last executing test programs: 8.191988988s ago: executing program 2 (id=12): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0x3ff}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40001}, 0x4040850) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x24000840) socket$kcm(0xa, 0x922000000003, 0x11) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0) process_mrelease(0xffffffffffffffff, 0x0) openat$sw_sync(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) creat(0x0, 0x0) r1 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x0, 0x0) read$FUSE(r1, 0x0, 0x0) 6.56776065s ago: executing program 0 (id=16): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) r3 = syz_io_uring_setup(0x487, &(0x7f00000000c0)={0x0, 0x9010, 0x100, 0x4, 0x165}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) io_uring_register$IORING_REGISTER_PBUF_RING(r3, 0x16, &(0x7f0000000140)={&(0x7f0000001000)={[{0x0, 0x5, 0x3, 0x700}]}, 0x1, 0x1}, 0x1) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x0, r2, 0x0, 0x0, 0x0, 0x60, 0x1, {0x1}}) io_uring_enter(r3, 0x3517, 0x173d, 0x42, 0x0, 0x0) 6.368007574s ago: executing program 2 (id=18): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="d80100001c0001"], 0x1d8}}, 0x0) 6.190144438s ago: executing program 2 (id=19): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r1, 0x10e, 0x2, &(0x7f0000000040)=0x12, 0x4) openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r4, 0x0, 0x8080) socket$inet_tcp(0x2, 0x1, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mknod$loop(&(0x7f0000000080)='./bus\x00', 0x2, 0x1) renameat2(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x2) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r5, 0x6, 0x80000000000002, &(0x7f0000000180)=0x7a, 0x4) bind$inet(r5, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0) timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x77359400}, {0x77359400}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x5, 0xe4}]}, 0x8) sendto$inet(r5, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r5, &(0x7f0000001200)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000001280)="bb2d839f3bf337ccd0d8f3513ab30aba4b00b6f0ef506a60f4082ace5a8a10d80d8d595071f2ff529ff6996481ffc7e4de448343b85079722c4f1a1ce360836392283201a1a5ac0b6e24ccf9f075c64fe58b7a37d37019a49908876bc37c9f304eeefed8a6d8cae3ca0f81e900c8735b8b3063967b68a1567e30726f2c0edb6c85e78619700b0645b728a0c88b22d18366a6db2e391401feb630396bf42b987b102eb2d0a804e188648df6c8ddd79e0fde3893930e06e91c39cc01d239a1c20cb0cee84da924212382163c6638e798d66660c356195a56523456052c42aca7c8404e259561dfea5cbdc21a31b7e7eb73a710b68ba2ae2eff86d3d4fbda8b72014f5de839d48acbc9d217f7ac0b3362a66f3a7d04277cc4b918687ed082170f98dc54bd56f28ea3fecc4e86e1820ed811919dac4d09c18e27c4d839c7ac015d34522c7d87ae968dc872d97db81da9a4b6f631535348d9d44ca3fe846f6706fd3d3bd2f62f2d046a2973c9e8c6ccbf96fd0060d532433732627bf213a35870cea250f79ac773b8adba386e0ae960801b073646dcfe7c89f0cb410d22146cb3109bb9a12649e943104875c0272dfdfac5998854c0f62438909522fba45a4ac83b917a6d9a45704fefe035986b7ae676dd6b8094d2ce7ed64f0aaf138cc827553d74b2c04488d849df41fb98a6c966c07cbb1a9fe3ee5e41c3082c51b37f9df811461cf123830ee606c7b5816b6b86b21860177bfc3fd9aeb689dbb39963a55cee2afe7352200f719a3c0fe44e059446bd7226d9e814d2358c2524c0103c48f7516cc69eb04815bbef84a5bd840a5131f45c335ef8939d6100cf89160f5f1c5aec60e479d18f4680a5a525964fbf2371c1493df2c3e67f98645f329d984250dc98a48a5ab14624438ad259145794a22055ace7d33b5218ed2bda0a528bee49e4e4ae3068477da429945eef0e06128a3202f62634d8faba02e7a951fd2ceba99d2a1488872c66ceef1c5ba5a3e4a523be24c7c2de0316ae12a66d11a8089888c1e2635206ad43da841b07324fdb18eaf8d8a41a8eee7e9cd948967234049bf5ff3c8ce9cd708cf33fca2896221990573c08ef7eb0843189f7033f93b753a40c49bfc92effc9a663fbd1389f1719d14b3d33558bc1ca6c7a66c3ce93151091b23b0efdc14b6e4af3bd914ae73ef2c823346af97d7d2a53f644ba75587ab85e95c43244ba1c97cd1e692bd3e781c21b937e005c9b617ef80b", 0x375}], 0x1}}], 0x1, 0x40000d0) sendto$inet(r5, &(0x7f0000000300)="0906c422e0243219ff7b440e76a1b51b82ba23599f81b52c9d4db4486cec105e4b9f0f859f8a43eef6352f1e46e3145089b6a22f618ca14e288029b613a329c422481c6b7aff6806bce699cea461ecf591d9018b2a1d84e389a8d3127fd35913fe69754435c2", 0xffffffffffffffbb, 0x40040011, 0x0, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000040)={'veth1_to_bond\x00', {0x2, 0x0, @multicast2}}) 4.208347037s ago: executing program 0 (id=26): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000007c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x20, r1, 0x801, 0x70bd26, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_DEFAULT_TYPES={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x40041}, 0x0) 3.911737613s ago: executing program 0 (id=28): openat$sysfs(0xffffff9c, &(0x7f00000037c0)='/sys/kernel/notes', 0x0, 0x44) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="f8000000160001000000000000000000ff01000000000000000000000000000100000000000000000000ffff0000000000000000000000004a8a1f09244c6916", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000ffffac14142300000000330000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f1ffffffffffffff03000000000000000000000000000000000000000000000000000000000000000000000000000000feffffffffffffff0000000000000000960700000000000000000000000000001000"], 0xf8}}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="d80100001c0001"], 0x1d8}}, 0x0) 3.639196029s ago: executing program 0 (id=29): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) pselect6(0x40, &(0x7f0000003400)={0x3, 0x0, 0x7, 0x4, 0x8, 0xda53, 0xffffffffffffff01, 0x8}, &(0x7f0000003440)={0x8, 0x64, 0x297c7d26, 0x8, 0x9, 0x8, 0x1, 0xffffffff}, 0x0, 0x0, 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) dup(r0) ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0xffff030c) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000003c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0xc70, 0xf00a, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io(r3, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) fsopen(&(0x7f0000000380)='pipefs\x00', 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x1, 0x0, 0x0, 0x0}, 0x94) r4 = syz_open_dev$radio(0x0, 0x3, 0x2) ioctl$VIDIOC_SUBSCRIBE_EVENT(r4, 0x4020565a, &(0x7f0000000140)={0x3, 0x98f90f, 0x1}) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc) r5 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0) syz_open_dev$vbi(&(0x7f0000000040), 0x2, 0x2) r6 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000800)={'bridge0\x00', 0x0}) sendmsg$nl_route(r6, &(0x7f0000000200)={0x0, 0xffea, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3000000070000100000000000000000007000000", @ANYRES32=r8, @ANYBLOB="0c00018008000100000001000c0002"], 0x30}}, 0x0) write$sysctl(r5, 0x0, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) write$sysctl(r5, &(0x7f0000000000)='2\x00', 0x2) 3.451883352s ago: executing program 2 (id=31): r0 = syz_open_dev$media(&(0x7f0000000000), 0x0, 0x502) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x4) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x1043, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{0x0}, {0x0}], 0x2) ioctl$MEDIA_IOC_ENUM_LINKS(r0, 0xc0287c02, &(0x7f00000002c0)={0x80000000, 0x0, &(0x7f0000000340)=[{{}, {0x80000000}}]}) ioctl$MEDIA_IOC_ENUM_ENTITIES(r0, 0xc1007c01, &(0x7f0000000600)={r2}) 3.341828904s ago: executing program 2 (id=32): socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) socket(0x10, 0x3, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000002009040000fd0301000009210000000122010009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="002281"], 0x0}, 0x0) syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) 2.596571749s ago: executing program 1 (id=38): sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000a00), 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x10) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, 0x0, 0x0) close(r4) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0x5, 0xe}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x7, 0xfffffffa, 0x2, 0xc, 0x4, 0x9, 0x8e, 0xffffffff, 0xa}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r6, {0x0, 0x9}, {0x2, 0xb}, {0xd, 0x7}}, [@qdisc_kind_options=@q_pfifo_head_drop={{0x14}, {0x8, 0x2, 0x52c}}]}, 0x40}}, 0x4008000) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 2.198835857s ago: executing program 1 (id=40): r0 = syz_open_dev$media(&(0x7f0000000000), 0x0, 0x502) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x4) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x1043, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{0x0}, {0x0}], 0x2) ioctl$MEDIA_IOC_ENUM_LINKS(r0, 0xc0287c02, &(0x7f00000002c0)={0x80000000, 0x0, &(0x7f0000000340)=[{{}, {0x80000000}}]}) ioctl$MEDIA_IOC_ENUM_ENTITIES(r0, 0xc1007c01, &(0x7f0000000600)={r2}) 2.0698364s ago: executing program 1 (id=41): unshare(0x20000400) r0 = socket$vsock_stream(0x28, 0x1, 0x0) getsockopt(r0, 0x28, 0x2, 0x0, 0x0) 1.855950604s ago: executing program 1 (id=42): r0 = socket$netlink(0x10, 0x3, 0x10) unshare(0x66000080) r1 = socket$netlink(0x10, 0x3, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc010203010902"], 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'veth0_vlan\x00', 0x0}) r3 = gettid() sendmsg$nl_route(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="2800000010000100"/20, @ANYRES32=r2, @ANYBLOB="6d3082610000000008001300", @ANYRES32=r3], 0x28}}, 0x0) 1.318874995s ago: executing program 3 (id=46): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0) socket$nl_netfilter(0x10, 0x3, 0xc) openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x40082, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)={0x80, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {{{}, {}, @device_a, @device_a, @from_mac}, 0x0, @default, 0x8001, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}, @NL80211_ATTR_IE={0x4}, @NL80211_ATTR_BEACON_TAIL={0x6, 0xf, [@ssid]}, @NL80211_ATTR_IE_PROBE_RESP={0x4}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}]}, 0x80}}, 0x3000000) 1.151498898s ago: executing program 3 (id=47): openat$sysfs(0xffffff9c, &(0x7f00000037c0)='/sys/kernel/notes', 0x0, 0x44) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="f8000000160001000000000000000000ff01000000000000000000000000000100000000000000000000ffff0000000000000000000000004a8a1f09244c6916", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000ffffac14142300000000330000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f1ffffffffffffff03000000000000000000000000000000000000000000000000000000000000000000000000000000feffffffffffffff0000000000000000960700000000000000000000000000001000"], 0xf8}}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="d80100001c0001"], 0x1d8}}, 0x0) 1.04972185s ago: executing program 3 (id=48): sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000a00), 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x10) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, 0x0, 0x0) close(r4) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0x5, 0xe}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x7, 0xfffffffa, 0x2, 0xc, 0x4, 0x9, 0x8e, 0xffffffff, 0xa}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r6, {0x0, 0x9}, {0x2, 0xb}, {0xd, 0x7}}, [@qdisc_kind_options=@q_pfifo_head_drop={{0x14}, {0x8, 0x2, 0x52c}}]}, 0x40}}, 0x4008000) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 746.798126ms ago: executing program 3 (id=49): r0 = syz_open_dev$media(&(0x7f0000000000), 0x0, 0x502) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x4) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x1043, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{0x0}, {0x0}], 0x2) ioctl$MEDIA_IOC_ENUM_LINKS(r0, 0xc0287c02, &(0x7f00000002c0)={0x80000000, 0x0, &(0x7f0000000340)=[{{}, {0x80000000}}]}) ioctl$MEDIA_IOC_ENUM_ENTITIES(r0, 0xc1007c01, &(0x7f0000000600)={r2}) 613.885638ms ago: executing program 3 (id=50): r0 = socket$kcm(0x29, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000380)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f0000000640)={0x28, r2, 0x1, 0x70bd2a, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_RETRY_TIMEOUT={0x6, 0x1, 0xf2}]}]}, 0x28}}, 0x40040) 471.657731ms ago: executing program 0 (id=51): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="ac0000000001010400000000000000000a0000003c0001802c00018014000300fe8000000000000000000000000000aa14000400ff0100000000000000000000000000010c00028005000100000000003c00"], 0xac}, 0x1, 0x0, 0x0, 0x20000004}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000380)="ab26c0381d7804426d4f0ffeb17ad39b63362343370409f922040d63962fc2aeececbb3caeac9078a61cd82cd18765242b2dcebd0d4ff85fe6905ff54ef66387522551cdf76761c6370caf27f2992f1665d5d39e016fae7579a3b9255ce20c8c68fa9fbdf0d3fe6786f38019f7f803b323515bbc59f5ebfb620276a9f768603f8c17b3e8856af9155d3247349dc4bc29af164f8bd6c3317f21f04bb7047c6d4fc6186e49baf7f7ca520d4a17ccf651629e88a92f3e0cb8b771d447c0bb51a3eee9d64beeaf4de4584ddc6ed048722fde6f4db950d410e96ef621c2a89ebd98f103dd02106bf5135ef3dac237d8573a813c2b61d56d6f4a07ff46105f870da50745", 0x101}, {&(0x7f0000000140)="fa5cf2e9f531fb0969f9185e70e92cdc9c578dfad370ac8bf37435a70fd07e734b398c2615a9cd7a34ee41cc51b26e2829bf8dc17401669862766a05bf9a9c9c175d2e9c2de6f5b8b77a38e616fca1db5a2c1d4f69b8d64b5d4ce3a9bde53e5c3e6103421a38ad276686161286b64996b09b5d09f78cfb7e27c38be8e0e7346f8ba3453065c6d01bcece056fb93efd3997d82531970613a7c7e55d0e22f3b107774ca1bb3526e6c5524e8307b9012440403f", 0xb2}], 0x2}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000004c0)={[0x8aba, 0x100d, 0x4, 0x804, 0x7ffd, 0xf, 0x120000, 0x9, 0x1, 0x5, 0x8000000000000000, 0x1, 0x1, 0xfe, 0x6, 0x1], 0x4000, 0x141200}) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000100)=@x86={0x6, 0x2, 0x10, 0x0, 0xb, 0x7, 0x2, 0x9, 0x1, 0x51, 0x0, 0x8, 0x0, 0x4, 0x10, 0xff, 0xb, 0x2, 0x7, '\x00', 0x6, 0x4080000000000005}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) 390.300763ms ago: executing program 3 (id=52): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x14}}, 0x40080c0) pread64(0xffffffffffffffff, &(0x7f0000000600)=""/4091, 0xffb, 0x1010000) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) rt_sigaction(0x19, &(0x7f0000000000)={0xffffffffffffffff, 0x8c000003, 0x0, {[0x3]}}, 0x0, 0x8, &(0x7f0000000440)) r3 = memfd_create(&(0x7f00000006c0)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\xf2\xed\x04\x00\x00\x00\xd4N\x12\x9b\x1f\t\xd1Z+\x86T\x16\xf8\x01\x00\x00\x00\x9f+\x8d!\x0fG\xab\xc2\xdc\xa3\xb3\xae8\x9f9?\xefo\xa4k\x01\xb2>\xa1\x9c\x86xm\xe6\x9bZ4\x91\x1a\xdb\xdd\x89\xb9\xc0LF;\xd6\x84\x195\x06\x00\x00\x00~\xf3S\x12\"p^\xc1jP\x8a\xc6[\xbd\xe7q]\xdd\r\x1aZS\x01*\x1b\xfd\xbcMA\xdcq\xa1\x00\xb3\xf9\x91r\x7f\xdc\xf1\xc3G,\xdb\xccS\x15\x95b\x17\xab\xe4?\x96\x95\xa4kP\x99YO\xb8V\xd5p\x90X\xaaf', 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) fallocate(r3, 0x0, 0x400000000000000, 0x7) r4 = socket(0x10, 0x800, 0x0) sendmsg$nl_route(r4, 0x0, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r6 = socket(0x400000000010, 0x3, 0x0) r7 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000002c0)=@newtfilter={0xc4, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, r8, {0x0, 0x7}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_fw={{0x7}, {0x98, 0x2, [@TCA_FW_ACT={0x94, 0x4, [@m_skbedit={0x90, 0x1c, 0x0, 0x0, {{0xc}, {0x64, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_QUEUE_MAPPING={0x6}, @TCA_SKBEDIT_MARK={0x8, 0x5, 0x7}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x4, 0x3, 0x3, 0x10001, 0x8}}, @TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x6}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x7, 0x832, 0x6, 0x8, 0x3}}, @TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x2}, @TCA_SKBEDIT_PTYPE={0x6, 0x7, 0x2}, @TCA_SKBEDIT_MARK={0x8, 0x5, 0x7fff}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}]}}]}, 0xc4}, 0x1, 0x0, 0x0, 0x81}, 0x800) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) write(0xffffffffffffffff, &(0x7f00000002c0), 0x0) syz_emit_ethernet(0x86, &(0x7f0000000040)=ANY=[@ANYBLOB="bbbbbbbbbbbb000000000000080200000000000000000201907864010101ac1414bb030390780006001f47eb07ff00681ce2d92f0e5c64010102ac1414368611000000030709a8806558a18f92010244344c01e0000002000000097f000001000000057f000001000200057f00000100000000ac1414bb00000329e000000200000004000000"], 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000400)={0x2, 0x4e20, @remote}, 0x10) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005240)=[{{0x0, 0x0, 0x0}, 0xfffffdef}], 0x4000095, 0x0) 251.893466ms ago: executing program 0 (id=53): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x20800, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x0) 203.740416ms ago: executing program 2 (id=54): r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x40, 0x4d8, 0xf372, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x3}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000000c0)={0x2c, &(0x7f00000002c0)=ANY=[@ANYBLOB="000a560000005609001c0000004dc2396935f3a7492c149b1d079fe8e7d9a354f0f1a3458343b820cbc64e8e9975696f77242215693cbe64abfe8485dbe73976202bba64d52b3ad10733c244d1f7540d23c29670a628b1f8480000004f53a2cea7c955ab81ff6a0e79a9f04500bf5d22b40d41d75d18aaed3caea19225b04f87183df3822818599ca3175aa5a9d567370a695ba1f76a37997a0cf6b9d99abafdd3c1989e75fd12f468bc2f114184b941f05c22426e85bfea1e69b3c4b25e158c3d55889afa7aec230a681fdc1174c3a517298cff0c56df2c7673c8c72910f716cf9eb07826305fe08bc0fb7b5e24a4421a00429ed77ac0bbd83608f21f97470968765b7d830cff50afd734e857f940c13a511379781d8110d0dd17726dd93e97641c7319ef84a018ad4b9c3c62481b6b4ea5aba3e97c7dc335d31cc9"], 0x0, 0x0, 0x0, 0x0}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x1e, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaa0baaaaaaaaaacfb00c0300006000ae00008df305400000002d"], 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='status\x00') socket$inet6_tcp(0xa, 0x1, 0x0) 117.974438ms ago: executing program 1 (id=55): r0 = socket$key(0xf, 0x3, 0x2) r1 = dup2(r0, r0) sendmsg$key(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x2, 0x13, 0x0, 0x3, 0x5, 0x0, 0x70bd29, 0x25dfdbfb, [@sadb_address={0x3, 0x7, 0x33, 0x80, 0x0, @in={0x2, 0x4e24, @multicast1}}]}, 0x28}}, 0x4) 0s ago: executing program 1 (id=56): openat$sysfs(0xffffff9c, &(0x7f00000037c0)='/sys/kernel/notes', 0x0, 0x44) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="f8000000160001000000000000000000ff01000000000000000000000000000100000000000000000000ffff0000000000000000000000004a8a1f09244c6916", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000ffffac14142300000000330000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f1ffffffffffffff03000000000000000000000000000000000000000000000000000000000000000000000000000000feffffffffffffff0000000000000000960700000000000000000000000000001000"], 0xf8}}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000240)={@ipv4={'\x00', '\xff\xff', @multicast1}, @mcast2, @remote, 0x0, 0x40, 0x0, 0x500, 0x9, 0x6400120}) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="d80100001c0001"], 0x1d8}}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.8' (ED25519) to the list of known hosts. [ 70.559719][ T5776] cgroup: Unknown subsys name 'net' [ 70.728201][ T5776] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 71.655992][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.662808][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 72.414136][ T5776] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 73.946955][ T5787] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 73.970234][ T5787] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 73.978455][ T5787] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 73.991098][ T5787] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 74.010313][ T5787] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 74.017751][ T5787] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 74.059728][ T5787] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 74.068845][ T5787] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 74.078905][ T5787] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 74.087926][ T5787] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 74.112395][ T50] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 74.124368][ T5793] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 74.133677][ T5793] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 74.142412][ T5793] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 74.202506][ T5795] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 74.207712][ T5793] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 74.217776][ T5795] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 74.218457][ T5793] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 74.234432][ T5793] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 74.237077][ T5795] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 74.242333][ T5793] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 74.249743][ T5795] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 74.256257][ T5793] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 74.263898][ T5795] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 74.630819][ T5785] chnl_net:caif_netlink_parms(): no params data found [ 74.847589][ T5785] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.855072][ T5785] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.863321][ T5785] bridge_slave_0: entered allmulticast mode [ 74.870558][ T5785] bridge_slave_0: entered promiscuous mode [ 74.884380][ T5785] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.891851][ T5785] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.899028][ T5785] bridge_slave_1: entered allmulticast mode [ 74.906484][ T5785] bridge_slave_1: entered promiscuous mode [ 74.917451][ T5790] chnl_net:caif_netlink_parms(): no params data found [ 74.933185][ T5788] chnl_net:caif_netlink_parms(): no params data found [ 75.016808][ T5785] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 75.030994][ T5785] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 75.067728][ T5792] chnl_net:caif_netlink_parms(): no params data found [ 75.141124][ T5785] team0: Port device team_slave_0 added [ 75.147425][ T5790] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.155268][ T5790] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.163111][ T5790] bridge_slave_0: entered allmulticast mode [ 75.171173][ T5790] bridge_slave_0: entered promiscuous mode [ 75.187223][ T5790] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.194939][ T5790] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.202452][ T5790] bridge_slave_1: entered allmulticast mode [ 75.209673][ T5790] bridge_slave_1: entered promiscuous mode [ 75.227220][ T5785] team0: Port device team_slave_1 added [ 75.321513][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 75.328710][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.355835][ T5785] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 75.381773][ T5790] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 75.394627][ T5790] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 75.404773][ T5788] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.412052][ T5788] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.419247][ T5788] bridge_slave_0: entered allmulticast mode [ 75.426585][ T5788] bridge_slave_0: entered promiscuous mode [ 75.434759][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 75.443160][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.470342][ T5785] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 75.509477][ T5788] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.517168][ T5788] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.524690][ T5788] bridge_slave_1: entered allmulticast mode [ 75.532486][ T5788] bridge_slave_1: entered promiscuous mode [ 75.596263][ T5788] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 75.606178][ T5792] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.614105][ T5792] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.621577][ T5792] bridge_slave_0: entered allmulticast mode [ 75.628564][ T5792] bridge_slave_0: entered promiscuous mode [ 75.639340][ T5790] team0: Port device team_slave_0 added [ 75.648643][ T5790] team0: Port device team_slave_1 added [ 75.668663][ T5788] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 75.693290][ T5792] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.700642][ T5792] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.707824][ T5792] bridge_slave_1: entered allmulticast mode [ 75.715660][ T5792] bridge_slave_1: entered promiscuous mode [ 75.800774][ T5785] hsr_slave_0: entered promiscuous mode [ 75.807699][ T5785] hsr_slave_1: entered promiscuous mode [ 75.822498][ T5788] team0: Port device team_slave_0 added [ 75.832522][ T5792] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 75.842735][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 75.849814][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.876398][ T5790] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 75.899862][ T5788] team0: Port device team_slave_1 added [ 75.919759][ T5792] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 75.940599][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 75.947589][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.974134][ T5790] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 76.033870][ T5792] team0: Port device team_slave_0 added [ 76.046410][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 76.054346][ T5787] Bluetooth: hci0: command tx timeout [ 76.054960][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.086003][ T5788] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 76.099327][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 76.106507][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.133986][ T5788] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 76.148558][ T5792] team0: Port device team_slave_1 added [ 76.211575][ T5787] Bluetooth: hci1: command tx timeout [ 76.230542][ T5790] hsr_slave_0: entered promiscuous mode [ 76.237234][ T5790] hsr_slave_1: entered promiscuous mode [ 76.244324][ T5790] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 76.252410][ T5790] Cannot create hsr debugfs directory [ 76.290677][ T5787] Bluetooth: hci2: command tx timeout [ 76.298069][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 76.305239][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.331976][ T5792] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 76.364370][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 76.371586][ T5787] Bluetooth: hci3: command tx timeout [ 76.373654][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.404441][ T5792] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 76.448340][ T5788] hsr_slave_0: entered promiscuous mode [ 76.455163][ T5788] hsr_slave_1: entered promiscuous mode [ 76.462587][ T5788] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 76.470538][ T5788] Cannot create hsr debugfs directory [ 76.627160][ T5792] hsr_slave_0: entered promiscuous mode [ 76.634092][ T5792] hsr_slave_1: entered promiscuous mode [ 76.641142][ T5792] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 76.648733][ T5792] Cannot create hsr debugfs directory [ 76.815597][ T5785] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 76.844337][ T5785] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 76.855884][ T5785] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 76.883254][ T5785] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 76.983146][ T5790] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 77.001646][ T5790] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 77.012181][ T5790] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 77.025918][ T5790] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 77.109287][ T5788] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 77.140762][ T5788] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 77.152442][ T5788] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 77.165722][ T5788] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 77.248640][ T5792] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 77.260639][ T5792] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 77.271952][ T5792] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 77.284773][ T5792] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 77.371991][ T5785] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.431637][ T5785] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.448866][ T41] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.456990][ T41] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.499364][ T3469] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.506699][ T3469] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.575864][ T5790] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.602377][ T5788] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.656798][ T5790] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.679365][ T5792] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.718144][ T5788] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.737680][ T41] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.744876][ T41] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.757395][ T41] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.764729][ T41] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.817887][ T1318] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.825365][ T1318] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.857708][ T5792] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.878642][ T1318] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.886038][ T1318] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.949126][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.956462][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.993835][ T3469] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.001159][ T3469] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.141052][ T5787] Bluetooth: hci0: command tx timeout [ 78.160048][ T5785] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.291290][ T5787] Bluetooth: hci1: command tx timeout [ 78.304710][ T5785] veth0_vlan: entered promiscuous mode [ 78.339189][ T5785] veth1_vlan: entered promiscuous mode [ 78.372043][ T5787] Bluetooth: hci2: command tx timeout [ 78.461802][ T5787] Bluetooth: hci3: command tx timeout [ 78.473515][ T5785] veth0_macvtap: entered promiscuous mode [ 78.499944][ T5785] veth1_macvtap: entered promiscuous mode [ 78.593965][ T5788] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.613572][ T5790] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.649261][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 78.677509][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 78.705773][ T5792] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.738256][ T5785] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.747563][ T5785] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.756675][ T5785] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.765997][ T5785] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.809769][ T5790] veth0_vlan: entered promiscuous mode [ 78.846394][ T5790] veth1_vlan: entered promiscuous mode [ 78.921792][ T5792] veth0_vlan: entered promiscuous mode [ 78.938734][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.940848][ T5788] veth0_vlan: entered promiscuous mode [ 78.967353][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.013991][ T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.021265][ T5790] veth0_macvtap: entered promiscuous mode [ 79.031413][ T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.035146][ T5788] veth1_vlan: entered promiscuous mode [ 79.059180][ T5790] veth1_macvtap: entered promiscuous mode [ 79.089325][ T5792] veth1_vlan: entered promiscuous mode [ 79.137589][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 79.154172][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.194480][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 79.225239][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 79.242586][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.258234][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 79.283393][ T5790] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.296981][ T5790] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.306955][ T5790] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.319060][ T5790] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.359235][ T5788] veth0_macvtap: entered promiscuous mode [ 79.383093][ T5792] veth0_macvtap: entered promiscuous mode [ 79.402360][ T5788] veth1_macvtap: entered promiscuous mode [ 79.429892][ T5792] veth1_macvtap: entered promiscuous mode [ 79.499430][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 79.530342][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.546413][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 79.557553][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.585055][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 79.619423][ T3469] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.623060][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 79.632583][ T3469] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.649228][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.663768][ T5874] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 79.674863][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 79.690521][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.704040][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 79.734423][ T5788] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.744182][ T5788] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.758823][ T5788] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.768061][ T5788] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.783173][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 79.793933][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.805299][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 79.818000][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.828225][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 79.838933][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.850979][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 79.884743][ T3469] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.897240][ T3469] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.908053][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 79.919577][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.929725][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 79.940949][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.951047][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 79.960731][ T42] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 79.961655][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 79.989752][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 80.004836][ T5792] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.013967][ T5792] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.023634][ T5792] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.032837][ T5792] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.152111][ T42] usb 3-1: Using ep0 maxpacket: 8 [ 80.176326][ T42] usb 3-1: config index 0 descriptor too short (expected 6427, got 27) [ 80.196512][ T42] usb 3-1: config 0 has an invalid interface number: 21 but max is 0 [ 80.211145][ T5787] Bluetooth: hci0: command tx timeout [ 80.223207][ T41] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.243216][ T42] usb 3-1: config 0 has no interface number 0 [ 80.249494][ T42] usb 3-1: config 0 interface 21 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 80.261128][ T41] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.281318][ T42] usb 3-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 80.317616][ T42] usb 3-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0 [ 80.332267][ T42] usb 3-1: Product: syz [ 80.345154][ T42] usb 3-1: config 0 descriptor?? [ 80.351266][ T41] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.358463][ T5874] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 80.369610][ T41] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.377498][ T5787] Bluetooth: hci1: command tx timeout [ 80.451373][ T5787] Bluetooth: hci2: command tx timeout [ 80.479210][ T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.516858][ T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.530392][ T5787] Bluetooth: hci3: command tx timeout [ 80.642594][ T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.671302][ T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.845025][ T5886] syz.1.2 uses obsolete (PF_INET,SOCK_PACKET) [ 80.906970][ T5886] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2'. [ 80.956128][ T5884] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2'. [ 81.122451][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 81.132125][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 81.141438][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 81.151528][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 81.691674][ T5864] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 81.777501][ T5904] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 81.793162][ T5904] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 81.941980][ T5864] usb 2-1: config 0 has no interfaces? [ 81.966522][ T5864] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 82.062057][ T5864] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 82.090353][ T5864] usb 2-1: Product: syz [ 82.103903][ T5864] usb 2-1: Manufacturer: syz [ 82.114190][ T5864] usb 2-1: SerialNumber: syz [ 82.142386][ T5864] usb 2-1: config 0 descriptor?? [ 82.300614][ T5787] Bluetooth: hci0: command tx timeout [ 82.450784][ T5787] Bluetooth: hci1: command tx timeout [ 82.531639][ T5787] Bluetooth: hci2: command tx timeout [ 82.621498][ T5795] Bluetooth: hci3: command tx timeout [ 82.932163][ T5911] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 82.981126][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 82.989562][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 83.086257][ T787] usb 3-1: USB disconnect, device number 2 [ 83.445311][ T5897] veth0_vlan: left promiscuous mode [ 83.482518][ T5897] veth0_vlan: entered promiscuous mode [ 83.544081][ T5901] tipc: Started in network mode [ 83.570517][ T5901] tipc: Node identity aaaaaaaaaa34, cluster identity 4711 [ 83.581684][ T5901] tipc: Enabled bearer , priority 10 [ 83.670167][ T2200] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 83.748039][ T5821] usb 2-1: USB disconnect, device number 2 [ 83.923663][ T2200] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 83.942555][ T2200] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 83.959382][ T2200] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 83.969491][ T2200] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 83.991698][ T2200] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 84.003628][ T2200] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 84.028374][ T2200] usb 4-1: Manufacturer: syz [ 84.057233][ T2200] usb 4-1: config 0 descriptor?? [ 84.269627][ T5897] syz.1.9 (5897) used greatest stack depth: 20872 bytes left [ 84.504245][ T2200] appleir 0003:05AC:8243.0001: unknown main item tag 0x0 [ 84.543074][ T2200] appleir 0003:05AC:8243.0001: No inputs registered, leaving [ 84.581229][ T787] tipc: Node number set to 10398378 [ 84.611946][ T2200] appleir 0003:05AC:8243.0001: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0 [ 84.849470][ T5927] netlink: 72 bytes leftover after parsing attributes in process `syz.1.15'. [ 85.066043][ T5934] netlink: 452 bytes leftover after parsing attributes in process `syz.2.18'. [ 85.644703][ T5944] loop2: detected capacity change from 0 to 7 [ 85.743899][ T11] tipc: Resetting bearer [ 85.806125][ T5944] Dev loop2: unable to read RDB block 7 [ 85.826382][ T5944] loop2: unable to read partition table [ 85.844805][ T5944] loop2: partition table beyond EOD, truncated [ 85.847965][ T11] tipc: Disabling bearer [ 85.866295][ T5944] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 85.917435][ T5158] Dev loop2: unable to read RDB block 7 [ 85.927449][ T5158] loop2: unable to read partition table [ 85.937840][ T5158] loop2: partition table beyond EOD, truncated [ 86.044339][ T2200] usb 4-1: reset high-speed USB device number 2 using dummy_hcd [ 86.330281][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 86.640597][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 86.670183][ T786] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 86.749941][ T5954] tipc: Started in network mode [ 86.757166][ T5954] tipc: Node identity aaaaaaaaaa34, cluster identity 4711 [ 86.765481][ T5954] tipc: Enabled bearer , priority 10 [ 86.860471][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 86.952061][ T786] usb 2-1: config 0 has no interfaces? [ 86.960049][ T786] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 86.972877][ T786] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 86.994873][ T786] usb 2-1: Product: syz [ 86.999081][ T786] usb 2-1: Manufacturer: syz [ 87.019402][ T786] usb 2-1: SerialNumber: syz [ 87.045522][ T786] usb 2-1: config 0 descriptor?? [ 87.060462][ T8] cfg80211: failed to load regulatory.db [ 87.233863][ T23] usb 4-1: USB disconnect, device number 2 [ 87.527741][ T5968] netlink: 452 bytes leftover after parsing attributes in process `syz.0.28'. [ 87.554238][ T5967] tipc: Enabled bearer , priority 0 [ 87.588765][ T5967] syzkaller0: entered promiscuous mode [ 87.605779][ T5967] syzkaller0: entered allmulticast mode [ 87.615843][ T5821] usb 2-1: USB disconnect, device number 3 [ 87.652647][ T5967] tipc: Resetting bearer [ 87.672775][ T5965] tipc: Resetting bearer [ 87.764926][ T5965] tipc: Disabling bearer [ 88.171394][ T23] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 88.206748][ T5982] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 88.304221][ T786] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 88.410448][ T23] usb 1-1: Using ep0 maxpacket: 8 [ 88.435415][ T23] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 88.462750][ T23] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 88.476260][ T23] usb 1-1: New USB device found, idVendor=0c70, idProduct=f00a, bcdDevice= 0.00 [ 88.494021][ T23] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 88.508175][ T786] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 88.529395][ T23] usb 1-1: config 0 descriptor?? [ 88.539890][ T786] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 88.557546][ T786] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 88.568793][ T786] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 88.583106][ T5846] tipc: Node number set to 10398378 [ 88.601613][ T786] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 88.611977][ T786] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 88.636003][ T786] usb 3-1: Manufacturer: syz [ 88.665064][ T786] usb 3-1: config 0 descriptor?? [ 88.686479][ T5992] netlink: 452 bytes leftover after parsing attributes in process `syz.1.37'. [ 88.843878][ T5994] tipc: Enabled bearer , priority 0 [ 88.854496][ T5994] syzkaller0: entered promiscuous mode [ 88.860033][ T5994] syzkaller0: entered allmulticast mode [ 88.908556][ T5994] tipc: Resetting bearer [ 88.927978][ T5993] tipc: Resetting bearer [ 88.964755][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 88.985256][ T5993] tipc: Disabling bearer [ 89.099346][ T786] appleir 0003:05AC:8243.0002: unknown main item tag 0x0 [ 89.132575][ T786] appleir 0003:05AC:8243.0002: No inputs registered, leaving [ 89.187727][ T786] appleir 0003:05AC:8243.0002: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0 [ 89.860325][ T786] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 89.964463][ T6013] tipc: Enabling of bearer rejected, already enabled [ 90.053407][ T786] usb 2-1: config 0 has no interfaces? [ 90.073684][ T786] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 90.083424][ T786] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 90.093760][ T786] usb 2-1: Product: syz [ 90.098088][ T786] usb 2-1: Manufacturer: syz [ 90.103895][ T786] usb 2-1: SerialNumber: syz [ 90.116217][ T786] usb 2-1: config 0 descriptor?? [ 90.235729][ T6017] netlink: 452 bytes leftover after parsing attributes in process `syz.3.47'. [ 90.347632][ T6019] tipc: Enabled bearer , priority 0 [ 90.356150][ T6019] syzkaller0: entered promiscuous mode [ 90.362194][ T6019] syzkaller0: entered allmulticast mode [ 90.391203][ T6019] tipc: Resetting bearer [ 90.412449][ T6018] tipc: Resetting bearer [ 90.468174][ T6018] tipc: Disabling bearer [ 90.581256][ T42] usb 2-1: USB disconnect, device number 4 [ 90.592181][ T2200] usb 3-1: reset high-speed USB device number 3 using dummy_hcd [ 90.779251][ T23] usbhid 1-1:0.0: can't add hid device: -71 [ 90.800476][ T23] usbhid: probe of 1-1:0.0 failed with error -71 [ 90.841049][ T23] usb 1-1: USB disconnect, device number 2 [ 91.249868][ T6038] syz.3.52[6038]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 91.375042][ T6041] ================================================================== [ 91.383158][ T6041] BUG: KASAN: slab-use-after-free in xfrm_alloc_spi+0x598/0x11f0 [ 91.390895][ T6041] Read of size 4 at addr ffff8880249544a0 by task syz.1.56/6041 [ 91.398533][ T6041] [ 91.400901][ T6041] CPU: 0 PID: 6041 Comm: syz.1.56 Not tainted syzkaller #0 [ 91.408117][ T6041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 91.418682][ T6041] Call Trace: [ 91.422229][ T6041] [ 91.425167][ T6041] dump_stack_lvl+0x16c/0x230 [ 91.429891][ T6041] ? __lock_acquire+0x7c80/0x7c80 [ 91.434960][ T6041] ? show_regs_print_info+0x20/0x20 [ 91.440378][ T6041] ? load_image+0x3b0/0x3b0 [ 91.445017][ T6041] ? __virt_addr_valid+0x469/0x540 [ 91.450273][ T6041] print_report+0xac/0x220 [ 91.454896][ T6041] ? xfrm_alloc_spi+0x598/0x11f0 [ 91.459929][ T6041] kasan_report+0x117/0x150 [ 91.464521][ T6041] ? xfrm_alloc_spi+0x598/0x11f0 [ 91.469572][ T6041] xfrm_alloc_spi+0x598/0x11f0 [ 91.474338][ T6041] ? xfrm_alloc_spi+0x2a1/0x11f0 [ 91.479538][ T6041] ? verify_spi_info+0x120/0x120 [ 91.484654][ T6041] ? xfrm_find_acq+0x79/0x90 [ 91.489266][ T6041] xfrm_alloc_userspi+0x5d1/0xa90 [ 91.494319][ T6041] ? end_current_label_crit_section+0x170/0x170 [ 91.500577][ T6041] ? apparmor_capable+0x137/0x1a0 [ 91.505632][ T6041] ? xfrm_dump_policy_done+0x90/0x90 [ 91.511197][ T6041] ? __nla_parse+0x40/0x50 [ 91.512004][ T2200] usb 3-1: device descriptor read/64, error -71 [ 91.515817][ T6041] xfrm_user_rcv_msg+0x596/0x870 [ 91.527039][ T6041] ? lockdep_hardirqs_on+0x98/0x150 [ 91.532272][ T6041] ? xfrm_netlink_rcv+0x90/0x90 [ 91.537131][ T6041] ? __local_bh_enable_ip+0x12e/0x1c0 [ 91.542514][ T6041] ? __dev_queue_xmit+0x245/0x35a0 [ 91.547722][ T6041] ? __mutex_trylock_common+0x153/0x250 [ 91.553475][ T6041] netlink_rcv_skb+0x216/0x480 [ 91.558262][ T6041] ? xfrm_netlink_rcv+0x90/0x90 [ 91.563233][ T6041] ? netlink_ack+0x1110/0x1110 [ 91.568028][ T6041] ? netlink_deliver_tap+0x2e/0x1b0 [ 91.573510][ T6041] ? __lock_acquire+0x7c80/0x7c80 [ 91.578617][ T6041] xfrm_netlink_rcv+0x79/0x90 [ 91.583389][ T6041] netlink_unicast+0x751/0x8d0 [ 91.588357][ T6041] netlink_sendmsg+0x8c1/0xbe0 [ 91.593217][ T6041] ? netlink_getsockopt+0x580/0x580 [ 91.598526][ T6041] ? aa_sock_msg_perm+0x94/0x150 [ 91.603495][ T6041] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 91.608779][ T6041] ? security_socket_sendmsg+0x80/0xa0 [ 91.614334][ T6041] ? netlink_getsockopt+0x580/0x580 [ 91.619552][ T6041] ____sys_sendmsg+0x5bf/0x950 [ 91.624356][ T6041] ? __asan_memset+0x22/0x40 [ 91.628982][ T6041] ? __sys_sendmsg_sock+0x30/0x30 [ 91.634117][ T6041] ? __import_iovec+0x5f2/0x860 [ 91.639254][ T6041] ? import_iovec+0x73/0xa0 [ 91.643759][ T6041] ___sys_sendmsg+0x220/0x290 [ 91.648586][ T6041] ? __sys_sendmsg+0x270/0x270 [ 91.653372][ T6041] ? debug_mutex_init+0x38/0x70 [ 91.658236][ T6041] __se_sys_sendmsg+0x1a5/0x270 [ 91.663092][ T6041] ? __x64_sys_sendmsg+0x80/0x80 [ 91.668223][ T6041] ? lockdep_hardirqs_on+0x98/0x150 [ 91.673422][ T6041] do_syscall_64+0x55/0xb0 [ 91.677859][ T6041] ? clear_bhb_loop+0x40/0x90 [ 91.682637][ T6041] ? clear_bhb_loop+0x40/0x90 [ 91.687329][ T6041] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 91.693251][ T6041] RIP: 0033:0x7fc91df8ec29 [ 91.697756][ T6041] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 91.717466][ T6041] RSP: 002b:00007fc91edc0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 91.726284][ T6041] RAX: ffffffffffffffda RBX: 00007fc91e1d5fa0 RCX: 00007fc91df8ec29 [ 91.734436][ T6041] RDX: 0000000000000000 RSI: 0000200000000340 RDI: 0000000000000004 [ 91.742511][ T6041] RBP: 00007fc91e011e41 R08: 0000000000000000 R09: 0000000000000000 [ 91.750505][ T6041] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 91.758751][ T6041] R13: 00007fc91e1d6038 R14: 00007fc91e1d5fa0 R15: 00007ffc2dca3988 [ 91.766820][ T6041] [ 91.770011][ T6041] [ 91.772352][ T6041] Allocated by task 5992: [ 91.776775][ T6041] kasan_set_track+0x4e/0x70 [ 91.781371][ T6041] __kasan_slab_alloc+0x6c/0x80 [ 91.786226][ T6041] slab_post_alloc_hook+0x6e/0x4d0 [ 91.791589][ T6041] kmem_cache_alloc+0x11e/0x2e0 [ 91.796453][ T6041] xfrm_state_alloc+0x22/0x2a0 [ 91.801320][ T6041] __find_acq_core+0x7d8/0x19d0 [ 91.806551][ T6041] xfrm_find_acq+0x6a/0x90 [ 91.810977][ T6041] xfrm_alloc_userspi+0x57a/0xa90 [ 91.816001][ T6041] xfrm_user_rcv_msg+0x596/0x870 [ 91.821026][ T6041] netlink_rcv_skb+0x216/0x480 [ 91.826763][ T6041] xfrm_netlink_rcv+0x79/0x90 [ 91.831610][ T6041] netlink_unicast+0x751/0x8d0 [ 91.836384][ T6041] netlink_sendmsg+0x8c1/0xbe0 [ 91.841338][ T6041] ____sys_sendmsg+0x5bf/0x950 [ 91.846295][ T6041] ___sys_sendmsg+0x220/0x290 [ 91.850985][ T6041] __se_sys_sendmsg+0x1a5/0x270 [ 91.856010][ T6041] do_syscall_64+0x55/0xb0 [ 91.860774][ T6041] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 91.866864][ T6041] [ 91.869279][ T6041] Freed by task 5821: [ 91.873282][ T6041] kasan_set_track+0x4e/0x70 [ 91.877885][ T6041] kasan_save_free_info+0x2e/0x50 [ 91.883006][ T6041] ____kasan_slab_free+0x126/0x1e0 [ 91.888144][ T6041] slab_free_freelist_hook+0x130/0x1b0 [ 91.893618][ T6041] kmem_cache_free+0xf8/0x280 [ 91.898311][ T6041] xfrm_state_gc_task+0x10a/0x160 [ 91.903337][ T6041] process_scheduled_works+0xa45/0x15b0 [ 91.908885][ T6041] worker_thread+0xa55/0xfc0 [ 91.913478][ T6041] kthread+0x2fa/0x390 [ 91.917691][ T6041] ret_from_fork+0x48/0x80 [ 91.923157][ T6041] ret_from_fork_asm+0x11/0x20 [ 91.928283][ T6041] [ 91.930706][ T6041] The buggy address belongs to the object at ffff888024954400 [ 91.930706][ T6041] which belongs to the cache xfrm_state of size 848 [ 91.945070][ T6041] The buggy address is located 160 bytes inside of [ 91.945070][ T6041] freed 848-byte region [ffff888024954400, ffff888024954750) [ 91.958891][ T6041] [ 91.961306][ T6041] The buggy address belongs to the physical page: [ 91.968071][ T6041] page:ffffea0000925500 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x24954 [ 91.978409][ T6041] head:ffffea0000925500 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 91.987420][ T6041] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 91.995425][ T6041] page_type: 0xffffffff() [ 91.999758][ T6041] raw: 00fff00000000840 ffff88801cedb140 dead000000000122 0000000000000000 [ 92.008425][ T6041] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 92.017103][ T6041] page dumped because: kasan: bad access detected [ 92.023783][ T6041] page_owner tracks the page as allocated [ 92.029517][ T6041] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 5968, tgid 5964 (syz.0.28), ts 87511030764, free_ts 87417357361 [ 92.049928][ T6041] post_alloc_hook+0x1cd/0x210 [ 92.054697][ T6041] get_page_from_freelist+0x195c/0x19f0 [ 92.060369][ T6041] __alloc_pages+0x1e3/0x460 [ 92.065070][ T6041] alloc_slab_page+0x5d/0x170 [ 92.069745][ T6041] new_slab+0x87/0x2e0 [ 92.073805][ T6041] ___slab_alloc+0xc6d/0x1300 [ 92.078475][ T6041] kmem_cache_alloc+0x1b7/0x2e0 [ 92.083319][ T6041] xfrm_state_alloc+0x22/0x2a0 [ 92.088168][ T6041] __find_acq_core+0x7d8/0x19d0 [ 92.093119][ T6041] xfrm_find_acq+0x6a/0x90 [ 92.097570][ T6041] xfrm_alloc_userspi+0x57a/0xa90 [ 92.102606][ T6041] xfrm_user_rcv_msg+0x596/0x870 [ 92.107554][ T6041] netlink_rcv_skb+0x216/0x480 [ 92.112449][ T6041] xfrm_netlink_rcv+0x79/0x90 [ 92.117126][ T6041] netlink_unicast+0x751/0x8d0 [ 92.122077][ T6041] netlink_sendmsg+0x8c1/0xbe0 [ 92.126918][ T6041] page last free stack trace: [ 92.131593][ T6041] free_unref_page_prepare+0x7ce/0x8e0 [ 92.137068][ T6041] free_unref_page+0x32/0x2e0 [ 92.141837][ T6041] __unfreeze_partials+0x1cf/0x210 [ 92.146951][ T6041] put_cpu_partial+0x17c/0x250 [ 92.151713][ T6041] __slab_free+0x31d/0x410 [ 92.156217][ T6041] qlist_free_all+0x75/0xe0 [ 92.160751][ T6041] kasan_quarantine_reduce+0x143/0x160 [ 92.166255][ T6041] __kasan_slab_alloc+0x22/0x80 [ 92.171164][ T6041] slab_post_alloc_hook+0x6e/0x4d0 [ 92.176279][ T6041] kmem_cache_alloc+0x11e/0x2e0 [ 92.181226][ T6041] alloc_empty_file+0x9e/0x1d0 [ 92.186083][ T6041] path_openat+0x100/0x3190 [ 92.190602][ T6041] do_filp_open+0x1c5/0x3d0 [ 92.195285][ T6041] do_sys_openat2+0x12c/0x1c0 [ 92.199964][ T6041] __x64_sys_openat+0x139/0x160 [ 92.204831][ T6041] do_syscall_64+0x55/0xb0 [ 92.209286][ T6041] [ 92.211608][ T6041] Memory state around the buggy address: [ 92.217231][ T6041] ffff888024954380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 92.225548][ T6041] ffff888024954400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 92.233772][ T6041] >ffff888024954480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 92.242089][ T6041] ^ [ 92.247221][ T6041] ffff888024954500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 92.255490][ T6041] ffff888024954580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 92.263659][ T6041] ================================================================== [ 92.271804][ C0] vkms_vblank_simulate: vblank timer overrun [ 92.277892][ T6041] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 92.285119][ T6041] CPU: 0 PID: 6041 Comm: syz.1.56 Not tainted syzkaller #0 [ 92.292313][ T6041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 92.302366][ T6041] Call Trace: [ 92.305737][ T6041] [ 92.308681][ T6041] dump_stack_lvl+0x16c/0x230 [ 92.313370][ T6041] ? show_regs_print_info+0x20/0x20 [ 92.318584][ T6041] ? load_image+0x3b0/0x3b0 [ 92.323090][ T6041] panic+0x2c0/0x710 [ 92.327010][ T6041] ? bpf_jit_dump+0xd0/0xd0 [ 92.331533][ T6041] ? _raw_spin_unlock_irqrestore+0xa9/0x110 [ 92.337447][ T6041] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 92.343534][ T6041] ? _raw_spin_unlock+0x40/0x40 [ 92.348924][ T6041] ? print_memory_metadata+0x314/0x400 [ 92.354775][ T6041] ? xfrm_alloc_spi+0x598/0x11f0 [ 92.359801][ T6041] check_panic_on_warn+0x84/0xa0 [ 92.364760][ T6041] ? xfrm_alloc_spi+0x598/0x11f0 [ 92.369809][ T6041] end_report+0x6f/0x140 [ 92.374141][ T6041] kasan_report+0x128/0x150 [ 92.378820][ T6041] ? xfrm_alloc_spi+0x598/0x11f0 [ 92.383767][ T6041] xfrm_alloc_spi+0x598/0x11f0 [ 92.388568][ T6041] ? xfrm_alloc_spi+0x2a1/0x11f0 [ 92.393549][ T6041] ? verify_spi_info+0x120/0x120 [ 92.398500][ T6041] ? xfrm_find_acq+0x79/0x90 [ 92.403132][ T6041] xfrm_alloc_userspi+0x5d1/0xa90 [ 92.408270][ T6041] ? end_current_label_crit_section+0x170/0x170 [ 92.414718][ T6041] ? apparmor_capable+0x137/0x1a0 [ 92.419937][ T6041] ? xfrm_dump_policy_done+0x90/0x90 [ 92.425223][ T6041] ? __nla_parse+0x40/0x50 [ 92.430170][ T6041] xfrm_user_rcv_msg+0x596/0x870 [ 92.435501][ T6041] ? lockdep_hardirqs_on+0x98/0x150 [ 92.440766][ T6041] ? xfrm_netlink_rcv+0x90/0x90 [ 92.445796][ T6041] ? __local_bh_enable_ip+0x12e/0x1c0 [ 92.451285][ T6041] ? __dev_queue_xmit+0x245/0x35a0 [ 92.456398][ T6041] ? __mutex_trylock_common+0x153/0x250 [ 92.462041][ T6041] netlink_rcv_skb+0x216/0x480 [ 92.466954][ T6041] ? xfrm_netlink_rcv+0x90/0x90 [ 92.471998][ T6041] ? netlink_ack+0x1110/0x1110 [ 92.476777][ T6041] ? netlink_deliver_tap+0x2e/0x1b0 [ 92.482066][ T6041] ? __lock_acquire+0x7c80/0x7c80 [ 92.487207][ T6041] xfrm_netlink_rcv+0x79/0x90 [ 92.492057][ T6041] netlink_unicast+0x751/0x8d0 [ 92.496826][ T6041] netlink_sendmsg+0x8c1/0xbe0 [ 92.501607][ T6041] ? netlink_getsockopt+0x580/0x580 [ 92.507344][ T6041] ? aa_sock_msg_perm+0x94/0x150 [ 92.512385][ T6041] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 92.517796][ T6041] ? security_socket_sendmsg+0x80/0xa0 [ 92.523440][ T6041] ? netlink_getsockopt+0x580/0x580 [ 92.528646][ T6041] ____sys_sendmsg+0x5bf/0x950 [ 92.533593][ T6041] ? __asan_memset+0x22/0x40 [ 92.538212][ T6041] ? __sys_sendmsg_sock+0x30/0x30 [ 92.543255][ T6041] ? __import_iovec+0x5f2/0x860 [ 92.548203][ T6041] ? import_iovec+0x73/0xa0 [ 92.552728][ T6041] ___sys_sendmsg+0x220/0x290 [ 92.557548][ T6041] ? __sys_sendmsg+0x270/0x270 [ 92.562444][ T6041] ? debug_mutex_init+0x38/0x70 [ 92.567637][ T6041] __se_sys_sendmsg+0x1a5/0x270 [ 92.572798][ T6041] ? __x64_sys_sendmsg+0x80/0x80 [ 92.577991][ T6041] ? lockdep_hardirqs_on+0x98/0x150 [ 92.583196][ T6041] do_syscall_64+0x55/0xb0 [ 92.587785][ T6041] ? clear_bhb_loop+0x40/0x90 [ 92.592464][ T6041] ? clear_bhb_loop+0x40/0x90 [ 92.597137][ T6041] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 92.603138][ T6041] RIP: 0033:0x7fc91df8ec29 [ 92.607561][ T6041] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 92.627613][ T6041] RSP: 002b:00007fc91edc0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 92.636044][ T6041] RAX: ffffffffffffffda RBX: 00007fc91e1d5fa0 RCX: 00007fc91df8ec29 [ 92.644192][ T6041] RDX: 0000000000000000 RSI: 0000200000000340 RDI: 0000000000000004 [ 92.652260][ T6041] RBP: 00007fc91e011e41 R08: 0000000000000000 R09: 0000000000000000 [ 92.660239][ T6041] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 92.668396][ T6041] R13: 00007fc91e1d6038 R14: 00007fc91e1d5fa0 R15: 00007ffc2dca3988 [ 92.676640][ T6041] [ 92.680829][ T6041] Kernel Offset: disabled [ 92.685265][ T6041] Rebooting in 86400 seconds..