last executing test programs: 54.124258025s ago: executing program 2 (id=25): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000080)='netlink_extack\x00', r0}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="2400000018000100000000000000000002"], 0x24}}, 0x0) 53.784523134s ago: executing program 2 (id=26): syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120100005ceda240d80408fdb34c01020301090224000100"], 0x0) socket$rds(0x15, 0x5, 0x0) socket(0x10, 0x803, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = io_uring_setup(0x4159, &(0x7f0000000300)={0x0, 0x6952, 0x4000, 0x0, 0x299}) r3 = socket$inet6(0xa, 0x5, 0x0) listen(r3, 0x50) socket$inet6(0xa, 0x5, 0x0) r4 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x276f, 0x3010, 0x0, 0x0, 0x0, r2}, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f0000000240)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) unshare(0x22020400) io_uring_enter(r4, 0x47ba, 0x3e80, 0x0, 0x0, 0x0) 44.213409585s ago: executing program 2 (id=42): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x15) remap_file_pages(&(0x7f000051c000/0x400000)=nil, 0x400d00, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFCONF(r0, 0x8912, 0x0) 42.671277763s ago: executing program 2 (id=49): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000040)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000080)='netlink_extack\x00', r0}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="2400000018000100000000000000000002"], 0x24}}, 0x0) 42.551823075s ago: executing program 0 (id=50): r0 = socket(0x2, 0x80805, 0x0) setsockopt$inet_sctp_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000180)={0x98, 0x20, 0x8d, 0xd, 0x0, 0x2, 0x0, 0x7, 0x4, 0x0, 0x0, 0x2, 0x4}, 0xe) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x39}}, 0x10) recvfrom(r0, 0x0, 0x0, 0x40000001, 0x0, 0x0) 41.950872063s ago: executing program 2 (id=54): r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r1 = fcntl$dupfd(r0, 0x0, r0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x26, &(0x7f0000000040)={0x0, 0x0, 0x47f2, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r2, 0x1, &(0x7f0000000040)={{0x0, 0x989680}, {0x77359400}}, 0x0) read$FUSE(r1, 0x0, 0x0) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000180)=ANY=[], 0x32) 41.845641915s ago: executing program 0 (id=55): syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) syz_init_net_socket$ax25(0x3, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) writev(0xffffffffffffffff, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x80, 0x0) clock_nanosleep(0xb, 0x0, &(0x7f0000000000)={0x77359400}, 0xfffffffffffffffe) r0 = syz_open_dev$dri(0x0, 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000440)={0x3, 0x6572, 0x1ff}) prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x24004045) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, 0x0, 0x0) 40.601583893s ago: executing program 2 (id=58): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) socket$kcm(0x2, 0x200000000000001, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) getsockopt$llc_int(r0, 0x10c, 0x7, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) syz_genetlink_get_family_id$tipc2(0x0, r1) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) ioctl$HCIINQUIRY(0xffffffffffffffff, 0x400448ca, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r3, 0xc008561c, &(0x7f0000000100)={0xf0f002, 0x2}) writev(0xffffffffffffffff, &(0x7f0000000240)=[{0x0}], 0x1) 40.35404993s ago: executing program 0 (id=59): r0 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000002c0)={'vxcan1\x00', 0x0}) bind$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1, 0x8000000000000003, {}, 0xfd}, 0x18) sendmmsg$sock(r0, 0x0, 0x0, 0x4000000) 39.787181292s ago: executing program 0 (id=61): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x1100, 0x1}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340), 0x0, 0x0, 0x0}) dup3(r1, r0, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x11, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000001c0)) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f00000004c0)="e0"}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000480)={0x4c, 0x0, &(0x7f0000000200)=[@acquire, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) read$FUSE(r3, &(0x7f0000006380)={0x2020}, 0x2020) 38.381313001s ago: executing program 0 (id=65): r0 = syz_usb_connect(0x5, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="120100000cb768405e0483020b9901e4020109021b000100000000090400fb015c291d00090509"], 0x0) r1 = syz_open_procfs(0x0, 0x0) ioctl$USBDEVFS_GETDRIVER(r1, 0x41045508, &(0x7f00000000c0)={0x8, "02efbc05db8c38c55b1003b9e47d10dd69f749ff968af56423271896128cbf7ad787df18532b59ebd3d7dec357f96d0a00c5cda5228b4af81c6798125dfb749574aa575fc2b897bfb4e644b4dcea00c5467632abd7474b93c51f34b8ff06c9634c71d87c9bee428b510668962f66b4d79bc338f633ce232da4aa30de1a8406d9bc92a26cf82502fc1fe20c7ca3d183b837ce8b2803f4d60812b4111c61333d26c9b5b718a864ba3237dceaf3373223bc07bfa4a52e33394a426c2b21e9cc7c7408460ddd8ef92456c7904f7003546e6690350fbb9982f1df476009e68f8e05e6d2db7d8c0da525a39eb14d3e4044541428ea8497edcded306445fcab2fe6fcf4"}) syz_open_dev$sndpcmp(&(0x7f0000000000), 0x3, 0x183a00) syz_usb_disconnect(r0) r2 = fsopen(&(0x7f00000003c0)='tracefs\x00', 0x1) close_range(r2, 0xffffffffffffffff, 0x0) 36.370637217s ago: executing program 0 (id=68): socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) fcntl$lock(0xffffffffffffffff, 0x26, &(0x7f0000000000)) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r0}, 0x18) fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f00000000c0)={0x1, 0x0, 0x80, 0xffffffffffffffff}) setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2e, &(0x7f00000006c0)={0x7f, {{0x2, 0x4e23, @empty}}, {{0x2, 0x4e24, @broadcast}}}, 0x108) bind$rose(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_setup(0x49a, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000000300)=""/102392, 0x18ff8) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x7, 0x0, 0x0, 0x0, 0x2}, {}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@rand_addr=' \x01\x00', 0x2, 0x32}, 0xa, @in6=@private1, 0x0, 0x4}]}]}, 0xfc}}, 0x0) connect$inet(r2, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$inet(r2, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf1c) 24.422468756s ago: executing program 32 (id=58): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) socket$kcm(0x2, 0x200000000000001, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) getsockopt$llc_int(r0, 0x10c, 0x7, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) syz_genetlink_get_family_id$tipc2(0x0, r1) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) ioctl$HCIINQUIRY(0xffffffffffffffff, 0x400448ca, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r3, 0xc008561c, &(0x7f0000000100)={0xf0f002, 0x2}) writev(0xffffffffffffffff, &(0x7f0000000240)=[{0x0}], 0x1) 20.436320876s ago: executing program 33 (id=68): socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) fcntl$lock(0xffffffffffffffff, 0x26, &(0x7f0000000000)) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r0}, 0x18) fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f00000000c0)={0x1, 0x0, 0x80, 0xffffffffffffffff}) setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2e, &(0x7f00000006c0)={0x7f, {{0x2, 0x4e23, @empty}}, {{0x2, 0x4e24, @broadcast}}}, 0x108) bind$rose(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_setup(0x49a, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000000300)=""/102392, 0x18ff8) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x7, 0x0, 0x0, 0x0, 0x2}, {}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@rand_addr=' \x01\x00', 0x2, 0x32}, 0xa, @in6=@private1, 0x0, 0x4}]}]}, 0xfc}}, 0x0) connect$inet(r2, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$inet(r2, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf1c) 15.922638454s ago: executing program 1 (id=91): gettid() timer_create(0x0, 0x0, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000840), 0x40000, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000180)=0xd) readv(r0, &(0x7f0000000100)=[{&(0x7f0000000200)=""/255, 0xff}], 0x1) 14.636980276s ago: executing program 1 (id=95): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/locks\x00', 0x0, 0x0) read$FUSE(r0, &(0x7f00000042c0)={0x2020}, 0x2020) 14.104042348s ago: executing program 1 (id=97): socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x2e, &(0x7f0000000000)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @random="e43f6642531e", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0xe000, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x1, 0x1, 0x10, 0x0, @void}}}}}}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x20000000000000ba, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x40, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfd71}, 0x94) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x2000, &(0x7f0000000000)='%', 0x0, 0xd01, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 12.541679429s ago: executing program 1 (id=101): socket$inet6_tcp(0xa, 0x1, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x240, 0x0) r0 = socket(0x10, 0x80003, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ptrace$ARCH_MAP_VDSO_64(0x1e, r1, 0x8, 0x2003) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) write(r0, &(0x7f0000000000)="240000001a005f0214f9f407000904000a000000fe0000000000000008000f00fd000000", 0x85) 8.061523039s ago: executing program 3 (id=108): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) vmsplice(r0, &(0x7f0000000480)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {&(0x7f00000004c0)="f70d20f86f8877ac67c76caaae15d8a2", 0x10}], 0x6, 0x8) 7.238646054s ago: executing program 3 (id=110): r0 = fsopen(&(0x7f0000000080)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) socketpair(0x8000000000001e, 0x1, 0x0, 0x0) r1 = syz_open_dev$cec(&(0x7f0000000400), 0x0, 0x80200) openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) add_key(0x0, 0x0, &(0x7f0000000240)="df", 0x1, 0x0) open(&(0x7f0000000780)='./bus\x00', 0x14507e, 0x0) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8010}, 0x4000800) r3 = syz_open_dev$tty1(0xc, 0x4, 0x2) ioctl$TIOCL_PASTESEL(r3, 0x541c, &(0x7f0000000000)) ioctl$CEC_TRANSMIT(r1, 0xc0386105, &(0x7f0000000d40)={0x10000000000000, 0x60b, 0x23, 0xc6c1, 0x5, 0x20000003, "57c1169b6664ea61326ac71ae7213059", 0x0, 0xee, 0x7, 0xbd, 0x6, 0x7, 0xff}) socket$unix(0x1, 0x1, 0x0) socket$kcm(0x11, 0x3, 0x0) fsmount(r0, 0x0, 0x18) 6.722185224s ago: executing program 4 (id=111): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x1100, 0x1}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) dup3(r1, r0, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x11, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f00000004c0)="e0"}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000480)={0x4c, 0x0, &(0x7f0000000200)=[@acquire, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) read$FUSE(r3, &(0x7f0000006380)={0x2020}, 0x2020) 5.343342116s ago: executing program 3 (id=112): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000380)='kfree\x00', 0xffffffffffffffff, 0x0, 0x4804}, 0x18) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a70000000090a010400000000000000000a0000040900020073797a310000000008000a40fffffffc0900010073797a3100000000080005400000000d2c00128014000180090001006c6173740000000004000280140001800c000100636f756e746572000400028008000340000001"], 0x98}, 0x1, 0x0, 0x0, 0x4044050}, 0x40) 4.984696466s ago: executing program 4 (id=113): r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)={[{0x4, 0x200, 0x8, 0x4f, 0x8, 0x7, 0x3, 0x1, 0x1, 0x6, 0xc, 0x4, 0x9}, {0x8, 0xaef3, 0x80, 0x8, 0x4, 0x1, 0x8, 0x3, 0x0, 0x13, 0x1, 0x6, 0x10005}, {0x0, 0x7, 0x10, 0x10, 0x25, 0x2, 0x0, 0xfb, 0x4, 0x15, 0x1, 0x4, 0x40000000000002}], 0x9}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x6, 0xfffffffffffffffd, 0x0, 0x10004, 0xfffffffffffffffd, 0x4002004c4, 0x1000, 0x0, 0xfff, 0x10, 0x0, 0x4, 0x0, 0x8, 0xb], 0x0, 0x2011c0}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 4.796370423s ago: executing program 1 (id=114): syz_open_procfs(0xffffffffffffffff, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000b79e6908402000d3b316010203010902120500000000000904"], 0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(0xffffffffffffffff, 0x40a85321, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) 4.661667205s ago: executing program 3 (id=115): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/netstat\x00') r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000007c0)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f62726964676500140001007767320000"], 0xa8}}, 0x4) close_range(r0, 0xffffffffffffffff, 0x0) 3.887687177s ago: executing program 3 (id=116): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYRESOCT=r0], 0x8) 3.792332877s ago: executing program 4 (id=117): r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r1, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10) r2 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r2, 0x0, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x1}, 0x10) close(0x3) r3 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r3, &(0x7f0000000380)={&(0x7f0000000140)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x3, 0x4}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4000884}, 0x4) 3.019941215s ago: executing program 3 (id=118): mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./bus\x00', 0x0) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1038, 0x1410, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='\x00\"\b\x00\x00\x00Z'], 0x0}, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x1c0) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x10000, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './bus'}}], [], 0x2c}) getdents(0xffffffffffffffff, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$devlink(&(0x7f00000032c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r1, &(0x7f0000003580)={0x0, 0x0, &(0x7f0000003540)={&(0x7f00000005c0)=ANY=[@ANYBLOB="da675e0f1c58a221f2407110fe81849b6989121b9507d12b62669e727c1fb619ed0ddbc5805c7631af846cbb273eb4dba6a61bf4a01e857a7a4de852f2ca62cb3b", @ANYRESOCT=r2], 0x54}, 0x1, 0x0, 0x0, 0x4004000}, 0x20004804) io_setup(0x5, &(0x7f0000000e80)=0x0) openat$random(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) io_submit(r3, 0x1, &(0x7f0000001580)=[0x0]) syz_io_uring_setup(0x459b, &(0x7f0000000080)={0x0, 0x5fa5, 0x2000, 0x1, 0x10b}, &(0x7f0000000100)=0x0, &(0x7f0000000140)) r5 = mmap$IORING_OFF_SQES(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x5, 0x88013, 0xffffffffffffffff, 0x10000000) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, &(0x7f0000000580)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, 0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000240)=@IORING_OP_FALLOCATE={0x11, 0x40, 0x0, @fd_index=0x1, 0x0, 0x0, 0x3, 0x0, 0x1}) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e02000000000000000000000000000005040000"], 0x0, 0x37}, 0x28) r6 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0), 0x0, 0xfff, r6}, 0x38) r7 = socket$igmp(0x2, 0x3, 0x2) getsockopt$inet_int(r7, 0x0, 0x16, 0x0, &(0x7f0000000080)) 2.992985458s ago: executing program 4 (id=119): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, 0x0, 0x0) close(0x3) 1.418973906s ago: executing program 4 (id=120): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newlink={0x40, 0x10, 0x439, 0x0, 0xfffffffc, {0x0, 0x0, 0x0, r2, 0x9801}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @gre={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @remote}, @IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x2}]}}}]}, 0x40}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=@newlink={0x80, 0x10, 0x439, 0x2, 0x0, {0x0, 0x0, 0x0, r2, 0x1040, 0x44100}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @gre={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @local}, @IFLA_GRE_OFLAGS={0x6, 0x3, 0x81}]}}}, @IFLA_AF_SPEC={0x40, 0x1a, 0x0, 0x1, [@AF_INET={0x18, 0x2, 0x0, 0x1, {0x14, 0x1, 0x0, 0x1, [{0x8, 0x2}, {0x8, 0x14, 0x0, 0x0, 0x8}]}}, @AF_MPLS={0x4}, @AF_INET={0x18, 0x2, 0x0, 0x1, {0x14, 0x1, 0x0, 0x1, [{0x8, 0xe, 0x0, 0x0, 0x55}, {0x8, 0x21, 0x0, 0x0, 0x401}]}}, @AF_BRIDGE={0x4}, @AF_MPLS={0x4}]}]}, 0x80}}, 0x4040000) 272.147326ms ago: executing program 1 (id=121): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x1100, 0x1}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) dup3(r1, r0, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x11, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f00000004c0)="e0"}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000480)={0x4c, 0x0, &(0x7f0000000200)=[@acquire, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) read$FUSE(r3, &(0x7f0000006380)={0x2020}, 0x2020) 0s ago: executing program 4 (id=122): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$sndtimer(0xffffff9c, 0x0, 0xa402) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, 0x0) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={0x0}}, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_MAP_DUMB(r2, 0xc01064b3, &(0x7f00000001c0)) setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x29, &(0x7f0000000040)=ANY=[], 0x14) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6) syz_open_dev$sndmidi(0x0, 0x2, 0x141102) r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) setsockopt$WPAN_SECURITY(r3, 0x0, 0x1, &(0x7f0000000000)=0x2, 0x4) setsockopt$WPAN_SECURITY(r3, 0x0, 0x1, &(0x7f0000000080), 0x4) sendmsg$802154_dgram(r3, &(0x7f0000000040)={&(0x7f00000000c0)={0x24, @short={0x2, 0x1, 0xaaa0}}, 0x14, &(0x7f0000001880)={0x0}}, 0x0) ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, &(0x7f0000000000)=0x1000) mmap$dsp(&(0x7f0000ff9000/0x2000)=nil, 0x2000, 0x100000f, 0x11, 0xffffffffffffffff, 0x0) ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, &(0x7f00000000c0)=0x5) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.133' (ED25519) to the list of known hosts. [ 159.893005][ T5781] cgroup: Unknown subsys name 'net' [ 160.059337][ T5781] cgroup: Unknown subsys name 'cpuset' [ 160.073438][ T5781] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 163.073983][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 163.080810][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 165.617552][ T5781] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 170.957110][ T50] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 170.966272][ T50] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 170.976524][ T50] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 171.055268][ T5802] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 171.066378][ T5802] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 171.083117][ T5100] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 171.109845][ T5100] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 171.145112][ T5809] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 171.157903][ T5809] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 171.168459][ T5804] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 171.177633][ T5804] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 171.186643][ T5809] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 171.195775][ T5804] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 171.271329][ T5804] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 171.314400][ T50] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 171.323732][ T50] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 171.374565][ T50] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 171.400396][ T5802] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 171.421660][ T5802] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 171.434923][ T5802] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 171.445591][ T5802] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 171.471113][ T5802] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 171.481488][ T5809] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 171.509768][ T5809] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 171.522341][ T5809] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 172.371142][ T5803] chnl_net:caif_netlink_parms(): no params data found [ 172.724119][ T5800] chnl_net:caif_netlink_parms(): no params data found [ 172.941189][ T5808] chnl_net:caif_netlink_parms(): no params data found [ 173.130551][ T5809] Bluetooth: hci0: command tx timeout [ 173.241182][ T5811] chnl_net:caif_netlink_parms(): no params data found [ 173.302090][ T50] Bluetooth: hci1: command tx timeout [ 173.468831][ T5813] chnl_net:caif_netlink_parms(): no params data found [ 173.529722][ T5803] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.537726][ T5803] bridge0: port 1(bridge_slave_0) entered disabled state [ 173.538348][ T5809] Bluetooth: hci2: command tx timeout [ 173.545471][ T5803] bridge_slave_0: entered allmulticast mode [ 173.550569][ T50] Bluetooth: hci3: command tx timeout [ 173.559798][ T5803] bridge_slave_0: entered promiscuous mode [ 173.610499][ T50] Bluetooth: hci4: command tx timeout [ 173.747323][ T5803] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.757022][ T5803] bridge0: port 2(bridge_slave_1) entered disabled state [ 173.764808][ T5803] bridge_slave_1: entered allmulticast mode [ 173.774205][ T5803] bridge_slave_1: entered promiscuous mode [ 173.865476][ T5800] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.876173][ T5800] bridge0: port 1(bridge_slave_0) entered disabled state [ 173.883954][ T5800] bridge_slave_0: entered allmulticast mode [ 173.893406][ T5800] bridge_slave_0: entered promiscuous mode [ 173.946384][ T5800] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.954097][ T5800] bridge0: port 2(bridge_slave_1) entered disabled state [ 173.961836][ T5800] bridge_slave_1: entered allmulticast mode [ 173.994817][ T5800] bridge_slave_1: entered promiscuous mode [ 174.015914][ T5803] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 174.086466][ T5803] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 174.266010][ T5808] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.274889][ T5808] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.284633][ T5808] bridge_slave_0: entered allmulticast mode [ 174.292783][ T5808] bridge_slave_0: entered promiscuous mode [ 174.408685][ T5800] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 174.418608][ T5808] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.426277][ T5808] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.435610][ T5808] bridge_slave_1: entered allmulticast mode [ 174.444079][ T5808] bridge_slave_1: entered promiscuous mode [ 174.498337][ T5803] team0: Port device team_slave_0 added [ 174.504618][ T5811] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.512052][ T5811] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.519552][ T5811] bridge_slave_0: entered allmulticast mode [ 174.528882][ T5811] bridge_slave_0: entered promiscuous mode [ 174.582412][ T5800] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 174.627249][ T5803] team0: Port device team_slave_1 added [ 174.633506][ T5811] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.641158][ T5811] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.648606][ T5811] bridge_slave_1: entered allmulticast mode [ 174.658593][ T5811] bridge_slave_1: entered promiscuous mode [ 174.668787][ T5813] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.676349][ T5813] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.684023][ T5813] bridge_slave_0: entered allmulticast mode [ 174.693144][ T5813] bridge_slave_0: entered promiscuous mode [ 174.828915][ T5813] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.836622][ T5813] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.844341][ T5813] bridge_slave_1: entered allmulticast mode [ 174.852979][ T5813] bridge_slave_1: entered promiscuous mode [ 174.904584][ T5808] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 175.009969][ T5800] team0: Port device team_slave_0 added [ 175.056950][ T5808] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 175.076249][ T5813] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 175.088351][ T5803] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 175.095729][ T5803] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 175.123217][ T5803] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 175.148384][ T5811] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 175.169721][ T5800] team0: Port device team_slave_1 added [ 175.177599][ T5803] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 175.184918][ T5803] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 175.212502][ T5803] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 175.221021][ T50] Bluetooth: hci0: command tx timeout [ 175.261406][ T5813] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 175.322712][ T5811] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 175.380683][ T50] Bluetooth: hci1: command tx timeout [ 175.454195][ T5808] team0: Port device team_slave_0 added [ 175.472976][ T5808] team0: Port device team_slave_1 added [ 175.586716][ T5813] team0: Port device team_slave_0 added [ 175.618113][ T50] Bluetooth: hci3: command tx timeout [ 175.618211][ T5809] Bluetooth: hci2: command tx timeout [ 175.641819][ T5811] team0: Port device team_slave_0 added [ 175.679464][ T5800] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 175.686718][ T5800] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 175.713255][ T5800] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 175.725156][ T5809] Bluetooth: hci4: command tx timeout [ 175.733703][ T5813] team0: Port device team_slave_1 added [ 175.741574][ T5800] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 175.748659][ T5800] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 175.774999][ T5800] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 175.826314][ T5811] team0: Port device team_slave_1 added [ 175.834274][ T5808] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 175.841486][ T5808] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 175.867875][ T5808] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 175.988079][ T5808] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 175.996485][ T5808] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 176.025400][ T5808] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 176.132610][ T5803] hsr_slave_0: entered promiscuous mode [ 176.141533][ T5803] hsr_slave_1: entered promiscuous mode [ 176.161157][ T5811] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 176.168231][ T5811] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 176.194601][ T5811] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 176.211981][ T5813] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 176.219079][ T5813] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 176.245261][ T5813] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 176.285572][ T5811] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 176.293134][ T5811] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 176.319541][ T5811] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 176.378229][ T5813] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 176.385497][ T5813] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 176.412068][ T5813] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 176.548938][ T5800] hsr_slave_0: entered promiscuous mode [ 176.558706][ T5800] hsr_slave_1: entered promiscuous mode [ 176.567256][ T5800] debugfs: 'hsr0' already exists in 'hsr' [ 176.573224][ T5800] Cannot create hsr debugfs directory [ 176.608239][ T5808] hsr_slave_0: entered promiscuous mode [ 176.616874][ T5808] hsr_slave_1: entered promiscuous mode [ 176.624970][ T5808] debugfs: 'hsr0' already exists in 'hsr' [ 176.630865][ T5808] Cannot create hsr debugfs directory [ 176.928782][ T5811] hsr_slave_0: entered promiscuous mode [ 176.938500][ T5811] hsr_slave_1: entered promiscuous mode [ 176.946596][ T5811] debugfs: 'hsr0' already exists in 'hsr' [ 176.952560][ T5811] Cannot create hsr debugfs directory [ 176.970059][ T5813] hsr_slave_0: entered promiscuous mode [ 176.978533][ T5813] hsr_slave_1: entered promiscuous mode [ 176.988367][ T5813] debugfs: 'hsr0' already exists in 'hsr' [ 176.994290][ T5813] Cannot create hsr debugfs directory [ 177.290486][ T5809] Bluetooth: hci0: command tx timeout [ 177.453512][ T5809] Bluetooth: hci1: command tx timeout [ 177.700994][ T5809] Bluetooth: hci3: command tx timeout [ 177.706635][ T50] Bluetooth: hci2: command tx timeout [ 177.787371][ T50] Bluetooth: hci4: command tx timeout [ 178.135354][ T5803] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 178.216503][ T5803] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 178.251586][ T5803] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 178.272265][ T5803] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 178.415675][ T5800] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 178.444010][ T5800] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 178.471854][ T5811] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 178.565060][ T5800] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 178.599780][ T5800] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 178.621378][ T5811] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 178.648413][ T5811] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 178.676036][ T5811] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 178.852322][ T5808] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 178.941610][ T5808] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 179.024091][ T5813] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 179.048489][ T5808] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 179.093005][ T5808] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 179.136815][ T5813] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 179.192103][ T5813] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 179.245137][ T5813] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 179.371268][ T50] Bluetooth: hci0: command tx timeout [ 179.533458][ T50] Bluetooth: hci1: command tx timeout [ 179.775401][ T50] Bluetooth: hci2: command tx timeout [ 179.781175][ T5809] Bluetooth: hci3: command tx timeout [ 179.851586][ T50] Bluetooth: hci4: command tx timeout [ 179.925318][ T5803] 8021q: adding VLAN 0 to HW filter on device bond0 [ 179.954160][ T5800] 8021q: adding VLAN 0 to HW filter on device bond0 [ 180.098339][ T5811] 8021q: adding VLAN 0 to HW filter on device bond0 [ 180.122227][ T5803] 8021q: adding VLAN 0 to HW filter on device team0 [ 180.187044][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.194588][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 180.226216][ T5800] 8021q: adding VLAN 0 to HW filter on device team0 [ 180.294810][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.302376][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 180.402058][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.409407][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 180.444391][ T5808] 8021q: adding VLAN 0 to HW filter on device bond0 [ 180.498207][ T5811] 8021q: adding VLAN 0 to HW filter on device team0 [ 180.573441][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.580967][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 180.626843][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.634382][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 180.759910][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.767452][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 180.816973][ T5813] 8021q: adding VLAN 0 to HW filter on device bond0 [ 180.881599][ T5808] 8021q: adding VLAN 0 to HW filter on device team0 [ 181.063517][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.071196][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 181.100265][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.107725][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 181.189263][ T5813] 8021q: adding VLAN 0 to HW filter on device team0 [ 181.252389][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.259852][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 181.366911][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.374503][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 182.348219][ T5803] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 182.873628][ T5803] veth0_vlan: entered promiscuous mode [ 182.899241][ T5800] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 182.965096][ T5803] veth1_vlan: entered promiscuous mode [ 183.171594][ T5808] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 183.187319][ T5811] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 183.386839][ T5800] veth0_vlan: entered promiscuous mode [ 183.451431][ T5813] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 183.499260][ T5803] veth0_macvtap: entered promiscuous mode [ 183.568898][ T5803] veth1_macvtap: entered promiscuous mode [ 183.589839][ T5800] veth1_vlan: entered promiscuous mode [ 183.707959][ T5808] veth0_vlan: entered promiscuous mode [ 183.784210][ T5803] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 183.848739][ T5803] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 183.883884][ T5808] veth1_vlan: entered promiscuous mode [ 184.032471][ T75] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 184.070241][ T5800] veth0_macvtap: entered promiscuous mode [ 184.100933][ T5813] veth0_vlan: entered promiscuous mode [ 184.107819][ T75] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 184.167742][ T5800] veth1_macvtap: entered promiscuous mode [ 184.183987][ T75] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 184.244946][ T75] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 184.357572][ T5813] veth1_vlan: entered promiscuous mode [ 184.398240][ T5808] veth0_macvtap: entered promiscuous mode [ 184.418825][ T5800] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 184.475190][ T5808] veth1_macvtap: entered promiscuous mode [ 184.523303][ T5800] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 184.648526][ T4303] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 184.671967][ T5808] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 184.719354][ T4303] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 184.743071][ T5808] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 184.798989][ T4303] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 184.844541][ T4303] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 184.902154][ T4303] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 184.933202][ T5813] veth0_macvtap: entered promiscuous mode [ 184.968837][ T4303] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.009458][ T5813] veth1_macvtap: entered promiscuous mode [ 185.030456][ T4276] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.039440][ T4276] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.259777][ T5813] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 185.376872][ T5813] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 185.455000][ T4276] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.496744][ T4276] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.562712][ T4276] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.628913][ T4276] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.804154][ T5811] veth0_vlan: entered promiscuous mode [ 185.887772][ T5811] veth1_vlan: entered promiscuous mode [ 186.261970][ T5811] veth0_macvtap: entered promiscuous mode [ 186.346027][ T5811] veth1_macvtap: entered promiscuous mode [ 186.485232][ T5811] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 186.575751][ T5811] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 186.655640][ T59] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 186.706850][ T59] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 186.773791][ T59] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 186.825389][ T59] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.852160][ T3961] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 189.863957][ T3961] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 190.029095][ T147] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 190.037756][ T147] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 190.335805][ T75] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 190.344143][ T75] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 190.390040][ T5803] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 190.470607][ T4088] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 190.478579][ T4088] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 190.591973][ T4088] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 190.600001][ T4088] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 190.746799][ T75] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 190.755028][ T75] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 191.413559][ T3961] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 191.424270][ T3961] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 191.561730][ T5982] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 191.678883][ T5982] kvm: user requested TSC rate below hardware speed [ 191.710118][ T3656] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 191.718600][ T3656] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 192.510042][ T75] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 192.519692][ T75] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 192.694664][ T3656] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 192.702980][ T3656] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 193.913165][ T5851] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 194.112433][ T5851] usb 3-1: Using ep0 maxpacket: 8 [ 194.145872][ T5851] usb 3-1: config 2 has an invalid interface number: 31 but max is 0 [ 194.155258][ T5851] usb 3-1: config 2 has no interface number 0 [ 194.162503][ T5851] usb 3-1: config 2 interface 31 has no altsetting 0 [ 194.209695][ T6017] netlink: 4 bytes leftover after parsing attributes in process `syz.4.12'. [ 194.227060][ T5851] usb 3-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f [ 194.236722][ T5851] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 194.245264][ T5851] usb 3-1: Product: syz [ 194.249603][ T5851] usb 3-1: Manufacturer: syz [ 194.255894][ T5851] usb 3-1: SerialNumber: syz [ 194.419501][ T5851] ch9200 3-1:2.31: probe with driver ch9200 failed with error -22 [ 194.865843][ T6023] netlink: 8 bytes leftover after parsing attributes in process `syz.4.14'. [ 195.466761][ T6028] process 'syz.4.15' launched '/dev/fd/4' with NULL argv: empty string added [ 195.492242][ T5851] usb 3-1: USB disconnect, device number 2 [ 197.691960][ T6050] netlink: 8 bytes leftover after parsing attributes in process `syz.2.25'. [ 197.871801][ C1] hrtimer: interrupt took 279265 ns [ 198.340996][ T5851] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 198.544310][ T5851] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 198.555089][ T5851] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 198.630616][ T5851] usb 3-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=4c.b3 [ 198.640389][ T5851] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 198.648593][ T5851] usb 3-1: Product: syz [ 198.654536][ T5851] usb 3-1: Manufacturer: syz [ 198.659313][ T5851] usb 3-1: SerialNumber: syz [ 198.752977][ T5851] usb 3-1: config 0 descriptor?? [ 199.416033][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 199.620952][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 199.825920][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 199.929215][ T0] NOHZ tick-stop error: local softirq work is pending, handler #50!!! [ 200.030448][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 200.505875][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 202.078657][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 203.513001][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 204.180827][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 204.632891][ T6078] netlink: 80 bytes leftover after parsing attributes in process `syz.0.34'. [ 204.645557][ T6078] netlink: 80 bytes leftover after parsing attributes in process `syz.0.34'. [ 205.618666][ T6083] netlink: 8 bytes leftover after parsing attributes in process `syz.3.36'. [ 206.761980][ T5851] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 207.034992][ T5851] usb 1-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65 [ 207.035144][ T5851] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 207.035262][ T5851] usb 1-1: Product: syz [ 207.035357][ T5851] usb 1-1: Manufacturer: syz [ 207.035453][ T5851] usb 1-1: SerialNumber: syz [ 207.040802][ T5851] usb 1-1: config 0 descriptor?? [ 207.474078][ T42] usb 3-1: USB disconnect, device number 3 [ 207.507440][ T5851] usb 1-1: ignoring: probably an ADSL modem [ 207.715664][ T5851] cxacru 1-1:0.0: usbatm_usb_probe: bind failed: -19! [ 207.786162][ T5851] usb 1-1: USB disconnect, device number 2 [ 208.172770][ T6099] mmap: syz.2.42 (6099) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 209.356744][ T6113] netlink: 8 bytes leftover after parsing attributes in process `syz.2.49'. [ 210.740419][ T5851] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 211.030266][ T5851] usb 2-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65 [ 211.030411][ T5851] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 211.030523][ T5851] usb 2-1: Product: syz [ 211.030615][ T5851] usb 2-1: Manufacturer: syz [ 211.030708][ T5851] usb 2-1: SerialNumber: syz [ 211.039474][ T5851] usb 2-1: config 0 descriptor?? [ 211.425403][ T5851] usb 2-1: ignoring: probably an ADSL modem [ 211.665484][ T5851] cxacru 2-1:0.0: usbatm_usb_probe: bind failed: -19! [ 211.696045][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 211.781991][ T5851] usb 2-1: USB disconnect, device number 2 [ 213.226084][ T6150] netlink: 12 bytes leftover after parsing attributes in process `syz.3.64'. [ 213.711077][ T5851] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 213.925188][ T5851] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 213.935476][ T5851] usb 1-1: config 0 interface 0 has no altsetting 0 [ 214.007696][ T5851] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 214.017958][ T5851] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 214.026596][ T5851] usb 1-1: Product: syz [ 214.030927][ T5851] usb 1-1: Manufacturer: syz [ 214.035600][ T5851] usb 1-1: SerialNumber: syz [ 214.106779][ T5851] usb 1-1: config 0 descriptor?? [ 214.142484][ T5851] usb 1-1: selecting invalid altsetting 0 [ 214.352717][ T5851] usb 1-1: USB disconnect, device number 3 [ 214.486403][ T5999] udevd[5999]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 216.891433][ T5854] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 217.414750][ T5854] usb 2-1: device descriptor read/64, error -71 [ 217.830490][ T5854] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 218.743012][ T6172] netlink: 12 bytes leftover after parsing attributes in process `syz.4.71'. [ 220.370075][ T189] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 220.910091][ T189] usb 5-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65 [ 220.922795][ T189] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 220.932428][ T189] usb 5-1: Product: syz [ 220.936760][ T189] usb 5-1: Manufacturer: syz [ 220.941577][ T189] usb 5-1: SerialNumber: syz [ 221.030013][ T189] usb 5-1: config 0 descriptor?? [ 221.360831][ T189] usb 5-1: ignoring: probably an ADSL modem [ 221.706420][ T189] cxacru 5-1:0.0: usbatm_usb_probe: bind failed: -19! [ 221.799485][ T189] usb 5-1: USB disconnect, device number 2 [ 224.520807][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 224.527539][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 224.546636][ T6185] ip6gre1: entered promiscuous mode [ 224.552075][ T6185] ip6gre1: entered allmulticast mode [ 224.876272][ T6187] netlink: 12 bytes leftover after parsing attributes in process `syz.1.77'. [ 229.171805][ T6204] netlink: 64 bytes leftover after parsing attributes in process `syz.3.83'. [ 229.661087][ T5809] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 229.669501][ T5809] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 229.691553][ T5809] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 229.703757][ T5809] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 229.713441][ T5809] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 230.580130][ T6205] chnl_net:caif_netlink_parms(): no params data found [ 231.780711][ T50] Bluetooth: hci5: command tx timeout [ 232.049977][ T5809] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 232.062192][ T5809] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 232.144885][ T5809] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 232.207570][ T6205] bridge0: port 1(bridge_slave_0) entered blocking state [ 232.215483][ T6205] bridge0: port 1(bridge_slave_0) entered disabled state [ 232.224591][ T6205] bridge_slave_0: entered allmulticast mode [ 232.234995][ T6205] bridge_slave_0: entered promiscuous mode [ 232.245620][ T5809] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 232.258477][ T5809] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 232.271152][ T6205] bridge0: port 2(bridge_slave_1) entered blocking state [ 232.278577][ T6205] bridge0: port 2(bridge_slave_1) entered disabled state [ 232.290313][ T6205] bridge_slave_1: entered allmulticast mode [ 232.298571][ T6205] bridge_slave_1: entered promiscuous mode [ 233.577145][ T6205] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 233.873378][ T5809] Bluetooth: hci5: command tx timeout [ 234.340722][ T5809] Bluetooth: hci6: command tx timeout [ 234.376088][ T6216] chnl_net:caif_netlink_parms(): no params data found [ 234.409120][ T6205] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 235.547966][ T6205] team0: Port device team_slave_0 added [ 235.580920][ T6205] team0: Port device team_slave_1 added [ 235.855055][ T6205] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 235.862207][ T6205] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 235.891124][ T6205] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 235.942515][ T5809] Bluetooth: hci5: command tx timeout [ 235.955920][ T6205] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 235.963532][ T6205] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 235.993334][ T6205] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 236.410824][ T5809] Bluetooth: hci6: command tx timeout [ 236.449037][ T6205] hsr_slave_0: entered promiscuous mode [ 236.457533][ T6205] hsr_slave_1: entered promiscuous mode [ 236.465894][ T6205] debugfs: 'hsr0' already exists in 'hsr' [ 236.471810][ T6205] Cannot create hsr debugfs directory [ 236.730706][ T6242] netlink: 64 bytes leftover after parsing attributes in process `syz.4.93'. [ 237.002512][ T6216] bridge0: port 1(bridge_slave_0) entered blocking state [ 237.009920][ T6216] bridge0: port 1(bridge_slave_0) entered disabled state [ 237.017588][ T6216] bridge_slave_0: entered allmulticast mode [ 237.025908][ T6216] bridge_slave_0: entered promiscuous mode [ 237.148660][ T6216] bridge0: port 2(bridge_slave_1) entered blocking state [ 237.156213][ T6216] bridge0: port 2(bridge_slave_1) entered disabled state [ 237.164070][ T6216] bridge_slave_1: entered allmulticast mode [ 237.172592][ T6216] bridge_slave_1: entered promiscuous mode [ 237.621880][ T6216] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 237.728000][ T6216] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 238.039496][ T5809] Bluetooth: hci5: command tx timeout [ 238.072340][ T6205] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 238.103606][ T6216] team0: Port device team_slave_0 added [ 238.116286][ T6205] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 238.144154][ T6205] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 238.240305][ T6205] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 238.416267][ T6216] team0: Port device team_slave_1 added [ 238.490805][ T5809] Bluetooth: hci6: command tx timeout [ 238.563084][ T6216] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 238.570443][ T6216] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 238.597355][ T6216] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 238.793411][ T6216] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 238.800958][ T6216] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 238.827150][ T6216] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 239.462009][ T6216] hsr_slave_0: entered promiscuous mode [ 239.470961][ T6216] hsr_slave_1: entered promiscuous mode [ 239.479644][ T6216] debugfs: 'hsr0' already exists in 'hsr' [ 239.485702][ T6216] Cannot create hsr debugfs directory [ 240.038974][ T6205] 8021q: adding VLAN 0 to HW filter on device bond0 [ 240.238794][ T6205] 8021q: adding VLAN 0 to HW filter on device team0 [ 240.363046][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 240.370596][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 240.548186][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 240.555605][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 240.594268][ T5809] Bluetooth: hci6: command tx timeout [ 241.191876][ T6270] syz_tun: entered allmulticast mode [ 241.748836][ T6216] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 241.935458][ T6268] netlink: 64 bytes leftover after parsing attributes in process `syz.4.104'. [ 241.967645][ T6216] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 242.131696][ T6216] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 242.245955][ T6216] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 243.415729][ T6216] 8021q: adding VLAN 0 to HW filter on device bond0 [ 243.630072][ T6216] 8021q: adding VLAN 0 to HW filter on device team0 [ 243.742876][ T1304] bridge0: port 1(bridge_slave_0) entered blocking state [ 243.750471][ T1304] bridge0: port 1(bridge_slave_0) entered forwarding state [ 243.883069][ T1304] bridge0: port 2(bridge_slave_1) entered blocking state [ 243.890484][ T1304] bridge0: port 2(bridge_slave_1) entered forwarding state [ 245.568286][ T6295] binder: 6294:6295 ioctl 4018620d 0 returned -22 [ 246.304333][ T6216] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 246.388981][ T6205] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 247.930707][ T5854] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 248.290519][ T5854] usb 2-1: Using ep0 maxpacket: 8 [ 248.656859][ T5854] usb 2-1: config index 0 descriptor too short (expected 1298, got 18) [ 248.665757][ T5854] usb 2-1: config 0 has an invalid interface number: 0 but max is -1 [ 248.677512][ T5854] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 249.186239][ T5854] usb 2-1: New USB device found, idVendor=2040, idProduct=d300, bcdDevice=16.b3 [ 249.195963][ T5854] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 249.204327][ T5854] usb 2-1: Product: syz [ 249.208664][ T5854] usb 2-1: Manufacturer: syz [ 249.215523][ T5854] usb 2-1: SerialNumber: syz [ 249.281073][ T189] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 249.531917][ T6205] veth0_vlan: entered promiscuous mode [ 249.601294][ T189] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 249.614201][ T189] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 249.624853][ T189] usb 4-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00 [ 249.634136][ T189] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 249.685646][ T6205] veth1_vlan: entered promiscuous mode [ 249.823577][ T189] usb 4-1: config 0 descriptor?? [ 250.170337][ T6205] veth0_macvtap: entered promiscuous mode [ 250.250107][ T189] steelseries 0003:1038:1410.0001: unknown main item tag 0x0 [ 250.258800][ T189] steelseries 0003:1038:1410.0001: unknown main item tag 0x0 [ 250.266645][ T189] steelseries 0003:1038:1410.0001: unknown main item tag 0x0 [ 250.274269][ T189] steelseries 0003:1038:1410.0001: unknown main item tag 0x0 [ 250.335032][ T6205] veth1_macvtap: entered promiscuous mode [ 250.363035][ T5854] usb 2-1: config 0 descriptor?? [ 250.720539][ T189] steelseries 0003:1038:1410.0001: missing HID_OUTPUT_REPORT 0 [ 250.797228][ T6205] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 250.952716][ T189] usb 4-1: USB disconnect, device number 2 [ 251.031646][ T6205] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 251.047850][ T5854] usb 2-1: can't set config #0, error -71 [ 251.134464][ T4050] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 251.235112][ T4303] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 251.391130][ T5854] usb 2-1: USB disconnect, device number 5 [ 251.464936][ T6216] veth0_vlan: entered promiscuous mode [ 251.608243][ T6216] veth1_vlan: entered promiscuous mode [ 251.721782][ T4088] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 251.811141][ T4088] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 251.918660][ T6337] binder: 6336:6337 ioctl 4018620d 0 returned -22 [ 251.981813][ T6339] Zero length message leads to an empty skb [ 252.063479][ T6339] ===================================================== [ 252.071820][ T6339] BUG: KMSAN: uninit-value in ieee802154_hdr_push+0x9ac/0xa30 [ 252.079409][ T6339] ieee802154_hdr_push+0x9ac/0xa30 [ 252.084817][ T6339] ieee802154_header_create+0x854/0xb90 [ 252.090607][ T6339] dgram_sendmsg+0xb40/0x16d0 [ 252.095409][ T6339] ieee802154_sock_sendmsg+0x92/0xd0 [ 252.100897][ T6339] __sock_sendmsg+0x333/0x3d0 [ 252.105664][ T6339] ____sys_sendmsg+0x7f5/0xcf0 [ 252.110702][ T6339] ___sys_sendmsg+0x271/0x3b0 [ 252.115450][ T6339] __sys_sendmsg+0x1aa/0x300 [ 252.120116][ T6339] __ia32_compat_sys_sendmsg+0xa4/0x100 [ 252.125961][ T6339] ia32_sys_call+0x35f2/0x4340 [ 252.131398][ T6339] __do_fast_syscall_32+0x155/0x310 [ 252.136711][ T6339] do_fast_syscall_32+0x38/0x80 [ 252.141761][ T6339] do_SYSENTER_32+0x1f/0x30 [ 252.146399][ T6339] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 252.156137][ T6339] [ 252.158511][ T6339] Uninit was stored to memory at: [ 252.163780][ T6339] ieee802154_hdr_push+0x9a5/0xa30 [ 252.168959][ T6339] ieee802154_header_create+0x854/0xb90 [ 252.176296][ T6339] dgram_sendmsg+0xb40/0x16d0 [ 252.181165][ T6339] ieee802154_sock_sendmsg+0x92/0xd0 [ 252.186546][ T6339] __sock_sendmsg+0x333/0x3d0 [ 252.191406][ T6339] ____sys_sendmsg+0x7f5/0xcf0 [ 252.196288][ T6339] ___sys_sendmsg+0x271/0x3b0 [ 252.201186][ T6339] __sys_sendmsg+0x1aa/0x300 [ 252.205842][ T6339] __ia32_compat_sys_sendmsg+0xa4/0x100 [ 252.211616][ T6339] ia32_sys_call+0x35f2/0x4340 [ 252.216438][ T6339] __do_fast_syscall_32+0x155/0x310 [ 252.221865][ T6339] do_fast_syscall_32+0x38/0x80 [ 252.226860][ T6339] do_SYSENTER_32+0x1f/0x30 [ 252.231632][ T6339] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 252.238053][ T6339] [ 252.240512][ T6339] Local variable hdr created at: [ 252.245512][ T6339] ieee802154_header_create+0x4e/0xb90 [ 252.255771][ T6339] dgram_sendmsg+0xb40/0x16d0 [ 252.260731][ T6339] [ 252.263112][ T6339] CPU: 0 UID: 0 PID: 6339 Comm: syz.4.122 Not tainted syzkaller #0 PREEMPT(none) [ 252.272467][ T6339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 252.282684][ T6339] ===================================================== [ 252.289638][ T6339] Disabling lock debugging due to kernel taint [ 252.296013][ T6339] Kernel panic - not syncing: kmsan.panic set ... [ 252.302482][ T6339] CPU: 0 UID: 0 PID: 6339 Comm: syz.4.122 Tainted: G B syzkaller #0 PREEMPT(none) [ 252.313325][ T6339] Tainted: [B]=BAD_PAGE [ 252.317505][ T6339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 252.327615][ T6339] Call Trace: [ 252.330959][ T6339] [ 252.333923][ T6339] __dump_stack+0x26/0x30 [ 252.338340][ T6339] dump_stack_lvl+0x53/0x270 [ 252.343019][ T6339] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 252.348930][ T6339] dump_stack+0x1e/0x25 [ 252.353159][ T6339] vpanic+0x435/0xd30 [ 252.357262][ T6339] panic+0x15d/0x160 [ 252.361345][ T6339] kmsan_report+0x31c/0x320 [ 252.365956][ T6339] ? stack_depot_save+0x12/0x20 [ 252.370884][ T6339] ? __msan_warning+0x1b/0x30 [ 252.375640][ T6339] ? ieee802154_hdr_push+0x9ac/0xa30 [ 252.380991][ T6339] ? ieee802154_header_create+0x854/0xb90 [ 252.386799][ T6339] ? dgram_sendmsg+0xb40/0x16d0 [ 252.391739][ T6339] ? ieee802154_sock_sendmsg+0x92/0xd0 [ 252.397314][ T6339] ? __sock_sendmsg+0x333/0x3d0 [ 252.402256][ T6339] ? ____sys_sendmsg+0x7f5/0xcf0 [ 252.407268][ T6339] ? ___sys_sendmsg+0x271/0x3b0 [ 252.412190][ T6339] ? __sys_sendmsg+0x1aa/0x300 [ 252.417040][ T6339] ? __ia32_compat_sys_sendmsg+0xa4/0x100 [ 252.422847][ T6339] ? ia32_sys_call+0x35f2/0x4340 [ 252.427850][ T6339] ? __do_fast_syscall_32+0x155/0x310 [ 252.433307][ T6339] ? do_fast_syscall_32+0x38/0x80 [ 252.438420][ T6339] ? do_SYSENTER_32+0x1f/0x30 [ 252.443185][ T6339] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 252.449775][ T6339] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 252.456381][ T6339] ? kmsan_get_metadata+0xfb/0x160 [ 252.461667][ T6339] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 252.468114][ T6339] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 252.474273][ T6339] ? kmsan_get_metadata+0xfb/0x160 [ 252.479487][ T6339] ? kmsan_internal_memmove_metadata+0x91/0x230 [ 252.485815][ T6339] ? kmsan_get_metadata+0xfb/0x160 [ 252.491019][ T6339] ? kmsan_internal_memmove_metadata+0x181/0x230 [ 252.497486][ T6339] ? kmsan_get_metadata+0xfb/0x160 [ 252.502696][ T6339] __msan_warning+0x1b/0x30 [ 252.507278][ T6339] ieee802154_hdr_push+0x9ac/0xa30 [ 252.512475][ T6339] ? bxtwc_add_chained_devices+0x392/0x4b0 [ 252.518361][ T6339] ? __msan_memcpy+0x108/0x1c0 [ 252.523223][ T6339] ieee802154_header_create+0x854/0xb90 [ 252.528878][ T6339] ? kmsan_get_metadata+0xfb/0x160 [ 252.534088][ T6339] ? __pfx_ieee802154_header_create+0x10/0x10 [ 252.540242][ T6339] dgram_sendmsg+0xb40/0x16d0 [ 252.545028][ T6339] ? __pfx_dgram_sendmsg+0x10/0x10 [ 252.550221][ T6339] ieee802154_sock_sendmsg+0x92/0xd0 [ 252.555612][ T6339] ? __pfx_ieee802154_sock_sendmsg+0x10/0x10 [ 252.561707][ T6339] ? __pfx_ieee802154_sock_sendmsg+0x10/0x10 [ 252.567882][ T6339] __sock_sendmsg+0x333/0x3d0 [ 252.572668][ T6339] ____sys_sendmsg+0x7f5/0xcf0 [ 252.577534][ T6339] ___sys_sendmsg+0x271/0x3b0 [ 252.582294][ T6339] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 252.588218][ T6339] ? __rcu_read_unlock+0x6d/0xd0 [ 252.593241][ T6339] ? __fget_files+0x3b4/0x4a0 [ 252.598022][ T6339] ? __fget_files+0x3b9/0x4a0 [ 252.602806][ T6339] ? kmsan_get_metadata+0xfb/0x160 [ 252.608022][ T6339] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 252.613945][ T6339] __sys_sendmsg+0x1aa/0x300 [ 252.618642][ T6339] __ia32_compat_sys_sendmsg+0xa4/0x100 [ 252.624292][ T6339] ia32_sys_call+0x35f2/0x4340 [ 252.629128][ T6339] __do_fast_syscall_32+0x155/0x310 [ 252.634429][ T6339] do_fast_syscall_32+0x38/0x80 [ 252.639376][ T6339] do_SYSENTER_32+0x1f/0x30 [ 252.643964][ T6339] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 252.650399][ T6339] RIP: 0023:0xf700d539 [ 252.654516][ T6339] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 252.674200][ T6339] RSP: 002b:00000000f53fd55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 252.682799][ T6339] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000080000040 [ 252.690829][ T6339] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 252.698846][ T6339] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 252.706863][ T6339] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 252.714879][ T6339] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 252.722919][ T6339] [ 252.726404][ T6339] Kernel Offset: disabled [ 252.730779][ T6339] Rebooting in 86400 seconds..