed [ 1537.513749][T25705] tipc: Resetting bearer [ 1537.526149][ T31] tipc: Node number set to 807442142 [ 1537.982568][T24784] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1539.076880][T25169] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1539.205751][T25169] 8021q: adding VLAN 0 to HW filter on device team0 [ 1539.224440][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 1539.224760][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1539.270396][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 1539.270648][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1540.965818][T25417] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1541.169894][T25417] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1542.172158][T25417] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1542.247653][T25417] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1542.643679][T25169] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1542.723859][T24784] veth0_vlan: entered promiscuous mode [ 1542.800246][T24784] veth1_vlan: entered promiscuous mode [ 1543.000817][T24784] veth0_macvtap: entered promiscuous mode [ 1543.033958][T25417] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1543.043942][T24784] veth1_macvtap: entered promiscuous mode [ 1543.177629][T24784] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1543.182794][T25417] 8021q: adding VLAN 0 to HW filter on device team0 [ 1543.224686][T24784] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1543.243967][T19410] bridge0: port 1(bridge_slave_0) entered blocking state [ 1543.244221][T19410] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1543.307583][T19410] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1543.310012][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 1543.310293][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1543.313445][T19410] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1543.315312][T19410] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1543.331059][T19410] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1544.083403][T10167] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1544.083445][T10167] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1544.348985][T25169] veth0_vlan: entered promiscuous mode [ 1544.366525][T16795] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1544.366550][T16795] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1544.445510][T25169] veth1_vlan: entered promiscuous mode [ 1544.668075][T25169] veth0_macvtap: entered promiscuous mode [ 1544.691027][T25169] veth1_macvtap: entered promiscuous mode [ 1544.834797][T25169] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1544.929332][T25169] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1544.977669][T10167] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1544.978350][T10167] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1544.978595][T10167] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1544.978638][T10167] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1545.047907][T25417] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1545.407407][T25984] 9pnet_fd: Insufficient options for proto=fd [ 1545.917681][T16795] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1545.917701][T16795] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1546.089923][ T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1546.089949][ T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1546.139056][T25417] veth0_vlan: entered promiscuous mode [ 1546.257093][T25417] veth1_vlan: entered promiscuous mode [ 1547.401914][T25417] veth0_macvtap: entered promiscuous mode [ 1547.429236][T25417] veth1_macvtap: entered promiscuous mode [ 1548.327138][T20316] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 1548.369432][T25417] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1548.375279][T25417] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1548.451263][T17309] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1548.451756][T17309] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1548.452925][T17309] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1548.453192][T17309] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1548.616669][T20316] usb 7-1: device descriptor read/64, error -71 [ 1548.844875][T26028] netlink: 36 bytes leftover after parsing attributes in process `syz.5.8301'. [ 1548.974440][T20316] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 1550.102998][T20316] usb 7-1: device descriptor read/64, error -71 [ 1550.209088][T20316] usb usb7-port1: attempt power cycle [ 1551.116692][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1551.116717][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1551.194616][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 1551.194694][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 1552.311533][T25991] usb 1-1: new full-speed USB device number 18 using dummy_hcd [ 1552.476381][T25991] usb 1-1: device descriptor read/64, error -71 [ 1552.766451][T25991] usb 1-1: new full-speed USB device number 19 using dummy_hcd [ 1552.896923][T25991] usb 1-1: device descriptor read/64, error -71 [ 1552.902027][T26029] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1552.902094][T26029] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1553.161313][T25991] usb usb1-port1: attempt power cycle [ 1554.566554][T25991] usb 1-1: new full-speed USB device number 20 using dummy_hcd [ 1554.811150][T25991] usb 1-1: device descriptor read/8, error -71 [ 1556.469892][T26088] Bluetooth: MGMT ver 1.23 [ 1556.790799][T20316] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 1556.936396][T20316] usb 6-1: device descriptor read/64, error -71 [ 1557.027065][ T31] IPVS: starting estimator thread 0... [ 1557.126581][T26101] IPVS: using max 11 ests per chain, 26400 per kthread [ 1557.186786][T20316] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 1557.319168][T20316] usb 6-1: device descriptor read/64, error -71 [ 1557.463263][T20316] usb usb6-port1: attempt power cycle [ 1557.846466][T20316] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 1557.867249][T20316] usb 6-1: device descriptor read/8, error -71 [ 1558.106561][T20316] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 1558.127647][T20316] usb 6-1: device descriptor read/8, error -71 [ 1558.237073][T20316] usb usb6-port1: unable to enumerate USB device [ 1558.304512][T19059] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1558.326593][T19059] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1558.327980][T19059] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1558.330731][T19059] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1558.350098][T19059] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1559.978981][T19825] usb 2-1: new full-speed USB device number 8 using dummy_hcd [ 1560.236438][T19825] usb 2-1: device descriptor read/64, error -71 [ 1560.528934][ T5814] Bluetooth: hci3: command tx timeout [ 1560.739449][ T1006] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1560.836497][T19825] usb 2-1: new full-speed USB device number 9 using dummy_hcd [ 1560.996439][T19825] usb 2-1: device descriptor read/64, error -71 [ 1561.127890][T19825] usb usb2-port1: attempt power cycle [ 1561.364406][ T1006] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1561.466428][T19825] usb 2-1: new full-speed USB device number 10 using dummy_hcd [ 1561.488126][T19825] usb 2-1: device descriptor read/8, error -71 [ 1561.766601][T19825] usb 2-1: new full-speed USB device number 11 using dummy_hcd [ 1561.787167][T19825] usb 2-1: device descriptor read/8, error -71 [ 1562.046682][T19825] usb usb2-port1: unable to enumerate USB device [ 1562.574040][ T5814] Bluetooth: hci3: command tx timeout [ 1563.180871][ T1006] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1563.553138][ C1] vkms_vblank_simulate: vblank timer overrun [ 1563.599356][T26148] netlink: 'syz.5.8343': attribute type 1 has an invalid length. [ 1564.786571][ T5814] Bluetooth: hci3: command tx timeout [ 1565.326522][ T31] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 1568.076669][ C1] vkms_vblank_simulate: vblank timer overrun [ 1568.090779][ T1006] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1568.126534][ T5814] Bluetooth: hci3: command tx timeout [ 1568.246608][ T31] usb 6-1: Using ep0 maxpacket: 32 [ 1568.916967][ T5898] usb 1-1: new full-speed USB device number 22 using dummy_hcd [ 1569.468899][ T5898] usb 1-1: device descriptor read/64, error -71 [ 1569.727182][ T5898] usb 1-1: new full-speed USB device number 23 using dummy_hcd [ 1569.866605][ T5898] usb 1-1: device descriptor read/64, error -71 [ 1569.988294][ T5898] usb usb1-port1: attempt power cycle [ 1570.337825][ T5898] usb 1-1: new full-speed USB device number 24 using dummy_hcd [ 1570.361254][ T5898] usb 1-1: device descriptor read/8, error -71 [ 1570.731473][T26190] Invalid ELF header magic: != ELF [ 1570.765078][ T5898] usb 1-1: new full-speed USB device number 25 using dummy_hcd [ 1570.819644][ T5898] usb 1-1: device descriptor read/8, error -71 [ 1570.957463][ T5898] usb usb1-port1: unable to enumerate USB device [ 1572.353069][T26109] chnl_net:caif_netlink_parms(): no params data found [ 1573.338171][ T31] usb 6-1: device descriptor read/all, error -110 [ 1573.546474][ T31] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 1573.846402][ T31] usb 6-1: device descriptor read/64, error -32 [ 1573.907292][ T1006] bridge_slave_1: left allmulticast mode [ 1573.907324][ T1006] bridge_slave_1: left promiscuous mode [ 1573.907605][ T1006] bridge0: port 2(bridge_slave_1) entered disabled state [ 1573.966820][ T31] usb usb6-port1: attempt power cycle [ 1574.024405][ T1006] bridge_slave_0: left allmulticast mode [ 1574.024430][ T1006] bridge_slave_0: left promiscuous mode [ 1574.024633][ T1006] bridge0: port 1(bridge_slave_0) entered disabled state [ 1574.336454][ T31] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 1574.356761][ T31] usb 6-1: device descriptor read/8, error -32 [ 1574.405731][T26210] netlink: 'syz.1.8360': attribute type 10 has an invalid length. [ 1574.549163][T26163] raw-gadget.0 gadget.5: failed to queue disconnect event [ 1574.596372][ T31] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 1574.806420][ T31] usb 6-1: device not accepting address 9, error -71 [ 1574.819111][ T31] usb usb6-port1: unable to enumerate USB device [ 1577.046408][T19825] usb 7-1: new full-speed USB device number 5 using dummy_hcd [ 1577.181248][T19825] usb 7-1: device descriptor read/64, error -71 [ 1577.439614][T19825] usb 7-1: new full-speed USB device number 6 using dummy_hcd [ 1577.576774][T19825] usb 7-1: device descriptor read/64, error -71 [ 1577.699177][T19825] usb usb7-port1: attempt power cycle [ 1578.036436][T19825] usb 7-1: new full-speed USB device number 7 using dummy_hcd [ 1578.057293][T19825] usb 7-1: device descriptor read/8, error -71 [ 1578.296412][T19825] usb 7-1: new full-speed USB device number 8 using dummy_hcd [ 1578.353048][T19825] usb 7-1: device descriptor read/8, error -71 [ 1578.456879][T19825] usb usb7-port1: unable to enumerate USB device [ 1579.023905][T26245] netlink: 12 bytes leftover after parsing attributes in process `syz.5.8374'. [ 1579.796298][T26253] netlink: 4 bytes leftover after parsing attributes in process `syz.5.8377'. [ 1582.227078][ T1006] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1582.297872][ T1006] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1582.319991][ T1006] bond0 (unregistering): Released all slaves [ 1582.801427][T26210] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 1583.881696][T19825] usb 1-1: new full-speed USB device number 26 using dummy_hcd [ 1584.316514][T19825] usb 1-1: device descriptor read/64, error -71 [ 1584.556455][T19825] usb 1-1: new full-speed USB device number 27 using dummy_hcd [ 1584.641544][T26284] atomic_op ffff88803b0ff218 conn xmit_atomic 0000000000000000 [ 1585.569139][T19825] usb 1-1: device descriptor read/64, error -71 [ 1585.677678][T19825] usb usb1-port1: attempt power cycle [ 1585.695524][T26287] 9pnet_fd: Insufficient options for proto=fd [ 1586.198136][T19825] usb 1-1: new full-speed USB device number 28 using dummy_hcd [ 1586.543296][T19825] usb 1-1: device descriptor read/8, error -71 [ 1588.388552][T26317] atomic_op ffff88805e9ea218 conn xmit_atomic 0000000000000000 [ 1588.675167][T26109] bridge0: port 1(bridge_slave_0) entered blocking state [ 1588.675324][T26109] bridge0: port 1(bridge_slave_0) entered disabled state [ 1588.675596][T26109] bridge_slave_0: entered allmulticast mode [ 1588.723039][T26109] bridge_slave_0: entered promiscuous mode [ 1588.745794][T26109] bridge0: port 2(bridge_slave_1) entered blocking state [ 1588.745944][T26109] bridge0: port 2(bridge_slave_1) entered disabled state [ 1588.746591][T26109] bridge_slave_1: entered allmulticast mode [ 1588.749932][T26109] bridge_slave_1: entered promiscuous mode [ 1589.896431][T19825] usb 1-1: new full-speed USB device number 30 using dummy_hcd [ 1590.245619][T19825] usb 1-1: config 0 has no interfaces? [ 1590.255992][T19825] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 1590.256026][T19825] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 1590.256049][T19825] usb 1-1: Product: syz [ 1590.256064][T19825] usb 1-1: Manufacturer: syz [ 1590.256079][T19825] usb 1-1: SerialNumber: syz [ 1590.324426][T19825] usb 1-1: config 0 descriptor?? [ 1592.870951][T26109] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1592.931342][T26109] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1593.106691][ T1006] hsr_slave_0: left promiscuous mode [ 1593.238314][ T1006] hsr_slave_1: left promiscuous mode [ 1593.239468][ T1006] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1593.239498][ T1006] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1593.334674][ T1006] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1593.334697][ T1006] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1593.728319][ T5889] usb 1-1: USB disconnect, device number 30 [ 1593.752403][ T1006] veth0_macvtap: left promiscuous mode [ 1593.752687][ T1006] veth1_vlan: left promiscuous mode [ 1593.752880][ T1006] veth0_vlan: left promiscuous mode [ 1604.349799][ T1006] team0 (unregistering): Port device team_slave_1 removed [ 1608.407085][ T1006] team0 (unregistering): Port device team_slave_0 removed [ 1610.582928][ C0] vkms_vblank_simulate: vblank timer overrun [ 1612.636178][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 1612.636284][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 1613.362206][ C0] vkms_vblank_simulate: vblank timer overrun [ 1614.721008][ T5814] Bluetooth: hci2: command 0x0406 tx timeout [ 1617.932266][ T5814] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1617.949428][ T5814] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1617.951255][ T5814] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1617.953775][ T5814] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1617.954920][ T5814] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1619.108648][ T37] kauditd_printk_skb: 20 callbacks suppressed [ 1619.108665][ T37] audit: type=1326 audit(1763390446.831:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26562 comm="syz.1.8478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd66a7f6c9 code=0x7ffc0000 [ 1619.108706][ T37] audit: type=1326 audit(1763390446.841:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26562 comm="syz.1.8478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7efd66a7f6c9 code=0x7ffc0000 [ 1619.108747][ T37] audit: type=1326 audit(1763390446.841:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26562 comm="syz.1.8478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd66a7f6c9 code=0x7ffc0000 [ 1619.108781][ T37] audit: type=1326 audit(1763390446.841:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26562 comm="syz.1.8478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd66a7f6c9 code=0x7ffc0000 [ 1619.108815][ T37] audit: type=1326 audit(1763390446.841:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26562 comm="syz.1.8478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7efd66a7f6c9 code=0x7ffc0000 [ 1619.108850][ T37] audit: type=1326 audit(1763390446.841:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26562 comm="syz.1.8478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd66a7f6c9 code=0x7ffc0000 [ 1619.108884][ T37] audit: type=1326 audit(1763390446.841:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26562 comm="syz.1.8478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd66a7f6c9 code=0x7ffc0000 [ 1619.108918][ T37] audit: type=1326 audit(1763390446.841:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26562 comm="syz.1.8478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=190 compat=0 ip=0x7efd66a7f6c9 code=0x7ffc0000 [ 1619.108951][ T37] audit: type=1326 audit(1763390446.841:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26562 comm="syz.1.8478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd66a7f6c9 code=0x7ffc0000 [ 1619.108983][ T37] audit: type=1326 audit(1763390446.841:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26562 comm="syz.1.8478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd66a7f6c9 code=0x7ffc0000 [ 1619.592684][ C0] vkms_vblank_simulate: vblank timer overrun [ 1619.916942][T26573] Invalid ELF header magic: != ELF [ 1619.917245][ C0] vkms_vblank_simulate: vblank timer overrun [ 1619.986599][ T5814] Bluetooth: hci4: command tx timeout [ 1622.071910][ T5814] Bluetooth: hci4: command tx timeout [ 1623.321930][ C0] vkms_vblank_simulate: vblank timer overrun [ 1624.146617][ T5814] Bluetooth: hci4: command tx timeout [ 1624.422973][ C0] vkms_vblank_simulate: vblank timer overrun [ 1625.175479][ C0] vkms_vblank_simulate: vblank timer overrun [ 1625.773471][ C0] vkms_vblank_simulate: vblank timer overrun [ 1626.226399][ T5814] Bluetooth: hci4: command tx timeout [ 1626.477129][ C0] vkms_vblank_simulate: vblank timer overrun [ 1627.073555][ C0] vkms_vblank_simulate: vblank timer overrun [ 1627.213953][ C0] vkms_vblank_simulate: vblank timer overrun [ 1627.465937][ C0] vkms_vblank_simulate: vblank timer overrun [ 1627.651698][ C0] vkms_vblank_simulate: vblank timer overrun [ 1628.889203][T26543] chnl_net:caif_netlink_parms(): no params data found [ 1629.039754][ C1] vkms_vblank_simulate: vblank timer overrun [ 1629.757185][ C1] vkms_vblank_simulate: vblank timer overrun [ 1630.083463][T19059] Bluetooth: hci5: command 0x0406 tx timeout [ 1630.431240][ C1] vkms_vblank_simulate: vblank timer overrun [ 1631.345887][ C1] vkms_vblank_simulate: vblank timer overrun [ 1632.147223][ C1] vkms_vblank_simulate: vblank timer overrun [ 1632.242951][ C1] vkms_vblank_simulate: vblank timer overrun [ 1632.294753][ C1] vkms_vblank_simulate: vblank timer overrun [ 1633.226864][T26543] bridge0: port 1(bridge_slave_0) entered blocking state [ 1633.227009][T26543] bridge0: port 1(bridge_slave_0) entered disabled state [ 1633.227291][T26543] bridge_slave_0: entered allmulticast mode [ 1633.242872][T26543] bridge_slave_0: entered promiscuous mode [ 1633.272456][T26543] bridge0: port 2(bridge_slave_1) entered blocking state [ 1633.274150][T26543] bridge0: port 2(bridge_slave_1) entered disabled state [ 1633.274433][T26543] bridge_slave_1: entered allmulticast mode [ 1633.317597][T26543] bridge_slave_1: entered promiscuous mode [ 1633.537330][T26714] IPv6: Can't replace route, no match found [ 1634.660297][T26543] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1634.719260][T26543] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1636.109474][ C1] vkms_vblank_simulate: vblank timer overrun [ 1637.746486][ C1] vkms_vblank_simulate: vblank timer overrun [ 1638.306604][ T1006] bridge_slave_1: left allmulticast mode [ 1638.306638][ T1006] bridge_slave_1: left promiscuous mode [ 1638.306919][ T1006] bridge0: port 2(bridge_slave_1) entered disabled state [ 1638.778542][ T1006] bridge_slave_0: left allmulticast mode [ 1638.778584][ T1006] bridge_slave_0: left promiscuous mode [ 1638.781272][ T1006] bridge0: port 1(bridge_slave_0) entered disabled state [ 1641.607481][ T1006] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1641.931383][ C0] vkms_vblank_simulate: vblank timer overrun [ 1642.071784][ C0] vkms_vblank_simulate: vblank timer overrun [ 1642.244062][ C0] vkms_vblank_simulate: vblank timer overrun [ 1642.676972][ C0] vkms_vblank_simulate: vblank timer overrun [ 1643.149964][ T1006] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1643.370085][ T1006] bond0 (unregistering): Released all slaves [ 1643.586022][T26543] team0: Port device team_slave_0 added [ 1643.634603][ C0] vkms_vblank_simulate: vblank timer overrun [ 1643.787102][T26543] team0: Port device team_slave_1 added [ 1644.626969][ C0] vkms_vblank_simulate: vblank timer overrun [ 1645.224889][ C0] vkms_vblank_simulate: vblank timer overrun [ 1645.274552][ C0] vkms_vblank_simulate: vblank timer overrun [ 1645.426431][T19059] Bluetooth: hci0: command 0x0406 tx timeout [ 1645.756641][ C0] vkms_vblank_simulate: vblank timer overrun [ 1645.961059][T26543] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1645.961078][T26543] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1645.961111][T26543] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1646.427513][ C0] vkms_vblank_simulate: vblank timer overrun [ 1646.650869][ C0] vkms_vblank_simulate: vblank timer overrun [ 1647.921018][ C0] vkms_vblank_simulate: vblank timer overrun [ 1648.010794][ C0] vkms_vblank_simulate: vblank timer overrun [ 1648.340667][T26837] netlink: 8 bytes leftover after parsing attributes in process `syz.5.8559'. [ 1648.340718][T26837] netlink: 8 bytes leftover after parsing attributes in process `syz.5.8559'. [ 1649.242111][ C1] vkms_vblank_simulate: vblank timer overrun [ 1649.552363][T26543] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1649.552383][T26543] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1649.552417][T26543] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1649.806984][ C1] vkms_vblank_simulate: vblank timer overrun [ 1650.268278][ C1] vkms_vblank_simulate: vblank timer overrun [ 1650.461828][ C1] vkms_vblank_simulate: vblank timer overrun [ 1650.574127][ C1] vkms_vblank_simulate: vblank timer overrun [ 1650.589696][T26543] hsr_slave_0: entered promiscuous mode [ 1650.591178][T26543] hsr_slave_1: entered promiscuous mode [ 1650.603307][T26543] debugfs: 'hsr0' already exists in 'hsr' [ 1650.603378][T26543] Cannot create hsr debugfs directory [ 1650.855920][ C1] vkms_vblank_simulate: vblank timer overrun [ 1650.940816][ C1] vkms_vblank_simulate: vblank timer overrun [ 1651.114014][ C1] vkms_vblank_simulate: vblank timer overrun [ 1651.114914][T20316] usb 6-1: new full-speed USB device number 10 using dummy_hcd [ 1651.670883][T20316] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1651.670919][T20316] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1651.670971][T20316] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1651.670997][T20316] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1651.919872][ C1] vkms_vblank_simulate: vblank timer overrun [ 1652.002866][T20316] usb 6-1: GET_CAPABILITIES returned 0 [ 1652.002924][T20316] usbtmc 6-1:16.0: can't read capabilities [ 1652.432392][ C1] vkms_vblank_simulate: vblank timer overrun [ 1653.162079][ C1] vkms_vblank_simulate: vblank timer overrun [ 1653.193119][T20316] usb 6-1: USB disconnect, device number 10 [ 1655.780366][T26924] netlink: 104 bytes leftover after parsing attributes in process `syz.5.8586'. [ 1658.594610][T26947] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8591'. [ 1659.540222][ C1] vkms_vblank_simulate: vblank timer overrun [ 1659.630231][ C1] vkms_vblank_simulate: vblank timer overrun [ 1659.695057][ C1] vkms_vblank_simulate: vblank timer overrun [ 1659.991035][ C1] vkms_vblank_simulate: vblank timer overrun [ 1660.084640][ C1] vkms_vblank_simulate: vblank timer overrun [ 1660.580255][ C1] vkms_vblank_simulate: vblank timer overrun [ 1661.353504][ C1] vkms_vblank_simulate: vblank timer overrun [ 1661.687753][ C1] vkms_vblank_simulate: vblank timer overrun [ 1662.316455][ C1] vkms_vblank_simulate: vblank timer overrun [ 1662.954185][ C1] vkms_vblank_simulate: vblank timer overrun [ 1663.081278][ C1] vkms_vblank_simulate: vblank timer overrun [ 1663.277018][T26987] program syz.0.8604 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1664.474165][T27004] atomic_op ffff88805af5ca18 conn xmit_atomic 0000000000000000 [ 1664.563329][ T37] kauditd_printk_skb: 29 callbacks suppressed [ 1664.563349][ T37] audit: type=1326 audit(1763390492.312:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27005 comm="syz.1.8609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd66a7f6c9 code=0x7ffc0000 [ 1664.563565][ T37] audit: type=1326 audit(1763390492.312:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27005 comm="syz.1.8609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd66a7f6c9 code=0x7ffc0000 [ 1664.575474][ T37] audit: type=1326 audit(1763390492.322:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27005 comm="syz.1.8609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7efd66a7f6c9 code=0x7ffc0000 [ 1664.575546][ T37] audit: type=1326 audit(1763390492.322:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27005 comm="syz.1.8609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd66a7f6c9 code=0x7ffc0000 [ 1664.662726][ T37] audit: type=1326 audit(1763390492.412:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27005 comm="syz.1.8609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7efd66a7f6c9 code=0x7ffc0000 [ 1664.663262][ T37] audit: type=1326 audit(1763390492.412:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27005 comm="syz.1.8609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd66a7f6c9 code=0x7ffc0000 [ 1664.711972][ T37] audit: type=1326 audit(1763390492.412:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27005 comm="syz.1.8609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd66a7f6c9 code=0x7ffc0000 [ 1665.198957][ C1] vkms_vblank_simulate: vblank timer overrun [ 1665.250476][ C1] vkms_vblank_simulate: vblank timer overrun [ 1665.666836][ C1] vkms_vblank_simulate: vblank timer overrun [ 1667.150544][T26543] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1667.221000][T26543] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1667.577567][T26543] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1667.902367][ C1] vkms_vblank_simulate: vblank timer overrun [ 1667.931761][T26543] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1668.013103][ C1] vkms_vblank_simulate: vblank timer overrun [ 1668.406062][ C1] vkms_vblank_simulate: vblank timer overrun [ 1668.917021][ C1] vkms_vblank_simulate: vblank timer overrun [ 1669.346389][ C1] vkms_vblank_simulate: vblank timer overrun [ 1669.962431][ C1] vkms_vblank_simulate: vblank timer overrun [ 1670.253749][T27059] trusted_key: syz.1.8621 sent an empty control message without MSG_MORE. [ 1670.448529][T26543] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1670.884766][T26543] 8021q: adding VLAN 0 to HW filter on device team0 [ 1671.203986][ T57] bridge0: port 1(bridge_slave_0) entered blocking state [ 1671.205113][ T57] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1671.223752][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 1671.223903][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1672.672152][T26543] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1674.096883][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 1674.096961][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 1679.539185][T19059] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1679.563299][T19059] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1679.564703][T19059] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1679.580876][T19059] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1679.581790][T19059] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1681.748022][T19059] Bluetooth: hci3: command tx timeout [ 1681.967588][T27183] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8650'. [ 1681.967624][T27183] netlink: 'syz.1.8650': attribute type 2 has an invalid length. [ 1683.826449][T19059] Bluetooth: hci3: command tx timeout [ 1685.906408][T19059] Bluetooth: hci3: command tx timeout [ 1685.918164][T27217] netlink: 12 bytes leftover after parsing attributes in process `syz.5.8658'. [ 1687.987580][T19059] Bluetooth: hci3: command tx timeout [ 1691.547287][T27157] chnl_net:caif_netlink_parms(): no params data found [ 1697.646968][T27317] syz.1.8685 (27317) used greatest stack depth: 16216 bytes left [ 1698.260600][T27314] IPVS: Error connecting to the multicast addr [ 1700.297979][T27157] bridge0: port 1(bridge_slave_0) entered blocking state [ 1700.298124][T27157] bridge0: port 1(bridge_slave_0) entered disabled state [ 1700.298402][T27157] bridge_slave_0: entered allmulticast mode [ 1700.301354][T27157] bridge_slave_0: entered promiscuous mode [ 1700.323131][T27157] bridge0: port 2(bridge_slave_1) entered blocking state [ 1700.323402][T27157] bridge0: port 2(bridge_slave_1) entered disabled state [ 1700.323756][T27157] bridge_slave_1: entered allmulticast mode [ 1700.334335][T27157] bridge_slave_1: entered promiscuous mode [ 1702.715394][ C0] vkms_vblank_simulate: vblank timer overrun [ 1702.961030][ C0] vkms_vblank_simulate: vblank timer overrun [ 1703.027536][ C0] vkms_vblank_simulate: vblank timer overrun [ 1703.230963][ C0] vkms_vblank_simulate: vblank timer overrun [ 1703.787271][T27157] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1703.842637][T27157] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1704.117913][T27349] ieee802154 phy0 wpan0: encryption failed: -22 [ 1705.045140][ C0] vkms_vblank_simulate: vblank timer overrun [ 1705.561229][T27157] team0: Port device team_slave_0 added [ 1705.741024][T27157] team0: Port device team_slave_1 added [ 1706.374525][T27157] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1706.374545][T27157] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1706.374577][T27157] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1706.688555][T27157] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1706.688574][T27157] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1706.688605][T27157] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1707.088864][T10167] bridge_slave_1: left allmulticast mode [ 1707.088889][T10167] bridge_slave_1: left promiscuous mode [ 1707.089086][T10167] bridge0: port 2(bridge_slave_1) entered disabled state [ 1707.346740][ C0] vkms_vblank_simulate: vblank timer overrun [ 1707.447645][ C0] vkms_vblank_simulate: vblank timer overrun [ 1707.634843][ C0] vkms_vblank_simulate: vblank timer overrun [ 1707.973431][T10167] bridge_slave_0: left allmulticast mode [ 1707.973501][T10167] bridge_slave_0: left promiscuous mode [ 1708.057644][T10167] bridge0: port 1(bridge_slave_0) entered disabled state [ 1710.421441][T27404] Falling back ldisc for ttyS3. [ 1711.695861][T27419] program syz.1.8715 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1716.022237][T10167] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1716.107074][T10167] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1716.134713][T10167] bond0 (unregistering): Released all slaves [ 1716.576972][T27446] Invalid ELF header magic: != ELF [ 1716.937095][T10167] hsr_slave_0: left promiscuous mode [ 1716.966594][T10167] hsr_slave_1: left promiscuous mode [ 1716.967470][T10167] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1717.058890][T10167] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1720.640736][T27482] program syz.0.8739 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1721.827691][T10167] team0 (unregistering): Port device team_slave_1 removed [ 1721.839549][T27489] ieee802154 phy0 wpan0: encryption failed: -22 [ 1722.018856][ C1] vkms_vblank_simulate: vblank timer overrun [ 1722.272396][ C1] vkms_vblank_simulate: vblank timer overrun [ 1722.319683][T10167] team0 (unregistering): Port device team_slave_0 removed [ 1722.408208][ C1] vkms_vblank_simulate: vblank timer overrun [ 1722.657831][ C1] vkms_vblank_simulate: vblank timer overrun [ 1722.771625][ C1] vkms_vblank_simulate: vblank timer overrun [ 1722.860383][ C1] vkms_vblank_simulate: vblank timer overrun [ 1723.156304][ C1] vkms_vblank_simulate: vblank timer overrun [ 1723.226421][ C1] vkms_vblank_simulate: vblank timer overrun [ 1723.365854][ C1] vkms_vblank_simulate: vblank timer overrun [ 1723.934165][ C1] vkms_vblank_simulate: vblank timer overrun [ 1724.224563][ C1] vkms_vblank_simulate: vblank timer overrun [ 1724.599754][ C1] vkms_vblank_simulate: vblank timer overrun [ 1724.852434][ C1] vkms_vblank_simulate: vblank timer overrun [ 1725.806007][ C1] vkms_vblank_simulate: vblank timer overrun [ 1725.882896][ C1] vkms_vblank_simulate: vblank timer overrun [ 1726.231360][ C1] vkms_vblank_simulate: vblank timer overrun [ 1726.309301][ C1] vkms_vblank_simulate: vblank timer overrun [ 1726.406566][ C1] vkms_vblank_simulate: vblank timer overrun [ 1726.610994][ C1] vkms_vblank_simulate: vblank timer overrun [ 1726.706296][ C1] vkms_vblank_simulate: vblank timer overrun [ 1726.769056][ C1] vkms_vblank_simulate: vblank timer overrun [ 1727.476465][ C1] vkms_vblank_simulate: vblank timer overrun [ 1727.525561][ C1] vkms_vblank_simulate: vblank timer overrun [ 1727.856077][ C1] vkms_vblank_simulate: vblank timer overrun [ 1728.217192][ C1] vkms_vblank_simulate: vblank timer overrun [ 1728.577136][ C1] vkms_vblank_simulate: vblank timer overrun [ 1728.656542][ T5889] usb 1-1: new low-speed USB device number 31 using dummy_hcd [ 1728.787295][ T5889] usb 1-1: device descriptor read/64, error -71 [ 1729.026453][ T5889] usb 1-1: new low-speed USB device number 32 using dummy_hcd [ 1729.171940][ T5889] usb 1-1: device descriptor read/64, error -71 [ 1729.272584][ C1] vkms_vblank_simulate: vblank timer overrun [ 1729.295596][ T5889] usb usb1-port1: attempt power cycle [ 1729.646382][ T5889] usb 1-1: new low-speed USB device number 33 using dummy_hcd [ 1729.669984][ T5889] usb 1-1: device descriptor read/8, error -71 [ 1729.861174][T27538] Invalid ELF header magic: != ELF [ 1729.906405][ T5889] usb 1-1: new low-speed USB device number 34 using dummy_hcd [ 1729.927739][ T5889] usb 1-1: device descriptor read/8, error -71 [ 1730.037592][ T5889] usb usb1-port1: unable to enumerate USB device [ 1730.147760][ C1] vkms_vblank_simulate: vblank timer overrun [ 1730.799696][ C1] vkms_vblank_simulate: vblank timer overrun [ 1732.682361][T27157] hsr_slave_0: entered promiscuous mode [ 1732.684097][T27157] hsr_slave_1: entered promiscuous mode [ 1732.685163][T27157] debugfs: 'hsr0' already exists in 'hsr' [ 1732.685190][T27157] Cannot create hsr debugfs directory [ 1733.057417][T20316] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 1733.168315][ T5814] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1733.191878][ T5814] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1733.207973][T20316] usb 1-1: Using ep0 maxpacket: 8 [ 1733.222322][ T5814] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1733.233380][ T5814] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1733.234651][ T5814] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1733.281906][T20316] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1733.281940][T20316] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1733.281968][T20316] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024 [ 1733.281997][T20316] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 1733.282024][T20316] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1733.283707][T20316] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1733.283739][T20316] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1733.663662][T20316] usb 1-1: GET_CAPABILITIES returned 0 [ 1733.663715][T20316] usbtmc 1-1:16.0: can't read capabilities [ 1734.056460][T20316] usb 1-1: USB disconnect, device number 35 [ 1734.887153][T27563] Invalid ELF header magic: != ELF [ 1735.268572][T19059] Bluetooth: hci4: command tx timeout [ 1735.515318][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 1735.515390][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 1735.523403][ T5814] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1735.566975][T20316] usb 2-1: new low-speed USB device number 12 using dummy_hcd [ 1735.626630][ T5814] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1735.654608][ T5814] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1735.672266][ T5814] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1735.674372][ T5814] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1735.707258][T20316] usb 2-1: device descriptor read/64, error -71 [ 1735.946345][T20316] usb 2-1: new low-speed USB device number 13 using dummy_hcd [ 1736.246481][T20316] usb 2-1: device descriptor read/64, error -71 [ 1736.359826][T20316] usb usb2-port1: attempt power cycle [ 1736.708622][T20316] usb 2-1: new low-speed USB device number 14 using dummy_hcd [ 1736.784144][T20316] usb 2-1: device descriptor read/8, error -71 [ 1737.016427][T20316] usb 2-1: new low-speed USB device number 15 using dummy_hcd [ 1737.042875][T20316] usb 2-1: device descriptor read/8, error -71 [ 1737.186791][T20316] usb usb2-port1: unable to enumerate USB device [ 1737.486091][ T5814] Bluetooth: hci4: command tx timeout [ 1738.458880][ T5814] Bluetooth: hci6: command tx timeout [ 1739.093251][T19059] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1739.115459][T19059] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1739.125790][T19059] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1739.148847][T19059] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1739.149837][T19059] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1739.513420][T19059] Bluetooth: hci4: command tx timeout [ 1740.484295][T19059] Bluetooth: hci6: command tx timeout [ 1741.267780][T19059] Bluetooth: hci2: command tx timeout [ 1741.587550][ T5814] Bluetooth: hci4: command tx timeout [ 1742.546418][ T5814] Bluetooth: hci6: command tx timeout [ 1743.346835][ T5814] Bluetooth: hci2: command tx timeout [ 1744.628531][ T5814] Bluetooth: hci6: command tx timeout [ 1745.426649][ T5814] Bluetooth: hci2: command tx timeout [ 1747.506578][ T5814] Bluetooth: hci2: command tx timeout [ 1751.461852][T27553] chnl_net:caif_netlink_parms(): no params data found [ 1751.501714][T27568] chnl_net:caif_netlink_parms(): no params data found [ 1754.773417][T27584] chnl_net:caif_netlink_parms(): no params data found [ 1759.641325][T27553] bridge0: port 1(bridge_slave_0) entered blocking state [ 1759.654196][T27553] bridge0: port 1(bridge_slave_0) entered disabled state [ 1759.654498][T27553] bridge_slave_0: entered allmulticast mode [ 1759.691553][T27553] bridge_slave_0: entered promiscuous mode [ 1759.716639][T27568] bridge0: port 1(bridge_slave_0) entered blocking state [ 1759.716793][T27568] bridge0: port 1(bridge_slave_0) entered disabled state [ 1759.717080][T27568] bridge_slave_0: entered allmulticast mode [ 1759.720100][T27568] bridge_slave_0: entered promiscuous mode [ 1760.082274][T27553] bridge0: port 2(bridge_slave_1) entered blocking state [ 1760.082625][T27553] bridge0: port 2(bridge_slave_1) entered disabled state [ 1760.086566][T27553] bridge_slave_1: entered allmulticast mode [ 1760.106595][T27553] bridge_slave_1: entered promiscuous mode [ 1760.129645][T27568] bridge0: port 2(bridge_slave_1) entered blocking state [ 1760.129743][T27568] bridge0: port 2(bridge_slave_1) entered disabled state [ 1760.129980][T27568] bridge_slave_1: entered allmulticast mode [ 1760.158336][T27568] bridge_slave_1: entered promiscuous mode [ 1762.992098][ T37] audit: type=1326 audit(1763390590.742:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27687 comm="syz.1.8798" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7efd66a7f6c9 code=0x0 [ 1765.897090][T27709] Invalid ELF header magic: != ELF [ 1765.930602][T27553] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1765.989369][T27568] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1767.109242][T27707] mac80211_hwsim hwsim32 wlan1: entered allmulticast mode [ 1769.497706][T27553] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1769.529917][T27568] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1769.684058][T27584] bridge0: port 1(bridge_slave_0) entered blocking state [ 1769.684218][T27584] bridge0: port 1(bridge_slave_0) entered disabled state [ 1769.684515][T27584] bridge_slave_0: entered allmulticast mode [ 1769.751512][T27584] bridge_slave_0: entered promiscuous mode [ 1769.990030][T27727] ieee802154 phy0 wpan0: encryption failed: -22 [ 1778.205086][T27584] bridge0: port 2(bridge_slave_1) entered blocking state [ 1778.262376][T27584] bridge0: port 2(bridge_slave_1) entered disabled state [ 1778.286067][T27584] bridge_slave_1: entered allmulticast mode [ 1778.345381][T27584] bridge_slave_1: entered promiscuous mode [ 1780.706627][T27746] binder: 27741:27746 ioctl c0306201 0 returned -14 [ 1786.784909][ T37] audit: type=1326 audit(1763390614.532:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27760 comm="syz.0.8820" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f26fa72f6c9 code=0x0 [ 1789.382516][T27553] team0: Port device team_slave_0 added [ 1789.385445][T27568] team0: Port device team_slave_0 added [ 1791.425705][T27553] team0: Port device team_slave_1 added [ 1791.439368][T27568] team0: Port device team_slave_1 added [ 1792.025048][T27584] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1796.978326][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 1796.978412][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 1797.130261][T27584] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1801.995265][T19059] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1802.055279][T19059] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1802.137924][T27807] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1802.163273][T27807] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1802.164803][T27807] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1802.186493][T27807] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1802.187412][T27807] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1802.239802][T19059] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1802.438216][T19059] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1802.524249][T19059] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1802.557785][T27554] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1802.709325][ T5814] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1802.715266][ T5814] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1802.727168][ T5814] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1802.728047][ T5814] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1804.546405][T27554] Bluetooth: hci0: command tx timeout [ 1804.779227][T27554] Bluetooth: hci3: command tx timeout [ 1806.632824][T19059] Bluetooth: hci5: command tx timeout [ 1806.633390][T19059] Bluetooth: hci0: command tx timeout [ 1806.884396][T27554] Bluetooth: hci3: command tx timeout [ 1807.314490][T19059] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1807.369131][T19059] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1807.980290][T19059] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1808.107366][T19059] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1808.112561][T19059] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1808.708468][T19059] Bluetooth: hci0: command tx timeout [ 1808.708505][T19059] Bluetooth: hci5: command tx timeout [ 1808.946679][T27554] Bluetooth: hci3: command tx timeout [ 1810.385682][T27554] Bluetooth: hci4: command tx timeout [ 1810.786344][T27554] Bluetooth: hci5: command tx timeout [ 1810.786383][T27554] Bluetooth: hci0: command tx timeout [ 1811.026435][T19059] Bluetooth: hci3: command tx timeout [ 1812.657244][T19059] Bluetooth: hci4: command tx timeout [ 1813.506446][T19059] Bluetooth: hci5: command tx timeout [ 1814.706879][T19059] Bluetooth: hci4: command tx timeout [ 1816.807704][T19059] Bluetooth: hci4: command tx timeout [ 1831.869077][T27856] binder: BINDER_SET_CONTEXT_MGR already set [ 1831.869122][T27856] binder: 27853:27856 ioctl 4018620d 2000000002c0 returned -16 [ 1847.841982][T27801] chnl_net:caif_netlink_parms(): no params data found [ 1848.008013][T27820] chnl_net:caif_netlink_parms(): no params data found [ 1848.498251][T27808] chnl_net:caif_netlink_parms(): no params data found [ 1849.163875][T27903] atomic_op ffff888054e70a18 conn xmit_atomic 0000000000000000 [ 1854.393907][T27800] chnl_net:caif_netlink_parms(): no params data found [ 1858.447503][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 1858.447583][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 1858.577695][T27801] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wg1": -EINTR [ 1859.012857][T27820] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wg1": -EINTR [ 1865.348272][T27554] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1865.353507][T27554] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1865.357023][T27554] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1865.416588][T27554] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1865.436587][T27554] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1865.682107][ T5814] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1865.696968][ T5814] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1865.708805][ T5814] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1865.710107][ T5814] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1865.710967][ T5814] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1867.387516][T27807] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 1867.400642][T27807] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 1867.402345][T27807] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 1867.403740][T27807] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 1867.404672][T27807] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 1869.327527][T19059] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 1869.715248][T19059] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 1869.726817][T19059] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 1869.750632][T19059] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 1869.751537][T19059] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 1870.099742][T19059] Bluetooth: hci2: command tx timeout [ 1871.647195][T19059] Bluetooth: hci6: command tx timeout [ 1872.176380][T19059] Bluetooth: hci2: command tx timeout [ 1873.886263][ T5814] Bluetooth: hci6: command tx timeout [ 1874.066374][ T5814] Bluetooth: hci7: command tx timeout [ 1874.226408][ T5814] Bluetooth: hci2: command tx timeout [ 1874.717928][ T5814] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1875.240491][ T5814] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1875.335523][ T5814] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1875.360706][ T5814] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1875.361636][ T5814] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1875.906700][ T5814] Bluetooth: hci6: command tx timeout [ 1876.216373][ T5814] Bluetooth: hci7: command tx timeout [ 1876.316264][ T5814] Bluetooth: hci2: command tx timeout [ 1877.990575][ T5814] Bluetooth: hci6: command tx timeout [ 1878.467863][ T5814] Bluetooth: hci8: command tx timeout [ 1878.468212][ T5814] Bluetooth: hci4: command tx timeout [ 1878.468471][ T5814] Bluetooth: hci7: command tx timeout [ 1880.866292][ T5814] Bluetooth: hci4: command tx timeout [ 1880.866334][ T5814] Bluetooth: hci7: command tx timeout [ 1880.866359][ T5814] Bluetooth: hci8: command tx timeout [ 1882.966852][T19059] Bluetooth: hci8: command tx timeout [ 1882.966891][T19059] Bluetooth: hci4: command tx timeout [ 1885.026270][ T5814] Bluetooth: hci4: command tx timeout [ 1885.026308][ T5814] Bluetooth: hci8: command tx timeout [ 1914.840902][T27921] chnl_net:caif_netlink_parms(): no params data found [ 1916.164972][T27918] chnl_net:caif_netlink_parms(): no params data found [ 1919.841139][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 1919.841217][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 1923.995626][ T5814] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1925.001533][ T5814] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1925.015173][ T5814] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1925.045294][ T5814] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1925.058809][ T5814] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1925.967643][T27807] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1925.996596][T27807] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1925.998101][T27807] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1926.012336][T27807] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1926.013238][T27807] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1927.835771][T27554] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1927.857922][T27554] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1927.859324][T27554] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1927.862293][T27554] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1927.947560][T27554] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1931.827843][T19059] Bluetooth: hci0: command tx timeout [ 1933.408310][ T5814] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 1933.649201][ T5814] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 1933.798654][ T5814] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 1933.821779][ T5814] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 1933.822688][ T5814] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 1934.055051][T27807] Bluetooth: hci0: command tx timeout [ 1935.536233][T27807] Bluetooth: hci3: command tx timeout [ 1935.536874][T27807] Bluetooth: hci5: command tx timeout [ 1936.196293][T19059] Bluetooth: hci0: command tx timeout [ 1937.224642][ T5814] Bluetooth: hci9: command tx timeout [ 1937.700789][ T5814] Bluetooth: hci3: command tx timeout [ 1938.316500][T19059] Bluetooth: hci5: command tx timeout [ 1938.316547][T19059] Bluetooth: hci0: command tx timeout [ 1939.329949][ T5814] Bluetooth: hci9: command tx timeout [ 1939.936224][ T5814] Bluetooth: hci3: command tx timeout [ 1940.067933][T27807] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1940.072945][T27807] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1940.096539][T27807] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1940.157149][T27807] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1940.157985][T27807] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1940.386343][ T5814] Bluetooth: hci5: command tx timeout [ 1941.346649][T27807] Bluetooth: hci9: command tx timeout [ 1941.986601][T27807] Bluetooth: hci3: command tx timeout [ 1942.626292][T27807] Bluetooth: hci2: command tx timeout [ 1942.626867][T27807] Bluetooth: hci5: command tx timeout [ 1943.643801][ T5814] Bluetooth: hci9: command tx timeout [ 1944.708051][ T5814] Bluetooth: hci2: command tx timeout [ 1947.196315][ T5814] Bluetooth: hci2: command tx timeout [ 1949.266582][ T5814] Bluetooth: hci2: command tx timeout [ 1956.947187][ T38] INFO: task kworker/u8:1:13 blocked for more than 143 seconds. [ 1956.947231][ T38] Not tainted syzkaller #0 [ 1956.947244][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1956.947255][ T38] task:kworker/u8:1 state:D stack:19320 pid:13 tgid:13 ppid:2 task_flags:0x4208160 flags:0x00080000 [ 1956.947328][ T38] Workqueue: events_unbound bpf_map_free_deferred [ 1956.947371][ T38] Call Trace: [ 1956.947382][ T38] [ 1956.947399][ T38] __schedule+0x16f3/0x4c20 [ 1956.947450][ T38] ? __init_swait_queue_head+0xa9/0x150 [ 1956.947502][ T38] ? __pfx___schedule+0x10/0x10 [ 1956.947555][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 1956.947592][ T38] rt_mutex_schedule+0x77/0xf0 [ 1956.947614][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 1956.947648][ T38] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 1956.947695][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 1956.947725][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 1956.947754][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 1956.947779][ T38] ? __lock_acquire+0xab9/0xd20 [ 1956.947822][ T38] ? rcu_barrier+0x4c/0x570 [ 1956.947862][ T38] ? rcu_barrier+0x4c/0x570 [ 1956.947883][ T38] mutex_lock_nested+0x16a/0x1d0 [ 1956.947908][ T38] ? synchronize_rcu+0x11a/0x310 [ 1956.947935][ T38] rcu_barrier+0x4c/0x570 [ 1956.947965][ T38] ? rt_spin_unlock+0x161/0x200 [ 1956.947995][ T38] dev_map_free+0x11f/0x6a0 [ 1956.948025][ T38] ? kfree+0x51/0x950 [ 1956.948050][ T38] ? bpf_map_free+0x86/0x3f0 [ 1956.948084][ T38] bpf_map_free+0x19b/0x3f0 [ 1956.948115][ T38] ? process_scheduled_works+0x9ef/0x17b0 [ 1956.948145][ T38] process_scheduled_works+0xae1/0x17b0 [ 1956.948207][ T38] ? __pfx_process_scheduled_works+0x10/0x10 [ 1956.948255][ T38] worker_thread+0x8a0/0xda0 [ 1956.948315][ T38] kthread+0x711/0x8a0 [ 1956.948354][ T38] ? __pfx_worker_thread+0x10/0x10 [ 1956.948382][ T38] ? __pfx_kthread+0x10/0x10 [ 1956.948415][ T38] ? rt_spin_unlock+0x150/0x200 [ 1956.948447][ T38] ? rt_spin_unlock+0x161/0x200 [ 1956.948472][ T38] ? __pfx_kthread+0x10/0x10 [ 1956.948508][ T38] ret_from_fork+0x4bc/0x870 [ 1956.948539][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 1956.948575][ T38] ? __switch_to_asm+0x39/0x70 [ 1956.948598][ T38] ? __switch_to_asm+0x33/0x70 [ 1956.948619][ T38] ? __pfx_kthread+0x10/0x10 [ 1956.948662][ T38] ret_from_fork_asm+0x1a/0x30 [ 1956.948705][ T38] [ 1956.948882][ T38] INFO: task syz-executor:25417 blocked for more than 143 seconds. [ 1956.948899][ T38] Not tainted syzkaller #0 [ 1956.948910][ T38] Blocked by coredump. [ 1956.948917][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1956.948928][ T38] task:syz-executor state:D stack:20752 pid:25417 tgid:25417 ppid:1 task_flags:0x40054c flags:0x00080003 [ 1956.948989][ T38] Call Trace: [ 1956.948997][ T38] [ 1956.949011][ T38] __schedule+0x16f3/0x4c20 [ 1956.949072][ T38] ? __pfx___schedule+0x10/0x10 [ 1956.949124][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 1956.949161][ T38] rt_mutex_schedule+0x77/0xf0 [ 1956.949183][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 1956.949210][ T38] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 1956.949258][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 1956.949288][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 1956.949315][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 1956.949341][ T38] ? __lock_acquire+0xab9/0xd20 [ 1956.949384][ T38] ? rcu_barrier+0x4c/0x570 [ 1956.949423][ T38] ? rcu_barrier+0x4c/0x570 [ 1956.949445][ T38] mutex_lock_nested+0x16a/0x1d0 [ 1956.949469][ T38] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 1956.949499][ T38] ? __pfx_tun_chr_close+0x10/0x10 [ 1956.949529][ T38] rcu_barrier+0x4c/0x570 [ 1956.949557][ T38] ? __pfx_tun_chr_close+0x10/0x10 [ 1956.949586][ T38] ? __pfx_tun_chr_close+0x10/0x10 [ 1956.949616][ T38] netdev_run_todo+0x327/0xea0 [ 1956.949657][ T38] ? __pfx_netif_state_change+0x10/0x10 [ 1956.949694][ T38] ? __pfx_netdev_run_todo+0x10/0x10 [ 1956.949723][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 1956.949768][ T38] ? netdev_state_change+0x1ca/0x220 [ 1956.949795][ T38] ? __pfx_tun_chr_close+0x10/0x10 [ 1956.949825][ T38] tun_chr_close+0x13f/0x1c0 [ 1956.949856][ T38] __fput+0x45b/0xa80 [ 1956.949893][ T38] task_work_run+0x1d4/0x260 [ 1956.949919][ T38] ? __pfx_task_work_run+0x10/0x10 [ 1956.949942][ T38] ? do_exit+0x6b0/0x2300 [ 1956.949996][ T38] ? do_exit+0x6b0/0x2300 [ 1956.950037][ T38] do_exit+0x6b5/0x2300 [ 1956.950073][ T38] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1956.950122][ T38] ? __pfx_do_exit+0x10/0x10 [ 1956.950154][ T38] ? rt_mutex_slowunlock+0x493/0x8a0 [ 1956.950182][ T38] ? rt_spin_lock+0x1c1/0x3e0 [ 1956.950226][ T38] do_group_exit+0x21c/0x2d0 [ 1956.950248][ T38] ? rt_spin_unlock+0x161/0x200 [ 1956.950280][ T38] get_signal+0x125d/0x1310 [ 1956.950336][ T38] arch_do_signal_or_restart+0xa0/0x790 [ 1956.950366][ T38] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1956.950413][ T38] ? exit_to_user_mode_loop+0x40/0x130 [ 1956.950450][ T38] exit_to_user_mode_loop+0x72/0x130 [ 1956.950482][ T38] do_syscall_64+0x2bd/0xfa0 [ 1956.950518][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1956.950542][ T38] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1956.950566][ T38] ? clear_bhb_loop+0x60/0xb0 [ 1956.950595][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1956.950619][ T38] RIP: 0033:0x7efd66a7e0dc [ 1956.950646][ T38] RSP: 002b:00007ffcce649b90 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1956.950670][ T38] RAX: fffffffffffffe00 RBX: 0000000000000003 RCX: 00007efd66a7e0dc [ 1956.950687][ T38] RDX: 0000000000000030 RSI: 00007ffcce649c50 RDI: 00000000000000f9 [ 1956.950702][ T38] RBP: 00007ffcce649bfc R08: 0000000000000000 R09: 00007ffcce649907 [ 1956.950718][ T38] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000089 [ 1956.950732][ T38] R13: 0000555575da9590 R14: 00000000001b2bfa R15: 00007ffcce649c50 [ 1956.950771][ T38] [ 1956.950802][ T38] INFO: task syz-executor:27553 blocked for more than 143 seconds. [ 1956.950818][ T38] Not tainted syzkaller #0 [ 1956.950830][ T38] Blocked by coredump. [ 1956.950837][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1956.950848][ T38] task:syz-executor state:D stack:17496 pid:27553 tgid:27553 ppid:1 task_flags:0x40054c flags:0x00080003 [ 1956.950906][ T38] Call Trace: [ 1956.950913][ T38] [ 1956.950927][ T38] __schedule+0x16f3/0x4c20 [ 1956.950989][ T38] ? __pfx___schedule+0x10/0x10 [ 1956.951045][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 1956.951094][ T38] rt_mutex_schedule+0x77/0xf0 [ 1956.951116][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 1956.951144][ T38] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 1956.951190][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 1956.951221][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 1956.951249][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 1956.951274][ T38] ? __lock_acquire+0xab9/0xd20 [ 1956.951317][ T38] ? rcu_barrier+0x4c/0x570 [ 1956.951357][ T38] ? rcu_barrier+0x4c/0x570 [ 1956.951378][ T38] mutex_lock_nested+0x16a/0x1d0 [ 1956.951403][ T38] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 1956.951432][ T38] ? __pfx_tun_chr_close+0x10/0x10 [ 1956.951462][ T38] rcu_barrier+0x4c/0x570 [ 1956.951490][ T38] ? __pfx_tun_chr_close+0x10/0x10 [ 1956.951520][ T38] ? __pfx_tun_chr_close+0x10/0x10 [ 1956.951550][ T38] netdev_run_todo+0x327/0xea0 [ 1956.951583][ T38] ? __pfx_netif_state_change+0x10/0x10 [ 1956.951619][ T38] ? __pfx_netdev_run_todo+0x10/0x10 [ 1956.951654][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 1956.951697][ T38] ? netdev_state_change+0x1ca/0x220 [ 1956.951723][ T38] ? __pfx_tun_chr_close+0x10/0x10 [ 1956.951752][ T38] tun_chr_close+0x13f/0x1c0 [ 1956.951783][ T38] __fput+0x45b/0xa80 [ 1956.951819][ T38] task_work_run+0x1d4/0x260 [ 1956.951845][ T38] ? __pfx_task_work_run+0x10/0x10 [ 1956.951867][ T38] ? do_exit+0x6b0/0x2300 [ 1956.951901][ T38] ? do_exit+0x6b0/0x2300 [ 1956.951940][ T38] do_exit+0x6b5/0x2300 [ 1956.951973][ T38] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1956.952020][ T38] ? __pfx_do_exit+0x10/0x10 [ 1956.952051][ T38] ? rt_mutex_slowunlock+0x493/0x8a0 [ 1956.952078][ T38] ? rt_spin_lock+0x1c1/0x3e0 [ 1956.952121][ T38] do_group_exit+0x21c/0x2d0 [ 1956.952142][ T38] ? rt_spin_unlock+0x161/0x200 [ 1956.952173][ T38] get_signal+0x125d/0x1310 [ 1956.952225][ T38] arch_do_signal_or_restart+0xa0/0x790 [ 1956.952254][ T38] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1956.952299][ T38] ? exit_to_user_mode_loop+0x40/0x130 [ 1956.952334][ T38] exit_to_user_mode_loop+0x72/0x130 [ 1956.952365][ T38] do_syscall_64+0x2bd/0xfa0 [ 1956.952402][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1956.952424][ T38] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 1956.952446][ T38] ? clear_bhb_loop+0x60/0xb0 [ 1956.952474][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1956.952496][ T38] RIP: 0033:0x7fe2a900155c [ 1956.952514][ T38] RSP: 002b:00007ffc68287d80 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 1956.952536][ T38] RAX: 000000000000006c RBX: 00007fe2a9d84620 RCX: 00007fe2a900155c [ 1956.952552][ T38] RDX: 000000000000006c RSI: 00007fe2a9d84670 RDI: 0000000000000003 [ 1956.952566][ T38] RBP: 0000000000000000 R08: 00007ffc68287dd4 R09: 000000000000000c [ 1956.952581][ T38] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 1956.952595][ T38] R13: 0000000000000000 R14: 00007fe2a9d84670 R15: 0000000000000000 [ 1956.952631][ T38] [ 1956.952656][ T38] INFO: task kworker/u8:19:27793 blocked for more than 143 seconds. [ 1956.952671][ T38] Not tainted syzkaller #0 [ 1956.952682][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1956.952692][ T38] task:kworker/u8:19 state:D stack:21752 pid:27793 tgid:27793 ppid:2 task_flags:0x4208060 flags:0x00080000 [ 1956.952756][ T38] Workqueue: events_unbound bpf_map_free_deferred [ 1956.952785][ T38] Call Trace: [ 1956.952792][ T38] [ 1956.952807][ T38] __schedule+0x16f3/0x4c20 [ 1956.952851][ T38] ? __init_swait_queue_head+0xa9/0x150 [ 1956.952890][ T38] ? __pfx___schedule+0x10/0x10 [ 1956.952942][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 1956.952978][ T38] rt_mutex_schedule+0x77/0xf0 [ 1956.953000][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 1956.953027][ T38] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 1956.953074][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 1956.953104][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 1956.953133][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 1956.953158][ T38] ? __lock_acquire+0xab9/0xd20 [ 1956.953202][ T38] ? rcu_barrier+0x4c/0x570 [ 1956.953240][ T38] ? rcu_barrier+0x4c/0x570 [ 1956.953262][ T38] mutex_lock_nested+0x16a/0x1d0 [ 1956.953288][ T38] ? synchronize_rcu+0x11a/0x310 [ 1956.953315][ T38] rcu_barrier+0x4c/0x570 [ 1956.953344][ T38] ? rt_spin_unlock+0x161/0x200 [ 1956.953415][ T38] dev_map_free+0x11f/0x6a0 [ 1956.953446][ T38] ? kfree+0x51/0x950 [ 1956.953471][ T38] ? bpf_map_free+0x86/0x3f0 [ 1956.953517][ T38] bpf_map_free+0x19b/0x3f0 [ 1956.953548][ T38] ? process_scheduled_works+0x9ef/0x17b0 [ 1956.953579][ T38] process_scheduled_works+0xae1/0x17b0 [ 1956.953650][ T38] ? __pfx_process_scheduled_works+0x10/0x10 [ 1956.953699][ T38] worker_thread+0x8a0/0xda0 [ 1956.953731][ T38] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1956.953776][ T38] ? __kthread_parkme+0x7b/0x200 [ 1956.953838][ T38] kthread+0x711/0x8a0 [ 1956.953878][ T38] ? __pfx_worker_thread+0x10/0x10 [ 1956.953908][ T38] ? __pfx_kthread+0x10/0x10 [ 1956.953939][ T38] ? rt_spin_unlock+0x150/0x200 [ 1956.953972][ T38] ? rt_spin_unlock+0x161/0x200 [ 1956.953998][ T38] ? __pfx_kthread+0x10/0x10 [ 1956.954034][ T38] ret_from_fork+0x4bc/0x870 [ 1956.954065][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 1956.954103][ T38] ? __switch_to_asm+0x39/0x70 [ 1956.954126][ T38] ? __switch_to_asm+0x33/0x70 [ 1956.954148][ T38] ? __pfx_kthread+0x10/0x10 [ 1956.954184][ T38] ret_from_fork_asm+0x1a/0x30 [ 1956.954229][ T38] [ 1956.954273][ T38] [ 1956.954273][ T38] Showing all locks held in the system: [ 1956.954289][ T38] 3 locks held by kworker/u8:1/13: [ 1956.954303][ T38] #0: ffff88813ff69938 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 1956.954371][ T38] #1: ffffc90000127ba0 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 1956.954432][ T38] #2: ffffffff8d5b0230 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 1956.954489][ T38] 4 locks held by ktimers/0/16: [ 1956.954503][ T38] 3 locks held by rcuc/0/20: [ 1956.954517][ T38] 4 locks held by ksoftirqd/1/30: [ 1956.954531][ T38] 1 lock held by khungtaskd/38: [ 1956.954543][ T38] #0: ffffffff8d5aa880 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 1956.954622][ T38] 1 lock held by dhcpcd/5463: [ 1956.954641][ T38] #0: ffffffff8e8635b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 1956.954707][ T38] 2 locks held by getty/5560: [ 1956.954720][ T38] #0: ffff88823bf608a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 1956.954778][ T38] #1: ffffc90003e8b2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1400 [ 1956.954845][ T38] 5 locks held by kworker/u8:5/10167: [ 1956.954858][ T38] #0: ffff888019ad4938 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 1956.954918][ T38] #1: ffffc9001cdd7ba0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 1957.866314][ T38] #2: ffffffff8e8566a0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x820 [ 1957.866375][ T38] #3: ffff8880333ad7b8 (&wg->device_update_lock){+.+.}-{4:4}, at: wg_destruct+0x116/0x2f0 [ 1957.866429][ T38] #4: ffffffff8d5b0230 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 1957.866489][ T38] 2 locks held by kworker/0:0/12406: [ 1957.866509][ T38] 2 locks held by kworker/u8:8/16795: [ 1957.866522][ T38] #0: ffff888140fd2138 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 1957.866590][ T38] #1: ffffc900052dfba0 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 1957.866651][ T38] 3 locks held by kworker/u8:15/20331: [ 1957.866664][ T38] #0: ffff88814cc63938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 1957.866724][ T38] #1: ffffc90003dd7ba0 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 1957.866785][ T38] #2: ffffffff8e8635b8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0x119/0x15a0 [ 1957.866840][ T38] 1 lock held by syz-executor/25417: [ 1957.866854][ T38] #0: ffffffff8d5b0230 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 1957.866915][ T38] 1 lock held by syz-executor/27553: [ 1957.866928][ T38] #0: ffffffff8d5b0230 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 1957.866983][ T38] 1 lock held by syz-executor/27568: [ 1957.866996][ T38] #0: ffffffff8d5b0230 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 1957.867051][ T38] 1 lock held by syz-executor/27584: [ 1957.867064][ T38] #0: ffffffff8d5b0230 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 1957.867121][ T38] 3 locks held by kworker/u8:17/27758: [ 1957.867134][ T38] #0: ffff88813ff69938 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 1957.867200][ T38] #1: ffffc900052cfba0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 1957.867260][ T38] #2: ffffffff8e8635b8 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 1957.867321][ T38] 3 locks held by kworker/u8:19/27793: [ 1957.867334][ T38] #0: ffff88813ff69938 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 1957.867400][ T38] #1: ffffc90004c8fba0 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 1957.867461][ T38] #2: ffffffff8d5b0230 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 1957.867516][ T38] 1 lock held by syz-executor/27800: [ 1957.867529][ T38] #0: ffffffff8d5b0230 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 1957.867590][ T38] 1 lock held by syz-executor/27801: [ 1957.867603][ T38] #0: ffffffff8d5b0230 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 1957.867659][ T38] 1 lock held by syz-executor/27808: [ 1957.867672][ T38] #0: ffffffff8d5b0230 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 1957.867727][ T38] 1 lock held by syz-executor/27820: [ 1957.867740][ T38] #0: ffffffff8d5b0230 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 1957.867798][ T38] 1 lock held by syz.0.8842/27904: [ 1957.867811][ T38] #0: ffffffff8d5b0230 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 1957.867867][ T38] 1 lock held by syz-executor/27918: [ 1957.867880][ T38] #0: ffffffff8e8635b8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 1957.867940][ T38] 1 lock held by syz-executor/27921: [ 1957.867953][ T38] #0: ffffffff8d5b0230 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 1957.868008][ T38] 1 lock held by syz-executor/27926: [ 1957.868022][ T38] #0: ffffffff8e8635b8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 1957.868081][ T38] 1 lock held by syz-executor/27932: [ 1957.868094][ T38] #0: ffffffff8e8635b8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 1957.868154][ T38] 1 lock held by syz-executor/27940: [ 1957.868167][ T38] #0: ffffffff8e8635b8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 1957.868229][ T38] 2 locks held by syz-executor/27968: [ 1957.868242][ T38] #0: ffffffff8e8566a0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x337/0x4e0 [ 1957.868295][ T38] #1: ffffffff8e8635b8 (rtnl_mutex){+.+.}-{4:4}, at: register_netdev+0x18/0x60 [ 1957.868355][ T38] 2 locks held by syz-executor/27971: [ 1957.868368][ T38] #0: ffffffff8e8566a0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x337/0x4e0 [ 1957.868419][ T38] #1: ffffffff8e8635b8 (rtnl_mutex){+.+.}-{4:4}, at: ip_tunnel_init_net+0x2ab/0x800 [ 1957.868487][ T38] 2 locks held by syz-executor/27977: [ 1957.868501][ T38] #0: ffffffff8e8566a0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x337/0x4e0 [ 1957.868558][ T38] #1: ffffffff8e8635b8 (rtnl_mutex){+.+.}-{4:4}, at: register_netdev+0x18/0x60 [ 1957.868618][ T38] 1 lock held by syz-executor/27985: [ 1957.868632][ T38] #0: ffffffff8e8635b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8e9/0x1c80 [ 1957.868685][ T38] 1 lock held by syz-executor/27988: [ 1957.868698][ T38] #0: ffffffff8e8635b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 1957.868764][ T38] [ 1957.868770][ T38] ============================================= [ 1957.868770][ T38] [ 1957.868781][ T38] NMI backtrace for cpu 1 [ 1957.868820][ T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1957.868846][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1957.868859][ T38] Call Trace: [ 1957.868868][ T38] [ 1957.868880][ T38] dump_stack_lvl+0x189/0x250 [ 1957.868920][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1957.868955][ T38] ? __pfx__printk+0x10/0x10 [ 1957.868999][ T38] nmi_cpu_backtrace+0x39e/0x3d0 [ 1957.869031][ T38] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 1957.869061][ T38] ? __pfx__printk+0x10/0x10 [ 1957.869094][ T38] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1957.869123][ T38] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 1957.869154][ T38] watchdog+0xf60/0xfa0 [ 1957.869193][ T38] ? watchdog+0x1e2/0xfa0 [ 1957.869233][ T38] kthread+0x711/0x8a0 [ 1957.869273][ T38] ? __pfx_watchdog+0x10/0x10 [ 1957.869306][ T38] ? __pfx_kthread+0x10/0x10 [ 1957.869337][ T38] ? rt_spin_unlock+0x150/0x200 [ 1957.869370][ T38] ? rt_spin_unlock+0x161/0x200 [ 1957.869394][ T38] ? __pfx_kthread+0x10/0x10 [ 1957.869431][ T38] ret_from_fork+0x4bc/0x870 [ 1957.869462][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 1957.869499][ T38] ? __switch_to_asm+0x39/0x70 [ 1957.869520][ T38] ? __switch_to_asm+0x33/0x70 [ 1957.869547][ T38] ? __pfx_kthread+0x10/0x10 [ 1957.869585][ T38] ret_from_fork_asm+0x1a/0x30 [ 1957.869628][ T38] [ 1957.869636][ T38] Sending NMI from CPU 1 to CPUs 0: [ 1957.869664][ C0] NMI backtrace for cpu 0 [ 1957.869686][ C0] CPU: 0 UID: 0 PID: 20 Comm: rcuc/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 1957.869707][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1957.869718][ C0] RIP: 0010:check_preemption_disabled+0x59/0x120 [ 1957.869740][ C0] Code: 8b 0d ab f4 e1 06 48 3b 4c 24 08 0f 85 cc 00 00 00 48 83 c4 10 5b 41 5e 41 5f 5d e9 d1 a3 03 00 cc 48 c7 04 24 00 00 00 00 9c <8f> 04 24 f7 04 24 00 02 00 00 74 c8 65 4c 8b 3c 25 08 90 a2 91 41 [ 1957.869757][ C0] RSP: 0018:ffffc900001968d0 EFLAGS: 00000046 [ 1957.869773][ C0] RAX: 0000000000000000 RBX: 0000000000000206 RCX: 0000000080000000 [ 1957.869785][ C0] RDX: 0000000000000000 RSI: ffffffff8cda1fca RDI: ffffffff8b3ddde0 [ 1957.869799][ C0] RBP: 0000000000000003 R08: 0000000000000000 R09: ffffffff8ac2cb41 [ 1957.869811][ C0] R10: 0000000000000000 R11: fffffbfff1dac7cf R12: 1ffff110036dcbd0 [ 1957.869824][ C0] R13: ffffffff8ac2d6a0 R14: ffffffff8d5aa880 R15: ffff88801b6e5a00 [ 1957.869839][ C0] FS: 0000000000000000(0000) GS:ffff888126df7000(0000) knlGS:0000000000000000 [ 1957.869854][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1957.869866][ C0] CR2: 00007fd2512e5000 CR3: 000000000d3a6000 CR4: 00000000003526f0 [ 1957.869883][ C0] Call Trace: [ 1957.869890][ C0] [ 1957.869900][ C0] lock_release+0xbc/0x3e0 [ 1957.869930][ C0] rt_spin_unlock+0x15c/0x200 [ 1957.869954][ C0] ___slab_alloc+0x87a/0x1400 [ 1957.869973][ C0] ? kasan_save_track+0x3e/0x80 [ 1957.869995][ C0] ? __kasan_slab_free+0x5c/0x80 [ 1957.870020][ C0] ? nft_synproxy_eval_v4+0x376/0x560 [ 1957.870047][ C0] ? nft_synproxy_do_eval+0x345/0x570 [ 1957.870073][ C0] ? nft_do_chain+0x40c/0x1920 [ 1957.870097][ C0] ? nft_do_chain_inet+0x25d/0x340 [ 1957.870122][ C0] ? __alloc_skb+0x112/0x2d0 [ 1957.870140][ C0] ? __netif_receive_skb+0x143/0x380 [ 1957.870170][ C0] __slab_alloc+0xc6/0x1f0 [ 1957.870187][ C0] ? __alloc_skb+0x112/0x2d0 [ 1957.870205][ C0] ? __alloc_skb+0x112/0x2d0 [ 1957.870223][ C0] kmem_cache_alloc_node_noprof+0x1ac/0x6e0 [ 1957.870246][ C0] ? __alloc_skb+0x112/0x2d0 [ 1957.870269][ C0] __alloc_skb+0x112/0x2d0 [ 1957.870296][ C0] synproxy_send_client_synack+0x16c/0xe20 [ 1957.870327][ C0] ? __pfx_synproxy_send_client_synack+0x10/0x10 [ 1957.870349][ C0] ? nft_fib_reduce+0x130/0x640 [ 1957.870372][ C0] ? synproxy_pernet+0x45/0x270 [ 1957.870402][ C0] nft_synproxy_eval_v4+0x36e/0x560 [ 1957.870433][ C0] ? __pfx_nft_synproxy_eval_v4+0x10/0x10 [ 1957.870462][ C0] ? nf_ip_checksum+0x13c/0x510 [ 1957.870490][ C0] nft_synproxy_do_eval+0x345/0x570 [ 1957.870516][ C0] ? __lock_acquire+0xab9/0xd20 [ 1957.870546][ C0] ? __pfx_nft_synproxy_do_eval+0x10/0x10 [ 1957.870583][ C0] nft_do_chain+0x40c/0x1920 [ 1957.870607][ C0] ? finish_task_switch+0x266/0x950 [ 1957.870644][ C0] ? __pfx_nft_do_chain+0x10/0x10 [ 1957.870693][ C0] nft_do_chain_inet+0x25d/0x340