last executing test programs: 8.274670087s ago: executing program 3 (id=4): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xc) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f00000002c0)={0x1, r1}) 8.203685948s ago: executing program 0 (id=1): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000340)={0x1d, r2, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000540)="81b641f1f3843704b6", 0x9}], 0x1}, 0x4048081) setsockopt$SO_J1939_FILTER(r1, 0x6b, 0x1, &(0x7f0000000580)=[{0x3, 0x2, {0x0, 0x1, 0x2}, {}, 0x2}, {0x2, 0x3, {0x2, 0xff, 0x2}, {0x2, 0x1, 0x1}, 0x1, 0x2}], 0x40) sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x74, r2, {0xfffd, 0xffeb}, {0x1, 0x1}, {0xfff2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x850) 8.164241881s ago: executing program 1 (id=2): syz_open_dev$vim2m(&(0x7f0000000080), 0x9, 0x2) bpf$MAP_CREATE(0x0, &(0x7f0000000f80)=@bloom_filter={0x1e, 0x0, 0x3, 0x5, 0x4c, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x8000000}, 0x50) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) r2 = syz_io_uring_setup(0x890, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x1, 0xbfdffffc}, &(0x7f00000000c0)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x85c3}}) io_uring_enter(r2, 0x7323, 0x0, 0x5, 0x0, 0x0) 7.54851432s ago: executing program 2 (id=3): r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0xcf, 0x8b, 0xed, 0x20, 0xfd9, 0x25, 0x2940, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xca, 0xfb, 0x1a}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000e80)={0x84, &(0x7f0000000a80)={0x20, 0x17, 0x2, "b7e4"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) 7.276638654s ago: executing program 3 (id=6): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6161, 0x4d15, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x4f8}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x22, 0xc, {[@local=@item_4={0x3, 0x2, 0x0, "ec948809"}, @local=@item_4={0x3, 0x2, 0x0, "fa421759"}, @main=@item_012={0x0, 0x0, 0x8}, @local=@item_012={0x0, 0x2, 0xa}]}}, 0x0}, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0) 6.526005774s ago: executing program 0 (id=7): openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x80) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x4) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$nl_route(0x10, 0x3, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x1fffffffffe, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x9}, 0x0, &(0x7f00000002c0)={0x3fb, 0x8000, 0x400000000001, 0x9, 0x40000000000000, 0xf, 0x80000002, 0x2}, 0x0, 0x0) 6.10659368s ago: executing program 1 (id=8): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000400)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000170000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) pselect6(0x0, 0x0, 0x0, &(0x7f0000000240)={0x1f}, 0x0, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$nl_route(0x10, 0x3, 0x0) write$binfmt_misc(r3, &(0x7f0000000000), 0xfffffecc) splice(r2, 0x0, r4, 0x0, 0x4ffe6, 0x0) 5.267800344s ago: executing program 4 (id=5): r0 = syz_usb_connect(0x3, 0x2d, &(0x7f00000003c0)={{0x12, 0x1, 0x0, 0x5a, 0xe4, 0xc4, 0x10, 0x596, 0x1, 0x5f5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xd6, 0x0, 0x1, 0xb5, 0xe1, 0x45, 0x0, [], [{{0x9, 0x5, 0x83, 0x0, 0x3ff, 0x3, 0x7, 0x4}}]}}]}}]}}, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000740)={0x1c, &(0x7f0000000600)={0x0, 0x15, 0x10, "4e476e4d40b24c1b9ffbfb148cca07d5"}, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) 5.052201182s ago: executing program 0 (id=9): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r3], 0x1c}}, 0x0) write$nci(r0, &(0x7f0000001800)=ANY=[@ANYBLOB="7240082b0102020681055a03997713fa06070202267a"], 0x16) write$nci(r0, 0x0, 0x0) 4.866666255s ago: executing program 1 (id=10): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) pipe(&(0x7f00000001c0)) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000080)={r0, 0xffffffffffffffff, 0x5, 0x2}) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080), 0xfffffebe}], 0x1) 4.620949432s ago: executing program 3 (id=11): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x9, &(0x7f00000003c0)) socket$igmp(0x2, 0x3, 0x2) setitimer(0x0, &(0x7f0000000080)={{}, {0x0, 0xea60}}, 0x0) getitimer(0x0, &(0x7f0000000800)) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x42, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x34}, 0x1, 0x0, 0x0, 0x20008081}, 0x0) read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8) syz_open_procfs$namespace(0x0, 0x0) ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4084) setfsgid(0xffffffffffffffff) socket$inet_udp(0x2, 0x2, 0x0) 4.396128453s ago: executing program 0 (id=12): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f00000001c0)={'batadv_slave_0\x00', 0x0}) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000fdffffee0000000000000000850000002c00000095"], &(0x7f0000000040)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x60, '\x00', r2}, 0x94) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r3, r4}, 0x40) 3.950960562s ago: executing program 1 (id=13): openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) syz_io_uring_setup(0x70e4, &(0x7f0000000800)={0x0, 0x0, 0x10100}, &(0x7f0000000100), 0x0) socket$packet(0x11, 0x2, 0x300) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1f, 0x0, 0x0, 0x0, 0x2000004, 0x0, 0x0, 0x1f00, 0x39, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000340)={0x2, 0x200008, 0x805, 0x20000}, 0x10}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) socket$inet6_mptcp(0xa, 0x1, 0x106) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0x80280, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = syz_io_uring_setup(0x5ce, &(0x7f0000000240)={0x0, 0x7734, 0x0, 0x40000, 0x34f}, &(0x7f00000000c0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2e, 0x0, 0x0, 0x4}]}, 0x10) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0xb2752a96f73d6e14, 0x0, 0x0, 0x0, 0x23456}) io_uring_enter(r1, 0x47bc, 0x0, 0x0, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) 3.657152056s ago: executing program 2 (id=14): socket$nl_sock_diag(0x10, 0x3, 0x4) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84242, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42) ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000001ac0)={r0, 0x4000, {0x0, 0x0, 0x0, 0x2ead, 0x7fff, 0x0, 0x0, 0x0, 0x4, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431a1e77a68e174ff10000000000000010e200"}}) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) 3.455502182s ago: executing program 0 (id=15): bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000340)={'wpan0\x00', 0x0}) sendmsg$IEEE802154_LLSEC_ADD_DEV(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)={0x50, r1, 0x852dd6c070cd7e4d, 0x0, 0x0, {}, [@IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8}, @IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5}, @IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_LLSEC_DEV_KEY_MODE={0x5}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r3}, @IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0x2}, @IEEE802154_ATTR_SHORT_ADDR={0x6}]}, 0x50}, 0x4, 0x700000000000000}, 0x0) 2.078402585s ago: executing program 0 (id=16): r0 = syz_usb_connect(0x3, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000062a10b40450c1010fce60102030109021b00010000000009043200019740a40009058203ff"], 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc, &(0x7f0000000500)=ANY=[@ANYBLOB]) 1.904124738s ago: executing program 4 (id=17): prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000200)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000048c0)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000001d00)=""/1, 0x1}], 0x1}, 0xc}], 0x1, 0x10002, 0x0) 1.866239685s ago: executing program 1 (id=18): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0) dup(r0) r1 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x936, 0x0, 0x0, 0x40000333}, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r1, 0x47ba, 0x0, 0x0, 0x0, 0x0) 1.818920552s ago: executing program 2 (id=19): r0 = socket$netlink(0x10, 0x3, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(0xffffffffffffffff, 0xae03, 0x6) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x840) ioctl$sock_SIOCBRDELBR(r0, 0x89a2, &(0x7f0000000000)='bridge0\x00') syz_emit_ethernet(0x2e, &(0x7f0000000200)={@link_local, @dev, @val={@void, {0x8100, 0x7, 0x0, 0x4}}, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x4, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @multicast1}, @address_request={0x11, 0x0, 0x0, 0x1}}}}}, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) 0s ago: executing program 1 (id=20): syz_open_dev$video(&(0x7f0000000000), 0x8, 0x0) r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) r3 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r2}, &(0x7f0000000100)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r1, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r3, 0x2ded, 0x4000, 0x0, 0x0, 0x0) socket$tipc(0x1e, 0x5, 0x0) r6 = socket$tipc(0x1e, 0x2, 0x0) r7 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r7, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x1}, 0x10) sendmsg$tipc(r6, &(0x7f0000000540)={&(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x4}}, 0x10, 0x0}, 0x10) r8 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r8, &(0x7f00000009c0)={0x2, 0x4e24, @multicast2}, 0x10) syz_io_uring_setup(0x88f, 0x0, &(0x7f0000000000)=0x0, &(0x7f00000000c0)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, 0x0, 0x0, 0x4) r10 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCGICOUNT(r10, 0x545d, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x1) shutdown(r8, 0x1) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000005, 0x11, r0, 0x8cbab000) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.172' (ED25519) to the list of known hosts. [ 171.385420][ T5792] cgroup: Unknown subsys name 'net' [ 171.516715][ T5792] cgroup: Unknown subsys name 'cpuset' [ 171.531516][ T5792] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 177.344137][ T5792] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 181.255999][ T5811] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 181.265388][ T5814] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 181.274287][ T5814] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 181.285599][ T5814] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 181.295708][ T5814] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 181.309599][ T5815] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 181.330780][ T5108] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 181.356735][ T5108] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 181.369509][ T5108] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 181.380394][ T5108] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 181.419050][ T5108] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 181.426828][ T50] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 181.437860][ T5108] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 181.445916][ T50] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 181.455437][ T5108] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 181.464061][ T50] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 181.478026][ T5108] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 181.489101][ T50] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 181.489398][ T5108] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 181.510295][ T5108] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 181.551066][ T5814] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 181.567710][ T5814] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 181.580958][ T5814] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 181.595131][ T5814] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 181.687975][ T5814] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 182.761841][ T5817] chnl_net:caif_netlink_parms(): no params data found [ 183.163388][ T5809] chnl_net:caif_netlink_parms(): no params data found [ 183.424997][ T5814] Bluetooth: hci1: command tx timeout [ 183.433618][ T5814] Bluetooth: hci0: command tx timeout [ 183.564471][ T5813] chnl_net:caif_netlink_parms(): no params data found [ 183.571824][ T5820] Bluetooth: hci3: command tx timeout [ 183.577583][ T5814] Bluetooth: hci2: command tx timeout [ 183.599108][ T5821] chnl_net:caif_netlink_parms(): no params data found [ 183.832784][ T5820] Bluetooth: hci4: command tx timeout [ 184.094011][ T5817] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.102079][ T5817] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.109892][ T5817] bridge_slave_0: entered allmulticast mode [ 184.119589][ T5817] bridge_slave_0: entered promiscuous mode [ 184.136484][ T5816] chnl_net:caif_netlink_parms(): no params data found [ 184.164504][ T5817] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.172458][ T5817] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.180203][ T5817] bridge_slave_1: entered allmulticast mode [ 184.189732][ T5817] bridge_slave_1: entered promiscuous mode [ 184.709355][ T5817] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 184.729634][ T5809] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.739806][ T5809] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.749155][ T5809] bridge_slave_0: entered allmulticast mode [ 184.758753][ T5809] bridge_slave_0: entered promiscuous mode [ 184.856465][ T5817] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 184.868167][ T5809] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.875660][ T5809] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.885451][ T5809] bridge_slave_1: entered allmulticast mode [ 184.894992][ T5809] bridge_slave_1: entered promiscuous mode [ 185.203797][ T5813] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.211403][ T5813] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.219896][ T5813] bridge_slave_0: entered allmulticast mode [ 185.229123][ T5813] bridge_slave_0: entered promiscuous mode [ 185.286951][ T5817] team0: Port device team_slave_0 added [ 185.362801][ T5813] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.373157][ T5813] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.381019][ T5813] bridge_slave_1: entered allmulticast mode [ 185.390398][ T5813] bridge_slave_1: entered promiscuous mode [ 185.440762][ T5817] team0: Port device team_slave_1 added [ 185.448709][ T5816] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.456413][ T5816] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.464281][ T5816] bridge_slave_0: entered allmulticast mode [ 185.473608][ T5816] bridge_slave_0: entered promiscuous mode [ 185.485872][ T5821] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.493854][ T5821] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.501561][ T5821] bridge_slave_0: entered allmulticast mode [ 185.510824][ T5821] bridge_slave_0: entered promiscuous mode [ 185.522959][ T5816] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.530594][ T5816] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.532128][ T5820] Bluetooth: hci0: command tx timeout [ 185.538650][ T5816] bridge_slave_1: entered allmulticast mode [ 185.543938][ T5820] Bluetooth: hci1: command tx timeout [ 185.553471][ T5816] bridge_slave_1: entered promiscuous mode [ 185.569751][ T5821] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.577755][ T5821] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.585339][ T5821] bridge_slave_1: entered allmulticast mode [ 185.594761][ T5821] bridge_slave_1: entered promiscuous mode [ 185.613872][ T5809] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 185.647359][ T5814] Bluetooth: hci3: command tx timeout [ 185.653168][ T5814] Bluetooth: hci2: command tx timeout [ 185.822554][ T5809] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 185.887373][ T5814] Bluetooth: hci4: command tx timeout [ 185.905163][ T5817] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 185.912563][ T5817] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 185.938885][ T5817] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 186.032863][ T5821] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 186.055282][ T5813] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 186.066982][ T5817] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 186.075627][ T5817] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 186.102916][ T5817] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 186.123694][ T5816] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 186.145584][ T5816] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 186.194900][ T5809] team0: Port device team_slave_0 added [ 186.211795][ T5821] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 186.231178][ T5813] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 186.299427][ T5809] team0: Port device team_slave_1 added [ 186.500624][ T5816] team0: Port device team_slave_0 added [ 186.598773][ T5821] team0: Port device team_slave_0 added [ 186.616233][ T5813] team0: Port device team_slave_0 added [ 186.631675][ T5816] team0: Port device team_slave_1 added [ 186.641548][ T5809] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 186.648897][ T5809] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 186.675520][ T5809] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 186.723415][ T5821] team0: Port device team_slave_1 added [ 186.738200][ T5813] team0: Port device team_slave_1 added [ 186.780712][ T5809] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 186.787950][ T5809] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 186.814098][ T5809] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 186.973445][ T5816] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 186.980716][ T5816] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 187.007361][ T5816] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 187.034024][ T5817] hsr_slave_0: entered promiscuous mode [ 187.044201][ T5817] hsr_slave_1: entered promiscuous mode [ 187.128709][ T5813] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 187.135830][ T5813] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 187.162337][ T5813] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 187.198905][ T5816] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 187.205957][ T5816] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 187.232715][ T5816] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 187.269780][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 187.276898][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 187.303449][ T5821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 187.395006][ T5813] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 187.402440][ T5813] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 187.428973][ T5813] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 187.519104][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 187.526208][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 187.552663][ T5821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 187.567456][ T5814] Bluetooth: hci1: command tx timeout [ 187.573036][ T5814] Bluetooth: hci0: command tx timeout [ 187.579243][ T5809] hsr_slave_0: entered promiscuous mode [ 187.589369][ T5809] hsr_slave_1: entered promiscuous mode [ 187.596903][ T5809] debugfs: 'hsr0' already exists in 'hsr' [ 187.604546][ T5809] Cannot create hsr debugfs directory [ 187.727480][ T5820] Bluetooth: hci3: command tx timeout [ 187.733141][ T5814] Bluetooth: hci2: command tx timeout [ 187.945455][ T5821] hsr_slave_0: entered promiscuous mode [ 187.955622][ T5821] hsr_slave_1: entered promiscuous mode [ 187.964076][ T5821] debugfs: 'hsr0' already exists in 'hsr' [ 187.968127][ T5814] Bluetooth: hci4: command tx timeout [ 187.970052][ T5821] Cannot create hsr debugfs directory [ 187.994131][ T5816] hsr_slave_0: entered promiscuous mode [ 188.003977][ T5816] hsr_slave_1: entered promiscuous mode [ 188.012266][ T5816] debugfs: 'hsr0' already exists in 'hsr' [ 188.018662][ T5816] Cannot create hsr debugfs directory [ 188.103211][ T5813] hsr_slave_0: entered promiscuous mode [ 188.113692][ T5813] hsr_slave_1: entered promiscuous mode [ 188.122685][ T5813] debugfs: 'hsr0' already exists in 'hsr' [ 188.128738][ T5813] Cannot create hsr debugfs directory [ 189.269651][ T5817] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 189.401144][ T5817] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 189.488370][ T5817] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 189.579261][ T5817] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 189.697402][ T5814] Bluetooth: hci0: command tx timeout [ 189.702999][ T5814] Bluetooth: hci1: command tx timeout [ 189.744716][ T5809] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 189.785602][ T5809] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 189.828505][ T5809] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 189.834163][ T5820] Bluetooth: hci2: command tx timeout [ 189.836954][ T5814] Bluetooth: hci3: command tx timeout [ 189.861120][ T5809] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 190.042483][ T5816] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 190.069779][ T5814] Bluetooth: hci4: command tx timeout [ 190.163571][ T5813] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 190.186539][ T5816] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 190.209630][ T5816] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 190.244154][ T5816] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 190.288693][ T5813] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 190.318996][ T5813] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 190.396658][ T5813] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 190.464385][ T5821] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 190.520033][ T5821] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 190.581008][ T5821] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 190.665427][ T5821] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 191.078502][ T5817] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.299800][ T5817] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.353194][ T5809] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.455937][ T3878] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.463616][ T3878] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.550729][ T3878] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.558327][ T3878] bridge0: port 2(bridge_slave_1) entered forwarding state [ 191.662911][ T5809] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.765311][ T5816] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.901914][ T3878] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.909577][ T3878] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.925001][ T3878] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.932695][ T3878] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.011952][ T5816] 8021q: adding VLAN 0 to HW filter on device team0 [ 192.084043][ T5813] 8021q: adding VLAN 0 to HW filter on device bond0 [ 192.192457][ T4636] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.200238][ T4636] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.407146][ T4636] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.414630][ T4636] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.456705][ T5821] 8021q: adding VLAN 0 to HW filter on device bond0 [ 192.519020][ T5813] 8021q: adding VLAN 0 to HW filter on device team0 [ 192.684295][ T5809] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 192.756187][ T4636] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.763924][ T4636] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.826476][ T5821] 8021q: adding VLAN 0 to HW filter on device team0 [ 192.938929][ T4636] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.946703][ T4636] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.962341][ T4636] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.969958][ T4636] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.985414][ T4636] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.993036][ T4636] bridge0: port 2(bridge_slave_1) entered forwarding state [ 193.287550][ T5821] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 193.298763][ T5821] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 194.393340][ T5817] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 194.744330][ T5809] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 194.808050][ T5816] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 195.073413][ T5817] veth0_vlan: entered promiscuous mode [ 195.154796][ T5821] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 195.193301][ T5817] veth1_vlan: entered promiscuous mode [ 195.408423][ T5809] veth0_vlan: entered promiscuous mode [ 195.483939][ T5816] veth0_vlan: entered promiscuous mode [ 195.529528][ T5813] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 195.566739][ T5809] veth1_vlan: entered promiscuous mode [ 195.670572][ T5816] veth1_vlan: entered promiscuous mode [ 195.734051][ T5817] veth0_macvtap: entered promiscuous mode [ 195.811313][ T5817] veth1_macvtap: entered promiscuous mode [ 195.932555][ T5809] veth0_macvtap: entered promiscuous mode [ 196.055707][ T5809] veth1_macvtap: entered promiscuous mode [ 196.114021][ T5816] veth0_macvtap: entered promiscuous mode [ 196.170006][ T5817] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 196.235201][ T5816] veth1_macvtap: entered promiscuous mode [ 196.248789][ T5813] veth0_vlan: entered promiscuous mode [ 196.271775][ T5817] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 196.356204][ T5813] veth1_vlan: entered promiscuous mode [ 196.380465][ T5809] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 196.461947][ T5816] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 196.512453][ T4291] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.557724][ T5809] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 196.584489][ T4291] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.613329][ T5816] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 196.643676][ T4291] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.676991][ T4291] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.725956][ T4291] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.759495][ T4291] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.854238][ T4291] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.937641][ T4291] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.966957][ T5813] veth0_macvtap: entered promiscuous mode [ 196.998363][ T4291] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.043407][ T4291] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.059492][ T5813] veth1_macvtap: entered promiscuous mode [ 197.090897][ T4291] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.135637][ T4291] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.259667][ T5813] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 197.360523][ T5813] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 197.437249][ T3689] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.448207][ T3689] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.502031][ T3689] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.536051][ T3689] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.267739][ T5821] veth0_vlan: entered promiscuous mode [ 198.395708][ T5821] veth1_vlan: entered promiscuous mode [ 198.742405][ T5821] veth0_macvtap: entered promiscuous mode [ 198.822251][ T5821] veth1_macvtap: entered promiscuous mode [ 199.026758][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 199.119142][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 199.262620][ T3878] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 199.334468][ T3878] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 199.386999][ T3878] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 199.396311][ T3878] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 203.441750][ T4078] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 203.449970][ T4078] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 203.604989][ T4078] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 203.613196][ T4078] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 203.852951][ T4002] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 203.861223][ T4078] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 203.861317][ T4078] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 203.876675][ T4002] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 204.022089][ T5083] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 204.031259][ T5083] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 204.177695][ T5083] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 204.185710][ T5083] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 204.453271][ T3657] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 204.461470][ T3657] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 204.483824][ T5809] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 204.900702][ T3657] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 204.909069][ T3657] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 205.114184][ T5999] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1'. [ 205.995662][ T5871] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 206.097473][ T5865] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 206.187707][ T5871] usb 3-1: Using ep0 maxpacket: 32 [ 206.199993][ T5871] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 206.209752][ T5871] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 206.277876][ T5865] usb 4-1: Using ep0 maxpacket: 16 [ 206.318313][ T5871] usb 3-1: config 0 descriptor?? [ 206.324916][ T5865] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 206.337300][ T5865] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 206.349058][ T5865] usb 4-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00 [ 206.360722][ T5865] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 206.403576][ T3657] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 206.412079][ T3657] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 206.560429][ T5865] usb 4-1: config 0 descriptor?? [ 206.757921][ T5871] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 206.840909][ T5871] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 206.942005][ T3657] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 206.950301][ T3657] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 206.976101][ T5871] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 206.983879][ T5871] usb 3-1: media controller created [ 207.136023][ T5871] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 207.270282][ T5865] hid (null): bogus close delimiter [ 207.618243][ T5865] usb 4-1: string descriptor 0 read error: -71 [ 207.655934][ T5865] usb 4-1: Max retries (5) exceeded reading string descriptor 200 [ 207.664332][ T5865] letsketch 0003:6161:4D15.0001: probe with driver letsketch failed with error -32 [ 207.690440][ T5865] usb 4-1: USB disconnect, device number 2 [ 208.041617][ T5871] az6027: usb out operation failed. (-71) [ 208.049386][ T5871] stb0899_attach: Driver disabled by Kconfig [ 208.055542][ T5871] az6027: no front-end attached [ 208.055542][ T5871] [ 208.157588][ T24] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 208.208490][ T5871] az6027: usb out operation failed. (-71) [ 208.214519][ T5871] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 208.225090][ T5871] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input5 [ 208.340478][ T5871] dvb-usb: schedule remote query interval to 400 msecs. [ 208.350617][ T5871] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 208.407912][ T24] usb 5-1: Using ep0 maxpacket: 16 [ 208.417542][ T5871] usb 3-1: USB disconnect, device number 2 [ 208.447813][ T24] usb 5-1: config 0 has an invalid interface number: 214 but max is 0 [ 208.456228][ T24] usb 5-1: config 0 has no interface number 0 [ 208.462905][ T24] usb 5-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 1023, setting to 64 [ 208.604067][ T24] usb 5-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 208.613690][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 208.622430][ T24] usb 5-1: Product: syz [ 208.626770][ T24] usb 5-1: Manufacturer: syz [ 208.631641][ T24] usb 5-1: SerialNumber: syz [ 208.780827][ T24] usb 5-1: config 0 descriptor?? [ 209.101312][ T5871] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 209.495635][ T6042] loop6: detected capacity change from 0 to 63 [ 209.509800][ T24] usbtouchscreen 5-1:0.214: probe with driver usbtouchscreen failed with error -71 [ 209.538293][ T6042] Buffer I/O error on dev loop6, logical block 0, async page read [ 209.582369][ T6042] Buffer I/O error on dev loop6, logical block 0, async page read [ 209.610696][ T24] usb 5-1: USB disconnect, device number 2 [ 209.649032][ T6042] Buffer I/O error on dev loop6, logical block 0, async page read [ 209.681351][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 209.729497][ T6042] Buffer I/O error on dev loop6, logical block 0, async page read [ 209.792014][ T6042] Buffer I/O error on dev loop6, logical block 0, async page read [ 209.951732][ T6042] Buffer I/O error on dev loop6, logical block 0, async page read [ 210.110882][ T6042] Buffer I/O error on dev loop6, logical block 0, async page read [ 210.195561][ T6042] Buffer I/O error on dev loop6, logical block 0, async page read [ 210.204523][ T6042] Buffer I/O error on dev loop6, logical block 0, async page read [ 210.216161][ T6042] Buffer I/O error on dev loop6, logical block 0, async page read [ 210.279773][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 210.686865][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 210.891232][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 211.325222][ T6055] bridge0: port 3(syz_tun) entered blocking state [ 211.332435][ T6055] bridge0: port 3(syz_tun) entered disabled state [ 211.339845][ T6055] syz_tun: entered allmulticast mode [ 211.341964][ T0] NOHZ tick-stop error: local softirq work is pending, handler #41!!! [ 211.348566][ T6055] syz_tun: entered promiscuous mode [ 211.354877][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 211.361006][ T6055] bridge0: port 3(syz_tun) entered blocking state [ 211.373825][ T6055] bridge0: port 3(syz_tun) entered forwarding state [ 211.437350][ T24] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 211.612456][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 211.919258][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 212.173336][ T6055] syz_tun: left allmulticast mode [ 212.178858][ T6055] syz_tun: left promiscuous mode [ 212.186091][ T6055] bridge0: port 3(syz_tun) entered disabled state [ 213.261776][ T6054] ===================================================== [ 213.269044][ T6054] BUG: KMSAN: kernel-infoleak in _copy_to_iter+0xf0e/0x33f0 [ 213.276445][ T6054] _copy_to_iter+0xf0e/0x33f0 [ 213.281523][ T6054] rng_recvmsg+0x1af/0x2d0 [ 213.286085][ T6054] sock_recvmsg+0x2dc/0x390 [ 213.290918][ T6054] ____sys_recvmsg+0x193/0x610 [ 213.295864][ T6054] ___sys_recvmsg+0x20b/0x850 [ 213.300819][ T6054] do_recvmmsg+0x50b/0xdf0 [ 213.305427][ T6054] __sys_recvmmsg+0xf3/0x460 [ 213.310326][ T6054] __ia32_compat_sys_recvmmsg_time32+0x102/0x1b0 [ 213.316769][ T6054] ia32_sys_call+0x2970/0x4310 [ 213.321778][ T6054] __do_fast_syscall_32+0xb0/0x150 [ 213.327002][ T6054] do_fast_syscall_32+0x38/0x80 [ 213.333033][ T6054] do_SYSENTER_32+0x1f/0x30 [ 213.337872][ T6054] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 213.344367][ T6054] [ 213.346736][ T6054] [ 213.346736][ T6054] [ 213.360935][ T6054] Uninit was stored to memory at: [ 213.366144][ T6054] crypto_sha3_finup+0x136/0xe00 [ 213.372796][ T6054] crypto_shash_finup+0x324/0xe80 [ 213.378058][ T6054] jent_hash_time+0x247/0x590 [ 213.382855][ T6054] jent_condition_data+0x4f0/0x510 [ 213.388173][ T6054] jent_measure_jitter+0x547/0x770 [ 213.393381][ T6054] jent_gen_entropy+0x209/0x450 [ 213.398477][ T6054] jent_read_entropy+0x353/0xeb0 [ 213.403607][ T6054] jent_kcapi_random+0x6c/0x250 [ 213.408718][ T6054] rng_recvmsg+0x146/0x2d0 [ 213.413234][ T6054] sock_recvmsg+0x2dc/0x390 [ 213.417955][ T6054] ____sys_recvmsg+0x193/0x610 [ 213.422815][ T6054] ___sys_recvmsg+0x20b/0x850 [ 213.427723][ T6054] do_recvmmsg+0x50b/0xdf0 [ 213.432269][ T6054] __sys_recvmmsg+0xf3/0x460 [ 213.436939][ T6054] __ia32_compat_sys_recvmmsg_time32+0x102/0x1b0 [ 213.443521][ T6054] ia32_sys_call+0x2970/0x4310 [ 213.448499][ T6054] __do_fast_syscall_32+0xb0/0x150 [ 213.458966][ T6054] do_fast_syscall_32+0x38/0x80 [ 213.463938][ T6054] do_SYSENTER_32+0x1f/0x30 [ 213.470347][ T6054] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 213.476820][ T6054] [ 213.479310][ T6054] Uninit was stored to memory at: [ 213.484478][ T6054] crypto_shash_finup+0xc5a/0xe80 [ 213.489730][ T6054] jent_hash_time+0x1de/0x590 [ 213.494520][ T6054] jent_condition_data+0x4f0/0x510 [ 213.499980][ T6054] jent_measure_jitter+0x547/0x770 [ 213.505205][ T6054] jent_gen_entropy+0x209/0x450 [ 213.510349][ T6054] jent_read_entropy+0x353/0xeb0 [ 213.515387][ T6054] jent_kcapi_random+0x6c/0x250 [ 213.520518][ T6054] rng_recvmsg+0x146/0x2d0 [ 213.525014][ T6054] sock_recvmsg+0x2dc/0x390 [ 213.529813][ T6054] ____sys_recvmsg+0x193/0x610 [ 213.534708][ T6054] ___sys_recvmsg+0x20b/0x850 [ 213.539592][ T6054] do_recvmmsg+0x50b/0xdf0 [ 213.544103][ T6054] __sys_recvmmsg+0xf3/0x460 [ 213.548890][ T6054] __ia32_compat_sys_recvmmsg_time32+0x102/0x1b0 [ 213.560350][ T6054] ia32_sys_call+0x2970/0x4310 [ 213.565229][ T6054] __do_fast_syscall_32+0xb0/0x150 [ 213.572023][ T6054] do_fast_syscall_32+0x38/0x80 [ 213.576979][ T6054] do_SYSENTER_32+0x1f/0x30 [ 213.581789][ T6054] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 213.588336][ T6054] [ 213.590681][ T6054] Uninit was stored to memory at: [ 213.595815][ T6054] crypto_sha3_finup+0xc98/0xe00 [ 213.600968][ T6054] crypto_shash_finup+0x324/0xe80 [ 213.606098][ T6054] jent_hash_time+0x247/0x590 [ 213.611005][ T6054] jent_condition_data+0x4f0/0x510 [ 213.616533][ T6054] jent_measure_jitter+0x547/0x770 [ 213.621954][ T6054] jent_gen_entropy+0x209/0x450 [ 213.626897][ T6054] jent_read_entropy+0x353/0xeb0 [ 213.632107][ T6054] jent_kcapi_random+0x6c/0x250 [ 213.637228][ T6054] rng_recvmsg+0x146/0x2d0 [ 213.641779][ T6054] sock_recvmsg+0x2dc/0x390 [ 213.646386][ T6054] ____sys_recvmsg+0x193/0x610 [ 213.654875][ T6054] ___sys_recvmsg+0x20b/0x850 [ 213.668557][ T6054] do_recvmmsg+0x50b/0xdf0 [ 213.673111][ T6054] __sys_recvmmsg+0xf3/0x460 [ 213.679343][ T6054] __ia32_compat_sys_recvmmsg_time32+0x102/0x1b0 [ 213.685823][ T6054] ia32_sys_call+0x2970/0x4310 [ 213.690867][ T6054] __do_fast_syscall_32+0xb0/0x150 [ 213.696081][ T6054] do_fast_syscall_32+0x38/0x80 [ 213.701130][ T6054] do_SYSENTER_32+0x1f/0x30 [ 213.705721][ T6054] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 213.712266][ T6054] [ 213.714614][ T6054] Uninit was stored to memory at: [ 213.719839][ T6054] keccakf+0x1efb/0x2110 [ 213.724156][ T6054] crypto_sha3_finup+0x772/0xe00 [ 213.729283][ T6054] crypto_shash_finup+0x324/0xe80 [ 213.734409][ T6054] jent_hash_time+0x247/0x590 [ 213.739298][ T6054] jent_condition_data+0x4f0/0x510 [ 213.744502][ T6054] jent_measure_jitter+0x547/0x770 [ 213.749902][ T6054] jent_gen_entropy+0x209/0x450 [ 213.755056][ T6054] jent_read_entropy+0x353/0xeb0 [ 213.764995][ T6054] jent_kcapi_random+0x6c/0x250 [ 213.771465][ T6054] rng_recvmsg+0x146/0x2d0 [ 213.776074][ T6054] sock_recvmsg+0x2dc/0x390 [ 213.780814][ T6054] ____sys_recvmsg+0x193/0x610 [ 213.785681][ T6054] ___sys_recvmsg+0x20b/0x850 [ 213.790613][ T6054] do_recvmmsg+0x50b/0xdf0 [ 213.795137][ T6054] __sys_recvmmsg+0xf3/0x460 [ 213.799955][ T6054] __ia32_compat_sys_recvmmsg_time32+0x102/0x1b0 [ 213.806386][ T6054] ia32_sys_call+0x2970/0x4310 [ 213.811426][ T6054] __do_fast_syscall_32+0xb0/0x150 [ 213.816656][ T6054] do_fast_syscall_32+0x38/0x80 [ 213.821746][ T6054] do_SYSENTER_32+0x1f/0x30 [ 213.826360][ T6054] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 213.833022][ T6054] [ 213.835373][ T6054] Uninit was stored to memory at: [ 213.840620][ T6054] crypto_sha3_finup+0x5be/0xe00 [ 213.845637][ T6054] crypto_shash_finup+0x324/0xe80 [ 213.850949][ T6054] jent_hash_time+0x247/0x590 [ 213.855741][ T6054] jent_condition_data+0x4f0/0x510 [ 213.865959][ T6054] jent_measure_jitter+0x547/0x770 [ 213.872748][ T6054] jent_gen_entropy+0x209/0x450 [ 213.877825][ T6054] jent_read_entropy+0x353/0xeb0 [ 213.882854][ T6054] jent_kcapi_random+0x6c/0x250 [ 213.887915][ T6054] rng_recvmsg+0x146/0x2d0 [ 213.892400][ T6054] sock_recvmsg+0x2dc/0x390 [ 213.896998][ T6054] ____sys_recvmsg+0x193/0x610 [ 213.902035][ T6054] ___sys_recvmsg+0x20b/0x850 [ 213.906823][ T6054] do_recvmmsg+0x50b/0xdf0 [ 213.911453][ T6054] __sys_recvmmsg+0xf3/0x460 [ 213.916122][ T6054] __ia32_compat_sys_recvmmsg_time32+0x102/0x1b0 [ 213.922650][ T6054] ia32_sys_call+0x2970/0x4310 [ 213.927630][ T6054] __do_fast_syscall_32+0xb0/0x150 [ 213.932835][ T6054] do_fast_syscall_32+0x38/0x80 [ 213.937905][ T6054] do_SYSENTER_32+0x1f/0x30 [ 213.942600][ T6054] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 213.949157][ T6054] [ 213.951510][ T6054] Uninit was stored to memory at: [ 213.956673][ T6054] crypto_sha3_finup+0x136/0xe00 [ 213.967654][ T6054] crypto_shash_finup+0x324/0xe80 [ 213.972848][ T6054] jent_hash_time+0x247/0x590 [ 213.979115][ T6054] jent_condition_data+0x4f0/0x510 [ 213.984335][ T6054] jent_measure_jitter+0x547/0x770 [ 213.989701][ T6054] jent_gen_entropy+0x209/0x450 [ 213.994644][ T6054] jent_read_entropy+0x353/0xeb0 [ 213.999778][ T6054] jent_kcapi_random+0x6c/0x250 [ 214.004729][ T6054] rng_recvmsg+0x146/0x2d0 [ 214.009321][ T6054] sock_recvmsg+0x2dc/0x390 [ 214.014007][ T6054] ____sys_recvmsg+0x193/0x610 [ 214.018962][ T6054] ___sys_recvmsg+0x20b/0x850 [ 214.023713][ T6054] do_recvmmsg+0x50b/0xdf0 [ 214.028318][ T6054] __sys_recvmmsg+0xf3/0x460 [ 214.032983][ T6054] __ia32_compat_sys_recvmmsg_time32+0x102/0x1b0 [ 214.039498][ T6054] ia32_sys_call+0x2970/0x4310 [ 214.044333][ T6054] __do_fast_syscall_32+0xb0/0x150 [ 214.049702][ T6054] do_fast_syscall_32+0x38/0x80 [ 214.054646][ T6054] do_SYSENTER_32+0x1f/0x30 [ 214.059345][ T6054] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 214.070890][ T6054] [ 214.073254][ T6054] Uninit was stored to memory at: [ 214.079893][ T6054] crypto_shash_finup+0xc5a/0xe80 [ 214.085035][ T6054] jent_hash_time+0x1de/0x590 [ 214.089935][ T6054] jent_condition_data+0x4f0/0x510 [ 214.095142][ T6054] jent_measure_jitter+0x547/0x770 [ 214.100443][ T6054] jent_gen_entropy+0x209/0x450 [ 214.105374][ T6054] jent_read_entropy+0x353/0xeb0 [ 214.110535][ T6054] jent_kcapi_random+0x6c/0x250 [ 214.115486][ T6054] rng_recvmsg+0x146/0x2d0 [ 214.120112][ T6054] sock_recvmsg+0x2dc/0x390 [ 214.124725][ T6054] ____sys_recvmsg+0x193/0x610 [ 214.129737][ T6054] ___sys_recvmsg+0x20b/0x850 [ 214.134513][ T6054] do_recvmmsg+0x50b/0xdf0 [ 214.139139][ T6054] __sys_recvmmsg+0xf3/0x460 [ 214.143825][ T6054] __ia32_compat_sys_recvmmsg_time32+0x102/0x1b0 [ 214.150366][ T6054] ia32_sys_call+0x2970/0x4310 [ 214.155541][ T6054] __do_fast_syscall_32+0xb0/0x150 [ 214.160852][ T6054] do_fast_syscall_32+0x38/0x80 [ 214.165804][ T6054] do_SYSENTER_32+0x1f/0x30 [ 214.175376][ T6054] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 214.183307][ T6054] [ 214.185664][ T6054] Local variable intermediary created at: [ 214.191533][ T6054] jent_hash_time+0x9b/0x590 [ 214.196326][ T6054] jent_condition_data+0x4f0/0x510 [ 214.201701][ T6054] [ 214.204073][ T6054] Byte 0 of 1 is uninitialized [ 214.209821][ T6054] Memory access of size 1 starts at ffff888050223890 [ 214.216546][ T6054] Data copied to user address 0000000080001d00 [ 214.223037][ T6054] [ 214.225446][ T6054] CPU: 1 UID: 0 PID: 6054 Comm: syz.4.17 Not tainted 6.17.0-rc1-syzkaller-00224-g8d561baae505 #0 PREEMPT(none) [ 214.237520][ T6054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 214.247750][ T6054] ===================================================== [ 214.254717][ T6054] Disabling lock debugging due to kernel taint [ 214.261055][ T6054] Kernel panic - not syncing: kmsan.panic set ... [ 214.267532][ T6054] CPU: 1 UID: 0 PID: 6054 Comm: syz.4.17 Tainted: G B 6.17.0-rc1-syzkaller-00224-g8d561baae505 #0 PREEMPT(none) [ 214.281021][ T6054] Tainted: [B]=BAD_PAGE [ 214.285206][ T6054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 214.295323][ T6054] Call Trace: [ 214.298740][ T6054] [ 214.301730][ T6054] __dump_stack+0x26/0x30 [ 214.306159][ T6054] dump_stack_lvl+0x53/0x270 [ 214.310843][ T6054] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 214.316766][ T6054] dump_stack+0x1e/0x25 [ 214.321059][ T6054] vpanic+0x361/0xc50 [ 214.325163][ T6054] panic+0x15d/0x160 [ 214.329202][ T6054] kmsan_report+0x31c/0x320 [ 214.333804][ T6054] ? kmsan_internal_check_memory+0x1e1/0x230 [ 214.339862][ T6054] ? kmsan_copy_to_user+0xf1/0x190 [ 214.345049][ T6054] ? _copy_to_iter+0xf0e/0x33f0 [ 214.350021][ T6054] ? rng_recvmsg+0x1af/0x2d0 [ 214.354699][ T6054] ? sock_recvmsg+0x2dc/0x390 [ 214.359474][ T6054] ? ____sys_recvmsg+0x193/0x610 [ 214.364517][ T6054] ? ___sys_recvmsg+0x20b/0x850 [ 214.369478][ T6054] ? do_recvmmsg+0x50b/0xdf0 [ 214.374168][ T6054] ? __sys_recvmmsg+0xf3/0x460 [ 214.379024][ T6054] ? __ia32_compat_sys_recvmmsg_time32+0x102/0x1b0 [ 214.385890][ T6054] ? ia32_sys_call+0x2970/0x4310 [ 214.390901][ T6054] ? __do_fast_syscall_32+0xb0/0x150 [ 214.396281][ T6054] ? do_fast_syscall_32+0x38/0x80 [ 214.401392][ T6054] ? do_SYSENTER_32+0x1f/0x30 [ 214.406157][ T6054] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 214.412777][ T6054] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 214.418969][ T6054] ? __msan_memset+0xf6/0x1b0 [ 214.423731][ T6054] ? jent_read_random_block+0x231/0x270 [ 214.429389][ T6054] ? kmsan_get_metadata+0xfb/0x160 [ 214.434591][ T6054] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 214.440541][ T6054] ? jent_read_entropy+0xe7b/0xeb0 [ 214.445773][ T6054] ? kmsan_get_metadata+0xfb/0x160 [ 214.450974][ T6054] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 214.456902][ T6054] kmsan_internal_check_memory+0x1e1/0x230 [ 214.462824][ T6054] kmsan_copy_to_user+0xf1/0x190 [ 214.467882][ T6054] _copy_to_iter+0xf0e/0x33f0 [ 214.472776][ T6054] ? kmsan_get_metadata+0xfb/0x160 [ 214.478015][ T6054] ? kmsan_internal_task_create+0x31/0x50 [ 214.483905][ T6054] rng_recvmsg+0x1af/0x2d0 [ 214.488407][ T6054] ? aa_sock_msg_perm+0x29c/0x2f0 [ 214.493530][ T6054] ? kmsan_get_metadata+0xfb/0x160 [ 214.498845][ T6054] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 214.504772][ T6054] ? __pfx_rng_recvmsg+0x10/0x10 [ 214.509812][ T6054] ? __pfx_rng_recvmsg+0x10/0x10 [ 214.514858][ T6054] sock_recvmsg+0x2dc/0x390 [ 214.519488][ T6054] ____sys_recvmsg+0x193/0x610 [ 214.524435][ T6054] ? import_iovec+0xb0/0xe0 [ 214.529028][ T6054] ? get_compat_msghdr+0x670/0x740 [ 214.534263][ T6054] ___sys_recvmsg+0x20b/0x850 [ 214.539026][ T6054] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 214.544964][ T6054] ? __fget_files+0x3b4/0x4a0 [ 214.549737][ T6054] ? __fget_files+0x3b9/0x4a0 [ 214.554515][ T6054] ? kmsan_get_metadata+0xfb/0x160 [ 214.559707][ T6054] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 214.565612][ T6054] do_recvmmsg+0x50b/0xdf0 [ 214.570188][ T6054] ? kmsan_get_metadata+0xfb/0x160 [ 214.575440][ T6054] __sys_recvmmsg+0xf3/0x460 [ 214.580141][ T6054] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 214.586082][ T6054] __ia32_compat_sys_recvmmsg_time32+0x102/0x1b0 [ 214.592547][ T6054] ia32_sys_call+0x2970/0x4310 [ 214.597393][ T6054] __do_fast_syscall_32+0xb0/0x150 [ 214.602618][ T6054] do_fast_syscall_32+0x38/0x80 [ 214.607566][ T6054] do_SYSENTER_32+0x1f/0x30 [ 214.612165][ T6054] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 214.618706][ T6054] RIP: 0023:0xf704e539 [ 214.622856][ T6054] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 214.642538][ T6054] RSP: 002b:00000000f543e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000151 [ 214.651055][ T6054] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800048c0 [ 214.659098][ T6054] RDX: 0000000000000001 RSI: 0000000000010002 RDI: 0000000000000000 [ 214.667135][ T6054] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 214.675198][ T6054] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 214.683224][ T6054] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 214.691317][ T6054] [ 214.694704][ T6054] Kernel Offset: disabled [ 214.699082][ T6054] Rebooting in 86400 seconds..