last executing test programs: 17.924543785s ago: executing program 4 (id=228): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) r1 = socket(0x1e, 0x2, 0x0) r2 = socket$kcm(0x2, 0x5, 0x84) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r1, 0x89f2, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)=@gettclass={0x24, 0x2a, 0x2, 0x70bd2b, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x5, 0x9}, {0x2, 0xfff3}, {0xb, 0xa}}}, 0x24}}, 0x4000000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x1000000000, 0x7, 0xfa11, 0xffffffff}, 0x0) r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, 0x0, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]}) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0xad82, 0x0) syz_usb_connect(0x6, 0x3b, &(0x7f0000000100)=ANY=[], 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r7}}, 0x24}}, 0x0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r8, 0x10e, 0x1, &(0x7f0000000140)=0x1, 0x4) 15.047747745s ago: executing program 2 (id=236): timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x3ed4, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mincore(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0) 13.890889996s ago: executing program 4 (id=241): r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000100)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x41e, 0x3100, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0) syz_usb_connect(0x1, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x58, 0xe4, 0x9e, 0x10, 0xcf3, 0x9374, 0xb3d7, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x5, 0x2, 0x10, 0x6, [{{0x9, 0x4, 0xbf, 0x1, 0x0, 0x68, 0x4c, 0x9a, 0x1d}}]}}]}}, &(0x7f0000000280)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x201, 0x80, 0x7f, 0x4, 0xff, 0xfc}, 0x2d, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x4, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x801}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x44e}}, {0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x1801}}, {0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x420}}]}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x10a900, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'\x00', 0x2}) ioctl$TUNSETPERSIST(r1, 0x400454c9, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) r4 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0xdc0b, 0x10100, 0x0, 0x20e, 0x0, r3}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r7, 0x1, 0x2a, &(0x7f0000000000), 0x4) syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r2, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r4, 0x2ded, 0x4000, 0x0, 0x0, 0x0) syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0) open_tree(0xffffffffffffff9c, 0x0, 0x89901) openat$dir(0xffffffffffffff9c, 0x0, 0x1, 0xd8) syz_open_dev$swradio(&(0x7f0000000000), 0x1, 0x2) syz_usb_connect$hid(0x5, 0x0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x2, 0xbaa}, 0x50) syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0) 11.989077857s ago: executing program 2 (id=243): syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000000000)={{0x0, 0x3, 0xfffffff9, 0x1, 0x3ff}}) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_setup(0x4e3, &(0x7f0000000480)={0x0, 0x938c, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) getsockopt$CAN_RAW_RECV_OWN_MSGS(0xffffffffffffffff, 0x65, 0x4, 0x0, 0x0) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) add_key$user(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x4008032, 0xffffffffffffffff, 0x2000) semctl$SEM_STAT(0x0, 0x3, 0x12, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) lseek(0xffffffffffffffff, 0xfffffffffffffffd, 0x1) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x60600, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) ioctl$KVM_PRE_FAULT_MEMORY(r8, 0xc040aed5, &(0x7f00000000c0)={0x100000, 0x21d000}) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) 10.895505136s ago: executing program 0 (id=247): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setxattr$incfs_metadata(0x0, 0x0, &(0x7f0000000880)="22cff580", 0x4, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(0xffffffffffffffff, 0x40086602, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) socket(0x400000000010, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x2a, &(0x7f0000000e00)=ANY=[@ANYBLOB, @ANYRES32, @ANYRESHEX, @ANYBLOB, @ANYBLOB="0000000000000000b7080000000000007b8a00fe00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000000), 0x4) r2 = socket$packet(0x11, 0x2, 0x300) socket(0x1000000010, 0x80002, 0x0) getsockname(0xffffffffffffffff, &(0x7f00000014c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000340)={'gretap0\x00', 0x0}) setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000480)={r4, 0x1, 0x6, @local}, 0x10) setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000040)={r4, 0x11, 0x6, @local}, 0x10) close(r2) unshare(0x42000000) 10.535616085s ago: executing program 1 (id=248): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000002640)=@delchain={0x198, 0x65, 0x2, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0x1}, {0x0, 0xb}}, [@TCA_CHAIN={0x8, 0xb, 0x6}, @TCA_CHAIN={0x8, 0xb, 0x6}, @filter_kind_options=@f_bpf={{0x8}, {0x154, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_NAME={0xc, 0x7, './file0\x00'}, @TCA_BPF_ACT={0x12c, 0x1, [@m_simple={0x30, 0x1e, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x1}}}}, @m_simple={0x88, 0x1e, 0x0, 0x0, {{0xb}, {0x4}, {0x59, 0x6, "9787c29d6ac649e7ec160dfef7c4cea330102e688fe12213d2bf7dae04880a34e7bf775010128401ec7b2a9ceab9c40c5f9bd00ceff17d69ca7a27324ef7a1ad28d4b3c6a826826e9c291c16ab3d13e1f337751959"}, {0xc, 0x7, {0x0, 0x79d0f023c2b305dd}}, {0xc, 0x8, {0x3, 0x2}}}}, @m_connmark={0x34, 0x15, 0x0, 0x0, {{0xd}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}, @m_csum={0x3c, 0x8, 0x0, 0x0, {{0x9}, {0x4}, {0xd, 0x6, "4ac6768e05c6ec90b2"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}]}, @TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x3}, @TCA_BPF_FD={0x8}]}}, @TCA_RATE={0x6, 0x5, {0x6, 0x2}}]}, 0x198}, 0x1, 0x0, 0x0, 0x81}, 0x20000080) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400}) 10.069061297s ago: executing program 1 (id=249): epoll_create1(0x0) socket$inet_tcp(0x2, 0x1, 0x0) epoll_create1(0x0) epoll_create1(0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$igmp(0x2, 0x3, 0x2) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) r1 = socket$inet_udplite(0x2, 0x2, 0x88) openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x166) r2 = syz_io_uring_setup(0x460, &(0x7f0000000280)={0x0, 0x4000001c, 0x10, 0x2, 0x8, 0x0, r0}, &(0x7f00000000c0)=0x0, &(0x7f0000000000)) syz_open_dev$rtc(&(0x7f0000000140), 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_RECVMSG={0xa, 0x40, 0x0, r1, 0x0, 0x0, 0x0, 0x20, 0x0, {0x2}}) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) io_uring_enter(r2, 0x47bc, 0x0, 0x0, 0x0, 0x0) 9.597309988s ago: executing program 1 (id=250): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=@isofs_parent={0x14, 0x2, {0x8, 0x4, 0x8, 0x8, 0x1, 0x2}}, &(0x7f0000000140), 0x1000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_S_INPUT(r2, 0xc0045627, &(0x7f00000000c0)=0x3) r3 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_SUBSCRIBE_EVENT(r3, 0x4020565a, &(0x7f0000000080)={0x5, 0x2}) ppoll(&(0x7f0000000180)=[{r3, 0xc200}], 0x1, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_INPUT(r3, 0xc0045627, &(0x7f00000000c0)=0x2) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r1) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000400)={'wlan1\x00', 0x0}) r6 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x403, 0x6030, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x2}}}}]}}]}}, 0x0) syz_usb_control_io(r6, 0x0, 0x0) syz_usb_control_io$hid(r6, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x22, 0x2, {[@main=@item_012={0x1, 0x0, 0x7, "a4"}]}}, 0x0}, 0x0) syz_usb_control_io(r6, 0x0, &(0x7f0000000940)={0x84, &(0x7f00000004c0)={0x0, 0x14, 0xd, "5e6424818327b2369deca65eb2"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r6, 0x0, &(0x7f0000000880)={0x84, &(0x7f00000003c0)=ANY=[@ANYBLOB='\x00\x00M'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r6, 0x0, 0x0) syz_usb_control_io(r6, 0x0, &(0x7f0000000b00)={0x84, &(0x7f0000000600)=ANY=[@ANYBLOB="200e06"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r7 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) ioctl$I2C_RDWR(r7, 0x707, &(0x7f0000000200)={&(0x7f0000000240)=[{0x3137, 0x1800, 0x0, 0x0}], 0x1}) sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000005d780ec4abe4775a43b678e6fc6b12bdea2f9206507da0f7ef13a21afaf679f2077a5f94190a6ccf7ea688847aec4ccd83b5", @ANYRES32=r5, @ANYBLOB="0c009900090000007b000000"], 0x28}, 0x1, 0x0, 0x0, 0x4800}, 0x0) 9.093829174s ago: executing program 4 (id=251): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) ioctl$SNDCTL_SEQ_PANIC(0xffffffffffffffff, 0x5111) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet6_IPV6_HOPOPTS(r2, 0x29, 0x36, &(0x7f0000000000)={0x84}, 0x8) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb47, 0x9, 0x8, 0x80000001, 0x3}, 0x0) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$sock_inet_SIOCDELRT(0xffffffffffffffff, 0x890c, 0x0) ioctl$TIOCMGET(r3, 0x541e, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r4, 0x0, 0x42, &(0x7f0000001280)={'HL\x00'}, &(0x7f0000000180)=0x1e) 7.358406561s ago: executing program 0 (id=252): r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x301) ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f00000000c0)={0xa3, 0xd, 0x4, 0xff, 0x0, 0xfeff, 0x0}) 7.053080821s ago: executing program 0 (id=253): bind$netlink(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) socket$nl_audit(0x10, 0x3, 0x9) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4a, 0x9, 0x8, 0x0, 0x3}, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, &(0x7f0000000140)={0x3, 0x0, 0x7}, 0x8) ioctl$SOUND_MIXER_READ_STEREODEVS(0xffffffffffffffff, 0x80044dfb, &(0x7f0000000000)) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='coredump_filter\x00') write$cgroup_int(r3, &(0x7f0000000080)=0x101, 0x12) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x400000001, 0x0, 0x13f, 0x9}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0, 0x0) r4 = syz_open_dev$sndctrl(&(0x7f0000001ac0), 0x1, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x5, 0x5, 0x0, 0xc}]}) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r4, 0xc4c85513, &(0x7f0000000000)={0x2, 0x5, 0x1, 0x0, 'syz1\x00'}) 6.883119239s ago: executing program 2 (id=254): gettid() futex(0x0, 0xc, 0x1, 0x0, &(0x7f0000048000), 0x0) r0 = socket(0x1a, 0x1, 0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_usb_connect(0x2, 0x0, 0x0, 0x0) ioctl$CEC_RECEIVE(0xffffffffffffffff, 0xc0386106, 0x0) bind$l2tp(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) r1 = syz_io_uring_setup(0x1f87, &(0x7f0000000080)={0x0, 0x0, 0x13580}, &(0x7f0000000100), &(0x7f0000000280)) io_uring_enter(r1, 0x15f1, 0xff98, 0x69, 0x0, 0x0) sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{0x0, 0x0, &(0x7f0000000040)=[{0x0}], 0x1, 0x0, 0x0, 0x44}], 0x1, 0x0) setsockopt$inet_sctp_SCTP_EVENTS(r0, 0x84, 0xb, 0x0, 0x0) sendmmsg$inet_sctp(r0, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, 0x0, &(0x7f0000000200)) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) 6.783124155s ago: executing program 4 (id=255): r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x1, 0x2) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) r3 = syz_open_dev$I2C(&(0x7f00000000c0), 0x0, 0x800) ioctl$I2C_SMBUS(r3, 0x720, &(0x7f0000000240)={0x0, 0x0, 0x6, &(0x7f0000000000)={0x5, "14956544c869ef45cda7dd68fe132f1d0259da184039589d199f3db71c15666d95"}}) syz_open_dev$vbi(0x0, 0x0, 0x2) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="b40500000040000061107500000000006605000000e3000095000000000000001e6443165316606826570673bd2015c43a9334a136ff04a6ed8d044bcadbd5681eeb13a486a6672414270acfad927fa112e1ed0ea257d0faff057ae67db946f94cc0f40f17c4454ca4dddacb0670b381446a93ffa6e7f1acc3c7b9a32f3735c11887122f4e4c090702a196afb7429e7bbe719d312a1280630c2b50d279a9c2a292027134f755125ee8423af5eb0d984344a35400a7dda797b6e2bfebd839ff07"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) bind$alg(r4, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) r5 = accept4(r4, 0x0, 0x0, 0x80000) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000200)="ad00"/15, 0xf) sendmmsg$unix(r5, 0x0, 0x0, 0x0) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x80000001, 0x1, 0x4}) write$nbd(0xffffffffffffffff, 0x0, 0x0) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000240)=0x1) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, &(0x7f0000000140)}) syz_open_dev$vcsu(&(0x7f0000000280), 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mbind(&(0x7f00001fa000/0x2000)=nil, 0x2000, 0x1, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) 5.433450057s ago: executing program 1 (id=256): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$TIPC_NL_BEARER_ADD(0xffffffffffffffff, 0x0, 0x20000000) r2 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) r3 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r3, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r4, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r3, 0xc06864ce, &(0x7f0000000440)={r5, 0x0, 0x0, 0x0, 0x0, [0x0], [0x10]}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000140)={0x5, 0xed, 0x20b1}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r2, 0xc00c642d, &(0x7f0000000080)={r6, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r3, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r7}) 4.803954035s ago: executing program 3 (id=257): ioctl$TCSETS(0xffffffffffffffff, 0x5402, 0x0) syz_pidfd_open(0x0, 0x0) r0 = userfaultfd(0x80001) dup(0xffffffffffffffff) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1}) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000000)=""/51, 0x304000, 0x800, 0x0, 0x3}, 0x20) ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000013000/0x4000)=nil, 0x3000, 0x3}) 4.802922832s ago: executing program 2 (id=258): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) ioctl$SNDCTL_SEQ_PANIC(0xffffffffffffffff, 0x5111) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet6_IPV6_HOPOPTS(r2, 0x29, 0x36, &(0x7f0000000000)={0x84}, 0x8) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb47, 0x9, 0x8, 0x80000001, 0x3}, 0x0) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$sock_inet_SIOCDELRT(0xffffffffffffffff, 0x890c, 0x0) ioctl$TIOCMGET(r3, 0x541e, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r5, 0x0, 0x42, &(0x7f0000001280)={'HL\x00'}, 0x0) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r7, @ANYBLOB="30003300c0000000ffffffffffff080211"], 0x4c}}, 0x0) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001a80)=ANY=[@ANYBLOB="b700000017000000bfa30000000000000703000028feffff620af0fff8ffffff61a4f0ff0000000015040000000002000f030000000000003404000001ed0a0014040000170000801c400000000000007b0a00fe000000002c04000000000000c6000000000000009500000000000000023bc065b7a379d17cf9333379fc9e84af69912435f1b6a693002e7f3be361917adef6ee1c8a2b4f8ef1e50b91f32050e436fe275daf51efd601b6482a0800000098efefb202ee010400006e7a1de4a21f379dbf01de00b1b564fef3bef70548aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc646cb7798b3e6440c2fbdb00a3e35208b0bbf12cd8dff0c710e4000000000000009fbe4b61a615c6c57a2b649dc74a1a610643b08d9ec21ead2ed51b104d4d91af25b8123deda8a3658d42ecbf1dbf6d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31a76e42f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0800000000000000d5f728d236619074d6ebdf098bc908f50ae728a40f9411fe7226a4040bef29b66e3858d051c096e37c4f46010400000000c3da29faf75ddd1aa96960bca97af13382cb881cc1f62c0f8f8f0e8d76b86f9c45636614786f5a2cb77230a874640dcbe0b20bb77c022d0cab080078fce8c5c81b7037181fc2f18f781aaa6e2957d7e39cc1baddcb7ec6667e699f24e41697ee7ea23e4b29a8b6cc9a1f5a7b3caae05f13792292cb949b3aab06b1e042ff2164d80c605532b18ab1c156b97e5889685a96949e4cb40df77b8bb84b0e733a63784ccc214d930cbb7e090d030000003acec439c163fcd7071b53ac29df826f8ae6d6e18c1eacf5bf870768d5217e9bb5a05d9e22ce67f1231bd236486727d970acc546087acbf30f2f8165b47ba56dfadd14b306e98931481747292c6fe6e188750cf4f87cce2aa7d67c7133a9f05954cde298a35ea6d715ba80aee63300000000000000000000000000000000000040000000000000000386000000b854adb4f8080064e8407c6bdb37114c80fbaa4a0ec5aaf4b0ac6f2128668279eb6fc144344e2d461c9a1be8fa0061ea9d55ee4716bea8e1cebf9ed39325ab4c5530dd6ee9fffc00000000000000d7c5af73c683625aaad5eda5004a76c9f8975ed4c5e4eb3e77e9885769754932609f19e2f615a01cb6d17fbf5cb539403cb0572534f054d5514ad8269b2bdf2ca4958a62a6e744f9a4c1e646e1dd2ca19583f0f8b0dc53debd7d44f334e6ed7445a9580f970e483b307c4b3c018bc194b23d37e6a2e52d8288e5aab6fec586d52386e8c07a88c88e8faec5f1b16b2014f6952ce7d6be12c6bdb9651ca6fc907061be311d1354e6295698594a73136237bee068d3819400e43544830a3f74b7942f22336953978a5b2032da4238cc61162c04c1297395b73e18c9387615a2bc87d9e2445f3d323d3fac347932a4bac694c55fe9d145906d410f58f1951405d10504efe402cae085afef5dbd617e87ddbd23834a50d7eb8e327fb5db12cbd6a9efe8e671c4f251fe3bf440cabdfe3400a670d14b9b3cd8d86e492997a0168c022ef3536bd1dc731f4f9f8cb6c3857fb8aaaa95024f8da775f72950212b84fc6133ae14d1429cd4905dabb52e43af7e65acf97b4951fa1e967d16a5ed642efc855a4a46b85cd079934ad3188276efae9387eaa2c910fb8de24b5d4fded86c3811ccd00520150b16000080122965558074956da5e4c3bbefcb64aa8be4456ed2caf0f467b6bbf3aa4371f5e76ab3f60afea80bb066aafb7517f787b090f419a20278a3c779e03afd9a6af6fd518e5dce030f88ec5a5cb7601a161da0f8089322d84ac523040d13e1f1300c2c6555bce60d95dd3288e53435713f03add23f14c8db5555c62de4f626483632a2ab547f88dd6efec73a0271a19ca3aa860aa4dcaeeb9bd91a0cb429efae2a5fcc08b3a572969bbe91c921ac1476027772c87d1767e31a3446cd57fafea83e495a6a1d1a4ebf83434986091dd66ffe3ffed0c39552a312e2db596d9c828c02f6fc13c8ddbb50bfd7dd8aa2f35f259fc83e007f00a292dd3b856faa4b7e66e1b64505f65900839df71a97d4d05d37f7ecf8ed9a22da26ae674bba16c204f6b2f8f74fc56b7126d7c11ece6e88ec41192aaee75415c58d264a2b6adae02c821b62428902aad499825ab85a348638384cd12e61dbde5c47056f0a20b4e2a2328d5db5cfe56557a129e6be231acf5f57995c60d9fca5f63a0dfd18054717120bda466d04774b530500d8b022719ca77a4e0a66b4708f791d849a5e2aaa0074a9560ede2600df5a5c41392fe9460080fcb1e65233fb8dbeec4c86dbcf6a0673e38d2d3615e5bfbde44afe0fa7564231fff7e7f1f3ad68492dd2ccb1decb15b5d7d3e37e8b7d28921c4b9280979521173f322df408d9818b6cc400098abb869921911480a876fbba698801937e8b4264eb6f5137bd9b075f1488d22230592a79000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002f316aa0886c174b73decb46c1c85edf50d8fcbac5ff76b365611666da86a8e65b308706bd7c000000000000003f7cd4d5cb9076b81b7741ec03877afb5237ea1694addebc14c3ae49f88c462aa2050acf2d9a97d3be29a5614d1eba2c98cf0236401e02d7c445e50f76419ab4f78f67a09e63dd4faa2e7b59399f055f2fa278783fefb0a5ef0b41e14a6fe6ba306206670b84894e901a523fcbadfeff535f2514bc834e876810d9a6a78e70a9e22860c36a724770b4185de44db6bf21fef32a8d5b36d9014f38fee012365f963b2a85e7d8075c333475b9be0bdd37220e316f2297743dd4731614a50c16c6a41744c3d24eab511317f97b7b4a1c2ec33fedc46e9bf0fa640eebd3d58f0ebdb7cb8ccffd08000000e843591d2618e2d2cdc7081c8fafffe9c350a5c554a387de4ee7aac6478d99de7dd82bef044a6d33c789d566c90c46ad581aa22f910547a77d55e26bf19f1d4661550b177ef53933a305e69b8a95119d2a673bdae05779208409e6cf5bda599d625054776151b2cd1fcde238bdc527594a6c17aa9728af7a3830e7092b01b119ea4e7e7f0e21527d622cc29c9f0c8720195368f8a9d3374337ab4d130619d93c5ef37e7ddd0b2da147e6e513455b88753452de959a6cbfa1ffbc7ad5d8c3b48017fd31dcf72f337b639253f44cb27a12174bc4c191e21015d0c431a71906eb9c6a14c8a060459ef26787ce3d1cbfd5cc459f0048b5d06f6cbd3e9b34c89f3fb2f951ae81d7fcc8bc0000000000000000000000000000000000000000009231feef3117197c7963c2ba910969f776c8b2ea3970f358107945d9e74e9bdfa58e68b65a9201bc4b73b431df5aa29f363917f90e3fa1eaf553db1c761dd9b634a9c4d7c21d24fe6d953ed9438cad0f8dfe03e5e2f73019352f1fb682a5a6ebbf24ebc49e3d7058e696eb3f4b642f36c9006c0067e24a64aa8c53dd824a4ee271e35ed9eed636338f1835fc957729d63dc1bfc7b772cbe536c2d3aff27c22f9a2f876512616a5bdaf22a16e19d1b5f52abb40b433983d0cf50234de659c1a397ce901000000caae1bcfdce33dae6adc260321702f239c25ab181390e7dc8c1e5b1cf3b4fef1cd5c44a89b5e5d8314e02f4673ded90bce9a4025b0232eec970f7aa17f175a14e8dc0700bac0006b98a8283eee5665f3aede28228e0468dbcf8b776fe4c629d3af183a7cba5adf77f23d31f9d5a183c0da4e95f75b1496a97a46a06e4e1f5a8438d49dbd493ba2482c398ab724577fd742bf44cdd8489086e61aa3cb1d3ab3dac8183102fe6fc8a038e3868a0592811446867969f0fb3f547e83c4ca35aac023f09f15bb0acb3cdc6efd9b0e9df56af7fda01280a384028b35994388"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x1e}, 0x48) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={r8, 0x0, 0x0}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) 3.37538828s ago: executing program 0 (id=259): syz_open_procfs(0x0, 0x0) r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x0, 0x0) r1 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r1, 0x0, 0xc8, &(0x7f0000003d40), 0x4) setsockopt$MRT_ADD_VIF(r1, 0x0, 0xca, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8) syz_emit_ethernet(0x3e, &(0x7f0000000140)={@local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x20, 0xfc, 0x2, 0x0, @rand_addr=0x1c, @multicast1=0xe0000300}, @dest_unreach={0x3, 0x6, 0x0, 0x0, 0xfa, 0x9, {0x5, 0x4, 0x0, 0x3d, 0xfff6, 0x65, 0x5, 0x5, 0x4, 0x3, @rand_addr=0x64010102, @local}}}}}}, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000440)={@local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x20, 0xdc, 0x2, 0x0, @rand_addr=0x1c, @multicast1=0xe0000300}, @echo_reply={0x0, 0x0, 0x0, 0x67, 0x5}}}}}, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 3.194826306s ago: executing program 3 (id=260): epoll_create1(0x0) socket$inet_tcp(0x2, 0x1, 0x0) epoll_create1(0x0) epoll_create1(0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$igmp(0x2, 0x3, 0x2) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) r1 = socket$inet_udplite(0x2, 0x2, 0x88) openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x166) r2 = syz_io_uring_setup(0x460, &(0x7f0000000280)={0x0, 0x4000001c, 0x10, 0x2, 0x8, 0x0, r0}, &(0x7f00000000c0)=0x0, &(0x7f0000000000)) syz_open_dev$rtc(&(0x7f0000000140), 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_RECVMSG={0xa, 0x40, 0x0, r1, 0x0, 0x0, 0x0, 0x20, 0x0, {0x2}}) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) io_uring_enter(r2, 0x47bc, 0x0, 0x0, 0x0, 0x0) 3.101881253s ago: executing program 4 (id=261): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r2, &(0x7f0000000000)={0xa, 0x0, 0xffffffff, @empty, 0x0, 0x3}, 0x20) connect$l2tp6(r2, &(0x7f0000000f40)={0xa, 0x0, 0x0, @empty}, 0x20) sendmmsg$inet6(r2, &(0x7f0000000ac0)=[{{&(0x7f0000000180)={0xa, 0x0, 0x0, @empty}, 0x1b, 0x0}}], 0x17fd147c801ae9af, 0xff00) 2.935894848s ago: executing program 0 (id=262): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$TIPC_NL_NET_SET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)={0x18, r1, 0x1, 0x80, 0x25dfdbfe, {}, [@TIPC_NLA_NET={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x2805}, 0x0) 2.906346247s ago: executing program 1 (id=263): socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x80) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x4, 0x8001, 0x0, 0xb49, 0x200000000002, 0x7, 0x8, 0x3}, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x12) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r2 = io_uring_setup(0x3450, &(0x7f0000000080)) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) 2.656793281s ago: executing program 3 (id=264): r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x301) ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f00000000c0)={0xa3, 0xd, 0x4, 0xff, 0x0, 0xfeff, 0x0}) 2.512556736s ago: executing program 3 (id=265): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) ioctl$SNDCTL_SEQ_PANIC(0xffffffffffffffff, 0x5111) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet6_IPV6_HOPOPTS(r2, 0x29, 0x36, &(0x7f0000000000)={0x84}, 0x8) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb47, 0x9, 0x8, 0x80000001, 0x3}, 0x0) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$sock_inet_SIOCDELRT(0xffffffffffffffff, 0x890c, 0x0) ioctl$TIOCMGET(r3, 0x541e, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r4, 0x0, 0x42, &(0x7f0000001280)={'HL\x00'}, &(0x7f0000000180)=0x1e) 2.462588814s ago: executing program 0 (id=266): io_uring_setup(0x22c7, &(0x7f0000000000)={0x0, 0xe4f9, 0x20000, 0x3, 0x265}) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x300000c, 0x51031, 0xffffffffffffffff, 0x0) syz_usb_connect$hid(0x5, 0x0, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) ioctl$USBDEVFS_DISCONNECT_CLAIM(r3, 0x8108551b, &(0x7f00000004c0)={0x0, 0x2, "5a77bd318786aeb879ca62cdab2a0000000086d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f6853772b21a100efb76cba37ff3111d6847e8b9398a646717af75fc008daefba68e6222103472bc55704cdb72b4b996ed831f3b802549db3a8ffff7d34171113d806726615380fe65a6a0a72e1ac2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13f4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe363590d1f600"}) openat$audio(0xffffffffffffff9c, 0x0, 0x402, 0x0) r4 = syz_open_dev$vim2m(0x0, 0x3, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1}) ioctl$vim2m_VIDIOC_QBUF(r4, 0xc058560f, &(0x7f0000000180)=@multiplanar_mmap={0x0, 0x2, 0x4, 0x0, 0x0, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'y)\x00'}, 0x0, 0x1, {0x0}, 0xea}) ioctl$USBDEVFS_CLEAR_HALT(r3, 0xc0105502, &(0x7f0000000300)={0x1, 0x1}) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) write$binfmt_script(r0, &(0x7f0000000200), 0xfffffd9d) socket$nl_route(0x10, 0x3, 0x0) socket$l2tp6(0xa, 0x2, 0x73) syz_open_dev$usbfs(0x0, 0x76, 0x101b01) 2.205797507s ago: executing program 2 (id=267): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x0, 0x0) r1 = epoll_create1(0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000100)=0x0) ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(0xffffffffffffffff, 0x50009418, &(0x7f0000000200)={{}, r2, 0x2, @inherit={0x90, &(0x7f0000000140)=ANY=[]}, @name="c64a63a7564ec31001852e3b35bd6382e79047a5bddeacae39e2ebbb59d4dfb97ac9fd21b60ce8728de7d008d31d518c8c08f919e55924c8fe69c26ef7f30ea7674a87c13371b4e7dfaa9d289fa85c8fe980d93e919efd207bc8a5c9fcd5e9f59e5326605ed3dfacb8912dd04a21565bc9bfcc0edb200ddf914363905074d4d2fd8a3ff6e7d2fd9de70dabdd83ec6bd80441abac15ca0aaac5642eb00b56d3cd0626427b46ebe19d327e26c1492f41b4248d6c9520177e5b979bbc297b3b24e25691dd60bab998ee540ea464c3349f95037f33a82d475b8881490ef5e42dd322ff70312f6384709ac4868e036caacca261b1d00a3403006de5fa49a856ad9b99df411dae6fae4dee0cf601a117b2fd97d2fdca2ce2cadedf7167d2e9b94aa40b80764a354a57964bd33aa02961a07ad1f66e34ad177b0b52904f5fa59640bfff606d642d74e8f288d3a75790188fbe599b73818427d6a14ec3235d5f180364048e2dfb94c53bc5e8a4f8cd9e5bdfcfaf691eeb2cb528a0222e36c3f839d0703b448d103da1722de3425e0903e03430818ecaf2b65a1be194a32b53d531e6b462dac4a768e54a9aa153522836bd9e5d55de9878c07d6c968caac9e15b8f0f43db305d2d165099736be2224d4601f740dd89c92d4d6d187ead2dc16556a170da0fef1db2cef5f12ed7ba7b866ad556b00fde99e96f057a471f0a97393ce13802e4aa1d4fa4eb60928f626503778db2c3f0c98a6eecf6e54b71a01ffb9b9d439edc89260d0c690935d4c2a5a3e516b423355dd2e386e9ec4c15a72acfd966185b06760996bf6eb102102963b1bf4344e9467ad218916fd95e468efe028cde89ed85a3fe1bd8d2eae7a2d3f25f921c7c854b94d5d3b97372eafecb8fb326723b9949796740a1399e9a2d0aff3f97168b5dfc443ea7f596c53a2b4c05cd00f6efdb97cc168b25280f02c03f4153f37d8e759ee3b3023806e36b1569f81b250ca794fca904f8d6945c184e1ed79a2b7ce66b0d9afc6c09365d7805af46b39dbad5ca3e67c9bf14206bb666bad89ee9420c48de519bcac899009cf33ce82c92c0a824b73520152f5be6177a9d3158826c22ec267217b36fbc6abb2a2a1f8e7eb3b1951a82a6eb28a58ed3a0804484bfcf3cd9a15bbcce3a54c492b71ed19b8713e9d723a68e02460a5a86109b352e3b8432babcb74713cac26f1fe80a720c076cdfdec8879781873fbdc76b3d90a0193edb21bf836e2bfda3b1ca5809a6db18ddc08705c1df0b1d1009bdbd396bb915c7ed0c8fb8ad15581d44f02a7d69a4d5d7d58bbd6aa86b1bde884e0ed3a495e590b549770b4e9bb3fcc95dc5e39ca06cf6e19204ccde48c773cbcc100e37977705db57fe1a9431aeff347e4685e1d0d3fbec22b09aab3a0d7b6341bb63b84994d1eb5759085a801a2f01005a910daecfcff76f22a2f803af1333a1ef45651fea301efe0250aee1929cf273c2437f8ce892affd1c84a02d040830d59e4d78658f76f38f1fe4aff45941243b0161e69b252faa4cc8be0e8bc32c829c4c33a53b70dec4f8b5bd90fe07c0527991a8d5720f74871765da07ecff2b55fe814d0dea9aba30d0a753f684776d8b2f688b382b3d5cdcb8aae6917a9407d9858dfeac8bf2cc00f6e4d8a466f4095d1f65e808451f2d22f383984e6c840a2054198e2e28e81ac01b0590833adbf53dcfdd0dd530746f7d3bed7626266e9ee36c31b7432fbde87b2c27da9f98bb3a5dca979fc25e0ab29e25d0655b366a4c9a618946c479e65f58e966ee41a1d1d3b68f8ec030b94083ad8323709480a82a32c23f9be5002b5e459652d6a5310a927f490ae8618a2c92c51aa707498575eeb440929addab09cefebc9819f1a96462813585e4001520654132f7e8a3c415c4f78af5daffcfdd3178899d6489d724c3c876d8355f37fc19027b2ed6d2bf59eed8cc16c20058df3160ae8a7c8e76a869e67f29a1dc8c9d4c504a524e3f1e2a05412bb0ac0ff7fb79367d1466b4cbcf599990a45e9a349fdba4239d72daeb714e906ebb9b1643ca52e8deabcaac192ff329085f8c9b3595c7f989a39d110b7a99bda90c6dadef6e4f903dbf5ba124ca1f683c76d7935b0c7e7081ee06e5bca9c4f71b030359d725f7bf2ddd7e7bb354af3cc5dff3eb9a50bcea16540f5a5d805a21c5633256164af6cd258e710c487c7288f7a6dc3c52f70df04962311e6da4d55e8f57427fd89008e9c4343c38f784aa6dfbc5736ab0a7f6f0ae574454ff25c8a33d993e2e94e70cbc9b3a5269bef417c4511c0388cf9fd5a19b2c956838ea5865b8bb3e5549681a1805ccdcb7645c4c629a10964ee8eb8e2f7d332aaa927fd93f85cda1076c0391db6f2e0142985f4e40428d97473527a5c5ff3c23f278f852f6e5c4499a0b1363d459e02d71e2abc3c72116900e25b752694eb9b2b6ab4484f2ab566d7635f0c597a0dd9921887805c925344598ea4c4b083a2350d5362ba3a5f53b236385280c745559936cd9c606e45d040b49780548eb42c62cebffbd740356530d1bd3b510d8efa6d7493652be29fed23962ca85c831ba9bb4987be660deb9afe90bf93b7239172301c9d9a702a0f62f19a0898a2e2eba299072a2441f0cf74289ed510f00e0579d98e625d2dc5731fdcaf86f18958fdf0ccfd211e826d904ec0203b42de46bf371d1c672cb6aa16fa01dc881db2e34bf0c15622d53118cf434ed4258b7ea4bc79724d40ef4010ec56aceb727d245c3d358d2c5575d56d9361d8d6725679f2e6263c6fa173cc0c8ce1b2380962516df0230b2edcad18490dee316e9ed571800f3ca47295f152b041b4c33f914814010e9ee1cb84c8eb93179d2443c946382c91ca0d81ca590c4344954d5580261cc3012c7347edd2857749ff81a4f14caed27960c72461af2e67d63e3ef43b19aae9a7b8cb8e2c3cf0f67356c7f28d11a1505f0153dd8629b4e9c559143441777abf4281e08bd729e9f1ea3f988f1c681495c0c38a543c75181e4ebea2d243d0dfa173466f7f5667ff4a1bb6453e14265e6ba1d5018174f84711e7fe02955fac11d2dcd248f3e6b482afaf9b220f55989c5f269fb440de6d7c10d51689f9ee94ea899a30ceb23f9d6983ea80399639f338ee0fe25c191b96e22a7f639a55c06fb083a5af8ccffe56fa179840d706de9b13d1babdfe7174916331fa07532ffd47c8696331e75d9a83854b1d2bd53a0fca65db03fea31b5179bcffcbe111979643929810640935114f786aaf993eee16b663526103f38162aa1f0788b2f07400766343be048c31e8b9fe591d3d05a243377314e7715ae415ac998359c7a0469751d22502941eb7303064044d878f4c96c24ec004ebb8ae2847982fc22af4201f60e6c8c223823a4003b55d838f80600d94ee6e9be0bb02d4825a8f273f4c61e670a96a056d1e994fdb0632ace69ec23906dfb3550cfee69e56ee820291352aa7f87b77f1cf96ee75106e3b84fdb55f1aee92eff363cf210f6d52eca3b73fb087b34c26eeccdf8d37adf482694f83d5a8aea67fbac2cbf3eca50111119a1d6f14917e5fc27c041146b5aa328548db78ab6bec74e2e58f284ceaa47191ba0757b724269310811b089126e7505194c783fe104688ce5cc3aaa8dd5bf55c61d14840681463856c32d03e7ae31ce5ca118f4981f67280627722333b7a401de07c96ea674871a3d94cdfbcf14fa1207e0b799ccf7e63ff1015d9104c83b8a98add0f72a3954ffc88239680adbed21f53dfe57cbe4350299957f3e97e7b9b9bb273cb79a87e8627676ed74fd588cdd5ef31d98387c1087b693a94b2f4c4db8bb11ad039a3b622353598d6007858c8c19b204192bc9e3c3b7c13c3539d2eacea27c0092ffa80162662d325990ea77e92e8f543d6d61efe0bf05e54857ebfec807be4d371ba71835203b6a2b87f44a0ac339962f7b0e094ff86cce28ec2d68f590f42ba0d95e576b5a197bec5b67e8f01db40314af01226857c9a369f835166b3fbfa87e3ae93ec384b1cb20192f4e4362368afd36449cf1183edb761a1bced1448ea1ed701fb69a467c011b5b886876be32a7c6140424c7056f49e5979e10b923215a1bd3f678ed7f845371888a73341e868f3b5d6060653f0198630afa547951fc7e05bdff20164b5cb30bdd7c798d89154b702fccd6607725b7483d968d2958635c92b55bcc39c8a107ad5270902530b0da1a27873cb0dede3b11da8a81af3b5cb3fb28975506fcdb653d718fab22c7a87dd9e1e592bf6e165a7a7e38ddeadef5adbb48040245b1a899e3f9ba15cc31f3e1dea516dd69040ea550996f14731e16e316b6328e254867531f2ecfe5b7d1e6e5da8a085e8da74d2a72c28931246318bc7f49726f0f35509c1d49405cab637c193269a2e5ebef44f096702b4067e53828d4151b41c4b25a5347d1be43225ffb1957ac386de4f33900cfc5a3a1841633ad1a087e352cd9b5f85c540ca42a059c603b1f3b825eb9ba2ee04648df3951320b96bda398b6296c0580113bc9b01b6af116252428273dbd7fe7c2817d57945284f2e4b6e713f44521875d38a895090ffd29899c9abd3b25320b768dfa29d301a704547c870532184745edc8ab77ec3ab37edf5d9aee9c7c19fd252a48664904601860c94708355c8a58d20b163cddfb8de638588bb8d85bf4c92f4672d1dddff77c1a073a31c2916facd526fb2e2622300fdf9af645e6859c8df2199e8834d179e4828c6bc4bbd9a6ba5c397360b3b7562ae138522f151b98f40848086369b1b435da82d705275970778aba3604a17b67a3e21e6b393080823f743ab3d4168b9cf3b603a3c8fe6e255b36ad93bf381a485c1b2be68cf67c1ff0916a77e3eaae1a9b255eff070f85da480f948c426fdb3041da5a95b1f505e3209cdf0d0d3fbc586135dcbf6ea33ed8db6f2bf73c893c1999f6097eed823d2bb8266df1ccb6642bd01f02891a428e97bb96e9c119b0623d0565b4e1c606cb7b51404141fd746a40717eff73e54b5087f6799eb7d17c95748fe4372abf2eeda5c7ee60346ea03a8d43410592545ae0094639c06ca381b8f91e0356b8180ffda2493657d5378bd91d58a635a1f3214cc30d1d9d3b6631b1aa5ac9144bd9da165324f23a24515661729f2ee47d03d7affe92ae1e1439574a8f594cb8ebdb14ccaa09e79f2e541b85911ed67144b4a084a0b10f5af184bafb6527fb14914a1528e1e7e568d1f6d8f59a91ce8b3a1cdc93996831ed15db5f04e1843d0a49ee4b001b4a7450fc717a97b0455d1b1e480b484cb5dedf026d085914049aa3c0b2a8a40e9e7f11af0e70375622172c3557a27b9a7fc4ca98f76817a04b0ca16043d4716fdd037622124bbcf9faa9fe6a0b320b4c8d8d09f15c6865816595a727b1a3cb374a78f7f64c2401875846cc4b1e054f7402ff96f53e7e9d6417dfdcc3cd7a8dec7fd334e93fa529bc4d9b8a5bea3157438f11e2cec1713f58fdb641243d6f3a49e9386504856a91c90b24111d8036646e262f0976024ce347abf7ba9c565fcc782dd821eff2184ec6a96186e9ae6c83797f30e3ce54774b9471b9ccb62a3a3d1292cbade3255534e0e8b366d84c24bbe23e2158c985ae2f207bc920ba4f377587a1b039517f8d1339bb0715107048bb78a605aa559dece23b9363c9544fc98e88c0ef91b418f9a54cca073d6bbe21cd00454b12d0e829b8"}) ioctl$BTRFS_IOC_SNAP_DESTROY_V2(r0, 0x5000943f, &(0x7f0000000200)={{r1}, r2, 0x4, @inherit={0x50, &(0x7f0000000140)=ANY=[@ANYBLOB="00000000000000000100000000000000080000000000000001000000000000000c00000000000000ac7f2c19eee4da06900180000000000000be00000000000000feffffffff"]}, @subvolid=0x100000001}) ppoll(&(0x7f0000000080)=[{r1, 0x581}], 0x1, 0x0, 0x0, 0x0) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) 691.302708ms ago: executing program 2 (id=268): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=@isofs_parent={0x14, 0x2, {0x8, 0x4, 0x8, 0x8, 0x1, 0x2}}, &(0x7f0000000140), 0x1000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_S_INPUT(r2, 0xc0045627, &(0x7f00000000c0)=0x3) r3 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_SUBSCRIBE_EVENT(r3, 0x4020565a, &(0x7f0000000080)={0x5, 0x2}) ppoll(&(0x7f0000000180)=[{r3, 0x102}, {r3, 0xc200}], 0x2, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_INPUT(r3, 0xc0045627, &(0x7f00000000c0)=0x2) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r1) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000400)={'wlan1\x00'}) r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x403, 0x6030, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x2}}}}]}}]}}, 0x0) syz_usb_control_io(r4, 0x0, 0x0) syz_usb_control_io$hid(r4, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x22, 0x2, {[@main=@item_012={0x1, 0x0, 0x7, "a4"}]}}, 0x0}, 0x0) syz_usb_control_io(r4, 0x0, &(0x7f0000000940)={0x84, &(0x7f00000004c0)={0x0, 0x14, 0xd, "5e6424818327b2369deca65eb2"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r4, 0x0, &(0x7f0000000880)={0x84, &(0x7f00000003c0)=ANY=[@ANYBLOB='\x00\x00M'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r4, 0x0, 0x0) syz_usb_control_io(r4, 0x0, &(0x7f0000000b00)={0x84, &(0x7f0000000600)=ANY=[@ANYBLOB="200e06"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r5 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) ioctl$I2C_RDWR(r5, 0x707, &(0x7f0000000200)={&(0x7f0000000240)=[{0x3137, 0x1800, 0x0, 0x0}], 0x1}) 522.273361ms ago: executing program 1 (id=269): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000400)={'vcan0\x00', 0x0}) r2 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r2, &(0x7f0000000080)={0x1d, r1, 0x0, {0x0, 0x0, 0x4}, 0xfe}, 0x18) sendmsg$can_j1939(r2, &(0x7f00000001c0)={&(0x7f0000000040)={0x1d, r1, 0x0, {0x0, 0xf0}}, 0x18, &(0x7f0000000180)={&(0x7f0000000280)="4dfb0cf0d556f1327d", 0x9}, 0x1, 0x0, 0x0, 0x400c000}, 0x8ee) 253.707312ms ago: executing program 3 (id=270): r0 = socket$kcm(0x2, 0xa, 0x2) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) r2 = socket(0x10, 0x3, 0x0) syz_emit_ethernet(0x46, &(0x7f0000000b40)={@multicast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x10, 0x3a, 0xff, @private0, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}}}}}}, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000007c0)=@newqdisc={0x14c, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0x2}, {0xffff, 0xffff}, {0x4}}, [@qdisc_kind_options=@q_choke={{0xa}, {0x11c, 0x2, [@TCA_CHOKE_PARMS={0x14, 0x1, {0x9, 0x8, 0xee, 0x3, 0x18, 0x8, 0x1}}, @TCA_CHOKE_STAB={0x104, 0x2, "fce176e547e8779849d3f308df8077cea54e7e920cce639b281a2548755c40dbe2831a0e6ed18c43111e26fd6e7decf48e8b83b39497c58fd2794e0b8331fb756ce07c98c4af6b0b199e34e882b349608bdadaa3b9b3ac15b663932b028a69fd064131939ebf5f088fb41c77ecd3d5a29c21f055d4976a678a99f07f03c2f4fcfa6e1366337b708487593faeadcd5151236329c61dca8685656a205dbde501374660d3e4e84495152826887163d8642b661327a78c325fc74e4cec08f970bce457529dc9081e5cd808fc4c32c7b423bfbec6d436358be39613c6cf925fbe36bb432da586d94ed48ed2ea5398d8daedac8a0407b9d277da8a2326243715cc8511"}]}}]}, 0x14c}, 0x1, 0x0, 0x0, 0x40001d4}, 0x8840) prlimit64(0x0, 0x0, &(0x7f0000000180)={0x0, 0x8}, &(0x7f0000000580)) openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000280), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_ATOMIC(r1, 0xc03864bc, &(0x7f0000000140)={0x401, 0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000001}) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0206434, &(0x7f00000002c0)={0x5, 0x0, 0x1}) r6 = socket$kcm(0x15, 0x5, 0x0) sendmsg$kcm(r6, &(0x7f0000000080)={&(0x7f0000000100)=@l2tp={0xa, 0x0, @private, 0xc0fe}, 0x80, 0x0}, 0x4000040) ioctl$DRM_IOCTL_AGP_FREE(r1, 0x40206435, &(0x7f0000000300)={0x0, r5}) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) madvise(&(0x7f0000000000/0x600000)=nil, 0xffffffffffffffff, 0x11) sendmsg$TIPC_NL_KEY_SET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000480)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="0100000000010000008d030000001800"], 0x2c}}, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) write$binfmt_script(r9, &(0x7f0000000040), 0x4) ftruncate(r9, 0x3) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000000)={'team0\x00', &(0x7f0000000140)=@ethtool_sfeatures={0x3b, 0x2, [{0x209}, {0xffffff7e, 0x5461d6e7}]}}) 63.761354ms ago: executing program 4 (id=271): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x90}, 0x9c) sendto$inet6(r0, &(0x7f0000000000)="ee", 0x1, 0x2404c8c0, &(0x7f0000000040)={0xa, 0x4e1e, 0x7, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x1}, 0x1c) 0s ago: executing program 3 (id=272): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r0, &(0x7f00000006c0)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000002c0)="68377863ac6ea61666eaa696435a75f1626fe3a3acedcaf71527ff51d446daac757559d2d6fc2b90952355ec6c61d718c91784312b1b4771888a0811895b02ffb658934b0bbd6466c9cc04cc7252f1f1deea5a8b9c6797c8f1263db526cf88899f7ecab544662eb34743cefb660a78cb9468d2900b3cda4cca9d89ab6d341d145acf249276dda272407bc98d9e5431316d468b9e4750f2316589dc4de3157592d27fd723a512c85b08035842b75ec422346f9696f4bb3226b0ca75d135ebd8cae46fb83b71", 0xc5}], 0x1}}, {{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000840)="f2fe84e07da72d5be0eee26e6693cc950e7080ba2900a53b969dc13369b90492865a9fb8d25a00b9c2d8e52e23e3267d15c4aeea5918add6f28e302868e1d4500b073ac1a7c72c4e805ff1fce9c5e0273d0ea144b6999eb1661fed8ddba6250af47fde6e4225f438528b6660d8b67812726721f6b755bb37ca116f51e2f239675ff38126c1d68163", 0x88}, {&(0x7f0000000900)="a1e27575d35fd4f38d622e3237bfc6a28a4c21284fa1f95f8e2343cff8831a5a663f3fac3d082e19b04d59a071c5599a98b7bc07bf2bf94767fe9bf0db2b8fa547766a8e024ef76e320cf8e352f293b0c19f465a9deed8", 0x57}, {&(0x7f00000009c0)="4d25acabb0d76231f77e554a8c8c1b3afdb47d428c57725ff9b4fc3ff9300e603fd9b082e7b1dc654d7db972a680ad49a0b606b08d00b692df47c9b3d57a2ca02114cff55e05199643619f8b0e3c02546ba27d0e5eb073779970d0ec308a8a4cfee0902034edd899", 0x68}], 0x3}}], 0x2, 0xc0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.81' (ED25519) to the list of known hosts. [ 83.447628][ T5830] cgroup: Unknown subsys name 'net' [ 83.598876][ T5830] cgroup: Unknown subsys name 'cpuset' [ 83.607937][ T5830] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 85.307983][ T5830] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 89.906027][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 89.914153][ T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 89.922479][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 89.931173][ T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 89.939257][ T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 89.947552][ T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 89.955257][ T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 89.963485][ T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 89.971161][ T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 89.978585][ T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 89.988209][ T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 89.990977][ T5865] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 90.002954][ T5865] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 90.010470][ T5868] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 90.018586][ T5865] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 90.026378][ T5868] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 90.032892][ T5866] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 90.034082][ T5865] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 90.041475][ T5866] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 90.048505][ T5868] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 90.062981][ T5865] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 90.071271][ T5868] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 90.081164][ T5868] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 90.083136][ T5866] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 90.105395][ T5868] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 90.692803][ T5856] chnl_net:caif_netlink_parms(): no params data found [ 90.713384][ T5852] chnl_net:caif_netlink_parms(): no params data found [ 90.858792][ T5850] chnl_net:caif_netlink_parms(): no params data found [ 90.954664][ T5845] chnl_net:caif_netlink_parms(): no params data found [ 91.020584][ T5852] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.028250][ T5852] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.036247][ T5852] bridge_slave_0: entered allmulticast mode [ 91.043601][ T5852] bridge_slave_0: entered promiscuous mode [ 91.092165][ T5852] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.099835][ T5852] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.107610][ T5852] bridge_slave_1: entered allmulticast mode [ 91.114823][ T5852] bridge_slave_1: entered promiscuous mode [ 91.133767][ T5851] chnl_net:caif_netlink_parms(): no params data found [ 91.145136][ T5856] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.152360][ T5856] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.160175][ T5856] bridge_slave_0: entered allmulticast mode [ 91.167835][ T5856] bridge_slave_0: entered promiscuous mode [ 91.210216][ T5856] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.217586][ T5856] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.224777][ T5856] bridge_slave_1: entered allmulticast mode [ 91.233784][ T5856] bridge_slave_1: entered promiscuous mode [ 91.284221][ T5852] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.306495][ T5850] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.313637][ T5850] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.321148][ T5850] bridge_slave_0: entered allmulticast mode [ 91.328499][ T5850] bridge_slave_0: entered promiscuous mode [ 91.336766][ T5850] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.343905][ T5850] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.351507][ T5850] bridge_slave_1: entered allmulticast mode [ 91.359595][ T5850] bridge_slave_1: entered promiscuous mode [ 91.388224][ T5852] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.483154][ T5856] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.494748][ T5850] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.507753][ T5850] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.536665][ T5852] team0: Port device team_slave_0 added [ 91.546132][ T5856] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.582244][ T5845] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.589782][ T5845] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.597026][ T5845] bridge_slave_0: entered allmulticast mode [ 91.604583][ T5845] bridge_slave_0: entered promiscuous mode [ 91.623852][ T5852] team0: Port device team_slave_1 added [ 91.656364][ T5845] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.664075][ T5845] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.671559][ T5845] bridge_slave_1: entered allmulticast mode [ 91.679335][ T5845] bridge_slave_1: entered promiscuous mode [ 91.724776][ T5856] team0: Port device team_slave_0 added [ 91.733305][ T5856] team0: Port device team_slave_1 added [ 91.740517][ T5850] team0: Port device team_slave_0 added [ 91.749775][ T5850] team0: Port device team_slave_1 added [ 91.770200][ T928] cfg80211: failed to load regulatory.db [ 91.826556][ T5845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.840036][ T5845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.849634][ T5851] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.857432][ T5851] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.864569][ T5851] bridge_slave_0: entered allmulticast mode [ 91.872056][ T5851] bridge_slave_0: entered promiscuous mode [ 91.880641][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.887709][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.913654][ T5852] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.927013][ T5852] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.933992][ T5852] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.960331][ T5852] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.986486][ T5856] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.993442][ T5856] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.019655][ T5856] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.058699][ T5851] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.066213][ T5851] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.073643][ T5851] bridge_slave_1: entered allmulticast mode [ 92.082379][ T5851] bridge_slave_1: entered promiscuous mode [ 92.086251][ T5860] Bluetooth: hci1: command tx timeout [ 92.093961][ T5868] Bluetooth: hci4: command tx timeout [ 92.114560][ T5856] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.121638][ T5856] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.147765][ T5856] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.165271][ T5868] Bluetooth: hci2: command tx timeout [ 92.167108][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.175199][ T5860] Bluetooth: hci3: command tx timeout [ 92.178032][ T5854] Bluetooth: hci0: command tx timeout [ 92.183875][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.215654][ T5850] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.257804][ T5851] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.270723][ T5851] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.281314][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.288432][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.314825][ T5850] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.327684][ T5845] team0: Port device team_slave_0 added [ 92.368560][ T5845] team0: Port device team_slave_1 added [ 92.416991][ T5851] team0: Port device team_slave_0 added [ 92.455836][ T5856] hsr_slave_0: entered promiscuous mode [ 92.462192][ T5856] hsr_slave_1: entered promiscuous mode [ 92.472692][ T5851] team0: Port device team_slave_1 added [ 92.508950][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.516056][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.542117][ T5845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.560445][ T5852] hsr_slave_0: entered promiscuous mode [ 92.566833][ T5852] hsr_slave_1: entered promiscuous mode [ 92.572943][ T5852] debugfs: 'hsr0' already exists in 'hsr' [ 92.579658][ T5852] Cannot create hsr debugfs directory [ 92.633204][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.640437][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.667540][ T5845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.719213][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.726525][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.752630][ T5851] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.798688][ T5850] hsr_slave_0: entered promiscuous mode [ 92.805002][ T5850] hsr_slave_1: entered promiscuous mode [ 92.812007][ T5850] debugfs: 'hsr0' already exists in 'hsr' [ 92.817846][ T5850] Cannot create hsr debugfs directory [ 92.823764][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.830875][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.857031][ T5851] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.933926][ T5845] hsr_slave_0: entered promiscuous mode [ 92.941065][ T5845] hsr_slave_1: entered promiscuous mode [ 92.947449][ T5845] debugfs: 'hsr0' already exists in 'hsr' [ 92.953209][ T5845] Cannot create hsr debugfs directory [ 93.108109][ T5851] hsr_slave_0: entered promiscuous mode [ 93.114436][ T5851] hsr_slave_1: entered promiscuous mode [ 93.121675][ T5851] debugfs: 'hsr0' already exists in 'hsr' [ 93.127485][ T5851] Cannot create hsr debugfs directory [ 93.457872][ T5852] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 93.494612][ T5852] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 93.527654][ T5852] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 93.553740][ T5852] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 93.610653][ T5856] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 93.630587][ T5856] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 93.641624][ T5856] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 93.653966][ T5856] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 93.748881][ T5850] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 93.760895][ T5850] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 93.772645][ T5850] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 93.786948][ T5850] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 93.931077][ T5845] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 93.941894][ T5845] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 93.973434][ T5845] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 93.983796][ T5845] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 94.083446][ T5852] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.094531][ T5851] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 94.110632][ T5851] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 94.124329][ T5851] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 94.157139][ T5851] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 94.168855][ T5854] Bluetooth: hci4: command tx timeout [ 94.168865][ T5860] Bluetooth: hci1: command tx timeout [ 94.181093][ T5856] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.223322][ T5856] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.249709][ T5854] Bluetooth: hci0: command tx timeout [ 94.255460][ T5854] Bluetooth: hci3: command tx timeout [ 94.255546][ T5860] Bluetooth: hci2: command tx timeout [ 94.277187][ T5850] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.300611][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.307908][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.340301][ T1161] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.347486][ T1161] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.361420][ T5852] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.390930][ T1161] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.398083][ T1161] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.440706][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.447920][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.464812][ T5850] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.517171][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.524324][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.540136][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.547311][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.574945][ T5856] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 94.594791][ T5845] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.701387][ T5845] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.732391][ T5851] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.769789][ T1007] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.777305][ T1007] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.815843][ T1007] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.822999][ T1007] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.904401][ T5851] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.000563][ T1161] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.007801][ T1161] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.052385][ T1161] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.059600][ T1161] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.183681][ T5856] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.328204][ T5852] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.407444][ T5850] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.503468][ T5852] veth0_vlan: entered promiscuous mode [ 95.588988][ T5850] veth0_vlan: entered promiscuous mode [ 95.636988][ T5852] veth1_vlan: entered promiscuous mode [ 95.657947][ T5850] veth1_vlan: entered promiscuous mode [ 95.753324][ T5845] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.795463][ T5852] veth0_macvtap: entered promiscuous mode [ 95.838706][ T5852] veth1_macvtap: entered promiscuous mode [ 95.871605][ T5850] veth0_macvtap: entered promiscuous mode [ 95.897139][ T5850] veth1_macvtap: entered promiscuous mode [ 95.932927][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.960661][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.974855][ T5852] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.997626][ T5851] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.010807][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.037932][ T1161] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.055519][ T1161] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.094770][ T1161] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.127699][ T1161] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.136945][ T1161] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.153251][ T5856] veth0_vlan: entered promiscuous mode [ 96.170711][ T1161] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.179644][ T1161] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.203472][ T5845] veth0_vlan: entered promiscuous mode [ 96.231269][ T1161] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.245509][ T5860] Bluetooth: hci4: command tx timeout [ 96.256510][ T5860] Bluetooth: hci1: command tx timeout [ 96.263713][ T5856] veth1_vlan: entered promiscuous mode [ 96.326800][ T5868] Bluetooth: hci0: command tx timeout [ 96.327990][ T5854] Bluetooth: hci2: command tx timeout [ 96.332280][ T5860] Bluetooth: hci3: command tx timeout [ 96.343518][ T1161] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.365934][ T1161] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.383243][ T5845] veth1_vlan: entered promiscuous mode [ 96.402173][ T2959] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.408737][ T5851] veth0_vlan: entered promiscuous mode [ 96.418982][ T2959] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.469897][ T5851] veth1_vlan: entered promiscuous mode [ 96.491415][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.506329][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.517590][ T3001] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.542014][ T3001] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.563022][ T5856] veth0_macvtap: entered promiscuous mode [ 96.606049][ T5856] veth1_macvtap: entered promiscuous mode [ 96.625084][ T5852] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 96.641883][ T5851] veth0_macvtap: entered promiscuous mode [ 96.659262][ T5845] veth0_macvtap: entered promiscuous mode [ 96.673424][ T5845] veth1_macvtap: entered promiscuous mode [ 96.713185][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.723866][ T5851] veth1_macvtap: entered promiscuous mode [ 96.763432][ T5856] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.825096][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.848617][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.864985][ T5856] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.891575][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.902225][ T1161] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.912892][ T1161] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.933287][ T1161] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.961910][ T1161] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.971394][ T2959] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.990891][ T2959] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.000626][ T2959] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.030137][ T2959] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.049207][ T2959] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.059065][ T5858] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 97.065093][ T2959] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.096628][ T5905] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 97.107665][ T2959] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.118087][ T2959] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.162971][ T2959] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.175284][ T2959] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.226607][ T5858] usb 3-1: Using ep0 maxpacket: 16 [ 97.244776][ T77] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.260807][ T77] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.261948][ T5858] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 97.275447][ T5905] usb 4-1: Using ep0 maxpacket: 16 [ 97.281743][ T5858] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 97.306636][ T5858] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 97.317059][ T5858] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 97.320656][ T2959] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.325093][ T5858] usb 3-1: Product: syz [ 97.337985][ T5858] usb 3-1: Manufacturer: syz [ 97.338006][ T5858] usb 3-1: SerialNumber: syz [ 97.358414][ T5905] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00 [ 97.364800][ T2959] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.383699][ T5905] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 97.393186][ T3001] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.408178][ T3001] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.418753][ T5905] usb 4-1: Product: syz [ 97.427299][ T5905] usb 4-1: Manufacturer: syz [ 97.435808][ T5905] usb 4-1: SerialNumber: syz [ 97.458340][ T5905] usb 4-1: config 0 descriptor?? [ 97.469733][ T5905] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected [ 97.482370][ T5905] usb 4-1: Detected FT232H [ 97.526773][ T2959] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.566849][ T2959] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.626611][ T5858] usb 3-1: skipping empty audio interface (v1) [ 97.708971][ T2987] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.769809][ T2987] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.799709][ T5858] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 97.882472][ T5858] usb 3-1: USB disconnect, device number 2 [ 97.941785][ T5969] loop0: detected capacity change from 0 to 32768 [ 97.951368][ T5969] XFS: ikeep mount option is deprecated. [ 97.965467][ T5905] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 97.977273][ T5857] udevd[5857]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 98.054244][ T5969] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 98.188779][ T5969] XFS (loop0): Ending clean mount [ 98.199481][ T5969] XFS (loop0): Quotacheck needed: Please wait. [ 98.236481][ T5969] XFS (loop0): Quotacheck: Done. [ 98.267395][ T5905] ftdi_sio 4-1:0.0: GPIO initialisation failed: -5 [ 98.287012][ T5905] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 98.327051][ T5860] Bluetooth: hci1: command tx timeout [ 98.330099][ T5854] Bluetooth: hci4: command tx timeout [ 98.376747][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.385289][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.393748][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.402630][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.407588][ T5854] Bluetooth: hci2: command tx timeout [ 98.411309][ T5860] Bluetooth: hci3: command tx timeout [ 98.416598][ T5854] Bluetooth: hci0: command tx timeout [ 98.429539][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.438271][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.446935][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.615513][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.662221][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 98.698134][ T5985] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5 [ 98.725280][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 99.934082][ T5960] usb 4-1: USB disconnect, device number 2 [ 100.002831][ T5960] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 100.084209][ T5960] ftdi_sio 4-1:0.0: device disconnected [ 101.100877][ T5991] mkiss: ax0: crc mode is auto. [ 101.503872][ T6007] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 101.510278][ T6007] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 101.575891][ T6007] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 101.712408][ T6013] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9'. [ 102.072300][ T6007] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 102.079083][ T6007] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 102.363649][ T6007] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 103.137043][ T5851] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 103.218937][ T6007] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 103.257704][ T6007] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 103.346189][ T6007] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 103.391969][ T6019] loop2: detected capacity change from 0 to 128 [ 103.525456][ T5860] Bluetooth: hci0: command 0x0c1a tx timeout [ 103.555982][ T6019] EXT4-fs warning (device loop2): ext4_init_metadata_csum:4622: metadata_csum and uninit_bg are redundant flags; please run fsck. [ 103.600144][ T6007] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 103.610636][ T6019] EXT4-fs (loop2): Encoding requested by superblock is unknown [ 103.626251][ T6007] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 104.333407][ T5860] Bluetooth: hci1: command 0x0c1a tx timeout [ 104.341758][ T6021] loop1: detected capacity change from 0 to 512 [ 104.386801][ T6007] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 104.461372][ T6007] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 104.603213][ T6007] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 104.618443][ T6021] EXT4-fs error (device loop1): ext4_orphan_get:1392: inode #15: comm syz.1.13: casefold flag without casefold feature [ 104.680432][ T6007] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 104.723535][ T6021] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.13: couldn't read orphan inode 15 (err -117) [ 104.793981][ T6022] block device autoloading is deprecated and will be removed. [ 104.817933][ T6021] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 105.136206][ T49] Bluetooth: hci5: Frame reassembly failed (-84) [ 105.142791][ T49] Bluetooth: hci5: Frame reassembly failed (-84) [ 105.307397][ T5868] Bluetooth: hci2: command 0x0c1a tx timeout [ 105.708750][ T5868] Bluetooth: hci3: command 0x0c1a tx timeout [ 105.715038][ T5868] Bluetooth: hci0: command 0x0c1a tx timeout [ 106.345653][ T6042] capability: warning: `syz.2.14' uses 32-bit capabilities (legacy support in use) [ 106.405404][ T5854] Bluetooth: hci1: command 0x0c1a tx timeout [ 106.857288][ T5854] Bluetooth: hci4: command 0x0c1a tx timeout [ 107.004328][ T6046] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 107.235450][ T5868] Bluetooth: hci5: command 0x1003 tx timeout [ 107.249074][ T5860] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 107.430283][ T6048] affs: No valid root block on device nullb0 [ 107.734646][ T5860] Bluetooth: hci2: command 0x0c1a tx timeout [ 107.768210][ T5868] Bluetooth: hci0: command 0x0c1a tx timeout [ 107.768979][ T5854] Bluetooth: hci3: command 0x0c1a tx timeout [ 108.078289][ T5961] libceph: connect (1)[c::]:6789 error -101 [ 108.087764][ T5961] libceph: mon0 (1)[c::]:6789 connect error [ 108.094619][ T6039] ceph: No mds server is up or the cluster is laggy [ 108.108254][ T5845] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.485223][ T5854] Bluetooth: hci1: command 0x0c1a tx timeout [ 109.535228][ T5854] Bluetooth: hci4: command 0x0c1a tx timeout [ 109.858655][ T6066] loop4: detected capacity change from 0 to 1024 [ 109.877805][ T5854] Bluetooth: hci2: command 0x0c1a tx timeout [ 109.943351][ T5860] Bluetooth: hci3: command 0x0c1a tx timeout [ 110.051747][ T6054] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 110.051747][ T6054] program syz.2.18 not setting count and/or reply_len properly [ 110.523143][ T1161] hfsplus: b-tree write err: -5, ino 4 [ 110.774502][ T6062] netlink: 8 bytes leftover after parsing attributes in process `syz.1.17'. [ 111.773987][ T6087] loop0: detected capacity change from 0 to 32768 [ 111.781173][ T6087] XFS: ikeep mount option is deprecated. [ 111.787422][ T5860] Bluetooth: hci4: command 0x0c1a tx timeout [ 112.092630][ T6087] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 113.116431][ T6087] XFS (loop0): Ending clean mount [ 113.124890][ T6087] XFS (loop0): Quotacheck needed: Please wait. [ 113.625275][ T6087] XFS (loop0): Quotacheck: Done. [ 116.323027][ T5851] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 118.849845][ T6131] mkiss: ax0: crc mode is auto. [ 121.574744][ T6144] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 121.574744][ T6144] program syz.0.30 not setting count and/or reply_len properly [ 121.618799][ T1161] Bluetooth: hci5: Frame reassembly failed (-84) [ 122.218915][ T6162] netlink: 500 bytes leftover after parsing attributes in process `syz.3.39'. [ 122.736088][ T6164] netlink: 500 bytes leftover after parsing attributes in process `syz.4.40'. [ 123.411413][ T6177] CIFS: VFS: Malformed UNC in devname [ 124.068363][ T5854] Bluetooth: hci5: command 0x1003 tx timeout [ 124.075416][ T5860] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 124.482342][ T6179] loop3: detected capacity change from 0 to 4096 [ 129.259628][ T6193] netlink: 500 bytes leftover after parsing attributes in process `syz.2.46'. [ 130.499577][ T6179] ntfs3(loop3): Failed to read $UpCase (-4). [ 130.928006][ T6198] loop3: detected capacity change from 0 to 32768 [ 130.935060][ T6198] XFS: ikeep mount option is deprecated. [ 131.003237][ T6198] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 131.319006][ T6211] netlink: 500 bytes leftover after parsing attributes in process `syz.2.52'. [ 131.769078][ T6198] XFS (loop3): Ending clean mount [ 131.777804][ T6198] XFS (loop3): Quotacheck needed: Please wait. [ 131.802606][ T5905] libceph: connect (1)[c::]:6789 error -101 [ 131.899465][ T5905] libceph: mon0 (1)[c::]:6789 connect error [ 131.952093][ T6198] XFS (loop3): Quotacheck: Done. [ 132.048346][ T6216] ceph: No mds server is up or the cluster is laggy [ 132.186530][ T5932] libceph: connect (1)[c::]:6789 error -101 [ 132.417483][ T5932] libceph: mon0 (1)[c::]:6789 connect error [ 132.634550][ T5850] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 132.661561][ T6226] loop1: detected capacity change from 0 to 128 [ 132.684868][ T6226] EXT4-fs warning (device loop1): ext4_init_metadata_csum:4622: metadata_csum and uninit_bg are redundant flags; please run fsck. [ 132.707777][ T6226] EXT4-fs (loop1): Encoding requested by superblock is unknown [ 132.730925][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.739523][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.935442][ T5966] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 134.025483][ T5966] usb 3-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 134.075281][ T5966] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 134.114978][ T5966] usb 3-1: config 0 descriptor?? [ 134.147715][ T5966] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 134.319195][ T6233] loop1: detected capacity change from 0 to 32768 [ 134.326617][ T6233] XFS: ikeep mount option is deprecated. [ 134.422017][ T6233] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 134.458738][ T6246] loop4: detected capacity change from 0 to 128 [ 134.491869][ T6233] XFS (loop1): Ending clean mount [ 134.508165][ T6246] EXT4-fs warning (device loop4): ext4_init_metadata_csum:4622: metadata_csum and uninit_bg are redundant flags; please run fsck. [ 134.536131][ T6233] XFS (loop1): Quotacheck needed: Please wait. [ 134.571950][ T6233] XFS (loop1): Quotacheck: Done. [ 134.595019][ T6246] EXT4-fs (loop4): Encoding requested by superblock is unknown [ 136.143373][ T5845] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 136.431948][ T6258] loop0: detected capacity change from 0 to 32768 [ 136.439370][ T6258] XFS: ikeep mount option is deprecated. [ 136.619468][ T6258] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 136.661187][ T5966] gspca_stv06xx: I2C: Read error writing address: -71 [ 136.802581][ T5966] usb 3-1: USB disconnect, device number 3 [ 136.937908][ T6258] XFS (loop0): Ending clean mount [ 136.953027][ T6258] XFS (loop0): Quotacheck needed: Please wait. [ 137.022892][ T6258] XFS (loop0): Quotacheck: Done. [ 137.732599][ T6271] syz.0.61 (6271) used greatest stack depth: 19752 bytes left [ 137.759284][ T30] audit: type=1800 audit(1752735054.450:2): pid=6271 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.61" name="file1" dev="loop0" ino=9286 res=0 errno=0 [ 139.343286][ T6284] netlink: 68 bytes leftover after parsing attributes in process `syz.2.65'. [ 139.806992][ T5851] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 140.272676][ T6299] mmap: syz.3.68 (6299) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 140.314688][ T6299] netlink: 8 bytes leftover after parsing attributes in process `syz.3.68'. [ 140.945237][ T5966] usb 3-1: new full-speed USB device number 4 using dummy_hcd [ 141.197647][ T5966] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 141.324803][ T6306] No control pipe specified [ 142.000788][ T5966] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 142.035268][ T5966] usb 3-1: New USB device found, idVendor=5543, idProduct=0003, bcdDevice= 0.00 [ 142.290973][ T5966] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 142.307283][ T5966] usb 3-1: config 0 descriptor?? [ 142.897340][ T5966] usbhid 3-1:0.0: can't add hid device: -71 [ 142.929091][ T5966] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 142.985635][ T5966] usb 3-1: USB disconnect, device number 4 [ 145.496603][ T6333] loop3: detected capacity change from 0 to 128 [ 145.538842][ T6333] EXT4-fs warning (device loop3): ext4_init_metadata_csum:4622: metadata_csum and uninit_bg are redundant flags; please run fsck. [ 145.576159][ T6333] EXT4-fs (loop3): Encoding requested by superblock is unknown [ 146.820011][ T6345] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 147.786887][ T6347] genirq: Flags mismatch irq 4. 00200000 (das16m1) vs. 00200080 (ttyS0) [ 147.802051][ T6345] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 148.017805][ T6354] Bluetooth: MGMT ver 1.23 [ 148.431348][ T6358] No control pipe specified [ 151.014550][ T6361] netlink: 500 bytes leftover after parsing attributes in process `syz.3.88'. [ 153.971255][ T6370] loop0: detected capacity change from 0 to 2048 [ 154.041312][ T6370] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 154.371997][ T30] audit: type=1800 audit(1752735071.220:3): pid=6370 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.90" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 154.403460][ T6382] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 154.416031][ T6382] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 154.425531][ T6382] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 154.436426][ T6382] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 154.447635][ T6382] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 155.264651][ T5851] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 156.894388][ T6398] loop0: detected capacity change from 0 to 128 [ 156.900929][ T5854] Bluetooth: hci4: command 0x0c1a tx timeout [ 156.907052][ T5854] Bluetooth: hci3: command 0x0c1a tx timeout [ 156.913094][ T5854] Bluetooth: hci2: command 0x0c1a tx timeout [ 156.919248][ T5854] Bluetooth: hci1: command 0x0c1a tx timeout [ 156.930552][ T5860] Bluetooth: hci0: command 0x0c1a tx timeout [ 157.035839][ T6398] EXT4-fs warning (device loop0): ext4_init_metadata_csum:4622: metadata_csum and uninit_bg are redundant flags; please run fsck. [ 157.107478][ T6398] EXT4-fs (loop0): Encoding requested by superblock is unknown [ 157.454060][ T6402] netlink: 8 bytes leftover after parsing attributes in process `syz.4.96'. [ 158.829053][ T6411] loop0: detected capacity change from 0 to 32768 [ 158.836550][ T6411] XFS: ikeep mount option is deprecated. [ 158.849301][ T6413] No control pipe specified [ 159.486168][ T6411] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 159.959109][ T5961] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 161.299032][ T6411] XFS (loop0): Ending clean mount [ 161.306971][ T6411] XFS (loop0): Quotacheck needed: Please wait. [ 161.414294][ T6411] XFS (loop0): Quotacheck: Done. [ 161.423981][ T5961] usb 3-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 161.445193][ T5961] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 161.532379][ T5961] usb 3-1: config 0 descriptor?? [ 161.713527][ T5961] usb 3-1: can't set config #0, error -71 [ 161.893924][ T6427] netlink: 24 bytes leftover after parsing attributes in process `syz.4.102'. [ 162.013576][ T5961] usb 3-1: USB disconnect, device number 5 [ 162.115973][ T5851] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 163.595564][ T6435] netlink: 8 bytes leftover after parsing attributes in process `syz.2.103'. [ 164.517397][ T6444] mkiss: ax0: crc mode is auto. [ 164.749206][ T6451] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 165.415940][ T6451] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 165.636090][ T6456] loop0: detected capacity change from 0 to 128 [ 165.655370][ T6456] EXT4-fs warning (device loop0): ext4_init_metadata_csum:4622: metadata_csum and uninit_bg are redundant flags; please run fsck. [ 165.795432][ T6456] EXT4-fs (loop0): Encoding requested by superblock is unknown [ 165.920740][ T6460] netlink: 8 bytes leftover after parsing attributes in process `syz.3.109'. [ 168.891733][ T6481] loop4: detected capacity change from 0 to 512 [ 169.289116][ T6481] EXT4-fs error (device loop4): ext4_orphan_get:1392: inode #15: comm syz.4.116: casefold flag without casefold feature [ 169.291126][ T6486] netlink: 500 bytes leftover after parsing attributes in process `syz.1.117'. [ 169.554200][ T6481] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.116: couldn't read orphan inode 15 (err -117) [ 169.752732][ T6481] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 170.217777][ T6491] overlayfs: missing 'lowerdir' [ 171.057691][ T5856] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 171.650953][ T13] Bluetooth: hci5: Frame reassembly failed (-84) [ 173.465578][ T5854] Bluetooth: hci5: command 0x1003 tx timeout [ 173.482034][ T5868] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 174.254908][ T6510] netlink: 24 bytes leftover after parsing attributes in process `syz.2.122'. [ 174.754719][ T6515] loop0: detected capacity change from 0 to 128 [ 174.829222][ T6515] EXT4-fs warning (device loop0): ext4_init_metadata_csum:4622: metadata_csum and uninit_bg are redundant flags; please run fsck. [ 174.935369][ T6515] EXT4-fs (loop0): Encoding requested by superblock is unknown [ 175.320589][ T6518] syz.1.124 uses obsolete (PF_INET,SOCK_PACKET) [ 179.547825][ T6544] netlink: 8 bytes leftover after parsing attributes in process `syz.0.129'. [ 180.201282][ T5960] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 180.375980][ T5960] usb 3-1: Using ep0 maxpacket: 16 [ 180.407245][ T5960] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 180.435349][ T5960] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 180.549276][ T5960] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 180.562177][ T5960] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 180.581408][ T5960] usb 3-1: Product: syz [ 180.623520][ T5960] usb 3-1: Manufacturer: syz [ 180.652086][ T5960] usb 3-1: SerialNumber: syz [ 182.210169][ T5960] usb 3-1: skipping empty audio interface (v1) [ 182.329199][ T5960] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 182.390781][ T5960] usb 3-1: USB disconnect, device number 6 [ 182.501666][ T5857] udevd[5857]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 189.047936][ T5967] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 189.065816][ T6603] loop4: detected capacity change from 0 to 128 [ 189.113690][ T6603] EXT4-fs warning (device loop4): ext4_init_metadata_csum:4622: metadata_csum and uninit_bg are redundant flags; please run fsck. [ 189.204770][ T6603] EXT4-fs (loop4): Encoding requested by superblock is unknown [ 189.211037][ T5967] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 189.220861][ T5967] usb 4-1: config 0 has no interface number 0 [ 189.233557][ T5967] usb 4-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 189.265330][ T5967] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 190.034525][ T5967] usb 4-1: config 0 descriptor?? [ 190.062130][ T5967] usb 4-1: selecting invalid altsetting 1 [ 190.078507][ T5967] dvb_ttusb_budget: ttusb_init_controller: error [ 190.087070][ T5967] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 190.507043][ T6612] netlink: 8 bytes leftover after parsing attributes in process `syz.4.148'. [ 191.247983][ T5967] DVB: Unable to find symbol cx22700_attach() [ 191.288151][ T6619] loop4: detected capacity change from 0 to 512 [ 191.402381][ T6619] EXT4-fs error (device loop4): ext4_orphan_get:1392: inode #15: comm syz.4.149: casefold flag without casefold feature [ 191.418246][ T6619] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.149: couldn't read orphan inode 15 (err -117) [ 191.498254][ T6619] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 192.093029][ T5967] DVB: Unable to find symbol tda10046_attach() [ 192.116996][ T5967] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 193.426109][ T6630] overlayfs: missing 'lowerdir' [ 193.659850][ T6636] loop1: detected capacity change from 0 to 512 [ 193.770079][ T6636] EXT4-fs error (device loop1): ext4_orphan_get:1392: inode #15: comm syz.1.152: casefold flag without casefold feature [ 193.784252][ T6636] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.152: couldn't read orphan inode 15 (err -117) [ 193.804269][ T6636] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 194.169809][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.220709][ T6639] overlayfs: missing 'lowerdir' [ 194.264429][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.066204][ T5845] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 195.679955][ T6650] netlink: 8 bytes leftover after parsing attributes in process `syz.1.155'. [ 196.664172][ T6652] netlink: 8 bytes leftover after parsing attributes in process `syz.1.156'. [ 196.685578][ T6645] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 196.706033][ T6645] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 196.717040][ T6645] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 196.755713][ T6645] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 196.763766][ T6645] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 196.874009][ T5960] usb 4-1: USB disconnect, device number 3 [ 196.909056][ T6654] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 197.163207][ T6654] batman_adv: batadv0: Adding interface: dummy0 [ 197.211377][ T6654] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 197.256051][ T6654] batman_adv: batadv0: Interface activated: dummy0 [ 197.299784][ T5856] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 197.303757][ T6657] batadv0: mtu less than device minimum [ 197.389828][ T6657] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 197.401538][ T6657] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 197.413324][ T6657] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 197.425359][ T6657] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 197.437367][ T6657] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 197.449274][ T6657] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 197.461217][ T6657] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 197.461268][ T6662] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 197.473294][ T6657] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 197.495433][ T6657] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 197.606585][ T5868] Bluetooth: hci0: command 0x0c1a tx timeout [ 197.609236][ T6662] xt_CT: You must specify a L4 protocol and not use inversions on it [ 198.259859][ T6678] process 'syz.1.164' launched '/dev/fd/3' with NULL argv: empty string added [ 198.442064][ T30] audit: type=1326 audit(1752735115.290:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6682 comm="syz.1.165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f22b0f8e929 code=0x7ffc0000 [ 198.486815][ T30] audit: type=1326 audit(1752735115.340:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6682 comm="syz.1.165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7f22b0f8e929 code=0x7ffc0000 [ 198.559415][ T30] audit: type=1326 audit(1752735115.340:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6682 comm="syz.1.165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f22b0f8e929 code=0x7ffc0000 [ 198.725873][ T5868] Bluetooth: hci2: command 0x0c1a tx timeout [ 198.732031][ T5868] Bluetooth: hci1: command 0x0c1a tx timeout [ 198.755250][ T30] audit: type=1326 audit(1752735115.370:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6682 comm="syz.1.165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f22b0f8e929 code=0x7ffc0000 [ 198.786340][ T30] audit: type=1326 audit(1752735115.370:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6682 comm="syz.1.165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f22b0f8e929 code=0x7ffc0000 [ 198.809940][ T5854] Bluetooth: hci4: command 0x0c1a tx timeout [ 198.816019][ T5868] Bluetooth: hci3: command 0x0c1a tx timeout [ 198.822635][ T30] audit: type=1326 audit(1752735115.370:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6682 comm="syz.1.165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f22b0f8e929 code=0x7ffc0000 [ 198.856882][ T30] audit: type=1326 audit(1752735115.370:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6682 comm="syz.1.165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f22b0f8e929 code=0x7ffc0000 [ 198.879921][ T30] audit: type=1326 audit(1752735115.370:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6682 comm="syz.1.165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f22b0f8e929 code=0x7ffc0000 [ 198.914404][ T30] audit: type=1326 audit(1752735115.370:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6682 comm="syz.1.165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f22b0f8e929 code=0x7ffc0000 [ 199.051683][ T30] audit: type=1326 audit(1752735115.370:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6682 comm="syz.1.165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f22b0f8e929 code=0x7ffc0000 [ 201.336081][ T6717] netlink: 12 bytes leftover after parsing attributes in process `syz.0.176'. [ 201.378277][ T6717] netlink: 'syz.0.176': attribute type 1 has an invalid length. [ 201.446281][ T6719] netlink: 12 bytes leftover after parsing attributes in process `syz.2.177'. [ 201.864464][ T980] IPVS: starting estimator thread 0... [ 201.895550][ T5905] usb 4-1: new full-speed USB device number 4 using dummy_hcd [ 201.937121][ T5961] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 202.008551][ T6735] IPVS: using max 39 ests per chain, 93600 per kthread [ 202.035334][ T5905] usb 4-1: device descriptor read/64, error -71 [ 202.518912][ T5905] usb 4-1: new full-speed USB device number 5 using dummy_hcd [ 202.518979][ T5961] usb 2-1: Using ep0 maxpacket: 16 [ 202.609874][ T5961] usb 2-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 202.655272][ T5905] usb 4-1: device descriptor read/64, error -71 [ 202.663696][ T5961] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 202.704621][ T5961] usb 2-1: Product: syz [ 202.795913][ T5961] usb 2-1: Manufacturer: syz [ 202.797781][ T5905] usb usb4-port1: attempt power cycle [ 202.800551][ T5961] usb 2-1: SerialNumber: syz [ 202.838867][ T5961] usb 2-1: config 0 descriptor?? [ 203.215300][ T5905] usb 4-1: new full-speed USB device number 6 using dummy_hcd [ 203.235838][ T5905] usb 4-1: device descriptor read/8, error -71 [ 203.362881][ T5961] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state. [ 203.372763][ T5961] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 203.474784][ T5961] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T) [ 203.511929][ T5961] usb 2-1: media controller created [ 203.538397][ T5905] usb 4-1: new full-speed USB device number 7 using dummy_hcd [ 203.565955][ T6705] dtv5100: wlen = 0, aborting. [ 203.615856][ T5905] usb 4-1: device descriptor read/8, error -71 [ 203.725547][ T5905] usb usb4-port1: unable to enumerate USB device [ 203.794669][ T5961] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 203.907902][ T5961] zl10353_read_register: readreg error (reg=127, ret==0) [ 203.984275][ T5961] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T' [ 204.041454][ T5961] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected. [ 204.080822][ T5961] usb 2-1: USB disconnect, device number 2 [ 204.123333][ T5961] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected. [ 205.525581][ T5966] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 205.705344][ T5966] usb 2-1: device descriptor read/64, error -71 [ 205.785481][ T980] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 205.794051][ T5905] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 205.985711][ T980] usb 4-1: unable to get BOS descriptor or descriptor too short [ 205.995968][ T5966] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 206.053468][ T980] usb 4-1: New USB device found, idVendor=1235, idProduct=4661, bcdDevice=ae.13 [ 206.062630][ T5905] usb 5-1: Using ep0 maxpacket: 16 [ 206.067911][ T980] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 206.076564][ T980] usb 4-1: Product: syz [ 206.084604][ T5905] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 206.115325][ T980] usb 4-1: Manufacturer: syz [ 206.135281][ T5966] usb 2-1: device descriptor read/64, error -71 [ 206.151758][ T980] usb 4-1: SerialNumber: syz [ 206.157606][ T5905] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 206.168734][ T5905] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 206.221889][ T5905] usb 5-1: config 0 descriptor?? [ 206.251535][ T5966] usb usb2-port1: attempt power cycle [ 206.645264][ T5966] usb 2-1: new full-speed USB device number 5 using dummy_hcd [ 206.652217][ T5905] mcp2221 0003:04D8:00DD.0001: unknown main item tag 0x0 [ 206.689382][ T5966] usb 2-1: device descriptor read/8, error -71 [ 206.696691][ T5905] mcp2221 0003:04D8:00DD.0001: unknown main item tag 0x0 [ 206.703784][ T5905] mcp2221 0003:04D8:00DD.0001: unknown main item tag 0x0 [ 206.710936][ T5905] mcp2221 0003:04D8:00DD.0001: unknown main item tag 0x0 [ 206.719455][ T5905] mcp2221 0003:04D8:00DD.0001: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.4-1/input0 [ 206.995315][ T5966] usb 2-1: new full-speed USB device number 6 using dummy_hcd [ 207.057775][ T5905] usb 5-1: USB disconnect, device number 2 [ 207.110668][ T5966] usb 2-1: device descriptor read/8, error -71 [ 207.259124][ T5966] usb usb2-port1: unable to enumerate USB device [ 207.461030][ C1] vcan0: j1939_tp_rxtimer: 0xffff888053e7f800: rx timeout, send abort [ 207.623249][ T6775] netlink: 17 bytes leftover after parsing attributes in process `syz.4.195'. [ 207.633420][ T6775] net_ratelimit: 10 callbacks suppressed [ 207.633436][ T6775] netlink: zone id is out of range [ 207.644886][ T6775] netlink: zone id is out of range [ 207.652872][ T6775] netlink: zone id is out of range [ 207.660172][ T6775] netlink: zone id is out of range [ 207.665557][ T6775] netlink: zone id is out of range [ 207.674484][ T6775] netlink: zone id is out of range [ 207.681792][ T6775] netlink: zone id is out of range [ 207.688396][ T6775] netlink: zone id is out of range [ 207.694127][ T6775] netlink: zone id is out of range [ 207.700630][ T6775] netlink: zone id is out of range [ 207.962158][ C1] vcan0: j1939_tp_rxtimer: 0xffff888053e7ec00: rx timeout, send abort [ 207.970577][ C1] vcan0: j1939_tp_rxtimer: 0xffff888053e7f800: abort rx timeout. Force session deactivation [ 208.239559][ T6788] gretap0: entered promiscuous mode [ 208.255964][ T6788] gretap0: left promiscuous mode [ 208.459713][ T980] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 208.462803][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805539f800: rx timeout, send abort [ 208.475406][ C1] vcan0: j1939_tp_rxtimer: 0xffff888053e7ec00: abort rx timeout. Force session deactivation [ 208.974951][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805539f800: abort rx timeout. Force session deactivation [ 208.986415][ T980] snd-usb-audio 4-1:8.0: probe with driver snd-usb-audio failed with error -2 [ 209.072455][ T980] usb 4-1: USB disconnect, device number 8 [ 209.804731][ T5857] udevd[5857]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:8.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 210.432460][ T6803] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 211.779680][ T5961] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 212.025677][ T5961] usb 2-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 212.078015][ T5961] usb 2-1: config 27 has 0 interfaces, different from the descriptor's value: 1 [ 212.180130][ T5961] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 212.199552][ T5961] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 213.695006][ T6831] netlink: 'syz.0.209': attribute type 1 has an invalid length. [ 214.074974][ T6831] 8021q: adding VLAN 0 to HW filter on device bond1 [ 214.310119][ T6834] bond1: (slave veth0_to_bond): making interface the new active one [ 214.378074][ T6834] bond1: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 214.458970][ T6842] netlink: 20 bytes leftover after parsing attributes in process `syz.3.210'. [ 214.515455][ T6835] vlan2: entered allmulticast mode [ 214.625684][ T6845] netlink: 'syz.3.210': attribute type 12 has an invalid length. [ 214.637345][ T6845] netlink: 9472 bytes leftover after parsing attributes in process `syz.3.210'. [ 214.673423][ T6835] bond1: entered allmulticast mode [ 214.755360][ T6835] veth0_to_bond: entered allmulticast mode [ 214.852088][ T980] usb 2-1: USB disconnect, device number 7 [ 214.877929][ T6806] delete_channel: no stack [ 217.579434][ T6868] netlink: 4 bytes leftover after parsing attributes in process `syz.2.217'. [ 217.645506][ T6868] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 217.750348][ T6868] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 217.845618][ T980] usb 5-1: new full-speed USB device number 3 using dummy_hcd [ 218.225044][ T980] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 218.298695][ T980] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFC, changing to 0x8C [ 218.380153][ T980] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8C has an invalid bInterval 0, changing to 10 [ 218.415465][ T6878] input: syz1 as /devices/virtual/input/input6 [ 218.425156][ T980] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8C has invalid wMaxPacketSize 0 [ 218.495478][ T980] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 218.565778][ T6878] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 218.579503][ T980] usb 5-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=a4.8f [ 218.600639][ T980] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 218.640558][ T980] usb 5-1: Product: syz [ 218.644752][ T980] usb 5-1: Manufacturer: syz [ 218.718928][ T980] usb 5-1: SerialNumber: syz [ 218.799174][ T980] usb 5-1: config 0 descriptor?? [ 218.920033][ T980] xbox_remote_probe: endpoint_in message size==0? [ 219.133916][ T980] usb 5-1: USB disconnect, device number 3 [ 220.763116][ T6895] netlink: 8 bytes leftover after parsing attributes in process `syz.0.224'. [ 221.765743][ T6911] netlink: 4 bytes leftover after parsing attributes in process `syz.4.228'. [ 225.253116][ T6943] binder: 6942:6943 ioctl 5000943f 200000000200 returned -22 [ 226.658649][ T6958] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 226.836329][ T6955] bond1: entered promiscuous mode [ 226.841442][ T6955] bond1: entered allmulticast mode [ 227.021503][ T5961] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 227.044780][ T6955] 8021q: adding VLAN 0 to HW filter on device bond1 [ 227.226908][ T5961] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 227.238280][ T5961] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 227.275257][ T5961] usb 5-1: New USB device found, idVendor=041e, idProduct=3100, bcdDevice= 0.00 [ 227.355297][ T5961] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 227.459754][ T5961] usb 5-1: config 0 descriptor?? [ 227.497210][ T6954] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 227.713178][ T6954] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 227.747597][ T6954] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 228.369377][ T5961] input: HID 041e:3100 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:041E:3100.0002/input/input7 [ 228.483946][ T5961] creative-sb0540 0003:041E:3100.0002: input,hidraw0: USB HID v0.05 Device [HID 041e:3100] on usb-dummy_hcd.4-1/input0 [ 228.990578][ T6982] gretap0: entered promiscuous mode [ 229.009678][ T6985] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 229.074173][ T6982] gretap0: left promiscuous mode [ 229.552108][ T5966] usb 5-1: reset full-speed USB device number 4 using dummy_hcd [ 230.327875][ T5967] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 230.528077][ T5967] usb 2-1: Using ep0 maxpacket: 32 [ 230.540215][ T5961] usb 5-1: USB disconnect, device number 4 [ 230.594058][ T5967] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 230.606101][ T5967] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 230.666368][ T5967] usb 2-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 230.754637][ T5967] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 230.884936][ T5967] usb 2-1: config 0 descriptor?? [ 231.461884][ T5967] ft260 0003:0403:6030.0003: unknown main item tag 0x7 [ 231.659097][ T5967] ft260 0003:0403:6030.0003: chip code: 6424 8183 [ 231.859761][ T5967] ft260 0003:0403:6030.0003: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.1-1/input0 [ 232.060467][ T5967] ft260 0003:0403:6030.0003: failed to retrieve status: -32, no wakeup [ 232.334625][ T6994] netlink: 20 bytes leftover after parsing attributes in process `syz.1.250'. [ 232.695205][ T5967] usb 2-1: reset high-speed USB device number 8 using dummy_hcd [ 234.729133][ T5905] usb 2-1: USB disconnect, device number 8 [ 236.193307][ T7031] syz_tun: entered allmulticast mode [ 236.290730][ T7031] syz_tun: left allmulticast mode [ 237.865759][ T7056] binder: 7055:7056 ioctl 5000943f 200000000200 returned -22 [ 239.095183][ T5905] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 239.245349][ T5905] usb 3-1: Using ep0 maxpacket: 32 [ 239.255219][ T5905] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 239.269273][ T5905] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 239.319840][ T5905] usb 3-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 239.343061][ T5905] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 239.465523][ T7070] ================================================================== [ 239.473635][ T7070] BUG: KASAN: slab-use-after-free in tcp_prune_ofo_queue+0x37e/0x6e0 [ 239.481715][ T7070] Read of size 4 at addr ffff8880114e41d0 by task syz.3.272/7070 [ 239.489425][ T7070] [ 239.491773][ T7070] CPU: 1 UID: 0 PID: 7070 Comm: syz.3.272 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) [ 239.491792][ T7070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 239.491807][ T7070] Call Trace: [ 239.491814][ T7070] [ 239.491822][ T7070] dump_stack_lvl+0x189/0x250 [ 239.491843][ T7070] ? __virt_addr_valid+0x1c8/0x5c0 [ 239.491861][ T7070] ? rcu_is_watching+0x15/0xb0 [ 239.491875][ T7070] ? __pfx_dump_stack_lvl+0x10/0x10 [ 239.491891][ T7070] ? rcu_is_watching+0x15/0xb0 [ 239.491905][ T7070] ? lock_release+0x4b/0x3e0 [ 239.491926][ T7070] ? _raw_spin_lock_irqsave+0xb3/0xf0 [ 239.491944][ T7070] ? __virt_addr_valid+0x1c8/0x5c0 [ 239.491961][ T7070] ? __virt_addr_valid+0x4a5/0x5c0 [ 239.491998][ T7070] print_report+0xca/0x230 [ 239.492012][ T7070] ? tcp_prune_ofo_queue+0x37e/0x6e0 [ 239.492028][ T7070] kasan_report+0x118/0x150 [ 239.492049][ T7070] ? tcp_prune_ofo_queue+0x37e/0x6e0 [ 239.492069][ T7070] tcp_prune_ofo_queue+0x37e/0x6e0 [ 239.492097][ T7070] tcp_try_rmem_schedule+0xb6b/0x1830 [ 239.492131][ T7070] tcp_data_queue+0x4e3/0x6380 [ 239.492153][ T7070] ? __pfx_tcp_data_queue+0x10/0x10 [ 239.492167][ T7070] ? __pfx_tcp_urg+0x10/0x10 [ 239.492180][ T7070] ? read_tsc+0x9/0x20 [ 239.492203][ T7070] tcp_rcv_established+0xf9e/0x1eb0 [ 239.492219][ T7070] ? rt_is_expired+0x1c/0x2d0 [ 239.492242][ T7070] ? __pfx_tcp_rcv_established+0x10/0x10 [ 239.492255][ T7070] ? rt_is_expired+0x1c/0x2d0 [ 239.492274][ T7070] ? rt_is_expired+0x1c/0x2d0 [ 239.492294][ T7070] ? rt_is_expired+0x250/0x2d0 [ 239.492314][ T7070] ? __pfx_ipv4_dst_check+0x10/0x10 [ 239.492334][ T7070] ? __pfx_ipv4_dst_check+0x10/0x10 [ 239.492354][ T7070] tcp_v4_do_rcv+0xa23/0xce0 [ 239.492392][ T7070] ? __pfx_tcp_v4_do_rcv+0x10/0x10 [ 239.492409][ T7070] __release_sock+0x21c/0x350 [ 239.492427][ T7070] release_sock+0x5f/0x1f0 [ 239.492445][ T7070] tcp_sendmsg+0x39/0x50 [ 239.492460][ T7070] __sock_sendmsg+0x19c/0x270 [ 239.492477][ T7070] __sys_sendto+0x3bd/0x520 [ 239.492497][ T7070] ? __pfx___sys_sendto+0x10/0x10 [ 239.492515][ T7070] ? do_futex+0x395/0x420 [ 239.492545][ T7070] ? rcu_is_watching+0x15/0xb0 [ 239.492561][ T7070] __x64_sys_sendto+0xde/0x100 [ 239.492581][ T7070] do_syscall_64+0xfa/0x3b0 [ 239.492600][ T7070] ? lockdep_hardirqs_on+0x9c/0x150 [ 239.492617][ T7070] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.492631][ T7070] ? clear_bhb_loop+0x60/0xb0 [ 239.492648][ T7070] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.492662][ T7070] RIP: 0033:0x7fb01c98e929 [ 239.492680][ T7070] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 239.492692][ T7070] RSP: 002b:00007fb01a7f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 239.492714][ T7070] RAX: ffffffffffffffda RBX: 00007fb01cbb5fa0 RCX: 00007fb01c98e929 [ 239.492725][ T7070] RDX: 000000000000059a RSI: 0000200000000580 RDI: 0000000000000003 [ 239.492734][ T7070] RBP: 00007fb01ca10ca1 R08: 0000000000000000 R09: 0000000000000000 [ 239.492743][ T7070] R10: 0000000010008095 R11: 0000000000000246 R12: 0000000000000000 [ 239.492752][ T7070] R13: 0000000000000000 R14: 00007fb01cbb5fa0 R15: 00007ffe1d209c98 [ 239.492768][ T7070] [ 239.492785][ T7070] [ 239.550628][ T5905] usb 3-1: config 0 descriptor?? [ 239.554806][ T7070] Allocated by task 7070: [ 239.818531][ T7070] kasan_save_track+0x3e/0x80 [ 239.823235][ T7070] __kasan_slab_alloc+0x6c/0x80 [ 239.828181][ T7070] kmem_cache_alloc_node_noprof+0x1bb/0x3c0 [ 239.834091][ T7070] __alloc_skb+0x112/0x2d0 [ 239.838541][ T7070] tcp_stream_alloc_skb+0x3d/0x340 [ 239.843752][ T7070] tcp_write_xmit+0xeec/0x67f0 [ 239.848538][ T7070] __tcp_push_pending_frames+0x97/0x360 [ 239.854109][ T7070] tcp_rcv_established+0x1012/0x1eb0 [ 239.859408][ T7070] tcp_v4_do_rcv+0xa23/0xce0 [ 239.864015][ T7070] __release_sock+0x21c/0x350 [ 239.868706][ T7070] release_sock+0x5f/0x1f0 [ 239.873137][ T7070] tcp_sendmsg+0x39/0x50 [ 239.877399][ T7070] __sock_sendmsg+0x19c/0x270 [ 239.882094][ T7070] __sys_sendto+0x3bd/0x520 [ 239.886619][ T7070] __x64_sys_sendto+0xde/0x100 [ 239.891388][ T7070] do_syscall_64+0xfa/0x3b0 [ 239.895932][ T7070] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.901842][ T7070] [ 239.904182][ T7070] Freed by task 7070: [ 239.908172][ T7070] kasan_save_track+0x3e/0x80 [ 239.912864][ T7070] kasan_save_free_info+0x46/0x50 [ 239.917896][ T7070] __kasan_slab_free+0x62/0x70 [ 239.922684][ T7070] kmem_cache_free+0x18f/0x400 [ 239.927481][ T7070] tcp_prune_ofo_queue+0x198/0x6e0 [ 239.932607][ T7070] tcp_try_rmem_schedule+0xb6b/0x1830 [ 239.937989][ T7070] tcp_data_queue+0x4e3/0x6380 [ 239.942762][ T7070] tcp_rcv_established+0xf9e/0x1eb0 [ 239.947966][ T7070] tcp_v4_do_rcv+0xa23/0xce0 [ 239.952654][ T7070] __release_sock+0x21c/0x350 [ 239.957339][ T7070] release_sock+0x5f/0x1f0 [ 239.961779][ T7070] tcp_sendmsg+0x39/0x50 [ 239.966049][ T7070] __sock_sendmsg+0x19c/0x270 [ 239.970741][ T7070] __sys_sendto+0x3bd/0x520 [ 239.975270][ T7070] __x64_sys_sendto+0xde/0x100 [ 239.980058][ T7070] do_syscall_64+0xfa/0x3b0 [ 239.984575][ T7070] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.990478][ T7070] [ 239.992812][ T7070] The buggy address belongs to the object at ffff8880114e4000 [ 239.992812][ T7070] which belongs to the cache skbuff_fclone_cache of size 488 [ 240.007564][ T7070] The buggy address is located 464 bytes inside of [ 240.007564][ T7070] freed 488-byte region [ffff8880114e4000, ffff8880114e41e8) [ 240.021376][ T7070] [ 240.023707][ T7070] The buggy address belongs to the physical page: [ 240.030127][ T7070] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x114e4 [ 240.038892][ T7070] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 240.047391][ T7070] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 240.054946][ T7070] page_type: f5(slab) [ 240.058933][ T7070] raw: 00fff00000000040 ffff888140e9fa00 dead000000000122 0000000000000000 [ 240.067521][ T7070] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 240.076115][ T7070] head: 00fff00000000040 ffff888140e9fa00 dead000000000122 0000000000000000 [ 240.084807][ T7070] head: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 240.093484][ T7070] head: 00fff00000000001 ffffea0000453901 00000000ffffffff 00000000ffffffff [ 240.102164][ T7070] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 240.110836][ T7070] page dumped because: kasan: bad access detected [ 240.117257][ T7070] page_owner tracks the page as allocated [ 240.122989][ T7070] page last allocated via order 1, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 7070, tgid 7069 (syz.3.272), ts 239464390675, free_ts 178846280896 [ 240.142190][ T7070] post_alloc_hook+0x240/0x2a0 [ 240.146968][ T7070] get_page_from_freelist+0x21e4/0x22c0 [ 240.152529][ T7070] __alloc_frozen_pages_noprof+0x181/0x370 [ 240.158359][ T7070] alloc_pages_mpol+0x232/0x4a0 [ 240.163217][ T7070] allocate_slab+0x8a/0x370 [ 240.167719][ T7070] ___slab_alloc+0xbeb/0x1410 [ 240.172420][ T7070] kmem_cache_alloc_node_noprof+0x280/0x3c0 [ 240.178384][ T7070] __alloc_skb+0x112/0x2d0 [ 240.182838][ T7070] tcp_stream_alloc_skb+0x3d/0x340 [ 240.187961][ T7070] tcp_write_xmit+0xeec/0x67f0 [ 240.192747][ T7070] __tcp_push_pending_frames+0x97/0x360 [ 240.198301][ T7070] tcp_rcv_established+0x1012/0x1eb0 [ 240.203596][ T7070] tcp_v4_do_rcv+0xa23/0xce0 [ 240.207619][ C0] vcan0: j1939_tp_rxtimer: 0xffff888054881800: rx timeout, send abort [ 240.208189][ T7070] __release_sock+0x21c/0x350 [ 240.221023][ T7070] release_sock+0x5f/0x1f0 [ 240.225458][ T7070] tcp_sendmsg+0x39/0x50 [ 240.229705][ T7070] page last free pid 5852 tgid 5852 stack trace: [ 240.236115][ T7070] __free_frozen_pages+0xbc4/0xd30 [ 240.241234][ T7070] __put_partials+0x156/0x1a0 [ 240.245921][ T7070] put_cpu_partial+0x17c/0x250 [ 240.250714][ T7070] __slab_free+0x2d5/0x3c0 [ 240.255146][ T7070] qlist_free_all+0x97/0x140 [ 240.259752][ T7070] kasan_quarantine_reduce+0x148/0x160 [ 240.265218][ T7070] __kasan_slab_alloc+0x22/0x80 [ 240.270078][ T7070] kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 240.275542][ T7070] getname_flags+0xb8/0x540 [ 240.280045][ T7070] __x64_sys_unlink+0x3a/0x50 [ 240.284730][ T7070] do_syscall_64+0xfa/0x3b0 [ 240.289245][ T7070] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 240.295146][ T7070] [ 240.297475][ T7070] Memory state around the buggy address: [ 240.303109][ T7070] ffff8880114e4080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 240.311183][ T7070] ffff8880114e4100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 240.319246][ T7070] >ffff8880114e4180: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc [ 240.327310][ T7070] ^ [ 240.333980][ T7070] ffff8880114e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 240.342050][ T7070] ffff8880114e4280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 240.350108][ T7070] ================================================================== [ 240.435525][ T7070] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 240.442782][ T7070] CPU: 0 UID: 0 PID: 7070 Comm: syz.3.272 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) [ 240.454172][ T7070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 240.464241][ T7070] Call Trace: [ 240.467532][ T7070] [ 240.470474][ T7070] dump_stack_lvl+0x99/0x250 [ 240.475072][ T7070] ? __asan_memcpy+0x40/0x70 [ 240.479672][ T7070] ? __pfx_dump_stack_lvl+0x10/0x10 [ 240.484890][ T7070] ? __pfx__printk+0x10/0x10 [ 240.489503][ T7070] vpanic+0x281/0x750 [ 240.493497][ T7070] ? preempt_schedule+0xae/0xc0 [ 240.498365][ T7070] ? __pfx_vpanic+0x10/0x10 [ 240.502882][ T7070] ? preempt_schedule_common+0x83/0xd0 [ 240.508369][ T7070] ? preempt_schedule+0xae/0xc0 [ 240.513224][ T7070] ? __pfx_preempt_schedule+0x10/0x10 [ 240.518601][ T7070] panic+0xb9/0xc0 [ 240.522330][ T7070] ? __pfx_panic+0x10/0x10 [ 240.526774][ T7070] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 240.532676][ T7070] ? is_module_address+0x17/0xf0 [ 240.537619][ T7070] ? tcp_prune_ofo_queue+0x37e/0x6e0 [ 240.542918][ T7070] check_panic_on_warn+0x89/0xb0 [ 240.547870][ T7070] ? tcp_prune_ofo_queue+0x37e/0x6e0 [ 240.553164][ T7070] end_report+0x78/0x160 [ 240.557421][ T7070] kasan_report+0x129/0x150 [ 240.562026][ T7070] ? tcp_prune_ofo_queue+0x37e/0x6e0 [ 240.567323][ T7070] tcp_prune_ofo_queue+0x37e/0x6e0 [ 240.572446][ T7070] tcp_try_rmem_schedule+0xb6b/0x1830 [ 240.577830][ T7070] tcp_data_queue+0x4e3/0x6380 [ 240.582609][ T7070] ? __pfx_tcp_data_queue+0x10/0x10 [ 240.587844][ T7070] ? __pfx_tcp_urg+0x10/0x10 [ 240.592457][ T7070] ? read_tsc+0x9/0x20 [ 240.596546][ T7070] tcp_rcv_established+0xf9e/0x1eb0 [ 240.601757][ T7070] ? rt_is_expired+0x1c/0x2d0 [ 240.606451][ T7070] ? __pfx_tcp_rcv_established+0x10/0x10 [ 240.612099][ T7070] ? rt_is_expired+0x1c/0x2d0 [ 240.616788][ T7070] ? rt_is_expired+0x1c/0x2d0 [ 240.621481][ T7070] ? rt_is_expired+0x250/0x2d0 [ 240.626261][ T7070] ? __pfx_ipv4_dst_check+0x10/0x10 [ 240.631471][ T7070] ? __pfx_ipv4_dst_check+0x10/0x10 [ 240.636685][ T7070] tcp_v4_do_rcv+0xa23/0xce0 [ 240.641289][ T7070] ? __pfx_tcp_v4_do_rcv+0x10/0x10 [ 240.646415][ T7070] __release_sock+0x21c/0x350 [ 240.651094][ T7070] release_sock+0x5f/0x1f0 [ 240.655513][ T7070] tcp_sendmsg+0x39/0x50 [ 240.659758][ T7070] __sock_sendmsg+0x19c/0x270 [ 240.664472][ T7070] __sys_sendto+0x3bd/0x520 [ 240.669007][ T7070] ? __pfx___sys_sendto+0x10/0x10 [ 240.674047][ T7070] ? do_futex+0x395/0x420 [ 240.678409][ T7070] ? rcu_is_watching+0x15/0xb0 [ 240.683181][ T7070] __x64_sys_sendto+0xde/0x100 [ 240.687960][ T7070] do_syscall_64+0xfa/0x3b0 [ 240.692526][ T7070] ? lockdep_hardirqs_on+0x9c/0x150 [ 240.697770][ T7070] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 240.703853][ T7070] ? clear_bhb_loop+0x60/0xb0 [ 240.708539][ T7070] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 240.714434][ T7070] RIP: 0033:0x7fb01c98e929 [ 240.718863][ T7070] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 240.738489][ T7070] RSP: 002b:00007fb01a7f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 240.746912][ T7070] RAX: ffffffffffffffda RBX: 00007fb01cbb5fa0 RCX: 00007fb01c98e929 [ 240.754893][ T7070] RDX: 000000000000059a RSI: 0000200000000580 RDI: 0000000000000003 [ 240.762872][ T7070] RBP: 00007fb01ca10ca1 R08: 0000000000000000 R09: 0000000000000000 [ 240.770879][ T7070] R10: 0000000010008095 R11: 0000000000000246 R12: 0000000000000000 [ 240.778854][ T7070] R13: 0000000000000000 R14: 00007fb01cbb5fa0 R15: 00007ffe1d209c98 [ 240.786835][ T7070] [ 240.790261][ T7070] Kernel Offset: disabled [ 240.794591][ T7070] Rebooting in 86400 seconds..