last executing test programs: 19.739095882s ago: executing program 1 (id=55): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="9f01000083667d1040206402d14e0102030109021b000100000000090400000190f19c000905f3ed"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000600)={0x84, &(0x7f0000000940)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 16.90841545s ago: executing program 1 (id=61): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmmsg$sock(r0, &(0x7f0000003d80)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000840)}}, {{0x0, 0x0, 0x0}}], 0x2, 0x44080) 15.868327498s ago: executing program 1 (id=67): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="100000000400000008"], 0x50) 15.439350428s ago: executing program 2 (id=69): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000100)=0x1d11, 0x5e) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000340)=[@sack_perm, @window={0x3, 0x6, 0x7}, @mss={0x2, 0x7}, @window={0x3, 0x0, 0x4}, @window={0x3, 0x8, 0x6}, @timestamp, @window={0x3, 0xfffe}, @sack_perm], 0x200000000000005e) sendto$inet(r0, &(0x7f00000001c0)="d33dd4edc9ee576551234edcd9c29e0ee1279915798e9582c47ff13db3480d1d12e0c612b6a118659521a5d8a3bc97124d4de8142d460882eda76c06e5de9ec5f0738421c9773b0cf4b830ded053f724", 0x50, 0x8011, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000), 0x4) sendto$inet(r0, &(0x7f00000004c0)='<', 0x381, 0x805, 0x0, 0x0) 15.332408858s ago: executing program 1 (id=71): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa1", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c30000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000440)='kfree\x00', r1}, 0x18) umount2(&(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0x2) 14.695467567s ago: executing program 1 (id=72): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000182000/0x18000)=nil, &(0x7f0000000040)=[@textreal={0x8, 0x0}], 0x1, 0x43, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f00003e1000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, 0x0}], 0x1, 0x40, 0x0, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r2, 0x0) 14.656924354s ago: executing program 2 (id=73): openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2) openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000040), 0x8002) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0xc36e5000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) msync(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x6) unshare(0x22020600) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r3, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000100), 0x4) setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f0000000180)=@gcm_128={{0x304}, "345aa3593519c7e1", "e8a1056a7c356ba2b862ef93136b1587", "28bc90f4", "790f59276094db31"}, 0x28) sendto$inet6(r3, &(0x7f0000000340)="d1", 0x1, 0x8000, 0x0, 0x0) listen(0xffffffffffffffff, 0x0) r4 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r4, &(0x7f0000000280)=[{0x0}], 0x1) syz_genetlink_get_family_id$l2tp(0x0, r4) syz_open_procfs$namespace(r0, &(0x7f0000000400)='ns/ipc\x00') write$binfmt_aout(r3, 0x0, 0xfdef) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(0xffffffffffffffff, 0x40045542, &(0x7f0000000300)=0x1) 13.965030878s ago: executing program 1 (id=76): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0) listen(r1, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) accept4$rose(r1, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl(r0, 0x8b32, &(0x7f0000000040)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x0, &(0x7f0000000080)}) bpf$MAP_CREATE(0x0, 0x0, 0x0) setgroups(0x4, &(0x7f0000000400)=[0x0, 0x0, 0x0, 0x0]) 8.568186286s ago: executing program 2 (id=87): r0 = landlock_create_ruleset(&(0x7f0000000140)={0x4000}, 0x18, 0x0) landlock_restrict_self(r0, 0x0) r1 = getpgid(0x0) syz_pidfd_open(r1, 0x0) 7.684482013s ago: executing program 4 (id=91): r0 = io_uring_setup(0x178e, &(0x7f0000000140)={0x0, 0x52c1, 0x8, 0xfffffffe, 0xa}) syz_usb_connect(0x2, 0x2d, &(0x7f0000000240)=ANY=[@ANYBLOB="120100000c9768405e0483020b9901e4020109021b000100000000090400fb0160291d0009"], 0x0) syz_open_dev$audion(&(0x7f0000000000), 0x3, 0x1) close_range(r0, 0xffffffffffffffff, 0x0) 7.468437674s ago: executing program 2 (id=92): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f0000000180)) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000640)={'wlan0\x00'}) r1 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r1, &(0x7f0000000080)={&(0x7f00000001c0)={0x2, 0x0, @local}, 0x10, 0x0, 0xfffffffffffffdac}, 0x1000c041) syz_emit_ethernet(0x33, &(0x7f0000000000)={@random="e90c610faca2", @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x25, 0x0, 0xe000, 0x3, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0x11, 0x0, @opaque="24dc6170e1e0318539"}}}}}, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x22) rmdir(&(0x7f0000000080)='./cgroup/../file0\x00') r2 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r2, 0x6, 0x0, 0x0, 0x0) r3 = fsmount(r2, 0x0, 0xc) r4 = openat$cgroup_subtree(r3, &(0x7f0000000100), 0x2, 0x0) write$cgroup_subtree(r4, &(0x7f0000000980)={[{0x2d, 'pids'}]}, 0x1f) 5.398600414s ago: executing program 4 (id=96): r0 = socket$kcm(0x29, 0x2, 0x0) ppoll(&(0x7f0000000640)=[{r0}], 0x1, 0x0, 0x0, 0x0) sendmsg$kcm(r0, 0x0, 0x20000818) 4.149480506s ago: executing program 0 (id=101): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmmsg$sock(r0, &(0x7f0000003d80)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000840)}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)}}], 0x2, 0x44080) 3.747667195s ago: executing program 4 (id=102): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f00000004c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_DISABLE_BEARER(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000500)={0x2c, r1, 0x1, 0x70bd2a, 0x25dfdbfe, {{}, {}, {0x10, 0x13, @udp='udp:syz2\x00'}}}, 0x2c}, 0x1, 0x0, 0x0, 0x4000084}, 0x2000000) 3.701880814s ago: executing program 3 (id=103): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETFLOWTABLE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="2c000000170a01080000000000000000020000000900010073797a3000000000090002"], 0x2c}, 0x1, 0x0, 0x0, 0x4080}, 0x0) 3.516368556s ago: executing program 0 (id=104): socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x20, 0x0, 0x0) syslog(0xa, 0x0, 0x0) syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r0, 0xc0145b0e, 0x0) 3.241331949s ago: executing program 3 (id=105): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x74, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2, 0x0, 0xffff}, [@NFTA_RULE_EXPRESSIONS={0x48, 0x4, 0x0, 0x1, [{0x44, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0x13}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x1}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}, @NFTA_EXTHDR_OP={0x8, 0x6, 0x1, 0x0, 0x4}, @NFTA_EXTHDR_OFFSET={0x8, 0x3, 0x1, 0x0, 0xf5}, @NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0x7}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x9c}}, 0x0) 3.140084126s ago: executing program 4 (id=106): r0 = io_uring_setup(0x178e, &(0x7f0000000140)={0x0, 0x52c1, 0x8, 0xfffffffe, 0xa}) syz_usb_connect(0x2, 0x2d, &(0x7f0000000240)=ANY=[@ANYBLOB="120100000c9768405e0483020b9901e4020109021b000100000000090400fb0160291d0009"], 0x0) syz_open_dev$audion(&(0x7f0000000000), 0x3, 0x1) close_range(r0, 0xffffffffffffffff, 0x0) 2.789707087s ago: executing program 3 (id=107): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r0, 0x9) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, 0x0, 0x20000000) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r2, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000800}, 0x54) 2.077304548s ago: executing program 2 (id=108): bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x27, 0x0, 0x0) setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2e, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_DEVICE_ATTR(r2, 0xc080aebe, &(0x7f0000000140)=@attr_other={0x0, 0x0, 0x8, 0x0}) 1.759919626s ago: executing program 3 (id=109): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000840)=@newsa={0x13c, 0x10, 0x713, 0x0, 0x25dfdbfc, {{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, @in6=@local}, {@in=@dev={0xac, 0x14, 0x14, 0x17}, 0x4d5, 0x3c}, @in=@multicast1, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, {}, {0x0, 0x22}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x13c}}, 0x4004000) 1.652260916s ago: executing program 0 (id=110): r0 = io_uring_setup(0x7f59, &(0x7f0000000340)={0x0, 0xb140, 0x1000, 0x1009, 0x197}) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x3}, 0x8) sendto$inet6(r1, &(0x7f0000000000)="aa", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x6}, 0x3}, 0x1c) close_range(r0, 0xffffffffffffffff, 0x0) 1.127225769s ago: executing program 4 (id=111): r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0) write$vga_arbiter(r0, &(0x7f0000000200)=ANY=[@ANYBLOB='lock i'], 0xc) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r1, 0xffffffffffffffff, 0x0) 1.034809784s ago: executing program 0 (id=112): bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xa, 0x5, 0x2, 0x7, 0x0, 0x1, 0x8d8c}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3}, [@call={0x85, 0x0, 0x0, 0x7d}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 883.043918ms ago: executing program 2 (id=113): r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x7, &(0x7f00000000c0)="fdffffff", 0x4) 568.180978ms ago: executing program 3 (id=114): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendmmsg$sock(r0, &(0x7f0000003d80)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000840)}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)}}], 0x2, 0x44080) 567.883265ms ago: executing program 0 (id=115): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x40001}, 0x4000000) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000380)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWCHAIN={0x34, 0x3, 0xa, 0x76a9bba1a690db11, 0x0, 0x0, {0xa, 0x0, 0x5}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_POLICY={0x8, 0x5, 0x1, 0x0, 0xfffffffffffffffb}]}], {0x14}}, 0x5c}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840) 216.772445ms ago: executing program 3 (id=116): r0 = socket$kcm(0x2, 0x1, 0x84) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{}, {0x10000002, 0x0, 0x0, 0x2}]}, 0x94) close(0x3) r1 = socket$kcm(0x2, 0x1, 0x84) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b00)={0x18, 0x11, &(0x7f00000008c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x6}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@jmp={0x5, 0x1, 0x9, 0x1, 0x9}, @jmp={0x5, 0x1, 0xb, 0x2, 0x8, 0x80, 0xfffffffffffffff0}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, 0x0, 0x5d, 0x2e, &(0x7f00000009c0)=""/46, 0x40f00, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) close(r3) recvmsg$unix(r2, &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r1, 0x84, 0x64, &(0x7f0000000000)=r4, 0x10) sendmsg$inet(r1, &(0x7f0000000080)={&(0x7f0000000280)={0x2, 0x10, @local}, 0x10, &(0x7f0000000140)=[{&(0x7f00000005c0)="df", 0x1}], 0x1}, 0x0) setsockopt$sock_attach_bpf(r0, 0x84, 0x85, &(0x7f0000000ac0), 0x90) 82.95972ms ago: executing program 0 (id=117): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0b000000ff000000324900007f00000001"], 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000340)={{r0}, &(0x7f0000000000)=0x7d8, &(0x7f0000000180)='%ps \x00'}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000100)=ANY=[@ANYBLOB="1803000000000000000000000010"], 0x0}, 0x94) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000001c0)={{r0}, &(0x7f0000000100)=0x7d8, &(0x7f0000000140)='%pi6 \x00'}, 0x20) 0s ago: executing program 4 (id=118): r0 = socket$packet(0x11, 0x3, 0x300) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1, 0x4, &(0x7f0000020440)=ANY=[@ANYBLOB="18000000004000000000000009000000850000000f00000095"], &(0x7f0000000000)='syzkaller\x00', 0x5, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000980)=r1, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000a80)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d640500000000006504040001001f000404000001007d60b7030000000000006a0a00fe00000100850000000d000000b7000000000000009500000000000000c74396c8e3ebbadc20e5a7ef8c9ac1465cbf188ef10871b81ac7553358380b3a1f59916ffc9bf0bdf81524f07fb2819bf5774fedda52e39c90af27db5b56024df96b4673b4e8d5467e114604ea09b290a248a120c9c6cd87cef9000000a39c15a7ef365cc27dfeac7b9b0e9048517354b0ca4f9cf8b59ee6fa003fe1f2c4c15f20a07db4583a462d8be6602186fd68ee14a19ea2eb42122b8635a66ce6b5b92356081bc0f18a0ca83dbc089a9813c1efa26001b3f486ebfaae85c4d0b96778478ae5355e6f923b11056969f486f80a35f7f2339704fa93fa915ab8e1e0d7f31ebd19455e6827cd493907bf9d0000000000000000000000004e1fa60acabcf0553910ca2e5ea499fd5889dde9261f0848a5b8af657bfc96049308e8953431b269053627a1523551c160c813969925a892d266792352ec0204596a37ce8d6d260b32239bddbce2e79f93cb5a0ad897adb53b397d07c50f84b74f2605a565ee149016aa75ea31c0087dcd821b47c8b36efc6da4fb2ea7f1f36c85856b73ac9872babc62149699b6b8c796a79d833eb4b5ca668d430db5653a2b3c5b87e17ca1"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x2ca}, 0x48) bpf$BPF_MAP_GET_NEXT_ID(0xc, &(0x7f0000000000)={0x3}, 0x8) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x18000000000002a0, 0xf, 0x0, &(0x7f0000000180)="b90103606908068c3c270040e70000", 0x0, 0x8104, 0x6000000000000000, 0x0, 0x0, 0x0, 0x0}, 0x50) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.119' (ED25519) to the list of known hosts. [ 171.347722][ T5789] cgroup: Unknown subsys name 'net' [ 171.480520][ T5789] cgroup: Unknown subsys name 'cpuset' [ 171.500205][ T5789] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 177.188523][ T5789] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 181.622975][ T5808] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 181.631286][ T5808] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 181.651123][ T5814] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 181.659314][ T5814] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 181.669327][ T5814] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 181.678099][ T5814] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 181.689699][ T5814] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 181.698197][ T5814] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 181.706613][ T5814] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 181.719947][ T5814] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 181.720644][ T5819] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 181.736743][ T5819] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 181.737757][ T5814] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 181.752375][ T5818] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 181.754504][ T5821] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 181.768093][ T5819] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 181.790292][ T5807] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 181.802449][ T5819] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 181.814669][ T5819] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 181.824311][ T5819] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 181.836201][ T5819] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 181.931299][ T5819] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 181.984969][ T5103] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 181.994970][ T5103] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 182.017390][ T5103] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 183.483760][ T5809] chnl_net:caif_netlink_parms(): no params data found [ 183.619749][ T5811] chnl_net:caif_netlink_parms(): no params data found [ 183.794969][ T5816] chnl_net:caif_netlink_parms(): no params data found [ 183.840207][ T5103] Bluetooth: hci2: command tx timeout [ 183.840903][ T5806] chnl_net:caif_netlink_parms(): no params data found [ 183.920840][ T5103] Bluetooth: hci4: command tx timeout [ 184.000085][ T5103] Bluetooth: hci0: command tx timeout [ 184.080144][ T5103] Bluetooth: hci3: command tx timeout [ 184.085729][ T5103] Bluetooth: hci1: command tx timeout [ 184.095606][ T5805] chnl_net:caif_netlink_parms(): no params data found [ 184.774958][ T5809] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.786009][ T5809] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.793869][ T5809] bridge_slave_0: entered allmulticast mode [ 184.803425][ T5809] bridge_slave_0: entered promiscuous mode [ 184.896749][ T5809] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.904515][ T5809] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.915728][ T5809] bridge_slave_1: entered allmulticast mode [ 184.924314][ T5809] bridge_slave_1: entered promiscuous mode [ 184.975093][ T5811] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.984256][ T5811] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.993442][ T5811] bridge_slave_0: entered allmulticast mode [ 185.002050][ T5811] bridge_slave_0: entered promiscuous mode [ 185.095095][ T5811] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.104011][ T5811] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.111755][ T5811] bridge_slave_1: entered allmulticast mode [ 185.124629][ T5811] bridge_slave_1: entered promiscuous mode [ 185.197877][ T5806] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.205547][ T5806] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.213186][ T5806] bridge_slave_0: entered allmulticast mode [ 185.221695][ T5806] bridge_slave_0: entered promiscuous mode [ 185.340943][ T5809] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 185.387996][ T5806] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.396389][ T5806] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.404888][ T5806] bridge_slave_1: entered allmulticast mode [ 185.413268][ T5806] bridge_slave_1: entered promiscuous mode [ 185.554239][ T5811] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 185.566698][ T5816] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.574495][ T5816] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.584042][ T5816] bridge_slave_0: entered allmulticast mode [ 185.593473][ T5816] bridge_slave_0: entered promiscuous mode [ 185.614472][ T5809] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 185.624258][ T5816] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.633591][ T5816] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.641215][ T5816] bridge_slave_1: entered allmulticast mode [ 185.650703][ T5816] bridge_slave_1: entered promiscuous mode [ 185.661017][ T5805] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.668530][ T5805] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.676264][ T5805] bridge_slave_0: entered allmulticast mode [ 185.684811][ T5805] bridge_slave_0: entered promiscuous mode [ 185.732372][ T5811] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 185.749481][ T5806] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 185.819033][ T5805] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.827881][ T5805] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.835523][ T5805] bridge_slave_1: entered allmulticast mode [ 185.844042][ T5805] bridge_slave_1: entered promiscuous mode [ 185.887617][ T5806] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 185.925918][ T5813] Bluetooth: hci2: command tx timeout [ 186.001409][ T5813] Bluetooth: hci4: command tx timeout [ 186.080885][ T5813] Bluetooth: hci0: command tx timeout [ 186.094953][ T5809] team0: Port device team_slave_0 added [ 186.112481][ T5816] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 186.128879][ T5811] team0: Port device team_slave_0 added [ 186.165984][ T5813] Bluetooth: hci1: command tx timeout [ 186.171837][ T5103] Bluetooth: hci3: command tx timeout [ 186.188053][ T5805] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 186.204126][ T5809] team0: Port device team_slave_1 added [ 186.221687][ T5805] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 186.238441][ T5816] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 186.253281][ T5811] team0: Port device team_slave_1 added [ 186.264881][ T5806] team0: Port device team_slave_0 added [ 186.396582][ T5806] team0: Port device team_slave_1 added [ 186.568323][ T5809] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 186.575521][ T5809] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 186.601787][ T5809] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 186.620850][ T5805] team0: Port device team_slave_0 added [ 186.633431][ T5811] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 186.640647][ T5811] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 186.666912][ T5811] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 186.686123][ T5816] team0: Port device team_slave_0 added [ 186.695697][ T5811] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 186.702886][ T5811] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 186.729273][ T5811] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 186.771013][ T5809] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 186.778137][ T5809] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 186.804445][ T5809] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 186.824037][ T5805] team0: Port device team_slave_1 added [ 186.838977][ T5816] team0: Port device team_slave_1 added [ 186.864005][ T5806] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 186.871169][ T5806] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 186.897416][ T5806] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 186.928294][ T5806] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 186.935536][ T5806] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 186.961858][ T5806] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 187.136735][ T5816] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 187.144023][ T5816] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 187.170336][ T5816] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 187.225485][ T5805] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 187.232637][ T5805] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 187.258874][ T5805] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 187.310757][ T5816] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 187.317857][ T5816] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 187.344142][ T5816] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 187.412441][ T5805] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 187.419538][ T5805] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 187.445874][ T5805] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 187.567461][ T5806] hsr_slave_0: entered promiscuous mode [ 187.580405][ T5806] hsr_slave_1: entered promiscuous mode [ 187.604774][ T5809] hsr_slave_0: entered promiscuous mode [ 187.614654][ T5809] hsr_slave_1: entered promiscuous mode [ 187.622960][ T5809] debugfs: 'hsr0' already exists in 'hsr' [ 187.628804][ T5809] Cannot create hsr debugfs directory [ 187.666185][ T5811] hsr_slave_0: entered promiscuous mode [ 187.674850][ T5811] hsr_slave_1: entered promiscuous mode [ 187.683503][ T5811] debugfs: 'hsr0' already exists in 'hsr' [ 187.689327][ T5811] Cannot create hsr debugfs directory [ 187.875145][ T5816] hsr_slave_0: entered promiscuous mode [ 187.883848][ T5816] hsr_slave_1: entered promiscuous mode [ 187.892193][ T5816] debugfs: 'hsr0' already exists in 'hsr' [ 187.898037][ T5816] Cannot create hsr debugfs directory [ 188.003054][ T5103] Bluetooth: hci2: command tx timeout [ 188.097789][ T5103] Bluetooth: hci4: command tx timeout [ 188.160127][ T5103] Bluetooth: hci0: command tx timeout [ 188.240447][ T5103] Bluetooth: hci3: command tx timeout [ 188.246077][ T5813] Bluetooth: hci1: command tx timeout [ 188.260466][ T5805] hsr_slave_0: entered promiscuous mode [ 188.270739][ T5805] hsr_slave_1: entered promiscuous mode [ 188.281544][ T5805] debugfs: 'hsr0' already exists in 'hsr' [ 188.287424][ T5805] Cannot create hsr debugfs directory [ 189.372521][ T5809] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 189.408859][ T5809] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 189.453426][ T5809] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 189.475174][ T5809] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 189.655368][ T5811] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 189.722902][ T5811] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 189.785287][ T5811] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 189.863498][ T5811] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 189.883746][ T5806] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 189.991481][ T5806] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 190.090218][ T5813] Bluetooth: hci2: command tx timeout [ 190.099333][ T5806] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 190.116899][ T5816] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 190.170815][ T5813] Bluetooth: hci4: command tx timeout [ 190.177361][ T5816] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 190.199311][ T5806] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 190.240684][ T5813] Bluetooth: hci0: command tx timeout [ 190.243248][ T5816] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 190.276073][ T5805] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 190.320900][ T5816] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 190.323021][ T5813] Bluetooth: hci1: command tx timeout [ 190.332307][ T5103] Bluetooth: hci3: command tx timeout [ 190.370973][ T5805] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 190.474384][ T5805] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 190.553669][ T5805] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 190.676457][ T5809] 8021q: adding VLAN 0 to HW filter on device bond0 [ 190.920667][ T5809] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.057736][ T4442] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.065342][ T4442] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.161440][ T4442] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.168907][ T4442] bridge0: port 2(bridge_slave_1) entered forwarding state [ 191.382577][ T5806] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.453635][ T5811] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.573844][ T5816] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.626952][ T5806] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.754411][ T4292] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.761961][ T4292] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.795249][ T5811] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.843479][ T5816] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.860471][ T4292] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.867928][ T4292] bridge0: port 2(bridge_slave_1) entered forwarding state [ 191.909941][ T4442] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.917406][ T4442] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.029115][ T4442] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.036697][ T4442] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.052678][ T4442] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.060234][ T4442] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.076647][ T4442] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.084198][ T4442] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.129813][ T5805] 8021q: adding VLAN 0 to HW filter on device bond0 [ 192.284163][ T5805] 8021q: adding VLAN 0 to HW filter on device team0 [ 192.496721][ T4442] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.504421][ T4442] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.529752][ T4442] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.537149][ T4442] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.602684][ T5806] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 192.785550][ T5816] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 193.482995][ T5809] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 194.004815][ T5809] veth0_vlan: entered promiscuous mode [ 194.128482][ T5809] veth1_vlan: entered promiscuous mode [ 194.503257][ T5811] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 194.546560][ T5809] veth0_macvtap: entered promiscuous mode [ 194.660944][ T5809] veth1_macvtap: entered promiscuous mode [ 194.741423][ T5806] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 194.808167][ T5816] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 194.893755][ T5809] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 194.946691][ T5805] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 194.992655][ T5809] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 195.156653][ T4292] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.210458][ T4252] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.269284][ T5811] veth0_vlan: entered promiscuous mode [ 195.285992][ T4252] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.354932][ T4252] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.416591][ T5811] veth1_vlan: entered promiscuous mode [ 195.532075][ T5806] veth0_vlan: entered promiscuous mode [ 195.714107][ T5806] veth1_vlan: entered promiscuous mode [ 195.767814][ T5805] veth0_vlan: entered promiscuous mode [ 195.801375][ T5811] veth0_macvtap: entered promiscuous mode [ 195.900117][ T5811] veth1_macvtap: entered promiscuous mode [ 195.985647][ T5805] veth1_vlan: entered promiscuous mode [ 196.029778][ T5806] veth0_macvtap: entered promiscuous mode [ 196.119222][ T5806] veth1_macvtap: entered promiscuous mode [ 196.146656][ T5811] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 196.225195][ T5811] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 196.307969][ T3596] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.341211][ T5806] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 196.402948][ T1101] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.431013][ T5806] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 196.455039][ T1101] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.493146][ T5805] veth0_macvtap: entered promiscuous mode [ 196.503046][ T1101] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.516229][ T1101] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.532313][ T1101] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.583906][ T1101] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.610358][ T5805] veth1_macvtap: entered promiscuous mode [ 196.624425][ T1101] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.817716][ T5805] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 196.896824][ T5805] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 196.968891][ T4252] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.068592][ T4252] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.161454][ T4252] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.208056][ T4252] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.815109][ T5816] veth0_vlan: entered promiscuous mode [ 197.897188][ T5816] veth1_vlan: entered promiscuous mode [ 198.179935][ T5816] veth0_macvtap: entered promiscuous mode [ 198.257094][ T5816] veth1_macvtap: entered promiscuous mode [ 198.494445][ T5816] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 198.604793][ T5816] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 198.737774][ T3617] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.780471][ T3617] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.789468][ T3617] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.865705][ T3617] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 201.678048][ T3623] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 201.687022][ T3623] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 201.985868][ T73] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 201.994035][ T73] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 202.113456][ T4252] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 202.121722][ T4252] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 202.280899][ T4191] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 202.288904][ T4191] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 202.504145][ T5811] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 202.623145][ T3623] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 202.631253][ T3623] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 202.835816][ T1101] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 202.845543][ T1101] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 202.857751][ T4549] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 202.865902][ T4549] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 203.074789][ T4191] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 203.082969][ T4191] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 203.780335][ T5896] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 203.990261][ T5896] usb 2-1: Using ep0 maxpacket: 8 [ 204.082005][ T5896] usb 2-1: New USB device found, idVendor=110a, idProduct=1450, bcdDevice=62.cb [ 204.091594][ T5896] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 204.100163][ T5896] usb 2-1: Product: syz [ 204.104595][ T5896] usb 2-1: Manufacturer: syz [ 204.109364][ T5896] usb 2-1: SerialNumber: syz [ 204.321412][ T6004] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 204.475600][ T5867] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 204.703700][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 204.720361][ T5867] usb 1-1: Using ep0 maxpacket: 8 [ 204.742183][ T5867] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 204.752554][ T5867] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 204.762752][ T5867] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 204.772995][ T5867] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 204.786408][ T5867] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 204.799197][ T5867] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 204.848017][ T5993] Zero length message leads to an empty skb [ 205.223637][ T5867] usb 1-1: GET_CAPABILITIES returned 64 [ 205.229605][ T5867] usbtmc 1-1:16.0: can't read capabilities [ 205.246317][ T5896] mxuport 2-1:254.0: mxuport_recv_ctrl_urb - short read (0 / 4) [ 205.254988][ T5896] mxuport 2-1:254.0: probe with driver mxuport failed with error -5 [ 205.363524][ T4191] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 205.372145][ T4191] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 205.485734][ T5896] usb 1-1: USB disconnect, device number 2 [ 205.581675][ T4292] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 205.589672][ T4292] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 205.721282][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 205.748660][ T2035] usb 2-1: USB disconnect, device number 2 [ 206.464030][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 206.872062][ T2035] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 207.091206][ T2035] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 207.102581][ T2035] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 207.112791][ T2035] usb 1-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af [ 207.122383][ T2035] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 207.157518][ T2035] usb 1-1: config 0 descriptor?? [ 207.690711][ T5867] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 207.874816][ T2035] playstation 0003:054C:0DF2.0001: unknown main item tag 0x0 [ 207.882817][ T2035] playstation 0003:054C:0DF2.0001: unknown main item tag 0x0 [ 207.890698][ T2035] playstation 0003:054C:0DF2.0001: unknown main item tag 0x0 [ 207.898325][ T2035] playstation 0003:054C:0DF2.0001: unknown main item tag 0x0 [ 207.906101][ T2035] playstation 0003:054C:0DF2.0001: unknown main item tag 0x0 [ 207.970811][ T5867] usb 5-1: Using ep0 maxpacket: 16 [ 208.046049][ T2035] playstation 0003:054C:0DF2.0001: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.0-1/input0 [ 208.106826][ T5867] usb 5-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 208.117107][ T5867] usb 5-1: config 0 interface 0 altsetting 1 has an endpoint descriptor with address 0xB2, changing to 0x82 [ 208.128999][ T5867] usb 5-1: config 0 interface 0 altsetting 1 endpoint 0x82 has an invalid bInterval 99, changing to 10 [ 208.140667][ T5867] usb 5-1: config 0 interface 0 altsetting 1 endpoint 0x82 has invalid maxpacket 42937, setting to 1024 [ 208.152170][ T5867] usb 5-1: config 0 interface 0 has no altsetting 0 [ 208.166781][ T2035] playstation 0003:054C:0DF2.0001: Invalid byte count transferred, expected 20 got 0 [ 208.184822][ T2035] playstation 0003:054C:0DF2.0001: Failed to retrieve DualSense pairing info: -22 [ 208.196805][ T2035] playstation 0003:054C:0DF2.0001: Failed to get MAC address from DualSense [ 208.205818][ T2035] playstation 0003:054C:0DF2.0001: Failed to create dualsense. [ 208.285008][ T5867] usb 5-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 208.294459][ T5867] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 208.302812][ T5867] usb 5-1: Product: syz [ 208.307147][ T5867] usb 5-1: Manufacturer: syz [ 208.312007][ T5867] usb 5-1: SerialNumber: syz [ 208.349804][ T2035] playstation 0003:054C:0DF2.0001: probe with driver playstation failed with error -22 [ 208.363494][ T5867] usb 5-1: config 0 descriptor?? [ 208.378189][ T6028] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 208.551501][ T2035] usb 1-1: USB disconnect, device number 3 [ 208.703325][ T6028] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 208.818437][ T5867] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input5 [ 208.867932][ T6033] fido_id[6033]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 208.997662][ C1] synaptics_usb 5-1:0.0: synusb_irq - usb_submit_urb failed with result: -19 [ 209.006902][ T5867] usb 5-1: USB disconnect, device number 2 [ 209.937078][ T6043] mmap: syz.0.19 (6043) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 210.051115][ T6043] ip6gretap1: entered promiscuous mode [ 210.056824][ T6043] ip6gretap1: entered allmulticast mode [ 212.350409][ T5867] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 212.579294][ T5867] usb 1-1: New USB device found, idVendor=0830, idProduct=0060, bcdDevice=13.2b [ 212.588935][ T5867] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 212.597310][ T5867] usb 1-1: Product: syz [ 212.602040][ T5867] usb 1-1: Manufacturer: syz [ 212.607080][ T5867] usb 1-1: SerialNumber: syz [ 212.751006][ T6076] netlink: 'syz.3.35': attribute type 1 has an invalid length. [ 212.758748][ T6076] netlink: 244 bytes leftover after parsing attributes in process `syz.3.35'. [ 212.922868][ T5867] visor 1-1:1.0: Handspring Visor / Palm OS converter detected [ 212.989105][ T5867] usb 1-1: Handspring Visor / Palm OS converter now attached to ttyUSB0 [ 213.042162][ T5867] usb 1-1: Handspring Visor / Palm OS converter now attached to ttyUSB1 [ 213.227859][ T5867] usb 1-1: USB disconnect, device number 4 [ 213.272848][ T5867] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0 [ 213.372350][ T5867] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1 [ 213.384811][ T5867] visor 1-1:1.0: device disconnected [ 215.191648][ T2035] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 215.386575][ T2035] usb 4-1: Using ep0 maxpacket: 32 [ 215.425526][ T2035] usb 4-1: config 0 has an invalid interface number: 12 but max is 0 [ 215.434719][ T2035] usb 4-1: config 0 has no interface number 0 [ 215.446302][ T2035] usb 4-1: config 0 interface 12 has no altsetting 0 [ 215.561670][ T2035] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 215.571162][ T2035] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 215.579365][ T2035] usb 4-1: Product: syz [ 215.584017][ T2035] usb 4-1: Manufacturer: syz [ 215.588780][ T2035] usb 4-1: SerialNumber: syz [ 215.648914][ T2035] usb 4-1: config 0 descriptor?? [ 216.730120][ T5867] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 216.939082][ T5867] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 216.949765][ T5867] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 216.961903][ T5867] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 216.972005][ T5867] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 217.174459][ T5867] usb 2-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 217.189635][ T5867] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 217.199292][ T5867] usb 2-1: Product: syz [ 217.203773][ T5867] usb 2-1: Manufacturer: syz [ 217.208540][ T5867] usb 2-1: SerialNumber: syz [ 217.263380][ T5867] usb 2-1: config 0 descriptor?? [ 217.296886][ T5867] radio-si470x 2-1:0.0: could not find interrupt in endpoint [ 217.304980][ T5867] radio-si470x 2-1:0.0: probe with driver radio-si470x failed with error -5 [ 217.315121][ T5867] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 217.550841][ T5867] usb 2-1: USB disconnect, device number 3 [ 217.574440][ T2035] f81534 4-1:0.12: f81534_set_register: reg: 1003 data: 88 failed: -71 [ 217.583160][ T2035] f81534 4-1:0.12: f81534_find_config_idx: read failed: -71 [ 217.598128][ T2035] f81534 4-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 217.608988][ T2035] f81534 4-1:0.12: probe with driver f81534 failed with error -71 [ 217.750728][ T2035] usb 4-1: USB disconnect, device number 2 [ 218.803451][ T6119] netlink: 'syz.3.54': attribute type 4 has an invalid length. [ 218.807190][ T6118] netlink: 20 bytes leftover after parsing attributes in process `syz.2.53'. [ 218.845398][ T6118] netlink: 20 bytes leftover after parsing attributes in process `syz.2.53'. [ 219.001835][ T2035] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 219.201832][ T2035] usb 2-1: Using ep0 maxpacket: 16 [ 219.260198][ T2035] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 219.272087][ T2035] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 219.368198][ T2035] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 219.378075][ T2035] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 219.388348][ T2035] usb 2-1: Product: syz [ 219.392880][ T2035] usb 2-1: Manufacturer: syz [ 219.397658][ T2035] usb 2-1: SerialNumber: syz [ 219.503206][ T2035] usb 2-1: config 0 descriptor?? [ 219.579809][ T2035] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 219.589399][ T2035] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class) [ 219.830845][ T5867] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 219.996252][ T6130] netdevsim netdevsim4: Direct firmware load for þ failed with error -2 [ 220.010749][ T6130] netdevsim netdevsim4: Falling back to sysfs fallback for: þ [ 220.051586][ T5867] usb 4-1: Using ep0 maxpacket: 8 [ 220.090635][ T5867] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 220.100993][ T5867] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 220.111168][ T5867] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 220.121408][ T5867] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 220.135374][ T5867] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 220.144856][ T5867] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 220.163361][ T2035] em28xx 2-1:0.0: unknown em28xx chip ID (0) [ 220.185802][ T2035] em28xx 2-1:0.0: Config register raw data: 0x41 [ 220.402439][ T2035] usb 2-1: USB disconnect, device number 4 [ 220.410621][ T2035] em28xx 2-1:0.0: Disconnecting em28xx [ 220.468177][ T2035] em28xx 2-1:0.0: Freeing device [ 220.602022][ T5867] usb 4-1: GET_CAPABILITIES returned 2f [ 220.608011][ T5867] usbtmc 4-1:16.0: can't read capabilities [ 220.818419][ T5867] usb 4-1: USB disconnect, device number 3 [ 223.070641][ T30] audit: type=1326 audit(1764714285.384:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6159 comm="syz.0.70" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd539 code=0x7ffc0000 [ 223.092958][ T30] audit: type=1326 audit(1764714285.384:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6159 comm="syz.0.70" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd539 code=0x7ffc0000 [ 223.115086][ T30] audit: type=1326 audit(1764714285.414:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6159 comm="syz.0.70" exe="/root/syz-executor" sig=0 arch=40000003 syscall=219 compat=1 ip=0xf70dd539 code=0x7ffc0000 [ 223.140368][ T30] audit: type=1326 audit(1764714285.434:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6159 comm="syz.0.70" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd539 code=0x7ffc0000 [ 223.163651][ T30] audit: type=1326 audit(1764714285.434:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6159 comm="syz.0.70" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd539 code=0x7ffc0000 [ 224.139631][ T5867] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 224.342687][ T5867] usb 4-1: Using ep0 maxpacket: 8 [ 224.385820][ T5867] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 224.396191][ T5867] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 224.407971][ T5867] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 224.418540][ T5867] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 224.432194][ T5867] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 224.441614][ T5867] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 224.513733][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 224.520511][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 224.755749][ T5867] usb 4-1: GET_CAPABILITIES returned 2f [ 224.766648][ T5867] usbtmc 4-1:16.0: can't read capabilities [ 225.047791][ T5867] usb 4-1: USB disconnect, device number 4 [ 225.070585][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 225.133152][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 225.341088][ T0] NOHZ tick-stop error: local softirq work is pending, handler #01!!! [ 225.476751][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 225.682282][ T0] NOHZ tick-stop error: local softirq work is pending, handler #2c2!!! [ 225.687682][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 226.603062][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 227.719243][ T6186] netlink: 12 bytes leftover after parsing attributes in process `syz.3.80'. [ 227.827584][ T6188] Bluetooth: MGMT ver 1.23 [ 227.841634][ T6188] Bluetooth: hci0: unsupported parameter 28022 [ 227.848221][ T6190] netlink: 12 bytes leftover after parsing attributes in process `syz.3.80'. [ 227.857435][ T6188] Bluetooth: hci0: invalid length 0, exp 2 for type 0 [ 228.363824][ T6186] netlink: 12 bytes leftover after parsing attributes in process `syz.3.80'. [ 230.400738][ T2035] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 230.521245][ T6216] netlink: 12 bytes leftover after parsing attributes in process `syz.0.90'. [ 230.601998][ T2035] usb 4-1: Using ep0 maxpacket: 8 [ 230.641525][ T2035] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 230.651674][ T2035] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 230.663347][ T2035] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 230.675239][ T2035] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 230.688717][ T2035] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 230.702237][ T2035] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 231.039137][ T2035] usb 4-1: GET_CAPABILITIES returned 0 [ 231.044999][ T2035] usbtmc 4-1:16.0: can't read capabilities [ 231.251516][ T5896] usb 4-1: USB disconnect, device number 5 [ 231.425329][ T2035] usb 5-1: new full-speed USB device number 3 using dummy_hcd [ 231.606017][ T2035] usb 5-1: config 0 interface 0 altsetting 251 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 231.623565][ T2035] usb 5-1: config 0 interface 0 has no altsetting 0 [ 231.665093][ T2035] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 231.674500][ T2035] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 231.684037][ T2035] usb 5-1: Product: syz [ 231.688343][ T2035] usb 5-1: Manufacturer: syz [ 231.693307][ T2035] usb 5-1: SerialNumber: syz [ 231.706205][ T2035] usb 5-1: config 0 descriptor?? [ 231.886868][ T2035] snd-usb-audio 5-1:0.0: probe with driver snd-usb-audio failed with error -22 [ 232.005815][ T2035] usb 5-1: USB disconnect, device number 3 [ 232.257589][ T5996] udevd[5996]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 235.281137][ T2035] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 235.420615][ T5896] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 235.470888][ T2035] usb 1-1: Using ep0 maxpacket: 8 [ 235.493377][ T2035] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 235.503480][ T2035] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 235.516491][ T2035] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 235.527617][ T2035] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 235.540806][ T2035] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 235.550091][ T2035] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 235.657310][ T5896] usb 5-1: config 0 interface 0 altsetting 251 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 235.670811][ T5896] usb 5-1: config 0 interface 0 has no altsetting 0 [ 235.734472][ T5896] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 235.743815][ T5896] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 235.752570][ T5896] usb 5-1: Product: syz [ 235.756979][ T5896] usb 5-1: Manufacturer: syz [ 235.761800][ T5896] usb 5-1: SerialNumber: syz [ 235.782490][ T5896] usb 5-1: config 0 descriptor?? [ 235.856422][ T2035] usb 1-1: usb_control_msg returned -71 [ 235.862337][ T2035] usbtmc 1-1:16.0: can't read capabilities [ 235.899523][ T2035] usb 1-1: USB disconnect, device number 5 [ 236.074773][ T5896] snd-usb-audio 5-1:0.0: probe with driver snd-usb-audio failed with error -22 [ 236.203944][ T5996] udevd[5996]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 236.242108][ T5896] usb 5-1: USB disconnect, device number 4 [ 236.662924][ T6258] netlink: 4 bytes leftover after parsing attributes in process `syz.3.109'. [ 238.399685][ T6280] ===================================================== [ 238.407033][ T6280] BUG: KMSAN: uninit-value in batadv_get_vid+0x2d0/0x3b0 [ 238.414259][ T6280] batadv_get_vid+0x2d0/0x3b0 [ 238.419003][ T6280] batadv_interface_tx+0x2e8/0x1dd0 [ 238.424857][ T6280] dev_hard_start_xmit+0x22f/0xa30 [ 238.430139][ T6280] __dev_queue_xmit+0x3b58/0x5da0 [ 238.435266][ T6280] __bpf_redirect+0x162d/0x1760 [ 238.440284][ T6280] bpf_clone_redirect+0x366/0x530 [ 238.445408][ T6280] ___bpf_prog_run+0x1297/0xeba0 [ 238.450589][ T6280] __bpf_prog_run512+0xc5/0x100 [ 238.455558][ T6280] bpf_test_run+0x496/0xd80 [ 238.460254][ T6280] bpf_prog_test_run_skb+0x1720/0x2590 [ 238.465809][ T6280] bpf_prog_test_run+0x5c2/0xa40 [ 238.470918][ T6280] __sys_bpf+0x873/0xeb0 [ 238.475238][ T6280] __ia32_sys_bpf+0xa4/0xf0 [ 238.479962][ T6280] ia32_sys_call+0xa53/0x4340 [ 238.484927][ T6280] __do_fast_syscall_32+0xb0/0x1b0 [ 238.491264][ T6280] do_fast_syscall_32+0x38/0x80 [ 238.496312][ T6280] do_SYSENTER_32+0x1f/0x30 [ 238.501057][ T6280] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 238.507509][ T6280] [ 238.510004][ T6280] Uninit was created at: [ 238.514384][ T6280] kmem_cache_alloc_node_noprof+0x989/0x16b0 [ 238.520570][ T6280] kmalloc_reserve+0x13c/0x4b0 [ 238.525415][ T6280] pskb_expand_head+0x1fc/0x1610 [ 238.530535][ T6280] skb_ensure_writable+0x44e/0x510 [ 238.535733][ T6280] bpf_clone_redirect+0x1c1/0x530 [ 238.540944][ T6280] ___bpf_prog_run+0x1297/0xeba0 [ 238.545978][ T6280] __bpf_prog_run512+0xc5/0x100 [ 238.551004][ T6280] bpf_test_run+0x496/0xd80 [ 238.555596][ T6280] bpf_prog_test_run_skb+0x1720/0x2590 [ 238.561239][ T6280] bpf_prog_test_run+0x5c2/0xa40 [ 238.566277][ T6280] __sys_bpf+0x873/0xeb0 [ 238.570736][ T6280] __ia32_sys_bpf+0xa4/0xf0 [ 238.575316][ T6280] ia32_sys_call+0xa53/0x4340 [ 238.580181][ T6280] __do_fast_syscall_32+0xb0/0x1b0 [ 238.585398][ T6280] do_fast_syscall_32+0x38/0x80 [ 238.590564][ T6280] do_SYSENTER_32+0x1f/0x30 [ 238.595241][ T6280] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 238.601897][ T6280] [ 238.604320][ T6280] CPU: 0 UID: 0 PID: 6280 Comm: syz.4.118 Not tainted syzkaller #0 PREEMPT(none) [ 238.613761][ T6280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 238.623957][ T6280] ===================================================== [ 238.631017][ T6280] Disabling lock debugging due to kernel taint [ 238.637208][ T6280] Kernel panic - not syncing: kmsan.panic set ... [ 238.643686][ T6280] CPU: 0 UID: 0 PID: 6280 Comm: syz.4.118 Tainted: G B syzkaller #0 PREEMPT(none) [ 238.654538][ T6280] Tainted: [B]=BAD_PAGE [ 238.658720][ T6280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 238.668922][ T6280] Call Trace: [ 238.672261][ T6280] [ 238.675237][ T6280] __dump_stack+0x26/0x30 [ 238.679662][ T6280] dump_stack_lvl+0x53/0x270 [ 238.684361][ T6280] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 238.690388][ T6280] dump_stack+0x1e/0x25 [ 238.694639][ T6280] vpanic+0x435/0xd30 [ 238.698716][ T6280] panic+0x15d/0x160 [ 238.702813][ T6280] kmsan_report+0x31c/0x320 [ 238.707423][ T6280] ? __msan_warning+0x1b/0x30 [ 238.712191][ T6280] ? batadv_get_vid+0x2d0/0x3b0 [ 238.717116][ T6280] ? batadv_interface_tx+0x2e8/0x1dd0 [ 238.722571][ T6280] ? dev_hard_start_xmit+0x22f/0xa30 [ 238.727953][ T6280] ? __dev_queue_xmit+0x3b58/0x5da0 [ 238.733254][ T6280] ? __bpf_redirect+0x162d/0x1760 [ 238.738380][ T6280] ? bpf_clone_redirect+0x366/0x530 [ 238.743686][ T6280] ? ___bpf_prog_run+0x1297/0xeba0 [ 238.748906][ T6280] ? __bpf_prog_run512+0xc5/0x100 [ 238.754038][ T6280] ? bpf_test_run+0x496/0xd80 [ 238.758814][ T6280] ? bpf_prog_test_run_skb+0x1720/0x2590 [ 238.764546][ T6280] ? bpf_prog_test_run+0x5c2/0xa40 [ 238.769758][ T6280] ? __sys_bpf+0x873/0xeb0 [ 238.774383][ T6280] ? __ia32_sys_bpf+0xa4/0xf0 [ 238.779154][ T6280] ? ia32_sys_call+0xa53/0x4340 [ 238.784124][ T6280] ? __do_fast_syscall_32+0xb0/0x1b0 [ 238.789516][ T6280] ? do_fast_syscall_32+0x38/0x80 [ 238.794715][ T6280] ? do_SYSENTER_32+0x1f/0x30 [ 238.799483][ T6280] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 238.806127][ T6280] ? kmsan_get_metadata+0xfb/0x160 [ 238.811407][ T6280] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 238.817427][ T6280] ? batadv_meshif_is_valid+0x71/0x90 [ 238.822900][ T6280] ? filter_irq_stacks+0x49/0x190 [ 238.828018][ T6280] ? stack_depot_save_flags+0x35/0x790 [ 238.833556][ T6280] ? kmsan_get_metadata+0xfb/0x160 [ 238.838783][ T6280] __msan_warning+0x1b/0x30 [ 238.843385][ T6280] batadv_get_vid+0x2d0/0x3b0 [ 238.848145][ T6280] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 238.854074][ T6280] batadv_interface_tx+0x2e8/0x1dd0 [ 238.859362][ T6280] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 238.865798][ T6280] ? __pfx_batadv_interface_tx+0x10/0x10 [ 238.871521][ T6280] dev_hard_start_xmit+0x22f/0xa30 [ 238.876819][ T6280] __dev_queue_xmit+0x3b58/0x5da0 [ 238.881991][ T6280] ? skb_release_data+0xa12/0xac0 [ 238.887114][ T6280] ? kmsan_internal_memmove_metadata+0x91/0x230 [ 238.893481][ T6280] ? kmsan_get_metadata+0xfb/0x160 [ 238.898788][ T6280] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 238.904707][ T6280] ? __dev_queue_xmit+0x27c/0x5da0 [ 238.909973][ T6280] __bpf_redirect+0x162d/0x1760 [ 238.914946][ T6280] ? kmsan_get_metadata+0xfb/0x160 [ 238.920608][ T6280] bpf_clone_redirect+0x366/0x530 [ 238.925754][ T6280] ___bpf_prog_run+0x1297/0xeba0 [ 238.930815][ T6280] __bpf_prog_run512+0xc5/0x100 [ 238.935803][ T6280] ? kmsan_get_metadata+0xfb/0x160 [ 238.941024][ T6280] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 238.946948][ T6280] ? ktime_get+0x530/0x590 [ 238.951436][ T6280] ? kmsan_get_metadata+0xfb/0x160 [ 238.956653][ T6280] ? kmsan_get_metadata+0xfb/0x160 [ 238.961878][ T6280] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 238.968323][ T6280] ? kmsan_get_metadata+0x150/0x160 [ 238.973623][ T6280] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 238.979537][ T6280] ? __pfx___bpf_prog_run512+0x10/0x10 [ 238.985100][ T6280] ? __pfx___bpf_prog_run512+0x10/0x10 [ 238.990678][ T6280] bpf_test_run+0x496/0xd80 [ 238.995366][ T6280] ? kmsan_get_metadata+0xfb/0x160 [ 239.000668][ T6280] ? kmsan_get_metadata+0xfb/0x160 [ 239.005905][ T6280] ? bpf_test_run+0x2f7/0xd80 [ 239.010697][ T6280] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 239.016617][ T6280] bpf_prog_test_run_skb+0x1720/0x2590 [ 239.022201][ T6280] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 239.028109][ T6280] bpf_prog_test_run+0x5c2/0xa40 [ 239.033157][ T6280] __sys_bpf+0x873/0xeb0 [ 239.037515][ T6280] __ia32_sys_bpf+0xa4/0xf0 [ 239.042110][ T6280] ia32_sys_call+0xa53/0x4340 [ 239.046896][ T6280] __do_fast_syscall_32+0xb0/0x1b0 [ 239.052107][ T6280] ? irqentry_exit_to_user_mode+0x7f/0xf0 [ 239.057914][ T6280] do_fast_syscall_32+0x38/0x80 [ 239.062865][ T6280] do_SYSENTER_32+0x1f/0x30 [ 239.067455][ T6280] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 239.073887][ T6280] RIP: 0023:0xf707d539 [ 239.078013][ T6280] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 239.098309][ T6280] RSP: 002b:00000000f546d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000165 [ 239.106820][ T6280] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000080 [ 239.114875][ T6280] RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000 [ 239.122898][ T6280] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 239.130917][ T6280] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 239.138951][ T6280] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 239.147004][ T6280] [ 239.150436][ T6280] Kernel Offset: disabled [ 239.154804][ T6280] Rebooting in 86400 seconds..