last executing test programs: 5.298900719s ago: executing program 1 (id=508): sendmsg$NL80211_CMD_GET_SURVEY(0xffffffffffffffff, 0x0, 0x4) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000000, 0x10, 0xffffffffffffffff, 0xade58000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={0x0}}, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_GET(r3, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)={&(0x7f0000000e80)={0x14, 0x1, 0x8, 0x301}, 0x14}}, 0x0) 4.361709678s ago: executing program 3 (id=513): socket$alg(0x26, 0x5, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000002c0)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106(gcm(aes))\x00'}, 0x58) socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r2, 0x0) accept4(r2, 0x0, 0x0, 0x80000) socket$inet_sctp(0x2, 0x1, 0x84) socket$nl_xfrm(0x10, 0x3, 0x6) socket$unix(0x1, 0x5, 0x0) socket$can_bcm(0x1d, 0x2, 0x2) accept4(r0, 0x0, 0x0, 0x800) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000000000791048000000000061043c000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x1, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffd8b, 0xffffffffffffffff}, 0x48) socket$inet6_mptcp(0xa, 0x1, 0x106) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r3, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmmsg(r3, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r5}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0) 4.201598058s ago: executing program 1 (id=515): sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000032c0)=[{0x0, 0x0, &(0x7f0000000240)=[{0x0}], 0x1, &(0x7f0000000000)=ANY=[], 0x30}], 0x1, 0x0) r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x0) sendmmsg$inet(r0, &(0x7f00000020c0)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000004c0)='\f', 0x1}], 0x1, 0x0, 0x0, 0x2000000}}], 0xfdef, 0x0) 4.073320512s ago: executing program 0 (id=516): syz_emit_ethernet(0x2a, 0x0, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @link_local}, 0x14) 3.98163257s ago: executing program 4 (id=517): r0 = socket$nl_route(0x10, 0x3, 0x0) pipe(&(0x7f0000000080)) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x54}, 0x1, 0x0, 0x0, 0x8000}, 0x0) 3.964607157s ago: executing program 1 (id=518): socket$nl_xfrm(0x10, 0x3, 0x6) socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$AUTOFS_IOC_SETTIMEOUT(0xffffffffffffffff, 0x80049367, &(0x7f0000000040)=0x9) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000d80)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in6=@local, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in=@multicast2, 0x4d2, 0x33}, @in=@broadcast, {0x0, 0x0, 0x0, 0x40000, 0x2}, {}, {0x0, 0x1}, 0x70bd29, 0x0, 0xa}}}, 0xf8}, 0x1, 0x0, 0x0, 0x800}, 0x0) readv(r1, &(0x7f0000001240)=[{&(0x7f00000012c0)=""/41, 0x18}], 0x1) ioctl$UI_END_FF_ERASE(r1, 0x400c55cb, 0x0) write$input_event(r1, &(0x7f0000000000)={{0x77359400}, 0x15}, 0xfe4f) 3.946414081s ago: executing program 4 (id=519): r0 = socket$alg(0x26, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000480)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x1}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x8) syz_clone3(&(0x7f0000000180)={0x20000, 0x0, 0x0, 0x0, {0x20}, 0x0, 0x0, 0x0, 0x0}, 0x58) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}], 0x1}], 0x1, 0x40800) recvmsg(0xffffffffffffffff, 0x0, 0x0) 3.945350716s ago: executing program 0 (id=520): modify_ldt$write2(0x11, &(0x7f0000000180)={0x8, 0x20000800}, 0x10) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xe, 0x4, 0x4, 0x2, 0x0, 0x1, 0xffffffff}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000003200)={0x6, 0x14, &(0x7f00000001c0)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bca2000000000000a6020000f8ffffffb703000018000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 3.817266347s ago: executing program 0 (id=521): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000002580)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000001c0)="64bb6a97aaf0b87f190a4cba6feb816dfef1c47030d7e707ac33636c2579a098b5", 0x21}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x4802d) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4c881, &(0x7f0000000540)={0xa, 0x4e24, 0x12, @mcast2}, 0x1c) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000780)="85b632a7a37adee4b14e931c21865b46fc33702952b3a91def2830db4418a85d76fb3fe6f0007ccbc98f6ed11f4833ac561b10420eb1eb0c0000ce8d56336ed5afeb953043a82a5cb775c666966d1523acc45a9348ffcace11cc5555147f2ce6ba1eb1949b44d4f713136d3898ade4a751a4a4f73d48a0462e7004a556ddd70c2975767c3524f533b2deb66e733e916fc42b47c99f", 0x95}], 0x1}}, {{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000280)="02c5be3c8c3036", 0x7}, {&(0x7f00000014c0)="03fe62190d30c5266fecee89914547e2f7b4a027049e2e1a5f83155978a78bbdad6455463d1cf596b04e732b6208f7c2052499aeef053781fbcdade1e4509b96442dfeafff2d34ca74ba872f741bbfffb78009ba745cfae12435500f1548f44c78a2836904c1ea9465ff82cb288006c8b5c825f6e663221b67557c1a53955db404b3085745aa93be94c608c017ab4764a52e05dbd67f25f8e41ff55982990488669a5f80e6e42ebfbd55ceb2c27f0fa69f747f4d483ec4b65af86c376e247ae4ab495dd8f7c0d8e6104642b2e43821297f235302198b83cce600f79b7fafa02050af352e7fe2bf1f0fed3684b62c375dcb08b279e4ad209e087e9f90856fc28dcc1df7ff5275e5b006e6b8b805d1e8c7bfdb9c8c77037566567c0ec3629789917cbacbca99bcc7e0b4a8be600f139af8b95ba2b96c04e3f42399ee18b61475963296f6c91cad4b61365e0cc818b1e1652a7da261d5d9417aa190a14344b33f187f8471ae22630602748c55fc6cdfdc3b9e314e2b3ba81bb7419e32d19e5941307b57963f2111206605791ee926d1bec8311ef95d0dcbd58f4b89170627dc5b61f821ef31c5ab23c2d6fe6a329c7c9894be247401fd97bc780ab214110ed5964afa26473f6f5746eb2b4d2ac1bd24572187252841894553f50897a289af17a94b7c33cc71f242bb7e10fea955117bef8610512b1ff43dec43b8431de3dad13d796b7c9ed0cccc7cadf43bed753f7005f3d1744853b7c73b534673fcdb64ca2c7c729ccff8dc45cc970b38d5838b5bcdbab648e1ccc89f59c1702dce2848814ce9fc9ec3abc06ec9a130b0c9253d9f21853b36330d6b1018d096f50c4a979e4be4648d96b0929bffb0668f1933888b9536cd1fac764c507e65858ae5cda4f89c8aa0f3778c47313fcc06b5c994d9961c47541506864558931c33b25a0239c16802f530cef88b41964a49d2b98c21e7dc13e202db638dbf8d47f7260d807a91c91037428d78c3e72c22778c7e3c92159e4c12201c2da39273ae41a8677d571ad85cd58f7d6dec1d03e8bb1057ba35f77c4e79820fa3f1183aa09e05572bef1503552170d1120322fcaa9887f6df62e977ddeeebc9e70e9083d6a661735c99b954b03d2e4c3f1490ae4c75ed4ac71486f3ac9fc69fe8835f11b29703d454332b7b1d6aeb7761af88be69aea7b185557fde17f2af18a859e10dd220d0404e94002ceea33236868251c11fb74ead121c80650bc001190db40801562d74537cca121c12f199e945321431320d44eaf4e03ff155e643ade3902a256265f4ce7fa94e2c4edd4bdf233391bac97b407b72b31a27937f9791a4d2ccbc37daeb16fd3f61ff5b9754b1fec793c102d34c237a5f57cc6742856dc820de9f6dc0a95d1c96d4451aa3a9603e3fc3f978275f918e4f16e20a7bcfed8a38c1ac4e72d3177e969058756f68b3d44e14da109e0937f4a887a9c2799572cfa9c09a065cad9904b5f9347203352b393f557cae24d1233080f1dbdbd66570d6856785b6e33d13d5f8bdd170df6b38912a3fde22b04058e5cf22b18c6e960b6b9e9bcb77accb8a8c5693f94a949080e474d58e020e0d457fbe99f3fe62eb86ed4dbea50793b32a12dc48fcd8a88ff9f553809f0d8e02f8ded798cdd35bd365b2e48cd5a15fdc6c33762d29edf4a9ef6e525acc55132f190c1ecbd4688410584a334c6150bf878b1311ffff8b201647243fd27d22c7f41e9f89d598cd7b44cafe4f45f9478cb91ac773fbe16d5bb911b5f960aba523893e37b3b21b9a30aa2fa597d2e02d2b8161ca50b719d83a49c878ccce0cf6212b5f386673", 0x50e}], 0x2}}, {{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000380)}], 0x1}}], 0x4, 0x400c404) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 2.861634978s ago: executing program 1 (id=523): r0 = socket$alg(0x26, 0x5, 0x0) sched_setscheduler(0x0, 0x1, 0x0) getpid() socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-asm\x00'}, 0x58) close(0xffffffffffffffff) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) syz_open_procfs(0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r1 = accept4(r0, 0x0, 0x0, 0x80800) sendmmsg$alg(r1, &(0x7f0000000ac0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)=[@assoc={0x18, 0x117, 0x4, 0x4b9e}, @iv={0x18, 0x117, 0x2, 0x2, "d82c"}, @op={0x18, 0x117, 0x3, 0x1}], 0x48, 0x84}], 0x1, 0x0) 2.844027818s ago: executing program 4 (id=524): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, 0x2}, 0x94) unshare(0x62040200) unshare(0x8000000) socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x82, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000580)={0x1b, 0x0, 0x0, 0x2, 0x0, 0xffffffffffffffff, 0x10001, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x4, 0x7}, 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000340)={{}, &(0x7f00000001c0), &(0x7f00000002c0)='%pi6 \x00'}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0x11, &(0x7f0000000940)=ANY=[@ANYBLOB="1c0000000100010000001400092cffff181100002684eae8a17d88ad7dd988dc99a0537d0dc4", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000185a00000a8000000000000000000000bf91000000000000b7020000020000008500000085000000b7000000000000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), r1) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$NL802154_CMD_NEW_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002abd7000fcdbdf2507000000080001000100000008000500020000000a0004007770616e2300aae3becaaeaa0000"], 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x0) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x38, r2, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x24, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0xfd7c, 0x6, 0x1}]}]}, 0x38}}, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r5) bind$inet6(r5, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty, 0x7f}, 0x1c) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x100000d, 0xa010, r6, 0x83a06000) r7 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r7, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x4, 0xfffffffd}}, 0x10) r8 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r7, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x42, 0x3}, 0x3}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r8, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x1}, 0x10) 2.821969828s ago: executing program 0 (id=525): sendmsg$NL80211_CMD_GET_SURVEY(0xffffffffffffffff, 0x0, 0x4) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000000, 0x10, 0xffffffffffffffff, 0xade58000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={0x0}}, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_GET(r3, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)={&(0x7f0000000e80)={0x14, 0x1, 0x8, 0x301}, 0x14}}, 0x0) 2.681543885s ago: executing program 1 (id=526): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x1c, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7902009875f37538e486dd6317ce62667f2c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa88"], 0xfdef) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fed007907001175f37538e486dd6317ce2200"], 0xcfa4) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000040)="d800000018", 0x5}], 0x1}, 0x1) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 2.613551117s ago: executing program 3 (id=527): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000002c0)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) socket(0x400000000010, 0x3, 0x0) connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@gettfilter={0x24, 0x2e, 0x1, 0x70bd28, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0xfff2, 0xffe0}, {0x0, 0xfff1}, {0xfff2, 0x2}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000801}, 0x4041080) 2.361661014s ago: executing program 2 (id=528): sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000032c0)=[{0x0, 0x0, &(0x7f0000000240)=[{0x0}], 0x1, &(0x7f0000000000)=ANY=[], 0x30}], 0x1, 0x0) r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x0) sendmmsg$inet(r0, &(0x7f00000020c0)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000004c0)='\f', 0x1}], 0x1, 0x0, 0x0, 0x2000000}}], 0xfdef, 0x0) 2.26205728s ago: executing program 2 (id=529): sendmsg$inet(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000100)="b0fef28adda62f55a0000000000000001abe0a88f67472c3cd975c9884ae3f95e35b6301084df2", 0x27}], 0x1}, 0x8000) syz_emit_ethernet(0x2a, &(0x7f0000000100)=ANY=[@ANYBLOB="9115463ecc790180c200000308060001080006"], 0x0) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @link_local}, 0x14) 2.181558169s ago: executing program 2 (id=530): r0 = socket$nl_route(0x10, 0x3, 0x0) pipe(&(0x7f0000000080)) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000580)=ANY=[], 0x54}, 0x1, 0x0, 0x0, 0x8000}, 0x0) 2.107932689s ago: executing program 2 (id=531): modify_ldt$write2(0x11, &(0x7f0000000180)={0x8, 0x20000800}, 0x10) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xe, 0x4, 0x4, 0x2, 0x0, 0x1, 0xffffffff}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000003200)={0x6, 0x14, &(0x7f00000001c0)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bca2000000000000a6020000f8ffffffb703000018000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 2.105761815s ago: executing program 1 (id=532): syz_open_procfs(0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='blkio.bfq.io_wait_time\x00', 0x26e1, 0x0) close(r0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = fanotify_init(0x10, 0x101000) r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) fanotify_mark(r4, 0x455, 0x8000008, r5, 0x0) fanotify_mark(r4, 0x7e, 0x800003a, r5, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0) close(r6) socket$netlink(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r6, 0x8b18, &(0x7f0000000000)={'wlan1\x00', @random="010000000700"}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$SIOCSIFHWADDR(r0, 0x8b06, &(0x7f0000000000)={'wlan1\x00', @random="02000000000a"}) 1.96864509s ago: executing program 3 (id=533): socket$nl_xfrm(0x10, 0x3, 0x6) socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$AUTOFS_IOC_SETTIMEOUT(0xffffffffffffffff, 0x80049367, &(0x7f0000000040)=0x9) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000d80)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in6=@local, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in=@multicast2, 0x4d2, 0x33}, @in=@broadcast, {0x0, 0x0, 0x0, 0x40000, 0x2}, {}, {0x0, 0x1}, 0x70bd29, 0x0, 0xa}}}, 0xf8}, 0x1, 0x0, 0x0, 0x800}, 0x0) readv(r1, &(0x7f0000001240)=[{&(0x7f00000012c0)=""/41, 0x18}], 0x1) ioctl$UI_END_FF_ERASE(r1, 0x400c55cb, 0x0) write$input_event(r1, &(0x7f0000000000)={{0x77359400}, 0x15}, 0xfe4f) 1.953642004s ago: executing program 2 (id=534): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0900000005000000080000000f"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000840)={r1}, 0xc) 1.729588359s ago: executing program 0 (id=535): r0 = socket(0x11, 0x3, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f00000006c0)=0x110, 0x4) sendmmsg(r0, &(0x7f0000000000)=[{{&(0x7f0000000640)=@qipcrtr={0x2a, 0x1, 0x4001}, 0x80, 0x0}}], 0x1, 0x24044015) recvmmsg(r0, &(0x7f0000005900)=[{{&(0x7f0000000740)=@phonet, 0x80, &(0x7f0000000800)=[{&(0x7f00000007c0)=""/50, 0x32}], 0x1}, 0x9}, {{0x0, 0x0, 0x0}, 0xc160}, {{&(0x7f0000004c00)=@nl, 0x80, 0x0}, 0x9}], 0x3, 0x2002, 0x0) 1.675191219s ago: executing program 2 (id=536): prlimit64(0x0, 0xe, &(0x7f00000002c0)={0xa, 0x4008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = getpid() syz_pidfd_open(r2, 0x0) mount(0x0, 0x0, 0x0, 0x2951024, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) 1.459003568s ago: executing program 3 (id=537): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4) sendmsg$inet6(r0, &(0x7f00000000c0)={&(0x7f00000001c0)={0xa, 0x4e23, 0x80000, @private1={0xfc, 0x1, '\x00', 0x1}}, 0x1c, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="120000000000000029000000", @ANYRES16=r0], 0x18}, 0x40c0) 1.274142084s ago: executing program 3 (id=538): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000100)={0x0, 0xaaa, &(0x7f0000000240), 0x0}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000001080), 0xa000, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x0, 0x2004cb, 0x0, 0xa1d, 0x68ff, 0x5, 0x0, 0x3, 0x2], 0x10000, 0x202}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = syz_init_net_socket$ax25(0x3, 0x3, 0x1) ioctl$SIOCAX25GETUID(r4, 0x89e0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'macvlan0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@newlink={0x48, 0x10, 0x503, 0x0, 0x2000, {0x0, 0x0, 0x0, 0x0, 0xe315}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvtap={{0xc}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_ADDRESS={0xa, 0x1, @remote}]}, 0x48}}, 0x0) 1.212010079s ago: executing program 4 (id=539): ioctl$EXT4_IOC_GET_ES_CACHE(0xffffffffffffffff, 0xc020662a, &(0x7f0000000080)={0xfffffffffffffff7, 0x1, 0x1, 0x3ff, 0x1, 0x0, [{0x9, 0x7fff, 0x101, '\x00', 0x7b42d44761708903}]}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r0 = fsmount(0xffffffffffffffff, 0x0, 0x0) fchdir(r0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) ioctl$BTRFS_IOC_TREE_SEARCH(0xffffffffffffffff, 0xd0009411, &(0x7f0000000340)={{0x0, 0x3, 0x6, 0x1, 0xfffffffffffffffa, 0x4, 0x6, 0x53, 0x800, 0x3, 0xb407, 0x7, 0x0, 0xd467, 0x80000000}}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0) pwrite64(r2, &(0x7f0000000100)='=', 0x1, 0x4fed3) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r1, 0x0) 1.077638459s ago: executing program 0 (id=540): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)={{0x12, 0x1, 0x200, 0x95, 0x5a, 0x4f, 0x40, 0xcf3, 0xe019, 0xfb4f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x80, 0x0, 0x0, 0x2, [{{0x9, 0x4, 0x94, 0x9, 0x2, 0x74, 0x83, 0x31, 0x80, [], [{{0x9, 0x5, 0x7, 0x0, 0x0, 0x6, 0x8, 0x0, [@generic={0x9, 0x11, "62b367e12306af"}]}}, {{0x9, 0x5, 0x5, 0x3, 0x10, 0x81, 0x5, 0x9}}]}}]}}]}}, 0x0) syz_usb_disconnect(r0) r1 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e"], 0x0) syz_usb_control_io(r1, 0x0, &(0x7f0000000780)={0x84, &(0x7f00000004c0)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) memfd_create(&(0x7f0000000e00)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9\xd6\x1c\x1b*\x9a!?\x7f\xa5\xad\x9a,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf#2\x99\x1e\xa1`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\f<\x8f\xc1\x99\x89r\xe1?\xbdu\x98\xc3\xf8\xd2Q#\xc6g\xa0\x85\xd6G\x85\x11X\x8d,\x02\xd45\xb8\xca\x97\x9d\xcb\x1e\x80\xd6\xd5>N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec\x8aog\x87BR\x9d\xad\xd4FcB\xda\x95\xc3\xdd\x9d\x8f\x1a\xce\x18\x80\"j\xe1\xba\x1e\x97uX\xccv\xd6\vcz\x92A^\xbc\xceF\xf7\xe5:\xaf\xc5~\xbcJ e\r\x88c\x9d\xb92\xb6i4zt\x93\xf2E6b\xfa\xcdJ5\xe3W]`4\xd8D\x05\v\xfc)\xca\xedQ\xd0]Ot\'\xc2tDF\xf9\xa7\xb5(\x83\xa5\x0f\x1d\x1d\x06Dg\x04>\x19\xe85#\aaT\x89=\x104\xd5\x85Q\x96\x91\xea\x172P\xb3:\xadZ\xbc\xbe\x00\xf0\x14\x96\xd9M\xd7\x88QZs\xb2\xe1+$jfQodH\x05/y`~Mx\x02\x00(v\xe6`\x026\xfcgC\xb5\xf0\x13.zb\xc5bj+@\x00\x00\x00\x00\x00\x8e[\xb3\xa3\x87\xb9\xe2_D\x9b\x9a\x99\x8e.V\xc8\xe1\xa2\xeb\x9b\x18{Z\x11\xef\xc2]V\xf3\x03\x94\xb9\xe1\xa68\x8d\\\xe5\xef\xacpM\xf0\xa6\x04\x10\xb7\xc0t\x83\\\xf7\x12k\x9f\x10\xd5Z\x19\xc1\xc1\x80\\o\x97\xce=U\xdd\xaa\x1b\x05\x14\x13\xa6\xbd#\xde\x04\xe6$\xec$3\xf6\x97\xc6\xeaSL\xb7A72M\x88k@\xe5\xa3\n&\x1e\xc84\xa9\xe2\xccM\x906\x95xQ-2p\xd62\'\xec\x0f\x13;I\x95fE_\r\xe7\t!A\x05\xe4\x8f\x9e0\xf8/T\x18\xf7\xa1\x9f\xde1\xd5\x80<\xf5\b\xa9\xe4\x85\xaeW\xb3\xd8#)bn \xfb\xf2\x88\xfaR\xff\xdd\x80\x96_\xec5\xf0\x1c\a\x8a\x80\x00@=\r\x04u+%f:\x1e\x82\xfap\xf6\x89\xea\xba\xe3\xbbM%F\xdb\\\xd1eJJ*\xc67\xca\x03\xa3\xf7(\xbb\xecN\x94\xe7\xf2:u\x8a\b\xd5\v\xca\xfd\\\xd6\xe3\x05\xb3\x03\xd5\xe0\xd2\xf2{&\x8b\xdf\xa1\xbe}\xb2\xe4y\xbb\xe6\x1f\x10c\xf5WQ\x82\x04\x01C\x83,\x90\x1a\x04\x00\x00\x00\x00\x00\x00\x00\rmq\t\xb5$\xb4\x9b\x92z\xd6/-\x13,\xb5%\x8eM/\x04\xa7\x7f\x1b\x85\xf1\xa4\xeb\x17\xbb\x1cR14\xfb!\b\x10\xe8\xb2\xd41gK\xe4\xea\xe39d\bL\xe5\x1b\xbd[\x9bWD:\r&\xe9\vn^\xcc\x86\xe3\xce1>3{\xaa{\xbd0P\x9f\xa68\xf5\x82\xb8\x9aD\x9c{\xe6\xf8\xcbD\xb5aJ\xb0\x92\x89\xbc\x80\x1ch\x89\xc7\xdd]q\x0e,>/\xaf|\xf0\x01V\x7f\xc9?\xba\x16\xe4$+\x02\x00\x00\x00\x00\x00\x00\x00\xa5\x94d9\xaf\xcfq\x8b=\x026\xef\r\x91\x18\xc5\xb6\xb9fM\x8ayZ\xbcd\xa5\x8a\x88\x98\xc3\xfc`\xa6\xba\x1f\x17\v$\x88g\xb4\xad\b\xc1\xddW\xa6\xc1\xb7\xb0\xa3\x84Q\x13GoU\xe2\xb7\x03\x9c\xd5\x0f\xa8\x0ef\"\x15\x82\xe7\xbd\xf8\xca\x10f\xfe\x00h\xe9\xc3\xc2\xa0O:\xac~\x1a\xf7\xbeF\xbe\xe5\xf0\x81\xd6&\xc0>z\x1d\xc4\xee\x9c\xd4~\x89\xab\xe0\xa4\xbc\x13r\xe9\x19\x18\xc3\xe8\xa0\xad\x84\"N\xe5\xf7\xe9\x8b\xb6\xb6\xa2\xfa?%\xd8Bt$N\xd3 \xe1nA\"$\xff\xc3\xc8\xc5\x91\x97\xe1&\x93J\xec9\x811\x17\xff\x96\xeb\xb2\xc3\xa0\xd5\xb7\xbeg\xfbS\x930o^\xda\xf8C\x9ez\x14\xc6\xd8N\x10p\xa7\xb0\xb58\x94\xa6&\x83\xb6?\xf7Ps0\xaf\xe2\xf3G\xb4\xf9\x84\xff\xc7]\xa0\x15)\x1b\"\x7f\x826\\\xbdnc\xeep,\x841\xfd7j\x8a\x16G9\xdf\xb8\xe9\x0e\x92\x1f\xf4.G\x1d\xd0\xa6\xe3v\xbc\b\xc1\xb4\xf0\xde4\xdf\xb5\xd86U8frhb\xed\fhS\xa6\vB]^c\xe9\x99\xa4T!V\x02\xcde\x85\x9fo^\xce\xf9m\xb5\x16\xcd\xf66\xab\x13\xd8\x89G!\xfe&\x0f\xe6\x8a\ngR\x87#\xf5\xa7\xf0d\xc79z\xa6e\x95\xcdv\xff\xb4c\xbe\xcd\x1e\xbeAg\xc5\x05\x90H\xc7\xb6\xd6l]\x80\x85\xf6\x06\xaf=\xeb\xdf', 0x1) socket(0x840000000002, 0x3, 0xff) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x12, 0xffffffffffffffff, 0xbdd94000) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000100), 0x200000, 0x0) r2 = syz_open_dev$vim2m(&(0x7f00000005c0), 0x5, 0x2) ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(r2, 0xc02c564a, &(0x7f0000000040)={0x0, 0x101c, 0x2, @stepwise={0x408, 0x8, 0x7ff, 0x0, 0xaeae, 0x84a}}) syz_open_dev$tty1(0xc, 0x4, 0x1) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="18000000780001062abd700000008ec207"], 0x18}], 0x1, 0x0, 0x0, 0x2000}, 0x4000880) 1.046805585s ago: executing program 4 (id=541): r0 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_init_net_socket$ax25(0x3, 0x2, 0xc4) ioctl$SIOCAX25ADDUID(r3, 0x89e1, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) close_range(r4, 0xffffffffffffffff, 0x0) writev(r0, &(0x7f00000000c0)=[{0x0}, {&(0x7f0000000080)="254d7a5919be013484784f96116d609df970576a9efae47c1c7dd4ec671002", 0x1f}], 0x2) 339.887209ms ago: executing program 3 (id=542): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x11, 0x80a, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000380)=ANY=[@ANYBLOB="500000000101010200000000fdffffff02000009200001800600c0f27ec8ceab0340000200001400018008000100ac14141508000200ac1414bb1c001980080001000600000008007cb5dca669bcac04ab3c9e0200c00100000800075293039f274d92648665123d1b7f828355b81734e0152be956645b35c7fecabd5aa45d14f15a3d223dc5b2828623bd413a5dcae3e8d0224e0f658d"], 0x50}, 0x1, 0x0, 0x0, 0x406c450}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x4, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e20}, 0x9) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r6 = fsopen(&(0x7f0000000180)='proc\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0) r7 = fsmount(r6, 0x0, 0x1) fchdir(r7) r8 = open(&(0x7f00000001c0)='.\x00', 0x141400, 0x4) getdents(r8, &(0x7f0000001400)=""/4091, 0xffb) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYRESHEX=r8, @ANYRES32=r2, @ANYBLOB="60300300001400005800128009000100626f6e6400000000480002802c0008"], 0x78}}, 0x0) getsockopt$netrom_NETROM_T4(0xffffffffffffffff, 0x103, 0x4, 0x0, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$sock_int(r9, 0x1, 0x3c, &(0x7f0000000080)=0x4, 0x4) 0s ago: executing program 4 (id=543): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000002c0)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) r3 = socket$unix(0x1, 0x5, 0x0) connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@gettfilter={0x24, 0x2e, 0x1, 0x70bd28, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0xfff2, 0xffe0}, {0x0, 0xfff1}, {0xfff2, 0x2}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000801}, 0x4041080) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.23' (ED25519) to the list of known hosts. [ 75.258418][ T5784] cgroup: Unknown subsys name 'net' [ 75.498976][ T5784] cgroup: Unknown subsys name 'cpuset' [ 75.555577][ T5784] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 77.141403][ T5784] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 79.281644][ T5116] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 79.293895][ T5116] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 79.302398][ T5116] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 79.303889][ T5116] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 79.323458][ T5116] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 79.405463][ T5116] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 79.409993][ T5116] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 79.411254][ T5116] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 79.440701][ T5806] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 79.442198][ T5806] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 79.448945][ T5806] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 79.449578][ T5806] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 79.450389][ T5806] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 79.450691][ T5806] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 79.452274][ T5806] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 79.480390][ T5806] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 79.494816][ T5806] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 79.495843][ T5806] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 79.511077][ T5810] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 79.511792][ T5810] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 79.512522][ T5810] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 79.536613][ T5810] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 79.544207][ T5810] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 79.545510][ T5810] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 79.546197][ T5810] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 80.269591][ T5803] chnl_net:caif_netlink_parms(): no params data found [ 80.300635][ T5796] chnl_net:caif_netlink_parms(): no params data found [ 80.327186][ T5800] chnl_net:caif_netlink_parms(): no params data found [ 80.465854][ T5801] chnl_net:caif_netlink_parms(): no params data found [ 80.515653][ T5811] chnl_net:caif_netlink_parms(): no params data found [ 80.669172][ T5803] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.670400][ T5803] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.670900][ T5803] bridge_slave_0: entered allmulticast mode [ 80.672393][ T5803] bridge_slave_0: entered promiscuous mode [ 80.721400][ T5796] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.721531][ T5796] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.721646][ T5796] bridge_slave_0: entered allmulticast mode [ 80.723022][ T5796] bridge_slave_0: entered promiscuous mode [ 80.724762][ T5803] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.724882][ T5803] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.725045][ T5803] bridge_slave_1: entered allmulticast mode [ 80.727669][ T5803] bridge_slave_1: entered promiscuous mode [ 80.753779][ T5800] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.753888][ T5800] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.754016][ T5800] bridge_slave_0: entered allmulticast mode [ 80.798380][ T5800] bridge_slave_0: entered promiscuous mode [ 80.824066][ T5796] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.824171][ T5796] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.824271][ T5796] bridge_slave_1: entered allmulticast mode [ 80.827629][ T5796] bridge_slave_1: entered promiscuous mode [ 80.848506][ T5800] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.848624][ T5800] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.848778][ T5800] bridge_slave_1: entered allmulticast mode [ 80.851548][ T5800] bridge_slave_1: entered promiscuous mode [ 80.936494][ T5803] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.949088][ T5801] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.949204][ T5801] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.949347][ T5801] bridge_slave_0: entered allmulticast mode [ 80.951637][ T5801] bridge_slave_0: entered promiscuous mode [ 80.990858][ T5803] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.004090][ T5796] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.004312][ T5801] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.006101][ T5801] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.006274][ T5801] bridge_slave_1: entered allmulticast mode [ 81.008642][ T5801] bridge_slave_1: entered promiscuous mode [ 81.015419][ T5800] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.016849][ T5811] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.016961][ T5811] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.017122][ T5811] bridge_slave_0: entered allmulticast mode [ 81.019548][ T5811] bridge_slave_0: entered promiscuous mode [ 81.068192][ T5800] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.068394][ T5811] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.068758][ T5811] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.068904][ T5811] bridge_slave_1: entered allmulticast mode [ 81.071239][ T5811] bridge_slave_1: entered promiscuous mode [ 81.077140][ T5796] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.150288][ T5803] team0: Port device team_slave_0 added [ 81.153485][ T5801] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.195789][ T5803] team0: Port device team_slave_1 added [ 81.397956][ T61] Bluetooth: hci0: command tx timeout [ 81.489667][ T5801] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.492212][ T5800] team0: Port device team_slave_0 added [ 81.496745][ T5811] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.500488][ T5796] team0: Port device team_slave_0 added [ 81.537055][ T5800] team0: Port device team_slave_1 added [ 81.539070][ T5811] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.541169][ T5796] team0: Port device team_slave_1 added [ 81.544726][ T61] Bluetooth: hci3: command tx timeout [ 81.544865][ T61] Bluetooth: hci1: command tx timeout [ 81.614312][ T5803] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.614323][ T5803] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 81.614337][ T5803] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.619973][ T5801] team0: Port device team_slave_0 added [ 81.625823][ T5810] Bluetooth: hci2: command tx timeout [ 81.625934][ T5810] Bluetooth: hci4: command tx timeout [ 81.639409][ T808] cfg80211: failed to load regulatory.db [ 81.722281][ T5803] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.722298][ T5803] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 81.722321][ T5803] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.769021][ T5801] team0: Port device team_slave_1 added [ 81.777063][ T5800] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.777079][ T5800] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 81.777102][ T5800] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.780954][ T5811] team0: Port device team_slave_0 added [ 81.787510][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.787524][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 81.787547][ T5796] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.856082][ T5800] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.856099][ T5800] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 81.856123][ T5800] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.862435][ T5811] team0: Port device team_slave_1 added [ 81.864744][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.864757][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 81.864781][ T5796] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 82.004141][ T5801] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 82.004154][ T5801] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 82.004168][ T5801] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 82.069914][ T5801] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 82.069930][ T5801] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 82.069954][ T5801] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 82.088391][ T5811] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 82.088408][ T5811] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 82.088431][ T5811] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 82.100273][ T5803] hsr_slave_0: entered promiscuous mode [ 82.101758][ T5803] hsr_slave_1: entered promiscuous mode [ 82.158969][ T5811] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 82.158986][ T5811] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 82.159011][ T5811] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 82.191103][ T5800] hsr_slave_0: entered promiscuous mode [ 82.192370][ T5800] hsr_slave_1: entered promiscuous mode [ 82.193702][ T5800] debugfs: 'hsr0' already exists in 'hsr' [ 82.193827][ T5800] Cannot create hsr debugfs directory [ 82.219526][ T5796] hsr_slave_0: entered promiscuous mode [ 82.220802][ T5796] hsr_slave_1: entered promiscuous mode [ 82.221663][ T5796] debugfs: 'hsr0' already exists in 'hsr' [ 82.221685][ T5796] Cannot create hsr debugfs directory [ 82.561013][ T5801] hsr_slave_0: entered promiscuous mode [ 82.562130][ T5801] hsr_slave_1: entered promiscuous mode [ 82.562828][ T5801] debugfs: 'hsr0' already exists in 'hsr' [ 82.562856][ T5801] Cannot create hsr debugfs directory [ 82.668524][ T5811] hsr_slave_0: entered promiscuous mode [ 82.669260][ T5811] hsr_slave_1: entered promiscuous mode [ 82.669750][ T5811] debugfs: 'hsr0' already exists in 'hsr' [ 82.669765][ T5811] Cannot create hsr debugfs directory [ 83.237770][ T5803] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 83.275278][ T5803] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 83.387814][ T5803] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 83.420967][ T5803] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 83.464808][ T61] Bluetooth: hci0: command tx timeout [ 83.531240][ T5796] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 83.581172][ T5796] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 83.601870][ T5796] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 83.634725][ T61] Bluetooth: hci1: command tx timeout [ 83.634759][ T61] Bluetooth: hci3: command tx timeout [ 83.662922][ T5796] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 83.705631][ T5810] Bluetooth: hci4: command tx timeout [ 83.705664][ T5810] Bluetooth: hci2: command tx timeout [ 83.793071][ T5801] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 83.832100][ T5801] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 83.862284][ T5801] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 83.906083][ T5801] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 84.032949][ T5811] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 84.077168][ T5811] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 84.111147][ T5811] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 84.168328][ T5811] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 84.296827][ T5800] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 84.332371][ T5803] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.333764][ T5800] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 84.375947][ T5800] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 84.415631][ T5800] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 84.502925][ T5803] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.540618][ T5796] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.554123][ T69] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.562757][ T69] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.608257][ T69] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.608367][ T69] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.649927][ T5796] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.688952][ T5801] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.696428][ T1213] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.696628][ T1213] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.729461][ T69] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.729716][ T69] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.781865][ T5801] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.805977][ T5811] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.819048][ T69] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.819251][ T69] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.870437][ T69] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.870573][ T69] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.943322][ T5811] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.981535][ T5800] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.001110][ T69] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.001311][ T69] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.059412][ T69] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.059510][ T69] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.149669][ T5800] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.194778][ T153] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.194901][ T153] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.257982][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.258448][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.318561][ T5803] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.526188][ T5796] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.545496][ T5810] Bluetooth: hci0: command tx timeout [ 85.657180][ T5803] veth0_vlan: entered promiscuous mode [ 85.682931][ T5801] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.705179][ T5810] Bluetooth: hci3: command tx timeout [ 85.705213][ T5810] Bluetooth: hci1: command tx timeout [ 85.739235][ T5803] veth1_vlan: entered promiscuous mode [ 85.785107][ T5810] Bluetooth: hci4: command tx timeout [ 85.796949][ T5810] Bluetooth: hci2: command tx timeout [ 85.833629][ T5796] veth0_vlan: entered promiscuous mode [ 85.879531][ T5796] veth1_vlan: entered promiscuous mode [ 85.899653][ T5811] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.950792][ T5803] veth0_macvtap: entered promiscuous mode [ 85.957025][ T5801] veth0_vlan: entered promiscuous mode [ 85.989679][ T5803] veth1_macvtap: entered promiscuous mode [ 85.999117][ T5800] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 86.019183][ T5801] veth1_vlan: entered promiscuous mode [ 86.076895][ T5796] veth0_macvtap: entered promiscuous mode [ 86.098756][ T5803] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.127075][ T5796] veth1_macvtap: entered promiscuous mode [ 86.138073][ T5803] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.193122][ T69] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.209873][ T69] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.212307][ T5801] veth0_macvtap: entered promiscuous mode [ 86.215198][ T69] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.223043][ T69] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.247992][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.249177][ T5801] veth1_macvtap: entered promiscuous mode [ 86.322072][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.381459][ T5800] veth0_vlan: entered promiscuous mode [ 86.419433][ T3234] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.442683][ T3234] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.454978][ T3234] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.474302][ T3234] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.480100][ T5801] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.554554][ T5800] veth1_vlan: entered promiscuous mode [ 86.575606][ T5801] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.656885][ T3234] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.656914][ T3234] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.665109][ T1213] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.741752][ T1213] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.756933][ T1213] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.775345][ T1213] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.813438][ T5811] veth0_vlan: entered promiscuous mode [ 86.862776][ T1213] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.862797][ T1213] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.945489][ T5811] veth1_vlan: entered promiscuous mode [ 87.009057][ T153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.009079][ T153] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.041796][ T5800] veth0_macvtap: entered promiscuous mode [ 87.074712][ T5800] veth1_macvtap: entered promiscuous mode [ 87.113995][ T153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.114014][ T153] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.240983][ T3831] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.241003][ T3831] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.248061][ T5800] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 87.327442][ T5800] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.357183][ T5811] veth0_macvtap: entered promiscuous mode [ 87.375931][ T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.375950][ T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.402465][ T5811] veth1_macvtap: entered promiscuous mode [ 87.411231][ T69] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.426299][ T69] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.428310][ T69] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.431731][ T69] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.579779][ T5811] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 87.608219][ T31] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 87.635055][ T5810] Bluetooth: hci0: command tx timeout [ 87.660117][ T5914] syz.0.1 uses obsolete (PF_INET,SOCK_PACKET) [ 87.703680][ T5811] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.755965][ T69] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.760554][ T69] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.763789][ T69] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.790559][ T5810] Bluetooth: hci1: command tx timeout [ 87.790573][ T61] Bluetooth: hci3: command tx timeout [ 87.812605][ T69] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.820148][ T31] usb 4-1: config 128 has an invalid interface number: 148 but max is 0 [ 87.820176][ T31] usb 4-1: config 128 has no interface number 0 [ 87.820222][ T31] usb 4-1: config 128 interface 148 altsetting 9 endpoint 0x7 has invalid wMaxPacketSize 0 [ 87.820245][ T31] usb 4-1: config 128 interface 148 altsetting 9 endpoint 0x5 has an invalid bInterval 129, changing to 11 [ 87.820272][ T31] usb 4-1: config 128 interface 148 has no altsetting 0 [ 87.827220][ T31] usb 4-1: New USB device found, idVendor=0cf3, idProduct=e019, bcdDevice=fb.4f [ 87.827248][ T31] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 87.827267][ T31] usb 4-1: Product: syz [ 87.827282][ T31] usb 4-1: Manufacturer: syz [ 87.827295][ T31] usb 4-1: SerialNumber: syz [ 87.864971][ T61] Bluetooth: hci2: command tx timeout [ 87.864999][ T61] Bluetooth: hci4: command tx timeout [ 93.833945][ T10] usb 4-1: USB disconnect, device number 2 [ 94.002359][ T43] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.002380][ T43] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.278985][ T3831] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.279007][ T3831] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.279243][ T3831] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.279256][ T3831] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.328646][ T10] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 94.584352][ T5939] input: syz1 as /devices/virtual/input/input5 [ 95.088456][ T10] usb 4-1: config 128 has an invalid interface number: 148 but max is 0 [ 95.088484][ T10] usb 4-1: config 128 has no interface number 0 [ 95.088527][ T10] usb 4-1: config 128 interface 148 altsetting 9 endpoint 0x7 has invalid wMaxPacketSize 0 [ 95.088550][ T10] usb 4-1: config 128 interface 148 altsetting 9 endpoint 0x5 has an invalid bInterval 129, changing to 11 [ 95.088576][ T10] usb 4-1: config 128 interface 148 has no altsetting 0 [ 95.092274][ T10] usb 4-1: New USB device found, idVendor=0cf3, idProduct=e019, bcdDevice=fb.4f [ 95.092299][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 95.092316][ T10] usb 4-1: Product: syz [ 95.092329][ T10] usb 4-1: Manufacturer: syz [ 95.092343][ T10] usb 4-1: SerialNumber: syz [ 95.395063][ T2182] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.395084][ T2182] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.662057][ T5948] faux_driver vgem: [drm] Unknown color mode 13; guessing buffer size. [ 95.751381][ T37] audit: type=1326 audit(1769379529.187:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5943 comm="syz.0.12" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f71b100acb9 code=0x0 [ 95.853486][ T5948] netlink: 24 bytes leftover after parsing attributes in process `syz.1.13'. [ 95.910178][ T5951] Zero length message leads to an empty skb [ 95.945354][ T5948] netlink: 48 bytes leftover after parsing attributes in process `syz.1.13'. [ 95.995343][ T10] usb 4-1: USB disconnect, device number 3 [ 96.345301][ T10] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 96.634655][ T10] usb 4-1: Using ep0 maxpacket: 8 [ 96.676588][ T10] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 96.676650][ T10] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 96.676672][ T10] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 96.676694][ T10] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 16 [ 96.676716][ T10] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 96.676755][ T10] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 96.676774][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 97.474734][ T10] usb 4-1: usb_control_msg returned -71 [ 97.474786][ T10] usbtmc 4-1:16.0: can't read capabilities [ 97.609294][ T10] usb 4-1: USB disconnect, device number 4 [ 97.735604][ T5871] IPVS: starting estimator thread 0... [ 97.738253][ T5973] IPVS: ip_vs_add_dest(): lower threshold is higher than upper threshold [ 97.738380][ T5973] IPVS: ip_vs_add_dest(): server weight less than zero [ 97.743529][ T5973] Bluetooth: MGMT ver 1.23 [ 97.837745][ T5974] IPVS: using max 8 ests per chain, 19200 per kthread [ 98.599217][ T5987] input: syz1 as /devices/virtual/input/input6 [ 99.630191][ T5998] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 99.784600][ T61] Bluetooth: hci0: command 0x0c1a tx timeout [ 99.838576][ T5810] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 101.269900][ T5985] netlink: 12 bytes leftover after parsing attributes in process `syz.4.22'. [ 102.313144][ T31] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 102.341220][ T6025] tipc: Started in network mode [ 102.341261][ T6025] tipc: Node identity 864dc189a93c, cluster identity 4711 [ 102.341996][ T6025] tipc: Enabled bearer , priority 0 [ 102.377891][ T6020] tipc: Resetting bearer [ 102.380347][ T6022] syzkaller0: entered promiscuous mode [ 102.380370][ T6022] syzkaller0: entered allmulticast mode [ 102.479467][ T31] usb 2-1: config 128 has an invalid interface number: 148 but max is 0 [ 102.479496][ T31] usb 2-1: config 128 has no interface number 0 [ 102.479539][ T31] usb 2-1: config 128 interface 148 altsetting 9 endpoint 0x7 has invalid wMaxPacketSize 0 [ 102.479562][ T31] usb 2-1: config 128 interface 148 altsetting 9 endpoint 0x5 has an invalid bInterval 129, changing to 11 [ 102.479587][ T31] usb 2-1: config 128 interface 148 has no altsetting 0 [ 102.546949][ T31] usb 2-1: New USB device found, idVendor=0cf3, idProduct=e019, bcdDevice=fb.4f [ 102.546981][ T31] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 102.547000][ T31] usb 2-1: Product: syz [ 102.547015][ T31] usb 2-1: Manufacturer: syz [ 102.547029][ T31] usb 2-1: SerialNumber: syz [ 103.425345][ T6039] input: syz1 as /devices/virtual/input/input7 [ 104.540699][ T6027] syzkaller0: entered promiscuous mode [ 104.543531][ T6027] syzkaller0: entered allmulticast mode [ 104.570572][ T808] tipc: Node number set to 795984265 [ 104.593337][ T31] usb 2-1: USB disconnect, device number 2 [ 105.620147][ T31] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 105.784739][ T31] usb 2-1: Using ep0 maxpacket: 8 [ 105.851300][ T6018] tipc: Resetting bearer [ 105.902795][ T31] usb 2-1: device descriptor read/all, error -71 [ 106.046461][ T6057] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 106.289308][ T6018] tipc: Disabling bearer [ 107.654686][ T6068] netlink: 24 bytes leftover after parsing attributes in process `syz.1.47'. [ 107.654715][ T6068] netlink: 48 bytes leftover after parsing attributes in process `syz.1.47'. [ 110.901809][ T6099] process 'syz.1.54' launched './file2' with NULL argv: empty string added [ 112.103539][ T6112] netlink: 12 bytes leftover after parsing attributes in process `syz.1.62'. [ 112.239994][ T6118] 9p: Bad value for 'rfdno' [ 114.138245][ T5954] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 114.287303][ T6134] netlink: 24 bytes leftover after parsing attributes in process `syz.1.69'. [ 114.287331][ T6134] netlink: 48 bytes leftover after parsing attributes in process `syz.1.69'. [ 114.293938][ T6134] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 114.304255][ T5954] usb 5-1: Using ep0 maxpacket: 32 [ 114.326790][ T5954] usb 5-1: config 1 interface 0 altsetting 244 endpoint 0x81 has an invalid bInterval 128, changing to 11 [ 114.326826][ T5954] usb 5-1: config 1 interface 0 has no altsetting 0 [ 114.353343][ T5954] usb 5-1: New USB device found, idVendor=056e, idProduct=00e6, bcdDevice= 0.40 [ 114.353373][ T5954] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 114.353394][ T5954] usb 5-1: Product: ሑ캶タ胋鎩횬졟﮷늈䞬⟘慷턭㟦㠻⡌恋虛嶿蛵奒Ⱔꏧꄵ踚櫟淵ᘊ薀๭膀媼墂븹ꞹ떳角䗟⻥◚伓爾⡒ኊ餴祝烃볤葷▬未息켔➃캑ͳ蟭勵햗婅妡ᾴ杜吼袂Ɡt﹣柀훿섩搸볞誤꠨ [ 114.353421][ T5954] usb 5-1: Manufacturer: ᐋ贫볐ᷮ齀꿔킊 [ 114.353437][ T5954] usb 5-1: SerialNumber: syz [ 114.675978][ T5954] usbhid 5-1:1.0: can't add hid device: -71 [ 114.676102][ T5954] usbhid 5-1:1.0: probe with driver usbhid failed with error -71 [ 114.699564][ T5954] usb 5-1: USB disconnect, device number 2 [ 116.420512][ T6187] syz.3.92 (6187) used greatest stack depth: 17136 bytes left [ 119.301601][ T6250] netlink: 12 bytes leftover after parsing attributes in process `syz.4.116'. [ 121.784787][ T5871] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 121.946159][ T5871] usb 4-1: Using ep0 maxpacket: 32 [ 121.951899][ T5871] usb 4-1: config 1 interface 0 altsetting 244 endpoint 0x81 has an invalid bInterval 128, changing to 11 [ 121.951936][ T5871] usb 4-1: config 1 interface 0 has no altsetting 0 [ 121.960904][ T5871] usb 4-1: New USB device found, idVendor=056e, idProduct=00e6, bcdDevice= 0.40 [ 121.960933][ T5871] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 121.960953][ T5871] usb 4-1: Product: ሑ캶タ胋鎩횬졟﮷늈䞬⟘慷턭㟦㠻⡌恋虛嶿蛵奒Ⱔꏧꄵ踚櫟淵ᘊ薀๭膀媼墂븹ꞹ떳角䗟⻥◚伓爾⡒ኊ餴祝烃볤葷▬未息켔➃캑ͳ蟭勵햗婅妡ᾴ杜吼袂Ɡt﹣柀훿섩搸볞誤꠨ [ 121.960980][ T5871] usb 4-1: Manufacturer: ᐋ贫볐ᷮ齀꿔킊 [ 121.960995][ T5871] usb 4-1: SerialNumber: syz [ 122.320793][ T5871] usbhid 4-1:1.0: can't add hid device: -71 [ 122.320922][ T5871] usbhid 4-1:1.0: probe with driver usbhid failed with error -71 [ 122.365146][ T5871] usb 4-1: USB disconnect, device number 5 [ 123.504684][ T996] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 123.882368][ T996] usb 4-1: config 128 has an invalid interface number: 148 but max is 0 [ 123.882397][ T996] usb 4-1: config 128 has no interface number 0 [ 123.882444][ T996] usb 4-1: config 128 interface 148 altsetting 9 endpoint 0x7 has invalid wMaxPacketSize 0 [ 123.882468][ T996] usb 4-1: config 128 interface 148 altsetting 9 endpoint 0x5 has an invalid bInterval 129, changing to 11 [ 123.882494][ T996] usb 4-1: config 128 interface 148 has no altsetting 0 [ 123.887021][ T996] usb 4-1: New USB device found, idVendor=0cf3, idProduct=e019, bcdDevice=fb.4f [ 123.887051][ T996] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 123.887071][ T996] usb 4-1: Product: syz [ 123.887085][ T996] usb 4-1: Manufacturer: syz [ 123.887099][ T996] usb 4-1: SerialNumber: syz [ 124.146585][ T996] usb 4-1: USB disconnect, device number 6 [ 124.743762][ T6332] ieee802154 phy0 wpan0: encryption failed: -22 [ 124.784634][ T996] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 124.935038][ T996] usb 4-1: Using ep0 maxpacket: 8 [ 124.937249][ T996] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 124.937302][ T996] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 124.937323][ T996] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 124.937346][ T996] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 16 [ 124.937368][ T996] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 124.937407][ T996] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 124.937430][ T996] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 125.556017][ T10] usb 4-1: USB disconnect, device number 7 [ 126.490136][ T6368] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 132.838417][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.838489][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.065312][ T6468] macvtap1: entered promiscuous mode [ 133.065534][ T6468] macvtap1: entered allmulticast mode [ 133.065549][ T6468] veth1_vlan: entered allmulticast mode [ 133.527289][ T5810] Bluetooth: hci4: link tx timeout [ 133.527766][ T5810] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 134.055890][ T6504] macvtap1: entered promiscuous mode [ 134.056093][ T6504] macvtap1: entered allmulticast mode [ 134.056107][ T6504] veth1_vlan: entered allmulticast mode [ 137.295505][ T5810] Bluetooth: hci4: command 0x0406 tx timeout [ 138.375416][ T6541] syz.2.233 (6541) used greatest stack depth: 17056 bytes left [ 141.677306][ T6597] warning: `syz.0.256' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 142.604641][ T9] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 142.776813][ T9] usb 2-1: config 128 has an invalid interface number: 148 but max is 0 [ 142.776842][ T9] usb 2-1: config 128 has no interface number 0 [ 142.776888][ T9] usb 2-1: config 128 interface 148 altsetting 9 endpoint 0x7 has invalid wMaxPacketSize 0 [ 142.776912][ T9] usb 2-1: config 128 interface 148 altsetting 9 endpoint 0x5 has an invalid bInterval 129, changing to 11 [ 142.776939][ T9] usb 2-1: config 128 interface 148 has no altsetting 0 [ 142.781570][ T9] usb 2-1: New USB device found, idVendor=0cf3, idProduct=e019, bcdDevice=fb.4f [ 142.781600][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 142.781619][ T9] usb 2-1: Product: syz [ 142.781633][ T9] usb 2-1: Manufacturer: syz [ 142.781646][ T9] usb 2-1: SerialNumber: syz [ 143.384070][ T9] usb 2-1: USB disconnect, device number 5 [ 145.475093][ T9] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 145.629793][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 145.644965][ T9] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 145.645043][ T9] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 145.645067][ T9] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 145.645092][ T9] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 16 [ 145.645116][ T9] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 145.645159][ T9] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 145.645182][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 146.180589][ T5936] usb 2-1: USB disconnect, device number 6 [ 149.964521][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 149.964735][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 149.965782][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 149.966827][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 149.967874][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 149.968920][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 149.969971][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 149.971013][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 149.972058][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 149.973105][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 150.794702][ T5936] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 151.025671][ T5936] usb 2-1: config 128 has an invalid interface number: 148 but max is 0 [ 151.025700][ T5936] usb 2-1: config 128 has no interface number 0 [ 151.025766][ T5936] usb 2-1: config 128 interface 148 altsetting 9 endpoint 0x7 has invalid wMaxPacketSize 0 [ 151.025790][ T5936] usb 2-1: config 128 interface 148 altsetting 9 endpoint 0x5 has an invalid bInterval 129, changing to 11 [ 151.025818][ T5936] usb 2-1: config 128 interface 148 has no altsetting 0 [ 151.028344][ T5936] usb 2-1: New USB device found, idVendor=0cf3, idProduct=e019, bcdDevice=fb.4f [ 151.028372][ T5936] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 151.028391][ T5936] usb 2-1: Product: syz [ 151.028404][ T5936] usb 2-1: Manufacturer: syz [ 151.028419][ T5936] usb 2-1: SerialNumber: syz [ 151.313771][ T5936] usb 2-1: USB disconnect, device number 7 [ 151.814625][ T5936] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 152.304642][ T5936] usb 2-1: Using ep0 maxpacket: 8 [ 152.307972][ T5936] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 152.308031][ T5936] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 152.308054][ T5936] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 152.308078][ T5936] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 16 [ 152.308101][ T5936] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 152.308140][ T5936] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 152.308163][ T5936] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 152.830130][ T5871] usb 2-1: USB disconnect, device number 8 [ 153.422870][ T6786] tipc: Started in network mode [ 153.422901][ T6786] tipc: Node identity cee4cbaacf24, cluster identity 4711 [ 153.423095][ T6786] tipc: Enabled bearer , priority 0 [ 153.424105][ T6786] syzkaller0: entered promiscuous mode [ 153.424127][ T6786] syzkaller0: entered allmulticast mode [ 153.488279][ T6786] tipc: Resetting bearer [ 153.788338][ T6785] tipc: Resetting bearer [ 153.935823][ T6785] tipc: Disabling bearer [ 154.021229][ T6805] netlink: 8 bytes leftover after parsing attributes in process `syz.2.336'. [ 157.891091][ T6876] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 157.907561][ T6876] netlink: 8 bytes leftover after parsing attributes in process `syz.2.368'. [ 158.973359][ T6913] netlink: 4 bytes leftover after parsing attributes in process `syz.4.379'. [ 158.988792][ T6911] macvtap2: entered promiscuous mode [ 158.988809][ T6911] macvtap2: entered allmulticast mode [ 159.200519][ T6916] netlink: 12 bytes leftover after parsing attributes in process `syz.2.380'. [ 160.549358][ T6948] netlink: 12 bytes leftover after parsing attributes in process `syz.1.393'. [ 162.400958][ T6982] netlink: 12 bytes leftover after parsing attributes in process `syz.1.406'. [ 163.929222][ T7009] tipc: Enabled bearer , priority 0 [ 163.934234][ T7009] syzkaller0: entered promiscuous mode [ 163.934262][ T7009] syzkaller0: entered allmulticast mode [ 163.980978][ T7008] tipc: Resetting bearer [ 164.286929][ T7008] tipc: Disabling bearer [ 166.014616][ T996] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 166.108576][ T7039] netlink: 12 bytes leftover after parsing attributes in process `syz.3.428'. [ 166.178290][ T996] usb 2-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad [ 166.178321][ T996] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.184065][ T996] usb 2-1: config 0 descriptor?? [ 166.215658][ T7040] netlink: 8 bytes leftover after parsing attributes in process `syz.3.428'. [ 166.215694][ T7040] netlink: 8 bytes leftover after parsing attributes in process `syz.3.428'. [ 166.217097][ T996] gspca_main: spca508-2.14.0 probing 8086:0110 [ 166.398184][ T996] gspca_spca508: reg_read err -32 [ 166.794630][ T996] gspca_spca508: reg_read err -32 [ 167.309122][ T996] gspca_spca508: reg_read err -110 [ 167.309556][ T996] gspca_spca508: reg_read err -32 [ 167.309973][ T996] gspca_spca508: reg_read err -32 [ 167.310374][ T996] gspca_spca508: reg write: error -32 [ 167.310467][ T996] spca508 2-1:0.0: probe with driver spca508 failed with error -32 [ 167.359298][ T996] usb 2-1: USB disconnect, device number 9 [ 168.111610][ T7062] netlink: 4 bytes leftover after parsing attributes in process `syz.2.436'. [ 169.296778][ T5954] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 169.677741][ T5954] usb 2-1: too many configurations: 203, using maximum allowed: 8 [ 169.706073][ T5954] usb 2-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 169.706105][ T5954] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 169.706125][ T5954] usb 2-1: Product: syz [ 169.706140][ T5954] usb 2-1: Manufacturer: syz [ 169.706155][ T5954] usb 2-1: SerialNumber: syz [ 169.796822][ T7076] netlink: 8 bytes leftover after parsing attributes in process `syz.3.440'. [ 170.470942][ T7087] ieee802154 phy0 wpan0: encryption failed: -22 [ 171.326156][ T5954] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPROTO [ 171.326230][ T5954] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): lan78xx_setup_irq_domain() failed : -71 [ 171.326251][ T5954] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 171.528171][ T5954] lan78xx 2-1:1.0: probe with driver lan78xx failed with error -71 [ 174.495854][ T5954] usb 2-1: USB disconnect, device number 10 [ 176.589042][ T7124] macvtap2: entered promiscuous mode [ 176.589069][ T7124] macvtap2: entered allmulticast mode [ 178.008986][ T7148] netlink: 196 bytes leftover after parsing attributes in process `syz.0.467'. [ 180.309250][ T7185] macvtap1: entered promiscuous mode [ 180.309475][ T7185] macvtap1: entered allmulticast mode [ 180.309490][ T7185] veth1_vlan: entered allmulticast mode [ 181.057557][ T7202] netlink: 12 bytes leftover after parsing attributes in process `syz.3.485'. [ 181.557710][ T7205] netlink: 8 bytes leftover after parsing attributes in process `syz.3.485'. [ 181.557735][ T7205] netlink: 8 bytes leftover after parsing attributes in process `syz.3.485'. [ 182.055743][ T7217] netlink: 24 bytes leftover after parsing attributes in process `syz.4.491'. [ 182.102535][ T7217] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 182.668424][ T7225] macvtap2: entered promiscuous mode [ 182.668452][ T7225] macvtap2: entered allmulticast mode [ 183.391568][ T7236] ieee802154 phy0 wpan0: encryption failed: -22 [ 183.866695][ T7251] syzkaller0: entered promiscuous mode [ 183.866720][ T7251] syzkaller0: entered allmulticast mode [ 183.971802][ T7256] netlink: 8 bytes leftover after parsing attributes in process `syz.0.507'. [ 184.254355][ T7256] bond0: entered promiscuous mode [ 184.254372][ T7256] bond_slave_0: entered promiscuous mode [ 184.265240][ T7256] bond_slave_1: entered promiscuous mode [ 184.267341][ T7256] gretap0: entered promiscuous mode [ 184.268759][ T7256] hsr1: entered promiscuous mode [ 184.362565][ T7258] macvtap2: entered promiscuous mode [ 184.362591][ T7258] macvtap2: entered allmulticast mode [ 184.411728][ T7268] netlink: 8 bytes leftover after parsing attributes in process `syz.0.511'. [ 185.012682][ T7278] ieee802154 phy0 wpan0: encryption failed: -22 [ 186.251495][ T7296] macvtap2: entered promiscuous mode [ 186.251521][ T7296] macvtap2: entered allmulticast mode [ 186.596122][ T7310] netlink: 12 bytes leftover after parsing attributes in process `syz.4.524'. [ 186.621464][ T7308] netlink: 8 bytes leftover after parsing attributes in process `syz.4.524'. [ 186.621490][ T7308] netlink: 8 bytes leftover after parsing attributes in process `syz.4.524'. [ 188.492317][ T7344] macvtap2: entered promiscuous mode [ 188.492344][ T7344] macvtap2: entered allmulticast mode [ 192.170875][ T5805] ------------[ cut here ]------------ [ 192.170890][ T5805] faux_driver vkms: [drm] vblank wait timed out on crtc 0 [ 192.170913][ T5805] WARNING: drivers/gpu/drm/drm_vblank.c:1318 at drm_wait_one_vblank+0x3b5/0x5d0, CPU#0: kworker/0:4/5805 [ 192.170958][ T5805] Modules linked in: [ 192.170992][ T5805] CPU: 0 UID: 0 PID: 5805 Comm: kworker/0:4 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 192.171017][ T5805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 192.171030][ T5805] Workqueue: events drm_fb_helper_damage_work [ 192.171055][ T5805] RIP: 0010:drm_wait_one_vblank+0x5a2/0x5d0 [ 192.171076][ T5805] Code: 03 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ef e8 4f 93 e9 fc 4d 8b 7d 00 48 89 df 4c 89 e6 4c 89 fa 8b 4c 24 04 <67> 48 0f b9 3a e9 e3 fc ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 0f [ 192.171093][ T5805] RSP: 0018:ffffc90004dc7860 EFLAGS: 00010246 [ 192.171109][ T5805] RAX: 1ffff110283e2000 RBX: ffffffff8f322e30 RCX: 0000000000000000 [ 192.171124][ T5805] RDX: ffffffff8b7eace0 RSI: ffffffff8b806a40 RDI: ffffffff8f322e30 [ 192.171147][ T5805] RBP: ffffc90004dc7948 R08: 0000000000000000 R09: 0000000000000000 [ 192.171160][ T5805] R10: dffffc0000000000 R11: fffffbfff1e4f72f R12: ffffffff8b806a40 [ 192.171174][ T5805] R13: ffff888141f10000 R14: 1ffff920009b8f10 R15: ffffffff8b7eace0 [ 192.171189][ T5805] FS: 0000000000000000(0000) GS:ffff8881267fa000(0000) knlGS:0000000000000000 [ 192.171205][ T5805] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 192.171219][ T5805] CR2: 0000200001000000 CR3: 000000003c4a0000 CR4: 00000000003526f0 [ 192.171235][ T5805] Call Trace: [ 192.171244][ T5805] [ 192.171262][ T5805] ? __pfx_drm_wait_one_vblank+0x10/0x10 [ 192.171281][ T5805] ? rt_spin_unlock+0x14f/0x200 [ 192.171303][ T5805] ? __pfx_autoremove_wake_function+0x10/0x10 [ 192.171337][ T5805] ? rt_spin_unlock+0x160/0x200 [ 192.171361][ T5805] ? drm_vblank_get+0x147/0x260 [ 192.171383][ T5805] drm_client_modeset_wait_for_vblank+0xc5/0xf0 [ 192.171413][ T5805] drm_fb_helper_damage_work+0x131/0x6f0 [ 192.171437][ T5805] ? process_scheduled_works+0xa0f/0x17a0 [ 192.171465][ T5805] ? __pfx_drm_fb_helper_damage_work+0x10/0x10 [ 192.171491][ T5805] ? process_scheduled_works+0xa0f/0x17a0 [ 192.171513][ T5805] ? process_scheduled_works+0xa0f/0x17a0 [ 192.171537][ T5805] process_scheduled_works+0xaec/0x17a0 [ 192.171617][ T5805] ? __pfx_process_scheduled_works+0x10/0x10 [ 192.171638][ T5805] ? do_raw_spin_lock+0x12b/0x2f0 [ 192.171669][ T5805] ? assign_work+0x3d3/0x440 [ 192.171697][ T5805] worker_thread+0x89f/0xd90 [ 192.171734][ T5805] ? __kthread_parkme+0x7a/0x1f0 [ 192.171768][ T5805] kthread+0x726/0x8b0 [ 192.171797][ T5805] ? __pfx_worker_thread+0x10/0x10 [ 192.171819][ T5805] ? __pfx_kthread+0x10/0x10 [ 192.171842][ T5805] ? rt_spin_unlock+0x14f/0x200 [ 192.171868][ T5805] ? rt_spin_unlock+0x160/0x200 [ 192.171887][ T5805] ? __pfx_kthread+0x10/0x10 [ 192.171915][ T5805] ret_from_fork+0x51b/0xa40 [ 192.171941][ T5805] ? __pfx_ret_from_fork+0x10/0x10 [ 192.171961][ T5805] ? __switch_to+0xc82/0x1410 [ 192.171985][ T5805] ? __pfx_kthread+0x10/0x10 [ 192.172013][ T5805] ret_from_fork_asm+0x1a/0x30 [ 192.172058][ T5805] [ 192.172068][ T5805] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 192.172082][ T5805] CPU: 0 UID: 0 PID: 5805 Comm: kworker/0:4 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 192.172103][ T5805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 192.172115][ T5805] Workqueue: events drm_fb_helper_damage_work [ 192.172135][ T5805] Call Trace: [ 192.172143][ T5805] [ 192.172151][ T5805] vpanic+0x1e0/0x670 [ 192.172181][ T5805] panic+0xc5/0xd0 [ 192.172205][ T5805] ? __pfx_panic+0x10/0x10 [ 192.172241][ T5805] ? ret_from_fork_asm+0x1a/0x30 [ 192.172273][ T5805] __warn+0x315/0x4a0 [ 192.172296][ T5805] ? drm_wait_one_vblank+0x3b5/0x5d0 [ 192.172367][ T5805] ? drm_wait_one_vblank+0x3b5/0x5d0 [ 192.172388][ T5805] __report_bug+0x29a/0x540 [ 192.172420][ T5805] ? drm_wait_one_vblank+0x3b5/0x5d0 [ 192.172440][ T5805] ? __pfx___report_bug+0x10/0x10 [ 192.172486][ T5805] report_bug_entry+0x19a/0x290 [ 192.172511][ T5805] ? drm_wait_one_vblank+0x5a2/0x5d0 [ 192.172529][ T5805] ? drm_wait_one_vblank+0x5a7/0x5d0 [ 192.172548][ T5805] handle_bug+0xca/0x200 [ 192.172567][ T5805] exc_invalid_op+0x1a/0x50 [ 192.172586][ T5805] asm_exc_invalid_op+0x1a/0x20 [ 192.172605][ T5805] RIP: 0010:drm_wait_one_vblank+0x5a2/0x5d0 [ 192.172625][ T5805] Code: 03 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ef e8 4f 93 e9 fc 4d 8b 7d 00 48 89 df 4c 89 e6 4c 89 fa 8b 4c 24 04 <67> 48 0f b9 3a e9 e3 fc ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 0f [ 192.172640][ T5805] RSP: 0018:ffffc90004dc7860 EFLAGS: 00010246 [ 192.172657][ T5805] RAX: 1ffff110283e2000 RBX: ffffffff8f322e30 RCX: 0000000000000000 [ 192.172671][ T5805] RDX: ffffffff8b7eace0 RSI: ffffffff8b806a40 RDI: ffffffff8f322e30 [ 192.172690][ T5805] RBP: ffffc90004dc7948 R08: 0000000000000000 R09: 0000000000000000 [ 192.172710][ T5805] R10: dffffc0000000000 R11: fffffbfff1e4f72f R12: ffffffff8b806a40 [ 192.172725][ T5805] R13: ffff888141f10000 R14: 1ffff920009b8f10 R15: ffffffff8b7eace0 [ 192.172763][ T5805] ? __pfx_drm_wait_one_vblank+0x10/0x10 [ 192.172781][ T5805] ? rt_spin_unlock+0x14f/0x200 [ 192.172802][ T5805] ? __pfx_autoremove_wake_function+0x10/0x10 [ 192.172829][ T5805] ? rt_spin_unlock+0x160/0x200 [ 192.172853][ T5805] ? drm_vblank_get+0x147/0x260 [ 192.172875][ T5805] drm_client_modeset_wait_for_vblank+0xc5/0xf0 [ 192.172904][ T5805] drm_fb_helper_damage_work+0x131/0x6f0 [ 192.172928][ T5805] ? process_scheduled_works+0xa0f/0x17a0 [ 192.172956][ T5805] ? __pfx_drm_fb_helper_damage_work+0x10/0x10 [ 192.172982][ T5805] ? process_scheduled_works+0xa0f/0x17a0 [ 192.173003][ T5805] ? process_scheduled_works+0xa0f/0x17a0 [ 192.173027][ T5805] process_scheduled_works+0xaec/0x17a0 [ 192.173080][ T5805] ? __pfx_process_scheduled_works+0x10/0x10 [ 192.173100][ T5805] ? do_raw_spin_lock+0x12b/0x2f0 [ 192.173129][ T5805] ? assign_work+0x3d3/0x440 [ 192.173163][ T5805] worker_thread+0x89f/0xd90 [ 192.173199][ T5805] ? __kthread_parkme+0x7a/0x1f0 [ 192.173233][ T5805] kthread+0x726/0x8b0 [ 192.173263][ T5805] ? __pfx_worker_thread+0x10/0x10 [ 192.173286][ T5805] ? __pfx_kthread+0x10/0x10 [ 192.173309][ T5805] ? rt_spin_unlock+0x14f/0x200 [ 192.173342][ T5805] ? rt_spin_unlock+0x160/0x200 [ 192.173361][ T5805] ? __pfx_kthread+0x10/0x10 [ 192.173388][ T5805] ret_from_fork+0x51b/0xa40 [ 192.173413][ T5805] ? __pfx_ret_from_fork+0x10/0x10 [ 192.173433][ T5805] ? __switch_to+0xc82/0x1410 [ 192.173457][ T5805] ? __pfx_kthread+0x10/0x10 [ 192.173485][ T5805] ret_from_fork_asm+0x1a/0x30 [ 192.173529][ T5805] [ 192.173868][ T5805] Kernel Offset: disabled