last executing test programs: 5m48.832920828s ago: executing program 4 (id=255): openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x7734, 0x80, 0x0, 0x34f}, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r1, 0x47bc, 0x0, 0x0, 0x0, 0x0) 5m16.497859999s ago: executing program 1 (id=673): r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x80000, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000001200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r4 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x1, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000380)={r3, r5, 0x1, 0x0, @void}, 0x10) write(r0, &(0x7f0000000180)="b1f6a4e6086771339298ff93c614cda94476d7b3650dace6ffd148ee98b8cb08591ffc2467faa14e", 0x28) 4m55.472904064s ago: executing program 4 (id=255): openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x7734, 0x80, 0x0, 0x34f}, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r1, 0x47bc, 0x0, 0x0, 0x0, 0x0) 4m33.301312554s ago: executing program 1 (id=673): r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x80000, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000001200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r4 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x1, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000380)={r3, r5, 0x1, 0x0, @void}, 0x10) write(r0, &(0x7f0000000180)="b1f6a4e6086771339298ff93c614cda94476d7b3650dace6ffd148ee98b8cb08591ffc2467faa14e", 0x28) 4m5.577989861s ago: executing program 4 (id=255): openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x7734, 0x80, 0x0, 0x34f}, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r1, 0x47bc, 0x0, 0x0, 0x0, 0x0) 4m3.150686172s ago: executing program 1 (id=673): r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x80000, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000001200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r4 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x1, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000380)={r3, r5, 0x1, 0x0, @void}, 0x10) write(r0, &(0x7f0000000180)="b1f6a4e6086771339298ff93c614cda94476d7b3650dace6ffd148ee98b8cb08591ffc2467faa14e", 0x28) 3m53.897405481s ago: executing program 0 (id=859): futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00') setresuid(0x0, 0xee01, 0x0) renameat2(r0, &(0x7f0000000380)='./cgroup\x00', r0, &(0x7f00000003c0)='./mnt\x00', 0x2) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r1}, 0x10) rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8) setpriority(0x0, 0x0, 0xacf0165) shmget$private(0x0, 0x2000, 0x80, &(0x7f0000ffd000/0x2000)=nil) stat(0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) getdents(r2, 0xfffffffffffffffd, 0x58) statx(r0, &(0x7f00000001c0)='./mnt\x00', 0x1000, 0x7ff, &(0x7f0000000080)) 3m52.927252248s ago: executing program 0 (id=860): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) statx(0xffffffffffffff9c, 0x0, 0x2000, 0x800, &(0x7f0000000540)) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000940)=ANY=[@ANYBLOB="61158800000000006113500000000000bfa000000000000007000000ee0016055e0301000000000064050000000000006916300000000000bf07000000000000260507000fff07206706000020000000470600000ee60060bf500000000000002f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05002000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ace0600006e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc0da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44e2a2235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d00c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932fb3bba54b3a6aa57f1ad2e99e0e67ab9ff16d20000009f0f53acbb40b4f8e2738270001562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000007b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000815266b2c9e1bfadc7498e9dda5d000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631822a11dc3c693962895496d4f6e9cc54db6c7205a6b26f92121ef53e553acdf42068fff496d2da7d6327f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710eec53f1b11cced7bc3c8da0c44d2fbf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db80300c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f8709d87b27f8a5d9121fdc058447b728f134f72062fc4b1ca0780b1a7af137ff7b4ff139604faf0453b65586f65c7943d56b52f06c870edf0c5d744b5272b44c23480b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca871073f6bd61940aabc86b94f8cbde4d47060400e722a6a2af483ad0d3415ed0f9db009acaba9eaea93f811d434e00000000000000000000d154672fea96aedf346279ec00000000000000000000d535d41b0067f01e2e54b9154d876020b669640ead4ca44631fadf7c4ac39a1b331dbdcd52b36df021b731ef1f92330d347f88ced5c1aaadbcdd8d2257e3a9a7c7494fadf9be36f7a2334ee6e9446fa1fd486f85d672a77dc5bd21463994d49f12016305a1e394d292b66840fe32b40ad665d241a8b8a32b3100450c32832789aa8a096f41201b585cd76631c88cf958e9e9047f5af1730c5e83db12460a0768fd4b62be6c41eed307048bac8d1f7f164574241e06027654b248dcc38749eee0c1ee7c61b3f6411a559c3d45637b11e440ed5a99109b8e71d28c3d677af5f0499c6d3fc6a129775056958c9df824ebe5fa9fb306b24a8a8334910627d03efe69d4b61c4345f048c5da8aca16cea848fa77d2507c920a6bd654b00e07789382ed902c80deeff2fd5c78f42e4353e5360c3e55962efd1331e6736eaf4ee27736fa54803ee8ec1a15266ffcd8b30368740b584c2559e691e542cab3d49db327db62328f159d1e0900b3e23e84dedcd1377aa15dbeab7db181bd66980c3557c7d9f7377fcb6023accb5c368a121acf70e5f4c3f2a0ea07011c7149ea979cab2ee65cf7ffa29152b7a8fed89575e6e6fd77d4d9463d21775abac886ee6a1f2d7d8523840438a73d6307a87e2f525867fc3af7ab74520a773ae26bae74cdd405a211e8833e1ba523cde51d04a7ca6732"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffd2, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) 3m51.897317929s ago: executing program 0 (id=865): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000340)=[{0x6, 0x0, 0x0, 0x67b}]}, 0x10) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x5, [@typedef={0x2, 0x0, 0x0, 0x8, 0x4}]}, {0x0, [0x0, 0x61, 0x1e]}}, 0x0, 0x29, 0x0, 0x0, 0x3, 0x0, @void, @value}, 0x28) sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000200)={0x0, 0x6, 0x6, 0x4}, 0x10) r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000040)=0x90000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f00000001c0)={@my=0x1}) r2 = syz_open_dev$video(&(0x7f0000000080), 0xe, 0x101000) ioctl$VIDIOC_G_INPUT(r2, 0x80045626, &(0x7f00000000c0)) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r1, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x5e}) ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(0xffffffffffffffff, 0x80045700, &(0x7f0000000000)) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r1, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x5f, 0xfffffffffffffff9}) 3m50.774768688s ago: executing program 0 (id=869): r0 = syz_open_dev$usbmon(&(0x7f0000000280), 0x80000000000000, 0x0) io_setup(0x8, &(0x7f0000004200)=0x0) io_submit(r1, 0x1, &(0x7f0000000040)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}]) syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) r2 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x88040, 0x0) fcntl$setlease(r2, 0x400, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x88040, 0x0) fcntl$setlease(r3, 0x400, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x88040, 0x0) fcntl$getflags(r4, 0x401) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, &(0x7f0000000040)=0x80c0, 0x4) r5 = syz_open_dev$sndpcmc(&(0x7f0000000140), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_RESUME(r5, 0x4147, 0x0) 3m50.260217223s ago: executing program 0 (id=872): syz_usb_connect(0x4, 0x0, 0x0, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@perf_event={0x4}}, 0x18) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xc) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000c40)) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r1}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) unshare(0x64000600) ptrace$ARCH_GET_CPUID(0x1e, 0xffffffffffffffff, 0x0, 0x1011) 3m45.707946593s ago: executing program 0 (id=878): socket$nl_netfilter(0x10, 0x3, 0xc) openat$adsp1(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000240), 0xaaa43, 0x0) ioctl$VIDIOC_QBUF(0xffffffffffffffff, 0xc058565d, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], 0x0, 0x6, 0x6, 0x0, 0x41000, 0x31, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000080)='rpc_stats_latency\x00', r2, 0x0, 0x40000000}, 0x18) sendmsg$netlink(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0) 3m29.921510907s ago: executing program 32 (id=878): socket$nl_netfilter(0x10, 0x3, 0xc) openat$adsp1(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000240), 0xaaa43, 0x0) ioctl$VIDIOC_QBUF(0xffffffffffffffff, 0xc058565d, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], 0x0, 0x6, 0x6, 0x0, 0x41000, 0x31, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000080)='rpc_stats_latency\x00', r2, 0x0, 0x40000000}, 0x18) sendmsg$netlink(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0) 3m14.266147517s ago: executing program 1 (id=673): r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x80000, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000001200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r4 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x1, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000380)={r3, r5, 0x1, 0x0, @void}, 0x10) write(r0, &(0x7f0000000180)="b1f6a4e6086771339298ff93c614cda94476d7b3650dace6ffd148ee98b8cb08591ffc2467faa14e", 0x28) 3m3.864363384s ago: executing program 4 (id=255): openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x7734, 0x80, 0x0, 0x34f}, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r1, 0x47bc, 0x0, 0x0, 0x0, 0x0) 2m40.603794901s ago: executing program 2 (id=981): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'veth0_to_bond\x00'}) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000000)=0x106, 0x4) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000300)={0x8, 0x0, &(0x7f0000000280)=[@register_looper, @enter_looper], 0x0, 0x0, 0x0}) r3 = socket$inet(0x2, 0x3, 0x2) setsockopt(r3, 0x0, 0x6, &(0x7f0000000040), 0x0) bind$inet6(r1, &(0x7f0000f67fe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) socket$inet6(0xa, 0x2, 0x0) r4 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1400"], 0x7c}}, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) write$USERIO_CMD_SEND_INTERRUPT(r4, &(0x7f00000003c0), 0x2) 2m40.271990582s ago: executing program 2 (id=982): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000240)=0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r3 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000240)='wlan0\x00', 0x10) bind$inet(r3, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) connect$inet(r3, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r3, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0) 2m38.74396926s ago: executing program 2 (id=985): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1a00000007"], 0x50) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r3, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1) write$binfmt_misc(r3, &(0x7f0000000000), 0xd) 2m37.159119205s ago: executing program 2 (id=987): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) write(0xffffffffffffffff, &(0x7f0000000340)="41000000010001", 0x7) r1 = syz_open_dev$ttys(0xc, 0x2, 0x1) ioctl$TCFLSH(r1, 0x40045436, 0x1) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000008600)={0x44, 0x2, 0x6, 0x5, 0x0, 0x0, {0x0, 0x0, 0xfffc}, [@IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, 0x0, 0x0) sendmsg$nl_route_sched_retired(0xffffffffffffffff, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_RING_FDS(0xffffffffffffffff, 0x1b, &(0x7f00000042c0), 0x0) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB="38000000090601020000000000000b00000000000900020073797a31000000000500010007000000100007800c00018008000140fffffffe"], 0x38}, 0x1, 0x0, 0x0, 0x10048047}, 0x4000050) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB='8\x00\x00\x00\n'], 0x38}, 0x1, 0x0, 0x0, 0x10048047}, 0x4000050) 2m36.901534382s ago: executing program 2 (id=988): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_HYPERV_EVENTFD(r2, 0xc048aec8, &(0x7f00000005c0)={0xffffffff}) r3 = socket$unix(0x1, 0x2, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) ioctl$TUNSETOFFLOAD(r5, 0x400454d0, 0xb) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x28, r4, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r6}, @val={0xc, 0x99, {0x7ff, 0x70}}}}}, 0x28}, 0x1, 0x0, 0x0, 0x91}, 0x24044884) syz_80211_join_ibss(&(0x7f0000000240)='wlan1\x00', &(0x7f0000000280)=@random="ab57e4", 0x3, 0x0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) 2m35.586172434s ago: executing program 2 (id=992): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)={0x14, 0x25, 0x1, 0x70bd27, 0x25dfdbfc, {0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x40000) 2m25.805745703s ago: executing program 1 (id=673): r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x80000, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000001200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r4 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x1, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000380)={r3, r5, 0x1, 0x0, @void}, 0x10) write(r0, &(0x7f0000000180)="b1f6a4e6086771339298ff93c614cda94476d7b3650dace6ffd148ee98b8cb08591ffc2467faa14e", 0x28) 2m20.464852286s ago: executing program 33 (id=992): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)={0x14, 0x25, 0x1, 0x70bd27, 0x25dfdbfc, {0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x40000) 2m7.656017426s ago: executing program 4 (id=255): openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x7734, 0x80, 0x0, 0x34f}, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r1, 0x47bc, 0x0, 0x0, 0x0, 0x0) 1m43.271909193s ago: executing program 1 (id=673): r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x80000, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000001200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r4 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x1, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000380)={r3, r5, 0x1, 0x0, @void}, 0x10) write(r0, &(0x7f0000000180)="b1f6a4e6086771339298ff93c614cda94476d7b3650dace6ffd148ee98b8cb08591ffc2467faa14e", 0x28) 1m21.120138977s ago: executing program 4 (id=255): openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x7734, 0x80, 0x0, 0x34f}, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r1, 0x47bc, 0x0, 0x0, 0x0, 0x0) 7.682289646s ago: executing program 6 (id=1230): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) timer_create(0xfffffffc, 0x0, 0x0) mount_setattr(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0x1000, 0x0, 0x0) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000340)="d80000001c0081044e81f782db44b904021d080201000000400000a1180002000000000000000e1208000f0100810401a8001600200001400300000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef075c11503c6bbace8017cb090000001fb791", 0x6b}, {&(0x7f0000000500)="12109e71143949c567756f564b826216827f15e1560cb5d1e06c0507f98c804b296299bb95ae1ede20edbf342ba39983366f6dd693d9b82c24cd55a1054a945f8b22dc3d15488ce5954ff2742385d678b423f0963074e350d1a335d4f5ffa71e3e2daf3813ecec6d3b79565f73", 0x6d}], 0x2, 0x0, 0x0, 0x7400}, 0x0) 5.145822332s ago: executing program 6 (id=1234): connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e27, 0xffffffff, @mcast2, 0x5}, 0x1c) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001640)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f42fc3199f000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af735ed41793bdf9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbc68223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f00001000000000eeff7c5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729eec082830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d424c14283a94395b64645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d620100000000000000494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd779a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9b0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000002684c2d8eb8cac98930fa6a893ca44c0f64c07a87eb7b05f56ca6c70cb3a0eb328a15fe96a88235155e6d64bd434f641ddf9db2245e47e5904453577895dd81d"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000400)='rcu_utilization\x00', r0}, 0x18) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r1, &(0x7f0000000100)={0x2, 0x0, @remote}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f00000003c0)='dctcp-reno\x00', 0xb) accept4(r1, 0x0, 0x0, 0x80000) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000004c0)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) 4.820204805s ago: executing program 5 (id=1235): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) r2 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000180)='veth1_to_batadv\x00', 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) ioctl$TCGETA(0xffffffffffffffff, 0x5405, &(0x7f0000000000)) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_MOVE(0x1e, r4, 0xfffffffffffffffb, r4, 0x1) 4.373312637s ago: executing program 3 (id=1237): syz_open_dev$dri(0x0, 0x2, 0x9a402) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, 0x0, &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000fe001800", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000100000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = socket(0x10, 0x3, 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'macvlan0\x00', 0x0}) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x404000, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000180)=ANY=[@ANYBLOB="680000001000030400"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000400012800c0001006d6163766c616e003000028008000100100000001c0005800a000400aaaaaaaaaabb00000a000400aaaaaaaaaa0000000800030003"], 0x68}}, 0x64000004) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f00000001c0)=ANY=[@ANYBLOB="01"]) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuset.effective_mems\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000000), 0xfea7) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r4, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={0xffffffffffffffff, 0xf, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 4.135211567s ago: executing program 3 (id=1238): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x1, 0x0, 0x0, 0x40f00, 0x23, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket(0x10, 0x3, 0x0) write(r3, &(0x7f0000000180)="2000000012005f0214f9f4070000fbe40a0000000000", 0x41d) recvmmsg(r3, &(0x7f00000021c0), 0x5b, 0x40, 0x0) 4.108512411s ago: executing program 6 (id=1239): socketpair$tipc(0x1e, 0x1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000040)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10) r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r5 = getpgrp(0x0) kcmp(r5, r4, 0x2, 0xffffffffffffffff, 0xffffffffffffffff) 3.780040231s ago: executing program 5 (id=1240): socket$nl_netfilter(0x10, 0x3, 0xc) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r1) r2 = socket$inet_udp(0x2, 0x2, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000001080), r1) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r2, {0x2, 0x0, @broadcast}, 0x2}}, 0x2e) r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000021c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002bbd7000fedbdf2505000000080009000200000008000c00aa0a0000060001000500000008000b00"], 0x34}, 0x1, 0x0, 0x0, 0x20008100}, 0x8000) 3.191538908s ago: executing program 5 (id=1241): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0x80280, 0x0) mknod$loop(0x0, 0x20, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff}) r3 = syz_io_uring_setup(0x117, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x3a6}, &(0x7f0000000000)=0x0, &(0x7f0000000200)=0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000000c0)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r2, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x18}, 0x0, 0x20040000, 0x1}) io_uring_enter(r3, 0x47f6, 0x80ffff, 0x0, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 3.079511252s ago: executing program 3 (id=1242): mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000200)='hugetlbfs\x00', 0xa08000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_pidfd_open(0x0, 0x0) fsopen(&(0x7f0000000040)='binder\x00', 0x1) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="380000003e000701fefffffffcffffff017c000008004280040008000c00018006000600800a00001000028009000c"], 0x38}, 0x1, 0x0, 0x0, 0x4000c000}, 0xc000) 2.891362723s ago: executing program 6 (id=1243): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x85}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new user:syz 000000000000000020'], 0x2a, 0xfffffffffffffffc) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) 2.56881272s ago: executing program 5 (id=1244): mkdir(&(0x7f0000000180)='./file1\x00', 0x0) mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0, 0x0) mknodat(r0, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0) chdir(&(0x7f0000000140)='./bus\x00') linkat(r0, &(0x7f0000000100)='./file1\x00', r0, &(0x7f0000000240)='./file0\x00', 0x0) r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) r2 = openat(r1, &(0x7f0000000040)='.\x00', 0x0, 0x0) open(&(0x7f0000000300)='./file1\x00', 0x14907e, 0x2e) unlinkat(0xffffffffffffff9c, &(0x7f0000000c40)='./file1\x00', 0x0) mknodat$loop(r2, &(0x7f0000000100)='./bus\x00', 0x0, 0x0) r3 = open(&(0x7f0000000300)='.\x00', 0x10000, 0x0) renameat2(r3, &(0x7f00000004c0)='./bus\x00', r1, &(0x7f0000000500)='./file0\x00', 0x0) 1.908372239s ago: executing program 3 (id=1245): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000000)={0x7fff, 0x8, 0x100}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000080)={0x2, 0x5, 0x3}) r3 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000340)={0xda2, 0x8166, 0x6}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000200)={0x200, 0x1fb, 0xc38}) r4 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000340)={0x8, 0x8169, 0x6}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000040)={0x49, 0x7fff, 0x4}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000140)={0x86, 0xfff, 0x800}) close_range(r0, 0xffffffffffffffff, 0x0) 1.483065655s ago: executing program 5 (id=1246): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_init_net_socket$ax25(0x3, 0x3, 0x1) ioctl$SIOCAX25ADDUID(r3, 0x89e1, &(0x7f0000000240)={0x3, @bcast, 0xee00}) ioctl$SIOCAX25DELUID(r3, 0x89e2, &(0x7f0000000080)={0x3, @bcast, 0xee00}) 941.483493ms ago: executing program 6 (id=1247): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400), 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340), 0x0, 0x0, 0x0}) connect$phonet_pipe(0xffffffffffffffff, &(0x7f0000000280)={0x23, 0x9, 0x7, 0x7}, 0x10) openat$rtc(0xffffffffffffff9c, &(0x7f0000000240), 0xc0000, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = syz_io_uring_setup(0x10d, &(0x7f0000000380)={0x0, 0x5885, 0x100, 0x0, 0xffeffc03}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) recvmsg(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001580)=""/4090, 0xffa}], 0x1}, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0x40, 0x0, r3, 0x32, &(0x7f00000000c0)=@un=@abs={0x1, 0x0, 0x4e20}}) io_uring_enter(r4, 0x3516, 0x483, 0x0, 0x0, 0x0) 813.53539ms ago: executing program 3 (id=1248): socketpair(0x1, 0x1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) getpid() sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000002080), 0x400800, 0x0) io_submit(0x0, 0x0, &(0x7f0000000180)) syz_memcpy_off$IO_URING_METADATA_FLAGS(0x0, 0x114, 0x0, 0x0, 0x4) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x8a73, 0x100, 0x22, 0x1b7}, &(0x7f0000000300)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r0, r1, 0x0) unshare(0x2a020400) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/cgroup.procs\x00', 0xa000, 0x1da) unshare(0x2000400) read$FUSE(r2, &(0x7f0000000040)={0x2020}, 0x2020) close(r2) 54.481618ms ago: executing program 5 (id=1249): socket$inet(0x2, 0x2, 0x0) bind$rose(0xffffffffffffffff, &(0x7f0000000440)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, 0x1, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}}, 0x1c) socket$inet_mptcp(0x2, 0x1, 0x106) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = syz_io_uring_setup(0x5ce, &(0x7f0000000240)={0x0, 0x7734, 0x80, 0x40000, 0x34f}, &(0x7f00000000c0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2e, 0x0, 0x0, 0x4}]}, 0x10) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0xb2752a96f73d6e14, 0x0, 0x0, 0x0, 0x23456}) io_uring_enter(r1, 0x47bc, 0x0, 0x0, 0x0, 0x0) 32.244781ms ago: executing program 3 (id=1250): openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) add_key(0x0, 0x0, &(0x7f0000000100)="305c0605e182d1447ad1ad83700398d1c7d7982b8f57fb20a3ad", 0x1a, 0xfffffffffffffffe) syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYRES32=0x41424344], 0x0) r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d7", 0x6, 0xfffffffffffffffe) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4800000010000504", @ANYBLOB="ebffffffffffffff280012800b"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = dup(r3) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 0s ago: executing program 6 (id=1251): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.current\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f00000004c0), 0x208e24b) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) writev(r1, &(0x7f0000000640)=[{0x0}, {0x0}], 0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, 0x0) rseq(&(0x7f0000000340), 0x20, 0x0, 0x0) r2 = syz_open_procfs$pagemap(0x0, &(0x7f0000001080)) mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) ioctl$PAGEMAP_SCAN(r2, 0xc0606610, &(0x7f00000001c0)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x42, 0x5c}) futex(0x0, 0x85, 0x0, 0x0, 0x0, 0xa0090199) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) ftruncate(r0, 0x8) kernel console output (not intermixed with test programs): netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 363.919508][ T78] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 364.012372][ T78] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 364.277619][ T78] bridge_slave_1: left allmulticast mode [ 364.284399][ T78] bridge_slave_1: left promiscuous mode [ 364.293598][ T78] bridge0: port 2(bridge_slave_1) entered disabled state [ 364.379924][ T78] bridge_slave_0: left allmulticast mode [ 364.398651][ T78] bridge_slave_0: left promiscuous mode [ 364.404507][ T78] bridge0: port 1(bridge_slave_0) entered disabled state [ 366.706056][ T5832] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 366.715505][ T5832] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 366.723794][ T5832] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 366.732042][ T5832] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 366.739964][ T5832] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 368.390180][ T9347] nullb0: AHDI p1 [ 368.598844][ T78] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 368.699188][ T78] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 368.735012][ T78] bond0 (unregistering): Released all slaves [ 368.792925][ T9048] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 368.798202][ T5827] Bluetooth: hci1: command tx timeout [ 368.941708][ T9048] veth0_vlan: entered promiscuous mode [ 369.011607][ T9048] veth1_vlan: entered promiscuous mode [ 370.868653][ T5827] Bluetooth: hci1: command tx timeout [ 372.054088][ T78] hsr_slave_0: left promiscuous mode [ 372.084266][ T78] hsr_slave_1: left promiscuous mode [ 372.100272][ T78] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 372.138694][ T78] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 372.223253][ T78] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 372.234301][ T78] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 372.303137][ T78] veth1_macvtap: left promiscuous mode [ 372.310534][ T78] veth0_macvtap: left promiscuous mode [ 372.320937][ T78] veth1_vlan: left promiscuous mode [ 372.326558][ T78] veth0_vlan: left promiscuous mode [ 372.948444][ T5827] Bluetooth: hci1: command tx timeout [ 373.143748][ T78] team0 (unregistering): Port device team_slave_1 removed [ 374.309197][ T78] team0 (unregistering): Port device team_slave_0 removed [ 375.021510][ T5827] Bluetooth: hci1: command tx timeout [ 375.598554][ T9048] veth0_macvtap: entered promiscuous mode [ 375.652109][ T9048] veth1_macvtap: entered promiscuous mode [ 375.927358][ T9048] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 375.978699][ T9048] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 376.015651][ T9048] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 376.028275][ T9048] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 376.179967][ T9048] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 376.188906][ T9048] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 376.322062][ T9436] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 377.214163][ T9332] chnl_net:caif_netlink_parms(): no params data found [ 378.766646][ T9447] ecryptfs: Unknown parameter '³(' [ 378.859346][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.604861][ T30] audit: type=1326 audit(1749376655.045:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9450 comm="syz.2.762" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f199c38e929 code=0x7ffc0000 [ 379.669000][ T30] audit: type=1326 audit(1749376655.085:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9450 comm="syz.2.762" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f199c38e929 code=0x7ffc0000 [ 379.722131][ T1011] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 379.728243][ T30] audit: type=1326 audit(1749376655.085:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9450 comm="syz.2.762" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f199c38e929 code=0x7ffc0000 [ 379.754026][ T30] audit: type=1326 audit(1749376655.085:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9450 comm="syz.2.762" exe="/root/syz-executor" sig=0 arch=c000003e syscall=440 compat=0 ip=0x7f199c38e929 code=0x7ffc0000 [ 379.779041][ T1011] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 379.809511][ T30] audit: type=1326 audit(1749376655.085:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9450 comm="syz.2.762" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f199c38e929 code=0x7ffc0000 [ 379.834463][ T30] audit: type=1326 audit(1749376655.085:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9450 comm="syz.2.762" exe="/root/syz-executor" sig=0 arch=c000003e syscall=300 compat=0 ip=0x7f199c38e929 code=0x7ffc0000 [ 379.858919][ T30] audit: type=1326 audit(1749376655.085:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9450 comm="syz.2.762" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f199c38e929 code=0x7ffc0000 [ 379.888833][ T30] audit: type=1326 audit(1749376655.085:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9450 comm="syz.2.762" exe="/root/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7f199c38e929 code=0x7ffc0000 [ 379.948552][ T30] audit: type=1326 audit(1749376655.085:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9450 comm="syz.2.762" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f199c38e929 code=0x7ffc0000 [ 379.994161][ T30] audit: type=1326 audit(1749376655.085:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9450 comm="syz.2.762" exe="/root/syz-executor" sig=0 arch=c000003e syscall=301 compat=0 ip=0x7f199c38e929 code=0x7ffc0000 [ 380.176489][ T9332] bridge0: port 1(bridge_slave_0) entered blocking state [ 380.218759][ T9332] bridge0: port 1(bridge_slave_0) entered disabled state [ 380.226064][ T9332] bridge_slave_0: entered allmulticast mode [ 380.273150][ T9332] bridge_slave_0: entered promiscuous mode [ 380.347424][ T9332] bridge0: port 2(bridge_slave_1) entered blocking state [ 380.537392][ T9332] bridge0: port 2(bridge_slave_1) entered disabled state [ 380.596885][ T9332] bridge_slave_1: entered allmulticast mode [ 380.614386][ T9332] bridge_slave_1: entered promiscuous mode [ 380.741913][ T7734] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 380.762855][ T7734] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 381.771288][ T9332] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 381.814275][ T9332] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 382.259758][ T9332] team0: Port device team_slave_0 added [ 383.283482][ T9332] team0: Port device team_slave_1 added [ 384.923173][ T7740] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 385.006941][ T9332] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 385.023474][ T9332] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 385.051411][ T9332] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 385.113864][ T7740] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 385.150466][ T9332] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 385.168809][ T9332] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 385.231242][ T9332] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 385.360606][ T7740] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 385.417860][ T9503] tipc: Enabling of bearer rejected, failed to enable media [ 385.490122][ T9503] tipc: Started in network mode [ 385.495064][ T9503] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711 [ 385.514981][ T9503] tipc: Enabled bearer , priority 0 [ 385.578011][ T9332] hsr_slave_0: entered promiscuous mode [ 385.593712][ T9332] hsr_slave_1: entered promiscuous mode [ 385.610134][ T9332] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 385.626765][ T9332] Cannot create hsr debugfs directory [ 385.696831][ T7740] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 386.638803][ T5912] tipc: Node number set to 11578026 [ 387.805724][ T9525] netlink: 16 bytes leftover after parsing attributes in process `syz.2.776'. [ 387.974628][ T5832] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 388.025463][ T5832] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 388.049144][ T5832] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 388.058864][ T5832] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 388.073367][ T5832] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 389.402270][ T7740] bridge_slave_1: left allmulticast mode [ 389.411789][ T7740] bridge_slave_1: left promiscuous mode [ 389.420679][ T7740] bridge0: port 2(bridge_slave_1) entered disabled state [ 389.436776][ T7740] bridge_slave_0: left allmulticast mode [ 389.444904][ T7740] bridge_slave_0: left promiscuous mode [ 389.456551][ T7740] bridge0: port 1(bridge_slave_0) entered disabled state [ 390.148775][ T5912] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 390.228987][ T5832] Bluetooth: hci2: command tx timeout [ 390.328591][ T5912] usb 4-1: Using ep0 maxpacket: 32 [ 390.332110][ T7740] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 390.336198][ T5912] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 390.358807][ T7740] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 390.369635][ T7740] bond0 (unregistering): Released all slaves [ 390.380654][ T5912] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 390.390514][ T5912] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 390.406583][ T5912] usb 4-1: Product: syz [ 390.416518][ T5912] usb 4-1: Manufacturer: syz [ 390.421834][ T5912] usb 4-1: SerialNumber: syz [ 390.435250][ T5912] usb 4-1: config 0 descriptor?? [ 390.459876][ T9557] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 390.473408][ T5912] hub 4-1:0.0: bad descriptor, ignoring hub [ 390.499968][ T5912] hub 4-1:0.0: probe with driver hub failed with error -5 [ 390.912478][ T9562] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 390.940348][ T9562] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 391.486388][ T7740] hsr_slave_0: left promiscuous mode [ 391.493296][ T7740] hsr_slave_1: left promiscuous mode [ 391.503110][ T7740] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 391.511121][ T7740] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 391.520688][ T7740] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 391.528598][ T7740] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 391.554890][ T7740] veth1_macvtap: left promiscuous mode [ 391.562140][ T7740] veth0_macvtap: left promiscuous mode [ 391.567881][ T7740] veth1_vlan: left promiscuous mode [ 391.573505][ T7740] veth0_vlan: left promiscuous mode [ 392.153234][ T7740] team0 (unregistering): Port device team_slave_1 removed [ 392.328168][ T5832] Bluetooth: hci2: command tx timeout [ 392.401470][ T7740] team0 (unregistering): Port device team_slave_0 removed [ 392.460385][ T5912] usb 4-1: USB disconnect, device number 6 [ 394.378292][ T5832] Bluetooth: hci2: command tx timeout [ 395.427473][ T9599] netlink: 28 bytes leftover after parsing attributes in process `syz.3.795'. [ 395.609663][ T9598] netlink: 28 bytes leftover after parsing attributes in process `syz.3.795'. [ 395.812073][ T9536] chnl_net:caif_netlink_parms(): no params data found [ 395.902363][ T9332] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 395.940071][ T9332] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 396.055316][ T9332] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 396.133412][ T9332] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 396.214506][ T9606] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 396.229234][ T9606] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 396.266842][ T9536] bridge0: port 1(bridge_slave_0) entered blocking state [ 396.275470][ T9536] bridge0: port 1(bridge_slave_0) entered disabled state [ 396.284612][ T9536] bridge_slave_0: entered allmulticast mode [ 396.293943][ T9536] bridge_slave_0: entered promiscuous mode [ 396.316950][ T9536] bridge0: port 2(bridge_slave_1) entered blocking state [ 396.324278][ T9536] bridge0: port 2(bridge_slave_1) entered disabled state [ 396.332226][ T9536] bridge_slave_1: entered allmulticast mode [ 396.340189][ T9536] bridge_slave_1: entered promiscuous mode [ 396.468843][ T5832] Bluetooth: hci2: command tx timeout [ 397.189085][ T9536] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 397.235553][ T9536] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 397.277751][ T9632] netlink: 8 bytes leftover after parsing attributes in process `syz.2.800'. [ 397.325913][ T9632] dummy0: entered promiscuous mode [ 397.332519][ T9632] gretap0: entered promiscuous mode [ 397.563562][ T9536] team0: Port device team_slave_0 added [ 397.731033][ T9536] team0: Port device team_slave_1 added [ 398.628970][ T9536] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 398.647318][ T9536] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 398.721293][ T9536] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 398.820078][ T9536] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 398.827123][ T9536] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 398.862416][ T9536] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 399.071046][ T9660] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8) [ 399.077898][ T9660] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 399.095129][ T9536] hsr_slave_0: entered promiscuous mode [ 399.104374][ T9536] hsr_slave_1: entered promiscuous mode [ 399.124741][ T9536] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 399.180494][ T9660] vhci_hcd vhci_hcd.0: Device attached [ 399.191587][ T9536] Cannot create hsr debugfs directory [ 399.204065][ T9666] vhci_hcd vhci_hcd.0: pdev(0) rhport(2) sockfd(14) [ 399.210750][ T9666] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 399.238143][ T9663] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(11) [ 399.244821][ T9663] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 399.965866][ T9663] vhci_hcd vhci_hcd.0: Device attached [ 399.996540][ T9666] vhci_hcd vhci_hcd.0: Device attached [ 400.002631][ T5863] vhci_hcd: vhci_device speed not set [ 400.033912][ T9660] vhci_hcd vhci_hcd.0: pdev(0) rhport(3) sockfd(10) [ 400.040632][ T9660] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 400.068419][ T5863] usb 33-1: new full-speed USB device number 2 using vhci_hcd [ 400.147889][ T9660] vhci_hcd vhci_hcd.0: Device attached [ 400.167763][ T5832] Bluetooth: Wrong link type (-71) [ 400.199225][ T9670] vhci_hcd: connection closed [ 400.200530][ T9669] vhci_hcd: connection closed [ 400.205686][ T9661] vhci_hcd: connection reset by peer [ 400.211869][ T1166] vhci_hcd: stop threads [ 400.239383][ T9678] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 400.302579][ T9675] vhci_hcd: connection closed [ 400.326146][ T1166] vhci_hcd: release socket [ 400.366769][ T1166] vhci_hcd: disconnect device [ 400.421194][ T1166] vhci_hcd: stop threads [ 400.435802][ T1166] vhci_hcd: release socket [ 400.466485][ T1166] vhci_hcd: disconnect device [ 400.533438][ T1166] vhci_hcd: stop threads [ 400.537772][ T1166] vhci_hcd: release socket [ 400.595695][ T1166] vhci_hcd: disconnect device [ 400.606098][ T1166] vhci_hcd: stop threads [ 400.610779][ T1166] vhci_hcd: release socket [ 400.615342][ T1166] vhci_hcd: disconnect device [ 401.411331][ T9332] 8021q: adding VLAN 0 to HW filter on device bond0 [ 402.607523][ T9332] 8021q: adding VLAN 0 to HW filter on device team0 [ 402.767187][ T78] bridge0: port 1(bridge_slave_0) entered blocking state [ 402.774437][ T78] bridge0: port 1(bridge_slave_0) entered forwarding state [ 402.794494][ T78] bridge0: port 2(bridge_slave_1) entered blocking state [ 402.801719][ T78] bridge0: port 2(bridge_slave_1) entered forwarding state [ 403.677274][ T9536] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 403.741532][ T9536] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 403.791763][ T9536] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 403.882245][ T9536] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 404.194176][ T9332] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 404.301615][ T9536] 8021q: adding VLAN 0 to HW filter on device bond0 [ 404.563341][ T9536] 8021q: adding VLAN 0 to HW filter on device team0 [ 404.671201][ T1011] bridge0: port 1(bridge_slave_0) entered blocking state [ 404.678455][ T1011] bridge0: port 1(bridge_slave_0) entered forwarding state [ 404.731513][ T1011] bridge0: port 2(bridge_slave_1) entered blocking state [ 404.738743][ T1011] bridge0: port 2(bridge_slave_1) entered forwarding state [ 404.887852][ T9536] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 404.908186][ T9744] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 405.071005][ T9744] usb 1-1: config 0 has an invalid interface number: 109 but max is 0 [ 405.109038][ T9744] usb 1-1: config 0 has no interface number 0 [ 405.168657][ T5863] vhci_hcd: vhci_device speed not set [ 405.186177][ T9744] usb 1-1: config 0 interface 109 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81 [ 405.216647][ T9744] usb 1-1: New USB device found, idVendor=100d, idProduct=cb01, bcdDevice=84.d1 [ 406.068872][ T9744] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 406.080899][ T9744] usb 1-1: config 0 descriptor?? [ 406.093193][ T9744] cxacru 1-1:0.109: cxacru_bind: interface has incorrect endpoints [ 406.101376][ T9744] cxacru 1-1:0.109: usbatm_usb_probe: bind failed: -19! [ 406.214565][ T9332] veth0_vlan: entered promiscuous mode [ 406.287843][ T5933] libceph: connect (1)[c::]:6789 error -101 [ 406.304060][ T5933] libceph: mon0 (1)[c::]:6789 connect error [ 406.313959][ T9332] veth1_vlan: entered promiscuous mode [ 406.324724][ T9744] usb 1-1: USB disconnect, device number 7 [ 406.347202][ T30] kauditd_printk_skb: 8 callbacks suppressed [ 406.347222][ T30] audit: type=1800 audit(1749376681.795:58): pid=9779 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.826" name="bus" dev="ramfs" ino=23381 res=0 errno=0 [ 406.374502][ T9780] ceph: No mds server is up or the cluster is laggy [ 406.434164][ T9332] veth0_macvtap: entered promiscuous mode [ 406.506958][ T9332] veth1_macvtap: entered promiscuous mode [ 406.607400][ T9332] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 406.634526][ T9536] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 406.656407][ T9332] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 406.704339][ T9332] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 406.721629][ T9332] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 406.753343][ T9332] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 406.877153][ T9332] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 408.949733][ T9536] veth0_vlan: entered promiscuous mode [ 409.083077][ T9536] veth1_vlan: entered promiscuous mode [ 409.156480][ T7740] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 409.220067][ T7740] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 409.315935][ T7738] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 409.353842][ T7738] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 409.590464][ T9536] veth0_macvtap: entered promiscuous mode [ 410.552158][ T9536] veth1_macvtap: entered promiscuous mode [ 410.795170][ T9536] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 411.757722][ T9839] netlink: 8 bytes leftover after parsing attributes in process `syz.0.837'. [ 411.778365][ T9839] netlink: 8 bytes leftover after parsing attributes in process `syz.0.837'. [ 411.998792][ T9848] netlink: 16 bytes leftover after parsing attributes in process `syz.3.839'. [ 412.141327][ T9536] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 413.013161][ T7731] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 413.103366][ T9536] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 413.154022][ T9536] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 413.190113][ T9536] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 413.242171][ T9536] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 413.352227][ T7731] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 413.495888][ T7731] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 413.555138][ T7738] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 413.576368][ T7738] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 413.652953][ T7731] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 413.753573][ T7738] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 413.765735][ T7738] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 415.815587][ T7731] bridge_slave_1: left allmulticast mode [ 415.847678][ T7731] bridge_slave_1: left promiscuous mode [ 415.872813][ T7731] bridge0: port 2(bridge_slave_1) entered disabled state [ 415.950487][ T7731] bridge_slave_0: left allmulticast mode [ 415.956303][ T7731] bridge_slave_0: left promiscuous mode [ 415.991921][ T7731] bridge0: port 1(bridge_slave_0) entered disabled state [ 416.221196][ T5827] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 416.232024][ T5827] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 416.241966][ T5827] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 416.251890][ T5827] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 416.261351][ T5827] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 417.296435][ T9906] syz.3.848: attempt to access beyond end of device [ 417.296435][ T9906] nbd3: rw=0, sector=64, nr_sectors = 2 limit=0 [ 417.462094][ T9906] syz.3.848: attempt to access beyond end of device [ 417.462094][ T9906] nbd3: rw=0, sector=512, nr_sectors = 2 limit=0 [ 417.560770][ T9906] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 417.613728][ T9906] syz.3.848: attempt to access beyond end of device [ 417.613728][ T9906] nbd3: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 417.729409][ T9906] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 417.740739][ T9906] syz.3.848: attempt to access beyond end of device [ 417.740739][ T9906] nbd3: rw=0, sector=64, nr_sectors = 4 limit=0 [ 417.755652][ T9906] syz.3.848: attempt to access beyond end of device [ 417.755652][ T9906] nbd3: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 417.768766][ T9906] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 417.778514][ T9906] syz.3.848: attempt to access beyond end of device [ 417.778514][ T9906] nbd3: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 417.792988][ T9906] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 417.866307][ T9906] syz.3.848: attempt to access beyond end of device [ 417.866307][ T9906] nbd3: rw=0, sector=64, nr_sectors = 8 limit=0 [ 417.913717][ T9906] syz.3.848: attempt to access beyond end of device [ 417.913717][ T9906] nbd3: rw=0, sector=2048, nr_sectors = 8 limit=0 [ 418.502046][ T5827] Bluetooth: hci1: command tx timeout [ 418.818886][ T9906] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256 [ 418.834883][ T9906] syz.3.848: attempt to access beyond end of device [ 418.834883][ T9906] nbd3: rw=0, sector=4096, nr_sectors = 8 limit=0 [ 418.876605][ T9906] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512 [ 418.929807][ T9906] UDF-fs: warning (device nbd3): udf_fill_super: No partition found (1) [ 420.307188][ T5832] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 420.317258][ T5832] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 420.325579][ T5832] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 420.334481][ T5832] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 420.439167][ T5832] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 420.921866][ T5827] Bluetooth: hci1: command tx timeout [ 422.531801][ T7731] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 422.545811][ T5827] Bluetooth: hci2: command tx timeout [ 422.803146][ T7731] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 423.073822][ T5827] Bluetooth: hci1: command tx timeout [ 423.242376][ T7731] bond0 (unregistering): Released all slaves [ 424.505549][ T7731] hsr_slave_0: left promiscuous mode [ 424.578405][ T7731] hsr_slave_1: left promiscuous mode [ 424.596911][ T7731] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 424.619336][ T5827] Bluetooth: hci2: command tx timeout [ 424.642208][ T7731] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 424.679380][ T7731] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 424.695537][ T7731] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 424.788302][ T7731] veth1_macvtap: left promiscuous mode [ 424.796831][ T7731] veth0_macvtap: left promiscuous mode [ 424.803270][ T7731] veth1_vlan: left promiscuous mode [ 424.808973][ T7731] veth0_vlan: left promiscuous mode [ 425.152548][ T5827] Bluetooth: hci1: command tx timeout [ 426.676467][T10014] hfsplus: unable to find HFS+ superblock [ 426.699801][ T5827] Bluetooth: hci2: command tx timeout [ 427.451685][ T7731] team0 (unregistering): Port device team_slave_1 removed [ 427.846223][ T5933] IPVS: starting estimator thread 0... [ 427.978983][T10030] IPVS: using max 20 ests per chain, 48000 per kthread [ 428.552517][ T7731] team0 (unregistering): Port device team_slave_0 removed [ 428.779090][ T5827] Bluetooth: hci2: command tx timeout [ 431.437791][ T9941] chnl_net:caif_netlink_parms(): no params data found [ 431.556506][ T9892] chnl_net:caif_netlink_parms(): no params data found [ 431.820708][ T9941] bridge0: port 1(bridge_slave_0) entered blocking state [ 431.837207][ T9941] bridge0: port 1(bridge_slave_0) entered disabled state [ 431.846470][ T9941] bridge_slave_0: entered allmulticast mode [ 431.862019][ T9941] bridge_slave_0: entered promiscuous mode [ 431.955115][ T9941] bridge0: port 2(bridge_slave_1) entered blocking state [ 431.976206][ T9941] bridge0: port 2(bridge_slave_1) entered disabled state [ 431.997338][ T9941] bridge_slave_1: entered allmulticast mode [ 432.024528][ T9941] bridge_slave_1: entered promiscuous mode [ 432.156751][ T7731] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 432.217091][T10075] Set syz0 is full, maxelem 0 reached [ 432.372893][ T9892] bridge0: port 1(bridge_slave_0) entered blocking state [ 432.399534][ T9892] bridge0: port 1(bridge_slave_0) entered disabled state [ 432.407005][ T9892] bridge_slave_0: entered allmulticast mode [ 432.416024][ T9892] bridge_slave_0: entered promiscuous mode [ 433.605349][ T9941] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 433.619447][ T9892] bridge0: port 2(bridge_slave_1) entered blocking state [ 433.644224][ T9892] bridge0: port 2(bridge_slave_1) entered disabled state [ 433.700761][ T9892] bridge_slave_1: entered allmulticast mode [ 433.880584][ T9892] bridge_slave_1: entered promiscuous mode [ 434.490221][ T7731] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 434.659897][T10096] netlink: 16 bytes leftover after parsing attributes in process `syz.3.882'. [ 435.590246][ T9941] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 436.432702][ T9892] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 436.657835][ T7731] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 437.526046][ T9892] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 437.648713][T10107] netlink: 'syz.3.886': attribute type 16 has an invalid length. [ 437.658370][T10107] netlink: 'syz.3.886': attribute type 17 has an invalid length. [ 438.300153][ T9941] team0: Port device team_slave_0 added [ 438.323800][ T7731] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 438.899918][ T9892] team0: Port device team_slave_0 added [ 438.923576][ T9941] team0: Port device team_slave_1 added [ 439.157893][ T9892] team0: Port device team_slave_1 added [ 439.731253][ T9941] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 439.739856][ T9941] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 439.766790][ T9941] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 439.872531][ T9941] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 439.881194][ T9941] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 439.919399][ T9941] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 439.938791][ T9892] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 439.945801][ T9892] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 439.982217][ T9892] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 440.238710][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.347862][ T9892] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 440.360463][ T9892] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 440.386667][ T9892] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 440.502596][ T9941] hsr_slave_0: entered promiscuous mode [ 440.513503][ T9941] hsr_slave_1: entered promiscuous mode [ 440.523128][ T9941] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 440.536100][ T9941] Cannot create hsr debugfs directory [ 440.599737][ T7731] bridge_slave_1: left allmulticast mode [ 440.605455][ T7731] bridge_slave_1: left promiscuous mode [ 440.613375][ T7731] bridge0: port 2(bridge_slave_1) entered disabled state [ 440.632034][ T7731] bridge_slave_0: left allmulticast mode [ 440.637756][ T7731] bridge_slave_0: left promiscuous mode [ 440.645198][ T7731] bridge0: port 1(bridge_slave_0) entered disabled state [ 441.062737][T10142] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 441.070082][T10142] IPv6: NLM_F_CREATE should be set when creating new route [ 441.251740][ T7731] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 441.298875][ T7731] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 441.321174][ T7731] bond0 (unregistering): Released all slaves [ 441.449423][ T9892] hsr_slave_0: entered promiscuous mode [ 441.456586][ T9892] hsr_slave_1: entered promiscuous mode [ 441.488230][ T5933] usb 4-1: new full-speed USB device number 7 using dummy_hcd [ 441.519804][ T9892] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 441.537130][ T9892] Cannot create hsr debugfs directory [ 441.587582][T10142] lo: entered allmulticast mode [ 441.599840][T10142] tunl0: entered allmulticast mode [ 441.613563][T10142] gre0: entered allmulticast mode [ 441.636927][T10142] gretap0: entered allmulticast mode [ 441.660385][T10142] bridge0: port 4(erspan0) entered disabled state [ 441.669125][T10142] ip_vti0: entered allmulticast mode [ 441.676783][ T5933] usb 4-1: config 7 has an invalid interface number: 109 but max is 0 [ 441.689293][ T5933] usb 4-1: config 7 has no interface number 0 [ 441.695807][ T5933] usb 4-1: config 7 interface 109 altsetting 4 endpoint 0x3 has an invalid bInterval 0, changing to 10 [ 441.697320][T10142] ip6_vti0: entered allmulticast mode [ 441.713748][ T5933] usb 4-1: config 7 interface 109 altsetting 4 endpoint 0x3 has invalid maxpacket 512, setting to 64 [ 441.725126][ T5933] usb 4-1: config 7 interface 109 altsetting 4 endpoint 0x2 has invalid maxpacket 512, setting to 64 [ 441.729959][T10142] sit0: entered allmulticast mode [ 441.742965][ T5933] usb 4-1: config 7 interface 109 altsetting 4 endpoint 0x8 has invalid wMaxPacketSize 0 [ 441.754972][ T5933] usb 4-1: config 7 interface 109 altsetting 4 has 4 endpoint descriptors, different from the interface descriptor's value: 5 [ 441.760307][T10142] ip6tnl0: entered allmulticast mode [ 441.775561][ T5933] usb 4-1: config 7 interface 109 has no altsetting 0 [ 441.787830][ T5933] usb 4-1: New USB device found, idVendor=1965, idProduct=0018, bcdDevice=d9.4d [ 441.801231][ T5933] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 441.816614][T10142] ip6gre0: entered allmulticast mode [ 441.826023][ T5933] usb 4-1: Product: syz [ 441.845063][ T5933] usb 4-1: Manufacturer: syz [ 441.851623][T10142] syz_tun: entered allmulticast mode [ 441.867063][ T5933] usb 4-1: SerialNumber: syz [ 441.875090][T10142] ip6gretap0: entered allmulticast mode [ 441.890481][T10142] bridge0: port 3(netdevsim2) entered disabled state [ 441.897450][T10142] bridge0: port 2(bridge_slave_1) entered disabled state [ 441.904921][T10142] bridge0: port 1(bridge_slave_0) entered disabled state [ 441.918734][T10146] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 442.173644][T10142] bridge0: entered allmulticast mode [ 442.186724][T10142] vcan0: entered allmulticast mode [ 442.205628][T10142] bond0: entered allmulticast mode [ 442.215384][T10142] bond_slave_0: entered allmulticast mode [ 442.223974][T10142] bond_slave_1: entered allmulticast mode [ 442.234901][T10142] mac80211_hwsim hwsim11 wlan1: entered allmulticast mode [ 442.281313][T10142] tipc: Resetting bearer [ 442.292689][T10142] team0: entered allmulticast mode [ 442.297985][T10142] team_slave_0: entered allmulticast mode [ 442.309873][T10142] dummy0: entered allmulticast mode [ 442.323018][T10142] nlmon0: entered allmulticast mode [ 442.332658][T10142] caif0: entered allmulticast mode [ 442.340130][T10142] batadv0: entered allmulticast mode [ 442.354165][T10142] veth0: entered allmulticast mode [ 442.366533][T10142] veth1: entered allmulticast mode [ 442.381930][T10142] wg0: entered allmulticast mode [ 442.399087][T10142] wg1: entered allmulticast mode [ 442.415759][T10142] wg2: entered allmulticast mode [ 442.424851][T10142] veth0_to_bridge: entered allmulticast mode [ 442.443058][T10142] veth1_to_bridge: entered allmulticast mode [ 442.461236][T10142] veth0_to_bond: entered allmulticast mode [ 442.477571][T10142] veth1_to_bond: entered allmulticast mode [ 442.493053][T10142] veth0_to_team: entered allmulticast mode [ 442.532552][T10142] veth0_to_batadv: entered allmulticast mode [ 442.543949][T10142] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 442.552618][T10142] batadv_slave_0: entered allmulticast mode [ 442.562323][T10142] veth1_to_batadv: entered allmulticast mode [ 442.572082][T10142] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 442.580504][T10142] batadv_slave_1: entered allmulticast mode [ 442.590502][T10142] xfrm0: entered allmulticast mode [ 442.599094][T10142] veth0_to_hsr: entered allmulticast mode [ 442.607553][T10142] hsr_slave_0: entered allmulticast mode [ 442.617120][T10142] veth1_to_hsr: entered allmulticast mode [ 442.626890][T10142] hsr_slave_1: entered allmulticast mode [ 442.635701][T10142] hsr0: entered allmulticast mode [ 442.645178][T10142] veth1_virt_wifi: entered allmulticast mode [ 442.657374][T10142] veth0_virt_wifi: entered allmulticast mode [ 442.667111][T10142] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 442.676468][T10142] veth1_vlan: entered allmulticast mode [ 442.685788][T10142] veth0_vlan: entered allmulticast mode [ 442.703541][T10142] vlan0: entered allmulticast mode [ 442.709209][T10142] vlan1: entered allmulticast mode [ 442.715276][T10142] macvlan0: entered allmulticast mode [ 442.724576][T10142] macvlan1: entered allmulticast mode [ 442.733640][T10142] ipvlan0: entered allmulticast mode [ 442.740660][T10142] ipvlan1: entered allmulticast mode [ 442.746973][T10142] veth1_macvtap: entered allmulticast mode [ 442.756182][T10142] veth0_macvtap: entered allmulticast mode [ 442.766338][T10142] macvtap0: entered allmulticast mode [ 442.776283][T10142] macsec0: entered allmulticast mode [ 442.786311][T10142] geneve0: entered allmulticast mode [ 442.795129][T10142] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 442.805111][T10142] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 442.814261][T10142] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 442.824269][T10142] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 442.833700][T10142] geneve1: entered allmulticast mode [ 442.843486][T10142] netdevsim netdevsim2 netdevsim0: entered allmulticast mode [ 442.853602][T10142] netdevsim netdevsim2 netdevsim1: entered allmulticast mode [ 442.867480][T10142] netdevsim netdevsim2 netdevsim3: entered allmulticast mode [ 442.888829][T10142] mac80211_hwsim hwsim9 wlan0: entered allmulticast mode [ 442.906625][T10142] bond1: entered allmulticast mode [ 442.912062][T10142] geneve2: entered allmulticast mode [ 442.922353][T10142] netdevsim netdevsim2 netdevsim0: unset [1, 1] type 2 family 0 port 20000 - 0 [ 442.932260][T10142] netdevsim netdevsim2 netdevsim1: unset [1, 1] type 2 family 0 port 20000 - 0 [ 442.941688][T10142] netdevsim netdevsim2 netdevsim2: unset [1, 1] type 2 family 0 port 20000 - 0 [ 442.950900][T10142] netdevsim netdevsim2 netdevsim3: unset [1, 1] type 2 family 0 port 20000 - 0 [ 442.962361][T10142] bridge1: entered allmulticast mode [ 442.972978][T10142] mac80211_hwsim hwsim20 wlan2: entered allmulticast mode [ 442.983211][T10142] hsr1: entered allmulticast mode [ 442.991917][T10142] mac80211_hwsim hwsim25 wlan3: entered allmulticast mode [ 443.324181][ T7731] hsr_slave_0: left promiscuous mode [ 443.334305][ T7731] hsr_slave_1: left promiscuous mode [ 443.345765][ T7731] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 443.353453][ T7731] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 443.362271][ T7731] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 443.369872][ T7731] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 443.401587][ T7731] veth1_macvtap: left promiscuous mode [ 443.407282][ T7731] veth0_macvtap: left promiscuous mode [ 443.413380][ T7731] veth1_vlan: left promiscuous mode [ 443.419448][ T7731] veth0_vlan: left promiscuous mode [ 444.023386][ T7731] team0 (unregistering): Port device team_slave_1 removed [ 444.102582][ T7731] team0 (unregistering): Port device team_slave_0 removed [ 444.169832][ T5933] usbhid 4-1:7.109: couldn't find an input interrupt endpoint [ 444.197160][ T5933] usb 4-1: USB disconnect, device number 7 [ 449.752065][ T5832] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 449.766870][ T5832] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 449.775705][ T5832] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 449.790508][ T5832] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 449.798716][ T5832] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 451.868177][ T5832] Bluetooth: hci5: command tx timeout [ 451.988567][ T9941] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 452.126536][ T9941] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 453.004189][ T9941] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 453.505769][ T9941] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 453.898673][ T5832] Bluetooth: hci5: command tx timeout [ 455.979680][ T5832] Bluetooth: hci5: command tx timeout [ 455.983116][T10209] chnl_net:caif_netlink_parms(): no params data found [ 456.238403][ T30] audit: type=1326 audit(1749376731.665:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10260 comm="syz.2.912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f199c38e929 code=0x7fc00000 [ 456.746984][T10209] bridge0: port 1(bridge_slave_0) entered blocking state [ 456.754785][T10209] bridge0: port 1(bridge_slave_0) entered disabled state [ 456.763404][T10209] bridge_slave_0: entered allmulticast mode [ 456.772065][T10209] bridge_slave_0: entered promiscuous mode [ 456.781962][T10209] bridge0: port 2(bridge_slave_1) entered blocking state [ 456.792131][T10209] bridge0: port 2(bridge_slave_1) entered disabled state [ 456.800843][T10209] bridge_slave_1: entered allmulticast mode [ 456.809068][T10209] bridge_slave_1: entered promiscuous mode [ 456.833330][ T30] audit: type=1326 audit(1749376732.285:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10260 comm="syz.2.912" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f199c38e929 code=0x7fc00000 [ 456.873082][ T9941] 8021q: adding VLAN 0 to HW filter on device bond0 [ 456.961712][ T9892] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 456.973115][ T9892] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 456.984513][ T9892] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 456.995725][ T9892] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 457.076424][T10209] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 457.112641][ T9941] 8021q: adding VLAN 0 to HW filter on device team0 [ 457.143373][T10209] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 457.513726][ T9941] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 457.525595][ T9941] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 457.873526][T10209] team0: Port device team_slave_0 added [ 457.887445][T10209] team0: Port device team_slave_1 added [ 457.974723][ T7738] bridge0: port 1(bridge_slave_0) entered blocking state [ 457.982048][ T7738] bridge0: port 1(bridge_slave_0) entered forwarding state [ 458.016590][ T7738] bridge0: port 2(bridge_slave_1) entered blocking state [ 458.024163][ T7738] bridge0: port 2(bridge_slave_1) entered forwarding state [ 458.109494][ T5832] Bluetooth: hci5: command tx timeout [ 458.225827][T10209] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 458.257693][T10209] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 458.291594][T10209] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 458.306928][T10209] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 458.314637][T10209] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 458.994478][T10209] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 459.166739][T10209] hsr_slave_0: entered promiscuous mode [ 459.184919][T10209] hsr_slave_1: entered promiscuous mode [ 459.195714][T10209] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 459.208992][T10209] Cannot create hsr debugfs directory [ 459.276211][ T9941] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 459.353778][ T9941] veth0_vlan: entered promiscuous mode [ 459.381936][ T9941] veth1_vlan: entered promiscuous mode [ 459.435980][ T9892] 8021q: adding VLAN 0 to HW filter on device bond0 [ 460.443315][ T9892] 8021q: adding VLAN 0 to HW filter on device team0 [ 460.566638][ T78] bridge0: port 1(bridge_slave_0) entered blocking state [ 460.573922][ T78] bridge0: port 1(bridge_slave_0) entered forwarding state [ 460.616337][ T9941] veth0_macvtap: entered promiscuous mode [ 460.655855][ T78] bridge0: port 2(bridge_slave_1) entered blocking state [ 460.663114][ T78] bridge0: port 2(bridge_slave_1) entered forwarding state [ 460.704961][ T9941] veth1_macvtap: entered promiscuous mode [ 460.953890][ T9941] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 460.985473][ T9941] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 461.027140][T10209] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 461.042355][ T9941] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 461.052401][ T9941] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 461.061498][ T9941] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 461.070793][ T9941] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 461.083353][T10209] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 461.121163][T10209] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 461.152758][T10209] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 461.334299][ T7738] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 461.356193][ T7738] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 461.436069][ T78] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 461.471875][ T78] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 462.634625][T10209] 8021q: adding VLAN 0 to HW filter on device bond0 [ 463.395567][ T9892] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 463.485982][T10209] 8021q: adding VLAN 0 to HW filter on device team0 [ 463.637050][ T7738] bridge0: port 1(bridge_slave_0) entered blocking state [ 463.644305][ T7738] bridge0: port 1(bridge_slave_0) entered forwarding state [ 463.731546][ T7731] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 463.775281][ T78] bridge0: port 2(bridge_slave_1) entered blocking state [ 463.782614][ T78] bridge0: port 2(bridge_slave_1) entered forwarding state [ 463.971230][ T7731] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 464.070946][T10209] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 464.225615][ T7731] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 464.344442][ T9892] veth0_vlan: entered promiscuous mode [ 464.396196][ T9892] veth1_vlan: entered promiscuous mode [ 464.486379][ T7731] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 464.607859][T10209] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 464.647752][ T9892] veth0_macvtap: entered promiscuous mode [ 464.690224][ T9892] veth1_macvtap: entered promiscuous mode [ 464.854939][ T9892] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 464.927794][ T9892] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 464.987691][ T7731] bridge_slave_1: left allmulticast mode [ 465.000892][ T7731] bridge_slave_1: left promiscuous mode [ 465.020480][ T7731] bridge0: port 2(bridge_slave_1) entered disabled state [ 465.259404][ T7731] bridge_slave_0: left allmulticast mode [ 465.265149][ T7731] bridge_slave_0: left promiscuous mode [ 465.278320][ T7731] bridge0: port 1(bridge_slave_0) entered disabled state [ 465.351291][ T5827] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 465.367719][ T5827] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 465.377646][ T5827] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 465.393782][ T5827] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 465.403364][ T5827] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 465.522491][T10359] xt_hashlimit: max too large, truncated to 1048576 [ 466.511875][ T7731] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 466.530563][ T7731] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 466.556920][ T7731] bond0 (unregistering): Released all slaves [ 466.620249][ T9892] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 466.648684][ T9892] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 466.657558][ T9892] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 466.666497][ T9892] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 466.694546][T10367] netlink: 'syz.2.931': attribute type 10 has an invalid length. [ 466.734753][T10366] warning: `syz.2.931' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 467.660544][ T5827] Bluetooth: hci2: command tx timeout [ 468.307011][ T6960] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 468.336230][ T6960] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 468.449306][ T7749] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 468.469016][ T7749] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 468.504169][ T7731] hsr_slave_0: left promiscuous mode [ 468.513430][ T7731] hsr_slave_1: left promiscuous mode [ 468.520127][ T7731] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 468.528086][ T7731] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 468.542444][ T7731] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 468.550404][ T7731] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 468.671475][ T7731] veth1_macvtap: left promiscuous mode [ 468.677257][ T7731] veth0_macvtap: left promiscuous mode [ 468.736980][ T7731] veth1_vlan: left promiscuous mode [ 468.763273][ T7731] veth0_vlan: left promiscuous mode [ 469.385117][T10389] netlink: 'syz.2.943': attribute type 1 has an invalid length. [ 469.738313][ T5827] Bluetooth: hci2: command tx timeout [ 470.826200][ T7731] team0 (unregistering): Port device team_slave_1 removed [ 470.906369][ T7731] team0 (unregistering): Port device team_slave_0 removed [ 471.818235][ T5827] Bluetooth: hci2: command tx timeout [ 472.511299][T10389] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR [ 472.546100][T10392] vlan2: entered allmulticast mode [ 472.610835][T10416] 8021q: adding VLAN 0 to HW filter on device bond0 [ 472.650452][T10416] bond0: (slave rose0): Enslaving as an active interface with an up link [ 472.961526][T10209] veth0_vlan: entered promiscuous mode [ 473.594787][T10356] chnl_net:caif_netlink_parms(): no params data found [ 473.770501][T10209] veth1_vlan: entered promiscuous mode [ 473.908256][ T5827] Bluetooth: hci2: command tx timeout [ 474.214715][T10356] bridge0: port 1(bridge_slave_0) entered blocking state [ 474.240539][T10356] bridge0: port 1(bridge_slave_0) entered disabled state [ 474.256031][T10356] bridge_slave_0: entered allmulticast mode [ 474.274272][T10356] bridge_slave_0: entered promiscuous mode [ 474.318609][T10356] bridge0: port 2(bridge_slave_1) entered blocking state [ 474.325832][T10356] bridge0: port 2(bridge_slave_1) entered disabled state [ 474.347167][T10356] bridge_slave_1: entered allmulticast mode [ 474.371248][T10356] bridge_slave_1: entered promiscuous mode [ 474.496164][T10209] veth0_macvtap: entered promiscuous mode [ 474.528704][T10356] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 474.654464][ T7749] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 474.677142][T10209] veth1_macvtap: entered promiscuous mode [ 474.693055][T10356] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 474.764646][ T7749] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 474.852845][ T7749] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 474.896082][T10209] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 474.949491][T10209] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 474.989619][ T7749] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 475.045021][T10356] team0: Port device team_slave_0 added [ 475.065191][T10209] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 475.097882][T10209] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 475.124693][T10209] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 475.149494][T10209] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 475.172334][T10356] team0: Port device team_slave_1 added [ 476.018754][T10356] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 476.025775][T10356] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 476.194287][T10356] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 476.227744][T10356] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 476.235972][T10356] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 476.278731][T10356] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 476.491720][T10356] hsr_slave_0: entered promiscuous mode [ 476.513358][T10356] hsr_slave_1: entered promiscuous mode [ 476.676283][T10356] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 476.685101][T10356] Cannot create hsr debugfs directory [ 477.715216][ T5933] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 477.885257][ T5933] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 477.895141][ T5933] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 477.904934][ T5832] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 477.917371][ T5832] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 477.927448][ T5933] usb 4-1: config 0 descriptor?? [ 477.934431][ T5832] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 477.944802][ T5933] cp210x 4-1:0.0: cp210x converter detected [ 477.951787][ T5832] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 477.968800][ T5832] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 478.204694][ T78] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 478.223983][ T7749] bridge_slave_1: left allmulticast mode [ 478.242399][ T7749] bridge_slave_1: left promiscuous mode [ 478.248829][ T78] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 478.258428][ T7749] bridge0: port 2(bridge_slave_1) entered disabled state [ 478.280562][ T7749] bridge_slave_0: left allmulticast mode [ 478.286379][ T7749] bridge_slave_0: left promiscuous mode [ 478.297655][ T7749] bridge0: port 1(bridge_slave_0) entered disabled state [ 478.354517][ T5933] cp210x 4-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 478.915753][ T5933] usb 4-1: cp210x converter now attached to ttyUSB0 [ 478.973723][ T5933] usb 4-1: USB disconnect, device number 8 [ 479.017621][ T5933] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 479.148335][ T5933] cp210x 4-1:0.0: device disconnected [ 479.696505][ T7749] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 479.724196][ T7749] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 479.737169][ T7749] bond0 (unregistering): Released all slaves [ 479.832133][ T7734] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 479.902570][ T7734] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 480.112550][ T5832] Bluetooth: hci1: command tx timeout [ 482.176260][ T5832] Bluetooth: hci1: command tx timeout [ 482.566553][ T7749] hsr_slave_0: left promiscuous mode [ 482.596260][ T7749] hsr_slave_1: left promiscuous mode [ 482.603905][ T7749] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 482.787899][ T7749] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 482.796596][ T7749] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 482.804568][ T7749] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 482.837673][ T7749] veth1_macvtap: left promiscuous mode [ 482.843847][ T7749] veth0_macvtap: left promiscuous mode [ 482.850240][ T7749] veth1_vlan: left promiscuous mode [ 482.855696][ T7749] veth0_vlan: left promiscuous mode [ 484.228194][ T5832] Bluetooth: hci1: command tx timeout [ 486.574445][ T5832] Bluetooth: hci1: command tx timeout [ 487.227008][T10579] netlink: 100 bytes leftover after parsing attributes in process `syz.5.964'. [ 489.829459][ T7749] team0 (unregistering): Port device team_slave_1 removed [ 489.968891][ T7749] team0 (unregistering): Port device team_slave_0 removed [ 493.177505][T10507] chnl_net:caif_netlink_parms(): no params data found [ 495.189551][T10642] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma? [ 495.379215][T10643] netlink: 8 bytes leftover after parsing attributes in process `syz.5.977'. [ 495.388639][T10643] netlink: 8 bytes leftover after parsing attributes in process `syz.5.977'. [ 495.815847][T10507] bridge0: port 1(bridge_slave_0) entered blocking state [ 495.829527][T10507] bridge0: port 1(bridge_slave_0) entered disabled state [ 495.842519][T10507] bridge_slave_0: entered allmulticast mode [ 495.869597][T10507] bridge_slave_0: entered promiscuous mode [ 495.911256][T10507] bridge0: port 2(bridge_slave_1) entered blocking state [ 495.943405][T10507] bridge0: port 2(bridge_slave_1) entered disabled state [ 495.977030][T10507] bridge_slave_1: entered allmulticast mode [ 495.999752][T10507] bridge_slave_1: entered promiscuous mode [ 496.116282][T10507] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 496.133014][T10507] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 496.221313][T10507] team0: Port device team_slave_0 added [ 496.267202][T10507] team0: Port device team_slave_1 added [ 497.226845][T10507] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 497.275837][T10507] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 497.375722][T10507] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 497.854183][T10507] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 498.168191][T10507] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 498.827006][T10507] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 500.597785][T10356] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 500.944528][T10507] hsr_slave_0: entered promiscuous mode [ 501.328470][T10507] hsr_slave_1: entered promiscuous mode [ 501.677784][T10507] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 501.688481][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.707962][T10693] netlink: 'syz.2.988': attribute type 10 has an invalid length. [ 501.720697][T10507] Cannot create hsr debugfs directory [ 501.734373][T10356] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 501.779734][T10356] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 501.871283][T10356] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 501.995514][ T7740] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 502.017931][ T7740] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 502.993423][ T5886] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 503.234448][ T5886] usb 6-1: Using ep0 maxpacket: 16 [ 503.380083][ T5886] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 65, using maximum allowed: 30 [ 503.413824][ T5886] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 503.462767][ T5886] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 65 [ 503.510210][ T5886] usb 6-1: New USB device found, idVendor=0419, idProduct=0001, bcdDevice= 0.00 [ 503.788105][ T5886] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 503.899259][ T5886] usb 6-1: config 0 descriptor?? [ 504.367833][T10356] 8021q: adding VLAN 0 to HW filter on device bond0 [ 504.510514][T10356] 8021q: adding VLAN 0 to HW filter on device team0 [ 504.526895][ T5886] samsung 0003:0419:0001.0004: unknown main item tag 0x0 [ 504.553619][ T5886] samsung 0003:0419:0001.0004: unknown main item tag 0x0 [ 504.562869][ T5886] samsung 0003:0419:0001.0004: unknown main item tag 0x0 [ 504.572013][ T5886] samsung 0003:0419:0001.0004: unknown main item tag 0x0 [ 504.599743][ T5886] samsung 0003:0419:0001.0004: hidraw0: USB HID v0.00 Device [HID 0419:0001] on usb-dummy_hcd.5-1/input0 [ 504.710049][ T7738] bridge0: port 1(bridge_slave_0) entered blocking state [ 504.717277][ T7738] bridge0: port 1(bridge_slave_0) entered forwarding state [ 504.777106][ T5886] usb 6-1: USB disconnect, device number 2 [ 504.790906][ T6960] bridge0: port 2(bridge_slave_1) entered blocking state [ 504.798149][ T6960] bridge0: port 2(bridge_slave_1) entered forwarding state [ 505.760303][T10507] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 505.805244][T10507] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 505.877213][T10507] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 505.939021][T10507] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 506.157237][T10755] hub 1-0:1.0: USB hub found [ 506.185017][T10356] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 506.193968][T10755] hub 1-0:1.0: 1 port detected [ 506.445273][T10356] veth0_vlan: entered promiscuous mode [ 506.484841][T10356] veth1_vlan: entered promiscuous mode [ 507.569568][T10507] 8021q: adding VLAN 0 to HW filter on device bond0 [ 508.036012][T10778] cgroup: fork rejected by pids controller in /syz5 [ 508.422369][T10507] 8021q: adding VLAN 0 to HW filter on device team0 [ 508.657306][T10356] veth0_macvtap: entered promiscuous mode [ 508.930566][ T5832] Bluetooth: hci5: command tx timeout [ 509.000976][T10356] veth1_macvtap: entered promiscuous mode [ 509.053280][ T6960] bridge0: port 1(bridge_slave_0) entered blocking state [ 509.060444][ T6960] bridge0: port 1(bridge_slave_0) entered forwarding state [ 509.150200][ T6960] bridge0: port 2(bridge_slave_1) entered blocking state [ 509.157430][ T6960] bridge0: port 2(bridge_slave_1) entered forwarding state [ 509.395657][T10356] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 509.864066][T10356] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 510.250946][T10356] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 510.282218][T10356] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 510.308458][T10356] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 510.327954][T10356] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 510.761620][ T6960] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 510.793255][ T6960] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 510.927933][ T7734] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 510.942969][ T7734] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 511.396802][T11010] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1007'. [ 512.033739][ T6198] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 512.182986][T10507] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 512.336575][ T6198] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 512.348590][ T5933] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 512.530004][ T5933] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 512.539672][ T5933] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 512.573584][ T5933] usb 4-1: config 0 descriptor?? [ 512.579392][ T6198] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 512.687176][ T6198] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 512.807480][ T5933] udl 4-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 512.842889][ T5933] [drm:udl_init] *ERROR* Selecting channel failed [ 512.886333][ T5933] [drm] Initialized udl 0.0.1 for 4-1:0.0 on minor 2 [ 512.934006][ T5933] [drm] Initialized udl on minor 2 [ 512.963904][ T5933] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 513.005042][ T5933] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 513.018525][ T6198] bridge_slave_1: left allmulticast mode [ 513.024938][ T6198] bridge_slave_1: left promiscuous mode [ 513.043027][ T5919] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 513.054814][ T5933] usb 4-1: USB disconnect, device number 9 [ 513.062143][ T6198] bridge0: port 2(bridge_slave_1) entered disabled state [ 513.079167][ T5919] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 513.092785][ T6198] bridge_slave_0: left allmulticast mode [ 513.105897][ T6198] bridge_slave_0: left promiscuous mode [ 513.130117][ T6198] bridge0: port 1(bridge_slave_0) entered disabled state [ 516.542127][ T5832] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 516.552736][ T5832] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 516.562057][ T5832] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 516.570381][ T5832] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 516.582673][ T5832] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 516.730627][T11061] Bluetooth: MGMT ver 1.23 [ 516.925014][ T6198] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 516.938386][ T6198] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 516.949902][ T6198] bond0 (unregistering): Released all slaves [ 517.037092][T11067] netlink: 'syz.5.1015': attribute type 12 has an invalid length. [ 517.192216][T10507] veth0_vlan: entered promiscuous mode [ 518.618390][ T5832] Bluetooth: hci2: command tx timeout [ 518.858642][ T30] audit: type=1326 audit(1749376794.305:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11087 comm="syz.3.1021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbadd58e929 code=0x7ffc0000 [ 518.913580][T10507] veth1_vlan: entered promiscuous mode [ 518.946366][ T30] audit: type=1326 audit(1749376794.305:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11087 comm="syz.3.1021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbadd58e929 code=0x7ffc0000 [ 519.056902][ T30] audit: type=1326 audit(1749376794.305:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11087 comm="syz.3.1021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7fbadd58e929 code=0x7ffc0000 [ 519.138088][ T30] audit: type=1326 audit(1749376794.305:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11087 comm="syz.3.1021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbadd58e929 code=0x7ffc0000 [ 519.221023][ T30] audit: type=1326 audit(1749376794.305:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11087 comm="syz.3.1021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbadd58e929 code=0x7ffc0000 [ 519.242566][ C1] vkms_vblank_simulate: vblank timer overrun [ 519.255624][ T30] audit: type=1326 audit(1749376794.305:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11087 comm="syz.3.1021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7fbadd58e929 code=0x7ffc0000 [ 519.277173][ C1] vkms_vblank_simulate: vblank timer overrun [ 519.337014][ T30] audit: type=1326 audit(1749376794.315:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11087 comm="syz.3.1021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbadd58e929 code=0x7ffc0000 [ 519.358794][ C1] vkms_vblank_simulate: vblank timer overrun [ 519.397358][T10507] veth0_macvtap: entered promiscuous mode [ 519.474375][ T30] audit: type=1326 audit(1749376794.335:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11087 comm="syz.3.1021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbadd58e929 code=0x7ffc0000 [ 519.495912][ C1] vkms_vblank_simulate: vblank timer overrun [ 519.501033][T10507] veth1_macvtap: entered promiscuous mode [ 519.560187][T11099] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1022'. [ 520.265654][T10507] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 520.292969][ T6198] hsr_slave_0: left promiscuous mode [ 520.345065][ T30] audit: type=1326 audit(1749376794.335:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11087 comm="syz.3.1021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fbadd58d290 code=0x7ffc0000 [ 520.366767][ T30] audit: type=1326 audit(1749376794.335:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11087 comm="syz.3.1021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbadd58e929 code=0x7ffc0000 [ 520.370639][ T5827] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 520.406479][ T5827] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 520.415874][ T5827] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 520.431926][ T5827] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 520.440382][ T5827] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 520.496952][ T6198] hsr_slave_1: left promiscuous mode [ 520.516402][ T6198] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 520.527637][ T6198] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 520.541838][ T6198] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 520.551873][ T6198] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 520.585864][ T6198] veth1_macvtap: left promiscuous mode [ 520.591617][ T6198] veth0_macvtap: left promiscuous mode [ 520.599027][ T6198] veth1_vlan: left promiscuous mode [ 520.609314][ T6198] veth0_vlan: left promiscuous mode [ 520.704614][ T5827] Bluetooth: hci2: command tx timeout [ 520.748323][ T5886] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 520.908133][ T5886] usb 4-1: Using ep0 maxpacket: 16 [ 520.927938][ T5886] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 520.948143][ T5886] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 520.964644][ T5886] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 520.976101][ T5886] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 520.985982][ T5886] usb 4-1: Product: syz [ 520.990766][ T5886] usb 4-1: Manufacturer: syz [ 520.995554][ T5886] usb 4-1: SerialNumber: syz [ 521.237065][ T5886] usb 4-1: 0:2 : does not exist [ 521.265828][ T5886] usb 4-1: 5:0: failed to get current value for ch 0 (-22) [ 521.393815][ T5886] usb 4-1: USB disconnect, device number 10 [ 521.492590][T10355] udevd[10355]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 522.227736][ T6198] team0 (unregistering): Port device team_slave_1 removed [ 522.278671][ T6198] team0 (unregistering): Port device team_slave_0 removed [ 522.559573][ T5827] Bluetooth: hci6: command tx timeout [ 522.781547][ T5827] Bluetooth: hci2: command tx timeout [ 524.628216][ T5832] Bluetooth: hci6: command tx timeout [ 524.878524][ T5832] Bluetooth: hci2: command tx timeout [ 525.595679][T11132] bridge0: port 3(netdevsim2) entered blocking state [ 525.602575][T11132] bridge0: port 3(netdevsim2) entered disabled state [ 525.609505][T11132] netdevsim netdevsim5 netdevsim2: entered allmulticast mode [ 525.619039][T11132] netdevsim netdevsim5 netdevsim2: entered promiscuous mode [ 525.626767][T11132] bridge0: port 3(netdevsim2) entered blocking state [ 525.633548][T11132] bridge0: port 3(netdevsim2) entered forwarding state [ 525.692017][T10507] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 525.725615][T10507] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 525.769888][T10507] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 525.993528][T10507] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 526.003188][T10507] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 526.848237][ T5832] Bluetooth: hci6: command tx timeout [ 528.186106][T11058] chnl_net:caif_netlink_parms(): no params data found [ 528.274316][T11173] overlayfs: failed to create directory ./bus/work (errno: 22); mounting read-only [ 528.381672][ T7734] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 528.410461][ T7734] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 528.705074][ T1149] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 528.715645][ T1149] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 528.797721][T11191] xt_hashlimit: size too large, truncated to 1048576 [ 528.842958][T11058] bridge0: port 1(bridge_slave_0) entered blocking state [ 528.858215][ T5832] Bluetooth: hci6: command tx timeout [ 528.869859][T11058] bridge0: port 1(bridge_slave_0) entered disabled state [ 528.909162][T11058] bridge_slave_0: entered allmulticast mode [ 528.966914][T11058] bridge_slave_0: entered promiscuous mode [ 529.089279][T11058] bridge0: port 2(bridge_slave_1) entered blocking state [ 529.096502][T11058] bridge0: port 2(bridge_slave_1) entered disabled state [ 529.117944][T11058] bridge_slave_1: entered allmulticast mode [ 529.136898][T11058] bridge_slave_1: entered promiscuous mode [ 529.392363][T11058] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 530.110811][T11058] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 530.143777][T11101] chnl_net:caif_netlink_parms(): no params data found [ 530.340982][ T7731] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 530.473292][T11058] team0: Port device team_slave_0 added [ 530.483564][T11058] team0: Port device team_slave_1 added [ 530.509500][ T7731] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 530.602499][T11058] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 530.609988][T11058] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 530.637053][T11058] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 530.667570][ T7731] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 530.704182][T11058] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 530.715705][T11058] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 530.742795][T11058] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 530.784202][T11101] bridge0: port 1(bridge_slave_0) entered blocking state [ 530.791718][T11101] bridge0: port 1(bridge_slave_0) entered disabled state [ 530.799166][T11101] bridge_slave_0: entered allmulticast mode [ 530.806506][T11101] bridge_slave_0: entered promiscuous mode [ 530.829644][ T7731] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 530.850241][T11101] bridge0: port 2(bridge_slave_1) entered blocking state [ 530.857466][T11101] bridge0: port 2(bridge_slave_1) entered disabled state [ 530.865315][T11101] bridge_slave_1: entered allmulticast mode [ 530.873208][T11101] bridge_slave_1: entered promiscuous mode [ 530.915590][T11101] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 531.014037][T11058] hsr_slave_0: entered promiscuous mode [ 531.027183][T11058] hsr_slave_1: entered promiscuous mode [ 531.034112][T11058] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 531.051027][T11058] Cannot create hsr debugfs directory [ 531.064107][T11101] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 531.193191][T11101] team0: Port device team_slave_0 added [ 531.281879][T11101] team0: Port device team_slave_1 added [ 531.554020][T11101] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 531.590132][T11101] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 531.678149][T11101] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 531.812657][ T7731] bridge_slave_1: left allmulticast mode [ 531.981364][ T7731] bridge_slave_1: left promiscuous mode [ 531.987259][ T7731] bridge0: port 2(bridge_slave_1) entered disabled state [ 533.199921][T11237] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 533.408467][ T30] kauditd_printk_skb: 17 callbacks suppressed [ 533.408513][ T30] audit: type=1326 audit(1749376808.665:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11231 comm="syz.3.1040" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbadd58e929 code=0x0 [ 533.559420][ T7731] bridge_slave_0: left allmulticast mode [ 533.565165][ T7731] bridge_slave_0: left promiscuous mode [ 533.571764][ T7731] bridge0: port 1(bridge_slave_0) entered disabled state [ 534.361588][ T5827] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 534.382602][ T5827] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 534.393340][ T5827] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 534.414314][ T5827] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 534.438389][ T5827] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 534.738303][ T9786] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 534.907624][ T9786] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 534.920833][ T9786] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 534.921399][ T7731] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 534.940342][ T9786] usb 4-1: config 1 interface 0 altsetting 0 has an invalid endpoint descriptor of length 6, skipping [ 534.952357][ T9786] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 534.969771][ T7731] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 534.980595][ T7731] bond0 (unregistering): Released all slaves [ 534.988950][ T9786] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 534.998165][ T9786] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 535.006199][ T9786] usb 4-1: SerialNumber: syz [ 535.012284][T11101] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 535.034553][T11101] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 535.062224][T11101] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 535.236348][T11245] vivid-006: disconnect [ 535.261987][T11244] vivid-006: reconnect [ 535.285156][ T9786] usb 4-1: 0:2 : does not exist [ 535.298360][ T9786] usb 4-1: unit 5 not found! [ 535.339625][ T9786] usb 4-1: USB disconnect, device number 11 [ 535.438416][T10355] udevd[10355]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 535.566711][T11101] hsr_slave_0: entered promiscuous mode [ 535.592938][T11101] hsr_slave_1: entered promiscuous mode [ 535.619709][T11101] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 535.641752][T11101] Cannot create hsr debugfs directory [ 536.047277][ T30] audit: type=1326 audit(1749376811.495:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11263 comm="syz.3.1046" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbadd58e929 code=0x7ffc0000 [ 536.103238][ T30] audit: type=1326 audit(1749376811.495:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11263 comm="syz.3.1046" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbadd58e929 code=0x7ffc0000 [ 536.127758][ T30] audit: type=1326 audit(1749376811.505:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11263 comm="syz.3.1046" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbadd58e929 code=0x7ffc0000 [ 536.133736][T11264] netlink: 9 bytes leftover after parsing attributes in process `syz.3.1046'. [ 536.151625][ T30] audit: type=1326 audit(1749376811.505:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11263 comm="syz.3.1046" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fbadd58e929 code=0x7ffc0000 [ 536.187685][ T7731] hsr_slave_0: left promiscuous mode [ 536.195722][ T30] audit: type=1326 audit(1749376811.505:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11263 comm="syz.3.1046" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbadd58e929 code=0x7ffc0000 [ 536.217664][ T7731] hsr_slave_1: left promiscuous mode [ 536.230696][ T7731] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 536.246724][ T7731] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 536.264100][ T30] audit: type=1326 audit(1749376811.505:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11263 comm="syz.3.1046" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbadd58e929 code=0x7ffc0000 [ 536.288660][ T7731] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 536.293329][ T30] audit: type=1326 audit(1749376811.505:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11263 comm="syz.3.1046" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbadd58e929 code=0x7ffc0000 [ 536.297157][ T7731] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 536.318218][ T30] audit: type=1326 audit(1749376811.515:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11263 comm="syz.3.1046" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbadd58e929 code=0x7ffc0000 [ 536.318297][ T30] audit: type=1326 audit(1749376811.515:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11263 comm="syz.3.1046" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbadd58e929 code=0x7ffc0000 [ 536.414762][ T7731] veth1_macvtap: left promiscuous mode [ 536.423304][ T7731] veth0_macvtap: left promiscuous mode [ 536.435963][ T7731] veth1_vlan: left promiscuous mode [ 536.442724][ T7731] veth0_vlan: left promiscuous mode [ 536.538282][ T5827] Bluetooth: hci1: command tx timeout [ 537.255764][ T7731] team0 (unregistering): Port device team_slave_1 removed [ 537.310049][ T7731] team0 (unregistering): Port device team_slave_0 removed [ 537.855200][T11264] gretap0: entered promiscuous mode [ 537.864482][T11264] gretap0: left allmulticast mode [ 538.628134][ T5827] Bluetooth: hci1: command tx timeout [ 539.487625][T11242] chnl_net:caif_netlink_parms(): no params data found [ 539.857886][T11242] bridge0: port 1(bridge_slave_0) entered blocking state [ 539.888265][T11242] bridge0: port 1(bridge_slave_0) entered disabled state [ 539.895814][T11242] bridge_slave_0: entered allmulticast mode [ 539.904437][T11242] bridge_slave_0: entered promiscuous mode [ 539.913971][T11242] bridge0: port 2(bridge_slave_1) entered blocking state [ 539.921489][T11242] bridge0: port 2(bridge_slave_1) entered disabled state [ 539.928977][T11242] bridge_slave_1: entered allmulticast mode [ 539.937442][T11242] bridge_slave_1: entered promiscuous mode [ 540.042164][T11058] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 540.070342][T11242] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 540.086404][T11242] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 540.101049][T11058] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 540.115181][T11058] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 540.170595][T11058] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 540.321110][T11242] team0: Port device team_slave_0 added [ 540.627157][T11242] team0: Port device team_slave_1 added [ 540.694109][T11242] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 540.699631][ T5827] Bluetooth: hci1: command tx timeout [ 540.718899][T11242] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 540.751882][T11242] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 540.771178][T11101] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 540.817402][T11242] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 540.854710][T11242] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 540.914664][T11242] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 540.954038][T11101] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 541.014266][T11101] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 541.046874][T11101] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 541.316633][T11242] hsr_slave_0: entered promiscuous mode [ 541.347075][T11242] hsr_slave_1: entered promiscuous mode [ 541.369127][T11242] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 541.388334][T11242] Cannot create hsr debugfs directory [ 541.929982][T11058] 8021q: adding VLAN 0 to HW filter on device bond0 [ 542.069994][T11058] 8021q: adding VLAN 0 to HW filter on device team0 [ 542.136735][T11101] 8021q: adding VLAN 0 to HW filter on device bond0 [ 542.319174][T11101] 8021q: adding VLAN 0 to HW filter on device team0 [ 542.328960][ T7731] bridge0: port 1(bridge_slave_0) entered blocking state [ 542.336152][ T7731] bridge0: port 1(bridge_slave_0) entered forwarding state [ 542.352088][ T7731] bridge0: port 2(bridge_slave_1) entered blocking state [ 542.359350][ T7731] bridge0: port 2(bridge_slave_1) entered forwarding state [ 542.383939][ T6042] bridge0: port 1(bridge_slave_0) entered blocking state [ 542.391184][ T6042] bridge0: port 1(bridge_slave_0) entered forwarding state [ 542.474071][ T6042] bridge0: port 2(bridge_slave_1) entered blocking state [ 542.481368][ T6042] bridge0: port 2(bridge_slave_1) entered forwarding state [ 542.856134][ T5827] Bluetooth: hci1: command tx timeout [ 543.473859][T11363] random: crng reseeded on system resumption [ 545.499757][T11101] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 546.526600][T11242] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 546.605489][T11242] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 546.619985][T11242] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 546.642340][T11242] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 547.136584][T11242] 8021q: adding VLAN 0 to HW filter on device bond0 [ 547.206490][T11101] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 547.263276][T11058] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 547.404260][T11242] 8021q: adding VLAN 0 to HW filter on device team0 [ 547.934160][ T6960] bridge0: port 1(bridge_slave_0) entered blocking state [ 547.941408][ T6960] bridge0: port 1(bridge_slave_0) entered forwarding state [ 548.061283][ T6960] bridge0: port 2(bridge_slave_1) entered blocking state [ 548.068525][ T6960] bridge0: port 2(bridge_slave_1) entered forwarding state [ 548.126519][T11414] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1064'. [ 548.270817][T11414] netdevsim netdevsim5 netdevsim2: left allmulticast mode [ 548.348678][T11414] netdevsim netdevsim5 netdevsim2: left promiscuous mode [ 548.455371][T11414] bridge0: port 3(netdevsim2) entered disabled state [ 548.614252][T11414] bridge_slave_1: left allmulticast mode [ 548.620347][T11414] bridge_slave_1: left promiscuous mode [ 548.627576][T11414] bridge0: port 2(bridge_slave_1) entered disabled state [ 548.909413][T11414] bridge_slave_0: left allmulticast mode [ 548.915159][T11414] bridge_slave_0: left promiscuous mode [ 548.941345][T11414] bridge0: port 1(bridge_slave_0) entered disabled state [ 549.101406][T11419] sch_tbf: burst 19872 is lower than device lo mtu (11337746) ! [ 549.232134][T11058] veth0_vlan: entered promiscuous mode [ 549.310145][T11058] veth1_vlan: entered promiscuous mode [ 549.449583][T11058] veth0_macvtap: entered promiscuous mode [ 549.493657][T11058] veth1_macvtap: entered promiscuous mode [ 549.606449][T11058] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 549.737604][T11101] veth0_vlan: entered promiscuous mode [ 549.786114][T11438] syz.3.1067 (11438): /proc/11430/oom_adj is deprecated, please use /proc/11430/oom_score_adj instead. [ 549.818859][T11058] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 549.887715][T11058] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 549.936687][T11058] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 549.984467][T11058] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 550.004487][T11058] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 550.197333][T11101] veth1_vlan: entered promiscuous mode [ 550.435732][T11242] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 550.601413][T11452] netlink: 'syz.5.1069': attribute type 1 has an invalid length. [ 550.616640][ T1149] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 550.668358][ T1149] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 550.761146][T11455] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1069'. [ 550.992317][T11454] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 551.042273][T11101] veth0_macvtap: entered promiscuous mode [ 551.072170][ T6042] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 551.119958][ T6042] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 551.153115][T11455] bond1 (unregistering): (slave ip6gretap1): Releasing backup interface [ 551.189593][T11455] bond1 (unregistering): Released all slaves [ 551.260533][T11101] veth1_macvtap: entered promiscuous mode [ 551.380992][T11101] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 551.424451][T11101] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 551.541082][T11101] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 551.578481][T11101] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 551.600210][T11101] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 551.621057][T11101] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 553.535979][T11242] veth0_vlan: entered promiscuous mode [ 555.095059][ T30] kauditd_printk_skb: 27 callbacks suppressed [ 555.095080][ T30] audit: type=1326 audit(1749376830.545:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11489 comm="syz.3.1075" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbadd58e929 code=0x0 [ 555.151009][ T7734] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 555.276028][T11242] veth1_vlan: entered promiscuous mode [ 555.343096][ T7734] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 555.421020][ T7738] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 555.446416][ T7738] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 555.525628][ T7734] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 555.556812][ T6042] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 555.571690][ T6042] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 555.602770][ T7734] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 555.654527][T11242] veth0_macvtap: entered promiscuous mode [ 555.686425][T11242] veth1_macvtap: entered promiscuous mode [ 555.871370][T11242] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 555.891303][T11242] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 555.957497][ T7734] bridge_slave_1: left allmulticast mode [ 555.968181][ T7734] bridge_slave_1: left promiscuous mode [ 555.974057][ T7734] bridge0: port 2(bridge_slave_1) entered disabled state [ 555.996193][ T7734] bridge_slave_0: left allmulticast mode [ 556.002056][ T7734] bridge_slave_0: left promiscuous mode [ 556.007897][ T7734] bridge0: port 1(bridge_slave_0) entered disabled state [ 556.187387][T11509] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1077'. [ 557.702033][T11525] xt_SECMARK: unable to map security context 'system_u:object_r:dbusd_etc_t:s0' [ 558.779752][ T5832] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 558.795774][ T5832] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 558.806600][ T5832] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 558.823554][ T5832] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 558.831849][ T5832] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 559.065860][ T7734] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 559.079561][ T7734] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 559.091032][ T7734] bond0 (unregistering): Released all slaves [ 559.131930][T11509] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 559.297793][T11242] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 559.320395][T11242] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 559.329575][T11242] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 559.339047][T11242] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 561.081806][ T5827] Bluetooth: hci2: command tx timeout [ 562.073079][ T7749] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 562.210403][ T7749] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 562.546440][ T7734] hsr_slave_0: left promiscuous mode [ 563.031832][ T7734] hsr_slave_1: left promiscuous mode [ 563.061983][ T7734] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 563.081861][ T7734] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 563.103034][ T5827] Bluetooth: hci2: command tx timeout [ 563.109881][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.219019][ T7734] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 563.259987][ T7734] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 563.569988][ T7734] veth1_macvtap: left promiscuous mode [ 563.662234][ T7734] veth0_macvtap: left promiscuous mode [ 563.771653][ T7734] veth1_vlan: left promiscuous mode [ 563.880146][ T7734] veth0_vlan: left promiscuous mode [ 565.188195][ T5827] Bluetooth: hci2: command tx timeout [ 567.324341][ T5827] Bluetooth: hci2: command tx timeout [ 569.743999][T11520] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 569.948155][T11520] usb 4-1: Using ep0 maxpacket: 16 [ 569.958819][T11520] usb 4-1: config 0 has too many interfaces: 111, using maximum allowed: 32 [ 569.986441][T11520] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 570.004280][T11520] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 111 [ 570.016890][T11520] usb 4-1: New USB device found, idVendor=058f, idProduct=9720, bcdDevice=fb.74 [ 570.047039][T11520] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 570.074951][T11520] usb 4-1: Product: syz [ 570.079786][T11520] usb 4-1: Manufacturer: syz [ 570.084604][T11520] usb 4-1: SerialNumber: syz [ 570.136836][T11520] usb 4-1: config 0 descriptor?? [ 570.248943][T11520] pl2303 4-1:0.0: required endpoints missing [ 570.958281][ T5941] usb 4-1: USB disconnect, device number 12 [ 571.016170][ T7734] team0 (unregistering): Port device team_slave_1 removed [ 571.151461][ T7734] team0 (unregistering): Port device team_slave_0 removed [ 571.703057][T11631] hugetlbfs: syz.6.1101 (11631): Using mlock ulimits for SHM_HUGETLB is obsolete [ 572.606929][ T5901] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 572.904914][ T5901] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 572.916899][ T5901] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 573.031308][ T5901] usb 4-1: config 0 descriptor?? [ 573.219758][ T5901] cp210x 4-1:0.0: cp210x converter detected [ 574.200459][ T5901] cp210x 4-1:0.0: failed to get vendor val 0x000e size 678: -71 [ 574.262275][ T5901] cp210x 4-1:0.0: GPIO initialisation failed: -71 [ 574.333296][ T5901] usb 4-1: cp210x converter now attached to ttyUSB0 [ 574.375292][ T7738] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 574.401978][T11647] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1105'. [ 574.412574][ T5901] usb 4-1: USB disconnect, device number 13 [ 574.443222][ T7738] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 574.459903][ T5901] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 574.513364][ T5901] cp210x 4-1:0.0: device disconnected [ 575.418404][ T5827] Bluetooth: hci5: command 0x0406 tx timeout [ 576.690540][T11674] sctp: failed to load transform for md5: -4 [ 576.690809][T11658] sctp: failed to load transform for md5: -2 [ 576.698229][T11664] sctp: failed to load transform for md5: -2 [ 576.771772][T11530] chnl_net:caif_netlink_parms(): no params data found [ 576.794170][T11666] sctp: failed to load transform for md5: -2 [ 576.858325][T11671] sctp: failed to load transform for md5: -2 [ 578.326808][ T7734] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 578.350031][T11530] bridge0: port 1(bridge_slave_0) entered blocking state [ 578.366413][T11530] bridge0: port 1(bridge_slave_0) entered disabled state [ 578.374937][T11530] bridge_slave_0: entered allmulticast mode [ 578.385330][T11530] bridge_slave_0: entered promiscuous mode [ 578.401707][T11530] bridge0: port 2(bridge_slave_1) entered blocking state [ 578.418320][T11530] bridge0: port 2(bridge_slave_1) entered disabled state [ 578.425735][T11530] bridge_slave_1: entered allmulticast mode [ 578.435994][T11530] bridge_slave_1: entered promiscuous mode [ 578.546659][ T7734] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 578.647148][T11530] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 578.672153][T11530] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 578.730711][ T7734] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 578.845493][T11530] team0: Port device team_slave_0 added [ 578.906170][ T7734] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 578.942213][T11530] team0: Port device team_slave_1 added [ 579.033753][T11530] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 579.040907][T11530] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 579.067483][T11530] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 579.088468][T11530] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 579.106200][T11530] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 579.141236][T11530] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 580.909095][T11730] xt_CT: You must specify a L4 protocol and not use inversions on it [ 581.424023][T11530] hsr_slave_0: entered promiscuous mode [ 581.473097][T11530] hsr_slave_1: entered promiscuous mode [ 581.499239][T11530] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 581.506889][T11530] Cannot create hsr debugfs directory [ 581.794551][ T7734] bridge_slave_1: left allmulticast mode [ 581.814383][ T7734] bridge_slave_1: left promiscuous mode [ 581.835848][ T7734] bridge0: port 2(bridge_slave_1) entered disabled state [ 582.214901][T11738] xt_nat: multiple ranges no longer supported [ 582.557592][ T5827] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 582.582754][ T5827] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 582.807595][ T5827] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 582.818947][ T5827] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 582.826753][ T5827] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 582.844758][ T7734] bridge_slave_0: left allmulticast mode [ 582.924184][ T7734] bridge_slave_0: left promiscuous mode [ 582.988263][ T7734] bridge0: port 1(bridge_slave_0) entered disabled state [ 583.821251][T11749] syz.5.1117: attempt to access beyond end of device [ 583.821251][T11749] nbd5: rw=0, sector=2, nr_sectors = 1 limit=0 [ 583.837495][T11749] hfs: can't find a HFS filesystem on dev nbd5 [ 585.018370][ T5832] Bluetooth: hci1: command tx timeout [ 587.098809][ T5832] Bluetooth: hci1: command tx timeout [ 589.178076][ T5832] Bluetooth: hci1: command tx timeout [ 590.368753][ T5886] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 590.582413][ T5886] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 590.608192][ T5886] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 590.626114][ T5886] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 590.639430][ T5886] usb 4-1: config 0 descriptor?? [ 590.649638][ T5886] pwc: Askey VC010 type 2 USB webcam detected. [ 590.913125][ T7734] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 590.925183][ T7734] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 591.042576][ T7734] bond0 (unregistering): Released all slaves [ 591.339032][ T5832] Bluetooth: hci1: command tx timeout [ 591.649562][ T5886] pwc: recv_control_msg error -32 req 02 val 2b00 [ 591.672827][ T5886] pwc: recv_control_msg error -32 req 02 val 2700 [ 591.688113][ T5886] pwc: recv_control_msg error -32 req 02 val 2c00 [ 591.700628][ T5886] pwc: recv_control_msg error -32 req 04 val 1000 [ 591.728741][ T5886] pwc: recv_control_msg error -32 req 04 val 1300 [ 591.757492][ T5886] pwc: recv_control_msg error -32 req 04 val 1400 [ 591.766038][ T5886] pwc: recv_control_msg error -32 req 02 val 2000 [ 591.795173][ T5886] pwc: recv_control_msg error -32 req 02 val 2100 [ 591.803168][ T5886] pwc: recv_control_msg error -32 req 04 val 1500 [ 593.327078][ T5886] pwc: recv_control_msg error -32 req 02 val 2500 [ 593.383180][ T5886] pwc: recv_control_msg error -71 req 02 val 2400 [ 593.398834][ T5886] pwc: recv_control_msg error -71 req 02 val 2600 [ 593.426171][ T5886] pwc: recv_control_msg error -71 req 02 val 2900 [ 593.438439][ T5886] pwc: recv_control_msg error -71 req 02 val 2800 [ 593.457271][ T5886] pwc: recv_control_msg error -71 req 04 val 1100 [ 593.468833][ T5886] pwc: recv_control_msg error -71 req 04 val 1200 [ 593.498805][ T5886] pwc: Registered as video103. [ 593.506986][ T5886] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input8 [ 593.589217][ T5886] usb 4-1: USB disconnect, device number 14 [ 597.415906][T11848] hub 8-0:1.0: USB hub found [ 597.428404][T11848] hub 8-0:1.0: 1 port detected [ 599.978452][ T7734] hsr_slave_0: left promiscuous mode [ 600.002523][ T7734] hsr_slave_1: left promiscuous mode [ 600.018502][ T7734] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 600.035259][ T7734] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 600.064212][ T7734] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 600.091920][ T7734] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 600.178357][ T7734] veth1_macvtap: left promiscuous mode [ 600.184009][ T7734] veth0_macvtap: left promiscuous mode [ 600.206851][ T7734] veth1_vlan: left promiscuous mode [ 600.218415][ T7734] veth0_vlan: left promiscuous mode [ 602.551307][ C0] vcan0: j1939_tp_rxtimer: 0xffff88807bee0000: rx timeout, send abort [ 603.053154][ C0] vcan0: j1939_tp_rxtimer: 0xffff88807bee2800: rx timeout, send abort [ 603.068046][ C0] vcan0: j1939_tp_rxtimer: 0xffff88807bee0000: abort rx timeout. Force session deactivation [ 603.561581][ C0] vcan0: j1939_tp_rxtimer: 0xffff88807bee2800: abort rx timeout. Force session deactivation [ 604.251376][ T7734] team0 (unregistering): Port device team_slave_1 removed [ 604.435815][ T7734] team0 (unregistering): Port device team_slave_0 removed [ 606.400336][T11916] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1151'. [ 610.021722][T11939] sctp: failed to load transform for md5: -2 [ 610.037285][T11941] sctp: failed to load transform for md5: -2 [ 610.086090][T11943] sctp: failed to load transform for md5: -2 [ 610.137634][T11946] sctp: failed to load transform for md5: -2 [ 610.178270][T11953] sctp: failed to load transform for md5: -2 [ 610.273909][T11736] chnl_net:caif_netlink_parms(): no params data found [ 614.604324][T11979] Set syz1 is full, maxelem 65536 reached [ 615.761364][T11736] bridge0: port 1(bridge_slave_0) entered blocking state [ 615.916546][T11736] bridge0: port 1(bridge_slave_0) entered disabled state [ 615.924488][T11736] bridge_slave_0: entered allmulticast mode [ 615.932578][T11736] bridge_slave_0: entered promiscuous mode [ 615.966182][T11736] bridge0: port 2(bridge_slave_1) entered blocking state [ 616.748287][T11736] bridge0: port 2(bridge_slave_1) entered disabled state [ 616.768576][T11736] bridge_slave_1: entered allmulticast mode [ 616.896920][T11736] bridge_slave_1: entered promiscuous mode [ 617.029187][T11530] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 617.184959][T11736] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 617.221880][T11736] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 617.637513][T11736] team0: Port device team_slave_0 added [ 617.669363][T11736] team0: Port device team_slave_1 added [ 617.870860][T11736] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 617.893272][T11736] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 617.953623][T11736] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 618.027348][T11736] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 618.067419][T11736] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 618.147028][T11736] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 619.864835][ T5832] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 619.878645][T11736] hsr_slave_0: entered promiscuous mode [ 619.885348][T11736] hsr_slave_1: entered promiscuous mode [ 619.913466][T11736] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 619.966030][T11736] Cannot create hsr debugfs directory [ 620.000332][ T5832] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 620.081573][ T5832] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 620.098608][ T5832] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 620.110527][ T5832] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 620.851791][T12030] tipc: Started in network mode [ 620.856749][T12030] tipc: Node identity 8ee8746efaef, cluster identity 4711 [ 620.907518][T12030] tipc: Enabled bearer , priority 0 [ 621.018615][T12030] syzkaller0: entered promiscuous mode [ 621.024190][T12030] syzkaller0: entered allmulticast mode [ 621.798537][T12030] tipc: Resetting bearer [ 621.942123][ T5941] tipc: Node number set to 1946645614 [ 622.194610][ T78] tipc: Resetting bearer [ 622.198704][T12051] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1173'. [ 622.221001][T11103] Bluetooth: hci2: command tx timeout [ 622.230155][T12029] tipc: Resetting bearer [ 622.360772][T12029] tipc: Disabling bearer [ 622.682205][T12059] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1174'. [ 623.270973][ T7738] bridge_slave_1: left allmulticast mode [ 623.287596][ T7738] bridge_slave_1: left promiscuous mode [ 623.303240][ T7738] bridge0: port 2(bridge_slave_1) entered disabled state [ 623.342137][ T7738] bridge_slave_0: left allmulticast mode [ 623.348754][ T7738] bridge_slave_0: left promiscuous mode [ 623.364079][ T7738] bridge0: port 1(bridge_slave_0) entered disabled state [ 623.457222][T12071] kvm: kvm [12068]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x7900000800 [ 623.504027][T12071] kvm: kvm [12068]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0xb200000000 [ 623.641755][ T7738] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 623.667742][ T7738] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 623.690232][ T7738] bond0 (unregistering): Released all slaves [ 624.298275][T11103] Bluetooth: hci2: command tx timeout [ 624.544125][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 625.027859][ T7738] hsr_slave_0: left promiscuous mode [ 625.034096][ T7738] hsr_slave_1: left promiscuous mode [ 625.109742][ T7738] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 625.150972][ T7738] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 626.379520][T11103] Bluetooth: hci2: command tx timeout [ 626.834785][ T7738] team0 (unregistering): Port device team_slave_1 removed [ 626.911960][ T7738] team0 (unregistering): Port device team_slave_0 removed [ 628.464152][T11103] Bluetooth: hci2: command tx timeout [ 630.772818][T12135] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1194'. [ 630.783314][T12135] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1194'. [ 631.394723][T12024] chnl_net:caif_netlink_parms(): no params data found [ 631.514233][T12135] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1194'. [ 631.523450][T12135] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1194'. [ 631.554877][T12143] kvm: vcpu 0: requested 64 ns lapic timer period limited to 200000 ns [ 634.863601][T12024] bridge0: port 1(bridge_slave_0) entered blocking state [ 634.898133][T12024] bridge0: port 1(bridge_slave_0) entered disabled state [ 634.905340][T11103] Bluetooth: hci6: unexpected event 0x03 length: 1 < 11 [ 634.933468][T12024] bridge_slave_0: entered allmulticast mode [ 634.950239][T12024] bridge_slave_0: entered promiscuous mode [ 634.986343][T12024] bridge0: port 2(bridge_slave_1) entered blocking state [ 634.998303][T12024] bridge0: port 2(bridge_slave_1) entered disabled state [ 635.005639][T12024] bridge_slave_1: entered allmulticast mode [ 635.023949][T12024] bridge_slave_1: entered promiscuous mode [ 636.919594][T11520] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 637.249282][T11520] usb 7-1: Using ep0 maxpacket: 16 [ 637.383422][T12188] Invalid ELF header magic: != ELF [ 637.508635][T12024] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 637.520283][T11520] usb 7-1: New USB device found, idVendor=14f7, idProduct=0500, bcdDevice=44.85 [ 637.560339][T12024] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 637.597736][T11520] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 637.623270][T11520] usb 7-1: Product: syz [ 637.627559][T11520] usb 7-1: Manufacturer: syz [ 637.638082][T11520] usb 7-1: SerialNumber: syz [ 637.666045][T11520] usb 7-1: config 0 descriptor?? [ 637.692453][T11520] usb 7-1: selecting invalid altsetting 1 [ 637.702238][T11520] technisat-usb2: could not set alternate setting to 0 [ 637.799299][T12024] team0: Port device team_slave_0 added [ 637.839744][T12024] team0: Port device team_slave_1 added [ 638.009980][T11520] technisat-usb2: firmware version: 0.0 [ 638.016190][T11520] dvb-usb: found a 'Technisat SkyStar USB HD (DVB-S/S2)' in warm state. [ 638.091122][T11736] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 638.172207][T12192] xt_CT: You must specify a L4 protocol and not use inversions on it [ 638.873087][T11736] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 638.896639][T11520] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 638.912399][T11520] dvbdev: DVB: registering new adapter (Technisat SkyStar USB HD (DVB-S/S2)) [ 638.937075][T11520] usb 7-1: media controller created [ 638.947438][T11520] technisat-usb2: i2c-error: out failed 53 = -22 [ 638.954788][T11520] dvb-usb: MAC address reading failed. [ 638.998291][T12024] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 638.998932][T11520] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 639.036245][T12024] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 639.063996][T12024] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 639.088929][T12184] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 639.571371][T12184] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 639.619063][T11736] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 639.646877][T11520] DVB: Unable to find symbol stv090x_attach() [ 639.655559][T11520] dvb-usb: no frontend was attached by 'Technisat SkyStar USB HD (DVB-S/S2)' [ 639.684542][T12024] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 639.718569][T12024] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 639.806152][T12024] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 639.863215][T11520] rc_core: IR keymap rc-technisat-usb2 not found [ 639.870811][T12184] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 639.887178][T11520] Registered IR keymap rc-empty [ 639.888874][T12184] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 639.942433][T11520] rc rc0: Technisat SkyStar USB HD (DVB-S/S2) as /devices/platform/dummy_hcd.6/usb7/7-1/rc/rc0 [ 640.005254][T11520] input: Technisat SkyStar USB HD (DVB-S/S2) as /devices/platform/dummy_hcd.6/usb7/7-1/rc/rc0/input9 [ 640.076814][T11520] dvb-usb: schedule remote query interval to 100 msecs. [ 640.101550][T11520] dvb-usb: Technisat SkyStar USB HD (DVB-S/S2) successfully initialized and connected. [ 640.127915][T12024] hsr_slave_0: entered promiscuous mode [ 640.156850][T11520] usb 7-1: USB disconnect, device number 2 [ 640.189022][T12024] hsr_slave_1: entered promiscuous mode [ 640.212724][T12024] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 640.239291][T12024] Cannot create hsr debugfs directory [ 640.345387][T11520] dvb-usb: Technisat SkyStar USB HD (DVB-S/S2) successfully deinitialized and disconnected. [ 643.691090][T12028] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 643.713224][T12028] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 644.308250][T12028] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 644.325861][T12028] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 644.338862][T12028] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 645.008165][ T5901] usb 4-1: new low-speed USB device number 15 using dummy_hcd [ 645.068835][T12245] netlink: 'syz.5.1222': attribute type 14 has an invalid length. [ 645.215938][ T5901] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 645.277743][ T5901] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 645.382197][ T5901] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 30050, setting to 8 [ 645.507309][ T5901] usb 4-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 645.596002][ T5901] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 645.932887][T12237] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 645.976318][ T5901] hub 4-1:1.0: bad descriptor, ignoring hub [ 645.989397][ T5901] hub 4-1:1.0: probe with driver hub failed with error -5 [ 645.997528][ T5901] cdc_wdm 4-1:1.0: skipping garbage [ 646.003749][ T5901] cdc_wdm 4-1:1.0: skipping garbage [ 646.012522][ T5901] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 646.021578][ T5901] cdc_wdm 4-1:1.0: Unknown control protocol [ 646.233524][T12237] fuse: Unknown parameter 'fd0xffffffffffffffff00000000000000000000' [ 646.263385][T12237] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 646.275553][T12237] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 646.333349][ T6041] bridge_slave_1: left allmulticast mode [ 646.340154][ T6041] bridge_slave_1: left promiscuous mode [ 646.346877][ T6041] bridge0: port 2(bridge_slave_1) entered disabled state [ 646.356430][ T6041] bridge_slave_0: left allmulticast mode [ 646.362647][ T6041] bridge_slave_0: left promiscuous mode [ 646.371431][ T6041] bridge0: port 1(bridge_slave_0) entered disabled state [ 646.402746][ C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 646.409674][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 646.416946][ C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 646.423604][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 646.436868][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 646.478493][ T5933] usb 4-1: Failed to suspend device, error -71 [ 646.488612][ T5933] usb 4-1: USB disconnect, device number 15 [ 646.565172][ T6041] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 646.586495][ T6041] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 646.597141][ T6041] bond0 (unregistering): Released all slaves [ 646.614079][T12232] chnl_net:caif_netlink_parms(): no params data found [ 646.700828][T11103] Bluetooth: hci1: command tx timeout [ 646.766355][ T6041] hsr_slave_0: left promiscuous mode [ 646.779741][ T6041] hsr_slave_1: left promiscuous mode [ 646.789384][ T6041] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 646.797434][ T6041] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 646.978062][ T5933] usb 4-1: new low-speed USB device number 16 using dummy_hcd [ 647.055332][ T6041] team0 (unregistering): Port device team_slave_1 removed [ 647.289705][T11103] Bluetooth: hci6: command 0x0406 tx timeout [ 648.176465][ T5933] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 648.199617][ T5933] usb 4-1: can't read configurations, error -71 [ 648.389223][ T6041] team0 (unregistering): Port device team_slave_0 removed [ 648.779466][T12028] Bluetooth: hci1: command tx timeout [ 649.116942][T12275] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1228'. [ 649.963429][T12024] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 650.035536][T12277] bridge1: port 1(ip6gretap1) entered blocking state [ 650.067119][T12277] bridge1: port 1(ip6gretap1) entered disabled state [ 650.094156][T12277] ip6gretap1: entered allmulticast mode [ 650.153101][T12277] ip6gretap1: entered promiscuous mode [ 650.224133][T12278] veth5: entered promiscuous mode [ 650.234718][T12278] bridge1: port 2(veth5) entered blocking state [ 650.249127][T12278] bridge1: port 2(veth5) entered disabled state [ 650.255865][T12278] veth5: entered allmulticast mode [ 650.687501][T12024] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 650.858106][T12028] Bluetooth: hci1: command tx timeout [ 651.147257][T12024] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 652.251442][T12290] netlink: 132 bytes leftover after parsing attributes in process `syz.6.1230'. [ 652.898410][T12024] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 653.028698][T12232] bridge0: port 1(bridge_slave_0) entered blocking state [ 653.035917][T12232] bridge0: port 1(bridge_slave_0) entered disabled state [ 653.123118][T12232] bridge_slave_0: entered allmulticast mode [ 653.148267][T12028] Bluetooth: hci1: command tx timeout [ 653.163255][T12232] bridge_slave_0: entered promiscuous mode [ 653.196262][T12232] bridge0: port 2(bridge_slave_1) entered blocking state [ 653.216567][T12232] bridge0: port 2(bridge_slave_1) entered disabled state [ 653.242564][T12232] bridge_slave_1: entered allmulticast mode [ 653.280453][T12232] bridge_slave_1: entered promiscuous mode [ 653.399724][T12320] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1237'. [ 653.450144][T12232] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 653.457108][T12320] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1237'. [ 653.482474][T12232] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 653.602379][T12232] team0: Port device team_slave_0 added [ 653.634371][T12232] team0: Port device team_slave_1 added [ 654.476082][T12232] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 654.484426][T12232] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 654.639128][T12232] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 654.654535][T12232] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 654.662053][T12232] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 654.689724][T12232] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 655.871333][T12341] overlayfs: failed to clone upperpath [ 655.985648][T12232] hsr_slave_0: entered promiscuous mode [ 656.002727][T12232] hsr_slave_1: entered promiscuous mode [ 656.015949][T12232] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 656.047394][T12345] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 656.085620][T12232] Cannot create hsr debugfs directory [ 656.363215][T12024] 8021q: adding VLAN 0 to HW filter on device bond0 [ 657.721663][T12024] 8021q: adding VLAN 0 to HW filter on device team0 [ 657.828140][ T31] INFO: task syz.2.992:10714 blocked for more than 143 seconds. [ 657.836111][ T31] Not tainted 6.15.0-syzkaller-13743-g8630c59e9936 #0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 657.894509][ T6198] bridge0: port 1(bridge_slave_0) entered blocking state [ 657.901770][ T6198] bridge0: port 1(bridge_slave_0) entered forwarding state [ 657.928964][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 657.938349][ T31] task:syz.2.992 state:D stack:26424 pid:10714 tgid:10711 ppid:5828 task_flags:0x400040 flags:0x00004004 [ 657.965690][ T31] Call Trace: [ 657.984010][ T31] [ 657.987038][ T31] __schedule+0x16a2/0x4cb0 [ 658.008115][ T31] ? __lock_acquire+0xa80/0xd20 [ 658.013707][ T31] ? schedule+0x165/0x360 [ 658.053220][ T31] ? __pfx___schedule+0x10/0x10 [ 658.090099][ T31] ? schedule+0x91/0x360 [ 658.111427][ T31] schedule+0x165/0x360 [ 658.115867][ T31] schedule_preempt_disabled+0x13/0x30 [ 658.124927][ T6041] bridge0: port 2(bridge_slave_1) entered blocking state [ 658.132169][ T6041] bridge0: port 2(bridge_slave_1) entered forwarding state [ 658.167488][ T31] __mutex_lock+0x724/0xe80 [ 658.208050][ T31] ? __mutex_lock+0x51b/0xe80 [ 658.212823][ T31] ? nfsd_nl_version_get_doit+0x16e/0xb60 [ 658.255288][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 658.298160][ T31] ? __nlmsg_put+0xef/0x1b0 [ 658.302780][ T31] ? genlmsg_put+0x137/0x2e0 [ 658.307427][ T31] nfsd_nl_version_get_doit+0x16e/0xb60 [ 658.348203][ T31] ? is_bpf_text_address+0x26/0x2b0 [ 658.353509][ T31] ? is_bpf_text_address+0x292/0x2b0 [ 658.369286][ T31] ? __pfx_nfsd_nl_version_get_doit+0x10/0x10 [ 658.375442][ T31] ? kernel_text_address+0xa5/0xe0 [ 658.382062][ T31] genl_family_rcv_msg_doit+0x215/0x300 [ 658.387710][ T31] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 658.394004][ T31] genl_rcv_msg+0x60e/0x790 [ 658.398634][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 658.403739][ T31] ? __pfx_nfsd_nl_version_get_doit+0x10/0x10 [ 658.410030][ T31] netlink_rcv_skb+0x208/0x470 [ 658.414850][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 658.420165][ T31] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 658.425675][ T31] ? down_read+0x1ad/0x2e0 [ 658.435362][ T31] genl_rcv+0x28/0x40 [ 658.439596][ T31] netlink_unicast+0x75b/0x8d0 [ 658.444420][ T31] netlink_sendmsg+0x805/0xb30 [ 658.449514][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 658.455317][ T31] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 658.461347][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 658.466678][ T31] __sock_sendmsg+0x219/0x270 [ 658.471533][ T31] ____sys_sendmsg+0x505/0x830 [ 658.476344][ T31] ? __pfx_____sys_sendmsg+0x10/0x10 [ 658.481860][ T31] ? import_iovec+0x74/0xa0 [ 658.486519][ T31] ___sys_sendmsg+0x21f/0x2a0 [ 658.493271][ T31] ? __pfx____sys_sendmsg+0x10/0x10 [ 658.498691][ T31] ? __fget_files+0x2a/0x420 [ 658.503346][ T31] ? __fget_files+0x3a0/0x420 [ 658.508270][ T31] __x64_sys_sendmsg+0x19b/0x260 [ 658.513354][ T31] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 658.519096][ T31] ? rcu_is_watching+0x15/0xb0 [ 658.523961][ T31] ? do_syscall_64+0xbe/0x3b0 [ 658.528790][ T31] do_syscall_64+0xfa/0x3b0 [ 658.534845][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 658.540623][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 658.546761][ T31] ? clear_bhb_loop+0x60/0xb0 [ 658.551605][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 658.557587][ T31] RIP: 0033:0x7f199c38e929 [ 658.562214][ T31] RSP: 002b:00007f199a1b4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 658.571207][ T31] RAX: ffffffffffffffda RBX: 00007f199c5b6160 RCX: 00007f199c38e929 [ 658.579350][ T31] RDX: 0000000000040000 RSI: 0000200000000540 RDI: 0000000000000007 [ 658.587386][ T31] RBP: 00007f199c410b39 R08: 0000000000000000 R09: 0000000000000000 [ 658.595500][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 658.603745][ T31] R13: 0000000000000000 R14: 00007f199c5b6160 R15: 00007fff0cf86f98 [ 658.611973][ T31] [ 658.615109][ T31] [ 658.615109][ T31] Showing all locks held in the system: [ 658.623226][ T31] 1 lock held by rcu_exp_gp_kthr/18: [ 658.628670][ T31] 1 lock held by khungtaskd/31: [ 658.633560][ T31] #0: ffffffff8e13f060 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 658.646744][ T31] 2 locks held by dhcpcd/5486: [ 658.651841][ T31] #0: ffffffff8f4e2dc8 (vlan_ioctl_mutex){+.+.}-{4:4}, at: sock_ioctl+0x5ee/0x790 [ 658.661610][ T31] #1: ffffffff8f4fe4c8 (rtnl_mutex){+.+.}-{4:4}, at: vlan_ioctl_handler+0xd0/0x650 [ 658.671204][ T31] 2 locks held by getty/5581: [ 658.675920][ T31] #0: ffff888030d470a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 658.687592][ T31] #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 [ 658.698552][ T31] 3 locks held by kworker/0:5/5901: [ 658.703828][ T31] #0: ffff88801a480d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 658.720504][ T31] #1: ffffc900047ffbc0 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 658.732030][ T31] #2: ffffffff8f4fe4c8 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20 [ 658.745278][ T31] 3 locks held by kworker/u8:8/6041: [ 658.750970][ T31] #0: ffff8880301d7148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 658.762986][ T31] #1: ffffc90004bb7bc0 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 658.776338][ T31] #2: ffffffff8f4fe4c8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0x112/0x14b0 [ 658.793097][ T31] 3 locks held by kworker/u8:13/7734: [ 658.799602][ T31] #0: ffff88801a489148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 658.811730][ T31] #1: ffffc90004ac7bc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 658.825141][ T31] #2: ffffffff8f4fe4c8 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 658.836399][ T31] 2 locks held by kworker/u8:18/7749: [ 658.843799][ T31] #0: ffff88801e363948 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 658.855184][ T31] #1: ffffc90004b47bc0 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 658.867539][ T31] 2 locks held by kworker/0:0/9744: [ 658.873101][ T31] #0: ffff88801a480d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 658.884875][ T31] #1: ffffc90003fdfbc0 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 658.895502][ T31] 2 locks held by syz.0.878/10077: [ 658.900790][ T31] #0: ffffffff8f564630 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 658.909226][ T31] #1: ffffffff8e41bb68 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_listener_set_doit+0x12a/0x1650 [ 658.920203][ T31] 2 locks held by syz.2.992/10714: [ 658.925353][ T31] #0: ffffffff8f564630 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 658.936131][ T31] #1: ffffffff8e41bb68 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_version_get_doit+0x16e/0xb60 [ 658.947489][ T31] 5 locks held by syz.5.1076/11519: [ 658.952907][ T31] #0: ffff88807cd24d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x1fe/0x500 [ 658.963025][ T31] #1: ffff88807cd24078 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 [ 658.972842][ T31] #2: ffffffff8f6664e8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 [ 658.982982][ T31] #3: ffff88807bf2f338 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680 [ 658.992476][ T31] #4: ffffffff8e144b78 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730 [ 659.003532][ T31] 3 locks held by syz-executor/12232: [ 659.009014][ T31] #0: ffffffff8ec93060 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250 [ 659.019590][ T31] #1: ffffffff8f4fe4c8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 [ 659.028939][ T31] #2: ffffffff8e144b78 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730 [ 659.040338][ T31] 5 locks held by kworker/u8:0/12263: [ 659.047127][ T31] #0: ffff8880b863b798 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xad/0x140 [ 659.057265][ T31] #1: ffff8880b8623f08 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x39e/0x6d0 [ 659.068951][ T31] #2: ffff888077100768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x460 [ 659.079214][ T31] #3: ffffffff8e13f060 (rcu_read_lock){....}-{1:3}, at: ieee80211_sta_active_ibss+0xc3/0x330 [ 659.089661][ T31] #4: ffff8880b863b798 (&rq->__lock){-.-.}-{2:2}, at: finish_task_switch+0x18b/0x950 [ 659.099408][ T31] 1 lock held by syz.3.1250/12355: [ 659.104603][ T31] #0: ffffffff8e144a40 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 659.186354][ T31] [ 659.202384][ T31] ============================================= [ 659.202384][ T31] [ 659.278274][ T31] NMI backtrace for cpu 0 [ 659.278307][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-syzkaller-13743-g8630c59e9936 #0 PREEMPT(full) [ 659.278332][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 659.278346][ T31] Call Trace: [ 659.278354][ T31] [ 659.278363][ T31] dump_stack_lvl+0x189/0x250 [ 659.278397][ T31] ? __wake_up_klogd+0xd9/0x110 [ 659.278424][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 659.278456][ T31] ? __pfx__printk+0x10/0x10 [ 659.278491][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 659.278524][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 659.278549][ T31] ? _printk+0xcf/0x120 [ 659.278576][ T31] ? __pfx__printk+0x10/0x10 [ 659.278600][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 659.278631][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 659.278664][ T31] watchdog+0xfee/0x1030 [ 659.278695][ T31] ? watchdog+0x1de/0x1030 [ 659.278732][ T31] kthread+0x70e/0x8a0 [ 659.278760][ T31] ? __pfx_watchdog+0x10/0x10 [ 659.278787][ T31] ? __pfx_kthread+0x10/0x10 [ 659.278812][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 659.278843][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 659.278873][ T31] ? __pfx_kthread+0x10/0x10 [ 659.278898][ T31] ret_from_fork+0x3f9/0x770 [ 659.278931][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 659.278966][ T31] ? __switch_to_asm+0x39/0x70 [ 659.278985][ T31] ? __switch_to_asm+0x33/0x70 [ 659.279004][ T31] ? __pfx_kthread+0x10/0x10 [ 659.279029][ T31] ret_from_fork_asm+0x1a/0x30 [ 659.279067][ T31] [ 659.279076][ T31] Sending NMI from CPU 0 to CPUs 1: [ 659.438605][ C1] NMI backtrace for cpu 1 [ 659.438622][ C1] CPU: 1 UID: 0 PID: 5941 Comm: kworker/1:6 Not tainted 6.15.0-syzkaller-13743-g8630c59e9936 #0 PREEMPT(full) [ 659.438645][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 659.438657][ C1] Workqueue: events_power_efficient hash_net4_gc [ 659.438686][ C1] RIP: 0010:hash_net4_gc_do+0x29f/0xa90 [ 659.438710][ C1] Code: ef e8 c5 be 64 f8 4d 8b 6d 00 4c 03 6c 24 08 4b 8d 3c 2e 48 83 c7 20 48 89 f8 48 c1 e8 03 42 80 3c 38 00 74 05 e8 a1 be 64 f8 <4f> 8b 6c 35 20 31 ff 4c 89 ee e8 22 77 03 f8 4d 85 ed 74 5e 48 8b [ 659.438737][ C1] RSP: 0018:ffffc900048bf8e8 EFLAGS: 00000246 [ 659.438752][ C1] RAX: 1ffff1100bd31957 RBX: 0000000000000000 RCX: 0000000000000000 [ 659.438764][ C1] RDX: ffff8880278eda00 RSI: 0000000000000001 RDI: ffff88805e98cab8 [ 659.438776][ C1] RBP: 0000000000000001 R08: ffff88805e98ca97 R09: 1ffff1100bd31952 [ 659.438788][ C1] R10: dffffc0000000000 R11: ffffed100bd31953 R12: ffff88805e98ca90 [ 659.438802][ C1] R13: ffff88805e98ca88 R14: 0000000000000010 R15: dffffc0000000000 [ 659.438815][ C1] FS: 0000000000000000(0000) GS:ffff888125d84000(0000) knlGS:0000000000000000 [ 659.438829][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 659.438841][ C1] CR2: 000000110c240441 CR3: 000000000df38000 CR4: 00000000003526f0 [ 659.438856][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 659.438867][ C1] DR3: 000000000000000e DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 659.438878][ C1] Call Trace: [ 659.438885][ C1] [ 659.438909][ C1] hash_net4_gc+0x225/0x570 [ 659.438936][ C1] ? process_scheduled_works+0x9ef/0x17b0 [ 659.438965][ C1] process_scheduled_works+0xade/0x17b0 [ 659.439008][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 659.439045][ C1] worker_thread+0x8a0/0xda0 [ 659.439074][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 659.439105][ C1] ? __kthread_parkme+0x7b/0x200 [ 659.439148][ C1] kthread+0x70e/0x8a0 [ 659.439169][ C1] ? __pfx_worker_thread+0x10/0x10 [ 659.439195][ C1] ? __pfx_kthread+0x10/0x10 [ 659.439214][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 659.439239][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 659.439264][ C1] ? __pfx_kthread+0x10/0x10 [ 659.439283][ C1] ret_from_fork+0x3f9/0x770 [ 659.439309][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 659.439336][ C1] ? __switch_to_asm+0x39/0x70 [ 659.439353][ C1] ? __switch_to_asm+0x33/0x70 [ 659.439368][ C1] ? __pfx_kthread+0x10/0x10 [ 659.439387][ C1] ret_from_fork_asm+0x1a/0x30 [ 659.439414][ C1] [ 659.695401][ C1] vkms_vblank_simulate: vblank timer overrun [ 659.818049][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 659.825433][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-syzkaller-13743-g8630c59e9936 #0 PREEMPT(full) [ 659.836934][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 659.847033][ T31] Call Trace: [ 659.850344][ T31] [ 659.853304][ T31] dump_stack_lvl+0x99/0x250 [ 659.857944][ T31] ? __asan_memcpy+0x40/0x70 [ 659.862567][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 659.867812][ T31] ? __pfx__printk+0x10/0x10 [ 659.872452][ T31] panic+0x2db/0x790 [ 659.876400][ T31] ? __pfx_panic+0x10/0x10 [ 659.880862][ T31] ? nmi_backtrace_stall_check+0x433/0x440 [ 659.886721][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 659.892139][ T31] ? nmi_trigger_cpumask_backtrace+0x2b6/0x300 [ 659.898346][ T31] watchdog+0x102d/0x1030 [ 659.902717][ T31] ? watchdog+0x1de/0x1030 [ 659.907179][ T31] kthread+0x70e/0x8a0 [ 659.911287][ T31] ? __pfx_watchdog+0x10/0x10 [ 659.916001][ T31] ? __pfx_kthread+0x10/0x10 [ 659.920627][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 659.925868][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 659.931105][ T31] ? __pfx_kthread+0x10/0x10 [ 659.935741][ T31] ret_from_fork+0x3f9/0x770 [ 659.940381][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 659.945558][ T31] ? __switch_to_asm+0x39/0x70 [ 659.950365][ T31] ? __switch_to_asm+0x33/0x70 [ 659.955681][ T31] ? __pfx_kthread+0x10/0x10 [ 659.960298][ T31] ret_from_fork_asm+0x1a/0x30 [ 659.965117][ T31] [ 659.968467][ T31] Kernel Offset: disabled [ 659.972810][ T31] Rebooting in 86400 seconds..