last executing test programs: 10.730118301s ago: executing program 1 (id=355): openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, 0x0) r0 = userfaultfd(0x801) r1 = timerfd_create(0x0, 0x800) timerfd_gettime(r1, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, 0x0) ioctl$UFFDIO_CONTINUE(r0, 0xc020aa08, 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000080)={0xffffffffffffffff}, 0x111, 0x6}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000380)={0x3, 0x40, 0xfa00, {{0xa, 0x4e20, 0xb, @empty, 0x1}, {0xa, 0x4e22, 0x2, @remote, 0x80000000}, r3, 0xfffffe4d}}, 0x48) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000100)={0xffffffffffffffff}, 0x111, 0x8}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000180)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0xe, @empty, 0x2}, {0xa, 0x4e23, 0x7, @remote, 0x3}, r5, 0x7}}, 0x48) syz_emit_ethernet(0x2a, &(0x7f0000000040)={@multicast, @empty, @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x1, @empty, @remote, @multicast, @remote}}}}, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000007fc0), 0x800001d, 0x1c) syz_io_uring_setup(0xf00, &(0x7f0000000080)={0x0, 0x0, 0xc00, 0x0, 0x23}, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180)) socket$nl_generic(0x10, 0x3, 0x10) 10.233368902s ago: executing program 1 (id=358): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @loopback}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000380)='htcp', 0x4) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25) 9.717936848s ago: executing program 0 (id=360): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21}, &(0x7f0000000300)) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0x42795000) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x3736, 0x0, 0x0, 0x41100, 0x11, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) fcntl$lock(r0, 0x410, &(0x7f00000000c0)={0x1, 0x1, 0x1, 0xfffe}) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x40, 0x1) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2141, 0x59) 8.488450238s ago: executing program 0 (id=361): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801000020646c2500000000002020207b1af8ff00"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x18000000000002a0, 0x12, 0x0, &(0x7f00000004c0)="b9fe030768045c8c989a14f088a865f986dd", 0x0, 0x9e, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x4c) 8.369195302s ago: executing program 1 (id=362): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$team(&(0x7f0000000080), r0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000004700)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f00000000c0)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050427bd7000fedbdf250100000008000100", @ANYRES32=r2, @ANYBLOB="4400028040000100240001006d6f646500000000000000000000000000000000000000000000000000000000050003"], 0x60}, 0x1, 0x0, 0x0, 0x4000431}, 0x4040084) 8.261823594s ago: executing program 0 (id=363): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) r0 = syz_open_dev$sndmidi(0x0, 0x2, 0x8081) writev(r0, 0x0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) sendmsg$NL80211_CMD_PROBE_MESH_LINK(0xffffffffffffffff, 0x0, 0x810) setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@multicast2, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x20, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x1, 0x4, 0x0, 0xfffffffffffffff8, 0x0, 0x2}, {0x0, 0x0, 0x400000003, 0xfffffffffffffffc}, 0x1, 0x0, 0x1, 0x0, 0x3}, {{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x4d3, 0x32}, 0x0, @in=@remote, 0x0, 0x0, 0x1, 0xb7, 0x3, 0xfffffffe}}, 0xe4) timerfd_create(0x0, 0x800) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_CONTINUE(0xffffffffffffffff, 0xc020aa08, &(0x7f00000001c0)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000080)={0xffffffffffffffff}, 0x111, 0x6}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000380)={0x3, 0x40, 0xfa00, {{0xa, 0x4e20, 0xb, @empty, 0x1}, {0xa, 0x4e22, 0x2, @remote, 0x80000000}, r3, 0xfffffe4d}}, 0x48) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) syz_open_procfs(0x0, &(0x7f0000000140)='fd/3\x00') write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000100)={0xffffffffffffffff}, 0x111, 0x8}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000180)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0xe, @empty, 0x2}, {0xa, 0x4e23, 0x7, @remote, 0x3}, r5, 0x7}}, 0x48) syz_emit_ethernet(0x2a, &(0x7f0000000040)={@multicast, @empty, @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x1, @empty, @remote, @multicast, @remote}}}}, 0x0) sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x1c) syz_io_uring_setup(0xf00, &(0x7f0000000080)={0x0, 0x0, 0xc00, 0x0, 0x23}, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180)) socket$nl_generic(0x10, 0x3, 0x10) 8.229915203s ago: executing program 1 (id=364): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000000)={0x1d, @remote, 0x4e21, 0x4, 'wlc\x00', 0xa, 0x2, 0x2020067}, 0x2c) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x3, &(0x7f0000000440)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x6, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) io_uring_enter(0xffffffffffffffff, 0x4e14, 0x912a, 0x5f, 0x0, 0xffffffffffffff1d) connect$netrom(r1, &(0x7f0000000300)={{0x6, @rose, 0x1}, [@bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @default, @null]}, 0x48) 7.985319893s ago: executing program 0 (id=366): ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000100)) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r1 = dup3(r0, 0xffffffffffffffff, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000002040)={0x44, 0x0, &(0x7f00000008c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f00000002c0)={0x30, 0x30, 0x30}}}], 0x50, 0x0, &(0x7f0000001040)="5af06de8156099551a6cbf559c293d6c3598bd0756acce46700a60776869155ca1004975408f2ebece4ddedf28bf05efc2b6b702b1c51acac0ded4ddf34032a651e15692bead2132d41ad7cb0215bd0e"}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 7.621766204s ago: executing program 0 (id=369): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x6}, 0x66) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0c000000040000000400000009"], 0x48) 6.475036446s ago: executing program 0 (id=370): arch_prctl$ARCH_GET_UNTAG_MASK(0x4001, &(0x7f0000000040)) socket$netlink(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) getrlimit(0xc, &(0x7f0000000300)) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$wireguard(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000007c0)={0x38, r5, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @b}]}, 0x38}, 0x1, 0x0, 0x0, 0x4004840}, 0x40000) creat(&(0x7f0000000440)='./file0\x00', 0x0) syz_clone(0x1010000, &(0x7f0000000340), 0x0, 0x0, 0x0, 0x0) r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0) sendfile(r6, r6, 0x0, 0x40008) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000005c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x1}}]}}) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0) write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000180)=ANY=[], 0x118) 6.271703048s ago: executing program 3 (id=371): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21}, &(0x7f0000000300)) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0x42795000) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x3736, 0x0, 0x0, 0x41100, 0x11, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) fcntl$lock(r0, 0x410, &(0x7f00000000c0)={0x1, 0x1, 0x1, 0xfffe}) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x40, 0x1) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2141, 0x59) 6.21897734s ago: executing program 2 (id=372): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_DEL_NAN_FUNCTION(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010029bd7000fedbdf25760000003c000300", @ANYRES32=r2], 0x70}, 0x1, 0x0, 0x0, 0x20000801}, 0x20000800) 5.586584719s ago: executing program 2 (id=373): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801000020646c2500000000002020207b1af8ff00"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x18000000000002a0, 0x12, 0x0, &(0x7f00000004c0)="b9fe030768045c8c989a14f088a865f986dd", 0x0, 0x9e, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x4c) 5.083908559s ago: executing program 1 (id=374): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r1, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r1, 0x84, 0x15, &(0x7f0000000080), 0x1) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)={0x4c, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20044000}, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) sendmsg$IPSET_CMD_TEST(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="640000000906010800000000000000000600000505000100070000003c0007801800148014000240fc0000000000000000000000000000011800018014000240ff01000000000000000000000000000105000300070000000900020073797a31"], 0x64}}, 0x4800) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_TEST(r2, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48}, 0x4800) 4.806039664s ago: executing program 4 (id=375): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={{0x14}, [@NFT_MSG_NEWRULE={0x80, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x54, 0x4, 0x0, 0x1, [{0x50, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x40, 0x2, 0x0, 0x1, [@NFTA_INNER_TYPE={0x8, 0x2, 0x1, 0x0, 0x84}, @NFTA_INNER_FLAGS={0x8, 0x3, 0x1, 0x0, 0x5}, @NFTA_INNER_HDRSIZE={0x8, 0x4, 0x1, 0x0, 0xf}, @NFTA_INNER_NUM={0x8}, @NFTA_INNER_EXPR={0x1c, 0x5, 0x0, 0x1, @meta={{0x9}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0x1}]}}}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xa8}}, 0x0) 4.794233777s ago: executing program 3 (id=376): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) r0 = syz_open_dev$sndmidi(0x0, 0x2, 0x8081) writev(r0, 0x0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) sendmsg$NL80211_CMD_PROBE_MESH_LINK(0xffffffffffffffff, 0x0, 0x810) setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@multicast2, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x20, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x1, 0x4, 0x0, 0xfffffffffffffff8, 0x0, 0x2}, {0x0, 0x0, 0x400000003, 0xfffffffffffffffc}, 0x1, 0x0, 0x1, 0x0, 0x3}, {{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x4d3, 0x32}, 0x0, @in=@remote, 0x0, 0x0, 0x1, 0xb7, 0x3, 0xfffffffe}}, 0xe4) timerfd_create(0x0, 0x800) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_CONTINUE(0xffffffffffffffff, 0xc020aa08, &(0x7f00000001c0)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000080)={0xffffffffffffffff}, 0x111, 0x6}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000380)={0x3, 0x40, 0xfa00, {{0xa, 0x4e20, 0xb, @empty, 0x1}, {0xa, 0x4e22, 0x2, @remote, 0x80000000}, r3, 0xfffffe4d}}, 0x48) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) syz_open_procfs(0x0, &(0x7f0000000140)='fd/3\x00') write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000100)={0xffffffffffffffff}, 0x111, 0x8}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000180)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0xe, @empty, 0x2}, {0xa, 0x4e23, 0x7, @remote, 0x3}, r5, 0x7}}, 0x48) syz_emit_ethernet(0x2a, &(0x7f0000000040)={@multicast, @empty, @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x1, @empty, @remote, @multicast, @remote}}}}, 0x0) sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x1c) syz_io_uring_setup(0xf00, &(0x7f0000000080)={0x0, 0x0, 0xc00, 0x0, 0x23}, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180)) socket$nl_generic(0x10, 0x3, 0x10) 4.603056271s ago: executing program 3 (id=377): socket(0x3, 0x4, 0xf3) 4.474189966s ago: executing program 2 (id=378): r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 4.397406263s ago: executing program 3 (id=379): r0 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000002040)={0x44, 0x0, &(0x7f00000008c0)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f00000002c0)={0x30, 0x30, 0x30}}}], 0x50, 0x0, &(0x7f0000001040)="5af06de8156099551a6cbf559c293d6c3598bd0756acce46700a60776869155ca1004975408f2ebece4ddedf28bf05efc2b6b702b1c51acac0ded4ddf34032a651e15692bead2132d41ad7cb0215bd0e"}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 4.319347986s ago: executing program 4 (id=380): r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') r1 = epoll_create(0x80000000) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000080)={0x6000200e}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r3, 0x8983, &(0x7f0000000100)={0x0, 'netdevsim0\x00', {0x1}, 0xfff}) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, 0x0, 0x0) mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='xfs\x00', 0x2208004, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r6, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc680000000c0a010100000000000000000a0000070900020073797a31000000000900010073797a31000000003c0003803800008008000340000000022c00"], 0xcc}, 0x1, 0x0, 0x0, 0x24000850}, 0x40) close(r6) openat$sysfs(0xffffff9c, &(0x7f0000000100)='/sys/power/pm_trace_dev_match', 0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) mount$tmpfs(0x0, &(0x7f0000000000)='.\x00', &(0x7f00000000c0), 0x0, 0x0) 4.141982303s ago: executing program 2 (id=381): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, &(0x7f0000000080)=ANY=[@ANYBLOB="00020201"], 0x18) sendmmsg$inet6(r0, &(0x7f0000000380)=[{{&(0x7f0000000000)={0xa, 0x4e24, 0x8, @dev={0xfe, 0x80, '\x00', 0x1d}, 0x9}, 0x1c, &(0x7f0000000040)=[{&(0x7f0000001fc0)="dc08", 0x2}], 0x1}}], 0x1, 0x4c040) 2.92282413s ago: executing program 3 (id=382): openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, 0x0) r0 = userfaultfd(0x801) r1 = timerfd_create(0x0, 0x800) timerfd_gettime(r1, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, 0x0) ioctl$UFFDIO_CONTINUE(r0, 0xc020aa08, 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, 0x0, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000380)={0x3, 0x40, 0xfa00, {{0xa, 0x4e20, 0xb, @empty, 0x1}, {0xa, 0x4e22, 0x2, @remote, 0x80000000}, 0xffffffffffffffff, 0xfffffe4d}}, 0x48) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000100)={0xffffffffffffffff}, 0x111, 0x8}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r3, &(0x7f0000000180)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0xe, @empty, 0x2}, {0xa, 0x4e23, 0x7, @remote, 0x3}, r4, 0x7}}, 0x48) syz_emit_ethernet(0x2a, &(0x7f0000000040)={@multicast, @empty, @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x1, @empty, @remote, @multicast, @remote}}}}, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000007fc0), 0x800001d, 0x1c) syz_io_uring_setup(0xf00, &(0x7f0000000080)={0x0, 0x0, 0xc00, 0x0, 0x23}, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180)) socket$nl_generic(0x10, 0x3, 0x10) 2.708167015s ago: executing program 1 (id=383): syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x10, 0xc45, 0x5112, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, "", [{{0x9, 0x4, 0x0, 0x7, 0x19, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x200, 0x3, 0x1, {0x22, 0x2d}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0x0, 0xff, 0x3}}}}}]}}]}}, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000040)=0x90000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000000)={@local}) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x101000, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, 0x0, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0), 0x4e2603, 0x0) openat$6lowpan_control(0xffffff9c, &(0x7f0000000040), 0x2, 0x0) pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r1, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x5e}) ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r1, 0x7af, &(0x7f0000000080)={@hyper, 0x2}) r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f0000000040)=0x90000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, &(0x7f0000000240)={@hyper}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r3, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x5e}) close_range(r0, 0xffffffffffffffff, 0x0) 2.569889941s ago: executing program 4 (id=384): socket$nl_netfilter(0x10, 0x3, 0xc) syz_init_net_socket$llc(0x1a, 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket(0x1d, 0x2, 0x6) mq_open(&(0x7f0000000240)='ba\x01adv_slave_1\x00', 0x8c2, 0x30, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xffffffffffffffff, 0x0, 0xfffffffffffffffd, 0x1000001000, 0x46}, 0x0, &(0x7f0000000000)={0x3ff, 0x7, 0xff00, 0x9, 0x0, 0xf, 0x80000002}, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, 0x0) ioctl$XFS_IOC_START_COMMIT(r0, 0x80585882, &(0x7f0000000400)={0xffffffffffffffff}) ioctl$RTC_WKALM_RD(r1, 0x80287010, &(0x7f0000000480)) ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(0xffffffffffffffff, 0x40146f2c, 0x0) sendmsg$NFNL_MSG_ACCT_NEW(0xffffffffffffffff, 0x0, 0x10) syz_open_procfs(0x0, 0x0) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000580)=@raw={'raw\x00', 0x8, 0x3, 0x218, 0xd8, 0x8, 0xfa04, 0xd8, 0x6c02, 0x1d8, 0x194, 0x194, 0x1d8, 0x194, 0x3, 0x0, {[{{@ip={@empty=0x1e00, @broadcast, 0x0, 0x8fb2bd54e1114dfe, 'sit0\x00', 'ip6_vti0\x00', {0xff}, {}, 0x6, 0x0, 0x32}, 0x0, 0x70, 0xb0, 0x0, {0x0, 0x74020000}}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x7d, 0x4, "744e0c8559c5a9128a6df634790dc3271e33969086733af137c08495d02d"}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x19}, 0x1, 0x10, [0x18, 0x2f, 0x22, 0x8, 0x1d, 0x18, 0x15, 0x2e, 0x29, 0x32, 0xe, 0x2, 0x1a, 0x31, 0x39, 0x3f], 0x0, 0x8e, 0xffffffff}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x278) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r2) keyctl$update(0x2, 0x0, 0x0, 0x0) 2.546782455s ago: executing program 3 (id=385): r0 = socket$inet_smc(0x2b, 0x1, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000000)=0xfffffffffffffdf1) setsockopt$sock_int(r0, 0x1, 0x7, &(0x7f0000000080)=0x4000004, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x100, 0x50, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000180)={r1, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f00000002c0)='./cgroup/cgroup.procs\x00', &(0x7f0000000300)=[0x0], 0x0, 0x0, 0x20e6}}, 0x40) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x59, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x6, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r2, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0xcf25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x80}, 0x4c) r3 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'veth0_macvtap\x00', 0x0}) bind$packet(r3, &(0x7f0000000140)={0x11, 0x0, r4, 0x1, 0x6, 0x6, @remote}, 0x14) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000340)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000002, 0x2a012, 0xffffffffffffffff, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000540), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000340)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000000000000100000004000180100002800c00018008000100"], 0x28}}, 0x0) sendmsg$ETHTOOL_MSG_WOL_GET(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000600)={&(0x7f00000004c0)={0xfc, r7, 0x100, 0x70bd25, 0x25dfdbfc, {}, [@HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gretap0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}, @HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}, @HEADER={0x4}, @HEADER={0x5c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}, @HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gretap0\x00'}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}, @HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan1\x00'}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x8040004}, 0x200000c4) vmsplice(r3, &(0x7f0000000180)=[{0x0}, {&(0x7f0000000080)="26a92318688267d13a224879df23f89f89a07577dc22f65f35e73c91bff7310315389c21c36a4da5872a99508c62ee33", 0x30}, {&(0x7f0000000100)="fba293ecaab88d9b38a3448d3cc90871354c207bdd8c393fe391", 0x1a}], 0x3, 0xf) 2.387395485s ago: executing program 2 (id=386): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0x42795000) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x3736, 0x0, 0x0, 0x41100, 0x11, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) fcntl$lock(r1, 0x410, &(0x7f00000000c0)={0x1, 0x1, 0x1, 0xfffe}) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x40, 0x1) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2141, 0x59) 905.402596ms ago: executing program 4 (id=387): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) r0 = syz_open_dev$sndmidi(0x0, 0x2, 0x8081) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0x1}], 0x1) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) sendmsg$NL80211_CMD_PROBE_MESH_LINK(0xffffffffffffffff, 0x0, 0x810) setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@multicast2, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x20, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x1, 0x4, 0x0, 0xfffffffffffffff8, 0x0, 0x2}, {0x0, 0x0, 0x400000003, 0xfffffffffffffffc}, 0x1, 0x0, 0x1, 0x0, 0x3}, {{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x4d3, 0x32}, 0x0, @in=@remote, 0x0, 0x0, 0x1, 0xb7, 0x3, 0xfffffffe}}, 0xe4) timerfd_create(0x0, 0x800) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_CONTINUE(0xffffffffffffffff, 0xc020aa08, &(0x7f00000001c0)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000080)={0xffffffffffffffff}, 0x111, 0x6}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000380)={0x3, 0x40, 0xfa00, {{0xa, 0x4e20, 0xb, @empty, 0x1}, {0xa, 0x4e22, 0x2, @remote, 0x80000000}, r3, 0xfffffe4d}}, 0x48) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) syz_open_procfs(0x0, &(0x7f0000000140)='fd/3\x00') write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000100)={0xffffffffffffffff}, 0x111, 0x8}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000180)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0xe, @empty, 0x2}, {0xa, 0x4e23, 0x7, @remote, 0x3}, r5, 0x7}}, 0x48) syz_emit_ethernet(0x2a, &(0x7f0000000040)={@multicast, @empty, @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x1, @empty, @remote, @multicast, @remote}}}}, 0x0) sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x1c) syz_io_uring_setup(0xf00, &(0x7f0000000080)={0x0, 0x0, 0xc00, 0x0, 0x23}, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180)) socket$nl_generic(0x10, 0x3, 0x10) 653.42328ms ago: executing program 4 (id=388): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801000020646c2500000000002020207b1af8ff00"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r0, 0x18000000000002a0, 0x12, 0x0, &(0x7f00000004c0)="b9fe030768045c8c989a14f088a865f986dd", 0x0, 0x9e, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x4c) 274.108119ms ago: executing program 2 (id=389): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001c00)={0xac, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x3c, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac, {0x0, 0x20}}, 0x0, @random=0x2, 0x1, @void, @void, @val={0x3, 0x1, 0x6}, @void, @void, @void, @void, @val={0x2a, 0x1, {0x1, 0x1, 0x1}}, @val={0x3c, 0x4, {0x0, 0x81, 0xa, 0x3}}, @void, @val={0x72, 0x6}, @void, @void}}, @NL80211_ATTR_BEACON_TAIL={0x3a, 0xf, [@random={0x1, 0x34, "841bb5deded8e4401d1feeeaed09a759d78ab4ab5a9450214d628352a2f0f3980e3a3d98624e30a98403f1936ed3a10f7e71c397"}]}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0xac}}, 0x0) 0s ago: executing program 4 (id=390): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={{0x14}, [@NFT_MSG_NEWRULE={0x80, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x54, 0x4, 0x0, 0x1, [{0x50, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x40, 0x2, 0x0, 0x1, [@NFTA_INNER_TYPE={0x8, 0x2, 0x1, 0x0, 0x84}, @NFTA_INNER_FLAGS={0x8, 0x3, 0x1, 0x0, 0x5}, @NFTA_INNER_HDRSIZE={0x8, 0x4, 0x1, 0x0, 0xf}, @NFTA_INNER_NUM={0x8}, @NFTA_INNER_EXPR={0x1c, 0x5, 0x0, 0x1, @meta={{0x9}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0x1}]}}}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xa8}}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.8' (ED25519) to the list of known hosts. [ 82.790252][ T5779] cgroup: Unknown subsys name 'net' [ 83.034235][ T5779] cgroup: Unknown subsys name 'cpuset' [ 83.085955][ T5779] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 84.969335][ T5779] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 87.041586][ T10] cfg80211: failed to load regulatory.db [ 87.233821][ T5110] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 87.256198][ T5110] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 87.257728][ T5110] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 87.259742][ T5110] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 87.260878][ T5110] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 87.384331][ T59] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 87.394391][ T59] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 87.398186][ T59] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 87.403827][ T59] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 87.408208][ T59] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 87.560464][ T59] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 87.570879][ T59] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 87.578089][ T59] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 87.580229][ T59] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 87.581162][ T59] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 87.670529][ T5110] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 87.685025][ T5110] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 87.691586][ T5110] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 87.716856][ T5793] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 87.747919][ T5793] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 87.750120][ T5793] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 87.752660][ T5807] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 87.765413][ T5807] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 87.784794][ T5807] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 87.788553][ T5807] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 88.518226][ T5792] chnl_net:caif_netlink_parms(): no params data found [ 88.743657][ T5797] chnl_net:caif_netlink_parms(): no params data found [ 88.780344][ T5795] chnl_net:caif_netlink_parms(): no params data found [ 88.898986][ T5800] chnl_net:caif_netlink_parms(): no params data found [ 88.959131][ T5792] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.960598][ T5792] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.960731][ T5792] bridge_slave_0: entered allmulticast mode [ 88.962904][ T5792] bridge_slave_0: entered promiscuous mode [ 88.969963][ T5799] chnl_net:caif_netlink_parms(): no params data found [ 89.018356][ T5792] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.018485][ T5792] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.019351][ T5792] bridge_slave_1: entered allmulticast mode [ 89.022201][ T5792] bridge_slave_1: entered promiscuous mode [ 89.194375][ T5792] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.226682][ T5797] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.226859][ T5797] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.227442][ T5797] bridge_slave_0: entered allmulticast mode [ 89.229106][ T5797] bridge_slave_0: entered promiscuous mode [ 89.246759][ T5792] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.264556][ T5795] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.264712][ T5795] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.264897][ T5795] bridge_slave_0: entered allmulticast mode [ 89.268464][ T5795] bridge_slave_0: entered promiscuous mode [ 89.271607][ T5797] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.271724][ T5797] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.271881][ T5797] bridge_slave_1: entered allmulticast mode [ 89.274835][ T5797] bridge_slave_1: entered promiscuous mode [ 89.329474][ T5110] Bluetooth: hci0: command tx timeout [ 89.338892][ T5795] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.339040][ T5795] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.339230][ T5795] bridge_slave_1: entered allmulticast mode [ 89.343909][ T5795] bridge_slave_1: entered promiscuous mode [ 89.432380][ T5800] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.432564][ T5800] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.432741][ T5800] bridge_slave_0: entered allmulticast mode [ 89.434642][ T5800] bridge_slave_0: entered promiscuous mode [ 89.441731][ T5792] team0: Port device team_slave_0 added [ 89.485391][ T5110] Bluetooth: hci1: command tx timeout [ 89.548710][ T5797] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.549035][ T5800] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.549201][ T5800] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.549374][ T5800] bridge_slave_1: entered allmulticast mode [ 89.551295][ T5800] bridge_slave_1: entered promiscuous mode [ 89.564844][ T5792] team0: Port device team_slave_1 added [ 89.567138][ T5799] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.567277][ T5799] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.567814][ T5799] bridge_slave_0: entered allmulticast mode [ 89.572131][ T5799] bridge_slave_0: entered promiscuous mode [ 89.590016][ T5795] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.600735][ T5797] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.645359][ T5110] Bluetooth: hci2: command tx timeout [ 89.647004][ T5799] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.647134][ T5799] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.647302][ T5799] bridge_slave_1: entered allmulticast mode [ 89.649256][ T5799] bridge_slave_1: entered promiscuous mode [ 89.653942][ T5795] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.768774][ T5800] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.770173][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.770190][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.770216][ T5792] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.807495][ T5110] Bluetooth: hci4: command tx timeout [ 89.826149][ T5797] team0: Port device team_slave_0 added [ 89.833262][ T5800] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.834341][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.834353][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.834376][ T5792] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.843730][ T5799] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.850810][ T5795] team0: Port device team_slave_0 added [ 89.856811][ T5797] team0: Port device team_slave_1 added [ 89.885467][ T5110] Bluetooth: hci3: command tx timeout [ 89.898208][ T5799] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.901508][ T5795] team0: Port device team_slave_1 added [ 89.982772][ T5800] team0: Port device team_slave_0 added [ 90.011986][ T5797] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.012004][ T5797] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.012029][ T5797] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.014760][ T5800] team0: Port device team_slave_1 added [ 90.042114][ T5799] team0: Port device team_slave_0 added [ 90.042984][ T5795] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.043001][ T5795] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.043025][ T5795] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.046383][ T5797] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.046399][ T5797] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.046422][ T5797] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.098882][ T5799] team0: Port device team_slave_1 added [ 90.100008][ T5795] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.100021][ T5795] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.100045][ T5795] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.154668][ T5792] hsr_slave_0: entered promiscuous mode [ 90.157155][ T5792] hsr_slave_1: entered promiscuous mode [ 90.203327][ T5800] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.203344][ T5800] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.203366][ T5800] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.240157][ T5800] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.240175][ T5800] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.240198][ T5800] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.244083][ T5799] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.244106][ T5799] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.244129][ T5799] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.331310][ T5799] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.331327][ T5799] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.331351][ T5799] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.418757][ T5797] hsr_slave_0: entered promiscuous mode [ 90.419707][ T5797] hsr_slave_1: entered promiscuous mode [ 90.420409][ T5797] debugfs: 'hsr0' already exists in 'hsr' [ 90.420483][ T5797] Cannot create hsr debugfs directory [ 90.461125][ T5795] hsr_slave_0: entered promiscuous mode [ 90.462068][ T5795] hsr_slave_1: entered promiscuous mode [ 90.462622][ T5795] debugfs: 'hsr0' already exists in 'hsr' [ 90.462638][ T5795] Cannot create hsr debugfs directory [ 90.907545][ T5800] hsr_slave_0: entered promiscuous mode [ 90.908380][ T5800] hsr_slave_1: entered promiscuous mode [ 90.908939][ T5800] debugfs: 'hsr0' already exists in 'hsr' [ 90.908960][ T5800] Cannot create hsr debugfs directory [ 90.980801][ T5799] hsr_slave_0: entered promiscuous mode [ 90.981639][ T5799] hsr_slave_1: entered promiscuous mode [ 90.982207][ T5799] debugfs: 'hsr0' already exists in 'hsr' [ 90.982223][ T5799] Cannot create hsr debugfs directory [ 91.406545][ T5110] Bluetooth: hci0: command tx timeout [ 91.567135][ T5110] Bluetooth: hci1: command tx timeout [ 91.693219][ T5792] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 91.725498][ T5110] Bluetooth: hci2: command tx timeout [ 91.754739][ T5792] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 91.764366][ T5792] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 91.780278][ T5792] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 91.781661][ T5792] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 91.826832][ T5792] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 91.847421][ T5792] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 91.880720][ T5792] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 91.887054][ T5110] Bluetooth: hci4: command tx timeout [ 91.965344][ T5110] Bluetooth: hci3: command tx timeout [ 92.009094][ T5795] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 92.049371][ T5795] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 92.053545][ T5795] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 92.072948][ T5795] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 92.080891][ T5795] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 92.112825][ T5795] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 92.138370][ T5795] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 92.179844][ T5795] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 92.310968][ T5800] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 92.348851][ T5800] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 92.353402][ T5800] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 92.398508][ T5800] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 92.402685][ T5800] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 92.426568][ T5800] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 92.453799][ T5800] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 92.478703][ T5800] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 92.623936][ T5799] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 92.662670][ T5799] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 92.677699][ T5799] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 92.718011][ T5799] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 92.725521][ T5799] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 92.750865][ T5799] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 92.779791][ T5799] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 92.809735][ T5799] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 92.912278][ T5792] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.026921][ T5797] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 93.060216][ T5797] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 93.074119][ T5797] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 93.119586][ T5797] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 93.123324][ T5792] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.124651][ T5797] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 93.147979][ T5797] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 93.154360][ T5797] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 93.180791][ T5797] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 93.216141][ T57] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.216295][ T57] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.236665][ T5795] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.281940][ T1303] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.282058][ T1303] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.369564][ T5795] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.416116][ T66] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.416308][ T66] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.457009][ T5800] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.463125][ T66] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.463555][ T66] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.495902][ T5110] Bluetooth: hci0: command tx timeout [ 93.619447][ T5800] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.645819][ T5110] Bluetooth: hci1: command tx timeout [ 93.685648][ T5799] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.708410][ T66] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.708632][ T66] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.805783][ T5110] Bluetooth: hci2: command tx timeout [ 93.818743][ T66] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.818941][ T66] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.884651][ T5799] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.975359][ T5110] Bluetooth: hci4: command tx timeout [ 94.019769][ T66] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.024936][ T66] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.045564][ T5110] Bluetooth: hci3: command tx timeout [ 94.109054][ T5797] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.142339][ T1020] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.142512][ T1020] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.268627][ T5797] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.351352][ T5792] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.353217][ T1020] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.353356][ T1020] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.405579][ T1020] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.406109][ T1020] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.591357][ T5795] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.820613][ T5792] veth0_vlan: entered promiscuous mode [ 94.926583][ T5792] veth1_vlan: entered promiscuous mode [ 94.958344][ T5800] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.161580][ T5795] veth0_vlan: entered promiscuous mode [ 95.229069][ T5795] veth1_vlan: entered promiscuous mode [ 95.262260][ T5799] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.312411][ T5792] veth0_macvtap: entered promiscuous mode [ 95.370628][ T5792] veth1_macvtap: entered promiscuous mode [ 95.394126][ T5797] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.471564][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.504333][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.510271][ T5795] veth0_macvtap: entered promiscuous mode [ 95.551537][ T5795] veth1_macvtap: entered promiscuous mode [ 95.554374][ T57] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.565401][ T5110] Bluetooth: hci0: command tx timeout [ 95.595885][ T57] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.603124][ T57] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.631818][ T57] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.708927][ T5799] veth0_vlan: entered promiscuous mode [ 95.725371][ T5110] Bluetooth: hci1: command tx timeout [ 95.770273][ T5795] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.886602][ T5110] Bluetooth: hci2: command tx timeout [ 95.901670][ T5799] veth1_vlan: entered promiscuous mode [ 95.914888][ T5795] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.033976][ T5797] veth0_vlan: entered promiscuous mode [ 96.046160][ T5110] Bluetooth: hci4: command tx timeout [ 96.076323][ T5800] veth0_vlan: entered promiscuous mode [ 96.078525][ T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.090669][ T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.110725][ T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.127404][ T5110] Bluetooth: hci3: command tx timeout [ 96.134290][ T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.138392][ T5797] veth1_vlan: entered promiscuous mode [ 96.183438][ T5800] veth1_vlan: entered promiscuous mode [ 96.374342][ T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.374365][ T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.484689][ T5799] veth0_macvtap: entered promiscuous mode [ 96.557246][ T5799] veth1_macvtap: entered promiscuous mode [ 96.667903][ T5797] veth0_macvtap: entered promiscuous mode [ 96.701764][ T1293] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.701787][ T1293] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.751986][ T5800] veth0_macvtap: entered promiscuous mode [ 96.754483][ T5797] veth1_macvtap: entered promiscuous mode [ 96.816592][ T5799] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.825089][ T1020] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.825109][ T1020] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.893396][ T5800] veth1_macvtap: entered promiscuous mode [ 96.931602][ T5799] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.020647][ T1354] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.020669][ T1354] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.028376][ T5797] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.028459][ T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.042229][ T13] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.046231][ T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.050309][ T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.073066][ T5800] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.102822][ T5797] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.201393][ T5800] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.232628][ T1293] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.279804][ T1293] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.320487][ T1293] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.355314][ T1293] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.362454][ T1293] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.366901][ T1293] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.368783][ T1293] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.447941][ T1293] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.304148][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.304164][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.289539][ T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.289566][ T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.861155][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.861178][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.949051][ T1293] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.949073][ T1293] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.112879][ T5927] syz.2.9 uses obsolete (PF_INET,SOCK_PACKET) [ 100.162150][ T5926] netlink: 15678 bytes leftover after parsing attributes in process `syz.1.10'. [ 100.166252][ T5928] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 100.408867][ T69] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.408891][ T69] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.575639][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.575683][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.131371][ T5927] comedi comedi2: reset error (fatal) [ 102.228851][ T5945] netlink: 'syz.0.12': attribute type 23 has an invalid length. [ 104.164391][ T5975] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 104.782909][ T5981] netlink: 8 bytes leftover after parsing attributes in process `syz.1.20'. [ 104.782935][ T5981] netlink: 8 bytes leftover after parsing attributes in process `syz.1.20'. [ 105.943721][ T6000] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 105.943741][ T6000] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 105.943969][ T6000] vhci_hcd vhci_hcd.0: Device attached [ 106.048356][ T6003] vhci_hcd: connection closed [ 106.077091][ T157] vhci_hcd vhci_hcd.0: stop threads [ 106.077803][ T157] vhci_hcd vhci_hcd.0: release socket [ 106.077882][ T157] vhci_hcd vhci_hcd.0: disconnect device [ 106.715679][ T6010] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6) [ 106.715717][ T6010] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 106.715811][ T6010] vhci_hcd vhci_hcd.0: Device attached [ 107.081246][ T6011] vhci_hcd: connection closed [ 107.106995][ T12] vhci_hcd vhci_hcd.4: stop threads [ 107.107024][ T12] vhci_hcd vhci_hcd.4: release socket [ 107.107061][ T12] vhci_hcd vhci_hcd.4: disconnect device [ 108.376248][ T6035] Zero length message leads to an empty skb [ 109.916493][ T6046] netlink: 24 bytes leftover after parsing attributes in process `syz.4.38'. [ 114.015188][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 115.284603][ T6066] netlink: 'syz.3.44': attribute type 29 has an invalid length. [ 115.342027][ T6063] netlink: 'syz.3.44': attribute type 29 has an invalid length. [ 115.358748][ T6067] netlink: 'syz.3.44': attribute type 29 has an invalid length. [ 117.752900][ T10] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 117.846909][ T6095] lo speed is unknown, defaulting to 1000 [ 117.853927][ T6095] lo speed is unknown, defaulting to 1000 [ 118.683967][ T6095] lo speed is unknown, defaulting to 1000 [ 118.917631][ T6095] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 119.287820][ T6095] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 119.770324][ T10] usb 1-1: Using ep0 maxpacket: 8 [ 120.307097][ T10] usb 1-1: device descriptor read/all, error -71 [ 120.749923][ T6095] lo speed is unknown, defaulting to 1000 [ 120.823203][ T6095] lo speed is unknown, defaulting to 1000 [ 120.903556][ T6095] lo speed is unknown, defaulting to 1000 [ 120.951359][ T6095] lo speed is unknown, defaulting to 1000 [ 120.952965][ T6095] lo speed is unknown, defaulting to 1000 [ 121.157721][ T6109] netlink: 'syz.3.57': attribute type 29 has an invalid length. [ 121.158150][ T6108] netlink: 'syz.3.57': attribute type 29 has an invalid length. [ 121.226801][ T6108] netlink: 'syz.3.57': attribute type 29 has an invalid length. [ 121.867693][ T10] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 122.175194][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 122.524625][ T6132] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6) [ 122.524645][ T6132] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 122.526509][ T6132] vhci_hcd vhci_hcd.0: Device attached [ 122.565430][ T6134] vhci_hcd: connection closed [ 122.571327][ T153] vhci_hcd vhci_hcd.2: stop threads [ 122.571352][ T153] vhci_hcd vhci_hcd.2: release socket [ 122.608941][ T10] usb 4-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69 [ 122.608977][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 122.608998][ T10] usb 4-1: Product: syz [ 122.609013][ T10] usb 4-1: Manufacturer: syz [ 122.609026][ T10] usb 4-1: SerialNumber: syz [ 122.638570][ T153] vhci_hcd vhci_hcd.2: disconnect device [ 122.757857][ T10] usb 4-1: config 0 descriptor?? [ 123.015370][ T5859] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 123.224294][ T10] hub 4-1:0.0: bad descriptor, ignoring hub [ 123.224339][ T10] hub 4-1:0.0: probe with driver hub failed with error -5 [ 123.239702][ T5859] usb 2-1: Using ep0 maxpacket: 8 [ 123.251624][ T5859] usb 2-1: config 127 has an invalid interface number: 171 but max is 1 [ 123.251656][ T5859] usb 2-1: config 127 has no interface number 1 [ 123.251727][ T5859] usb 2-1: config 127 interface 0 altsetting 10 endpoint 0x1 has invalid wMaxPacketSize 0 [ 123.251751][ T5859] usb 2-1: config 127 interface 0 altsetting 10 bulk endpoint 0x1 has invalid maxpacket 0 [ 123.251776][ T5859] usb 2-1: config 127 interface 171 has no altsetting 0 [ 123.251795][ T5859] usb 2-1: config 127 interface 0 has no altsetting 0 [ 123.308372][ T5859] usb 2-1: New USB device found, idVendor=04e2, idProduct=1414, bcdDevice=c5.b9 [ 123.308406][ T5859] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 123.308426][ T5859] usb 2-1: Product: syz [ 123.308441][ T5859] usb 2-1: Manufacturer: syz [ 123.308455][ T5859] usb 2-1: SerialNumber: syz [ 123.365182][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 123.375181][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 123.385185][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 123.395189][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 124.956713][ T6138] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 124.957483][ T6138] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 124.999314][ T6138] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 125.071397][ T6138] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 125.204893][ T6160] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 125.246895][ T6160] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 125.500168][ T6138] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 125.526261][ T6138] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 125.662551][ T6166] netlink: 'syz.4.71': attribute type 29 has an invalid length. [ 125.663094][ T6164] netlink: 'syz.4.71': attribute type 29 has an invalid length. [ 125.680911][ T6164] netlink: 'syz.4.71': attribute type 29 has an invalid length. [ 125.897371][ T5859] xr_serial 2-1:127.171: xr_serial converter detected [ 126.004452][ T10] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in cold state, will try to load a firmware [ 126.146773][ T5859] xr_serial ttyUSB0: Failed to set reg 0x1a: -71 [ 126.146845][ T5859] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71 [ 126.299970][ T5859] usb 2-1: USB disconnect, device number 2 [ 126.403336][ T10] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw' [ 126.403394][ T10] dib0700: firmware download failed at 7 with -22 [ 128.081631][ T10] usb 4-1: USB disconnect, device number 2 [ 128.675220][ T5859] xr_serial 2-1:127.171: device disconnected [ 132.824763][ T5110] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 132.824792][ T5110] CPU: 1 UID: 0 PID: 5110 Comm: kworker/u9:1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 132.824818][ T5110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 132.824833][ T5110] Workqueue: hci0 hci_rx_work [ 132.824873][ T5110] Call Trace: [ 132.824882][ T5110] [ 132.824892][ T5110] dump_stack_lvl+0xe8/0x150 [ 132.824925][ T5110] sysfs_create_dir_ns+0x271/0x2a0 [ 132.824958][ T5110] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 132.824986][ T5110] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 132.825023][ T5110] ? rt_spin_unlock+0x160/0x200 [ 132.825053][ T5110] kobject_add_internal+0x631/0xd10 [ 132.825086][ T5110] kobject_add+0x163/0x240 [ 132.825115][ T5110] ? __pfx_kobject_add+0x10/0x10 [ 132.825148][ T5110] ? get_device_parent+0x370/0x3a0 [ 132.825183][ T5110] device_add+0x408/0xb80 [ 132.825221][ T5110] hci_conn_add_sysfs+0xd5/0x210 [ 132.825255][ T5110] le_conn_complete_evt+0x10e6/0x16b0 [ 132.825295][ T5110] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 132.825322][ T5110] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 132.825353][ T5110] ? lockdep_hardirqs_on+0x7a/0x110 [ 132.825386][ T5110] ? skb_pull_data+0xfb/0x200 [ 132.825421][ T5110] hci_le_conn_complete_evt+0x187/0x470 [ 132.825455][ T5110] hci_event_packet+0x659/0xef0 [ 132.825505][ T5110] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 132.825529][ T5110] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 132.825552][ T5110] ? __pfx_hci_event_packet+0x10/0x10 [ 132.825583][ T5110] ? rt_spin_unlock+0x14f/0x200 [ 132.825618][ T5110] ? hci_send_to_monitor+0xe2/0x590 [ 132.825650][ T5110] hci_rx_work+0x3ee/0x1040 [ 132.825693][ T5110] ? process_scheduled_works+0xa70/0x1860 [ 132.825726][ T5110] process_scheduled_works+0xb5d/0x1860 [ 132.825793][ T5110] ? __pfx_process_scheduled_works+0x10/0x10 [ 132.825830][ T5110] ? assign_work+0x3d5/0x5e0 [ 132.825867][ T5110] worker_thread+0xa53/0xfc0 [ 132.825930][ T5110] kthread+0x388/0x470 [ 132.825954][ T5110] ? __pfx_worker_thread+0x10/0x10 [ 132.825981][ T5110] ? __pfx_kthread+0x10/0x10 [ 132.826003][ T5110] ret_from_fork+0x514/0xb70 [ 132.826035][ T5110] ? __pfx_ret_from_fork+0x10/0x10 [ 132.826063][ T5110] ? __switch_to+0xc79/0x1410 [ 132.826088][ T5110] ? __pfx_kthread+0x10/0x10 [ 132.826109][ T5110] ret_from_fork_asm+0x1a/0x30 [ 132.826150][ T5110] [ 132.839738][ T5110] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 132.839789][ T5110] Bluetooth: hci0: failed to register connection device [ 133.103033][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.103128][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.248913][ T6210] netlink: 'syz.3.83': attribute type 29 has an invalid length. [ 133.249352][ T6208] netlink: 'syz.3.83': attribute type 29 has an invalid length. [ 133.249766][ T6211] netlink: 'syz.3.83': attribute type 29 has an invalid length. [ 133.815302][ T5859] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 133.980354][ T5859] usb 4-1: Using ep0 maxpacket: 8 [ 133.993104][ T5859] usb 4-1: config 127 has an invalid interface number: 171 but max is 1 [ 133.993136][ T5859] usb 4-1: config 127 has no interface number 1 [ 133.993204][ T5859] usb 4-1: config 127 interface 0 altsetting 10 endpoint 0x1 has invalid wMaxPacketSize 0 [ 133.993228][ T5859] usb 4-1: config 127 interface 0 altsetting 10 bulk endpoint 0x1 has invalid maxpacket 0 [ 133.993252][ T5859] usb 4-1: config 127 interface 171 has no altsetting 0 [ 133.993271][ T5859] usb 4-1: config 127 interface 0 has no altsetting 0 [ 134.000052][ T5859] usb 4-1: New USB device found, idVendor=04e2, idProduct=1414, bcdDevice=c5.b9 [ 134.000083][ T5859] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 134.000101][ T5859] usb 4-1: Product: syz [ 134.000116][ T5859] usb 4-1: Manufacturer: syz [ 134.000130][ T5859] usb 4-1: SerialNumber: syz [ 134.372037][ T6223] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 134.377586][ T6223] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 134.405697][ T6223] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 134.406391][ T6223] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 134.466128][ T6239] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 134.491840][ T6239] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 134.743733][ T6223] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 134.744376][ T6223] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 134.828884][ T5859] xr_serial 4-1:127.171: xr_serial converter detected [ 134.847635][ T10] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 134.886665][ T5859] xr_serial ttyUSB0: Failed to set reg 0x1a: -71 [ 134.886741][ T5859] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71 [ 134.918517][ T5859] usb 4-1: USB disconnect, device number 3 [ 134.949392][ T5859] xr_serial 4-1:127.171: device disconnected [ 135.062582][ T10] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 135.062617][ T10] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 135.062663][ T10] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 135.062688][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.372967][ T10] usb 2-1: usb_control_msg returned -32 [ 135.373026][ T10] usbtmc 2-1:16.0: can't read capabilities [ 135.779912][ T6260] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 135.801960][ T6260] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 136.118214][ T5802] usb 2-1: USB disconnect, device number 3 [ 136.220965][ T6258] netlink: 'syz.2.96': attribute type 29 has an invalid length. [ 136.420616][ T6253] netlink: 'syz.2.96': attribute type 29 has an invalid length. [ 136.421154][ T6261] netlink: 'syz.2.96': attribute type 29 has an invalid length. [ 136.922095][ T6279] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.104'. [ 137.156411][ T37] audit: type=1326 audit(1776312358.433:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6277 comm="syz.3.104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06fba6c819 code=0x7ffc0000 [ 137.156603][ T37] audit: type=1326 audit(1776312358.453:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6277 comm="syz.3.104" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f06fba6c819 code=0x0 [ 137.156689][ T37] audit: type=1326 audit(1776312358.453:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6277 comm="syz.3.104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06fba6c819 code=0x7ffc0000 [ 137.156859][ T37] audit: type=1326 audit(1776312358.503:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6277 comm="syz.3.104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7f06fba6c819 code=0x7ffc0000 [ 137.156906][ T37] audit: type=1326 audit(1776312358.513:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6277 comm="syz.3.104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06fba6c819 code=0x7ffc0000 [ 137.156950][ T37] audit: type=1326 audit(1776312358.513:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6277 comm="syz.3.104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06fba6c819 code=0x7ffc0000 [ 138.507693][ T6266] netlink: 'syz.0.99': attribute type 1 has an invalid length. [ 139.018083][ T6308] netlink: 'syz.4.112': attribute type 29 has an invalid length. [ 139.019574][ T6305] netlink: 'syz.4.112': attribute type 29 has an invalid length. [ 139.046149][ T6305] netlink: 'syz.4.112': attribute type 29 has an invalid length. [ 139.893529][ T59] Bluetooth: hci0: command 0x0406 tx timeout [ 139.973017][ T6324] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 140.428386][ T59] Bluetooth: hci4: link tx timeout [ 140.428745][ T59] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 140.678693][ T6342] netlink: 28 bytes leftover after parsing attributes in process `syz.3.125'. [ 141.192101][ T6349] netlink: 'syz.0.126': attribute type 29 has an invalid length. [ 141.243618][ T6344] netlink: 'syz.0.126': attribute type 29 has an invalid length. [ 141.244092][ T6352] netlink: 'syz.0.126': attribute type 29 has an invalid length. [ 141.596462][ T59] Bluetooth: hci4: link tx timeout [ 141.596485][ T59] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 142.227055][ T6375] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 142.525405][ T59] Bluetooth: hci4: command 0x0406 tx timeout [ 142.667339][ T6380] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 142.667369][ T6380] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 142.667474][ T6380] vhci_hcd vhci_hcd.0: Device attached [ 142.883859][ T6385] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 142.966344][ T6385] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 143.008703][ T1931] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 143.015581][ T31] usb 36-1: SetAddress Request (2) to port 0 [ 143.015679][ T31] usb 36-1: new SuperSpeed USB device number 2 using vhci_hcd [ 143.087615][ T6397] netlink: 'syz.2.142': attribute type 29 has an invalid length. [ 143.087971][ T6396] netlink: 'syz.2.142': attribute type 29 has an invalid length. [ 143.119360][ T6396] netlink: 'syz.2.142': attribute type 29 has an invalid length. [ 143.209670][ T6399] binder: BINDER_SET_CONTEXT_MGR already set [ 143.217202][ T6399] binder: 6398:6399 ioctl 4018620d 200000004a80 returned -16 [ 143.370567][ T6384] vhci_hcd: connection reset by peer [ 143.410592][ T57] vhci_hcd vhci_hcd.1: stop threads [ 143.410612][ T57] vhci_hcd vhci_hcd.1: release socket [ 143.419234][ T1931] usb 5-1: too many configurations: 9, using maximum allowed: 8 [ 143.427147][ T57] vhci_hcd vhci_hcd.1: disconnect device [ 143.443018][ T1931] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 143.443075][ T1931] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 143.443090][ T1931] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 143.443111][ T1931] usb 5-1: config 0 interface 0 has no altsetting 0 [ 143.495217][ T1931] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 143.495281][ T1931] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 143.495308][ T1931] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 143.495330][ T1931] usb 5-1: config 0 interface 0 has no altsetting 0 [ 143.495797][ T6385] vhci_hcd vhci_hcd.0: Device attached [ 143.500142][ T1931] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 143.500198][ T1931] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 143.500213][ T1931] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 143.500226][ T1931] usb 5-1: config 0 interface 0 has no altsetting 0 [ 143.501424][ T1931] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 143.501480][ T1931] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 143.501505][ T1931] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 143.501517][ T1931] usb 5-1: config 0 interface 0 has no altsetting 0 [ 143.502695][ T1931] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 143.502747][ T1931] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 143.502770][ T1931] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 143.502783][ T1931] usb 5-1: config 0 interface 0 has no altsetting 0 [ 143.504199][ T1931] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 143.504235][ T1931] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 143.504250][ T1931] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 143.504263][ T1931] usb 5-1: config 0 interface 0 has no altsetting 0 [ 143.506685][ T1931] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 143.506738][ T1931] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 143.506761][ T1931] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 143.506781][ T1931] usb 5-1: config 0 interface 0 has no altsetting 0 [ 143.508112][ T1931] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 143.508160][ T1931] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 143.508184][ T1931] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 143.508204][ T1931] usb 5-1: config 0 interface 0 has no altsetting 0 [ 143.538015][ T1931] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 143.538045][ T1931] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 143.538064][ T1931] usb 5-1: Product: syz [ 143.538076][ T1931] usb 5-1: Manufacturer: syz [ 143.538090][ T1931] usb 5-1: SerialNumber: syz [ 143.801227][ T1931] usb 5-1: config 0 descriptor?? [ 143.895397][ T5802] usb 34-1: SetAddress Request (2) to port 0 [ 143.895463][ T5802] usb 34-1: new SuperSpeed USB device number 2 using vhci_hcd [ 143.961868][ T1931] yurex 5-1:0.0: Could not submitting URB [ 143.962013][ T1931] yurex 5-1:0.0: probe with driver yurex failed with error -5 [ 144.047544][ T1931] usb 5-1: USB disconnect, device number 2 [ 144.106835][ T6389] vhci_hcd: connection reset by peer [ 144.107219][ T1354] vhci_hcd vhci_hcd.0: stop threads [ 144.107236][ T1354] vhci_hcd vhci_hcd.0: release socket [ 144.108618][ T1354] vhci_hcd vhci_hcd.0: disconnect device [ 146.439487][ T6432] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 146.461632][ T6432] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 146.661578][ T6433] netlink: 'syz.3.154': attribute type 29 has an invalid length. [ 146.663927][ T6429] netlink: 'syz.3.154': attribute type 29 has an invalid length. [ 146.664371][ T6435] netlink: 'syz.3.154': attribute type 29 has an invalid length. [ 148.125914][ T31] usb 36-1: device descriptor read/8, error -110 [ 148.643055][ T31] usb usb36-port1: attempt power cycle [ 148.797312][ T6477] netlink: 8 bytes leftover after parsing attributes in process `syz.2.169'. [ 149.293400][ T5802] usb 34-1: device descriptor read/8, error -110 [ 151.687274][ T5802] usb usb34-port1: attempt power cycle [ 151.757384][ T31] usb usb36-port1: unable to enumerate USB device [ 151.995504][ T6491] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 152.000541][ T6491] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 152.004836][ T6491] netlink: 48 bytes leftover after parsing attributes in process `syz.1.175'. [ 152.269971][ T5802] usb usb34-port1: unable to enumerate USB device [ 153.354261][ T5802] lo speed is unknown, defaulting to 1000 [ 154.699607][ T6523] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 154.732111][ T6523] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 154.752267][ T6523] netlink: 48 bytes leftover after parsing attributes in process `syz.3.189'. [ 157.366701][ T37] audit: type=1326 audit(1776312378.513:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6555 comm="syz.1.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29cee7c819 code=0x7ffc0000 [ 157.367130][ T37] audit: type=1326 audit(1776312378.513:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6555 comm="syz.1.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29cee7c819 code=0x7ffc0000 [ 157.367374][ T37] audit: type=1326 audit(1776312378.523:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6555 comm="syz.1.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f29cee7c819 code=0x7ffc0000 [ 157.367606][ T37] audit: type=1326 audit(1776312378.523:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6555 comm="syz.1.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29cee7c819 code=0x7ffc0000 [ 157.367836][ T37] audit: type=1326 audit(1776312378.523:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6555 comm="syz.1.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29cee7c819 code=0x7ffc0000 [ 157.368014][ T37] audit: type=1326 audit(1776312378.543:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6555 comm="syz.1.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f29cee7c819 code=0x7ffc0000 [ 157.368260][ T37] audit: type=1326 audit(1776312378.543:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6555 comm="syz.1.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29cee7c819 code=0x7ffc0000 [ 157.368539][ T37] audit: type=1326 audit(1776312378.543:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6555 comm="syz.1.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29cee7c819 code=0x7ffc0000 [ 157.368770][ T37] audit: type=1326 audit(1776312378.543:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6555 comm="syz.1.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f29cee7c819 code=0x7ffc0000 [ 157.506363][ T37] audit: type=1326 audit(1776312378.883:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6555 comm="syz.1.201" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29cee7c819 code=0x7ffc0000 [ 157.508777][ T5110] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 157.509173][ T5110] Bluetooth: hci2: Injecting HCI hardware error event [ 157.514824][ T59] Bluetooth: hci2: hardware error 0x00 [ 158.246897][ T6573] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 158.254059][ T6573] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 158.261256][ T6573] netlink: 48 bytes leftover after parsing attributes in process `syz.0.203'. [ 160.205308][ T59] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 164.230635][ T6626] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 164.250931][ T6626] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 165.275496][ T6643] netlink: 96 bytes leftover after parsing attributes in process `syz.0.228'. [ 165.275527][ T6643] netlink: 128 bytes leftover after parsing attributes in process `syz.0.228'. [ 165.275543][ T6643] netlink: 32 bytes leftover after parsing attributes in process `syz.0.228'. [ 172.715154][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 172.725161][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 172.735164][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 172.745167][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 173.057007][ T6683] netlink: 'syz.4.241': attribute type 1 has an invalid length. [ 173.272908][ T6683] 8021q: adding VLAN 0 to HW filter on device bond1 [ 174.029313][ T6699] syz.3.242 (6699) used greatest stack depth: 17592 bytes left [ 176.171350][ T37] kauditd_printk_skb: 1 callbacks suppressed [ 176.171397][ T37] audit: type=1326 audit(1776312397.493:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6715 comm="syz.0.250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3033a2c819 code=0x7ffc0000 [ 176.171700][ T37] audit: type=1326 audit(1776312397.493:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6715 comm="syz.0.250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3033a2c819 code=0x7ffc0000 [ 176.171959][ T37] audit: type=1326 audit(1776312397.503:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6715 comm="syz.0.250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3033a2c819 code=0x7ffc0000 [ 176.172190][ T37] audit: type=1326 audit(1776312397.503:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6715 comm="syz.0.250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3033a2c819 code=0x7ffc0000 [ 176.172422][ T37] audit: type=1326 audit(1776312397.503:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6715 comm="syz.0.250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3033a2c819 code=0x7ffc0000 [ 176.172653][ T37] audit: type=1326 audit(1776312397.503:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6715 comm="syz.0.250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f3033a2c819 code=0x7ffc0000 [ 176.172927][ T37] audit: type=1326 audit(1776312397.503:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6715 comm="syz.0.250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3033a2c819 code=0x7ffc0000 [ 176.173157][ T37] audit: type=1326 audit(1776312397.503:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6715 comm="syz.0.250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3033a2c819 code=0x7ffc0000 [ 176.173387][ T37] audit: type=1326 audit(1776312397.513:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6715 comm="syz.0.250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f3033a2c819 code=0x7ffc0000 [ 176.401700][ T6718] workqueue: Failed to create a rescuer kthread for wq "xfs-buf/nullb0": -EINTR [ 177.521732][ T37] audit: type=1326 audit(1776312398.853:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6722 comm="syz.2.251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58583fc819 code=0x7ffc0000 [ 177.904284][ T6730] workqueue: Failed to create a rescuer kthread for wq "xfs-conv/nullb0": -EINTR [ 179.381597][ T6754] netlink: 'syz.1.258': attribute type 1 has an invalid length. [ 179.688316][ T6754] 8021q: adding VLAN 0 to HW filter on device bond1 [ 185.026194][ T6799] netlink: 'syz.2.274': attribute type 1 has an invalid length. [ 185.259601][ T6810] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 185.263341][ T6799] 8021q: adding VLAN 0 to HW filter on device bond1 [ 185.300988][ T6810] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 186.679839][ T6833] netlink: 28 bytes leftover after parsing attributes in process `syz.4.288'. [ 187.534029][ T37] kauditd_printk_skb: 8 callbacks suppressed [ 187.534077][ T37] audit: type=1326 audit(1776312408.873:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6840 comm="syz.3.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06fba6c819 code=0x7ffc0000 [ 187.534381][ T37] audit: type=1326 audit(1776312408.873:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6840 comm="syz.3.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06fba6c819 code=0x7ffc0000 [ 187.534671][ T37] audit: type=1326 audit(1776312408.873:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6840 comm="syz.3.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f06fba6c819 code=0x7ffc0000 [ 187.534948][ T37] audit: type=1326 audit(1776312408.883:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6840 comm="syz.3.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06fba6c819 code=0x7ffc0000 [ 187.903429][ T37] audit: type=1326 audit(1776312408.883:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6840 comm="syz.3.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06fba6c819 code=0x7ffc0000 [ 187.903758][ T37] audit: type=1326 audit(1776312408.883:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6840 comm="syz.3.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f06fba6c819 code=0x7ffc0000 [ 187.904151][ T37] audit: type=1326 audit(1776312408.883:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6840 comm="syz.3.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06fba6c819 code=0x7ffc0000 [ 187.904430][ T37] audit: type=1326 audit(1776312408.883:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6840 comm="syz.3.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06fba6c819 code=0x7ffc0000 [ 187.904714][ T37] audit: type=1326 audit(1776312408.883:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6840 comm="syz.3.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f06fba6c819 code=0x7ffc0000 [ 188.026641][ T6843] workqueue: Failed to create a rescuer kthread for wq "xfs-conv/nullb0": -EINTR [ 189.531316][ T6861] lo speed is unknown, defaulting to 1000 [ 191.080819][ T6875] netlink: 68 bytes leftover after parsing attributes in process `syz.0.296'. [ 191.438517][ T6880] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 191.460817][ T6880] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 192.103752][ C0] [drm:vkms_crtc_handle_vblank_timeout] *ERROR* vkms failure on handling vblank [ 192.784025][ T37] audit: type=1326 audit(1776312414.113:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6893 comm="syz.2.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58583fc819 code=0x7ffc0000 [ 192.784370][ T37] audit: type=1326 audit(1776312414.113:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6893 comm="syz.2.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58583fc819 code=0x7ffc0000 [ 192.784607][ T37] audit: type=1326 audit(1776312414.113:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6893 comm="syz.2.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f58583fc819 code=0x7ffc0000 [ 192.784862][ T37] audit: type=1326 audit(1776312414.113:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6893 comm="syz.2.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58583fc819 code=0x7ffc0000 [ 192.785744][ T37] audit: type=1326 audit(1776312414.123:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6893 comm="syz.2.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58583fc819 code=0x7ffc0000 [ 192.786038][ T37] audit: type=1326 audit(1776312414.123:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6893 comm="syz.2.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f58583fc819 code=0x7ffc0000 [ 192.786296][ T37] audit: type=1326 audit(1776312414.123:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6893 comm="syz.2.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58583fc819 code=0x7ffc0000 [ 192.786502][ T37] audit: type=1326 audit(1776312414.123:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6893 comm="syz.2.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58583fc819 code=0x7ffc0000 [ 192.786741][ T37] audit: type=1326 audit(1776312414.123:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6893 comm="syz.2.304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f58583fc819 code=0x7ffc0000 [ 193.259402][ T6898] workqueue: Failed to create a rescuer kthread for wq "xfs-conv/nullb0": -EINTR [ 195.161418][ T6914] fuse: Unknown parameter 'user_i00000000000000000000' [ 196.379156][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 196.379203][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 197.006374][ T59] Bluetooth: hci0: unexpected event for opcode 0x0c56 [ 197.040676][ T6926] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 197.076693][ T6926] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 197.149543][ T6932] netlink: 8 bytes leftover after parsing attributes in process `syz.3.317'. [ 199.478172][ T6946] netlink: 'syz.0.321': attribute type 29 has an invalid length. [ 199.480113][ T6943] netlink: 'syz.0.321': attribute type 29 has an invalid length. [ 199.507039][ T6943] netlink: 'syz.0.321': attribute type 29 has an invalid length. [ 200.749882][ T6951] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6) [ 200.751566][ T6951] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 200.751640][ T6951] vhci_hcd vhci_hcd.0: Device attached [ 200.751948][ T6953] vhci_hcd: connection closed [ 200.825184][ T1354] vhci_hcd vhci_hcd.2: stop threads [ 200.825214][ T1354] vhci_hcd vhci_hcd.2: release socket [ 200.825514][ T1354] vhci_hcd vhci_hcd.2: disconnect device [ 203.059579][ T6975] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 203.078290][ T6978] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 203.800949][ T6983] lo speed is unknown, defaulting to 1000 [ 205.436601][ T37] audit: type=1326 audit(1776312426.063:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6984 comm="syz.2.335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58583fc819 code=0x7ffc0000 [ 205.436662][ T37] audit: type=1326 audit(1776312426.063:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6984 comm="syz.2.335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58583fc819 code=0x7ffc0000 [ 205.436707][ T37] audit: type=1326 audit(1776312426.063:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6984 comm="syz.2.335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f58583fc819 code=0x7ffc0000 [ 205.436751][ T37] audit: type=1326 audit(1776312426.063:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6984 comm="syz.2.335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58583fc819 code=0x7ffc0000 [ 205.436795][ T37] audit: type=1326 audit(1776312426.063:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6984 comm="syz.2.335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58583fc819 code=0x7ffc0000 [ 205.436839][ T37] audit: type=1326 audit(1776312426.063:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6984 comm="syz.2.335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f58583fc819 code=0x7ffc0000 [ 205.436883][ T37] audit: type=1326 audit(1776312426.063:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6984 comm="syz.2.335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58583fc819 code=0x7ffc0000 [ 205.436926][ T37] audit: type=1326 audit(1776312426.063:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6984 comm="syz.2.335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58583fc819 code=0x7ffc0000 [ 205.436970][ T37] audit: type=1326 audit(1776312426.063:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6984 comm="syz.2.335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f58583fc819 code=0x7ffc0000 [ 205.844118][ T6991] workqueue: Failed to create a rescuer kthread for wq "xfs-conv/nullb0": -EINTR [ 206.048951][ T6992] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 206.048974][ T6992] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 206.050082][ T6992] vhci_hcd vhci_hcd.0: Device attached [ 206.074869][ T6997] vhci_hcd: connection closed [ 206.077412][ T66] vhci_hcd vhci_hcd.0: stop threads [ 206.077439][ T66] vhci_hcd vhci_hcd.0: release socket [ 206.077476][ T66] vhci_hcd vhci_hcd.0: disconnect device [ 207.436816][ T7035] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 207.511219][ T7035] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 207.534203][ T7035] netlink: 56 bytes leftover after parsing attributes in process `syz.0.345'. [ 207.896562][ T7038] netlink: 'syz.3.347': attribute type 3 has an invalid length. [ 207.896587][ T7038] netlink: 20 bytes leftover after parsing attributes in process `syz.3.347'. [ 209.293160][ T7047] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 209.293245][ T7047] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 209.296996][ T7047] vhci_hcd vhci_hcd.0: Device attached [ 209.388237][ T7049] vhci_hcd: connection closed [ 209.398902][ T43] vhci_hcd vhci_hcd.3: stop threads [ 209.398931][ T43] vhci_hcd vhci_hcd.3: release socket [ 209.398982][ T43] vhci_hcd vhci_hcd.3: disconnect device [ 211.339680][ T10] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 211.521547][ T10] usb 4-1: Using ep0 maxpacket: 8 [ 211.526997][ T10] usb 4-1: config 127 has an invalid interface number: 171 but max is 1 [ 211.527026][ T10] usb 4-1: config 127 has no interface number 1 [ 211.527084][ T10] usb 4-1: config 127 interface 0 altsetting 10 endpoint 0x1 has invalid wMaxPacketSize 0 [ 211.527118][ T10] usb 4-1: config 127 interface 0 altsetting 10 bulk endpoint 0x1 has invalid maxpacket 0 [ 211.527329][ T10] usb 4-1: config 127 interface 171 has no altsetting 0 [ 211.527455][ T10] usb 4-1: config 127 interface 0 has no altsetting 0 [ 211.623968][ T10] usb 4-1: New USB device found, idVendor=04e2, idProduct=1414, bcdDevice=c5.b9 [ 211.624001][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 211.624022][ T10] usb 4-1: Product: syz [ 211.624037][ T10] usb 4-1: Manufacturer: syz [ 211.624052][ T10] usb 4-1: SerialNumber: syz [ 211.910597][ T7071] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 211.949937][ T7071] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 211.968008][ T5110] Bluetooth: hci1: command 0x0406 tx timeout [ 212.043161][ T5110] Bluetooth: hci3: command 0x0406 tx timeout [ 212.043203][ T5110] Bluetooth: hci0: command 0x0406 tx timeout [ 212.121755][ T7071] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 212.210538][ T7071] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 212.286591][ T7071] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 212.287260][ T7071] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 212.787213][ T7083] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 212.816656][ T7083] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 212.887470][ T10] xr_serial 4-1:127.171: xr_serial converter detected [ 212.890345][ T10] xr_serial ttyUSB0: Failed to set reg 0x1a: -71 [ 212.890412][ T10] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71 [ 212.927331][ T10] usb 4-1: USB disconnect, device number 4 [ 213.051466][ T10] xr_serial 4-1:127.171: device disconnected [ 213.127390][ T7087] netlink: 16 bytes leftover after parsing attributes in process `syz.1.362'. [ 213.127433][ T7087] netlink: 16 bytes leftover after parsing attributes in process `syz.1.362'. [ 213.418235][ T7091] IPVS: set_ctl: invalid protocol: 29 172.20.20.187:20001 [ 213.850873][ T37] audit: type=1326 audit(1776312435.223:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7090 comm="syz.1.364" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f29cee7c819 code=0x0 [ 215.683693][ T7113] netlink: 'syz.2.372': attribute type 3 has an invalid length. [ 215.683726][ T7113] netlink: 32 bytes leftover after parsing attributes in process `syz.2.372'. [ 216.463087][ T37] audit: type=1326 audit(1776312437.833:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7115 comm="syz.1.374" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f29cee7c819 code=0x0 [ 217.988255][ T7135] /dev/nullb0: Can't open blockdev [ 218.040535][ T37] audit: type=1326 audit(1776312439.333:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7130 comm="syz.4.380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe28659c819 code=0x7ffc0000 [ 218.040784][ T37] audit: type=1326 audit(1776312439.333:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7130 comm="syz.4.380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe28659c819 code=0x7ffc0000 [ 218.041047][ T37] audit: type=1326 audit(1776312439.343:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7130 comm="syz.4.380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe28659c819 code=0x7ffc0000 [ 218.041274][ T37] audit: type=1326 audit(1776312439.343:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7130 comm="syz.4.380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe28659c819 code=0x7ffc0000 [ 218.041562][ T37] audit: type=1326 audit(1776312439.343:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7130 comm="syz.4.380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe28659c819 code=0x7ffc0000 [ 218.041842][ T37] audit: type=1326 audit(1776312439.343:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7130 comm="syz.4.380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fe28659c819 code=0x7ffc0000 [ 218.042078][ T37] audit: type=1326 audit(1776312439.343:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7130 comm="syz.4.380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe28659c819 code=0x7ffc0000 [ 218.042304][ T37] audit: type=1326 audit(1776312439.353:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7130 comm="syz.4.380" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe28659c819 code=0x7ffc0000 [ 219.199667][ T5872] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 219.755921][ T5872] usb 2-1: Using ep0 maxpacket: 16 [ 219.788762][ T5872] usb 2-1: config 0 interface 0 altsetting 7 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 219.788800][ T5872] usb 2-1: config 0 interface 0 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 25 [ 219.788874][ T5872] usb 2-1: config 0 interface 0 has no altsetting 0 [ 219.788954][ T5872] usb 2-1: New USB device found, idVendor=0c45, idProduct=5112, bcdDevice= 0.00 [ 219.789018][ T5872] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 220.117137][ T5872] usb 2-1: config 0 descriptor?? [ 221.524201][ T7158] [ 221.524213][ T7158] ============================================ [ 221.524218][ T7158] WARNING: possible recursive locking detected [ 221.524223][ T7158] syzkaller #0 Not tainted [ 221.524230][ T7158] -------------------------------------------- [ 221.524234][ T7158] syz.1.383/7158 is trying to acquire lock: [ 221.524242][ T7158] ffffffff8e947768 (qp_broker_list.mutex){+.+.}-{4:4}, at: vmci_qp_broker_detach+0x117/0xf10 [ 221.524304][ T7158] [ 221.524304][ T7158] but task is already holding lock: [ 221.524311][ T7158] ffffffff8e947768 (qp_broker_list.mutex){+.+.}-{4:4}, at: vmci_qp_broker_detach+0x117/0xf10 [ 221.524396][ T7158] [ 221.524396][ T7158] other info that might help us debug this: [ 221.524400][ T7158] Possible unsafe locking scenario: [ 221.524400][ T7158] [ 221.524404][ T7158] CPU0 [ 221.524407][ T7158] ---- [ 221.524410][ T7158] lock(qp_broker_list.mutex); [ 221.524417][ T7158] lock(qp_broker_list.mutex); [ 221.524425][ T7158] [ 221.524425][ T7158] *** DEADLOCK *** [ 221.524425][ T7158] [ 221.524429][ T7158] May be due to missing lock nesting notation [ 221.524429][ T7158] [ 221.524436][ T7158] 1 lock held by syz.1.383/7158: [ 221.524447][ T7158] #0: ffffffff8e947768 (qp_broker_list.mutex){+.+.}-{4:4}, at: vmci_qp_broker_detach+0x117/0xf10 [ 221.524499][ T7158] [ 221.524499][ T7158] stack backtrace: [ 221.524512][ T7158] CPU: 1 UID: 0 PID: 7158 Comm: syz.1.383 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 221.524534][ T7158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 221.524546][ T7158] Call Trace: [ 221.524554][ T7158] [ 221.524561][ T7158] dump_stack_lvl+0xe8/0x150 [ 221.524580][ T7158] print_deadlock_bug+0x279/0x290 [ 221.524595][ T7158] __lock_acquire+0x253f/0x2cf0 [ 221.524607][ T7158] ? lockdep_hardirqs_on+0x7a/0x110 [ 221.524633][ T7158] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 221.524661][ T7158] ? stack_depot_save_flags+0x3f3/0x810 [ 221.524693][ T7158] ? kasan_save_track+0x4f/0x80 [ 221.524713][ T7158] ? kasan_save_track+0x3e/0x80 [ 221.524731][ T7158] ? kasan_save_free_info+0x46/0x50 [ 221.524749][ T7158] ? __kasan_slab_free+0x5c/0x80 [ 221.524761][ T7158] ? vmci_qp_broker_detach+0x117/0xf10 [ 221.524776][ T7158] lock_acquire+0x106/0x350 [ 221.524800][ T7158] ? vmci_qp_broker_detach+0x117/0xf10 [ 221.524827][ T7158] ? vmci_qp_broker_detach+0x117/0xf10 [ 221.524856][ T7158] ? vmci_qp_broker_detach+0x117/0xf10 [ 221.524881][ T7158] mutex_lock_nested+0x5a/0x1d0 [ 221.524901][ T7158] ? vmci_qp_broker_detach+0x117/0xf10 [ 221.524919][ T7158] vmci_qp_broker_detach+0x117/0xf10 [ 221.524937][ T7158] ? __pfx_vmci_qp_broker_detach+0x10/0x10 [ 221.524953][ T7158] ? kasan_quarantine_put+0xbb/0x1f0 [ 221.524971][ T7158] ? lockdep_hardirqs_on+0x7a/0x110 [ 221.524998][ T7158] ? kfree+0x1c5/0x6c0 [ 221.525017][ T7158] ? vmci_ctx_put+0x5ef/0xc40 [ 221.525034][ T7158] ? vmci_ctx_put+0x141/0xc40 [ 221.525055][ T7158] vmci_ctx_put+0x64e/0xc40 [ 221.525071][ T7158] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 221.525091][ T7158] ? vmci_ctx_put+0x141/0xc40 [ 221.525109][ T7158] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 221.525128][ T7158] ? __pfx_vmci_ctx_put+0x10/0x10 [ 221.525145][ T7158] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 221.525166][ T7158] ? rt_spin_unlock+0x160/0x200 [ 221.525186][ T7158] vmci_ctx_enqueue_datagram+0x3ab/0x420 [ 221.525210][ T7158] vmci_datagram_dispatch+0x450/0xc60 [ 221.525231][ T7158] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 221.525258][ T7158] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 221.525280][ T7158] ? __pfx_vmci_datagram_dispatch+0x10/0x10 [ 221.525306][ T7158] vmci_qp_broker_detach+0x8d4/0xf10 [ 221.525337][ T7158] ? __pfx_vmci_qp_broker_detach+0x10/0x10 [ 221.525360][ T7158] ? kasan_quarantine_put+0xbb/0x1f0 [ 221.525382][ T7158] ? kfree+0x1c5/0x6c0 [ 221.525400][ T7158] ? vmci_ctx_put+0x5ef/0xc40 [ 221.525422][ T7158] vmci_ctx_put+0x64e/0xc40 [ 221.525440][ T7158] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 221.525467][ T7158] ? vmci_ctx_put+0x141/0xc40 [ 221.525487][ T7158] ? __pfx_vmci_ctx_put+0x10/0x10 [ 221.525503][ T7158] vmci_host_close+0x9b/0x160 [ 221.525518][ T7158] ? __pfx_vmci_host_close+0x10/0x10 [ 221.525534][ T7158] __fput+0x461/0xa70 [ 221.525555][ T7158] task_work_run+0x1d9/0x270 [ 221.525578][ T7158] ? __pfx_task_work_run+0x10/0x10 [ 221.525602][ T7158] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 221.525622][ T7158] exit_to_user_mode_loop+0xed/0x480 [ 221.525650][ T7158] ? rcu_is_watching+0x15/0xb0 [ 221.525664][ T7158] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 221.525675][ T7158] do_syscall_64+0x33e/0xf80 [ 221.525690][ T7158] ? trace_irq_disable+0x3b/0x140 [ 221.525708][ T7158] ? clear_bhb_loop+0x40/0x90 [ 221.525730][ T7158] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 221.525749][ T7158] RIP: 0033:0x7f29cee7c819 [ 221.525767][ T7158] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 221.525784][ T7158] RSP: 002b:00007f29cd08c028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 221.525805][ T7158] RAX: 0000000000000000 RBX: 00007f29cf0f6180 RCX: 00007f29cee7c819 [ 221.525818][ T7158] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000000000005 [ 221.525826][ T7158] RBP: 00007f29cef12c91 R08: 0000000000000000 R09: 0000000000000000 [ 221.525833][ T7158] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 221.525840][ T7158] R13: 00007f29cf0f6218 R14: 00007f29cf0f6180 R15: 00007ffe51d8cad8 [ 221.525852][ T7158] [ 221.551975][ T7158] ------------[ cut here ]------------ [ 221.551988][ T7158] rtmutex deadlock detected [ 221.551994][ T7158] WARNING: kernel/locking/rtmutex.c:1687 at rt_mutex_handle_deadlock+0x21/0xb0, CPU#0: syz.1.383/7158 [ 221.552034][ T7158] Modules linked in: [ 221.552051][ T7158] CPU: 0 UID: 0 PID: 7158 Comm: syz.1.383 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 221.552065][ T7158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 221.552071][ T7158] RIP: 0010:rt_mutex_handle_deadlock+0x21/0xb0 [ 221.552099][ T7158] Code: 90 90 90 90 90 90 90 90 90 41 57 41 56 41 55 41 54 53 83 ff dd 0f 85 81 00 00 00 48 89 f7 e8 d6 3a 01 00 48 8d 3d 6f 1a 66 04 <67> 48 0f b9 3a 4c 8d 3d 00 00 00 00 65 48 8b 1d 13 9e 47 07 4c 8d [ 221.552122][ T7158] RSP: 0018:ffffc9000e8cf430 EFLAGS: 00010286 [ 221.552139][ T7158] RAX: 0000000080000000 RBX: ffffc9000e8cf4c0 RCX: 0000000000000000 [ 221.552152][ T7158] RDX: 0000000000000000 RSI: ffffffff8ba6a8e0 RDI: ffffffff8f8e3c50 [ 221.552165][ T7158] RBP: ffffc9000e8cf5e0 R08: ffffffff8f8b09b7 R09: 1ffffffff1f16136 [ 221.552179][ T7158] R10: dffffc0000000000 R11: fffffbfff1f16137 R12: 1ffff92001d19e94 [ 221.552192][ T7158] R13: ffffffff8b281c2d R14: ffffffff8e947710 R15: dffffc0000000000 [ 221.552206][ T7158] FS: 00007f29cd08c6c0(0000) GS:ffff888126124000(0000) knlGS:0000000000000000 [ 221.552222][ T7158] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 221.552235][ T7158] CR2: 0000001b2ed12ff8 CR3: 0000000065bf8000 CR4: 00000000003526f0 [ 221.552254][ T7158] Call Trace: [ 221.552261][ T7158] [ 221.552269][ T7158] ? rt_mutex_slowlock+0x1fd/0x780 [ 221.552290][ T7158] rt_mutex_slowlock+0x73a/0x780 [ 221.552312][ T7158] ? rt_mutex_slowlock+0x1fd/0x780 [ 221.552332][ T7158] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 221.552360][ T7158] ? lock_acquire+0x221/0x350 [ 221.552387][ T7158] ? vmci_qp_broker_detach+0x117/0xf10 [ 221.552413][ T7158] mutex_lock_nested+0x168/0x1d0 [ 221.552435][ T7158] vmci_qp_broker_detach+0x117/0xf10 [ 221.552465][ T7158] ? __pfx_vmci_qp_broker_detach+0x10/0x10 [ 221.552491][ T7158] ? kasan_quarantine_put+0xbb/0x1f0 [ 221.552511][ T7158] ? lockdep_hardirqs_on+0x7a/0x110 [ 221.552537][ T7158] ? kfree+0x1c5/0x6c0 [ 221.552555][ T7158] ? vmci_ctx_put+0x5ef/0xc40 [ 221.552573][ T7158] ? vmci_ctx_put+0x141/0xc40 [ 221.552592][ T7158] vmci_ctx_put+0x64e/0xc40 [ 221.552611][ T7158] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 221.552636][ T7158] ? vmci_ctx_put+0x141/0xc40 [ 221.552654][ T7158] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 221.552674][ T7158] ? __pfx_vmci_ctx_put+0x10/0x10 [ 221.552695][ T7158] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 221.552722][ T7158] ? rt_spin_unlock+0x160/0x200 [ 221.552745][ T7158] vmci_ctx_enqueue_datagram+0x3ab/0x420 [ 221.552767][ T7158] vmci_datagram_dispatch+0x450/0xc60 [ 221.552787][ T7158] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 221.552812][ T7158] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 221.552832][ T7158] ? __pfx_vmci_datagram_dispatch+0x10/0x10 [ 221.552856][ T7158] vmci_qp_broker_detach+0x8d4/0xf10 [ 221.552885][ T7158] ? __pfx_vmci_qp_broker_detach+0x10/0x10 [ 221.552909][ T7158] ? kasan_quarantine_put+0xbb/0x1f0 [ 221.552929][ T7158] ? kfree+0x1c5/0x6c0 [ 221.552946][ T7158] ? vmci_ctx_put+0x5ef/0xc40 [ 221.552967][ T7158] vmci_ctx_put+0x64e/0xc40 [ 221.552984][ T7158] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 221.553009][ T7158] ? vmci_ctx_put+0x141/0xc40 [ 221.553027][ T7158] ? __pfx_vmci_ctx_put+0x10/0x10 [ 221.553052][ T7158] vmci_host_close+0x9b/0x160 [ 221.553075][ T7158] ? __pfx_vmci_host_close+0x10/0x10 [ 221.553098][ T7158] __fput+0x461/0xa70 [ 221.553130][ T7158] task_work_run+0x1d9/0x270 [ 221.553155][ T7158] ? __pfx_task_work_run+0x10/0x10 [ 221.553179][ T7158] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 221.553199][ T7158] exit_to_user_mode_loop+0xed/0x480 [ 221.553223][ T7158] ? rcu_is_watching+0x15/0xb0 [ 221.553242][ T7158] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 221.553260][ T7158] do_syscall_64+0x33e/0xf80 [ 221.553284][ T7158] ? trace_irq_disable+0x3b/0x140 [ 221.553306][ T7158] ? clear_bhb_loop+0x40/0x90 [ 221.553326][ T7158] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 221.553343][ T7158] RIP: 0033:0x7f29cee7c819 [ 221.553359][ T7158] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 221.553373][ T7158] RSP: 002b:00007f29cd08c028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 221.553392][ T7158] RAX: 0000000000000000 RBX: 00007f29cf0f6180 RCX: 00007f29cee7c819 [ 221.553404][ T7158] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000000000005 [ 221.553416][ T7158] RBP: 00007f29cef12c91 R08: 0000000000000000 R09: 0000000000000000 [ 221.553427][ T7158] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 221.553437][ T7158] R13: 00007f29cf0f6218 R14: 00007f29cf0f6180 R15: 00007ffe51d8cad8 [ 221.553457][ T7158] [ 221.553467][ T7158] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 221.553481][ T7158] CPU: 0 UID: 0 PID: 7158 Comm: syz.1.383 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 221.553501][ T7158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 221.553511][ T7158] Call Trace: [ 221.553523][ T7158] [ 221.553531][ T7158] vpanic+0x56c/0xa60 [ 221.553548][ T7158] ? __pfx__printk+0x10/0x10 [ 221.553568][ T7158] ? __pfx_vpanic+0x10/0x10 [ 221.553583][ T7158] ? is_bpf_text_address+0x292/0x2b0 [ 221.553608][ T7158] ? is_bpf_text_address+0x26/0x2b0 [ 221.553637][ T7158] panic+0xc5/0xd0 [ 221.553652][ T7158] ? __pfx_panic+0x10/0x10 [ 221.553674][ T7158] __warn+0x315/0x4c0 [ 221.553689][ T7158] ? rt_mutex_handle_deadlock+0x21/0xb0 [ 221.553710][ T7158] ? rt_mutex_handle_deadlock+0x21/0xb0 [ 221.553730][ T7158] __report_bug+0x29a/0x540 [ 221.553757][ T7158] ? rt_mutex_handle_deadlock+0x21/0xb0 [ 221.553778][ T7158] ? __pfx___report_bug+0x10/0x10 [ 221.553807][ T7158] ? rt_mutex_handle_deadlock+0x26/0xb0 [ 221.553829][ T7158] ? rt_mutex_handle_deadlock+0x21/0xb0 [ 221.553854][ T7158] report_bug_entry+0x19a/0x290 [ 221.553878][ T7158] ? rt_mutex_handle_deadlock+0x21/0xb0 [ 221.553897][ T7158] ? rt_mutex_handle_deadlock+0x26/0xb0 [ 221.553916][ T7158] handle_bug+0xce/0x200 [ 221.553934][ T7158] exc_invalid_op+0x1a/0x50 [ 221.553950][ T7158] asm_exc_invalid_op+0x1a/0x20 [ 221.553967][ T7158] RIP: 0010:rt_mutex_handle_deadlock+0x21/0xb0 [ 221.554006][ T7158] Code: 90 90 90 90 90 90 90 90 90 41 57 41 56 41 55 41 54 53 83 ff dd 0f 85 81 00 00 00 48 89 f7 e8 d6 3a 01 00 48 8d 3d 6f 1a 66 04 <67> 48 0f b9 3a 4c 8d 3d 00 00 00 00 65 48 8b 1d 13 9e 47 07 4c 8d [ 221.554021][ T7158] RSP: 0018:ffffc9000e8cf430 EFLAGS: 00010286 [ 221.554036][ T7158] RAX: 0000000080000000 RBX: ffffc9000e8cf4c0 RCX: 0000000000000000 [ 221.554048][ T7158] RDX: 0000000000000000 RSI: ffffffff8ba6a8e0 RDI: ffffffff8f8e3c50 [ 221.554061][ T7158] RBP: ffffc9000e8cf5e0 R08: ffffffff8f8b09b7 R09: 1ffffffff1f16136 [ 221.554074][ T7158] R10: dffffc0000000000 R11: fffffbfff1f16137 R12: 1ffff92001d19e94 [ 221.554087][ T7158] R13: ffffffff8b281c2d R14: ffffffff8e947710 R15: dffffc0000000000 [ 221.554199][ T7158] ? rt_mutex_slowlock+0x1fd/0x780 [ 221.554226][ T7158] ? rt_mutex_slowlock+0x1fd/0x780 [ 221.554246][ T7158] rt_mutex_slowlock+0x73a/0x780 [ 221.554267][ T7158] ? rt_mutex_slowlock+0x1fd/0x780 [ 221.554288][ T7158] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 221.554314][ T7158] ? lock_acquire+0x221/0x350 [ 221.554344][ T7158] ? vmci_qp_broker_detach+0x117/0xf10 [ 221.554368][ T7158] mutex_lock_nested+0x168/0x1d0 [ 221.554390][ T7158] vmci_qp_broker_detach+0x117/0xf10 [ 221.554419][ T7158] ? __pfx_vmci_qp_broker_detach+0x10/0x10 [ 221.554442][ T7158] ? kasan_quarantine_put+0xbb/0x1f0 [ 221.554461][ T7158] ? lockdep_hardirqs_on+0x7a/0x110 [ 221.554487][ T7158] ? kfree+0x1c5/0x6c0 [ 221.554504][ T7158] ? vmci_ctx_put+0x5ef/0xc40 [ 221.554521][ T7158] ? vmci_ctx_put+0x141/0xc40 [ 221.554541][ T7158] vmci_ctx_put+0x64e/0xc40 [ 221.554559][ T7158] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 221.554584][ T7158] ? vmci_ctx_put+0x141/0xc40 [ 221.554602][ T7158] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 221.554622][ T7158] ? __pfx_vmci_ctx_put+0x10/0x10 [ 221.554642][ T7158] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 221.554666][ T7158] ? rt_spin_unlock+0x160/0x200 [ 221.554687][ T7158] vmci_ctx_enqueue_datagram+0x3ab/0x420 [ 221.554710][ T7158] vmci_datagram_dispatch+0x450/0xc60 [ 221.554730][ T7158] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 221.554755][ T7158] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 221.554776][ T7158] ? __pfx_vmci_datagram_dispatch+0x10/0x10 [ 221.554800][ T7158] vmci_qp_broker_detach+0x8d4/0xf10 [ 221.554829][ T7158] ? __pfx_vmci_qp_broker_detach+0x10/0x10 [ 221.554854][ T7158] ? kasan_quarantine_put+0xbb/0x1f0 [ 221.554879][ T7158] ? kfree+0x1c5/0x6c0 [ 221.554897][ T7158] ? vmci_ctx_put+0x5ef/0xc40 [ 221.554916][ T7158] vmci_ctx_put+0x64e/0xc40 [ 221.554934][ T7158] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 221.554959][ T7158] ? vmci_ctx_put+0x141/0xc40 [ 221.554978][ T7158] ? __pfx_vmci_ctx_put+0x10/0x10 [ 221.555003][ T7158] vmci_host_close+0x9b/0x160 [ 221.555026][ T7158] ? __pfx_vmci_host_close+0x10/0x10 [ 221.555050][ T7158] __fput+0x461/0xa70 [ 221.555070][ T7158] task_work_run+0x1d9/0x270 [ 221.555091][ T7158] ? __pfx_task_work_run+0x10/0x10 [ 221.555124][ T7158] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 221.555144][ T7158] exit_to_user_mode_loop+0xed/0x480 [ 221.555171][ T7158] ? rcu_is_watching+0x15/0xb0 [ 221.555193][ T7158] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 221.555213][ T7158] do_syscall_64+0x33e/0xf80 [ 221.555237][ T7158] ? trace_irq_disable+0x3b/0x140 [ 221.555259][ T7158] ? clear_bhb_loop+0x40/0x90 [ 221.555281][ T7158] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 221.555299][ T7158] RIP: 0033:0x7f29cee7c819 [ 221.555314][ T7158] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 221.555329][ T7158] RSP: 002b:00007f29cd08c028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 221.555348][ T7158] RAX: 0000000000000000 RBX: 00007f29cf0f6180 RCX: 00007f29cee7c819 [ 221.555361][ T7158] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000000000005 [ 221.555373][ T7158] RBP: 00007f29cef12c91 R08: 0000000000000000 R09: 0000000000000000 [ 221.555386][ T7158] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 221.555398][ T7158] R13: 00007f29cf0f6218 R14: 00007f29cf0f6180 R15: 00007ffe51d8cad8 [ 221.555419][ T7158] [ 221.555893][ T7158] Kernel Offset: disabled