last executing test programs: 14.12534811s ago: executing program 4 (id=4122): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x3, 0x8, 0x8001, 0x0, 0x9, 0xf66f, 0xfffffe0000000001, 0x800, 0xffffffff}, 0x0) ioctl$BTRFS_IOC_GET_FEATURES(r1, 0x80189439, 0x0) quotactl_fd$Q_GETINFO(r0, 0xffffffff80000502, 0x0, &(0x7f0000000380)) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c000000020601080000000000000000000000400500010006200000050005000a00000005000400000000000900020073797a310000000011000300686173683a69702c6d61726b"], 0x4c}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000540)=ANY=[@ANYBLOB="342a339af7ece7d6460000000906010400000000000000000500ffff0c00078008000a40000000050900020073797a310000000005000100070000007762559c50771230de74cc59b8ee90dd1553a081c0e60b2cbb312eb548e9a950ecf8e0813070e23f16d8b11cd91bc89b9f1ccdab48e220191b01980498f85a919fd13c5a00ab016abb304bed4ad9f673a6502abdd6c35507e63108ed2021c966ac73b2895be3737f250aa4db2ef5c6b346"], 0x34}}, 0x4000080) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DESTROY(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c0000000306250000a62a6ebcb23a68d10000000500010007000000"], 0x1c}}, 0x20000090) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) openat$sequencer2(0xffffff9c, &(0x7f0000000080), 0x143240, 0x0) r6 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000040)=0x5) r7 = dup(r6) ioctl$SIOCSIFHWADDR(r7, 0x8926, &(0x7f0000002640)={'dvmrp1\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1f}}) 11.33065378s ago: executing program 4 (id=4128): io_setup(0x7, &(0x7f0000003000)) io_setup(0x434, &(0x7f0000003580)=0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000280), 0xffffffffffffffff) r3 = socket$l2tp(0x2, 0x2, 0x73) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r4, 0x0) r5 = socket$unix(0x1, 0x2, 0x0) bind$unix(r5, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmsg$unix(r5, &(0x7f00000000c0)={&(0x7f0000000200)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x4040801}, 0x20008840) setsockopt$SO_TIMESTAMP(r5, 0x1, 0x1d, &(0x7f0000000080)=0x7, 0x4) recvmmsg(r5, &(0x7f0000000c00), 0x0, 0x1000400000de, 0x0) sendmsg$L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="230900000000000000000100000005000700000000000800090000000000060002000100000008000a000000000008001700", @ANYRES32=r3], 0x3c}}, 0x0) close(r3) io_destroy(r0) r6 = socket$netlink(0x10, 0x3, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000340)={'caif0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@getchain={0x24, 0x11, 0x839, 0x70bd27, 0x0, {0x0, 0x0, 0x0, r8}}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x0) io_cancel(r0, 0x0, 0x0) 11.107462436s ago: executing program 1 (id=4130): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x0, 0x0}, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x3, 0x8, 0x8001, 0x0, 0x9, 0xf66f, 0xfffffe0000000001, 0x800, 0xffffffff}, 0x0) ioctl$BTRFS_IOC_GET_FEATURES(r1, 0x80189439, &(0x7f0000000100)) quotactl_fd$Q_GETINFO(r0, 0xffffffff80000502, 0x0, &(0x7f0000000380)) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c000000020601080000000000000000000000400500010006200000050005000a00000005000400000000000900020073797a310000000011000300686173683a69702c6d61726b"], 0x4c}}, 0x0) 10.487100149s ago: executing program 4 (id=4131): ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000040)={0x5, 0x6576, 0x9}) r0 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = syz_open_dev$video4linux(0x0, 0x5, 0x1a9a00) ioctl$VIDIOC_SUBDEV_S_FMT(r1, 0xc0585605, &(0x7f0000000080)={0x1, 0x0, {0x1, 0x5, 0x3009, 0x9, 0x1, 0xc, 0x2, 0x310}}) r2 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000140)={0xc, 0x0, 0x0}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r5, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, 0x0, 0x0) r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) sendfile(r6, r7, 0x0, 0x201f00) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000240)={0xc}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000040)={0x28, 0x2, r3, 0x0, &(0x7f0000392000/0x3000)=nil, 0x3000, 0xab1a}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r2, 0x3ba0, &(0x7f0000000680)={0x48, 0x7, 0xffffffffffffffff, 0x0, 0x10001, 0x0, 0x0, 0x2020f2, 0x749bc}) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="580000001400192340834b80043f679a10ff3d425f9c000100804824cabecc4b381eaadc28f23457e792945f64009400050028925aaa000000c600000000000000feff2c707f8f80ff00"/88, 0x58}], 0x1) 9.298985186s ago: executing program 2 (id=4132): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sched_setattr(0x0, 0x0, 0x0) ioctl$BTRFS_IOC_GET_FEATURES(r1, 0x80189439, &(0x7f0000000100)) quotactl_fd$Q_GETINFO(r0, 0xffffffff80000502, 0x0, &(0x7f0000000380)) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c000000020601080000000000000000000000400500010006200000050005000a00000005000400000000000900020073797a310000000011000300686173683a69702c6d61726b"], 0x4c}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000540)=ANY=[@ANYBLOB="342a339af7ece7d6460000000906010400000000000000000500ffff0c00078008000a40000000050900020073797a310000000005000100070000007762559c50771230de74cc59b8ee90dd1553a081c0e60b2cbb312eb548e9a950ecf8e0813070e23f16d8b11cd91bc89b9f1ccdab48e220191b01980498f85a919fd13c5a00ab016abb304bed4ad9f673a6502abdd6c35507e63108ed2021c966ac73b2895be3737f250aa4db2ef5c6b346"], 0x34}}, 0x4000080) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DESTROY(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c0000000306250000a62a6ebcb23a68d10000000500010007000000"], 0x1c}}, 0x20000090) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) openat$sequencer2(0xffffff9c, &(0x7f0000000080), 0x143240, 0x0) r6 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000040)=0x5) r7 = dup(r6) ioctl$SIOCSIFHWADDR(r7, 0x8926, &(0x7f0000002640)={'dvmrp1\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1f}}) 9.223914325s ago: executing program 0 (id=4133): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x21800, 0x0) r2 = syz_open_dev$vim2m(&(0x7f0000000180), 0x0, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r2, 0xc0405602, &(0x7f0000000040)={0x14, 0x2, 0x0, "11010000001400000100b64c0000005c4b7c1500", 0x30314442}) socket(0x1d, 0x2, 0x6) r3 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x801) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r3, 0x40045532, 0x0) syz_open_dev$sndpcmp(&(0x7f0000001200), 0x0, 0xa2c65) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0) write$binfmt_script(r4, 0x0, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r6, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r5, 0x0, 0x0) sendmsg$nl_route(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000005c0)=ANY=[@ANYBLOB="3300000010001fff0000000001000000000000d7", @ANYRESOCT=r5, @ANYRESHEX, @ANYRES64=r4], 0x3c}, 0x1, 0x0, 0x0, 0x40040}, 0x81) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000c00)=ANY=[@ANYBLOB="b7000000ff020000bfa3000000000000070300c000feffff620af0fff8ffffff71a4f0ff000000002d040200000000001d400200000000004604000001ed00ffbf002000000000001d440000000000007a0a00fe00ffffffc3030000a0000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710e4d58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00c37dfca3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebba2c598b4fc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0465f2f994114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840b08000000f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c3bfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed93517a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c25000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e82623951743283070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130b51d6c9b94c5513df2d85e8c01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef670000000000000000ba470bfe62fe2933082149d42e8a00a5b4f7e9ad0500000000000000"], &(0x7f00000001c0)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffbf}, 0x48) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket(0x1, 0x803, 0x0) sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYRES32=0x0, @ANYBLOB="0005000000000000180012800b0001006772657461700000080002800400120008000a00", @ANYRES32], 0x40}, 0x1, 0x0, 0x0, 0x24000804}, 0x8000) r9 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c0000001000010400"/20, @ANYBLOB="00030000000000001c0012800c0001006d6163766c616e000c000280080001000800000008000500", @ANYRES32=r10, @ANYBLOB, @ANYRES32=r10, @ANYBLOB], 0x4c}}, 0x0) 7.987357777s ago: executing program 4 (id=4134): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2) r2 = socket$inet(0x2, 0x3, 0x9) setsockopt$sock_int(r2, 0x1, 0x2e, &(0x7f0000000000)=0x7b, 0x4) shutdown(r2, 0x0) recvmmsg(r2, &(0x7f00000066c0), 0xa0d, 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0) r3 = creat(0x0, 0x1a2) ioctl$BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000280)={'\x00', 0x7e, 0x1000, 0x5c8, 0x80000003, 0x6}) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) r4 = openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0xa8202, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="ba7ac64bb371e642d4f3994a251ee7e88a53655f5f2aa8cf13aef63dba46f7465a", @ANYRES64=r5, @ANYRES32=r3, @ANYRES8=r3], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r5, 0x0, 0x0) sendmsg$NFT_MSG_GETOBJ(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="14000000130a01fa0000"], 0x14}}, 0x4040040) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'bond0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c0000005e000100"/20, @ANYRES32=r6, @ANYRES32], 0x1c}, 0x1, 0x0, 0x0, 0x20000004}, 0x0) ioctl$AUTOFS_IOC_PROTOSUBVER(0xffffffffffffffff, 0x80049367, &(0x7f00000000c0)) 7.904357371s ago: executing program 1 (id=4135): socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='stack\x00') lseek(r2, 0xae7d, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x42000, 0x0) r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000100), r2) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f0000000400)) sendmsg$DEVLINK_CMD_RELOAD(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000840)=ANY=[@ANYBLOB="84000000", @ANYRES8, @ANYBLOB="01042dbd7000fcdbdf2525000000080001007063690011000200303030303a30303a31", @ANYRES32=r2, @ANYBLOB="08000100706369300000000008008b000000000000000000000000000000000001d4a9880749a97370008920f077df72b0fd6020ed157160f676272c6b0ec8491a43c50491e8d6b649af992c6a6c8c19313acd09869227d208", @ANYRES16=r4, @ANYRES32=r2, @ANYBLOB], 0x84}, 0x1, 0x0, 0x0, 0x200c000}, 0x20040801) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={'pim6reg1\x00', 0x2}) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00') r6 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_ASSOCINFO(r6, 0x84, 0x1, &(0x7f0000000900)={0x0, 0x0, 0x2, 0x7, 0x1ffd, 0x2}, 0x14) r7 = socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$USBDEVFS_ALLOW_SUSPEND(0xffffffffffffffff, 0x5522) ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000040)=@urb_type_interrupt={0x1, {0x1, 0x1}, 0x4, 0x25, 0x0, 0x0, 0x800, 0xa, 0x0, 0x0, 0xb5, 0x0}) syz_genetlink_get_family_id$tipc2(0x0, r2) sendmsg$TIPC_NL_KEY_SET(r5, &(0x7f0000000500)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000380)={&(0x7f00000003c0)=ANY=[@ANYRES16=r5, @ANYRES32=0x0], 0xfc}, 0x1, 0x0, 0x0, 0x20004001}, 0x4010) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000140), 0x4) setsockopt$SO_ATTACH_FILTER(r7, 0x1, 0x1a, &(0x7f00000001c0)={0x4, &(0x7f0000000040)=[{0x0, 0x0, 0xcc, 0x5}, {0x6, 0x9, 0x2, 0x7}, {0xd, 0x7, 0x3c, 0x40}, {0x6, 0xa, 0x10}]}, 0x10) r8 = syz_io_uring_setup(0x5c2, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x8006, 0x11f}, &(0x7f0000000240)=0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000700)={r2, 0x0, 0xc2, 0x22, &(0x7f0000000540)="f107f4f79202202ca28c9fe08862f8794e1b46e5f08cf7c6c568321b2b7b1b332555b951534815c7217a63042f38d6f2ea52997c2f62dbe82573fd6711092c097fb8ebdcf2279733759ded45fb5d8d4c00ca11cc80caf5abda01775b15dac058d7070d1eb26860380207879af486b51923f23d1946859818032aa57b5f34f38568470bc5914131c22fc232bc4201ba1cf269432f92d3fc8b7742233991bf3549553c3ca995ed2915e5aec6e250b27115a859f21a83293973d9fffe5895f36399e88c", &(0x7f0000000640)=""/34, 0xb4b, 0x0, 0x0, 0x3c, 0x0, &(0x7f00000006c0)="ea99394a5f49cab8cef339b7f0def184c373ac8c50a2f4c7f39c9f9db92be8e16dde31179a29927a4c4c7e892c5eda9eec7dfb4bb198d6e470fa3d38", 0x4}, 0x50) syz_io_uring_submit(r9, r10, &(0x7f00000004c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x68, 0x3, r8, 0x0, 0x0, 0x0, 0x1, 0x1, {0x2}}) io_uring_enter(r8, 0x6e2, 0x600, 0x1, 0x0, 0x0) 6.839474532s ago: executing program 0 (id=4136): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c80)={0x5c, 0x9, 0x6, 0x801, 0x0, 0x0, {0x7}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x34, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @remote}}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0xe1f}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x88}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e22}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x10000042}, 0x90) 6.835717854s ago: executing program 3 (id=4137): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x4c, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x2) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c80)={0x5c, 0x9, 0x6, 0x801, 0x0, 0x0, {0x7}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x34, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @remote}}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0xe1f}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x88}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e22}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x10000042}, 0x90) 6.347096668s ago: executing program 0 (id=4138): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x1c, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x0, {}, [@NHA_BLACKHOLE={0x4}]}, 0x1c}}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@newnexthop={0x24, 0x68, 0x1, 0x2, 0x7ffffffc, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x4}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@ipv4_newroute={0x24, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x0, 0x10, 0x0, 0xfe, 0x4, 0x0, 0x1, 0x20000000}, [@RTA_NH_ID={0x8, 0x1e, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x4a044}, 0x4010) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv6_newnexthop={0x24, 0x68, 0x309, 0x0, 0x0, {}, [@NHA_FDB={0x4}, @NHA_ID={0x8, 0x1, 0x1}]}, 0x24}}, 0x0) 5.634624985s ago: executing program 0 (id=4139): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x0, 0x0}, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x3, 0x8, 0x8001, 0x0, 0x9, 0xf66f, 0xfffffe0000000001, 0x800, 0xffffffff}, 0x0) ioctl$BTRFS_IOC_GET_FEATURES(r1, 0x80189439, &(0x7f0000000100)) quotactl_fd$Q_GETINFO(r0, 0xffffffff80000502, 0x0, &(0x7f0000000380)) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c000000020601080000000000000000000000400500010006200000050005000a00000005000400000000000900020073797a310000000011000300686173683a69702c6d61726b"], 0x4c}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000540)=ANY=[@ANYBLOB="342a339af7ece7d6460000000906010400000000000000000500ffff0c00078008000a40000000050900020073797a310000000005000100070000007762559c50771230de74cc59b8ee90dd1553a081c0e60b2cbb312eb548e9a950ecf8e0813070e23f16d8b11cd91bc89b9f1ccdab48e220191b01980498f85a919fd13c5a00ab016abb304bed4ad9f673a6502abdd6c35507e63108ed2021c966ac73b2895be3737f250aa4db2ef5c6b346"], 0x34}}, 0x4000080) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DESTROY(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c0000000306250000a62a6ebcb23a68d10000000500010007000000"], 0x1c}}, 0x20000090) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) openat$sequencer2(0xffffff9c, &(0x7f0000000080), 0x143240, 0x0) r6 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000040)=0x5) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8926, &(0x7f0000002640)={'dvmrp1\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1f}}) 5.624130781s ago: executing program 3 (id=4140): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x0, 0x0}, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x3, 0x8, 0x8001, 0x0, 0x9, 0xf66f, 0xfffffe0000000001, 0x800, 0xffffffff}, 0x0) ioctl$BTRFS_IOC_GET_FEATURES(r1, 0x80189439, &(0x7f0000000100)) quotactl_fd$Q_GETINFO(r0, 0xffffffff80000502, 0x0, &(0x7f0000000380)) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c000000020601080000000000000000000000400500010006200000050005000a00000005000400000000000900020073797a310000000011000300686173683a69702c6d61726b"], 0x4c}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000540)=ANY=[@ANYBLOB="342a339af7ece7d6460000000906010400000000000000000500ffff0c00078008000a40000000050900020073797a310000000005000100070000007762559c50771230de74cc59b8ee90dd1553a081c0e60b2cbb312eb548e9a950ecf8e0813070e23f16d8b11cd91bc89b9f1ccdab48e220191b01980498f85a919fd13c5a00ab016abb304bed4ad9f673a6502abdd6c35507e63108ed2021c966ac73b2895be3737f250aa4db2ef5c6b346"], 0x34}}, 0x4000080) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DESTROY(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c0000000306250000a62a6ebcb23a68d10000000500010007000000"], 0x1c}}, 0x20000090) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) openat$sequencer2(0xffffff9c, &(0x7f0000000080), 0x143240, 0x0) r6 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000040)=0x5) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8926, &(0x7f0000002640)={'dvmrp1\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1f}}) 5.579791584s ago: executing program 4 (id=4141): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x181100, 0x0) r1 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x1) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) r4 = socket$igmp6(0xa, 0x3, 0x2) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r6, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x4, 0x8001, 0x0, 0xb49, 0x200000000002, 0x7, 0x408, 0x3}, 0x0) ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f00000013c0)={0x3, 0x2, 0x2, {0x5, @vbi={0xb5, 0x0, 0x3, 0x20363159, [0x0, 0x8000000], [0x8200, 0x1]}}}) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_RINGS_SET(r9, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000580)={0x4c, r10, 0x1, 0x200000, 0x25dfdbfe, {}, [@ETHTOOL_A_RINGS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_RINGS_RX={0x8, 0x6, 0x800}, @ETHTOOL_A_RINGS_RX_MINI={0x8}, @ETHTOOL_A_RINGS_TX={0x8, 0x9, 0x7}, @ETHTOOL_A_RINGS_RX_JUMBO={0x8}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4080001}, 0x4048806) sendmsg$BATADV_CMD_SET_MESH(r7, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r8, @ANYRES8=r4, @ANYBLOB='\b\x002\x00\x00\x00'], 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x0) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16, @ANYBLOB="05fa0000000000000000060000000825b03e", @ANYRES32=0x0, @ANYBLOB], 0x24}}, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16, @ANYBLOB="050000000000000000004400000008000300", @ANYRES32, @ANYBLOB="08002c090f"], 0x30}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=@newqdisc={0x3c, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x28, r3, {}, {0xffff, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_FLOWS={0x8, 0x2, 0x810c}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x2}, 0x2000400c) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) 4.828653663s ago: executing program 1 (id=4142): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2) r2 = socket$inet(0x2, 0x3, 0x9) setsockopt$sock_int(r2, 0x1, 0x2e, &(0x7f0000000000)=0x7b, 0x4) shutdown(r2, 0x0) recvmmsg(r2, &(0x7f00000066c0), 0xa0d, 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0) r3 = creat(0x0, 0x1a2) ioctl$BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000280)={'\x00', 0x7e, 0x1000, 0x5c8, 0x80000003, 0x6}) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) r4 = openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0xa8202, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="ba7ac64bb371e642d4f3994a251ee7e88a53655f5f2aa8cf13aef63dba46f7465a", @ANYRES64=r5, @ANYRES32=r3, @ANYRES8=r3], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r5, 0x0, 0x0) sendmsg$NFT_MSG_GETOBJ(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="14000000130a01fa0000"], 0x14}}, 0x4040040) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'bond0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c0000005e000100"/20, @ANYRES32=r6, @ANYRES32], 0x1c}, 0x1, 0x0, 0x0, 0x20000004}, 0x0) ioctl$AUTOFS_IOC_PROTOSUBVER(0xffffffffffffffff, 0x80049367, &(0x7f00000000c0)) 4.548124569s ago: executing program 2 (id=4143): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)=@newlink={0x4c, 0x10, 0xffffff1f, 0x0, 0x1, {0x0, 0x0, 0x0, 0x0, 0x4008, 0x40000}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ENCAP_TYPE={0x6}]}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 3.963935444s ago: executing program 2 (id=4144): openat$procfs(0xffffffffffffff9c, &(0x7f0000000b40)='/proc/slabinfo\x00', 0x0, 0x0) pipe2$9p(&(0x7f0000001900), 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500)) syz_emit_ethernet(0x5e, &(0x7f00000004c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb86dd603000bb00282b00fe800000000000000000000000000000fe8000000000000000000000000000aa87"], 0x0) 3.535831453s ago: executing program 2 (id=4145): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x0, 0x0}, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x3, 0x8, 0x8001, 0x0, 0x9, 0xf66f, 0xfffffe0000000001, 0x800, 0xffffffff}, 0x0) ioctl$BTRFS_IOC_GET_FEATURES(r1, 0x80189439, &(0x7f0000000100)) quotactl_fd$Q_GETINFO(r0, 0xffffffff80000502, 0x0, &(0x7f0000000380)) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c000000020601080000000000000000000000400500010006200000050005000a00000005000400000000000900020073797a310000000011000300686173683a69702c6d61726b"], 0x4c}}, 0x0) 3.301779041s ago: executing program 4 (id=4146): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', 0x0}) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000d00)=@ipv6_newroute={0x44, 0x18, 0x1, 0x0, 0x25dfdbff, {}, [@RTA_OIF={0x8, 0x4, r4}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x7}, @RTA_ENCAP={0x18, 0x16, 0x0, 0x1, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x2, {0x6, 0x0, 0x4, 0x0, 0x9, 0x40, 0xff}}}}}]}, 0x44}}, 0x0) 2.998167761s ago: executing program 3 (id=4147): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x21800, 0x0) r2 = syz_open_dev$vim2m(&(0x7f0000000180), 0x0, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r2, 0xc0405602, &(0x7f0000000040)={0x14, 0x2, 0x0, "11010000001400000100b64c0000005c4b7c1500", 0x30314442}) socket(0x1d, 0x2, 0x6) r3 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x801) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r3, 0x40045532, 0x0) syz_open_dev$sndpcmp(&(0x7f0000001200), 0x0, 0xa2c65) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0) write$binfmt_script(r4, 0x0, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r6, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r5, 0x0, 0x0) sendmsg$nl_route(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000005c0)=ANY=[@ANYBLOB="3300000010001fff0000000001000000000000d7", @ANYRESOCT=r5, @ANYRESHEX, @ANYRES64=r4], 0x3c}, 0x1, 0x0, 0x0, 0x40040}, 0x81) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000c00)=ANY=[@ANYBLOB="b7000000ff020000bfa3000000000000070300c000feffff620af0fff8ffffff71a4f0ff000000002d040200000000001d400200000000004604000001ed00ffbf002000000000001d440000000000007a0a00fe00ffffffc3030000a0000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710e4d58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00c37dfca3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebba2c598b4fc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0465f2f994114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840b08000000f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c3bfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed93517a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c25000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e82623951743283070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130b51d6c9b94c5513df2d85e8c01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef670000000000000000ba470bfe62fe2933082149d42e8a00a5b4f7e9ad0500000000000000"], &(0x7f00000001c0)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffbf}, 0x48) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket(0x1, 0x803, 0x0) sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYRES32=0x0, @ANYBLOB="0005000000000000180012800b0001006772657461700000080002800400120008000a00", @ANYRES32], 0x40}, 0x1, 0x0, 0x0, 0x24000804}, 0x8000) r9 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c0000001000010400"/20, @ANYBLOB="00030000000000001c0012800c0001006d6163766c616e000c000280080001000800000008000500", @ANYRES32=r10, @ANYBLOB, @ANYRES32=r10, @ANYBLOB], 0x4c}}, 0x0) 2.881134186s ago: executing program 0 (id=4148): syz_usb_connect$hid(0x5, 0x0, 0x0, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x18, 0x0, 0x500) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) lsm_set_self_attr(0x68, 0x0, 0x20, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xfffffffffffffffb, 0x9, 0x6, 0x0, 0x7}, 0x0) r3 = syz_open_dev$usbfs(0x0, 0x76, 0x101301) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x4c02}) readv(r6, &(0x7f00000001c0)=[{&(0x7f0000001400)=""/227, 0x10}], 0x4) r7 = socket$kcm(0x2, 0xa, 0x2) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r5, 0x8983, &(0x7f0000000080)={0x0, 'syzkaller1\x00', {0x4}, 0x1}) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', @link_local}) r8 = syz_open_dev$vim2m(&(0x7f0000000000), 0x3, 0x2) ioctl$vim2m_VIDIOC_STREAMOFF(r8, 0x40045612, &(0x7f0000000080)=0x2) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$USBDEVFS_CLEAR_HALT(r3, 0xc0105502, &(0x7f0000000300)={0x1, 0x1}) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89101) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) socket$inet_smc(0x2b, 0x1, 0x0) write$binfmt_script(r0, &(0x7f0000000200), 0xfffffd9d) 2.829073259s ago: executing program 3 (id=4149): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c80)={0x5c, 0x9, 0x6, 0x801, 0x0, 0x0, {0x7}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x34, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @remote}}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0xe1f}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x88}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e22}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x10000042}, 0x90) 2.534996175s ago: executing program 3 (id=4150): r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000040)={0x5, 0x6576, 0x9}) r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = syz_open_dev$video4linux(&(0x7f0000000000), 0x5, 0x1a9a00) ioctl$VIDIOC_SUBDEV_S_FMT(r2, 0xc0585605, &(0x7f0000000080)={0x1, 0x0, {0x1, 0x5, 0x3009, 0x9, 0x1, 0xc, 0x2, 0x310}}) r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000140)={0xc, 0x0, 0x0}) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r7, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) r8 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r9 = openat$nullb(0xffffffffffffff9c, 0x0, 0x1c3902, 0x0) sendfile(r8, r9, 0x0, 0x201f00) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000001f0900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x54}}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000050a0900000000000000001d020000000900010073797a30000000000900030073797a32"], 0x54}}, 0x0) ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000240)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r1, 0x3ba0, &(0x7f0000000500)={0x48, 0x2, r10}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r1, 0x3ba0, &(0x7f0000000400)={0x48, 0x5, r10, 0x0, 0xffffffffffffffff, 0x1}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r1, 0x3ba0, &(0x7f0000000180)={0x48, 0x5, r4, 0x0, 0xffffffffffffffff}) ioctl$IOMMU_TEST_OP_ACCESS_RW$syz(r1, 0x3ba0, &(0x7f0000000280)={0x48, 0x8, r11, 0x0, 0x2, 0x35f2c8, 0xffe, &(0x7f0000000700)="669107e49540eb910d728c386673f62f9d0135a44e6c2a699c84473fb0e056393190ec7ee015e8cadf37e3446649d2c0a50768b07ef1ef096d4dbf0215202f96399c9559e02b6b62c90d0738c49206a8181a2640e93c9add1ca5ebe943fbb6a00b6941497fe7ae00ff665cc809a3d35a73b96aed76a9fa473fe8a4eb19722f77fb5a4077ef9aea7a81e29a16a7e3405c56fcb47aad5927aba6fe998191ad4be2941d8aacba61f01368b7690beb5e561e727cdb91758037b60f80a4dbb9aa8dc2fa9554adf978d03d767c931a9b8a6e0f2c0931b34e6067704fae64c07dc25c9899fcfccf25c503a4c3a8c4a2b8f56b4d97918ce0df518f8e7a9bcf3ee1aa4cf7f62dca791a0c71a61d5e8366461f778523851d7ecb7d518c93a070e85c79a995f59b08d1e79d5a5b93097c3d76e463c831fe1602eaac86ea6b66a22a4583227973f652d6b1651348fca6821ca97b0a3d222fa50bd3a26b51321330a9910644167d40123f81be1e7c4a6e15d2f7b1f8793d24a1c77f3fe215c14ffca631e84adb2dd560b222041f99d9d8b604d5c155b8a7f3834996691514bac878104bdfcf5a2f1025710c940283c63e071bff173ebeede7cca0b216fe4f14b15b71a416d8c607d11e981aa9d3cc59a54eb9e038c6ea981c263ea411c9d15ce6f88e12020f8f08135701ba5fd578b0f1592877c3891094760f5b4581c80ad2d64cc7243e1aef01783763e16fa8a0616d6ccd5097589457db055f6c98f2274c07292897320e2a5a5cf54faba181bdd778d9ff1c881c1d5bb0ceb5f5fb6c6122ce88131ef4c7913515aef2825f54156cc7a0ba58c86fa8ac095d34137994ea2e82ad665f4b3e70cf29143b4bbf3479c4bf4b971d8836e118b2e560abac28ba0092aec5b34dea290a2aa282dc680ac24da49362ef04a9f0e29586dfa3110d8de798dacb2404588f543d4c637501ccdf21c1013ca35287e77456500eada7711e28b1284b17b6b74a272e304b876116fdb6717a641478714b8072bf944115f013b4fd91672c0fafc145d89316d98e8c4bb3f7fc9f72525f658bbd8e045ae10b7b764a73ebd5c3a51e2d1f23c9bd369430c13ce237257b5c8d6bdd09ade31926b82105482678de595229ac88fed73cd568a3df21c5b306423a338b0f44b01311d16c3b3857c17921b619577ff47af89f2f09e770400989415f23c2f68d4411edcfb13b058264a5c065d5778378408420b248b1e8f485d6d061f6eca8e0b99d4cc71934a7a710c61d2b7c2084ccfe0507bcc47dcf24a916161c27202c8d2f62527528efced8e5127d1de7356c3844b75a093369b583462f427abffa492006e152fff2516b9243e76805288695d2cdcb23bb8d3e841ffd0f30f56ec9f5af8b6a76d74cb217ac4d5f539f21e124e19861afc9ec6a01662981c757b5c8222980eea247132b08487e41ac8f76b12e9a985d64d1ba7e66720314819205f9bfd6dfbb85a9e21cad864efd42645e8a762456b7e57f5e6fbe285e3ec8f26f50ea2c10a10e324e9b6d34c8c2954a4e8a8dc9a3858bc2c3c664b01b4b89b62c28b3c5764203720655ae957e237943d85a25d7fdedb24e3c1d09551abc391740dbd6f01033ac6cb972da7f2793012bbdeb3c53823b5b233ff333c4302ce479dc4bd579c76b672a8a4c91ee1871a74b31d613aeec8477be3cc9aa27a155ba2a2644697fb2d8a2888be0cf15ce85a011a4d33694e03a5a16be3ee8891a7ac880b80de7407ef685234e3b03376ce8393a1f114cd118952cc37be01507b0f74f3635a8c0c8f3a5ee9662c635266b81101c95022c982b4ccec3091568ab9a062821e5c7bfdc410a7b8d82e2ca7d29ba5ea9c036454737f5b83b1a5c81c2fec049c2d61e1eb83a46ca9a7cf0d7ea380e000dcb0366c3bb9decc1294b3bdf8627282107dc8fe8abae01010d36b13973c069b6d650f270fb0a72c4aee88dd410dbb1e521e20709f123a5d45384438234740f63c3c9daae2de59c504cdb378d8669ce35b7cd2fec66930cc75f784bf53d51e2fed15c3f4f72679a7011fb8d9a785ad1ca0d286357c0d95328fa424c0ecc61bb90a2aabcaa04d28bea3a74d555ec9fe696fe4cb4ef322c02744b65e5f95038a645a13cd9e64686b24aa11d5fad4d8204615a4c9e7b346a0b55b34ab9fa192e14366ba1e004804daf2200184a7c55adfbcf17de22327a7d4bc11575a7ac92030b50a87a998da764c609cb0701c78d59afcd73b6e6d1b1aecd05ee3108ce22525f6aa4faffb719e910b6047e57006b0066b5d6ed2de6b25de5ffed3194ba2033b69ed3367727450f7fbb8073a9b44df5536fb09526d12b81b455e15b6fdcd2533f0f6f97075ec0d7a3044412ada2c1fd667fb3aef6ea4f3b17ebecb910004f1cb31dc04496d271f256d08dc4296640c6070f268421b69276d9a1c5c0900bbdf19da9253300614472278f46049766cb0679fc6b789accddb03e445d14f4fce8edcaa4813ba0362a8e5042677e29152534b1829077b6a151adb13c96320b781ff5ce36376dfa8affac29481e5d715a50d3583b7bd42092dd22d63a03d02d1901f5bfa0a34d73026dd49409fffeffc2265b84c35e8fbb18832d881444cf3e6eafc793cfdfbf87fe67de7249e50338b9c57188941264c3f35d0880727d3aa5c2827c1cfbb7028658338121ee1456dd2ec149559b659212b832c19d029e4af1d26fac9e13a6f5dd5ec7e4bdceb1621e6e9c1b16152e8e4f41a48b7120f41bfce5b1c10b31831a71b1883bfd413627999627773dbbf94f2c418172f363073ffd9c26a97ddd5f18f51cc1053a87895394a1e66fd6be8c2d3df184ea477b148a86ccdbdb693cc54527c8b27a008b2095a27a65b7228171b02707ca3756afbab2736767083282ded0c62908ec1dc23723cc83d2f0bfdc5e9bc5bb6453d5248a6b6c3ebc0b64fae5387e2565680d10aed82519b8e88bbeec573da62e6f48df6fe5f74ffbcca025003876019f35772932a47d8cf0b429ee1b7e3bbc68723326939ffe52e7daa8f336f36943400c2b818ac7b7fa707e4c33dada3500d67e423764bc037032cc9afd16ff20b91df8ca6909a0117f2b1f7a12c98cc68f0d94eaabffba3140c0fc86ba102d46692ab442769e4b1c68e51877e11fb001240f6d3bea73cbe1bacade1510f171777151002e73d7b0f44b9279192d7386ea219e755a1be3f92f66f4267e4656938bfdc827ef8b8dc12d47c9415b1deabc307603c965ed443095f19619d4e2c5078399f92108e474e418b42e6e185907ff86589fe28de382c82f8a756f9ae50f5efc092e8ce31c2822d238443507cf7380045cd6a4ad6a24a2d40e07838c0df98c8e68347fb1b05e99fb1d83ad4f319cb7d9c7af50720e5c3e1c9c81bfea605b16093a6892bb528304f94e263f1523c85786466616472e51b8e1b9f02f1eef814ddda3d56a884235637f29cbb690f88dd117a3e7a50d0f39480ec146bfee59d1518a2d6d7fddd0af3873f7b24990981ed420a372aa27bfb1430e9fe401142fe4a50834a5305c504150f9a2041f7a7aa30429a932ef02ccbdc88364f8308dbf2351e4b1065b430c7e0167cc810b3badd5a5d430893a47e3a78aa6df09d572de385c6db8b2010b9c14dec7bc68d4d5ce32f249040ced840f2372813f5dab4c7872fc1c475dda691637176916f94c2e27124d5081f47507f7a6afeead13ad71cd159a48b7d6d72fcdffc71d39c52a04fdbe2194589f8a2e6c62d2006226b6302d0163e0e2b3cd13aa3128c2ee8d419b49fb20d16d8e3db645bdf043b55a8a3afb5b477cebaf7327f50677d19aa17ced0a47bef30b121e4af7272db27af66cdc913103d3b7d95fcf3fb3b6d5ff756fad0ad80c0df3a0a0a6706fae8b5bd15a3dc78c871761b09d2bb187683e7e1d3135ee0a1aa6deb3e867c00c44c12b6f9f1d9079c4bd47a2fd580c6ccf47ae837342574be9e0f145f00743c6af4228c808c54cda1b0ffee5cbb0e62fc3f28cf881b7918e39817c25edeb7e67f699929b7ee5c73fa9649b053a605bbf18bd13b977d9bffe5c1ebabcb8f54c0f667d5e3c789284ba9d4b19a9e30095b8d4f6b8ee6ecb5c8946114c803cc474fe94b8b353990dca0541ba8d7aa86ea3507b862fd13f10372d88bc7fc441b0967260b3375e2827aba7f82afff97159de688f2887eb615aad7c60a452905cdd4c98db86d91d2d89e797d626288ac4cea891234b3627469d79480acb82074c6d2c7dd05257be60d00820e14776855bf2297569fdb19ae77e051e12ce7d78f7cb7d6969212fae3b20b63ce7bd7c493b2a9d238c6e8de20098ab629167a5edaf0c91557a918e6d71cc14a9d6174e7123c1b77c3aa6f47159a1e320fbbf81a90c8b612a3e62d78d0cb09c37966e27ad823e2dcf61999db215f988cb6953978b08061e24427cb6444637fc11e30d2415ffc4744e7732ff697725682a8eced453f1c7a81f5fb4008e614d03b9f6fec34d8cd9d852c551218728673fbd4f46c67afeb79215d2bbe4db1eb7823449d01a5a2e58e8addc76ad848d4f39f8f87a1f750169008d563c3c355c2f6f48c4177a29bf2adc13b5144b03212b47082b2fc6b2b930317b918671ed57739fdd28ed7f4f1bf69e553fbfe09859aacc29f14ed5b33ba1b01ab81e573bd5e2d94d9afe7df19fedd2f53b03c2ab9c4668752ff3d09a933352cad60665f9bf91c9ae35494104bdeec0482a7a07fe1a7ba421b7cab8ee179430650795784fae202d6b385d6f1ed5be13ca69bc8008c3fbbab6de75210f14424b71918d093ccfa6734c89b0f594e31473ee6bf1ff29879e83e6f1d553151d438b23919ffb072ec40083398db3a004d8f76b12ebac8145f3db3c3b7324b1390b40cfec58ec9f6cefa7e821eb4c00db5a77aad3e5745bb4deb6de53048cd2507b674f2a3ab325161209d743112303759622d4840f2aaa00b9b8b55a1198b7ed342870cb6868e511ec3089c2b9a96e215d81ac01c157b0fd8fa12899a8b2c000b168ff08771e08c00452c554f148470d1a093f424009b995835e3af1ed8edaceec86ad7c1520f03583dd3e9c577e94683cc475150d2dab9738dad47ab8508d71e96c919a813867ce239c86682d5013e1410a9962b8305fcdb43e403ab6d566e953277ceb986bbb297a37a1745abe5d39b266d7e01e6f09d57a0805b42e9da4a1756aee7ff95f71f69b4759fe3f4777d6d4bfc5c9851054a812e4fc42bb37bf2b660235ceea79b932e12b72ab6220a6ef66dba268890a0199f5ba103bb8765407fa7eb9278929bb93b1ef99ec771a8c97c4c9df822aa42b4b7f3d98a5186515cb1db68189859e8cf70473afb41e5f2490c687eec1edf0914d50a980d08934a725b3725368e69c75687fc4ebf8b402e018e85f4476b6fbab57f9fd4a3f73664ab00da8607b7e7566e805cb23516c164e05aaff3cc2c819411b7d8c096e620a38c59ab756fb87fa851e371503c1f9076c84103eab507b1a91129a4d8ed53ee18bb4925cc2b8baf40541a701d83eb8a77554bc49637fae44070192f0679444f552908c7c3ddd45172e9b9e293e4ef6335a9362bd946887f87aed9bbcfe24b62e5f0b0639c65b41d5bf74d67e1d59b2d90d7d3e306cf24ff33db4ed9809e8cc7135e93ad86c2f71c6d9a70c4244c0314d5a697ae9eaab26b3b1591697e06f408c37cf22e75a7e7d32d3ef4c02772658b869edc289c86d3507e37fd341ae22d9cf9830d1957347ad8d5c80f439ca6b1c8a0f029d5e4539dc4150531e5e17ef8587535b8037897f29db12be", 0x4}) ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f0000000040)={0x28, 0x2, r4, 0x0, &(0x7f0000392000/0x3000)=nil, 0x3000, 0xab1a}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r3, 0x3ba0, &(0x7f0000000680)={0x48, 0x7, r11, 0x0, 0x10001, 0x0, 0x0, 0x2020f2, 0x749bc}) r12 = socket$netlink(0x10, 0x3, 0x4) writev(r12, &(0x7f0000000100)=[{&(0x7f0000000000)="580000001400192340834b80043f679a10ff3d425f9c000100804824cabecc4b381eaadc28f23457e792945f64009400050028925aaa000000c600000000000000feff2c707f8f80ff00"/88, 0x58}], 0x1) 2.393143196s ago: executing program 1 (id=4151): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x80002, 0x0) sendmsg(r1, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000040)="24000000180003041dfffd946f610500020100000005fe060c10880008000f00fff3c00e", 0x24}], 0x1}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x1c, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x0, {}, [@NHA_BLACKHOLE={0x4}]}, 0x1c}}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@ipv4_newroute={0x24, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x0, 0x10, 0x0, 0xfe, 0x4, 0x0, 0x1, 0x20000000}, [@RTA_NH_ID={0x8, 0x1e, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x4a044}, 0x4010) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@ipv6_newnexthop={0x24, 0x68, 0x309, 0x0, 0x0, {}, [@NHA_BLACKHOLE={0x4}, @NHA_ID={0x8, 0x1, 0x2}]}, 0x24}}, 0x20000000) 2.2312574s ago: executing program 1 (id=4152): ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000040)={0x5, 0x6576, 0x9}) r0 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = syz_open_dev$video4linux(0x0, 0x5, 0x1a9a00) ioctl$VIDIOC_SUBDEV_S_FMT(r1, 0xc0585605, &(0x7f0000000080)={0x1, 0x0, {0x1, 0x5, 0x3009, 0x9, 0x1, 0xc, 0x2, 0x310}}) r2 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000140)={0xc}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r4, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, 0x0, 0x0) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) sendfile(r5, r6, 0x0, 0x201f00) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x54}}, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000240)={0xc}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, 0x0) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r2, 0x3ba0, &(0x7f0000000680)={0x48, 0x7, 0xffffffffffffffff, 0x0, 0x10001, 0x0, 0x0, 0x2020f2, 0x749bc}) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)="580000001400192340834b80043f679a10ff3d425f9c000100804824cabecc4b381eaadc28f23457e792945f64009400050028925aaa000000c600000000000000feff2c707f8f80ff00"/88, 0x58}], 0x1) 1.995706845s ago: executing program 2 (id=4153): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000004700)={'team0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r2, {}, {}, {0x8, 0x6}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x8081}, 0x4000040) 106.561162ms ago: executing program 0 (id=4154): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r2 = socket(0x200000100000011, 0x3, 0x0) openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = syz_open_dev$media(&(0x7f00000000c0), 0x103, 0x0) timer_create(0x0, 0x0, 0x0) ptrace$ARCH_MAP_VDSO_64(0x1e, 0x0, 0x3, 0x2003) ioctl$MEDIA_IOC_REQUEST_ALLOC(r3, 0x80047c05, &(0x7f0000000080)) io_setup(0x23, &(0x7f0000000280)=0x0) io_submit(r4, 0x1, &(0x7f0000000040)=[0x0]) bind$packet(r2, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x7, 0x6, @local}, 0x14) r5 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000013c0)}, 0x0) sendmsg$netlink(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x880}, 0x4001) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/crypto\x00', 0x0, 0x0) fsopen(&(0x7f0000000100)='zonefs\x00', 0x1) r7 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r7, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x27}}, 0x10) connect$inet(r7, &(0x7f0000000480)={0x2, 0x4e21, @multicast2}, 0x10) sendfile(r7, r6, 0x0, 0x20000023893) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) 105.077741ms ago: executing program 2 (id=4155): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)=@newlink={0x4c, 0x10, 0xffffff1f, 0x0, 0x1, {0x0, 0x0, 0x0, 0x0, 0x4008, 0x40000}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ENCAP_TYPE={0x6}]}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 50.368353ms ago: executing program 3 (id=4156): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x181100, 0x0) r1 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x1) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) r4 = socket$igmp6(0xa, 0x3, 0x2) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r6, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x4, 0x8001, 0x0, 0xb49, 0x200000000002, 0x7, 0x408, 0x3}, 0x0) ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f00000013c0)={0x3, 0x2, 0x2, {0x5, @vbi={0xb5, 0x0, 0x3, 0x20363159, [0x0, 0x8000000], [0x8200, 0x1]}}}) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_RINGS_SET(r9, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000580)={0x4c, r10, 0x1, 0x200000, 0x25dfdbfe, {}, [@ETHTOOL_A_RINGS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_RINGS_RX={0x8, 0x6, 0x800}, @ETHTOOL_A_RINGS_RX_MINI={0x8}, @ETHTOOL_A_RINGS_TX={0x8, 0x9, 0x7}, @ETHTOOL_A_RINGS_RX_JUMBO={0x8}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4080001}, 0x4048806) sendmsg$BATADV_CMD_SET_MESH(r7, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r8, @ANYRES8=r4, @ANYBLOB='\b\x002\x00\x00\x00'], 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x0) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16, @ANYBLOB="05fa0000000000000000060000000825b03e", @ANYRES32=0x0, @ANYBLOB], 0x24}}, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16, @ANYBLOB="050000000000000000004400000008000300", @ANYRES32, @ANYBLOB="08002c090f"], 0x30}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=@newqdisc={0x3c, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x28, r3, {}, {0xffff, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_FLOWS={0x8, 0x2, 0x810c}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x2}, 0x2000400c) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0x4020ae46, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) 0s ago: executing program 1 (id=4157): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x0, 0x0}, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x3, 0x8, 0x8001, 0x0, 0x9, 0xf66f, 0xfffffe0000000001, 0x800, 0xffffffff}, 0x0) ioctl$BTRFS_IOC_GET_FEATURES(r1, 0x80189439, &(0x7f0000000100)) quotactl_fd$Q_GETINFO(r0, 0xffffffff80000502, 0x0, &(0x7f0000000380)) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c000000020601080000000000000000000000400500010006200000050005000a00000005000400000000000900020073797a310000000011000300686173683a69702c6d61726b"], 0x4c}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000540)=ANY=[@ANYBLOB="342a339af7ece7d6460000000906010400000000000000000500ffff0c00078008000a40000000050900020073797a310000000005000100070000007762559c50771230de74cc59b8ee90dd1553a081c0e60b2cbb312eb548e9a950ecf8e0813070e23f16d8b11cd91bc89b9f1ccdab48e220191b01980498f85a919fd13c5a00ab016abb304bed4ad9f673a6502abdd6c35507e63108ed2021c966ac73b2895be3737f250aa4db2ef5c6b346"], 0x34}}, 0x4000080) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DESTROY(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c0000000306250000a62a6ebcb23a68d10000000500010007000000"], 0x1c}}, 0x20000090) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) openat$sequencer2(0xffffff9c, &(0x7f0000000080), 0x143240, 0x0) r6 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000040)=0x5) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8926, &(0x7f0000002640)={'dvmrp1\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1f}}) kernel console output (not intermixed with test programs): 12281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 1192.096146][T14776] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1193.790289][T14790] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1193.818671][T14780] loop6: detected capacity change from 0 to 524287999 [ 1196.013070][T12667] Bluetooth: hci0: command 0x0406 tx timeout [ 1196.019196][T14788] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 1196.451523][T14788] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1196.478216][T14788] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1196.487610][T14788] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1196.494055][T14788] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1197.090917][T14814] loop6: detected capacity change from 0 to 524287999 [ 1198.250103][T12667] Bluetooth: hci1: command 0x0406 tx timeout [ 1198.494089][T12667] Bluetooth: hci2: command 0x0406 tx timeout [ 1198.500147][T12667] Bluetooth: hci3: command 0x0406 tx timeout [ 1198.573828][T13839] Bluetooth: hci4: command 0x0406 tx timeout [ 1198.846930][T14837] gretap1: entered promiscuous mode [ 1199.601059][T14837] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1480'. [ 1200.367928][T14846] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 1200.765466][T14856] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1200.986426][T14854] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1201.002177][T14854] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1201.025003][T14854] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1201.155668][T14854] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1201.463234][T14854] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1201.589497][T14858] loop6: detected capacity change from 0 to 524287999 [ 1202.092999][T14858] loop6: unable to read partition table [ 1202.104634][T14858] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 1202.778582][T14861] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1202.915041][T14866] loop6: detected capacity change from 0 to 524287999 [ 1203.053123][T13839] Bluetooth: hci3: command 0x0406 tx timeout [ 1203.059400][T12667] Bluetooth: hci1: command 0x0406 tx timeout [ 1203.066259][ T5876] Bluetooth: hci0: command 0x0406 tx timeout [ 1203.220455][T13839] Bluetooth: hci2: command 0x0406 tx timeout [ 1203.295135][T14873] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1203.543250][T13839] Bluetooth: hci4: command 0x0406 tx timeout [ 1203.799774][T14870] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1204.013476][T14870] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1204.022025][T14870] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1204.042357][T14870] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1204.055610][T14870] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1204.817267][T14884] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1205.122632][T14896] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1205.148055][T14897] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1205.330315][T14891] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1205.377041][T14891] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1205.456758][T14891] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1205.568720][T14891] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1205.578377][T14891] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1207.154369][T14914] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 1207.213147][T13839] Bluetooth: hci0: command 0x0406 tx timeout [ 1207.586978][T13839] Bluetooth: hci1: command 0x0406 tx timeout [ 1207.606017][T13839] Bluetooth: hci3: command 0x0406 tx timeout [ 1207.613689][T13839] Bluetooth: hci4: command 0x0406 tx timeout [ 1207.620803][T12667] Bluetooth: hci2: command 0x0406 tx timeout [ 1209.822337][T14934] syz.0.1499 uses obsolete (PF_INET,SOCK_PACKET) [ 1210.530328][T14946] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1210.611428][T14947] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1210.693295][T14949] loop6: detected capacity change from 0 to 524287999 [ 1212.028054][T14961] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 1214.276679][T14978] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1214.372450][T14982] loop6: detected capacity change from 0 to 524287999 [ 1214.599297][T14985] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1219.252205][T15021] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 1222.123942][T15047] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1222.312130][T15050] loop6: detected capacity change from 0 to 524287999 [ 1223.113750][T15056] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1225.530809][T15074] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1225.676663][T15077] loop6: detected capacity change from 0 to 524287999 [ 1226.791681][T15084] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 1229.485781][T15110] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1526'. [ 1232.108189][T15134] gretap1: entered promiscuous mode [ 1232.424598][T15133] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1530'. [ 1233.418883][T15142] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 1234.743646][T15151] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1235.253646][T15157] loop6: detected capacity change from 0 to 524287999 [ 1239.086232][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 1239.092816][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 1242.114855][T15207] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1544'. [ 1242.280300][T15219] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1242.317851][T15220] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1546'. [ 1242.345854][T15218] gretap1: entered promiscuous mode [ 1242.529732][T15222] loop6: detected capacity change from 0 to 524287999 [ 1255.206753][T15322] loop6: detected capacity change from 0 to 524287999 [ 1259.525650][T15363] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1259.570416][T15363] loop6: detected capacity change from 0 to 524287999 [ 1266.580029][T15410] gretap1: entered promiscuous mode [ 1266.694362][T15415] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1575'. [ 1271.496118][T15456] loop6: detected capacity change from 0 to 524287999 [ 1273.080963][T15444] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 1273.175568][T12667] Bluetooth: hci0: command 0x0406 tx timeout [ 1273.563627][T15444] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1273.570690][T15444] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1273.580149][T15444] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1273.587085][T15444] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1275.242794][T12667] Bluetooth: hci1: command 0x0406 tx timeout [ 1275.327246][T15491] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1275.556882][T15493] loop6: detected capacity change from 0 to 524287999 [ 1275.613801][T12667] Bluetooth: hci4: command 0x0406 tx timeout [ 1275.620070][T12667] Bluetooth: hci2: command 0x0406 tx timeout [ 1275.626782][T12667] Bluetooth: hci3: command 0x0406 tx timeout [ 1278.037670][T15524] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1591'. [ 1279.384384][T15517] gretap1: entered promiscuous mode [ 1281.907425][T15550] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1596'. [ 1284.254670][T15570] loop6: detected capacity change from 0 to 524287999 [ 1289.161903][T15622] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1289.366576][T15625] loop6: detected capacity change from 0 to 524287999 [ 1290.253010][T15625] Dev loop6: unable to read RDB block 8 [ 1290.259017][T15625] loop6: unable to read partition table [ 1290.265448][T15625] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 1291.193260][T15631] gretap1: entered promiscuous mode [ 1291.339053][T15634] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1606'. [ 1293.707955][T15659] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1612'. [ 1298.021218][T15693] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1298.196527][T15697] loop6: detected capacity change from 0 to 524287999 [ 1300.510595][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 1300.518474][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 1304.240197][T15753] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1304.435823][T15754] loop6: detected capacity change from 0 to 524287999 [ 1305.506697][T15759] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1628'. [ 1310.099071][T15802] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1310.494652][T15806] loop6: detected capacity change from 0 to 524287999 [ 1315.438212][T15825] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1315.444606][T15825] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1315.482039][T15825] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1315.490474][T15825] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1315.508568][T15825] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1315.959573][T15853] loop6: detected capacity change from 0 to 524287999 [ 1316.680271][T13839] Bluetooth: hci0: command 0x0406 tx timeout [ 1317.452936][T13839] Bluetooth: hci1: command 0x0406 tx timeout [ 1317.541128][T13839] Bluetooth: hci4: command 0x0406 tx timeout [ 1317.547467][T12667] Bluetooth: hci2: command 0x0406 tx timeout [ 1317.578942][T12667] Bluetooth: hci3: command 0x0406 tx timeout [ 1319.396612][T15867] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 1319.537708][T15870] loop6: detected capacity change from 0 to 524287999 [ 1325.396965][T15916] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1325.737041][T15923] loop6: detected capacity change from 0 to 524287999 [ 1328.463237][T15917] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1328.469484][T15917] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1328.480236][T15917] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1328.623283][T15917] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1328.629467][T15917] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1329.686708][T15940] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1330.573133][T13839] Bluetooth: hci3: command 0x0406 tx timeout [ 1330.579246][T13839] Bluetooth: hci1: command 0x0406 tx timeout [ 1330.585606][T13839] Bluetooth: hci0: command 0x0406 tx timeout [ 1330.674428][ T5876] Bluetooth: hci4: command 0x0406 tx timeout [ 1330.680555][ T5876] Bluetooth: hci2: command 0x0406 tx timeout [ 1331.413328][T15953] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1660'. [ 1334.362227][T15977] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1334.550562][T15983] loop6: detected capacity change from 0 to 524287999 [ 1335.261022][T15987] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 1343.281135][T16058] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1343.474206][T16063] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1343.544695][T16065] loop6: detected capacity change from 0 to 524287999 [ 1349.056059][T16108] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1349.341746][T16107] loop6: detected capacity change from 0 to 524287999 [ 1350.309919][T16107] Dev loop6: unable to read RDB block 8 [ 1350.315835][T16107] loop6: unable to read partition table [ 1350.325161][T16107] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 1357.145613][T16157] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1689'. [ 1361.610508][T16195] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1361.708100][T16198] loop6: detected capacity change from 0 to 524287999 [ 1361.944785][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 1361.951284][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 1364.205254][T16219] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1364.807004][T16220] loop6: detected capacity change from 0 to 524287999 [ 1370.736164][T16266] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1706'. [ 1373.428125][T16296] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1709'. [ 1373.838351][T16295] gretap1: entered promiscuous mode [ 1375.750322][T16314] loop6: detected capacity change from 0 to 524287999 [ 1376.776537][T16318] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 1380.792218][T16356] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1720'. [ 1386.428701][T16409] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 1386.504200][T16410] loop6: detected capacity change from 0 to 524287999 [ 1387.849593][T16422] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1387.904365][T16421] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1389.804122][T16438] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1392.092261][T16457] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1735'. [ 1393.256848][T16467] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1393.451444][T16470] loop6: detected capacity change from 0 to 524287999 [ 1395.419144][T16483] gretap1: entered promiscuous mode [ 1395.637735][T16488] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1741'. [ 1398.265454][T16502] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 1398.378477][T16506] loop6: detected capacity change from 0 to 524287999 [ 1399.452248][T16512] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1399.715601][T16516] loop6: detected capacity change from 0 to 524287999 [ 1399.972365][T16518] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1402.639826][T16546] loop6: detected capacity change from 0 to 524287999 [ 1402.690751][T16547] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1753'. [ 1404.399999][T16531] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1404.406348][T16531] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1404.412429][T16531] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1404.418770][T16531] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1404.424960][T16531] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1404.903513][T16571] gretap1: entered promiscuous mode [ 1404.910451][T13839] Bluetooth: hci0: command 0x0406 tx timeout [ 1405.163613][T16575] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1757'. [ 1406.414752][T13839] Bluetooth: hci3: command 0x0406 tx timeout [ 1406.414786][ T5876] Bluetooth: hci1: command 0x0406 tx timeout [ 1406.493002][ T5876] Bluetooth: hci4: command 0x0406 tx timeout [ 1406.499260][ T5876] Bluetooth: hci2: command 0x0406 tx timeout [ 1411.474832][T16617] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1411.563581][T16622] loop6: detected capacity change from 0 to 524287999 [ 1412.848359][T16630] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1412.886131][T16631] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1413.011093][T16633] loop6: detected capacity change from 0 to 524287999 [ 1413.887639][T16639] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1414.689986][T16646] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1415.865527][T16659] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1416.049434][T16663] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1769'. [ 1418.166498][T16678] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1771'. [ 1418.267064][T16674] gretap1: entered promiscuous mode [ 1418.576590][T16686] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1418.807351][T16688] loop6: detected capacity change from 0 to 524287999 [ 1423.376335][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 1423.383061][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 1423.532691][T16730] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1424.196191][T16734] loop6: detected capacity change from 0 to 524287999 [ 1424.336800][T16736] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1424.869328][T16742] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1427.346220][T16767] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1788'. [ 1428.683423][T16781] loop6: detected capacity change from 0 to 524287999 [ 1429.224256][T16759] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 1429.240328][ T5876] Bluetooth: hci0: command 0x0406 tx timeout [ 1429.650591][T16759] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1429.688103][T16759] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1429.695572][T16759] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1429.701884][T16759] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1430.181706][T16788] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1430.346884][T16792] loop6: detected capacity change from 0 to 524287999 [ 1431.469971][ T5876] Bluetooth: hci1: command 0x0406 tx timeout [ 1431.716282][ T5876] Bluetooth: hci3: command 0x0406 tx timeout [ 1431.773172][T13839] Bluetooth: hci4: command 0x0406 tx timeout [ 1431.773189][ T5876] Bluetooth: hci2: command 0x0406 tx timeout [ 1432.142341][T16808] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1435.565617][T16843] loop6: detected capacity change from 0 to 524287999 [ 1440.294468][T16879] loop6: detected capacity change from 0 to 524287999 [ 1440.769279][T16877] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1443.557500][T16904] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1443.744202][T16906] loop6: detected capacity change from 0 to 524287999 [ 1443.800227][T16907] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1444.472974][T16906] loop6: unable to read partition table [ 1444.498914][T16906] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 1445.793663][T16916] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1445.979641][T16920] loop6: detected capacity change from 0 to 524287999 [ 1452.858187][T16979] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1453.059138][T16987] loop6: detected capacity change from 0 to 524287999 [ 1455.507371][T16985] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1455.517219][T16985] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1455.688328][T17000] loop6: detected capacity change from 0 to 524287999 [ 1455.705742][T16985] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1455.715137][T16985] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1455.730293][T16985] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1455.863960][T13839] Bluetooth: hci0: command 0x0406 tx timeout [ 1457.084359][T17016] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1457.401447][T17020] loop6: detected capacity change from 0 to 524287999 [ 1457.693338][T13839] Bluetooth: hci1: command 0x0406 tx timeout [ 1457.778744][T13839] Bluetooth: hci4: command 0x0406 tx timeout [ 1457.786165][T13839] Bluetooth: hci2: command 0x0406 tx timeout [ 1457.792220][T13839] Bluetooth: hci3: command 0x0406 tx timeout [ 1459.920915][T17041] loop6: detected capacity change from 0 to 524287999 [ 1464.818884][T17088] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1465.032447][T17080] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 1465.103048][T17092] loop6: detected capacity change from 0 to 524287999 [ 1468.540866][T17115] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1468.787440][T17116] loop6: detected capacity change from 0 to 524287999 [ 1478.373634][T17211] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1478.663489][T17218] loop6: detected capacity change from 0 to 524287999 [ 1482.181896][T17238] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1865'. [ 1484.970849][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 1484.978711][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 1491.007008][T17318] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1491.196029][T17326] loop6: detected capacity change from 0 to 524287999 [ 1491.218351][T17327] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1880'. [ 1511.801536][T17465] gretap1: entered promiscuous mode [ 1511.847619][T17473] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1904'. [ 1521.399583][T17551] gretap1: entered promiscuous mode [ 1521.555223][T17553] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1918'. [ 1523.029967][T17541] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1523.153244][T17541] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1523.159780][T17541] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1523.182471][T17541] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1523.221915][T13839] Bluetooth: hci0: command 0x0406 tx timeout [ 1523.233967][T17541] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1525.217245][T13839] Bluetooth: hci2: command 0x0406 tx timeout [ 1525.223964][T13839] Bluetooth: hci3: command 0x0406 tx timeout [ 1525.230059][ T5876] Bluetooth: hci1: command 0x0406 tx timeout [ 1525.297679][T12667] Bluetooth: hci4: command 0x0406 tx timeout [ 1529.892900][T17625] gretap1: entered promiscuous mode [ 1530.002216][T17630] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1931'. [ 1543.420407][T17729] gretap1: entered promiscuous mode [ 1543.541724][T17732] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1945'. [ 1546.257017][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 1546.264592][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 1557.386327][T17832] gretap1: entered promiscuous mode [ 1557.408001][T17833] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1959'. [ 1569.976473][T17928] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1974'. [ 1571.405959][T17923] gretap1: entered promiscuous mode [ 1591.297187][T18113] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2004'. [ 1591.303605][T18111] gretap1: entered promiscuous mode [ 1600.518567][T18200] gretap1: entered promiscuous mode [ 1600.629260][T18203] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2016'. [ 1607.715129][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 1607.723783][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 1610.211606][T18289] gretap1: entered promiscuous mode [ 1610.831894][T18296] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2030'. [ 1625.216896][T18408] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2048'. [ 1626.126815][T18411] gretap1: entered promiscuous mode [ 1669.138602][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 1669.145206][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 1671.203303][T18813] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2110'. [ 1671.216852][T18812] gretap1: entered promiscuous mode [ 1683.923688][T18917] gretap1: entered promiscuous mode [ 1684.031838][T18918] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2127'. [ 1686.885994][T18974] gretap1: entered promiscuous mode [ 1686.905531][T18978] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 1687.057670][T18984] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2147'. [ 1687.068762][T18972] tipc: Started in network mode [ 1687.078425][T18972] tipc: Node identity 92618d8ca7ef, cluster identity 4711 [ 1687.113642][T18972] tipc: Enabled bearer , priority 0 [ 1687.154434][T18981] syzkaller0: entered promiscuous mode [ 1687.170648][T18981] syzkaller0: entered allmulticast mode [ 1687.244457][T18971] tipc: Resetting bearer [ 1687.278455][T18971] tipc: Disabling bearer [ 1687.870905][T18998] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2156'. [ 1688.217013][T19008] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2161'. [ 1688.488929][T19018] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2164'. [ 1689.874574][T15961] failed while handling packet from 1:16385 [ 1689.874653][T15961] failed while handling packet from 1:16385 [ 1689.880796][T15961] failed while handling packet from 1:16385 [ 1689.935884][T15961] failed while handling packet from 1:16385 [ 1689.942421][T15961] failed while handling packet from 1:16385 [ 1690.034981][T15961] failed while handling packet from 1:16385 [ 1690.040997][T15961] failed while handling packet from 1:16385 [ 1690.146558][T15961] failed while handling packet from 1:16385 [ 1690.216672][T15961] failed while handling packet from 1:16385 [ 1690.254552][T15961] failed while handling packet from 1:16385 [ 1690.302335][T15961] failed while handling packet from 1:16385 [ 1690.348918][T15961] failed while handling packet from 1:16385 [ 1690.376335][T15961] failed while handling packet from 1:16385 [ 1690.395398][T15961] failed while handling packet from 1:16385 [ 1690.412834][T15961] failed while handling packet from 1:16385 [ 1690.481939][T19058] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2176'. [ 1690.531422][T15961] failed while handling packet from 1:16385 [ 1690.531461][T15961] failed while handling packet from 1:16385 [ 1690.553555][T15961] failed while handling packet from 1:16385 [ 1690.615385][T15961] failed while handling packet from 1:16385 [ 1690.621389][T15961] failed while handling packet from 1:16385 [ 1690.715204][T15961] failed while handling packet from 1:16385 [ 1690.790933][T19054] gretap1: entered promiscuous mode [ 1690.803905][T15961] failed while handling packet from 1:16385 [ 1690.803963][T15961] failed while handling packet from 1:16385 [ 1691.088326][T19067] netlink: 'syz.4.2182': attribute type 1 has an invalid length. [ 1692.160234][T19088] mac80211_hwsim hwsim5 syzkaller0: entered promiscuous mode [ 1692.168638][T19088] mac80211_hwsim hwsim5 syzkaller0: entered allmulticast mode [ 1692.307591][T19093] syzkaller0: entered promiscuous mode [ 1692.327199][T19093] syzkaller0: entered allmulticast mode [ 1692.592905][T19101] netlink: 'syz.0.2196': attribute type 1 has an invalid length. [ 1692.937448][T19111] gretap1: entered promiscuous mode [ 1693.063248][T19116] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2200'. [ 1695.405000][T19151] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2216'. [ 1696.147168][T19161] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2220'. [ 1696.779512][T19168] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2223'. [ 1697.124598][T19173] gretap1: entered promiscuous mode [ 1697.173293][T19177] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2224'. [ 1698.799909][T19215] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2242'. [ 1699.498768][T19229] gretap1: entered promiscuous mode [ 1699.629925][T19231] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2247'. [ 1700.876294][T19283] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2255'. [ 1701.571052][ T30] audit: type=1326 audit(1758008560.988:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19298 comm="syz.1.2262" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5539 code=0x7ffc0000 [ 1701.640200][ T30] audit: type=1326 audit(1758008560.988:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19298 comm="syz.1.2262" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5539 code=0x7ffc0000 [ 1701.704956][ T30] audit: type=1326 audit(1758008560.998:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19298 comm="syz.1.2262" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fc5539 code=0x7ffc0000 [ 1701.770777][ T30] audit: type=1326 audit(1758008560.998:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19298 comm="syz.1.2262" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5539 code=0x7ffc0000 [ 1701.811487][ T30] audit: type=1326 audit(1758008561.008:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19298 comm="syz.1.2262" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fc5539 code=0x7ffc0000 [ 1701.844537][ T30] audit: type=1326 audit(1758008561.008:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19298 comm="syz.1.2262" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5539 code=0x7ffc0000 [ 1701.868151][ T30] audit: type=1326 audit(1758008561.008:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19298 comm="syz.1.2262" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5539 code=0x7ffc0000 [ 1702.014740][ T30] audit: type=1326 audit(1758008561.018:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19298 comm="syz.1.2262" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fc5539 code=0x7ffc0000 [ 1702.079613][ T30] audit: type=1326 audit(1758008561.018:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19298 comm="syz.1.2262" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5539 code=0x7ffc0000 [ 1702.176981][ T30] audit: type=1326 audit(1758008561.018:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19298 comm="syz.1.2262" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc5539 code=0x7ffc0000 [ 1702.724240][T19332] gretap1: entered promiscuous mode [ 1702.814809][T19335] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2274'. [ 1706.703476][T19393] gretap1: entered promiscuous mode [ 1706.789126][T19396] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2296'. [ 1707.463500][T19418] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2310'. [ 1711.736766][T19534] mac80211_hwsim hwsim10 syzkaller0: entered promiscuous mode [ 1711.749644][T19534] mac80211_hwsim hwsim10 syzkaller0: entered allmulticast mode [ 1712.846728][T19576] netlink: 'syz.3.2368': attribute type 10 has an invalid length. [ 1712.906327][T19576] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 1713.446212][T19606] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2381'. [ 1713.458164][T19606] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2381'. [ 1713.467793][T19606] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2381'. [ 1713.478853][T19606] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2381'. [ 1714.522122][T19641] mac80211_hwsim hwsim5 syzkaller0: left promiscuous mode [ 1714.532299][T19641] mac80211_hwsim hwsim5 syzkaller0: left allmulticast mode [ 1715.573914][T19672] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2409'. [ 1715.771068][T19671] gretap1: entered promiscuous mode [ 1717.936644][T19660] Can't find ip_set type [ 1720.789706][T19741] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2438'. [ 1721.682592][T19750] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2442'. [ 1723.084553][T19781] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2457'. [ 1723.348897][T19786] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2460'. [ 1724.779377][T19630] Set syz1 is full, maxelem 65536 reached [ 1725.860581][T19835] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2480'. [ 1726.401136][T19852] gretap1: entered promiscuous mode [ 1726.503388][T19854] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2481'. [ 1728.089995][T19877] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2490'. [ 1728.758902][T19886] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2493'. [ 1729.103692][T19891] tipc: Started in network mode [ 1729.120449][T19891] tipc: Node identity 080211000001, cluster identity 4711 [ 1729.143554][T19891] tipc: Enabled bearer , priority 0 [ 1729.220251][T19891] mac80211_hwsim hwsim5 syzkaller0: entered promiscuous mode [ 1729.266707][T19891] mac80211_hwsim hwsim5 syzkaller0: entered allmulticast mode [ 1730.264819][T10465] tipc: Node number set to 134418688 [ 1730.575715][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 1730.582607][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 1731.138161][T19943] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2515'. [ 1731.151043][T19943] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2515'. [ 1731.162073][T19943] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2515'. [ 1731.182462][T19943] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2515'. [ 1731.825742][T19973] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2526'. [ 1732.348858][T19999] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2537'. [ 1732.536975][T20005] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2541'. [ 1732.785387][T20014] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2542'. [ 1733.287673][T20028] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2550'. [ 1733.393117][T20037] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2555'. [ 1734.764586][T20066] gretap1: entered promiscuous mode [ 1735.589258][T20077] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 1736.534934][T20097] __nla_validate_parse: 3 callbacks suppressed [ 1736.534956][T20097] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2580'. [ 1736.917793][ T30] kauditd_printk_skb: 10 callbacks suppressed [ 1736.917813][ T30] audit: type=1326 audit(1758008596.338:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20106 comm="syz.3.2585" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe1539 code=0x7ffc0000 [ 1736.991096][ T30] audit: type=1326 audit(1758008596.338:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20106 comm="syz.3.2585" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe1539 code=0x7ffc0000 [ 1737.015101][ T30] audit: type=1326 audit(1758008596.348:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20106 comm="syz.3.2585" exe="/root/syz-executor" sig=0 arch=40000003 syscall=42 compat=1 ip=0xf7fe1539 code=0x7ffc0000 [ 1737.039996][ T30] audit: type=1326 audit(1758008596.348:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20106 comm="syz.3.2585" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe1539 code=0x7ffc0000 [ 1737.128436][ T30] audit: type=1326 audit(1758008596.348:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20106 comm="syz.3.2585" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe1539 code=0x7ffc0000 [ 1737.218536][T20120] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2589'. [ 1737.234071][ T30] audit: type=1326 audit(1758008596.348:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20106 comm="syz.3.2585" exe="/root/syz-executor" sig=0 arch=40000003 syscall=360 compat=1 ip=0xf7fe1539 code=0x7ffc0000 [ 1737.257820][ T30] audit: type=1326 audit(1758008596.348:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20106 comm="syz.3.2585" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe1539 code=0x7ffc0000 [ 1737.349906][ T30] audit: type=1326 audit(1758008596.348:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20106 comm="syz.3.2585" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe1539 code=0x7ffc0000 [ 1737.552782][ T30] audit: type=1326 audit(1758008596.348:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20106 comm="syz.3.2585" exe="/root/syz-executor" sig=0 arch=40000003 syscall=146 compat=1 ip=0xf7fe1539 code=0x7ffc0000 [ 1737.576517][ T30] audit: type=1326 audit(1758008596.348:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20106 comm="syz.3.2585" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe1539 code=0x7ffc0000 [ 1737.965017][T20134] netlink: 'syz.1.2597': attribute type 1 has an invalid length. [ 1738.324220][T20147] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2602'. [ 1738.619180][T20153] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2606'. [ 1738.654094][T20155] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2605'. [ 1739.408583][T20175] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2616'. [ 1739.566399][T20180] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2618'. [ 1739.626748][T20182] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2619'. [ 1740.458150][T20202] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2629'. [ 1740.464841][T20204] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2630'. [ 1741.622319][T20243] gretap1: entered promiscuous mode [ 1741.745049][T20247] __nla_validate_parse: 5 callbacks suppressed [ 1741.745069][T20247] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2643'. [ 1742.650951][T20252] tipc: Started in network mode [ 1742.705387][T20252] tipc: Node identity eae9f5eeb192, cluster identity 4711 [ 1742.723870][T20252] tipc: Enabled bearer , priority 0 [ 1742.731659][T20255] syzkaller0: entered promiscuous mode [ 1742.740570][T20255] syzkaller0: entered allmulticast mode [ 1742.840651][T20261] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2648'. [ 1743.142926][T20246] tipc: Resetting bearer [ 1743.160206][T20244] tipc: Resetting bearer [ 1743.363940][T20244] tipc: Disabling bearer [ 1743.518279][T20268] netlink: 'syz.3.2650': attribute type 1 has an invalid length. [ 1743.531149][T20268] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2650'. [ 1744.080999][T20286] gretap1: entered promiscuous mode [ 1744.148181][T20287] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2657'. [ 1744.626267][T20295] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2661'. [ 1744.638753][T20295] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2661'. [ 1744.648463][T20295] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2661'. [ 1744.671342][T20295] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2661'. [ 1745.259433][T20305] netlink: 'syz.4.2664': attribute type 1 has an invalid length. [ 1745.547510][T20314] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2667'. [ 1746.530835][T20332] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2676'. [ 1746.983297][T20341] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2680'. [ 1747.438265][T20343] gretap1: entered promiscuous mode [ 1747.476290][T20344] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2679'. [ 1748.049319][T20362] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2688'. [ 1748.588271][T20379] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2695'. [ 1749.278449][T20386] gretap1: entered promiscuous mode [ 1749.349922][T20389] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2697'. [ 1750.004029][T20397] mac80211_hwsim hwsim10 syzkaller0: left promiscuous mode [ 1750.061360][T20397] mac80211_hwsim hwsim10 syzkaller0: left allmulticast mode [ 1750.508951][T20408] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2707'. [ 1750.629670][T20412] syzkaller0: entered promiscuous mode [ 1750.635357][T20412] syzkaller0: entered allmulticast mode [ 1751.031644][T20423] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2713'. [ 1751.059505][T20422] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2716'. [ 1751.417649][T20437] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2721'. [ 1751.530013][T20440] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2722'. [ 1752.248625][T20466] mac80211_hwsim hwsim5 syzkaller0: left promiscuous mode [ 1752.276150][T20466] mac80211_hwsim hwsim5 syzkaller0: left allmulticast mode [ 1752.702222][T20479] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2736'. [ 1752.727650][T20481] netlink: 'syz.3.2737': attribute type 1 has an invalid length. [ 1752.750725][T20481] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2737'. [ 1753.083220][T20486] syzkaller0: entered promiscuous mode [ 1753.098977][T20486] syzkaller0: entered allmulticast mode [ 1753.172309][T20494] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2742'. [ 1753.917206][T20518] netlink: 'syz.1.2751': attribute type 1 has an invalid length. [ 1753.940485][T20518] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2751'. [ 1754.450065][T20531] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2757'. [ 1755.150644][T20545] netlink: 'syz.2.2764': attribute type 1 has an invalid length. [ 1755.182796][T20545] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2764'. [ 1755.239423][T20548] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2766'. [ 1755.843173][T20581] netlink: 'syz.3.2778': attribute type 1 has an invalid length. [ 1756.977479][T20606] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2787'. [ 1757.813940][T20634] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2797'. [ 1758.084249][T20642] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2810'. [ 1758.348745][T20651] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2803'. [ 1758.483615][T20658] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2808'. [ 1758.636048][T20666] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2812'. [ 1758.803553][T20673] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2826'. [ 1759.314554][T20697] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2828'. [ 1759.376448][T20704] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2830'. [ 1759.398720][T20703] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2831'. [ 1759.586804][T20715] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2836'. [ 1762.960569][T20788] gretap1: entered promiscuous mode [ 1763.003678][T20785] __nla_validate_parse: 8 callbacks suppressed [ 1763.003708][T20785] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2861'. [ 1763.205720][T20794] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2866'. [ 1764.910953][ T5876] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1764.920581][ T5876] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1764.930090][ T5876] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1764.939166][ T5876] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1764.950516][ T5876] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1764.956727][T20827] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2881'. [ 1765.090302][ T2967] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1765.165579][T20832] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2882'. [ 1765.174732][T20832] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2882'. [ 1765.202730][T20832] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2882'. [ 1765.211778][T20832] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2882'. [ 1765.235845][T20837] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2886'. [ 1765.359818][ T2967] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1765.592428][ T2967] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1765.627274][T20854] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2888'. [ 1765.763052][T20850] gretap1: entered promiscuous mode [ 1765.882134][ T2967] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1765.923563][T20860] syzkaller0: entered promiscuous mode [ 1765.930544][T20860] syzkaller0: entered allmulticast mode [ 1766.492510][ T2967] bridge_slave_1: left allmulticast mode [ 1766.516765][ T2967] bridge_slave_1: left promiscuous mode [ 1766.531765][ T2967] bridge0: port 2(bridge_slave_1) entered disabled state [ 1766.594952][ T2967] bridge_slave_0: left allmulticast mode [ 1766.608405][ T2967] bridge_slave_0: left promiscuous mode [ 1766.632408][ T2967] bridge0: port 1(bridge_slave_0) entered disabled state [ 1766.677897][T20875] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2899'. [ 1767.063709][ T5876] Bluetooth: hci3: command tx timeout [ 1768.118422][ T2967] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1768.137517][ T2967] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1768.199259][ T2967] bond0 (unregistering): Released all slaves [ 1768.330862][T20887] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2901'. [ 1768.883015][T20829] chnl_net:caif_netlink_parms(): no params data found [ 1769.142797][ T5876] Bluetooth: hci3: command tx timeout [ 1769.263213][T20829] bridge0: port 1(bridge_slave_0) entered blocking state [ 1769.276514][T20829] bridge0: port 1(bridge_slave_0) entered disabled state [ 1769.299415][T20829] bridge_slave_0: entered allmulticast mode [ 1769.372361][T20829] bridge_slave_0: entered promiscuous mode [ 1769.395492][T20829] bridge0: port 2(bridge_slave_1) entered blocking state [ 1769.409045][T20829] bridge0: port 2(bridge_slave_1) entered disabled state [ 1769.419412][T20829] bridge_slave_1: entered allmulticast mode [ 1769.428903][T20829] bridge_slave_1: entered promiscuous mode [ 1769.454903][ T2967] hsr_slave_0: left promiscuous mode [ 1769.466661][ T2967] hsr_slave_1: left promiscuous mode [ 1769.497694][ T2967] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1769.512597][ T2967] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1769.526810][ T2967] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1769.536833][ T2967] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1769.633577][ T2967] veth1_macvtap: left promiscuous mode [ 1769.650453][ T2967] veth0_macvtap: left promiscuous mode [ 1769.663525][ T2967] veth1_vlan: left promiscuous mode [ 1769.931830][ T2967] veth0_vlan: left promiscuous mode [ 1770.323246][T20938] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2911'. [ 1771.215907][ T5876] Bluetooth: hci3: command tx timeout [ 1771.712390][ T2967] team0 (unregistering): Port device team_slave_1 removed [ 1771.795348][ T2967] team0 (unregistering): Port device team_slave_0 removed [ 1772.268684][T20937] gretap1: entered promiscuous mode [ 1772.367360][T20829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1772.400893][T20829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1772.565848][T20962] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2922'. [ 1772.601225][T20829] team0: Port device team_slave_0 added [ 1772.624602][T20829] team0: Port device team_slave_1 added [ 1772.900104][T20969] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2924'. [ 1773.005647][T20829] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1773.024578][T20829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1773.064570][T20829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1773.093841][T20829] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1773.111826][T20829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1773.151656][T20829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1773.282500][T20829] hsr_slave_0: entered promiscuous mode [ 1773.290455][T20829] hsr_slave_1: entered promiscuous mode [ 1773.296536][ T5876] Bluetooth: hci3: command tx timeout [ 1773.308094][T20977] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2925'. [ 1774.075551][T21000] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2931'. [ 1774.088420][T21005] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2934'. [ 1774.167847][T21002] gretap1: entered promiscuous mode [ 1774.272795][T21010] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2936'. [ 1774.467052][T21012] tipc: Enabled bearer , priority 0 [ 1774.481584][T21012] syzkaller0: entered promiscuous mode [ 1774.494086][T21012] syzkaller0: entered allmulticast mode [ 1774.694708][T21011] tipc: Resetting bearer [ 1774.749428][T21011] tipc: Disabling bearer [ 1776.715226][T20829] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1776.762270][T20829] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1776.798961][T20829] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1776.844141][T20829] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1777.089319][T21050] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2946'. [ 1777.191528][T20829] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1777.286664][T20829] 8021q: adding VLAN 0 to HW filter on device team0 [ 1777.346053][T21061] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2947'. [ 1777.381323][ T2967] bridge0: port 1(bridge_slave_0) entered blocking state [ 1777.388496][ T2967] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1777.453094][ T2967] bridge0: port 2(bridge_slave_1) entered blocking state [ 1777.460271][ T2967] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1779.158099][T21087] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2955'. [ 1779.160700][T21085] gretap1: entered promiscuous mode [ 1779.741970][T21093] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2958'. [ 1779.913878][T20829] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1780.076724][T21098] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2959'. [ 1780.193616][T20829] veth0_vlan: entered promiscuous mode [ 1780.267037][T20829] veth1_vlan: entered promiscuous mode [ 1780.458057][T20829] veth0_macvtap: entered promiscuous mode [ 1780.501880][T20829] veth1_macvtap: entered promiscuous mode [ 1780.585566][T20829] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1780.656164][T20829] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1780.709193][ T2967] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1780.747526][ T2967] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1780.794311][ T2967] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1780.839426][ T2967] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1781.190361][T19251] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1781.210007][T21128] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2969'. [ 1781.226511][T19251] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1781.309400][ T2988] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1781.346489][ T2988] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1781.483570][T21134] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2971'. [ 1782.046280][T21151] gretap1: entered promiscuous mode [ 1782.084578][T21153] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2974'. [ 1782.926804][T21162] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2981'. [ 1782.965994][T21164] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2980'. [ 1783.683710][T12667] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1783.696738][T12667] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1783.712351][T12667] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1783.723006][T12667] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1783.734857][T12667] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1783.940867][T21193] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2988'. [ 1784.108774][ T1150] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1784.379489][ T1150] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1784.392214][T21208] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2991'. [ 1784.586492][T21203] gretap1: entered promiscuous mode [ 1785.146344][ T1150] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1785.558068][ T1150] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1785.776347][ T5876] Bluetooth: hci0: command tx timeout [ 1785.909861][T21240] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3002'. [ 1786.015858][T21245] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3003'. [ 1786.431755][T21186] chnl_net:caif_netlink_parms(): no params data found [ 1786.528021][ T1150] bridge_slave_1: left allmulticast mode [ 1786.535686][ T1150] bridge_slave_1: left promiscuous mode [ 1786.542354][ T1150] bridge0: port 2(bridge_slave_1) entered disabled state [ 1786.599634][ T1150] bridge_slave_0: left allmulticast mode [ 1786.628385][ T1150] bridge_slave_0: left promiscuous mode [ 1786.641420][ T1150] bridge0: port 1(bridge_slave_0) entered disabled state [ 1787.329582][T21276] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3011'. [ 1787.634841][T21281] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3013'. [ 1787.857168][ T5876] Bluetooth: hci0: command tx timeout [ 1787.970998][ T1150] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1788.033659][ T1150] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1788.069413][ T1150] bond0 (unregistering): Released all slaves [ 1788.146936][T21274] gretap1: entered promiscuous mode [ 1788.258521][ T1150] tipc: Disabling bearer [ 1788.291817][ T1150] tipc: Left network mode [ 1788.324104][T21294] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3016'. [ 1789.486740][T21186] bridge0: port 1(bridge_slave_0) entered blocking state [ 1789.487050][T21186] bridge0: port 1(bridge_slave_0) entered disabled state [ 1789.487234][T21186] bridge_slave_0: entered allmulticast mode [ 1789.489671][T21186] bridge_slave_0: entered promiscuous mode [ 1789.520075][T21186] bridge0: port 2(bridge_slave_1) entered blocking state [ 1789.520264][T21186] bridge0: port 2(bridge_slave_1) entered disabled state [ 1789.520477][T21186] bridge_slave_1: entered allmulticast mode [ 1789.526684][T21186] bridge_slave_1: entered promiscuous mode [ 1789.646883][ T1150] hsr_slave_0: left promiscuous mode [ 1789.653321][ T1150] hsr_slave_1: left promiscuous mode [ 1789.654011][ T1150] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1789.667289][ T1150] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1789.668324][ T1150] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1789.668344][ T1150] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1789.687732][ T1150] veth1_macvtap: left promiscuous mode [ 1789.687849][ T1150] veth0_macvtap: left promiscuous mode [ 1789.688080][ T1150] veth1_vlan: left promiscuous mode [ 1789.688223][ T1150] veth0_vlan: left promiscuous mode [ 1789.933071][ T5876] Bluetooth: hci0: command tx timeout [ 1790.564457][T21337] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3029'. [ 1791.450590][ T1150] team0 (unregistering): Port device team_slave_1 removed [ 1791.543272][ T1150] team0 (unregistering): Port device team_slave_0 removed [ 1792.022260][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 1792.022352][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 1792.032662][ T5876] Bluetooth: hci0: command tx timeout [ 1792.281279][T21186] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1792.323955][T21336] gretap1: entered promiscuous mode [ 1792.369815][T21186] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1792.434610][T21353] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3035'. [ 1792.547737][T21186] team0: Port device team_slave_0 added [ 1792.560795][T21186] team0: Port device team_slave_1 added [ 1792.779842][T21186] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1792.779864][T21186] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1792.779891][T21186] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1792.786885][T21186] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1792.786907][T21186] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1792.786936][T21186] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1793.015936][T21186] hsr_slave_0: entered promiscuous mode [ 1793.111485][T21186] hsr_slave_1: entered promiscuous mode [ 1793.123832][T21186] debugfs: 'hsr0' already exists in 'hsr' [ 1793.129618][T21186] Cannot create hsr debugfs directory [ 1794.528040][T21398] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3047'. [ 1794.931122][T21404] gretap1: entered promiscuous mode [ 1795.707126][T21186] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1795.732314][T21186] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1795.758251][T21186] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1795.761886][T21186] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1796.148068][T21186] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1796.237583][T21186] 8021q: adding VLAN 0 to HW filter on device team0 [ 1796.296960][T19057] bridge0: port 1(bridge_slave_0) entered blocking state [ 1796.297110][T19057] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1796.325195][ T1150] bridge0: port 2(bridge_slave_1) entered blocking state [ 1796.325314][ T1150] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1796.469399][T21186] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1796.515519][T21186] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1796.666445][T21186] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1796.869429][T21186] veth0_vlan: entered promiscuous mode [ 1796.917495][T21186] veth1_vlan: entered promiscuous mode [ 1797.034912][T21186] veth0_macvtap: entered promiscuous mode [ 1797.079177][T21186] veth1_macvtap: entered promiscuous mode [ 1797.177840][T21186] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1797.313758][T21186] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1797.334828][ T1150] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1797.394416][T19251] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1797.427218][T21475] gretap1: entered promiscuous mode [ 1797.471315][T19251] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1797.511134][T21476] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3067'. [ 1797.526928][T19251] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1797.725276][T19262] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1797.759895][T19262] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1797.902282][T19057] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1797.940077][T19057] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1798.878742][T21494] netlink: 56 bytes leftover after parsing attributes in process `syz.0.3076'. [ 1799.393205][T12667] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1799.402002][T12667] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1799.410846][T12667] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1799.420212][T12667] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1799.429155][T12667] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1799.598937][T19262] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1799.796643][T19262] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1799.988477][T19262] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1800.108710][T19262] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1800.251394][T21520] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3082'. [ 1800.592408][T21530] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3084'. [ 1800.594707][T21528] gretap1: entered promiscuous mode [ 1800.721677][T21539] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3087'. [ 1800.739041][T21506] chnl_net:caif_netlink_parms(): no params data found [ 1800.887066][T19262] bridge_slave_1: left allmulticast mode [ 1800.898684][T19262] bridge_slave_1: left promiscuous mode [ 1800.912269][T19262] bridge0: port 2(bridge_slave_1) entered disabled state [ 1800.949184][T19262] bridge_slave_0: left allmulticast mode [ 1800.969444][T19262] bridge_slave_0: left promiscuous mode [ 1801.000871][T19262] bridge0: port 1(bridge_slave_0) entered disabled state [ 1801.177328][T21549] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3090'. [ 1801.453214][ T5876] Bluetooth: hci2: command tx timeout [ 1801.965648][T19262] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1801.982021][T19262] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1802.005148][T19262] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 1802.053574][T19262] bond0 (unregistering): Released all slaves [ 1802.102114][T21569] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3094'. [ 1802.433311][T21581] netlink: 56 bytes leftover after parsing attributes in process `syz.0.3098'. [ 1802.515709][T21506] bridge0: port 1(bridge_slave_0) entered blocking state [ 1802.523591][T21506] bridge0: port 1(bridge_slave_0) entered disabled state [ 1802.530794][T21506] bridge_slave_0: entered allmulticast mode [ 1802.539797][T21506] bridge_slave_0: entered promiscuous mode [ 1802.548709][T21590] netlink: 'syz.4.3102': attribute type 4 has an invalid length. [ 1802.556265][T21506] bridge0: port 2(bridge_slave_1) entered blocking state [ 1802.570991][T21506] bridge0: port 2(bridge_slave_1) entered disabled state [ 1802.582132][T21506] bridge_slave_1: entered allmulticast mode [ 1802.595113][T21506] bridge_slave_1: entered promiscuous mode [ 1802.769143][T21595] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3101'. [ 1802.847736][T21594] gretap1: entered promiscuous mode [ 1802.928255][T21506] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1803.020052][T19262] hsr_slave_0: left promiscuous mode [ 1803.041156][T19262] hsr_slave_1: left promiscuous mode [ 1803.067490][T19262] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1803.075649][T19262] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1803.084856][T19262] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1803.094766][T19262] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1803.158863][T19262] veth1_macvtap: left promiscuous mode [ 1803.166140][T19262] veth0_macvtap: left promiscuous mode [ 1803.175661][T19262] veth1_vlan: left promiscuous mode [ 1803.181483][T19262] veth0_vlan: left promiscuous mode [ 1803.544711][ T5876] Bluetooth: hci2: command tx timeout [ 1803.557192][T21612] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3104'. [ 1804.591729][T21622] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3105'. [ 1805.177914][T19262] team0 (unregistering): Port device team_slave_1 removed [ 1805.220151][T19262] team0 (unregistering): Port device team_slave_0 removed [ 1805.616633][ T5876] Bluetooth: hci2: command tx timeout [ 1805.630423][T21506] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1805.838625][T21506] team0: Port device team_slave_0 added [ 1805.878434][T21506] team0: Port device team_slave_1 added [ 1806.000486][T21506] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1806.020993][T21506] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1806.062397][T21506] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1806.099964][T21506] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1806.109466][T21506] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1806.136329][T21506] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1806.155350][T21638] netlink: 'syz.4.3113': attribute type 4 has an invalid length. [ 1806.308562][T21506] hsr_slave_0: entered promiscuous mode [ 1806.324427][T21506] hsr_slave_1: entered promiscuous mode [ 1806.340698][T21506] debugfs: 'hsr0' already exists in 'hsr' [ 1806.351917][T21506] Cannot create hsr debugfs directory [ 1807.583306][T21663] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3118'. [ 1807.693186][ T5876] Bluetooth: hci2: command tx timeout [ 1807.971711][T21673] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3120'. [ 1808.217779][T21506] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1808.548194][T21506] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1808.668717][T21506] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1808.735707][T21506] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1809.507664][T21506] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1809.618576][T21706] netlink: 'syz.1.3127': attribute type 4 has an invalid length. [ 1809.679517][T21506] 8021q: adding VLAN 0 to HW filter on device team0 [ 1810.210574][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 1810.217872][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1810.258998][T21716] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3128'. [ 1810.818494][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 1810.825781][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1810.889671][T21721] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3129'. [ 1811.131522][T21724] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3130'. [ 1811.139060][T21728] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3132'. [ 1811.160090][T21506] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1811.433885][T21506] veth0_vlan: entered promiscuous mode [ 1811.478800][T21506] veth1_vlan: entered promiscuous mode [ 1811.527968][ T30] kauditd_printk_skb: 18 callbacks suppressed [ 1811.527989][ T30] audit: type=1326 audit(1758008670.948:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21739 comm="syz.4.3137" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fc6539 code=0x0 [ 1811.611191][T21506] veth0_macvtap: entered promiscuous mode [ 1811.649805][T21506] veth1_macvtap: entered promiscuous mode [ 1811.728439][T21506] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1811.752916][T21506] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1811.819791][T19057] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1811.841885][T19057] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1811.880400][T19057] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1811.891244][T19057] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1812.226590][ T3021] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1812.243042][ T3021] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1812.378262][T19262] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1812.392225][T21759] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3140'. [ 1812.405979][T19262] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1812.729681][T21771] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3142'. [ 1813.200468][T21779] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3144'. [ 1814.412372][ T30] audit: type=1326 audit(1758008673.828:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21797 comm="syz.0.3153" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf709e539 code=0x0 [ 1815.115316][T12667] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1815.125614][T12667] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1815.135679][T12667] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1815.148620][T12667] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1815.163608][T12667] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1817.213140][ T5876] Bluetooth: hci5: command tx timeout [ 1817.766767][T19057] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1818.148522][T19057] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1818.307750][T19057] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1818.721700][T19057] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1818.815398][T21817] chnl_net:caif_netlink_parms(): no params data found [ 1819.312852][ T5876] Bluetooth: hci5: command tx timeout [ 1819.745918][T21817] bridge0: port 1(bridge_slave_0) entered blocking state [ 1819.766552][T21817] bridge0: port 1(bridge_slave_0) entered disabled state [ 1819.776255][T21817] bridge_slave_0: entered allmulticast mode [ 1819.795077][T21817] bridge_slave_0: entered promiscuous mode [ 1819.805469][T21817] bridge0: port 2(bridge_slave_1) entered blocking state [ 1819.823384][T21817] bridge0: port 2(bridge_slave_1) entered disabled state [ 1820.300678][T21817] bridge_slave_1: entered allmulticast mode [ 1820.313674][T21817] bridge_slave_1: entered promiscuous mode [ 1820.340019][T21900] netlink: 'syz.3.3172': attribute type 4 has an invalid length. [ 1820.492406][T21817] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1820.606989][T21817] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1820.720707][T19057] bridge_slave_1: left allmulticast mode [ 1820.737160][T19057] bridge_slave_1: left promiscuous mode [ 1820.745394][T19057] bridge0: port 2(bridge_slave_1) entered disabled state [ 1820.773584][T19057] bridge_slave_0: left allmulticast mode [ 1820.782992][T19057] bridge_slave_0: left promiscuous mode [ 1820.788965][T19057] bridge0: port 1(bridge_slave_0) entered disabled state [ 1821.452720][ T5876] Bluetooth: hci5: command tx timeout [ 1822.606981][T19057] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1822.634787][T19057] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1822.653041][T19057] bond0 (unregistering): Released all slaves [ 1822.766741][T21817] team0: Port device team_slave_0 added [ 1823.074078][T19057] tipc: Left network mode [ 1823.083238][T21817] team0: Port device team_slave_1 added [ 1823.265736][T21817] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1823.283795][T21817] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1823.358149][T21817] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1823.417515][T21817] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1823.428310][T21817] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1823.481889][T21817] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1823.539255][ T5876] Bluetooth: hci5: command tx timeout [ 1823.869005][T21817] hsr_slave_0: entered promiscuous mode [ 1823.953256][T21817] hsr_slave_1: entered promiscuous mode [ 1824.047715][T21817] debugfs: 'hsr0' already exists in 'hsr' [ 1824.099452][T21817] Cannot create hsr debugfs directory [ 1824.119352][T19057] hsr_slave_0: left promiscuous mode [ 1824.130466][T19057] hsr_slave_1: left promiscuous mode [ 1824.155253][T19057] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1824.199160][T19057] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1824.346592][T19057] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1824.363195][T19057] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1824.451385][T19057] veth1_macvtap: left promiscuous mode [ 1824.505467][T19057] veth0_macvtap: left promiscuous mode [ 1824.519209][T19057] veth1_vlan: left promiscuous mode [ 1824.531947][T19057] veth0_vlan: left promiscuous mode [ 1825.969164][T19057] team0 (unregistering): Port device team_slave_1 removed [ 1826.008562][T19057] team0 (unregistering): Port device team_slave_0 removed [ 1826.428152][T21960] tipc: Enabled bearer , priority 0 [ 1826.436707][T21962] mac80211_hwsim hwsim11 syzkaller0: entered promiscuous mode [ 1826.463890][T21962] mac80211_hwsim hwsim11 syzkaller0: entered allmulticast mode [ 1826.494232][T21969] tipc: Resetting bearer [ 1826.683918][T21989] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3194'. [ 1827.484282][ T8744] tipc: Node number set to 1534850542 [ 1828.200690][T22012] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3199'. [ 1830.789060][T21817] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1830.834428][T21817] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1830.868711][T21817] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1830.897132][T21817] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1831.094981][T22067] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3209'. [ 1831.539382][T21817] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1831.610913][T21817] 8021q: adding VLAN 0 to HW filter on device team0 [ 1831.642205][T19057] bridge0: port 1(bridge_slave_0) entered blocking state [ 1831.649476][T19057] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1832.716895][T19057] bridge0: port 2(bridge_slave_1) entered blocking state [ 1832.724212][T19057] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1833.630703][T21817] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1834.166840][T21817] veth0_vlan: entered promiscuous mode [ 1834.300126][T21817] veth1_vlan: entered promiscuous mode [ 1834.363975][T22120] netlink: 52 bytes leftover after parsing attributes in process `syz.0.3220'. [ 1834.382036][T21817] veth0_macvtap: entered promiscuous mode [ 1834.425324][T21817] veth1_macvtap: entered promiscuous mode [ 1834.500579][T21817] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1834.556941][T21817] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1834.603597][ T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1834.638296][ T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1834.687478][ T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1834.707170][ T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1834.909457][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1834.937328][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1835.974149][T22149] netlink: 'syz.0.3227': attribute type 4 has an invalid length. [ 1836.033999][T22151] netlink: 'syz.0.3227': attribute type 4 has an invalid length. [ 1836.118162][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1836.191800][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1836.669415][T22164] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3152'. [ 1837.091120][T22171] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3232'. [ 1837.615551][T22171] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3232'. [ 1838.842051][T22196] netlink: 'syz.0.3239': attribute type 4 has an invalid length. [ 1838.908822][T22196] netlink: 'syz.0.3239': attribute type 4 has an invalid length. [ 1839.367821][T22207] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3241'. [ 1840.480706][T22228] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1840.515039][T22228] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1840.524159][T22228] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1840.552340][T22228] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1840.662024][T22230] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3245'. [ 1840.676776][T22228] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1841.035219][T22230] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3245'. [ 1841.098768][T10620] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1841.428298][T10620] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1841.671671][T10620] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1841.727556][T22249] netlink: 'syz.3.3249': attribute type 4 has an invalid length. [ 1842.055300][T22255] netlink: 'syz.3.3249': attribute type 4 has an invalid length. [ 1842.309622][T10620] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1842.853484][ T5876] Bluetooth: hci1: command tx timeout [ 1843.412351][T22278] netlink: 'syz.1.3255': attribute type 4 has an invalid length. [ 1843.636663][T22234] chnl_net:caif_netlink_parms(): no params data found [ 1844.215943][T22292] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3259'. [ 1844.892770][ T5876] Bluetooth: hci1: command tx timeout [ 1845.192778][T10620] bridge_slave_1: left allmulticast mode [ 1845.212811][T10620] bridge_slave_1: left promiscuous mode [ 1845.218710][T10620] bridge0: port 2(bridge_slave_1) entered disabled state [ 1845.320539][T10620] bridge_slave_0: left allmulticast mode [ 1845.352842][T10620] bridge_slave_0: left promiscuous mode [ 1845.386767][T10620] bridge0: port 1(bridge_slave_0) entered disabled state [ 1846.071727][T22328] netlink: 'syz.3.3266': attribute type 4 has an invalid length. [ 1846.437861][T10620] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1846.491146][T10620] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1846.528674][T10620] bond0 (unregistering): Released all slaves [ 1846.678487][T10620] tipc: Disabling bearer [ 1846.743191][T10620] tipc: Left network mode [ 1847.043524][ T5876] Bluetooth: hci1: command tx timeout [ 1847.283158][T22234] bridge0: port 1(bridge_slave_0) entered blocking state [ 1847.290506][T22234] bridge0: port 1(bridge_slave_0) entered disabled state [ 1847.308274][T22234] bridge_slave_0: entered allmulticast mode [ 1847.350443][T22234] bridge_slave_0: entered promiscuous mode [ 1848.065832][T22234] bridge0: port 2(bridge_slave_1) entered blocking state [ 1848.074918][T22234] bridge0: port 2(bridge_slave_1) entered disabled state [ 1848.102928][T22234] bridge_slave_1: entered allmulticast mode [ 1848.112860][T22234] bridge_slave_1: entered promiscuous mode [ 1848.409531][T22234] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1848.488718][T22234] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1848.567417][T22364] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3274'. [ 1848.690925][T10620] hsr_slave_0: left promiscuous mode [ 1848.730973][T10620] hsr_slave_1: left promiscuous mode [ 1848.747324][T10620] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1848.795387][T10620] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1848.847649][T10620] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1848.875349][T10620] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1848.933185][T10620] veth1_macvtap: left promiscuous mode [ 1848.959859][T10620] veth0_macvtap: left promiscuous mode [ 1848.971756][T10620] veth1_vlan: left promiscuous mode [ 1849.007419][T10620] veth0_vlan: left promiscuous mode [ 1849.060970][ T5876] Bluetooth: hci1: command tx timeout [ 1849.562782][ T9] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 1849.732833][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 1849.745467][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1849.780666][ T9] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1849.793188][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1849.822847][ T9] usb 5-1: Product: syz [ 1849.829382][ T9] usb 5-1: Manufacturer: syz [ 1849.845590][ T9] usb 5-1: SerialNumber: syz [ 1849.853983][ T9] usb 5-1: config 0 descriptor?? [ 1849.879504][ T9] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1849.926298][ T9] em28xx 5-1:0.0: DVB interface 0 found: bulk [ 1850.270088][T10620] team0 (unregistering): Port device team_slave_1 removed [ 1850.370376][T10620] team0 (unregistering): Port device team_slave_0 removed [ 1850.489566][ T9] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 1850.971267][ T9] em28xx 5-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 1850.987624][ T9] em28xx 5-1:0.0: board has no eeprom [ 1851.186883][T22234] team0: Port device team_slave_0 added [ 1851.195955][T22234] team0: Port device team_slave_1 added [ 1851.297229][ T9] em28xx 5-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 1851.310997][ T9] em28xx 5-1:0.0: dvb set to bulk mode. [ 1851.317274][ T5866] em28xx 5-1:0.0: Binding DVB extension [ 1851.347317][ T9] usb 5-1: USB disconnect, device number 2 [ 1851.426291][ T9] em28xx 5-1:0.0: Disconnecting em28xx [ 1851.694372][T22426] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3293'. [ 1852.206028][ T5866] em28xx 5-1:0.0: Registering input extension [ 1852.212398][T22234] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1852.224850][T22429] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3294'. [ 1852.229985][T22234] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1852.238626][ T9] em28xx 5-1:0.0: Closing input extension [ 1852.281811][T22234] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1852.611599][T22234] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1852.649195][T22234] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1852.715785][ T9] em28xx 5-1:0.0: Freeing device [ 1852.828750][T22234] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1853.455369][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 1853.462119][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 1853.502316][T22234] hsr_slave_0: entered promiscuous mode [ 1853.806667][T22234] hsr_slave_1: entered promiscuous mode [ 1853.989218][T22234] debugfs: 'hsr0' already exists in 'hsr' [ 1854.020682][T22234] Cannot create hsr debugfs directory [ 1856.806971][T22494] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3310'. [ 1857.816244][T22234] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1858.067376][T22234] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1858.462845][T22234] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1858.510027][T22234] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1859.292231][T22234] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1859.418208][T22234] 8021q: adding VLAN 0 to HW filter on device team0 [ 1859.457238][ T3021] bridge0: port 1(bridge_slave_0) entered blocking state [ 1859.464380][ T3021] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1859.692136][ T3021] bridge0: port 2(bridge_slave_1) entered blocking state [ 1859.699438][ T3021] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1860.088906][T22576] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3325'. [ 1860.488444][T22234] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1861.392426][T22234] veth0_vlan: entered promiscuous mode [ 1861.526951][T22234] veth1_vlan: entered promiscuous mode [ 1861.878758][T22234] veth0_macvtap: entered promiscuous mode [ 1861.941968][T22234] veth1_macvtap: entered promiscuous mode [ 1862.076795][T22234] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1862.190966][T22234] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1862.620738][ T2967] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1863.650781][ T2967] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1863.724549][ T2967] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1863.804330][ T2967] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1863.960615][T19262] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1863.993120][T19262] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1864.052255][T22612] netlink: 'syz.3.3331': attribute type 4 has an invalid length. [ 1864.101736][T22612] netlink: 'syz.3.3331': attribute type 4 has an invalid length. [ 1864.115814][T19262] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1864.143597][T19262] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1865.502426][T22640] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3335'. [ 1867.821626][T22673] netlink: 'syz.1.3342': attribute type 4 has an invalid length. [ 1867.865937][T22673] netlink: 'syz.1.3342': attribute type 4 has an invalid length. [ 1868.887243][T22703] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3350'. [ 1868.906701][T22703] @: renamed from vlan0 (while UP) [ 1871.632037][T22736] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3356'. [ 1872.762506][T22745] netlink: 'syz.0.3358': attribute type 4 has an invalid length. [ 1872.850209][T22745] netlink: 'syz.0.3358': attribute type 4 has an invalid length. [ 1875.570295][T22798] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3372'. [ 1875.581789][T22798] @: renamed from vlan0 (while UP) [ 1876.682224][T22806] netlink: 'syz.0.3373': attribute type 4 has an invalid length. [ 1876.733765][T22807] netlink: 'syz.0.3373': attribute type 4 has an invalid length. [ 1878.325693][T22829] tipc: Started in network mode [ 1878.409782][T22829] tipc: Node identity 080211000001, cluster identity 4711 [ 1878.647361][T22829] tipc: Enabled bearer , priority 0 [ 1878.695377][T22829] tipc: Resetting bearer [ 1879.888592][ T8744] tipc: Node number set to 134418688 [ 1883.607274][T22877] tipc: Started in network mode [ 1883.612884][T22877] tipc: Node identity 3eb2cb2e419c, cluster identity 4711 [ 1883.620577][T22877] tipc: Enabled bearer , priority 0 [ 1883.681721][T22877] tipc: Resetting bearer [ 1884.022366][T22888] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3395'. [ 1884.166673][T22875] tipc: Disabling bearer [ 1887.915245][T22927] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3405'. [ 1888.128682][T22929] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3407'. [ 1891.280728][T22974] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3419'. [ 1891.373259][T22228] Bluetooth: hci3: command 0x0406 tx timeout [ 1891.566221][T22973] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3420'. [ 1892.518208][T22979] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3421'. [ 1894.950736][T23013] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3430'. [ 1895.613859][T23022] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3434'. [ 1895.635419][T23023] netlink: 'syz.2.3432': attribute type 4 has an invalid length. [ 1897.859976][T23041] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3436'. [ 1897.986609][T23046] netlink: 56 bytes leftover after parsing attributes in process `syz.1.3439'. [ 1900.281221][T23070] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3445'. [ 1901.115837][T23080] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3448'. [ 1901.317870][T23082] netlink: 72 bytes leftover after parsing attributes in process `syz.0.3449'. [ 1902.375658][T23104] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3455'. [ 1904.349966][T23120] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3459'. [ 1906.735117][T22228] Bluetooth: hci0: command 0x0406 tx timeout [ 1906.790801][T23150] netlink: 56 bytes leftover after parsing attributes in process `syz.0.3466'. [ 1908.661654][T23175] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3472'. [ 1910.310647][T23189] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3477'. [ 1913.749611][T23217] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3483'. [ 1913.917024][ T5951] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 1913.947574][ T5951] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1914.940584][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 1914.947447][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 1915.493071][T23230] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3487'. [ 1915.787637][ T5951] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 1915.820660][ T5951] hid-generic 0000:0000:0000.0002: hidraw1: HID v0.00 Device [syz1] on syz0 [ 1917.138925][T23244] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3492'. [ 1917.566637][ T5949] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1917.627342][ T5949] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1921.908614][T23293] netlink: 68 bytes leftover after parsing attributes in process `syz.1.3503'. [ 1922.000313][T23298] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3505'. [ 1922.106802][T22228] Bluetooth: hci2: command 0x0406 tx timeout [ 1926.385766][T23350] netlink: 48 bytes leftover after parsing attributes in process `syz.4.3520'. [ 1934.457095][T23445] netlink: 172 bytes leftover after parsing attributes in process `syz.1.3544'. [ 1934.474142][ T5949] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 1934.518835][ T5949] hid-generic 0000:0000:0000.0004: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1935.215257][T23465] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3553'. [ 1935.629577][T10465] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 1935.728894][T10465] hid-generic 0000:0000:0000.0005: hidraw1: HID v0.00 Device [syz1] on syz0 [ 1937.524004][T22228] Bluetooth: hci5: command 0x0406 tx timeout [ 1940.727992][T23521] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3565'. [ 1940.909499][T23526] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3568'. [ 1941.843799][T23548] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3575'. [ 1949.684882][T22740] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 1949.694865][T22740] hid-generic 0000:0000:0000.0006: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1950.002984][T23627] fido_id[23627]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 1952.552680][T22740] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 1952.787366][T22740] usb 3-1: Using ep0 maxpacket: 8 [ 1952.799933][T22740] usb 3-1: config index 0 descriptor too short (expected 30, got 18) [ 1953.010127][T22740] usb 3-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 1953.025656][T22740] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1953.060644][T22740] usb 3-1: Product: syz [ 1953.069970][T22740] usb 3-1: Manufacturer: syz [ 1953.176648][T23669] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3604'. [ 1953.207448][T22740] usb 3-1: SerialNumber: syz [ 1953.603431][T22740] usb 3-1: config 0 descriptor?? [ 1953.634242][T22740] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 1953.793456][T22740] usb 3-1: setting power ON [ 1953.803220][T22740] dvb-usb: bulk message failed: -22 (2/0) [ 1953.909182][T22740] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1953.978898][T22740] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 1954.026267][T22740] usb 3-1: media controller created [ 1954.150321][T22740] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1954.281778][T22740] usb 3-1: selecting invalid altsetting 6 [ 1954.312669][T22740] usb 3-1: digital interface selection failed (-22) [ 1954.336698][T22740] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 1954.390328][T22740] usb 3-1: setting power OFF [ 1954.421074][T22740] dvb-usb: bulk message failed: -22 (2/0) [ 1954.438557][T22740] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 1954.522913][T22740] (NULL device *): no alternate interface [ 1954.924001][T22740] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 1955.036594][T22740] usb 3-1: USB disconnect, device number 2 [ 1963.038120][T23765] gretap1: entered promiscuous mode [ 1963.050982][T23765] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3634'. [ 1963.113926][T22228] Bluetooth: hci1: command 0x0406 tx timeout [ 1967.165632][T23797] netlink: 52 bytes leftover after parsing attributes in process `syz.1.3631'. [ 1971.681993][T23854] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3646'. [ 1971.835748][T23859] binder: 23858:23859 unknown command 0 [ 1971.857907][T23859] binder: 23858:23859 ioctl c0306201 80000080 returned -22 [ 1972.239358][T23854] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3646'. [ 1975.280062][T23888] netlink: 'syz.3.3655': attribute type 1 has an invalid length. [ 1975.565650][T23888] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1975.716474][T23892] bond1: (slave ip6erspan0): making interface the new active one [ 1975.841403][T23892] bond1: (slave ip6erspan0): Enslaving as an active interface with an up link [ 1976.339102][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 1976.352915][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 1978.059514][T23917] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3661'. [ 1978.578799][T23917] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3661'. [ 1978.914055][T23925] netlink: 'syz.4.3663': attribute type 4 has an invalid length. [ 1979.252124][T23936] trusted_key: encrypted_key: master key parameter 'trustez' is invalid [ 1979.262693][ T8744] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 1979.368071][T23941] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3666'. [ 1979.383316][T23941] @: renamed from vlan0 (while UP) [ 1979.512782][ T8744] usb 3-1: Using ep0 maxpacket: 8 [ 1979.516573][ T8744] usb 3-1: config index 0 descriptor too short (expected 30, got 18) [ 1979.573575][ T8744] usb 3-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 1979.573609][ T8744] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1979.573630][ T8744] usb 3-1: Product: syz [ 1979.573646][ T8744] usb 3-1: Manufacturer: syz [ 1979.573660][ T8744] usb 3-1: SerialNumber: syz [ 1979.586792][ T8744] usb 3-1: config 0 descriptor?? [ 1979.607454][ T8744] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 1979.607499][ T8744] usb 3-1: setting power ON [ 1979.607511][ T8744] dvb-usb: bulk message failed: -22 (2/0) [ 1979.726508][ T8744] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1979.781761][ T8744] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 1979.790596][ T8744] usb 3-1: media controller created [ 1980.003240][ T8744] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1980.585373][ T8744] usb 3-1: selecting invalid altsetting 6 [ 1980.598450][ T8744] usb 3-1: digital interface selection failed (-22) [ 1980.608095][ T8744] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 1980.626158][ T8744] usb 3-1: setting power OFF [ 1980.638106][ T8744] dvb-usb: bulk message failed: -22 (2/0) [ 1980.649919][ T8744] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 1980.663252][ T8744] (NULL device *): no alternate interface [ 1980.887082][ T8744] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 1980.916556][ T8744] usb 3-1: USB disconnect, device number 3 [ 1983.226736][T23971] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3674'. [ 1983.359025][T23974] netlink: 'syz.0.3675': attribute type 4 has an invalid length. [ 1983.519837][T23971] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3674'. [ 1983.960968][T23971] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3674'. [ 1987.647729][T24034] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3689'. [ 1987.661454][T24039] netlink: 'syz.4.3690': attribute type 4 has an invalid length. [ 1993.239819][T24091] netlink: 'syz.2.3702': attribute type 4 has an invalid length. [ 1994.096183][T24094] netlink: 'syz.2.3703': attribute type 1 has an invalid length. [ 1994.859797][T24110] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3708'. [ 1997.618740][T24131] netlink: 'syz.4.3713': attribute type 4 has an invalid length. [ 1997.802117][T24137] netlink: 88 bytes leftover after parsing attributes in process `syz.3.3715'. [ 1998.056461][T24142] netlink: 'syz.0.3718': attribute type 1 has an invalid length. [ 2002.569348][T24189] netlink: 88 bytes leftover after parsing attributes in process `syz.3.3728'. [ 2002.637685][T24194] netlink: 'syz.1.3727': attribute type 4 has an invalid length. [ 2002.706879][T24185] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3726'. [ 2002.749936][T24186] @: renamed from vlan0 (while UP) [ 2003.444152][T24205] netlink: 'syz.1.3741': attribute type 4 has an invalid length. [ 2007.080347][T24245] netlink: 88 bytes leftover after parsing attributes in process `syz.0.3742'. [ 2007.397402][T24251] netlink: 'syz.4.3745': attribute type 4 has an invalid length. [ 2007.943898][T24261] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3747'. [ 2008.336209][T24261] @: renamed from vlan0 (while UP) [ 2011.323962][T24288] netlink: 88 bytes leftover after parsing attributes in process `syz.0.3755'. [ 2011.545054][T24292] netlink: 'syz.3.3756': attribute type 4 has an invalid length. [ 2012.206571][T24299] netlink: 'syz.0.3768': attribute type 4 has an invalid length. [ 2014.561182][ T5866] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 2014.803647][ T5866] usb 3-1: device descriptor read/64, error -71 [ 2015.043090][ T5866] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 2015.182971][ T5866] usb 3-1: device descriptor read/64, error -71 [ 2015.311774][ T5866] usb usb3-port1: attempt power cycle [ 2015.349322][ T24] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 2015.374496][ T24] hid-generic 0000:0000:0000.0007: hidraw0: HID v0.00 Device [syz1] on syz0 [ 2015.510961][T24341] netlink: 'syz.0.3771': attribute type 4 has an invalid length. [ 2015.703776][ T5866] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 2015.840031][ T5866] usb 3-1: device descriptor read/8, error -71 [ 2016.283658][ T5866] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 2016.317220][ T5866] usb 3-1: device descriptor read/8, error -71 [ 2016.574698][ T5866] usb usb3-port1: unable to enumerate USB device [ 2020.906559][T24395] netlink: 'syz.4.3782': attribute type 4 has an invalid length. [ 2021.392008][T24403] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3784'. [ 2021.402826][T24403] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3784'. [ 2021.414433][T24398] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3783'. [ 2023.171338][T24418] netlink: 88 bytes leftover after parsing attributes in process `syz.3.3789'. [ 2023.657367][T24430] netlink: 'syz.2.3794': attribute type 4 has an invalid length. [ 2024.635977][T24442] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3795'. [ 2026.997864][T24467] netlink: 88 bytes leftover after parsing attributes in process `syz.4.3801'. [ 2028.006537][T24477] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3804'. [ 2028.016199][T24477] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3804'. [ 2028.184550][T24480] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3804'. [ 2029.055213][T24487] netlink: 'syz.1.3806': attribute type 4 has an invalid length. [ 2029.174804][T24489] netlink: 360 bytes leftover after parsing attributes in process `syz.2.3807'. [ 2029.247709][T24489] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 2029.841708][T24506] netlink: 88 bytes leftover after parsing attributes in process `syz.4.3814'. [ 2031.608840][T24527] netlink: 'syz.1.3818': attribute type 4 has an invalid length. [ 2031.710612][T24530] netlink: 360 bytes leftover after parsing attributes in process `syz.2.3819'. [ 2031.730877][T24530] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 2031.828663][T24534] netlink: 'syz.3.3820': attribute type 13 has an invalid length. [ 2032.644814][T24534] bridge0: port 2(bridge_slave_1) entered disabled state [ 2032.653928][T24534] bridge0: port 1(bridge_slave_0) entered disabled state [ 2033.744793][T24534] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2034.286296][T24534] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2034.442157][T24555] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3825'. [ 2034.452290][T24555] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3825'. [ 2034.611415][T24557] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3825'. [ 2035.105275][T24561] netlink: 88 bytes leftover after parsing attributes in process `syz.2.3827'. [ 2035.960731][ T1150] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 2035.979008][ T1150] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 2036.084017][ T1150] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 2036.110725][ T1150] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 2036.228278][T24574] netlink: 360 bytes leftover after parsing attributes in process `syz.3.3831'. [ 2037.031588][T24574] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 2037.264760][T24578] netlink: 'syz.3.3832': attribute type 4 has an invalid length. [ 2037.424447][T24584] binder: 24583:24584 unknown command 0 [ 2037.445416][T24584] binder: 24583:24584 ioctl c0306201 80000080 returned -22 [ 2037.503852][T24584] binder: 24583:24584 ioctl c0306201 0 returned -14 [ 2037.779365][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 2037.786263][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 2038.388956][T24606] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3836'. [ 2039.599387][T24614] netlink: 88 bytes leftover after parsing attributes in process `syz.2.3841'. [ 2040.597297][T24628] netlink: 'syz.1.3845': attribute type 4 has an invalid length. [ 2040.811698][T24631] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3844'. [ 2040.822198][T24631] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3844'. [ 2040.895723][T24636] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3844'. [ 2041.050766][T24641] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3848'. [ 2044.173806][T24675] netlink: 'syz.2.3857': attribute type 4 has an invalid length. [ 2044.254069][ T24] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 2044.413218][ T24] usb 1-1: device descriptor read/64, error -71 [ 2044.673100][ T24] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 2044.903164][ T24] usb 1-1: device descriptor read/64, error -71 [ 2045.017604][ T24] usb usb1-port1: attempt power cycle [ 2045.443196][ T24] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 2045.464170][ T24] usb 1-1: device descriptor read/8, error -71 [ 2045.733534][ T24] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 2045.753989][ T24] usb 1-1: device descriptor read/8, error -71 [ 2045.863763][ T24] usb usb1-port1: unable to enumerate USB device [ 2046.831932][T24696] netlink: 356 bytes leftover after parsing attributes in process `syz.2.3861'. [ 2048.400752][T24719] netlink: 'syz.1.3868': attribute type 4 has an invalid length. [ 2048.628889][T24721] syzkaller0: entered promiscuous mode [ 2048.650063][T24721] syzkaller0: entered allmulticast mode [ 2050.585053][T24740] netlink: 356 bytes leftover after parsing attributes in process `syz.2.3874'. [ 2051.574171][T24759] netlink: 'syz.0.3879': attribute type 4 has an invalid length. [ 2055.445145][T24793] netlink: 172 bytes leftover after parsing attributes in process `syz.2.3886'. [ 2056.247942][T24807] netlink: 'syz.4.3892': attribute type 4 has an invalid length. [ 2059.518778][T24839] netlink: 172 bytes leftover after parsing attributes in process `syz.0.3900'. [ 2062.993533][T24883] netlink: 'syz.3.3911': attribute type 1 has an invalid length. [ 2063.257317][T24888] netlink: 'syz.3.3913': attribute type 13 has an invalid length. [ 2063.267732][T24888] netlink: 84 bytes leftover after parsing attributes in process `syz.3.3913'. [ 2063.446219][T24892] netlink: 172 bytes leftover after parsing attributes in process `syz.4.3915'. [ 2066.643962][T24923] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3922'. [ 2066.877991][T24928] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3922'. [ 2066.946278][T24923] gretap1: entered promiscuous mode [ 2069.596623][T24941] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3925'. [ 2072.923824][ T5949] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 2073.112893][ T5949] usb 3-1: device descriptor read/64, error -71 [ 2073.395187][ T5949] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 2073.476348][T24998] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3940'. [ 2073.498061][T24998] gretap1: entered promiscuous mode [ 2073.510446][T24998] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3940'. [ 2073.649754][ T5949] usb 3-1: device descriptor read/64, error -71 [ 2073.785118][ T5949] usb usb3-port1: attempt power cycle [ 2074.334200][ T5949] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 2074.363492][ T5949] usb 3-1: device descriptor read/8, error -71 [ 2074.632783][ T5949] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 2074.704165][ T5949] usb 3-1: device descriptor read/8, error -71 [ 2074.844212][ T5949] usb usb3-port1: unable to enumerate USB device [ 2076.549368][T25027] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3946'. [ 2078.064948][T25036] 8021q: adding VLAN 0 to HW filter on device bond2 [ 2078.657504][T25055] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3956'. [ 2078.861876][T25062] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3956'. [ 2079.476196][T25068] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3955'. [ 2079.623670][T25068] gretap1: entered promiscuous mode [ 2079.763044][T25067] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3955'. [ 2080.450519][T25076] netlink: 'syz.0.3959': attribute type 1 has an invalid length. [ 2082.135007][T25087] netlink: 'syz.1.3963': attribute type 1 has an invalid length. [ 2082.205719][T25087] 8021q: adding VLAN 0 to HW filter on device bond1 [ 2082.392076][T25089] bond1: (slave ip6erspan0): Enslaving as an active interface with an up link [ 2086.646431][T25142] netlink: 'syz.3.3975': attribute type 1 has an invalid length. [ 2086.776083][T25140] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3974'. [ 2087.112324][T25142] 8021q: adding VLAN 0 to HW filter on device bond3 [ 2088.732339][T25160] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3979'. [ 2089.968593][T25167] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3981'. [ 2091.330120][T25186] netlink: 'syz.4.3987': attribute type 1 has an invalid length. [ 2091.399242][T25186] 8021q: adding VLAN 0 to HW filter on device bond1 [ 2092.037759][T25202] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3989'. [ 2097.243681][T25244] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4000'. [ 2099.347442][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 2099.355605][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 2100.623471][T25275] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4005'. [ 2103.110233][T25300] netlink: 'syz.0.4012': attribute type 4 has an invalid length. [ 2104.017512][T25314] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4014'. [ 2108.000961][T25349] netlink: 'syz.1.4023': attribute type 4 has an invalid length. [ 2108.021843][T25349] netlink: 'syz.1.4023': attribute type 4 has an invalid length. [ 2111.765173][T25384] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4031'. [ 2113.772139][T25403] netlink: 'syz.0.4035': attribute type 4 has an invalid length. [ 2113.885720][T25404] netlink: 'syz.0.4035': attribute type 4 has an invalid length. [ 2118.444032][T25458] netlink: 'syz.1.4046': attribute type 4 has an invalid length. [ 2118.524366][T25459] netlink: 'syz.1.4046': attribute type 4 has an invalid length. [ 2120.418072][T25480] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4051'. [ 2123.393627][T25511] netlink: 'syz.3.4057': attribute type 1 has an invalid length. [ 2124.513692][ T5951] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 2124.708482][ T5951] usb 4-1: Using ep0 maxpacket: 8 [ 2124.760348][ T5951] usb 4-1: config index 0 descriptor too short (expected 30, got 18) [ 2124.825625][ T5951] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2124.858771][ T5951] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 2124.894527][ T5951] usb 4-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 2124.911682][ T5951] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2124.930426][ T5951] usb 4-1: Product: syz [ 2124.985005][ T5951] usb 4-1: Manufacturer: syz [ 2125.000150][ T5951] usb 4-1: SerialNumber: syz [ 2125.027765][ T5951] usb 4-1: config 0 descriptor?? [ 2125.385841][ T5951] usb 4-1: USB disconnect, device number 2 [ 2127.267186][T25551] netlink: 'syz.1.4068': attribute type 1 has an invalid length. [ 2129.436925][T25564] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4071'. [ 2129.536258][T25564] capability: warning: `syz.2.4071' uses 32-bit capabilities (legacy support in use) [ 2129.600954][T25568] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4071'. [ 2129.883581][ T5951] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 2130.419767][ T5951] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 2130.433871][ T5951] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 2130.455935][ T5951] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 2130.534948][ T5951] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2130.604870][T25576] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4074'. [ 2130.814452][T25569] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 2130.847973][ T5951] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 2131.681206][ T5951] usb 4-1: USB disconnect, device number 3 [ 2132.773892][ T5951] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 2133.035273][ T5951] usb 2-1: Using ep0 maxpacket: 8 [ 2133.047359][ T5951] usb 2-1: config index 0 descriptor too short (expected 30, got 18) [ 2133.087204][ T5951] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2133.359407][ T5951] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 2133.723987][ T5951] usb 2-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 2133.742808][ T5951] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2133.762580][ T5951] usb 2-1: Product: syz [ 2133.780320][ T5951] usb 2-1: Manufacturer: syz [ 2133.792897][ T5951] usb 2-1: SerialNumber: syz [ 2134.004300][ T5951] usb 2-1: config 0 descriptor?? [ 2134.221567][ T24] usb 2-1: USB disconnect, device number 2 [ 2141.403669][T24785] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 2141.577616][T24785] usb 2-1: Using ep0 maxpacket: 8 [ 2141.592403][T24785] usb 2-1: config index 0 descriptor too short (expected 30, got 18) [ 2141.621125][T24785] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2141.657792][T24785] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 2141.677079][T24785] usb 2-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 2141.687441][T24785] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2141.696756][T24785] usb 2-1: Product: syz [ 2141.701167][T24785] usb 2-1: Manufacturer: syz [ 2141.711325][T24785] usb 2-1: SerialNumber: syz [ 2141.725598][T24785] usb 2-1: config 0 descriptor?? [ 2141.973585][T24785] usb 2-1: USB disconnect, device number 3 [ 2142.460228][T25681] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4096'. [ 2143.563564][T24781] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 2144.193459][T24781] usb 2-1: Using ep0 maxpacket: 8 [ 2144.255768][T24781] usb 2-1: config index 0 descriptor too short (expected 30, got 18) [ 2144.264706][T24781] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 2144.280309][T24781] usb 2-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 2144.290390][T24781] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2144.338356][T24781] usb 2-1: Product: syz [ 2144.365156][T24781] usb 2-1: Manufacturer: syz [ 2144.504458][T24781] usb 2-1: SerialNumber: syz [ 2144.579820][T24781] usb 2-1: config 0 descriptor?? [ 2144.849755][ T24] usb 2-1: USB disconnect, device number 4 [ 2144.943825][T24781] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 2145.445650][T24781] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 2145.457447][T24781] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 2145.471073][T24781] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 2145.497027][T24781] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2145.515630][T25710] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 2145.539688][T24781] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 2146.115552][T24781] usb 3-1: USB disconnect, device number 12 [ 2150.154489][T25764] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4118'. [ 2151.173935][T24781] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 2151.498280][T24781] usb 2-1: Using ep0 maxpacket: 8 [ 2151.521458][T24781] usb 2-1: config index 0 descriptor too short (expected 30, got 18) [ 2151.540879][T24781] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 2151.634320][T24781] usb 2-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 2151.659596][T24781] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2151.676222][T24781] usb 2-1: Product: syz [ 2151.680447][T24781] usb 2-1: Manufacturer: syz [ 2151.685700][T24781] usb 2-1: SerialNumber: syz [ 2151.699521][T24781] usb 2-1: config 0 descriptor?? [ 2152.227990][T24781] usb 2-1: USB disconnect, device number 5 [ 2154.814223][T25807] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4128'. [ 2157.453728][T25829] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4133'. [ 2160.704447][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 2160.710927][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 2162.934898][T25884] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4147'. [ 2163.907183][T25904] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4153'. [ 2164.555271][T25907] netlink: 'syz.4.4146': attribute type 1 has an invalid length. [ 2165.433595][T25904] team0 (unregistering): Port device team_slave_0 removed [ 2165.477230][T25904] team0 (unregistering): Port device team_slave_1 removed [ 2165.900725][T25916] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000083: 0000 [#1] SMP KASAN PTI [ 2165.912718][T25916] KASAN: null-ptr-deref in range [0x0000000000000418-0x000000000000041f] [ 2165.921149][T25916] CPU: 0 UID: 0 PID: 25916 Comm: syz.0.4154 Not tainted syzkaller #0 PREEMPT(full) [ 2165.930532][T25916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 2165.940591][T25916] RIP: 0010:fib_lookup_good_nhc+0x85/0x3d0 [ 2165.946550][T25916] Code: 4c 89 24 24 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 0b 92 1a f8 41 bc 18 04 00 00 4c 03 23 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 ec 91 1a f8 4d 8b 24 24 e8 c3 c0 [ 2165.966164][T25916] RSP: 0018:ffffc9000b6ef8b8 EFLAGS: 00010202 [ 2165.972270][T25916] RAX: 0000000000000083 RBX: ffff888025146420 RCX: 0000000000000002 [ 2165.980246][T25916] RDX: ffff88802bc7bc00 RSI: 0000000000000000 RDI: 0000000000000000 [ 2165.988214][T25916] RBP: ffff888025146437 R08: 0000000000000000 R09: ffffffff89e9c626 [ 2165.996185][T25916] R10: ffffc9000b6efb80 R11: fffff520016ddf76 R12: 0000000000000418 [ 2166.004170][T25916] R13: dffffc0000000000 R14: 0000000000000000 R15: 1ffff11004a28c86 [ 2166.012235][T25916] FS: 0000000000000000(0000) GS:ffff888125c15000(0063) knlGS:00000000f544cb40 [ 2166.021264][T25916] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 2166.027849][T25916] CR2: 000000002eb18ffc CR3: 000000005cf7c000 CR4: 00000000003526f0 [ 2166.035826][T25916] Call Trace: [ 2166.039105][T25916] [ 2166.042039][T25916] nexthop_get_nhc_lookup+0x1af/0x400 [ 2166.047425][T25916] fib_table_lookup+0xf26/0x16e0 [ 2166.052466][T25916] fib_lookup+0x1c5/0x440 [ 2166.056988][T25916] ? fib_lookup+0x76/0x440 [ 2166.061414][T25916] ip_route_output_key_hash_rcu+0x31b/0x23e0 [ 2166.067415][T25916] ? ip_route_output_key_hash+0xde/0x2e0 [ 2166.073053][T25916] ? ip_route_output_key_hash+0xde/0x2e0 [ 2166.078698][T25916] ip_route_output_key_hash+0x1b9/0x2e0 [ 2166.084269][T25916] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 2166.090341][T25916] ? __lock_acquire+0xab9/0xd20 [ 2166.095314][T25916] ? dst_release+0x72/0x1b0 [ 2166.099918][T25916] __ip4_datagram_connect+0x8f4/0x1270 [ 2166.105425][T25916] udp_connect+0x33/0x1f0 [ 2166.109793][T25916] __sys_connect+0x313/0x440 [ 2166.114434][T25916] ? __pfx___sys_connect+0x10/0x10 [ 2166.119554][T25916] __ia32_sys_connect+0x7a/0x90 [ 2166.124425][T25916] __do_fast_syscall_32+0xb6/0x2b0 [ 2166.129611][T25916] do_fast_syscall_32+0x34/0x80 [ 2166.134464][T25916] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2166.140825][T25916] RIP: 0023:0xf709e539 [ 2166.144898][T25916] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 2166.164778][T25916] RSP: 002b:00000000f544c55c EFLAGS: 00000206 ORIG_RAX: 000000000000016a [ 2166.173197][T25916] RAX: ffffffffffffffda RBX: 000000000000000d RCX: 0000000080000480 [ 2166.181255][T25916] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000000 [ 2166.189228][T25916] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 2166.197196][T25916] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 2166.205165][T25916] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2166.213171][T25916] [ 2166.216194][T25916] Modules linked in: [ 2166.222411][T25916] ---[ end trace 0000000000000000 ]--- [ 2166.602523][T25916] RIP: 0010:fib_lookup_good_nhc+0x85/0x3d0 [ 2166.608419][T25916] Code: 4c 89 24 24 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 0b 92 1a f8 41 bc 18 04 00 00 4c 03 23 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 ec 91 1a f8 4d 8b 24 24 e8 c3 c0 [ 2166.664891][T25916] RSP: 0018:ffffc9000b6ef8b8 EFLAGS: 00010202 [ 2166.671190][T25916] RAX: 0000000000000083 RBX: ffff888025146420 RCX: 0000000000000002 [ 2166.734846][T25916] RDX: ffff88802bc7bc00 RSI: 0000000000000000 RDI: 0000000000000000 [ 2166.753533][T25916] RBP: ffff888025146437 R08: 0000000000000000 R09: ffffffff89e9c626 [ 2166.761652][T25916] R10: ffffc9000b6efb80 R11: fffff520016ddf76 R12: 0000000000000418 [ 2166.805036][T25916] R13: dffffc0000000000 R14: 0000000000000000 R15: 1ffff11004a28c86 [ 2166.814297][T25916] FS: 0000000000000000(0000) GS:ffff888125c15000(0063) knlGS:00000000f544cb40 [ 2166.826306][T25916] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 2166.835473][T25916] CR2: 000000008012b018 CR3: 000000005cf7c000 CR4: 00000000003526f0 [ 2166.845230][T25916] Kernel panic - not syncing: Fatal exception [ 2166.851627][T25916] Kernel Offset: disabled [ 2166.856039][T25916] Rebooting in 86400 seconds..